Data Protection, GDPR, Cookies, I have, hopefully, covered everything here.

 

Privacy Policy

Introduction

I, Samantha Newbury, am the data controller of your personal information as it relates to my business. I am committed to safeguarding the privacy of visitors to:

·         my Folksy Shop website (https://folksy.com/shops/SamanthaNewbury),

·         my website (www.smanf.com),

·         and my Facebook Page (https://www.facebook.com/samanthanewburybagsandpoems/)

and also of my customers, who may purchase my goods or books;

·         in person at events and craft shows

·         via my Folksy Shop

·         via the ‘Shop Now’ button on my Facebook Page (takes you to Folksy Shop)

·         via the links on my website (take you to Folksy Shop)

·         or via email/Facebook conversation and PayPal invoice.

What personal data do I receive from you and what do I use it for:

1, If you make a purchase from my Folksy Shop, I receive the following data from Folksy:

·         your Folksy User Name (which may be your email address),

·         your name

·         your delivery address.

In addition, because my Folksy Shop payments are handled by PayPal, I also receive the following data from PayPal:

·         your name

·         your address

·         your email address

·         and, possibly, your telephone number.

I use this data to process and send your order, and, if I am using a tracked method of delivery, I will send you an email confirming dispatch and tracking number. The lawful basis for my processing of your data in this instance is that it is necessary to fulfil my contractual obligations to you (Defined in Article 6 of the GDPR as ‘Contract’).

For further information about Folksy’s Privacy Policy - https://folksy.uservoice.com/knowledgebase/articles/54066-our-privacy-policy

2, If you ask to make a purchase from me via an email, Facebook or Messenger conversation I will send you a PayPal Invoice. To do this I require your email address in order to process the invoice and, when the invoice is paid, I receive the following data from PayPal:

·         your name

·         your address

·         your email address

·         and, possibly, your telephone number

I use this data to process and send your order, and, if I am using a tracked method of delivery, I will send you an email confirming dispatch and tracking number. The lawful basis for my processing of your data in this instance is that it is necessary to fulfil my contractual obligations to you (Defined in Article 6 of the GDPR as ‘Contract’).

 For further information about PayPal’s Privacy Policy - https://www.paypal.com/uk/webapps/mpp/ua/privacy-prev

3, If you make a credit/debit card purchase from me in person using my iZettle card reader and app, I receive the following data from iZettle:

·         date and location of transaction

·         partial credit card number (they block out some of the numbers).

I use this data to process your payment. The lawful basis for my processing of your data in this instance is that it is necessary to fulfil my contractual obligations to you (Defined in Article 6 of the GDPR as ‘Contract’).

For further information about iZettle’s Privacy Policy - https://www.izettle.com/gb/privacy-policy

4, In the event that you contact me in person, by email or via Facebook/Messenger to discuss a possible order or commission, I will make notes of your details and requirements and type these up as a design/proposal and/or quotation. The data I will request will vary, depending upon your requirements, but I will only ask for information that is necessary for me to produce the design/proposal and/or quotation. If you accept the design/proposal and/or quotation, the details you have provided will form part of your order/commission. The lawful basis for my processing of your data in this instance is that it is necessary to fulfil my contractual obligations to you (Defined in Article 6 of the GDPR as ‘Contract’).

5, If you send me an email, Facebook/Messenger message, or send me a message via my website contact form, I will retain that email/message only for as long as is absolutely necessary to process your query or request, and will delete obsolete emails and messages regularly.

For more information about my email service providers:

BT Yahoo - https://policies.oath.com/ie/en/oath/privacy/index.html

Facebook/Messenger - https://www.facebook.com/about/privacy/update

Mr Site - https://www.tsohost.com/legal/privacy-policy

6, If you choose to like and/or follow me on Facebook or Twitter you will be subject to their privacy policies:

Facebook: - https://www.facebook.com/about/privacy/update

Twitter: - https://twitter.com/en/privacy#update

7, I do not operate any form of customer database, mailing list or newsletter service.

8, I do not personally use any data analytics package or service, other than those that are an integral part of my Folksy Shop, Facebook Page and website – as far as I am able to tell these do not include any data that could personally identify you.

Sharing your personal data with others

There are occasions when I need to share your personal data with other people, for example, if I ship an order to you using a tracked delivery method, I have to share your name and address details with the shipping company so that they can provide me with a tracking number and track your delivery safely.

