Burnt Peach respects your privacy and is committed to protecting your personal information at all times.
We act as the data controller in relation to the personal information which you provide to us when ordering a portrait.
We will never use an image that you provide to us, for publicity purposes or for any other purpose than the completion of your product ( e.g. your Little Peach Portrait),without your explicit consent.
Information we hold about you
It is necessary for us to hold and process certain personal information about you in order to enable us to process and fulfil your order. This may include the following information:
- Email address
- Home address
- Telephone number
- Payment information
- Images that you send to us
- Name and address of recipient, if different to your own
We may also be required to process such additional personal information about you as is necessary to enable us to manage our relationship with you and provide services from time to time.
How we use your information
In most cases, we will use the information we hold about you for the following purposes / activities and in accordance with the following lawful grounds for processing personal data:
Processing your order and registering you as a customer
- Necessary for the performance of our contract with you.
- Necessary for our legitimate interests in administering our business and ensuring that we operate effectively.
Managing our relationship with you, including but not limited to responding to queries or complaints
- Necessary for the performance of our contract with you
- Necessary for our legitimate interests in ensuring that we are able to (i) provide our customers with a good quality service; and (ii) respond to all queries and complaints raised by our customers.
Managing and collecting all applicable payments, fees and/or charges.
- Necessary for the performance of our contract with you.
- Necessary for our legitimate interests in processing payments made by customers and ensuring that we are able to recover all sums due to us.
Administering and protecting our business, our website and our online order system
- Necessary for our legitimate interests in running our business, ensuring the provision of administration and IT services, maintaining network security and preventing fraud.
Providing you with suggestions and recommendations about products, services and/or products/promotional offers that may be of interest to you.
- Necessary for our legitimate interests in developing and promoting our products/services and growing our business.
We may use your personal information to provide you with information for marketing purposes on goods, services and/or promotional offers that may be of interest to you. You may receive marketing communications from us directly if you have used our online ordering system and you have not opted out of receiving that marketing. When you use our services, we may send you a questionnaire or invite you to provide a review about your experience with our website. We will obtain your express opt-in consent before we share any of your personal information with any third party for marketing purposes. You can ask us or third parties to stop sending you marketing messages at any time by contacting us at the email address set out below or the third parties directly, as is relevant.
How long will we retain your information
We will only retain your personal information for as long as necessary to fulfil the purposes we collect it for, including for the purposes of satisfying any legal, accounting or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure or your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Third parties with whom we share your information
We may need to share your information with third parties who act on our behalf or provide services to us. We require all such third parties to respect the security of your personal information and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal information for their own purposes and only permit them to process your personal information for specified purposes and in accordance with our instructions.
We will be required to disclose your information to our hosting platform, Shopify Shopify hosts our website and the online ordering system on our behalf. Accordingly, Shopify use it in an anonymous, aggregated or pseudonymized form, which does not focus on you individually. They use this information to evaluate, provide, protect or improve their services (including by developing new products and services).
We will also be required to share your personal information with our online transaction provider, Stripe. We utilise Stripe to take payments for all online orders. The information that they collect will include payment method information (such as credit or debit card number, or bank account information), purchase amount, date of purchase and payment method. Different payment methods may require the collection of different categories of personal information. We will determine the payment methods that you can use, and the payment method information that Stripe collects will depend upon the payment method that you choose to use, from the list available. When Stripe conducts fraud monitoring, prevention and detection activities, they may also receive personal information about you from their business partners, financial service providers, identity verification services, and publicly available sources (e.g., name, address, phone number, country) as necessary to confirm your identity and prevent fraud. Stripe’s fraud monitoring, detection and prevention services may use technology that helps them asses the risk associated with an attempted transaction that is enabled on our website, or the application that collects information.
In addition to our hosting platform and transaction provider, we may also be required to disclose your information to the following categories of recipients: (i) other group companies; (ii) our third party service providers; (iii) our professional advisers; (iv) payment providers and other financial organisation; (v) our suppliers; (vi) our trade and business associates; (vii) central and local government; (viii) regulatory authorities; (ix) third parties with whom we negotiate commercial agreements; (x) insurers; and (xi) third party marketing companies where we have obtained express opt-in consent from you.
Sources of information about you.
We will collect personal information directly from you. We may also obtain information about you from our hosting platform Shopify and other third parties providing services in connection with the operation of our online ordering system. If your personal details change at any time, please inform us as soon as possible to ensure that all information held about you remains accurate and up to date.
International data transfers
Our main operations are based in the UK and your personal information is generally processed, stored and used within the UK. In some instances your personal information may be processed in or outside the EEA. We may also use, or work with partners who use, Cloud and /or hosted technologies which operate across multiple geographies.
If and when this is the case we take steps to ensure there is an appropriate level of security so your personal information is protected in the same way as if it was being used within the UK.
Where we need to transfer your data outside the UK we will use one of the following safeguards: (i) Information Commissioner’s approved international data transfer agreement for the transfer of personal data to third countries; (ii) European Commission approved standard contractual clauses in contracts for the transfer of personal data to third countries, as amended by the Information Commissioner’s approved addendum; (iii) transfer to a non-EEA country with privacy laws that give the same protection as the EEA.Your rights in relation to your personal information
You have a number of rights in relation to your personal information, which we respect and aim to uphold in everything we do. These include the following:
· You can ask us for a copy of the information we hold about you and a description of how we use that information (i.e. subject access request);
· If you believe any information we hold on you may be inaccurate or incomplete, and you are unable to correct this information yourself, you can require us to rectify these inaccuracies;
· You can require us to erase your information in certain circumstances (i.e. the right to be forgotten);
· Where we process your information using automated means on the basis of your consent or to perform the agreement, you can request that we supply such information to another party (i.e. the right to data portability);
· You can require us to restrict our use or your information or object to how it is used in certain circumstances;
· Where we process your information on the basis of our legitimate interests, you have the right to object to us processing your information in certain circumstances;
· Where we are processing your personal data for direct marketing purposes, you have the right to object to us processing your information; and
· Where you have given your consent to us to process your information for particular purposes (e.g. to share your information with third party marketing companies), you may withdraw this consent at any time, provided that this will not affect the lawfulness of any processing carried out before you exercised the right to withdraw your consent.
How to contact us
If you have any questions about how we use your information or you wish to contact us about your rights or if you have any complaints about our use of your information, please contact us at: firstname.lastname@example.org
We will do our best to answer any questions and resolve any complaint to your satisfaction. However, if you feel that we have not resolved your complaint, please note that you have the right to complain to the Information Commissioner’s Office.
© 2019 BURNT PEACH.