The Natural Skincare Co. Commitment to your Privacy
From 25th May, 2018 the DPA (Data Protection Act) will be superceded by the General Data Protection Regulations (GDPR). This change will bring legislation up to date and make your online choices clearer.
What's changing at The Natural Skincare Co.?
Not much because at the Natural Skincare Co. we have always done our best to protect customer data. For example, when you order online we only store details which are needed to deliver our products to your doorstep. We never store card details and only process cards via the secure solutions offered by SagePay and PayPal.
When does The Natural Skincare Co. collect personal data?
- When you make a purchase either online or by telephone.
- When you engage with us on social media.
- When you contact us with queries, complaints etc.
- When you leave a customer review.
GDPR rules stipulate that we have to have a lawful basis for processing personal data. There are six available lawful bases and we have established ours as 'Legitimate Interests'. This means that we are using your data to keep you informed about products, to market new products and let you know about offers and promotions, to send you transactional emails about products and services you purchase from us, and to allow our business to grow commercially. There are three tests we have to do to ensure that you are protected and these are:
- Purpose test: are we pursing a legitimate interest?
- Necessity test: is the processing necessary for that purpose?
- Balancing test: do the individual's interests override the legitimate interest?
A wide range of interests may be legitimate interests. They can be our own interests or the interests of third parties, and commercial interests as well as wider societal benefits.....The GDPR specifically mentions use of client or employee data, marketing, and other potential legitimate interests.
Necessary means that the processing must be a targeted and proportionate way of achieving our purpose. We would not rely on Legimate Interests if there is another reasonable and less intrusive way to achieve the same result. We must also balance our interests against yours and any intrusion this may cause. The Natural Skincare Co. will not send you unreasonable numbers of email marketing messages and we never pass on your details to third parties without your permission.
As we are using Legimate Interests for direct marketing, the right for you to object is absolute and we will stop processing when you object. At the bottom of all of our marketing emails you will find an UNSUBSCRIBE button, and if you click on this, you will instantly be removed from that mailing list. If you are concerned about any data remaining on our data base, you can email us to let us know that you wish for all data to be removed throughout our entire data base.
What personal data do we collect?
- Name and address - for successful deilvery of your order
- Billing address - to process orders where your billing and shipping address are different.
- Phone number - required by some delivery companies to successfully deliver products and used by The Natural Skincare Co. if we need to contact you regarding an order.
- Email - to send out order receipts and to answer enquiries/complaints. We also use your email for direct marketing purposes to let you know about new products, beauty tips, product information and special offers. You can unsubscribe at any time.
- Login and Password - required to access your customer account.
- Returning customer ID. This ID is stored in a cookie which will allow a more tailored shopping experience online. To prevent this ID being stores, you can log out of your account after placing your order and optionally remove any stored cookies from your browser.
- Social Media - If you decide to connect with us on Social Media we will see the details you have decided to share with that platform. You can change those settings on your privacy settings on Facebook, Twitter etc.
Who will we share your personal data with?
Sometimes we have to share your personal data, such as your name and address with Royal Mail so that they can deliver your order. Below is a list of trusted third party companies that we work with, who we may share your personal data with:
- Delivery Services such as Royal Mail, APC, and other couriers we use from time to time.
- Yotpo, to send you review requests. You can request to be removed from this service at any time. Fully compliant with GDPR.
- Mailchimp - one of the largest providers of email services. Fully compliant with GDPR.
- Omnisend - email campaign provider which we use to send out promotional emails. Fully compliant with GDPR.
- SagePay - for processing your order. One of the largest transaction gateways in the world. We do not store any of your card details on our website. Fully compliant with GDPR.
- PayPal - an online favourite for transactions, fully compliant with GDPR.
How we protect your personal data
We understand how important security is to all of our customers and we treat all data with the utmost care. For example:
- Our website is secured by https:// (Look for the green padlock in the browser bar)
- We use Big Commerce to host our website. Big Commerce are one of the largest hosting companies in the world and they are fully compliant with GDPR and PCI (for card transactions).
- The Natural Skincare Co will never see your payment details when you order online. When you click on Proceed to Payment, you will be taken to the secure SagePay platform where you can complete your payment.
- If The Natural Skincare Co. receives a payment over the telephone, your details are entered immediately into Sagepay's secure payment system and our systems are protected by Anti-Virus Software and an up to date Firewall. Your card details are never stored in our offices and any written details are immediately shredded.
What are your rights over your personal data?
The Natural Skincare Co. needs to hold certain data to process an order, however, you have the right to request:
- Information about the personal data we hold about you.
- Correction of any personal data that is out of date or incorrect.
- The option to unsubscribe at any time from our email marketing campaigns - simply click 'unsubscribe' in the email or contact us on email@example.com.
You can contact us to request to exercise these rights as follows:
Email: firstname.lastname@example.org or write to us at: The Natural Skincare Co., 2/3 Kiln House, Rudgwick Brickworks, Rudgwick, RH12 3DH
Please note that any request may take up to 30 days to action.