At Giftspage Limited we recognise that data protection and security is a major concern in today’s digital world. That is why at Giftspage Limited we are committed and comply with the Data Protection Act 1998 as well as the General Data Privacy Regulation (GDPR) and publish this information so you can understand how we collect information from you and for whom such information is disclosed and what your rights are.
In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.
However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies with respect to the information we are required to provide to them for your purchase-related transactions.
For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.
In particular, remember that certain providers may be located in or have facilities that are located in a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
We take every precaution necessary to ensure that your data is kept safe and secure. As our store is hosted by Shopify Inc. They store your data on a secure server, behind a firewall in a safe environment. They provide us with the online e-commerce platform that allows us to sell our products and services to you.
We use Shopify as our e-commerce platform because they meet all six categories of PCI DSS standards (Payment Card Industry Data Security Standard)
We use SSL (Secure Socket Layer) encryption technology for the protection of information in transit for sensitive transactions such as payments.
We do not store or process your card details ourselves, they are processed and stored via one of our contract third-party providers (see below).
Shopify Payments powered by Stripe (Visa, MasterCard, American Express)
Accelerated Payments via Shopify Payments (Shopify Pay, Apple Pay, Andriod Pay)
Paypal Express Checkout
Only Employees and any third party service providers who need the information to perform a specific task are granted access to personally identifiable information.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
You acknowledge that the internet is not a completely secure medium for communication and, accordingly, we cannot guarantee the security of any information you send to us (or we send to you) via the internet. We are not responsible for any damages which you, or others, may suffer as a result of the loss of confidentiality of such information.
We will only retain personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period of for personal data, we consider all factors and the potential risk of harm of unauthorised access and our legal regulatory obligations.
For example, details of your order will be kept for as long as we need to retain that data to comply with our legal and regulatory requirements. This is generally 7 years unless the law prescribes a longer / shorter period.
In regards to the photo products we sell we will request photos at the time of purchase. These will be stored on the Marketplaces Servers (Shopify, NOTHS, Next, Etsy). At the point of personalising and making your order, they are downloaded for the sole purpose of creating your photo product. They are then locally stored on our highly encrypted server with a secondary firewall in place for up to three months to cover any replacement, reprints, and proofs requested by yourself. After this time they are permanently deleted from our servers. The original images will still be stored on the marketplaces servers in accordance with regulatory and legal obligations.
You are entitled to request the following for Giftspage Limited, these are called your Data Subject Rights and there is more information on these on the information Commissioners website www.ico.org.uk
If you have any questions about your rights or the need to exercise them please contact firstname.lastname@example.org What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your rights to access your personal data (or to exercise any other rights). This is a security measure to ensure that your personal data is only disclosed to a person who has the right to receive it. We may ask for further information in order to speed up a request made by you.
When you click on links on our store, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
We may need to update this Policy at any time and without notice and where we do this we will notify you by including pop up boxes on our website and/or emailing our customers. This policy was last updated on 24th May 2018
If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information.
Please contact our Privacy Compliance Officer
[RE: Privacy Compliance Officer]
115 Station Approach
BR6 6DQ, UK