The quick version (summary)
Really you should read this whole thing, but I also know your time is valuable, so here’s a summary of the important bits:
If you sign up for my email list, of course I’ll be saving your email so I can contact you. If you make a purchase then I need to store your purchase details like billing address. Card details are not stored on my site—they are sent to a third party payment processor (SagePay / Stripe / PayPal). If you submit any forms on my site, such as comment or contact forms, then a copy is saved on my server.
Your details are only shared with relevant, trusted third parties, such as my payment processors and help desk software.
If you want to request a copy of your data or request erasure, contact email@example.com.
What personal data we collect and why we collect it
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
If you fill out a contact form on the site, the entire contents of the form along with your IP address are stored on the server as well as emailed to the site administrator. This is to ensure a copy of the form is always saved in case the email does not get delivered properly.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
If you sign up for the newsletter, your name (if provided), email address, and IP address will be stored on the server, along with the list(s) you subscribed to and your subscription status. This is to ensure you can receive the emails you signed up for. MailGun is used for the actual email delivery, so your email address will be shared with MailGun just for the purpose of delivering the mail to you.
We collect information about you during the checkout process on our store. This information may include, but is not limited to, your name, billing address, shipping address, email address, phone number, credit card/payment details and any other details that might be requested from you for the purpose of processing your orders.
Handling this data also allows us to:
- Send you important account/order/service information.
- Respond to your queries, refund requests, or complaints.
- Process payments and to prevent fraudulent transactions. We do this on the basis of our legitimate business interests.
- Set up and administer your account, provide technical and/or customer support, and to verify your identity.
Additionally we may also collect the following information:
- Location and traffic data (including IP address and browser type) if you place an order, or if we need to estimate taxes based on your location.
- Product pages visited and content viewed while your session is active.
- Your comments and product reviews if you choose to leave them on our website.
- Account email/password to allow you to access your account, if you have one.
- If you choose to create an account with us, your name, address, and email address, which will be used to populate the checkout for future orders.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
Non-personal identification information we collect
We may collect non-personal identification information about users whenever they interact with our site. Non-personal identification information may include the browser name, the type of computer and technical information about Users means of connection to our Site, such as the operating system and the Internet service providers utilized and other similar information.
How we protect your information
We adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorized access, alteration, disclosure or destruction of your personal information, username, password, transaction information and data stored on our site.
Sensitive and private data exchange between the site and its users happens over a SSL secured communication channel and is encrypted and protected with digital signatures.
Nose Graze is also PCI compliant, which means we follow a set of requirements to ensure that we maintain a secure environment.
Sharing your personal information
We do not sell, trade, or rent users’ personal identification information to others. Certain information may be shared with others when necessary to complete a certain action. Here’s a list of companies your information may be shared with:
- Amazon – Site backups are made to Amazon S3, which means some of your personal information will be stored on Amazon’s servers. Additionally, we may use Amazon SES for sending transactional emails. In this case your email address may be shared with Amazon for the purpose of sending an email to you.
- Automattic – If you post a comment then information about that comment may be sent to Akismet, an automated spam detection service owned by Automattic.
- eNom – We partner with eNom to register domains. If you sign up for Nose Graze hosing and choose to register or transfer a domain then your name, billing address, and phone number will be sent to Enom so they can store it with the domain registrant record.
- Help Scout – We use Help Scout for our support platform. If you submit a support ticket then your name, email address, and support query will be shared with Help Scout. All conversations are also stored on Help Scout’s servers.
- HMRC / Tax Authorities – In the event of a tax audit, your name, billing address, and/or IP address may be shared with HMRC. For normal tax filing, only aggregate payment and country information is shared.
- MailGun – MailGun is used for some transactional emails, including newsletter emails. Your email address may be shared with them in order for them to deliver the mail to you. They may also store your email address to keep a record of the fact this email was sent or attempted.
- PayPal – If you pay via PayPal then PayPal will of course have access to your personal information. This is only information you’ve already stored within your PayPal account. In the event of a fraud dispute we may share additional information, such as your supplied billing address or IP address.
- SagePay – SagePay was our credit card processor before moving to Stripe. If you paid via credit card while SagePay was our processor then your name, billing address, and card information will have been sent to SagePay for storage. SagePay is still used for some automatic renewal payments.
- Stripe – Stripe is our current credit card payment processor. If you pay via credit card then your name, email, billing address, card information, and IP address will be sent to Stripe for processing and storage.
- Taxamo – Taxamo is a tax/accounting system. It may be used to store evidence of your geographical location for the purpose of determining your tax rate (including name, billing address, and IP address).
We may share generic aggregated demographic information not linked to any personal identification information regarding visitors and users with our business partners, trusted affiliates and advertisers for the purposes outlined above.
Third party websites
Users may find advertising or other content on our Site that link to the sites and services of our partners, suppliers, advertisers, sponsors, licensors and other third parties. We do not control the content or links that appear on these sites and are not responsible for the practices employed by websites linked to or from our Site. In addition, these sites or services, including their content and links, may be constantly changing. These sites and services may have their own privacy policies and customer service policies. Browsing and interaction on any other website, including websites which have a link to our Site, is subject to that website’s own terms and policies.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes. Please submit requests to firstname.lastname@example.org.
Your acceptance of these terms
By using this site, you signify your acceptance of this policy and terms of service. If you do not agree to this policy, please do not use our Site. Your continued use of the site following the posting of changes to this policy will be deemed your acceptance of those changes.
This document was last updated on 15 February 2020