This notice sets out how and why we (Ginger & May) collect, handle and share your personal data. We may update this policy from time to time by updating this page.
WHO WE ARE
Ginger & May is an online retail business based in the UK and for the purposes of data protection law we are the “data controller” when you browse our website, shop with us online, contact us or subscribe to our newsletter.
HOW WE COLLECT INFORMATION ABOUT YOU
The data we have about you comes from several sources:
Directly from you…
for example, when you:
- register (create an account) on our website
- place an order on our website
- submit a comment or review
- contact us - via the website, by email, in writing or by phone
- engage with us on social media
- engage with us and provide your details at an event
- subscribe to our newsletter
- enter competitions we are running or involved in
- complete a survey or answer questions we pose
From someone making a purchase on your behalf…
if someone else makes a purchase on your behalf or as a gift for you they may provide us with your name and address for delivery. If you supply another person’s details please ensure they are happy for you to do so.
From other companies…
we may receive data about you from other companies if they have your permission to share it. For example, if you enter a competition and agree to having your personal information shared with us e.g. for marketing purposes or for us to send a prize to you.
THE INFORMATION WE COLLECT AND WHY
There are several reasons why we collect personal data, which includes personal information and contact details, transaction data, usage data, your comments, reviews and preferences, and technical data:
To fulfil an order we collect transaction data (e.g. details of the products, price, date) in addition to personal information and contact details:
- email address
- billing address
- the shipping name and address
- telephone number
To register an account on our website we collect your:
- email address
- user name
To keep you informed of news and offers by email, with your consent, we collect your:
- email address
To better understand our audience and to plan and review the effectiveness of advertising and marketing activities, and to tailor the mailings we send to you we may ask questions which are optional to answer. These may include:
- the age and gender of your children
- your relationship to children you shop for (e.g. parent, grandparent, family friend)
- your gender
- your age
- your income bracket
- the names of other stores in which you like to shop
- the names of blogs, magazines or publications you like to read
- the method by which you heard about or found the Ginger & May website
To track and analyse use of our website our systems gather a range of technical data, for example:
- internet protocol (IP) address
- device type
- browser type and version
- time-zone setting and location
- browser plug-in types and version
- operating system and platform and other technology on the devices you use to access our website.
WHAT WE USE THIS INFORMATION FOR
We use this information to:
- enable you to create an account on our website if you wish
- process your order, confirm it to you and arrange its delivery
- contact you if we have questions or information about your order
- request a review of your purchase or of our website
- respond to enquiries from you
- keep records to enable us to process refunds or exchanges
- keep records for statistical, analytical and accounting purposes
- send you our newsletter or other information, if you have requested this
- tailor our newsletter or marketing information so that it may be more relevant to you
- deliver relevant adverts to you via your browser and social media (re-targeting)*
- review our business and make informed decisions in relation to marketing, direction and growth
*we do not currently use behavioural remarketing (re-targeting) but will likely do so in the future and therefore include it here. Further information is given below.
WHO WE SHARE YOUR INFORMATION WITH
Like most e-commerce businesses, we use trusted third-party services to help us manage our business effectively and these relationships require relevant elements of customer data to be shared in order for the service to be provided. We use the services of third-party companies for the following purposes:
- payment processing
- parcel delivery, including via courier or directly from a designer or manufacturer
- advertising and marketing, including email marketing, and social media management
- managing product and site reviews
- record keeping and accounts
- website development, hosting and server storage
- email hosting
- running competitions
- affiliate marketing
The companies with which we have third-party relationships include (but are not limited to): Affiliate Window, Buffer, Facebook, Full Phat Design, Google +, Google Ads, Google Analytics, Hermes, Hootsuite, Instagram, Interparcel, Kashflow, Later, LCN, Linkshare, Mailchimp, Parcelforce, PayPal, Pinterest, Tradedoubler, Twitter, UPS and Yotpo.
We work with companies only where we are confident that data will be securely used and stored only for the purposes of fulfilling their service to us.
The General Data Protection Regulations has special rules for the transfer of personal data outside of the European Economic Area (EEA), in that such transfers should only take place where the EU Commission agrees the country concerned has adequate protection for the rights and freedoms of individuals or, if the data transfer is to the USA, where the company is a member of the EU-US Privacy Shield. Some of the companies we work with involve transfer of data outside the EEA: to Canada, a country with adequate protection status, and to the USA where the companies are members of the EU-US Privacy Shield.
Behavioural remarketing (re-targeting)
THE LAWFUL BASIS WE HAVE
Every business is required to have and set out the lawful grounds on which the collection and sharing of personal data is based. Ours are as follows:
- Contract: The collecting of personal data is necessary for us to be able to fulfil the “contract” you request by creating an account or place an order, or "pre-contract" because you have asked for some information so that you may decide whether to place an order or register an account.
- Consent: For our marketing mailings (newsletter) we require your consent. You may withdraw your consent at any time (“unsubscribe” information is provided in every mailing). We do not currently send marketing mailings by post or text and if introduced would require your explicit consent to do so.
- Legal compliance: We may use or share your data where we are required to comply with a legal or regulatory obligation, for example in providing information to the police or in keeping records for accounting and tax compliance.
