Canoe and Kayak Store Privacy, Security and Cookie Policies
Canoe and Kayak Store Privacy and Security Policy
What information we collect about you
When you visit this site, we automatically collect certain information about your device, including information about your web browser, IP address, and some of the cookies that are installed on your device, about the individual web pages or products that you view, what websites or search terms referred you to the site, and information about how you interact with the website. We refer to this automatically-collected information as “Device Information”.
When you order form the site, we collect information about you, which may include your name, billing and delivery addresses, phone number and email address. We do not receive or store your payment card details. We also collect information when you sign up to receive Canoe and Kayak Store newsletters by email or contact us through our website or social media.
Device Information is collected using cookies, log files, web beacons, tags and pixels. Other personal information is entered by you.
The legal basis for processing
The law on data protection sets out a number of different reasons why a company may collect and process your personal data, including:
We explain below the purpose of the processing and which of the reasons we rely on to do so. If we are relying on contractual obligations, we will not be able to fulfil the contract if you do not provide the data we require. If we are relying on consent, you can withdraw your consent at any time by contacting us by email at email@example.com.
How and why we use the information about you
Website users and customers
When you place an order, we use your information to process your order and manage your account. We need this information to fulfil our contractual obligations to you. We use third party distribution companies who only receive the necessary delivery details. All such third-party organisations are under strict obligation to keep your personal information private.
We may use your information to contact you about leaving a review on a product you have purchased or on the service you have received. We do this on the basis of our legitimate interest in providing you with the best service and products.
Orders or quotes by phone or email
When you contact us by phone or email to request a quote or place an order we use your information to process your request and, following an order, to manage your account. We need this information to fulfil our contractual obligations to you.
If you open an account with us, we will record your name and email address. These are needed to manage your account and send your receipt by email. We do this with your consent.
We will collect your address and phone number with your consent or if we need this to fulfil our contractual obligations, for example if you have ordered goods which were not in stock.
If you sign up to receive our newsletter we use your information for our newsletter and marketing purposes only. We do this with your consent and you can unsubscribe from our newsletter at any time by following the link in the newsletter email.
When you contact us
If you contact us with queries, complaints, returns etc or engage with us on social media, we do this to fulfil our contractual obligations to you or our legitimate interest to provide you with better service.
If we are requested by a regulatory or government authority investigating suspected illegal activities, we have a legal duty to disclose your information.
Our payment providers use some level of automated decision-making, which will either automatically block transactions which are believed to be fraudulent or provide us with customer risk and fraud scores, which we will review before accepting your order.
Who we share your personal information with
We may need to share your information with one or more of the trusted third parties listed below in order to fulfil our transactions with you:
Brightpearl Limited who provide and support the software we use for our retail management and other business systems;
Shopify International Limited who host our website, collect and store all the data needed to fulfil orders and manage our newsletter and other marketing communications with you; you can read more about how Shopify uses your personal information here: https://www.shopify.com/legal/privacy;
Dot On who designed and maintain our website; and
various couriers to deliver your order.
For customers using and/or ordering through our website, this may also include the following:
Reviews.io who collect and store customer reviews of our service;
Google to show you products you might be interested in while browsing the internet. You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout; and
Facebook, Twitter, Live Chat etc if you choose to interact with us using those forums.
If you choose to pay by card, during the payment process, your name, address and payment card details will be collected and processed by Shopify International Limited.
We may be required to disclose your data with law enforcement or other Regulatory body if we receive a valid request to do so. We may also share your information to prevent, investigate or take action regarding illegal activities, suspected fraud or situations involving the physical safety of any person.
When sharing information, we only provide the information they need to deliver their service, for example a courier will be given your name, address and contact phone number.
Sending data outside the EEA
We will only send your data outside the European Economic Area (EEA) to companies which we use to help run your account and services. If we do transfer to organisations that are outside the EEA, they will either be part of Privacy Shield, a framework that sets privacy standards for data sent between US and EU countries, or other privacy laws and initiatives which apply in their country. Shopify International Limited may transfer your personal information to other regions, including Canada and the United States. They are responsible for all onward transfers of personal information to third-parties in accordance with the EU-US Privacy Shield, Canada’s Personal Information Protection and Electronic Documents Act, as well as inter-company agreements between their various affiliates that may process your information on behalf of Shopify International Limited.
We need contact details of relevant individuals at your organisation so that we can communicate with you. These details will be stored on our database. We also need other information such as your bank details so that we can pay for the goods you provide. We do this to ensure that the contractual arrangements between us can properly be implemented, so that the relationship can run smoothly and to comply with legal requirements.
How we will store the information about you
We will treat all your personal information as confidential and will keep it on a secure server. We will fully comply with all applicable current UK Data Protection legislation.
