Privacy Notice
This notice was last updated on: 08/12/22 and is version 1.
Welcome, our privacy notice is here to help you understand how we manage and protect your information as you use our website.
Scope
As a visitor to our website, this notice applies to you. We may also refer to you as a User.
Pressie Heaven act as the 'data controller', and are responsible for determining the purposes and manner in which your Data is collected.
This notice does not apply to websites outside of our website domain (pressieheaven.co.uk) and it's subdomains (subdomain.domain.co.uk). This includes any websites we provide links to.
Further information
About Us Pressie Heaven is registered with the UK Information Commissioners Office (ICO) as a data controller, our registration number is ZB459766.
Links and Social Media This notice does not apply to websites outside of our website domain (pressieheaven.co.uk) and its subdomains (subdomain.domain.co.uk). This includes any websites we provide links to social media networks. Please refer to the relevant privacy policy for that website for details about how they process your personal information.
Other Relevant Policies This privacy policy should be read alongside, and in addition to the following additional terms, which also apply to your use of our site:
-
Our Terms of Service
-
Our Cookie Policy
Definitions We use the following definitions in our privacy notice:
Data aka personal data: Any information you submit to our Website will be considered as Data. This includes where applicable Personal Data, as defined by relevant Data Protection Laws.
Cookies: Are small text files placed on your computer by this Website when you visit certain parts of the Website and/or when you use certain features of the Website. Details of the cookies used by this Website can be found within our Cookie Policy
Data Protection Laws: Covers any applicable law relating to the processing of Personal Data, including the Data Protection Act 2018, the General Data Protection Regulation (EU) 2016/679, Directive 96/46/EC (Data Protection Directive), and any national implementing laws, regulations and secondary legislation, for as long as the GDPR is effective in the UK;
Pressie Heaven, we or us: Pressie Heaven, based in Churcham, Gloucestershire.
User or you: Any visitor that comes to see our Website, except for anyone who is either employed by us or is engaged in providing business services to us when accessing this website.
Website: the website that you are currently visiting, and any sub-domains of this site unless expressly excluded by their own terms of use.
General
You may not transfer any of your rights under this policy to any other person. We may transfer our rights under this privacy policy where we reasonably believe your rights will not be affected
If any court or competent authority finds that any provisions of this privacy policy (or part of any provision) is invalid, illegal or unenforceable, that provision or part-provision will, to the extent required, be deemed to be deleted, and the validity and enforceability of the other provisions of this privacy policy will not be affected.
Unless otherwise agreed, no delay, act or omission by a party in exercising any right or remedy will be deemed a waiver of that or any other, right or remedy.
This agreement will be governed by and interpreted according to the law of England and Wales. All disputes arising under the Agreement will be subject to the exclusive jurisdiction of the English and Welsh courts.
Data we collect and how we collect it
Contact Details such as your name, email address & telephone number.
— When you enter details into our contact us form or contact us directly via our contact form.
Order Information including your full name, email address, contact details, home address and delivery address (if different), payment details (see further information).
— Collected when you complete our Order form and make a payment.
User account including email address and chosen password
— Collected when you sign up to an account on our website. Your account will contain your saved Contact Details and Order Information (if you have purchased an item from us).
Technical Data collected as you use the website, including your IP address, browser type, version, device details.
— Automatically from the use of our website.
Further information
Sensitive or special category data Just to let you know, we don't use our website to collect anything categorised as special category information. For example racial or ethnic origin, political opinions, health data etc.
Children's data Our website and services are provided to businesses and are intended for use by those 18 or older. We do not knowingly collect personal data from anyone under 16 years old.
Cookies We will collect your Data automatically via cookies, in line with your decision according to our Cookies Policy. For more information please see our Cookies Policy
Payments All payment details are processed through our payment provider Wix Payments using a secure payment form and 3D secure payments. We will never see the full details of your payment card. Please do not share your payment card details with us over email or through our contact form.
How we use Data collected and why
Under applicable data protection law, we will process personal data where we have defined a legitimate purpose and a lawful basis for doing so.
Getting in contact with you If you show interest in our products and services, for example by completing our contact us form, we'll reach out and get in contact with you.
Processing your order If you are a customer purchasing from us, we will use the information collected to fulfil and dispatch your order.
Helping you out In the event you have a query about your order or need further assistance, we will use the information collected to give you a helping hand.
Improving our services and website Information we collect about how you use our website and services will be used to help us provide a better service and experience for you.
Tell you about our services and products (Marketing) Depending on your choices about how we contact you, or if we have a legitimate interest, we may get in contact with you to tell you more about our services.
You're in control
You may change your mind about how we get in contact with you, including opting-out (or into) receiving marketing material from us. You can contact us via info@pressieheaven.co.uk.
Internal record keeping While operating our business and services we may need to use the information we have captured to evidence our legal compliance with applicable data protection law.
Lawful Basis for processing
Performance of a contract — this means processing your data where it is necessary for the performance of a contract, such as when you order a gift from us.
