The quick version (summary)
Really you should read this whole thing, but I also know your time is valuable, so here’s a summary of the important bits:
If you sign up for my email list, of course I’ll be saving your email so I can contact you. If you make a purchase then I need to store your purchase details like billing address. Card details are not stored on my site—they are sent to a third party payment processor (SagePay / Stripe / PayPal). If you submit any forms on my site, such as comment or contact forms, then a copy is saved on my server.
Your details are only shared with relevant, trusted third parties, such as my payment processors and help desk software.
If you want to request a copy of your data or request erasure, contact email@example.com.
What personal data we collect and why we collect it
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
If you fill out a contact form on the site, the entire contents of the form along with your IP address are stored on the server as well as emailed to the site administrator. This is to ensure a copy of the form is always saved in case the email does not get delivered properly.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
If you sign up for the newsletter, your name (if provided), email address, and IP address will be stored on the server, along with the list(s) you subscribed to and your subscription status. This is to ensure you can receive the emails you signed up for. MailGun is used for the actual email delivery, so your email address will be shared with MailGun just for the purpose of delivering the mail to you.
We collect information about you during the checkout process on our store. This information may include, but is not limited to, your name, billing address, shipping address, email address, phone number, credit card/payment details and any other details that might be requested from you for the purpose of processing your orders.
Handling this data also allows us to:
- Send you important account/order/service information.
- Respond to your queries, refund requests, or complaints.
- Process payments and to prevent fraudulent transactions. We do this on the basis of our legitimate business interests.
- Set up and administer your account, provide technical and/or customer support, and to verify your identity.
Additionally we may also collect the following information:
- Location and traffic data (including IP address and browser type) if you place an order, or if we need to estimate taxes based on your location.
- Product pages visited and content viewed while your session is active.
- Your comments and product reviews if you choose to leave them on our website.
- Account email/password to allow you to access your account, if you have one.
- If you choose to create an account with us, your name, address, and email address, which will be used to populate the checkout for future orders.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
Non-personal identification information we collect
We may collect non-personal identification information about users whenever they interact with our site. Non-personal identification information may include the browser name, the type of computer and technical information about Users means of connection to our Site, such as the operating system and the Internet service providers utilized and other similar information.
How we protect your information
We adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorized access, alteration, disclosure or destruction of your personal information, username, password, transaction information and data stored on our site.
Sensitive and private data exchange between the site and its users happens over a SSL secured communication channel and is encrypted and protected with digital signatures.
Nose Graze is also PCI compliant, which means we follow a set of requirements to ensure that we maintain a secure environment.
Sharing your personal information
We do not sell, trade, or rent users’ personal identification information to others. Certain information may be shared with others when necessary to complete a certain action. For example, in order to process your payments, your details must be sent to our payment processor: PayPal or SagePay.
If you sign up for my mailing list, your email is sent to MailGun in order for them to deliver the mail to you. They are used as a transactional email service. They may store your email address to keep a record of the fact that they sent a mail to you at one point.
If a customer is a European resident, we will be required to store personal information that verifies their country of residence. This information is sent to Taxamo to store evidence and calculate the VAT rate. This information may have to be submitted to tax collectors via the UK VAT MOSS scheme.
If you submit a support ticket, your name, email address, and IP address will be shared with our customer support platform: Help Scout. This is so we can read and respond to support queries through the Help Scout platform.
If you post a comment, information about the comment will be sent to Akismet, an automated spam detection service.
We may share generic aggregated demographic information not linked to any personal identification information regarding visitors and users with our business partners, trusted affiliates and advertisers for the purposes outlined above.
Third party websites
Users may find advertising or other content on our Site that link to the sites and services of our partners, suppliers, advertisers, sponsors, licensors and other third parties. We do not control the content or links that appear on these sites and are not responsible for the practices employed by websites linked to or from our Site. In addition, these sites or services, including their content and links, may be constantly changing. These sites and services may have their own privacy policies and customer service policies. Browsing and interaction on any other website, including websites which have a link to our Site, is subject to that website’s own terms and policies.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes. Please submit requests to firstname.lastname@example.org.
Your acceptance of these terms
By using this site, you signify your acceptance of this policy and terms of service. If you do not agree to this policy, please do not use our Site. Your continued use of the site following the posting of changes to this policy will be deemed your acceptance of those changes.
This document was last updated on 21 May 2018