This privacy statement provides you with details of how we collect and process your personal data through our site www.nilaholden.co.uk, including any information you may provide through our site when you purchase a product or service, sign up to our newsletter or other resources.
By providing us with your data, you warrant to us that you are over 13 years of age
The data controller responsible for your personal data is Nila Holden (referred to as “we”, “us” or “our” in this privacy notice).
Full name of legal entity: Nila Holden Ltd trading as Nila Holden
Email address: firstname.lastname@example.org
If at any time you are unhappy with how we collect or use your data, we would ask that contact us in the first instance as we are confident we can resolve the issue for you.
You have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk).
We are keen to ensure that the information we hold about you is accurate and up to date. Please inform of any update to your information by emailing email@example.com
2. DATA WE COLLECT
We may collect and process the following personal data about our customers:
- Identity Data may include first name, maiden name, last name, username, marital status, title, date of birth and gender of customers
- Contact Data may include billing address, delivery address, email address and telephone numbers of customers
- Financial Data may include bank account and payment card details of customers
- Transaction Data may include details about payments and other details of purchases made by customers.
- Technical Data may include login data, internet protocol addresses, browser type and version, browser plug-in types and versions, time zone setting and location, operating system and platform and other technology on the devices customers use to access our site.
- Profile Data may include username and password, purchases or orders, customers interests, preferences, feedback and survey responses.
- Usage Data may include information about how customers use our website, products and services.
- Marketing and Communications Data may include customer preferences in receiving marketing communications from us and our third parties and customer communication preferences.
We do not collect any Sensitive Data about our customers. Sensitive data refers to data that includes details about race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about health and genetic and biometric data. We do not collect any information about criminal convictions and offences.
Where we are required to collect personal data by law, or under the terms of the contract between ourselves and our customers and the customer does not provide us with that data when requested, we may not be able to perform the contract (for example, for the delivery of goods or services). Where this is the case, we may have to cancel a product or service but if we do, we will notify the customer.
3. HOW WE COLLECT YOUR PERSONAL DATA
We collect data about you through a variety of different methods including:
Direct interactions: You may provide data by filling in forms on our site (or otherwise) or by communicating with us by post, phone, email or otherwise, including when you:
- order our products or services;
- create an account on our site;
- subscribe to our service or publications;
- request resources or marketing be sent to you
- Third parties or publicly available sources: We may receive personal data about you from various third parties and public sources as set out below:
- Technical Data from the following parties:
- analytics providers such as Google based outside the EU;
- Contact information from Activecampaign, an automated marketing service provider based in the USA.
- Contact, Financial and Transaction Data from providers of technical, payment and delivery services from Stripe, USA.
- Identity and Contact Data from publicly availably sources such as Companies House and the Electoral Register based inside the EU.
- Our store is hosted on Weebly Inc who provide us with the online e-commerce platform that allows us to sell our products and services to you. Your data is stored through Weebly’s storage mechanisms.
All payments are processed via Stripe who stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
4. HOW WE USE YOUR PERSONAL DATA
We will only use your personal data when legally permitted. The most common uses of your personal data are:
- Where we need to perform the contract between us.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal or regulatory obligation.
Generally, we do not rely on consent as a legal ground for processing your personal data, other than in relation to sending marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by emailing us at firstname.lastname@example.org