Talesmith Collection Ltd is committed to protecting the privacy of our visitors.
What data do we collect and for what purpose?
In order to deliver our products to our customers, we ask for personal information such as names, email addresses, postal addresses and payment information. We are committed to recording data accurately and storing it securely to ensure all communications are limited to the intended recipient.
Email addresses and phone numbers will be used to provide delivery updates and notifications and will only be used for marketing purposes if you opt-in to those services.
We only collect data under the following lawful bases:
(a) Consent: the individual has given clear consent for us to process their personal data for a specific purpose. This relates to any customer ordering products from us and anyone that has opted in to receive our marketing messages.
(b) Contract: the processing is necessary for a contract we have with the individual, or because you have asked us to take specific steps before entering into a contract. This relates to our wholesale and retail customers only.
How it is processed and stored
All of our electronic data is held within our secure environment which is password protected and access to that environment is limited to our internal team of two. Our website operates under an SSL Certificate providing a secure connection for its users. Any paper data is held within locked filing cabinets inside a secure office environment which is protected through a surveillance camera.
Third party systems
Talesmith will not provide third parties (other than as is necessary to provide the services) with your information unless legally required to do so or if we believe in good faith that it is appropriate to do so.
Any information provided by you in connection with any financial details will be processed and stored by our payment gateway providers, Stripe and Paypal, and may be used by us to facilitate any future transactions with you. For details on our payment providers data policies, please visit:
Stripe and PayPal
We use certain tracking software that allows us to monitor how our site is used. For example, we are able to track how many times a certain page is viewed. We do not use tracking software to gather personal information about our visitors.
The Talesmith website is brought to you by Squarespace, an international website platform with their own privacy rules and terms of service. To read their full privacy statement please click here.
We may link to third party sites although we are not responsible for the content of those pages or their privacy practices.
How we protect your data
We are committed your keeping your data safe and secure.
Should any issues be detected in terms of the use or security of our data, we will firstly ensure that corrective measures are taken to prevent any further breaches. Once the breach has been contained, the event will be fully document and we will analyse it’s severity. If the breach is considered to be of low severity and pose little risk to individuals, we will ensure it is documented and appropriate measures are taken to prevent a repeat occurrence.
If the breach is considered to of high severity and have a risk to individuals rights and freedoms, we will take all measures noted above in addition to notifying the individuals affected and notify the ICO within 72 hours.
How long we keep your data
We will only keep data for as long as is deemed necessary. The data we collect is used to fulfill orders and to communicate with customers that have indicated they would like to hear from us in the future. We will perform annual data cleanses to assess the relevance and purpose of the data we hold. Any data considered to be no longer relevant will be securely deleted and this process will be documented.
Under GDPR you, as an individual, have the following rights:
The right of access
The right to rectification
The right to erasure
The right to restrict processing
The right to data portability
The right to object
Rights in relation to automated decision making and profiling.
For more information on your individual rights, please visit: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
To discuss a subject access request, please contact email@example.com If the request is fair and appropriate, we will provide the requested information within one month of the request, free of charge. We reserve the right to refuse or charge for requests that are manifestly unfounded or excessive. In both cases we will communicate with the individual(s) to explain the reasonings and If a fee is to be charged, the fee will be based on the administrative cost of providing the information requested.
We operate the majority of our business within the EEA and therefore our governing body is the ICO and our data practices have been developed with ICO guidelines and GDPR practices in mind. Any data associated with International orders will be processed, stored and protected in the same way as EEA orders as noted in this policy.
If you have any queries relating to data or privacy, please contact firstname.lastname@example.org