We have to have one of these super fun pages to explain how we comply with the GDPR (General Data Protection Regulation), the DPA (Data Protection Act) and the PECR (Privacy and Electronic Communications Regulations) because God knows there’s not enough actual interesting things in the world to read, but here we are regardless. FYI we don’t really understand what one of these things are, either.
The TL;DR version of the below is…
We collect and store the info we need to provide you with the products you buy from us. We occasionally stalk you via Facebook adverts. That’s basically it. We’re a tiny, overstretched business and we don’t have the time or energy to do anything nefarious with your data, pinky swear. We try our hardest not to leave laptops on trains or the front door to our house unlocked. Because that’s just common sense.
If you’re here for a long time not a good time then grab yo’self a cuppa and dive right in to the full shebang.
WEBSITE VISITOR TRACKING (aka internet stalking)
Look, we’re following you, ok? We use Google Analytics, primarily to stare at the real time stats because they’re cool but also to see what stuff people are looking at so we can make more of the things you like. I mean sometimes but then it makes our heads hurt again and we don’t look at it for another 6 months. Simples.
We also have the Facebook Pixel installed so that we can sell you stuff. Yes you heard it. We are a business and – shocker – we want you to spend money with us. The Facebook Pixel means that we can see how people interact with our site and with Facebook adverts and then we try to flog you relevant stuff. If you’ve not seen the Facebook Ads analytics dashboard MAN ALIVE it’s stalker central. That shit is a terrifying Black Mirror horror show. If you’re not on Facebook – well bloody done but the pixel is tracking you anyway.
Don’t know if there’s a specific Facebook Pixel blocking thing but apparently if you use Freedom app to block social media while you’re trying to be an actual productive human, it also blocks the FB pixel. You can have that one for free.
Neither of these things store any super personal data about you but probably they nab your IP address, not that we’d know where to look for it or what to do with it. All we see is that a person or many people have interacted with the website in a particular way. You can mess with us by doing something totally unexpected on the website and skewing our stats. Or you could do something way more fun and useful with your time like learning Japanese or how to crochet or something. Your choice.
All this jazz is about what we do with your data. As already mentioned, we’re not some kind of evil conglomerate or dodgy phishing website so we don’t do anything nefarious with the information you provide to us. But for a number of reasons, we do store your data in a few different places and use it in a couple of different ways. Buckle yourself in, this is going to be a fun ride.
Here on this website! If you buy stuff from us we will store your name, email address, postal address, and purchase history. Your payment details ARE NOT held on the site. We obviously go to the maximum effort to keep this data secure and only three people have access to it. Only one of them ever actually looks at it and that’s to solve any technical problems you might have.
We’ll be honest: we do absolutely nothing unsurprising or radical with your info. We’d love to say that we use your purchase history to target you with ads for stuff you might like, but honestly we don’t really know how. If we need to contact you about your order, we’ll email you. We use the postal address you give us to send your orders to, obviously. All groundbreaking stuff I’m sure you’ll agree.
Shipstation! We use Shipstation to help keep us organised and up to date with our orders and to send you dispatch notifications. They pull your name, postal address, order number + contents through from our website or Etsy. They are GDPR compliant, apparently.
Mailchimp! If you’ve signed up to our mailing list for a discount code, competition, just because you want yet more email in your inbox (are you lonely? We can always chat more if you want…) or have bought anything from us, your name and email address also wangs its way over to Mailchimp, which is the system we use to manage our newsletters and emails. They are (allegedly) GDPR compliant. You would’ve had to click ‘are you sure you want this email’ about a gabillion times to make your way onto our list, but you can unsubscribe from our marketing emails at any time by hitting the unsubscribe button. Simples.
In real life! We keep paper copies of your order details to help us process your order and because the taxman likes us to fill up our loft. I guess it works as insulation or something, who knows. This includes your name, email address, postal address, what you ordered, when you ordered it and how much you paid for it.
We keep this paperwork for about 7 years in terribly organised piles and folders that drive us mad in the unlikely event we actually need to find something. But rest assured they’re locked away when we’re not here, again with the common sense of not leaving the front door unlocked thing. Whenever we dispose of this paperwork, we shred it and use it to heat our home like off of the 1600s.
