Privacy & Security

PRIVACY POLICY

At Juniper & Blue Craft Emporium we take your privacy seriously and will only use your personal information to administer your account, provide you with the products and services you request from us and keep you informed of changes or additions to our ranges and any special offers or discounts available.

This Privacy Policy sets out when and why we collect personal information about the people who visit our website, how we use the information and the conditions under which we may disclose it to others. We take all necessary and appropriate steps to ensure that your privacy is protected and our Security Policy (see below) sets out how we keep your information secure.

We may change this Privacy Policy from time to time by updating this page. You should therefore check it occasionally to ensure that you are happy with any changes.

Information we collect

Personally identifiable information. Any information that can be used to identify, locate or contact an individual, on its own or when combined with other personal or identifying information. Examples include: name, address, email address, telephone number and IP address. This may include information collected when registering an account on our website, even if you do not make a purchase, as well as any participation by you in surveys or competitions or interactions via live chat or similar web services. This information may be collected through forms on our website which are completed by you.

Non-personally identifiable information. This is data that is anonymous and cannot be used to distinguish or trace an individual’s identity. Examples include: web browser, device type, time zone, country, what pages people visit on our website, how they interact with it and at what time of day. We may use software to record your interactions with our website to help us understand how visitors use the site and how it can be improved. We may collect this non-identifiable information through web cookies (see ‘Use of cookies’ below).

Please note that, if you make a purchase via our website, your card payment details are not held by us. Payments are processed by our third party payment processors, who specialise in the secure online capture and processing of credit and debit card payments (see our Security Policy).

How we use the information we collect

We may use the information to:

·     process an order that you make on our website or by phone;

·     carry out our obligations arising from contracts entered into between you and us;

·     deal with entries into a competition;

·     seek your views or comments on the products or services we provide;

·     notify you of changes to our service (e.g. temporary closure for server maintenance, or seasonal/holiday opening hours);

·     send you communications which you have requested and that may be of interest to you, including promotions of our products and services.

Consent

We need your consent for some aspects of our activities that are not covered by our legitimate interests, as defined by the ‘General Data Protection Regulation’ - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (referred to in this Policy as the GDPR) - in particular, the collection of data via cookies and the delivery of direct marketing to you through digital channels. Depending on the situation, we will ask for this either via an express opt-in or via ‘soft opt-in’. (‘Soft opt-in’ consent is a specific type of consent which applies where you have previously engaged with us, in which case we will take your consent as given unless and until you expressly opt out.)

How long we hold your data

We are legally required to hold some types of information to fulfil statutory obligations. We will hold your personal information on our systems for as long as is necessary for the relevant activity, or for so long as is set out in any relevant contract you hold with us, or to comply with our legal obligations.

Who has access to your information

All personal information will be held in a secure manner and will not be used for marketing purposes or any purpose not stated in this Privacy Policy without your permission. We will not share any information with third parties at all unless we have your consent or we are required by law to do so, whether in response to court orders or other legal processes.

We may pass some information to third party service providers or other organisations for the express purpose of completing tasks (such as processing your order) or providing a service to you (such as a mailshot) on our behalf. Any such providers would only be given the information necessary to provide that service and they would be required to keep your information secure and retain it only for as long as necessary to process that task.

We may transfer your personal information to a third party in the following circumstances, namely: as part of a sale of some or all of our business and assets; as part of any business restructuring or reorganisation; if we are under a duty to disclose or share your personal data in order to comply with any legal obligation; or to enforce or apply our Terms and Conditions.

Accessing, correcting or deleting your information

You may request details of personal information we hold about you by writing to: The Administrator, Juniper & Blue Craft Emporium, 18 Bathford Hill, Bathford, Bath, BA1 7SL.

You can also contact us with any queries by email (info@juniperandblue.co.uk) or telephone (0845 608 8890).

If you believe any information we hold is incorrect or incomplete, please let us know as soon as possible so that we can amend it as appropriate.

If you wish, we will delete or block all personal information we hold about you within thirty days of receiving your written request so to do. We may retain information already held in back-up systems or archives for prevention of fraud or other crime or abuse, for satisfaction of legal obligations, for analytic purposes or where we reasonably believe that we have a legitimate reason to do so (in accordance with the GDPR).

At any time, you may object to the processing of your personal data on legitimate grounds unless it is otherwise permitted by applicable law.

Right to object

If we are using your data because we deem it necessary for our legitimate interests to do so, but you do not agree, you have the right to object. We will respond to your written request to cease processing your data within 30 days (although in certain cases we may be allowed to extend this period). We would only disagree with you if certain limited conditions apply.

Right to withdraw consent

Where we have obtained your consent to process your personal data for certain activities, or consent to market products or services to you, you may withdraw your consent at any time.

Data subject access requests (DSAR)

You have the right to ask us to confirm what information we hold about you at any time and you may ask us to modify, update or delete such information. In addition you have the following rights:

Right to erasure. In certain situations (for instance, where we have processed your information unlawfully) you have the right to request us to ‘erase’ your personal data. We will respond to your written request within 30 days (although we may be allowed to extend this period in certain cases) and will only disagree with you if certain limited conditions apply. If we agree to your request, we will delete your data but will assume that you would wish us to keep a note of your name on our register of individuals who prefer not to be contacted. This would minimise the chances of your being contacted accidentally in future where your data are collected in unconnected circumstances. If you would prefer us not to do this please let us know.

Right of data portability. If you wish, you can request to transfer your data from us to another data controller. We will help with this, either by directly transferring your data for you or by providing you with a copy in a commonly used machine-readable format.

Right to lodge a complaint with a supervisory authority. You also have the right to lodge a complaint with your local supervisory authority, details of which can be found at: www.gov.uk/data-protection/make-a-complaint.

Use of cookies

Our website uses ‘cookies’, which are small pieces of information (text files) sent to your computer and stored on your device to allow our website to recognise you when you visit. They collect statistical data about your browsing actions and patterns and do not identify you as an individual. For example, we use cookies to know whether your visit is on a mobile, tablet or desktop computer, which helps us to deliver a better and more personalised service, or whether it is your first or a return visit.

It is possible to switch off cookies by setting your browser preferences. But turning off cookies may result in a loss of functionality when using our website.

For further information regarding the GDPR go to: www.ico.org.uk

 
 
SECURITY POLICY
 
The Internet is not a secure medium. We will take reasonable steps to ensure that data transmitted electronically to this website or otherwise and stored by us is not accessed by unauthorised third parties, in accordance with the requirements of the Data Protection Act. However, you accept the risk that data transmitted electronically to this website or otherwise may be intercepted before reaching the site or may be accessed from our data storage by third parties not authorised by us and may be exploited unlawfully by such parties.
 
Once we have received your information, we will use reasonable endeavours to keep it confidential and store it on a secure server which is password protected and hidden behind a firewall. Internal procedures cover the storage, access and disclosure of your information.
 
Your credit/debit card details are handled by Sagepay, a secure, regulated online payment gateway for card processing. Cardholder information is encrypted so that nothing you pass to the Sagepay servers can be examined, used or modified by any third parties attempting to gain access to sensitive information. However, e-mail correspondence with us is not encrypted, so please do not send any sensitive information such as credit/debit card details or passwords via e-mail.
 
This site may have links to other websites which have different privacy, trading and use policies and different terms and conditions. You should therefore familiarise yourself with these before you use or submit any personal data to those websites. We cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites, which are not governed by this privacy and security statement.