PRIVACY STATEMENT SHOPIFY
Our store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you.
Your data is stored through Shopify’s data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall.
Moore & Moore Plants is committed to protecting and respecting your privacy.
For the purposes of GDPR (General Data Protection Regulation) Moore & Moore Plants is a data controller in respect of information collected on our site www.mooreandmooreplants.co.uk.
This policy together with any other documents referred to in it, sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding you personal data and how we will treat it.
Any questions or comments should be addressed to Lynne Moore at firstname.lastname@example.org
Information we may collect from you:
We may collect and process the following data about you:
Information you give us:
- Information about yourself including your name, title, postal and/or email address, billing and or delivery address, telephone numbers.
- Information that you provide when you visit our site, make an enquiry on our site or request our services.
- If you email or contact us, we may keep a record of the correspondence or keep your message, email address and contact information to respond to you request.
Information we collect about you:
When you visit our site, we may automatically collect the following information:
- Technical information including the internet protocol (IP) address used to connect your computer to the internet, your login information browser type and version, time zone setting, browser plug-in types and versions, operating system and platform.
- Information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time), products or services you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks and mouse-overs) and methods used to browse away from the page. We do not collect any sensitive personal data about you e.g details about you race, ethnicity, religious or philosophical beliefs or any other categories of sensitive personal data.
If you fail to provide personal data:
Where we need to collect your personal data by law or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case we may have to cancel a product or service you have with us, but we will notify you if this is the case at the time.
A cookie is a small file of letters and number that we put on your computer if you agree. These cookies allow us to distinguish you from other users of our site, which helps us to provide you with a good experience when you browse our site and also allows us to improve our site.
We use various cookies on our site for tracking purposes. The cookies allow us to understand general traffic to our site for example number of visitors and length of time on our site. This process does collect data, but in an anonymous form to help us make improvements, develop the site and enhance the user experience. For further information about used on our website see: https://shopify.co.uk/legal/cookies
Here is a list of cookies that we use. We’ve listed them here so you that you can choose if you want to opt-out of cookies or not.
_session_id, unique token, sessional, Allows Shopify to store information about your session (referrer, landing page, etc).
_shopify_visit, no data held, Persistent for 30 minutes from the last visit, Used by our website provider’s internal stats tracker to record the number of visits
_shopify_uniq, no data held, expires midnight (relative to the visitor) of the next day, Counts the number of visits to a store by a single customer.
cart, unique token, persistent for 2 weeks, Stores information about the contents of your cart.
_secure_session_id, unique token, sessional
storefront_digest, unique token, indefinite If the shop has a password, this is used to determine if the current visitor has access.
Where we store your personal data:
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site. Any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Uses made of the information
We use the information we hold about you in the following ways:
- We will only use your personal date when the law allows us to. Most commonly, we will use your personal data to provide you with goods or services.
- Performance of a Contract - this means processing you data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
- Legitimate Interest - this means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting Lynne Moore at email@example.com.
- Comply with a legal or regulatory obligation - this means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.
- To ensure that content from our site is presented in the most effective manner for you and your computer.
Disclosure of your information:
We may disclose your information to our subsidiaries. We may also disclose your personal information to;
- Business Partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you.
- Analytics and search engine providers that assist us in the improvement and optimisation of our site.
External third parties service
- Professional advisers (acting as Processors) including lawyers, bankers, auditors and insurers based in the United Kingdom who require reporting of processing activities in certain circumstances.
- HM Revenue & Customers, regulators and other authorities (acting as Processors or Joint Controllers) based in the United Kingdom who requre reporting of processing activities in certain circumstances.
- Third parties to whom we may choose to sell, transfer or merge parts of our business assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
- We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data to for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed in addition, we limit access to yoir personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. The longest time we will normally hold personal data is for six years.
Linking to third party websites
Our site, may from time to time, contain links to third party websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and notices and that we not accept any responsibility or liability for these policies even if you access them from our site. Please check these policies before you submit any personal data to these websites.
Your legal rights:
You have the following rights with respect to your personal data:
- The right to ask for a copy of the personal data which we hold about you (right of access)
- The right to ask us to update any out of date or incorrect personal data that we hold about you (right of rectification)
- The right to ask us to delete any personal data where we no longer have any legal reason to retain it (right of erasure or to be forgotten)
- The right to opt out of any marketing communications from us and to object us using and holding you personal data if we have no legitimate reason to do so (right to object)
- The right to ask us to 'restrict processing of data' which means that we would need to secure and retain the data for your benefit but not otherwise use it (right to restrict processing)
Access to information:
You may access the information we hold about you. You do not have to pay a fee to access your personal data and we will aim to respond within one month. Please contact Lynne Moore at firstname.lastname@example.org
If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.
PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
For more insight, you may also want to read Shopify’s Terms of Service (https://www.shopify.com/legal/terms) or Privacy Statement (https://www.shopify.com/legal/privacy).
In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.
However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.
For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.
In particular, remember that certain providers may be located in or have facilities that are located a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.
When you click on links on our store, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
AGE OF CONSENT
By using this site, you represent that you are at least the age of majority in your state or province of residence, or that you are the age of majority in your state or province of residence and you have given us your consent to allow any of your minor dependents to use this site.
If our store is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell products to you.
Your continued use of this site will signify that you agree to any such changes.
QUESTIONS AND CONTACT INFORMATION
If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information contact our Privacy Compliance Officer at email@example.com