YOUR PAYMENT DETAILS
When you place an order with us, you will either pay through Stripe or PayPal. The only payment-based details we hold on our site is how much you’ve spent and whether you paid with Stripe or PayPal. We have no bank or card details or any access to your hard earned cash here. We love it when we get emails like “hey can you charge my card extra for x” because it’s like lol honey if I had access to your card details I’d be on a flight to Barbados by now (joke, obviously. Or am I?)
Stripe is GDPR compliant. PayPal is being totally weird about it but will have to be GDPR compliant or everyone in Europe will have to stop using it and they probably don’t want that.
EMAIL MARKETING AND WHATNOT
If you sign up to our newsletter, we will send you a newsletter – generally around once a month, but occasionally more if there is more interesting stuff to tell you, probably less because we love paying a monthly fee for something we don’t really use, yolo.
You can unsubscribe at any time by clicking the unsubscribe button in every email. Your name and email address are stored securely in Mailchimp. They are GDPR compliant and very good at it too.
Mailchimp automatically adds tracking things to links so if you click on a link we know. If you open an email we know and love you for it. If you ignore us then WE KNOW and sometimes it keeps us up at night wondering what we’ve done wrong.
The most important thing about this is we have neither the time nor inclination to actually look at or do anything with these stats.
Yeah we quite like social media, I’m sure you’ve realised. Pictures of floral coffee art and pretty veils and avocado toast, all the important hard hitting stuff.
If you talk to us (nicely) then we’ll usually talk back. If you use one of our promoted hashtags, we might repost your photo, with credit of course. If you @ us in a tweet we might retweet it, only if it’s being nice though. We try not to feed too many trolls over here. If you’d prefer we didn’t talk to you, repost your photos or retweet your nice words then just us know and we’ll take the hint.
You’re not required to follow our social media accounts to like what we do. Sometimes we’ll run giveaways that ask you nicely to if you’d like to win the prize. All pretty basic stuff right?
OTHER THIRD PARTIES
So it’s probably not a huge shock to you to know that we have to work with some other companies in order to supply you with the products you buy from us. Here’s the skinny on what info they have on you, from us.
Shipping! Contrary to popular belief (or so you’d think from some of the emails we get…) we don’t do our post runs on our own personal unicorn. Though that would be fun. We mostly work with Royal Mail and occasionally DHL or DPD. They’ll have your name, postal address and occasionally your telephone number in order to deliver your order swiftly. Not rocket science really. Both are kind of a big deal so will have shit hot GDPR policies we’re sure.
Bigcartel! This site is hosted by Bigcartel, so your orders are processed through them. Therefore they have your name, address, order info and amount and email address. They do NOT have access to your financial information. They’ve promised they’ll be GDPR compliant by the deadline of May 25th.
Email! Our email accounts are hosted by 123reg and Gmail - both GDPR compliant, obv-v. Our emails are monitored by two people (maximum) and only one of which is really that interested in what you have to say. They have access to your name, email address and whatever other info you’ve emailed to us (obv-v). We use encrypted passwords and security software to ensure your details don’t fall into bad hands. That said, common sense should be applied to emails from us too - if you see something that looks suspicious, like a weird external link please don’t click on it, and contact us to let us know what’s up.
Zapier! This is the go-between between the website and our third party services. At the moment we just use Zapier to grab your email address once you’ve ordered, to put it into Mailchimp; apparently there are a bunch of other third-party apps we could be using it for to make ourselves better but honestly the whole thing gives us a headache. You would’ve clicked a little box during checkout to say ‘add me to this mailing list’ for your details to process through Zapier. Again, Zapier is (allegedly) GDPR compliant, though we’re just gonna have to trust them on that one because we don’t have the time or energy to look into it. Sorry.
YOUR RIGHT TO BE DELETED
If you’re a secret agent or something and would prefer we didn’t keep the info we have on you, just email us at firstname.lastname@example.org and we’ll delete all the info we have on you from our systems while having a little panic about what we could’ve possibly done to offend you.
This does not include PayPal and Stripe. If you want to delete your PayPal or Stripe accounts you have to do that yourself via PayPal or Stripe.
We cannot delete your purchase history because the taxman will be terribly upset. Sorry about that.
Written May 23rd 2018 by 'Data Processing Officer' and head of every other damn thing, Sophie