This policy has been prepared with due regard to the data protection laws applicable to the data processing activities performed by Sunwarrior and Global By Nature Ltd in the countries in which we operate (“applicable laws”), including the General Data Protection Regulation (“GDPR”) and any subsequent amendment or legislation passed to enact GDPR into UK law. Although the GDPR applies to EU subjects and processing in the EU, Global by Nature Ltd has chosen to apply the GDPR standard of data protection to all data subjects whose personal information we collect and process irrespective of the place of collection and processing. This notwithstanding, it may still be necessary to apply different standards in response to the laws in different countries and it is possible that we may issue addendums for specific countries in which we operate, and where appropriate.
Our Registered Office address is 7A Old Forge,
Barnsley Park Estate,
GL7 5EG. The company registration number is 02835270
Data Protection Officer
Global by Nature Ltd
7A Old Forge,
Barnsley Park Estate,
or email: firstname.lastname@example.org
Section 1 – What do we do with your information?
When you purchase something from our store, as part of the buying and selling process, we collect the personal information you give us such as your name, address and email address.
When you browse our store, we also automatically receive your computer’s internet protocol (IP) address in order to provide us with information that helps us learn about your browser and operating system.
Email marketing (if applicable): With your permission, we may send you emails about our store, new products and other updates. When you provide such personal information, you accept that we may retain your personal information and that it may be held by us or any third party that processes it on our behalf for the purposes of providing the information, goods or services which you have requested. Any third parties who process personal information on our behalf are required to maintain the confidentiality and privacy of the personal information that they process for us. When we provide you with products or services we may collect and store any personal information that you provide to us. We may, for example, keep a record of your name, address, delivery address, email address, telephone number and payment card details.
We will use your data for the following purposes:
to provide products and services you request or have expressed an interest in
for marketing to you via email, phone, mobile messaging, direct mail, or social media
to administer any competitions, voting, quizzes, and or other offers/promotions which you enter
to create an individual profile for you so that we can understand and respect your preferences
to communicate with you if any products or services you have requested are unavailable
for fraud screening and prevention purposes
for record keeping purposes
to carry out market research so that we can improve the products and services we offer
to track your activity on our digital platforms
to personalise and improve your experience on our digital platforms
to personalise any communications that we may send you
to respond to your correspondence, so that we can reply to your enquiries and requests in an efficient and effective manner
When you sign up with us for an online account, register to receive marketing communications from us (and/or our official partners), enter one of our competitions, fill in one of our forms (whether online or offline) or otherwise expressly provide us with your personal information, we may collect and store any personal information that you provide to us and may use it to personalise and improve your experience on our digital platforms, provide products and services you request from us, and carry out market research.
When you interact with our digital platforms, we may also automatically collect the following information about your visit. This is primarily to help us better understand how our fans use our digital platforms to enable us to create better content and more relevant communications:
how you have reached our digital platform, the internet protocol (IP) address you have used, and the MAC address of your device
your operating system, browser type, versions and plug-ins
your journey through our digital platform, including which links you click on and any searches you made, how long you stayed on a page, and other page interaction information
offers you have redeemed
what content you like or share
which pop up or push messages you might have seen and responded to
information collected in any forms you complete
location based services
We may also infer your country of location from the IP address you have used to access our digital platforms.
We may also generate, use and disclose aggregated and/or anonymised information and statistics about our website and digital platform visitors for marketing and strategic purposes. However, no visitor will be individually identifiable from these aggregated and/or anonymised information and statistics.
Section 2 - Disclosure of your information
In order to provide our products and services to you or to otherwise fulfil contractual arrangements that we have with you, we may need to appoint other organisations to carry out some of the data processing activities on our behalf. These may include, for example, payment processing organisations, delivery organisations, fraud prevention and screening and credit risk management companies, and mailing houses.
We may share your data with advertising networks and/or social media platforms for the purposes of selecting and serving relevant adverts to you via those networks/platforms, and to search engine and analytics providers.
We may share your data with third parties:
(a) if we are under a legal or regulatory duty to do so
(b) if it is necessary to do so to enforce our terms and conditions of sale or other contractual rights
(c) to lawfully assist the police or security services with the prevention and detection of crime or terrorist activity
(d) where such disclosure is necessary to protect the safety or security of any persons
and/or (e) otherwise as permitted under applicable law.
Section 3 - Updates and your rights
If you would like to update your records, you can do so by changing your profile on our website. We encourage you to promptly update your personal information if it changes.
You have the right to ask for a copy of any personal information that we hold about you in our records, to correct any inaccuracies and to update any out-of-date information. Please write to us at the address listed above should you wish to do so.
We will provide a copy of your information free of charge. However, if the request is deemed manifestly unfounded or excessive then we will charge a ‘reasonable fee’ covering our administration costs.
section 4 - RETENTION POLICY
Sunwarrior will only retain data for as long as it is required. Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
Section 5 - Shopify
Our store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you.
Your data is stored through Shopify’s data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall.
If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.
PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
For more insight, you may also want to read Shopify’s Terms of Service (https://www.shopify.com/legal/terms) or Privacy Statement (https://www.shopify.com/legal/privacy).
Section 6 - Cookies
There are two broad categories of cookies – ‘first party cookies’ and ‘third party cookies’. First party cookies are cookies that are served directly by the website operator to your computer and are used only by the website operator to recognise your computer when it revisits that site. Third party cookies are served by a service provider on behalf of the website operator and can be used by the service provider to recognise your computer when it visits other websites. Third party cookies are most commonly used for website analytics or advertising purposes.
Section 8 - Security
Security is very important to us. Secure Socket Layer ("SSL") encryption technology is used for protection of information in transit for any sensitive transactions such as payments. Additional security procedures are in place to protect the confidentiality, integrity and availability of your personal information.
To enhance the security when purchasing through our online store we currently use 'Verified by Visa' and 'MasterCard SecureCode' as a part of the payment process.
Verified by Visa' and 'MasterCard SecureCode' are schemes that have been introduced by card issuers to help tackle online fraud. These schemes are known as '3d Secure' and Tottenham Hotspur, like many other retailers, are committed to fraud prevention. By participating in either scheme, your online shopping experience will be more secure.
To further protect your credit, debit or charge card against use without your consent, we may validate name, address and other personal information supplied by you during the order process against appropriate third-party databases. In performing these checks personal information provided by you may be disclosed to a registered Credit Reference Agency which may keep a record of that information. You can rest assured that this is done only to confirm your identity, that a credit check is not performed and that your credit rating will be unaffected.
In addition, we have security procedures in place to protect our physical records and computerised databases from loss and misuse, and only allow access to them when it is absolutely necessary to do so, and then under strict guidelines as to what use may be made of the personal information contained within them.
Section 9 - Internet-based transfers
Given that the Internet is a global environment, using the Internet to collect and process personal information may involve the transmission of personal information on an international basis. Therefore, by using our websites and digital platforms and communicating electronically with us, you acknowledge our processing of personal information in this way. However, we will endeavour to protect all personal information collected through our websites and in accordance with strict data protection standards.