Let's start by saying that I don't do anything with your information that you wouldn't reasonably expect me to. I am a sole trader running a retail website and the only information that I am interested in is how to contact you and where to have your orders delivered.
However, I am required by law to make it absolutely clear what I do with your data and what your rights are regarding your personal information, so please forgive me if some of the following sounds obvious or even a little silly!
What I we do with your personal information?
Name and address
I need this information so that I can have the products that you have ordered delivered to you by a postal/courier service. Use of your name and address in this manner is on the legal basis of "performance of a contract". Failure to provide a name and address will mean that I cannot dispatch your order.
If there is ever a problem with your order, or if you have had an issue with something you have bought from me, or if you are just making a general enquiry, I find that the quickest and best way is usually to call you so that I can get the matter sorted out. I may also send a text if you have given me a mobile number and I cannot get through to speak with you directly. Use of your telephone number in this manner is on the legal basis of assisting with the "performance of a contract". Failure to provide a telephone number will mean that any issues (either at your end or mine) will take longer to rectify.
I need your email address for a number of reasons. Firstly, your email address is your unique identifier (i.e. your username) for my website - even if there are a dozen Joe Bloggs, there is only one firstname.lastname@example.org, and this is how I will keep your personal information tied together. As such, failure to provide an email address will mean that you cannot register for an account on my website.
I will use your email address so that I can keep you updated on the progress of your order – and will let you know when your order has been accepted, dispatched etc.
If there is a problem (or if you have contacted me) and I cannot get through to you by telephone (or if an email is more appropriate) then I may contact you by email in order to resolve the issue (as above, on the legal basis of assisting with the "performance of a contract").
I will also send you special offers by email, either if you have asked me to (on the legal basis of "consent"), or if you've recently made a purchase from me (on the legal basis of "legitimate interest" insofar as the furthering of our goals as a business). You can opt out of email marketing at any time, either by contacting me via the details below, or by following the "unsubscribe" link in any of our marketing emails.
Do you store my payment (i.e. card) details?
I do not store card details, however my payment providers give me access to the first 6 and last 4 digits of cards used for payments for reference and diagnostic purposes. If you choose to pay by bank transfer, your bank details are not visible to me - all I can see is the name of the account that the transfer has been made from. My website is secure and protected. Please see the padlock on your browser for confirmation.
How long will you store my personal information?
VAT invoices (including customer details) are automatically generated for each transaction I process, and under UK law I must store these for 7 years from the end of the financial year in which they are issued. As such, that is how long I will have your information on file for.
Who will see your data?
For the purposes of GDPR (General Data Protection Regulations) I am the "data controller". Yvonne Hunt trading as Vonniesworld (Sole Trader). Any third-party companies that I use are known as "data processors". Under GDPR law these data processors are forbidden from using your information in any way except when I instruct them to do so. I use such third parties for delivery of goods (including Royal Mail, UPS and DPD), and processing of electronic payments (including Paypal and VivaWallet). I have ensured that the relevant companies have put in place appropriate safeguards for data processing in line with GDPR.
What rights do I have regarding my personal information?
If the information I have is incorrect, you have the right to have it amended. You can generally do this yourself in your account settings, however please contact me if you prefer me to do it for you.
You have the right to request a list of any information that I have about you, and to request that I delete your personal information from our records.
If you have consented to the processing of your data (e.g. for email marketing) then you have the right to withdraw that consent at any time by unsubscribing.
And finally, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) if I cannot resolve your request.
Cookies are small files saved to your hard drive that track, save and store information about your interactions and usage of the website. In real terms, this allows the website to keep track of whose basket is whose. Imagine 100 people going to the supermarket and all using the same trolley - things would get a little messy at the checkout, and this is what would happen without cookies!
No personally identifiable information is collected or stored by the cookies on this website.
If you have any questions, comments or concerns about any of the above, then please don't hesitate to contact me and I will be happy to help.