As of 25 May 2018, the new European General Data Protection Regulation (GDPR) comes into effect. The GDPR changes how personal data can be used, and also allows individuals to be able to find out what information organisations have about them, and to have that data deleted in certain circumstances.
What Information Does U-Handbag Collect?
We may collect the following information:
* Contact information including email address and telephone number
* Demographic information such as postcode
* Other information relevant to customer surveys and/or offers
How Do We Use Your Personal Data?
U-Handbag uses personal data in four different ways:
* To see how users, in general, view our website in order to make improvements to this website and improvements to the variety of products we offer.
* To respond to enquiries.
* To fulfil any contractual agreement with a customer.
* To fulfil our legal requirements for reporting of income to the UK tax authority.
U-Handbag values your privacy and therefore we will never sell any customers personal information to anyone else.
What Personal Data Do We Collect & Who Has Access To It?
The personal data collected depends on how an individual interacts with U-Handbag. This may be by viewing this website, contacting us directly, interacting via any of our social media or purchasing a product. The majority of personal data is passed electronically to U-Handbag by other companies and therefore these companies will have access to that data too. We have therefore split this information up by how we receive personal data:
Occasionally we will receive personal data directly from a customer. This is typically when a customer orders via phone or a product return has been initiated and a customer has provided their name and other personal details when returning the item for a refund or for an exchange.
Any personal data that is in paper form is shredded before it is discarded. As information in paper form is typically related to an order, due to legal requirements for UK income reporting, this information will be kept for a significant time period. Please see the "How Do I Make A Personal Data Information Request & Request For That Information To Be Deleted?" section below for more information.
We use Google Analytics to see how viewers browse our website. We look at general trends of viewers rather than at an individual specific level. The type of personal data Google Analytics collects is:
* IP address
* Country location
* Type of viewing device
Google Analytics doesn't currently have the ability for us to be able to delete an individual users data from the information collected. However, they do now allow data to be automatically deleted after a chosen time period. As we look at general viewer trends from this data, it's useful for us to have a decent timeframe to see how that usage changes. However we realise that people do not want that data to be held indefinitely, therefore we have enabled automatic deletion as follows:
* The data held within our Google Analytics account has been set to automatically delete after 26 months.
We use a variety of social media:
* Typepad blog
Social media websites typically require a user login and therefore should enable you to delete any online comments directly yourself. If you message us via one of these websites, the type of personal data that we might receive through a social media website are:
* Email address
We do not specifically delete any interactions through our social media websites, therefore if you wish for us to delete direct messages, then please contact us.
We also receive automatic emails when a customer places an order with us through this website or via PayPal if payment has been made via their service. The type of personal data that we receive through these sales confirmation emails are:
* Email address
* Telephone number ^^
^^ This website is the only one through which we receive emails containing telephone number information.
Any direct emails, emails generated from other websites messaging systems and sales confirmation emails will be kept until such time as deletion has been requested or when we automatically carry out our yearly personal data deletion process. Please note that due to legal requirements for UK income reporting, emails regarding orders will be kept for a significant time period. Please see the "How Do I Make A Personal Data Information Request & Request For That Information To Be Deleted?" section below for more information.
PayPal & Sagepay
We use PayPal and Sagepay as our payment providers. The type of personal data that PayPal & Sagepay provides us with is:
* Email address
PayPal & Sagepay holds payment details on their secure servers and NEVER provide us with any card payment data.
This website is hosted by Shopify. Therefore any information that you enter either through our contact form or through placing an order, Shopify will also have access to that information. Please note that, just like us, Shopify will not have access to your payment data as this information is entered directly into PayPal or Sagepay's website as part of the checkout process.
Should you wish for your data to be removed from the admin area of our website please contact us.
How Do I Make A Personal Data Information Request & Request For That Information To Be Deleted?
A request can be made at any time via our contact form. Please be specific as to whether you are making a personal data information request, or whether you are making a personal data deletion request.
* Under GDPR rules, we have one month to reply in full to any request.
* Replies to requests for personal data information will detail what type of personal data information we hold about you.
* Replies to requests for personal data deletion will detail whether we had personal data information about you and confirm whether that data has been deleted. Please note that not all personal data deletion requests will be fulfilled. Any information pertaining to an open order will be kept until that order has been completed, plus order information will need to be kept for a time^^^ for us to fulfil our legal requirements for reporting of income to the UK tax authority.
^^^ Records of income for a UK business need to be kept for at least 5 years after the 31st January submission deadline of the relevant tax year. If no deletion request is made sooner, we will delete any paper records and email containing personal data information in May, for the appropriate reported tax year. (For example, if a purchase is made on 6th April 2018 at the beginning of the tax year, that information has a submission deadline of 31st January 2020. That data would then need to be kept until 31st January 2025.) This means that personal data could be held for approximately 7 years. By setting a yearly time period to delete data that is no longer legally needed, and including deletion of any other personal data that we received for the same time period, ensures that we do not hold personal data information indefinitely.
How Do I Make A Complaint?
If you believe U-Handbag has misused your data in any way, please contact us to let us know. If you are unsatisfied with our response, or unsatisfied with our response to a personal data deletion request, under GDPR you have the right to lodge a complaint with a supervisory authority. The UK supervisory authority is the Information Commissioner's Office (ICO).
* If you wish to make a complaint please click on the link for the ICO's contact details.