THE WITCH’S HEART
This website is operated by THE WITCH’S HEART. The privacy of our users is extremely important to us and therefore we encourage all users to read this policy very carefully because it contains important information regarding:
Who we are,
How and why we collect, store, use and share personal information,
Your rights in relation to your personal information; and
How to contact us in the event that you have a complaint.
Who we are
THE WITCH’S HEART (‘we’, ‘us’, ‘our’) collect, use and are responsible for storing certain personal information about you (‘you’, ‘your’, ‘yours’).
The personal information we collect and use
Personal information is information which you can be identified from (and does not include any anonymised forms of information).
Types of personal information
We may process the following types of personal information in relation to you:
Contact details such as full names, email addresses, postal addresses, billing information and phone numbers. Viewing location is also collected whilst using the website.
How your personal information is collected
This section described how the above types of personal information are collected by us. Your personal information will be collected as follows:
Personal information from you directly, including when you:
Purchase a product or contact us via email or the contact page
How many times does a user visits a website, which pages do the user visit, traffic data and location data.
Changes to the way in which we collect your personal information
In the event that we need to obtain personal information in relation to you from any other source than those described above, we shall notify you of this.
How we use your personal information
In general, your personal information will be processed for the following purposes:
To enter into a contract for the sale of goods to you and to manage the business and website.
Lawful basis for processing your personal information
We have described above the purposes for which we may process your personal information. These purposes will at all times be justified by the UK data protection law.
General lawful bases
The lawful basis upon which we are able to process your personal data are:
Where we have your consent to use your data for a specific purpose,
Where it is necessary to enter into a legal contract with you or to perform obligations under a legal contract with you,
Where it is necessary to enable us to comply with a legal obligation,
Where it is necessary to ensure our own legitimate interests or the legitimate interests of a third party (provided that your own interests and rights do not override those interests). Wherever we rely upon this basis, details of the legitimate interests concerned shall be provided to you,
Where we need to protect your own interests (or the vital interests of another person); and/or
Where it is needed in the public interest (or where we are acting in our official functions), provided that the task or function has a clear basis in law.
In general, in order to meet the purposes, we have described above, we will process your personal information where we have your express consent on each occasion that the data is processed.
Sharing of your personal information
On any occasion where any of your personal information is shared with any third party, we shall only permit them to process such information for our required purposes, under our specific instruction, and not for their own purposes. We are required to enter into a formal legal agreement to enable such sharing to take place.
We do not anticipate that we will need to have your personal information with any third party. We will notify you should this position change.
How long your personal information will be kept
Your personal information will only be kept for the period of time which is necessary for us to fulfil the above purposes.
We envisage that your personal information shall be retained by us as follows:
Till contact or contract is fulfilled.
After the period described above, your information shall be properly deleted or anonymised.
Keeping your information secure
We will ensure the proper safety and security of your personal information and have measures in place to do so. We will also use technological and organisation measures to keep your information secure. These measures are as follows:
All data is stored on secure servers; payment details are encrypted using SSL.
We have proper procedures in place to deal with any data security breach, which shall be reported and dealt with in accordance with data protection laws and regulations. You shall also be notified of any suspected data breach concerning your personal information.
Our website is not intended for children (anybody under the age of 18). We do not intend to collect data from children.
Under the UK General Data Protection Regulation, you have a number of important rights free of change. In summary, those include rights to:
Fair processing of information and transparency over how we use your personal information,
Access to your personal information and to certain other supplementary information that this Privacy Statement is already designed to address,
Require us to correct any mistakes in your information which we hold,
Require the erasure of personal information concerning you in certain situations,
Receive the personal information concerning you that you have provided to us, in a structured commonly used and machine-readable format and have the right to transmit this information to a third party in certain situations,
Object at any time to processing of personal information concerning you for direct marketing,
Object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you,
Object in certain other situations to our continued processing of your personal information, or ask us to suspect the processing procedure in order for you to confirm its assurance or our reasoning for processing it,
Object to processing your personal information where we are doing so in reliance upon a legitimate interest of our own or of a third party and where you wish to raise an objection to this particular ground,
Otherwise, restrict our processing of your personal information in certain circumstances,
Claim compensation for damaged caused by our breach of any data protection laws; and/or
In any circumstance where we rely upon your consent for processing personal information, you may withdraw this consent at any time.
For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on your rights under the General Data Protection Regulations.
If you would like to exercise any of these rights, please contact THE WITCH’S HEART in the following manner:
Via the contact form on the website or by contacting firstname.lastname@example.org directly.
A notice on the website header.
The relevant person to contact regarding your personal information is: THE WITCH’S HEART
Any requests or questions regarding the use of your personal information should be made to the above using the following method:
Via the contact form or by contacting email@example.com directly.
Sources for further information
This policy provides key information to you regarding the processing of your information. For certain areas of our information processing, we have further comprehensive details contained in other documentation. This information can be located as follows:
Our privacy page.