I will not share your data with anyone other than to fulfil my obligations to you as my customer, or to comply with my legal obligations.

The companies/organizations I currently share data with are:

The Royal Mail (for tracked deliveries etc.) - https://www.royalmail.com/privacy-policy

PayPal (to issue and process invoices/refunds) - https://www.paypal.com/uk/webapps/mpp/ua/privacy-prev

iZettle (to process credit/debit card payments/refunds) - https://www.izettle.com/gb/privacy-policy

Stoten Gillam (my accountants – to produce my annual accounts and tax return) - https://www.stotengillam.co.uk/disclaimer

International Transfer of Your Personal Data

I do not sell outside of the United Kingdom and I will not, personally, transfer any of your data anywhere internationally, however some of my service providers (Facebook, PayPal, iZettle, Twitter etc.) are international companies and you should check their privacy policies for further information.

Storage, Retention and Deleting of Your Personal Data

I will store your data only where it is necessary to fulfil my legal and financial (tax) obligations. In practice, this means that I will retain relevant records for six years after the financial year in which they take place in order to:

(a) comply with HMRC requirements

(b) protect my own and my customers’ interests under the Consumers Rights Act 2015 and other pertinent legislation.

Wherever possible I will avoid using customer data in my electronic records. Where it is unavoidable, files will be password protected.

It is necessary for me to back up my electronic data periodically to ensure I can maintain business continuity in the event of computer failure etc. Files will be backed up onto hard drives which will be stored securely. I do not use cloud storage.

Hard copies of invoices etc. are kept for accounting/tax purposes and are stored securely.

Amendments to this policy

This policy will be amended as and when necessary and the amended version uploaded to my website, Folksy Shop, Facebook Page etc. Please check for amended versions periodically.

Your rights under the General Data Protection Regulation 2018

You have the following rights with regard to your personal information:

1.    The right to be informed – I must tell you what personal data I typically hold, what I use it for, how long I keep it etc. (which is the purpose of this Privacy Policy).

2.    The right of access – if you ask me for it, I must supply you with a copy of your personal data.

3.    The right to rectification – if the details I hold about you are wrong and/or incomplete you can ask me to correct and/or complete them and I must do so.


4.    The right to erasure – in certain circumstances you can ask me to erase your details.

5.    The right to restrict processing – in certain circumstances you can request me not to process your data.

6.    The right to data portability – this only applies where data is processed by automated means.

7.    The right to object – in certain circumstances you can object to me processing your data.

8.    Your rights related to automated decision making including profiling – I do not use any automated decision making systems, but if you want to know more about this, or any of your other rights please see the Information Commissioner’s Office website - https://ico.org.uk/

Cookies

Cookies are little files that websites put onto your computer to store information about your preferences. That’s as far as my knowledge goes, if you want to know more about them try https://www.aboutcookies.org/ My website (www.smanf.com) uses very few cookies – they’re used to enable page navigation (necessary) and count page hits so I can see how my page is performing. 

Many of my service providers also use cookies – for example Facebook uses cookies to help me understand the kinds of people who like my Facebook Page. For more information see the relevant policy:

https://folksy.uservoice.com/knowledgebase/articles/54066-our-privacy-policy

https://www.paypal.com/uk/webapps/mpp/ua/cookie-full

https://www.facebook.com/policies/cookies/

Managing cookies – for more information on how to manage cookies please visit the relevant internet browser website:

·         Chrome - https://support.google.com/chrome/answer/95647?hl=en

·         Firefox - https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences

·         Opera - http://www.opera.com/help/tutorials/security/cookies/

·         Internet Explorer - https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies

·         Safari - https://support.apple.com/kb/PH21411

·         Edge - https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy

Please note that blocking or disabling cookies may affect the usability of my website.

How to contact me

This website is owned and operated by Samantha Newbury of Harlestone Close, Luton, LU3 4DW. You can contact me as follows:

Email – Samantha.newbury@btinternet.com

Or by sending a message via the contact form on my website - http://www.smanf.com/page47.htm

If you wish to make a complaint about data handling

You have the right to complain to the Information Commissioner’s Office if you believe there is a problem with the way I handle your data - https://ico.org.uk/