Information I Collect
When you place an order with me, I receive only the required information in order to process your order. These details will include your name, email address, postal address, payment choice and the details of the product that you are ordering. I do not receive any card or bank details. You may also choose to provide me with additional personal information (for a custom order). The information you provide is used to fulfil your order on a “contract” basis and is only used for the purpose of communicating with you regarding your purchase and for delivery of items. Your personal information will not be added to any mailing list and you will not be contacted by me for marketing or advertising purposes.
If you contact me with an enquiry about a custom item, or for any other reason, you may provide me with some/all of the following: name, email address and postal address, as required to address your enquiry. The legal basis for collecting this data is “legitimate interest”. The data is held within the system used to make the enquiry. I will not use this data for any purpose other than addressing your enquiry.
Why I Need Your Information and How I Use It
I rely on a number of legal bases to collect, use, and share your information, including:
• as needed to provide my services, such as when I use your information to fulfil your order, to settle disputes, or to provide customer support;
• when you have provided your affirmative consent, which you may revoke at any time, such as by signing up for a mailing list;
• if necessary to comply with a legal obligation or court order or in connection with a legal claim, such as retaining information about your purchases if required by tax law; and
Information Sharing and Disclosure
Information about my customers is important to my business. I share your personal information for very limited reasons and in
limited circumstances, as detailed below. I will never sell or rent your personal data. To process your order and to fulfil your contract with us, your information is shared with some third parties, where necessary. I am not responsible for how these third parties process your data, please see their individual privacy policies (links below)
• Service providers. I engage certain trusted third parties to perform functions and provide services to my shop, such as Royal Mail, Google Mail, Dropbox and Paypal. I will share your personal information with these third parties, but only to the extent necessary to perform these services. The website provider I use, Wix, has cookies enabled for my site to make sure your computer (or other device) is recognised when you visit it again
• Business transfers. If I sell or merge my business, I may disclose your information as part of that transaction, only to the extent permitted by law.
• Compliance with laws. I may collect, use, retain, and share your information if I have a good faith belief that it is reasonably necessary to: (a) respond to legal process or to government requests; (b) enforce my agreements, terms and policies; (c) prevent, investigate, and address fraud and other illegal activity, security, or technical issues; or (d) protect the rights, property, and safety of my customers, or others.
Wix website - https://www.wix.com/about/privacy
Royal Mail – https://www.royalmail.com/privacy-policy
Instagram - https://help.instagram.com/519522125107875
Dropbox - https://www.dropbox.com/security/GDPR
I generally keep your data from orders for 7 years and your data from enquiries for 30 days.
My accounts, which only contain your name and order details, are stored on Dropbox, on a laptop that has a password and Norton security. Any hard copies are kept in a locked filing cabinet.
You have a number of rights in relation to your personal information. I describe these rights below:
• Access. You have the right to access and receive a copy of the personal information I hold about you by contacting me using the contact information below.
• Change, restrict, delete. You also have rights to change, restrict my use of, or delete your personal information. Except for exceptional circumstances (like where I am required to store data for legal reasons) I will generally delete your personal information upon request.
• Object. You can object to (i) my processing of some of your information based on my legitimate interests. In such cases, I will delete your personal information unless I have compelling and legitimate grounds to continue using that information or if it is needed for legal reasons.
• You also have the right to complain to the ICO (www.ico.org.uk) if you think your data has been collected/used or shared inappropriately.
How to Contact Me
For purposes of EU data protection law, I, Beverley Chrysostomou of The Heartwarming Chocolate Company, am the data controller of your personal information. If you have any questions or concerns, you may contact me at . Alternately, you may mail me at: Beverley Chrysostomou, The Heartwarming Chocolate Company, 4 Virginia Road, Whitstable, Kent CT5 3HY
We will report any unlawful data breach to any and all relevant persons and authorities within 72 hours of the breach, if it is apparent that personal data stored in an identifiable manner has been stolen.
Version 2 - updated on 14th May 2020 - changes to business name and who I may share info with.