Legitimate Interest — where the processing of data is deemed necessary for the legitimate interests of our business, provided those interests are not outweighed by your rights and interests. If you object to our use of data collected you have the right to object in certain circumstances. Please see the section “Your Rights” below
Comply with a legal or regulatory obligation — this means processing your data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.
Consent — where you have given clear consent for us to process your personal data for a specific purpose, such as letting you know about our latest arrivals and special offers.
Our third-parties
We use a number of suppliers and third parties to help us provide our services and this may involve processing Data we capture. We've outlined our third-parties below with some links for further information.
Provider & Service Provided: Wix, including Wix Payments
Acting As: Data Processor
Data Storage Location: UK, USA, Europe, Israel
Provider Security / Data Processing Agreement:
https://www.wix.com/about/privacy/home
https://support.wix.com/en/article/list-of-wixs-sub-processors#wix-sub-processors
Provider & Service Provided: Parcel Delivery Companies (Royal Mail, DPD etc).
Acting As: Data Processor
Data Storage Location: UK
Provider Security / Data Processing Agreement:
https://www.royalmail.com/privacy-notice
How secure is the data we collect?
We will use technical and organisational measures to safeguard your Data, for example:
-
your use of this website is encrypted using secure HTTPS connections;
-
we store your data on secure servers;
-
we regularly update our website and its components;
-
we secure our site logins and services using multi-factor authentication
-
we regularly back up our website.
-
we use a secure PCI-compliant payment provider
Technical and organisational measures include measures to deal with any suspected data breach.
Suspect something's wrong?
If you suspect any misuse, loss or unauthorised access to your Data, please let us know immediately by contacting us via info@pressieheaven.co.uk
Data Retention
Unless a longer retention period is required or permitted by law, we will only hold your data on our systems for the period necessary to fulfil the purposes outlined in this privacy policy or until you request that the Data be deleted.
Once we delete your Data, it may persist on backup or archival media for legal, tax or regulatory purposes.
Your Rights
You have the following rights in relation to your Data:
Right to access — You can request a copy of the personal data we hold about you at any time. Including supplementary information about our processing activities.
More information
Will I be charged? No, we won't charge you for providing you with access to your personal data. The only exception where we would consider a charge for this service is if your request is manifestly unfounded or excessive.
How long will it take for me to receive this information? We will work to provide your requested information within 30 days of your request. If your request is complex or you are making multiple requests at the same time, we may extend this timescale by a further 2 months, if necessary.
Can we refuse a request? Typically we will work with you to provide the information requested, however there some exemptions. If we consider that a request is unfounded or excessive, we may refuse the request where we are legally permitted to do so. If we refuse a request we will write to you and explain the reasons why.
Will I need to provide ID? Yes, we may request you provide sufficient identification to verify you are the intended data subject before we disclose any information to you.
Right to correct — You can correct any personal data we may have if this information is incorrect or inaccurate.
Please keep us updated
It is important that the Data we hold about you is accurate and current. Please keep us informed if your Data changes during the period of time we hold it.
Right to object — the right to object to our use of your personal data, including where we use it for our legitimate interests. For example Direct Marketing activities.
Right to erasure — the right to request that we delete or remove your Data from our systems.
More information
Can I request you delete all my personal data anytime? There are certain circumstances where the right to erasure can be applied and some exemptions as well. For example, where the processing of personal data is no longer required for the purpose it was collected for, or where we are processing your personal data under the lawful basis of Consent or Legitimate interest, you have the right to withdraw and object to the processing of this data, unless we have another overriding legal requirement to continue processing.
What are the exceptions? If we are under a legal obligation to continue processing the personal information we may be required to refuse the request. We will notify you in writing if this is the case.
Where can I find more information? The Information Commissioners Office (ICO) website has guidance relating to the right to erasure and the guidance for organisations and individuals, this can be found at
Right to restrict our use of your Data — You can restrict the way we process your personal information in certain circumstances, such as if you believe the information is inaccurate, or we are not processing the personal data lawfully.
Right to data portability — the right to request that we move, copy or transfer your personal data. We will provide you with this in an open format such as a CSV or PDF file.
Making a complaint
If you have a complaint regarding how we process your Data, please let us know first, so we have a chance to address any complaint you make.
If we fail to address this complaint, you may refer your complaint to the relevant data protection authority. For the UK this is the Information Commissioners Office (ICO). The ICO’s contact details can be found on their website at https://ico.org.uk/
Changes to business ownership and control
Pressie Heaven may expand or reduce our business, including the sale and/or transfer of control of all or part of our business. Data we have collected and are processing as part of our business will be transferred to the new owner or controlling party. The new owner or controlling party under this privacy policy will be permitted to use the Data for the purposes for which it was originally collected by us.
In the event of a change in business ownership, we will take steps with the aim to ensure your privacy is protected during the transfer of ownership.
Updates to this policy
Pressie Heaven reserves the right to change this privacy policy as we deem necessary from time to time or as may be required by law. Any changes will be immediately posted on the Website and you are deemed to have accepted the terms of the privacy policy on your first use of the Website following the alterations.
This privacy notice was created in conjunction with Shout Cyber.