At Supercrafts we take your privacy very seriously and we are committed to keeping your data secure and private. We do not sell, trade or otherwise pass on your personal data to other third parties with the exception of trusted third parties required for operation of our websites (see trusted third parties section).
1) What personal data we store
First and Second Names
Date of birth (optional)
Account passwords (in encrypted format)
2) What other data non-personal data we store
Your order history
Past correspondence from website contact forms or emails.
Session data such as IP address and cookies
3) Why and how we use your data
3.1 Personal data such as Name, billing/shipping address, contact number, order history - This data is stored for accounting, billing, insurance, and HMRC purposes and is in some cases a legal requirement. We also use this information to help in providing customer support during order enquiries.
3.2 Email address - Your email address will/may only be used for the follow reasons:
Account email address confirmation at time of account creation for our web store (supercrafts.co.uk) and blog (blog.supercrafts.co.uk).
When a forgotten password request has been made for one of your accounts.
Updates to any pending orders such as order confirmation, order despatched, out of stock notification etc.
A single product review request for each order placed via our web store – this will be sent out 15 days after your order is placed and will invite you to leave feedback on up to 3 previously purchased items chosen at random.
Mailing list. If you have specifically opted in to our mailing list, you, on occasion, receive emails notifying you of new products or offers available from our own website(s).
3.3 Other non-personal data - Other non-personal session/tracking related data is collected via website cookies, server logs, and using Google analytics. No personal data is collected or stored using these methods and the data is only used for site operations and monitoring purposes.
4) How long we keep your data for
We retain your data to allow us to provide a high quality service and for legal purposes. We will retain this data for as long as is necessary and in accordance with the law.
5) How we store your data
Your data is stored on our own servers and on our third party hosting services (see trusted third parties).
6) Your rights regarding your data
The General Data Protection Regulation (in effect from 25th May 2018) gives you a number of rights regarding the data we collect. These include the following:
6.1 The right to be informed - about how we collect and use your data.
6.2 The right of access (Subject Access Request) which gives you the right to request a copy of all the data we hold about you. You can make an SAR request by sending an email to firstname.lastname@example.org. We will endeavour to provide this information as quickly as possible (within one moth of the original request) and in accordance with the law but as part of the process we will require confirmation of identity and may request additional information to aid in the process. We have the right to refuse a request when it is deemed to be manifestly unfounded or excessive. In which case you will be informed why your request has been refused.
6.3 The right to rectification - Changes to your information can be made via the settings section of your web store/forum/blog account. Any changes to information not available via your account settings can be made by sending an email to email@example.com.
6.4 The right to erasure - Should you wish to have your account(s) and data deleted you can send a request via email to firstname.lastname@example.org. Please note that we are legally required to retain some data relating to previously placed orders.
6.5 The right to restrict processing - You can request that processing of your data is blocked.
6.6 The right to data portability – You can request transfer of your data to another business.
6.7 The right to object – You can object to any form of processing of your data.
6.8 The right not to be subject to automated decision-making including profiling – You can request where a decision being made about yourself by an automated process, be intervened by a human, or request an explanation of the process.
6.9 Should you believe that we are not using your data in accordance with the law you can make a complaint to the regulator (The Information Commissioners Office ICO). Before contacting the ICO we would request that your contact us first so that we can attempt to rectify any concerns or queries that you have. You can contact the ICO via the following methods.
Phone: 0303 1231113
Letter: The Information Commissioner's Office
7) Trusted third parties
To allow us to operate as a business and improve our services we require the use of some third party services. These are trusted third parties and how we use them is outlined below:
Web hosing services – These are used for the operation and hosting of our websites and will store some personal information such as name, address, email, sales history. Other none-personal information may also be stored, such as session data, including cookies.
Email hosting services – Used for emailing services including direct correspondence and mailing lists made directly by ourselves.
Database storage service – Used to store secure database information relating to your order history including name, address(s), email, and ordered items. No password, or payment information is stored.
Product review request service – Used to send out an invitation to review recently purchased products.
Payment gateway services – Used for handling of sensitive credit/debit payment information and is conducted over a secure SSL connection. We do not see or store your payment information. As part of the payment process you may receive a payment confirmation email via our payment gateway provider and may be contacted by them should there be a problem processing your payment.
Google analytics – Used to track session activity whilst browsing one of our websites. No personal data is stored by this service and it is used purely for the purpose of website monitoring and service improvements.
Should you wish no know more about the above services please email email@example.com
8) Last change of policy
This policy was updated on 22/05/2018