HOW LONG WE KEEP YOUR DATA
We will keep your data only for as long as it is necessary to fulfil the means for which it was collected and to fulfil the necessary requirements of our business. In practice this means:
- data collected at the time of placing an order will be kept for 7 years, initially to fulfil the order and deal with any refunds, enquiries or product recalls relating to it, and beyond this for accounting and tax purposes. At this point, the record of your order will be deleted or anonymised (so that it can continue to be used for statistical analysis but not to identify you).
- if you have created an account this will remain active until such point as you ask us to delete it.
- emails sent to and from us are deleted after 1 year.
- if you have consented to receive our newsletter we will keep your name and email address on our distribution list for only as long as you wish to continue receiving mailings. When you unsubscribe your information will be deleted from our list. There is an unsubscribe link in every email we send.
YOURS RIGHS IN RELATION TO YOUR PERSONAL INFORMATION
You have a number of rights in relation to your personal data. More information on these can be found on the Information Commissioner’s Office (ICO) website. In brief, these are:
- The right of access: you may request a copy of the data we hold about you and we will provide this free of charge within one month.
- The right to rectification: if you think there are inaccuracies in the data we hold or if it is incomplete or out-of-date and you would like it changed, you can log-in to your account and update the details or request that we do so.
- The right to erasure: otherwise known as the right to be “forgotten”, this means you can ask, in certain circumstances, to have your data deleted.
- The right to restrict processing: in certain circumstances you can request the restriction or suppression of your personal data which means we would be able to store it but not use it.
- The right to data portability: in certain circumstances you can request that we transmit your data to another data controller.
- The right to object: in certain circumstances you can object to the processing of your personal data for our legitimate interests. You have an absolute right to stop your data being used for direct marketing which you can do at any time by withdrawing your consent by using the unsubscribe link included in our emails, or by contacting us directly.
- Rights in relations to automated decision making and profiling: we don’t do this.
What cookies are…
Why we use them…
Some cookies allow the basic functions of our website to perform, for example by setting the language and storing items in the shopping cart whilst you browse the site and complete your order. Others allow it to “remember” your preferences, registration details or cart contents for a future visits.
Why we allow other sites to place cookies…
Cookies are used to provide helpful tracking information such as the number of visitors to our site, what device and browser they are using, how they reached us (e.g. via a search engine, via an ad, via social media etc), the pages that have been visited, the average time spend on the website and so on. We monitor this information through Google Analytics. It is all anonymous so we know someone visited our site but not who.
Like many retailers, by tracking your browsing and actions on our website, cookies can also help us with marketing, for example, they would allow for you to be shown relevant adverts such as products you have shown an interest in or related items (known as behavioural marketing or re-targeting). We use Google and Facebook (including Instagram) for advertising and although currently do not cookie placement for re-targeting marketing we may do so in the future.
We use a third party, Yotpo, to request a review after a purchase has been made, and they have placed a cookie on our website to enable the flow of information required for this.
Don’t want cookies?
If you wish to disable cookies you can do so by changing the settings of your internet browser, but this will affect the functions and usability of our website and your experience of it.
Want more information about cookies?
You can find out more about cookies at www.allaboutcookies.org
You can make choices about behavioural advertising on www.aboutads.info/choices.
LINKS TO OTHER WEBSITES
Whilst we retail products for children, our website is not intended to be used by children and we therefore do not knowingly collect any personally identifiable information from children. If you become aware that a child has provided us with personal data please contact us and we will remove it.
In order to prevent unauthorised access or disclosure of your personal information, we have in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
Our website is hosted on a secure server which uses 256-bit SSL encryption to protect the personal information you provide to register, log-in, order from or otherwise interact with the website. Data shared with third-party services is held in secure cloud-based environments. We do not hold any customer data on local PCs or local storage devices, and paper copies of records are securely stored. As stated above, all card transactions and payments are handled by PayPal's secure processing system and no card or bank details are received, collected or stored by Ginger & May. To be taken to PayPal's website for further information on their security please click here.
Having said this, you will be aware that no data transmission over the internet or stored on servers is guaranteed to be totally secure or free from the risks of using the internet.
If you register with the website you are responsible for ensuring that your password and account remain confidential and we shall not be liable for any inconvenience or loss that arises as a result of your failure to do so. You can modify the details held on your account or subscribe/unsubscribe to the newsletter by going to My Account and following the relevant links. If you wish to have your account deleted from our database please contact us and we will do this for you without delay.
HOW YOU CAN CONTACT US
You can contact us by:
- using the contact us page on our website
- email to email@example.com
- phone on 01929 792801
- writing to us at our correspondence address: Ginger & May, 2 The Longhouse, Peveril Road, Swanage, Dorset, BH19 2DQ.
HOW TO COMPLAIN
If you have any concerns or complaints about the way we handle your data please contact us in the first instance with details to firstname.lastname@example.org
If you are not satisfied with the outcome, you may wish to contact the Information Commission’s Office (ICO) online via https://ico.org.uk/concerns/handling/
Last updated: 24 May 2018