We will keep your information for as long as you remain a customer of ours. After you stop being a customer, we may keep your data for a further 4 years. This will enable us to follow up any complaints, queries and warranty claims and to issue product recall notices. At the end of that period your data will either be deleted entirely or anonymised.
We will retain your data for such period as we believe the law requires us to.
Your rights over your personal data
You have the right
- To access to the personal data we hold about you, free of charge.
- To ask us to correct your personal data if it is incorrect, out of date or incomplete.
- To ask us to stop any consent-based processing of your personal data after you withdraw that consent.
- To ask us to restrict the processing of your data under certain circumstances. For example, if we no longer need your data but you ask us to keep it in order to establish, exercise or defend a legal claim.
- To lodge a complaint with a supervisory authority, which in the UK is the Information Commissioner’s Office.
You have the right to have personal data erased:
- Where the data is no longer necessary in relation to the purpose for which it was originally collected
- If you withdraw consent
- When you object to the processing and we have no overriding legitimate interest for continuing the processing
- If the data was unlawfully processed
- To comply with a legal obligation
In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.
To request a copy of the information that we hold about you please email us at firstname.lastname@example.org. To protect the confidentiality of your information, we may ask you to verify your identity before proceeding with any request you make under this Privacy Notice. If we choose not to action your request, we will explain to you the reasons for our refusal.
Third party websites
We use internet standard encryption technology (SSL) to encode personal data that you send to us when placing an order through our website. To check that you are on a secure page, `https` will replace `http` at the front of www.canoeandkayakstore.co.uk in your browser address window and a small locked padlock will be displayed at the bottom right of your website browser.
However please note that whilst we take appropriate technical and organisational measures to safeguard the personal data that you provide to us, no transmission over the internet can ever be guaranteed secure. Consequently we cannot guarantee the security of any personal data that you transfer over the internet to us.
If you are using a computer or terminal in a public location, we recommend that you always log out and close the website browser when you complete an online session. We also recommend that you only connect to secure wireless networks that you trust and to always be aware of the risks associated with using public WiFi.
Please note that we will never ask you to confirm any account or credit card details by email. If we require such details, we will ask you to contact us by phone.
Updates to this policy
This privacy and security policy was last updated on 27 March 2019. Please check back regularly to keep informed of updates to this policy.
How to contact us
By email: email@example.com
By post: Canoe and Kayak Store, Damery Works, Woodford, Berkeley, Glos GL13 9JR.
A cookie is a small file of text which we transfer to your hard drive through your web browser, as with most websites, when you visit our website and use certain pages or features on the site, especially when placing an order. It enables our own system to recognise you when you visit our website again and improve our service to you. This information can be used to enhance the content of our website and make your use of it easier. For more information about cookies please visit www.allaboutcookies.org
As mentioned above, our website is hosted by Shopify who may place cookies and other tracking technologies on your device when you use our website. They cannot be used to identify you personally. These pieces of information are used to improve services for you through, for example: - enabling a service to recognise your device so you don't have to give the same information several times during one task - recognising that you may already have given a username and password so you don't need to do it for every web page requested - measuring how many people are using services, so they can be made easier to use and there's enough capacity to ensure they are fast - analysing anonymised data to help us understand how people interact with our services so we can make them better
You can manage these small files yourself and learn more about them from the article Internet browser cookies - what they are and how to manage them.
As they explain, the types of cookie you may encounter when using canoeandkayakstore.co.uk are.
Functional cookies: these are either essential for the website to work or allow us to tailor your website experience specifically to your preferences by remembering choices you have made or information you’ve provided.
First party analytic cookies: these are Shopify cookies used to provide information about usage of our site.
Third party analytic cookies: we use Google Analytics to help measure how users interact with our website content.
Social and Content cookies: these are cookies placed by many social media plug-ins, for example Facebook and Instagram, which we use to enhance our site. Please note that some of these third party services place their own cookies, which are used for things like behavioural advertising and analytics. These are controlled by them.
The length of time that a cookie remains on your device depends in whether it is a “persistent” or “session” cookie. Session cookies last until you stop browsing and persistent cookies last until they expire or are deleted. Most of the cookies used by Shopify are persistent and will expire between 30 minutes and 2 years from the date they are downloaded to your device.
You can use the settings of your browser to block or delete cookies as you wish. Do please note that blocking cookies may slow down your experience on our website, or cause issues with placing an order, as cookies are often required to help with a smooth checkout process!
Data Deletion and Amendment: If you choose to delete your account and all associated data (or specific parts of it), send an email to firstname.lastname@example.org requesting deletion of data. We'll process your request and delete all account data within 30 days. You will receive an email confirmation as soon as it is done.