Cottontail Crafts is committed to preserving the privacy of all visitors to our website, www.cottontailcrafts.co.uk.
By registering or placing an order on this website, you consent to the collection, use and transfer of your information under the terms of this policy.
Information that we collect from you
A limited amount of your Personal Information is collected and held by us when you create an account and place an order
When you create a new account we will ask for your 'Email address' and 'Password'
When you place an order we will ask for your 'Title', 'First Name', 'Last Name', 'Address' and 'Telephone Number'.
Your Personal Information can be accessed, reviewed and amended at any time by clicking on the 'Your Account' link at the top of the website and then clicking on the 'Personal Information' link
In addition to your Personal Information we will also store:
- your IP address, its host name and its country of origin
- the type of device you've used, such as mobile or desktop
- the date and time you ordered
- your payment method
- how much you paid
- the shipping method
- the number of loyalty points you've earned, if applicable
- any activity on the order, such as the date and time the order was completed
- whether you are a new customer, a returning customer or a guest
- the products you've ordered
Please note: No payment information, such as credit card number, is ever stored within our site. This information is always stored separately and securely by our payment providers.
Use of your Information
Your information will enable us to provide you with access to all parts of our website and to supply the goods or services you have requested. It will also enable us to bill you and to contact you where necessary concerning your orders. We will also use and analyse the information we collect so that we can administer, support, improve and develop our business.
Where you have consented, we might use your information to let you know by email about new products and services which we offer which may be of interest to you.
Disclosure of your Information
The information you provide to us may be accessed by or given to third parties some of whom may be located outside the European Economic Area who act for us for the purposes set out in this policy or for other purposes approved by you. Those parties process information, fulfil and deliver orders, process credit card payments and provide support services on our behalf. We may also pass aggregate information on the usage of our website to third parties but this will not include information that can be used to identify you.
Finally, if our business enters into a joint venture with or is sold to or merged with another business entity, your information may be disclosed to our new business partners or owners.
Countries outside the European Economic Area do not always have strong data protection laws. However, we will always take steps to ensure that your information is used by third parties in accordance with this policy.
Unless required to do so by law, we will not otherwise share, sell or distribute any of the information you provide to us without your consent.
Cookies are small amounts of information which we may store on your computer.
The two cookies that are used by Bluepark (our Data Processor) are as follows:
This cookie contains a PHP "session ID", and expires when the browser is closed. The "PHPSESSID" cookie is required so that the site can recognise the same user clicking from page to page. Without it, every page would be treated as the first visit to the site, and anything added to the shopping basket would be instantly forgotten. Online shopping would, therefore, be impossible.
This cookie contains a PHP "session ID" and can also contain an email address and encrypted password. It expires after one year. The "session" cookie is intended for the user's convenience, our software creates this with a copy of the initial session ID so that they can be classed as "returning" and the contents of their shopping basket will still be available. If the user signs in with an email address and password, these login details are are also saved so that they can remain logged in when returning (the password is encrypted). If the user signs out, their login details are removed from the cookie.
Any other cookies are created by 3rd party scripts, such as Google Analytics, and any information about the cookies they use can be obtained through them.
Security and Data Retention
We employ security measures to protect your information from access by unauthorised persons and against unlawful processing, accidental loss, destruction and damage. We will retain your information for a reasonable period or as long as the law requires.
All data processed through the Bluepark platform is done so through highly secure servers, which are located within RapidSwitch’s highly acclaimed and industry-leading data centre in Berkshire, UK. Rapidswitch provide world-class resilient infrastructure with multiple levels of security, including 24 hour monitoring, CCTV, and restricted access.
Should Bluepark ever experience a data breach, they will inform all affected customers immediately. As required, they will also inform the ICO (Information Commissioner's Office) within the specified 72 hours if it is likely that there will be a risk to people’s rights and freedoms. For instance, if personal data has been stolen or passed on to an unauthorised party.
As the Data Controller, it is our (Cottontail Crafts) responsibility to make sure all passwords for accessing the website's admin panel, and all associated email accounts, are strong, secure and hard to guess, by using a combination of uppercase and lowercase letters, numbers and characters. These passwords are changed regularly for additional security. If someone guesses our password and logs into our admin console or email accounts without our permission, then it is our responsibility to inform the ICO.
The right to access
All customers who have created an account on our website can access the data we hold about them by logging into their account. Information such as their IP address and the last time they logged in is not viewable here, but is stored within their user account within the admin console. Customers can request to see this at any time by emailing their request to email@example.com
Customers who checkout using Guest Checkout will not be able to access their data via an account on our website however they can request to see their data at any time by emailing their request to firstname.lastname@example.org
The right to rectification
Customers with an account can change any information stored about them within the Personal Information section of their account.
Data stored within a customer's order remains unchanged if they change their personal information within their account. This can be changed, upon request, for all customers even if they checked out as a Guest.
The right to be forgotten
Customers have the right to be forgotten on our website and can do so by emailing their request to email@example.com
Customers should be aware that even if their User Account details are deleted, details will still remain on any orders they have placed due to VAT regulations. This is because VAT records must be kept for at least six years from the date of creation and, if they're not, we will be in breach of the VAT Act 1994 and HMRC Notice 700/21 October 2013.
All comments, queries and requests relating to our use of your information are welcomed and should be addressed to firstname.lastname@example.org