This policy was last updated in October 2020.
This policy outlines how nellies.store collects, processes, stores and uses data. It also describes your choices regarding use, access, and correction of your personal information.
nellies.store (“we”, “us”. “our”) take your privacy seriously.
We are committed to keeping your information secure and managing it in accordance with our legal responsibilities, under the General Data Protection Regulation (Regulation (EC) 2016/679 (“GDPR”) in the European Union (“EU”).
2. Who this policy applies to
This policy applies to anyone: using our website; subscribing to our newsletters and updates; taking part in marketing activity which requires the provision of data; enquiring about our services; who is a customer; who is an associate.
3. Data gathering and usage
We collect data in the following ways:
3.1 Through websites
The primary purpose of our websites is to provide high quality homemade clothes, fabrics and accessories and gifts.
We may process data about your use of our websites (“usage data”). The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the usage data is Google Analytics.
More information about the ways in which Google collect and process your personal data can be found here and you can opt-out of Google Analytics here.
Usage data may be processed for the purposes of analysing the use of the website and services.
We may make usage data available privately or publicly to help others to understand who is making use of our websites and how. Data will be aggregated and the personal data of individual users will not be identifiable.
Our website and newsletters may include hyperlinks to third party websites. We are not responsible for the privacy policies and practices of third parties.
Collection of personal data may be essential for the provision of a service.
You may delete and block all cookies, or just certain types of cookies, via your browser settings. However, if you choose to block or delete cookies, this may affect the functionality of the website.
3.2 Through online forms or emails
We may process information submitted to us through forms on our websites or from emails sent to us (“submitted data”) such as: enquiries, contact forms or newsletter subscriptions. Submitted data may be processed for the purposes of: providing updates and information about our programmes and services; promoting news and information from third parties which we believe might be of interest to you; and offering, marketing and selling relevant products and/or services to you.
3.3 Through purchases
We will require process information relating to transactions, including purchases of goods and services directly and/or through our websites (“transaction data”). The transaction data may include your contact details, your card or bank details, and the transaction details. The transaction data may be processed for the purpose of supplying the purchased goods and services and keeping proper records of those transactions. The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract and our legitimate interests, namely our interest in the proper administration of our website and business. We will not store your banking or payment information.
Financial transactions through our websites will be handled by our payment services providers, PayPal or Stripe. We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments, and dealing with complaints and queries relating to such payments and refunds. By making online transactions users acknowledge that the information they provide will be transferred to payment service providers for processing in accordance with PayPal’s and Stripe’s Privacy Policies.
3.4 Through service delivery
We may process personal data that is provided in the course of the use of our services (“service data”). The service data may include name, email address, postal address, service preferences, basic financial information and any correspondence. The source of the service data comes from clients/ potential clients during the negotiation and delivery of services.
The service data may be processed for the purposes of providing our services, ensuring the security of our information and services, maintaining back-ups of our databases and files and for communicating with clients.
4. Compliance and legal claims
In addition to the specific purposes for which we may collect and process personal data as set out in section 3 we may also process personal data where such processing is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
We will only use personal information in accordance with this Policy, or where we are required or authorised by law to disclose your information to others or, have your permission to do so.
We may process any personal data identified in the other provisions of this policy where necessary for the establishment, exercise, or defence, of legal claims, whether in court proceedings or in an administrative, or out-of-court, procedure. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.
5. Other People’s Personal Data
Please do not supply any other person’s personal data to us, unless managing such data is necessary for providing a service (for example personalisation of an item or shipping to a gift recipient’s address).
Please be aware that we are not responsible for the data processing activities of others. We will take reasonable endeavour to ensure our suppliers will manage data in accordance with the law.
6. Passing data to third parties
We may pass your data to other campaigns and brands operating under nellies.store, but we will not subscribe individuals to services, newsletters and updates other than those they have consented to.
It may be necessary to disclose personal data to staff working on our behalf for the purposes of effectively carrying out services. Staff will be required to uphold this policy when working on our behalf.
Personal data will be passed to a from our payment and other service providers, see section 3.
We may also disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
Users acknowledge that personal data submitted for publication through our websites or other services may be publicly available, via the internet, around the world. We cannot prevent the use (or misuse) of such personal data by others. Options to contribute personal data, and therefore engage with the activity, without being publicly identified will be made available where possible.
7. Sensitive data
We will not seek to collect or process sensitive personal data: racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, data concerning health or sex life and sexual orientation, genetic and/or biometric data. Do not provide us with sensitive personal data.
8. Retaining and deleting personal data
We keep your personal data for as long as required to provide our services, and in accordance with legal, tax and accounting requirements. Where personal data is no longer required, we will ensure it is disposed of in a secure manner. Where required by law, we will notify users when this has happened.
9. Security of personal data
We will take appropriate technical and organisational precautions to secure your personal data and to prevent the loss, misuse, or alteration of your personal data. We will store all your personal data on secure servers, personal computers, and mobile devices, and in secure manual record-keeping systems.
Any passwords you provide us nellies.store be stored by us in encrypted form. Payment passwords are not held by us.
Data relating to financial transactions that is sent from your web browser to our web server, or from our web server to your web browser, will be protected using encryption technology. Users acknowledge that the transmission of unencrypted (or inadequately encrypted) data over the internet is inherently insecure, and we cannot guarantee the security of that data sent over the internet.
Users with accounts on any of our websites should ensure their login password is not susceptible to being guessed, whether by a person or a computer program. Users are responsible for keeping their own password confidential. We will not ask users for their passwords (except when setting up an account and logging in, and then we will not be able to view them).
Passwords may be provided to you by our website administration and in which case should be changed by the user immediately.
We reserve the right to change a password or lock or delete a user’s account without notice if we believe that account has been compromised or is being misused by the user or another person or entity – that is promoting offensive content or operating significantly outside of the remit and purpose of the website they are subscribed to. Users will be informed of such action and provided with a reason for the action.
10. Rights under data protection law.
Users have the right to request copies of their personal data held by us. If they think any of that data is inaccurate, they may also ask us to correct it. They may also have a right, in certain circumstances, to require us to stop processing personal data. Also, they have the right to ask us to transfer personal data to someone they nominate for their own purposes. They may exercise any of their rights in relation to personal data by contacting us using the email or postal address below.
Nobody is obliged to provide any personal data to us. However, please note that this may mean we will have difficulty in providing the full range of services to you.
Remember, consent that has been previously given may be withdrawn at any time. Also, users have the right to ask us to stop processing any personal data and to have it erased.
Where personal data has been removed we reserve the right to maintain basic personal data such as your name, address and email address to ensure that personal data isn’t processed by us in the future.
Complaints about how we have handled personal data can be made to us using the details below, and we will investigate your complaint. Please use the same contact details to instruct us to cease processing your personal data.
12. Contacting us