privacy & security

Privacy and security

Hoxa Tapestry Gallery will only use the information that we collect about you lawfully in accordance with the Data Protection Act 1998 and in compliance with current General Data Protection Regulations. Subject access rights mean that you have the right to know what data we keep about you. Please contact us if you have any problems with how we hold or use your data:

 

Data/personal information we collect from you
If you wish to make a purchase within our online shop, we require your name, postal address and e-mail address to fulfil the order.

Our website uses cookies but only to track customer basket contents as they browse the online shop. No personal data is collected from this or passed on to third parties.

 

Consent
By placing an order and supplying us with the necessary personal details to complete the order you are consenting to our collecting of this information and using it for this specific reason only.

 

What do we do with your information?
The information you give to us (name, address and e-mail) is used to complete your order. We will only ever contact you through your e-mail address if there is a problem with the order you have placed with us e.g. incomplete address, unforeseen delay, product out of stock.

Your personal information is never used for mailing lists, newsletters or passed on to a third party for advertising or marketing purposes. Your details are only disclosed to a third party when necessary to fulfil your order e.g. through postage/courier service or if we are required to by law.

 

How long do we keep your information for?
Your contact details are only kept on our system for 6 months after your order is complete and are then removed from our server. This also applies to any e-mail enquiries made through our website. Please be aware however that all information regarding your orders on paper are stored for six years per accounting regulations and kept in a secure location.

 

Hosting and platform services
Our website was created by Kerry Cooper Design/ Redkite Internet and is hosted through WordPress.com (a platform provided by Automattic Inc.) WooCommerce, a WordPress plugin, provides us with the online e-commerce platform which allows us to sell our products to you. You can read Automattic’s Privacy Policy here: https://automattic.com/privacy/

Our website is held under SSL (Secure Socket Layer, an “https” address) making it a secure site. The hosting company has high standard security measures in place.

 

How is personal data stored?
If you place an order with us, your personal details are stored through WooCommerce’s data processing and databases. They are stored on a secure server behind a firewall.

Our e-mail is powered by Mozilla Thunderbird, a third party e-mail provider, and correspondence is stored in a password protected account.

 

Payment processing
We will never see your credit/debit card details in financial transactions as this information is securely processed through Paypal, a third party payment gateway, using encryption technology. If you would like to read through Paypal’s privacy statement to see how they handle data, you can do so here: https://www.paypal.com/uk/webapps/mpp/ua/privacy-full

Please be aware that although we do our best to ensure our website and your shopping experience is safe, we cannot guarantee absolute security of data sent over the internet. Transmission of information over the internet is inherently insecure so please be responsible when using it. It is important to keep the password for accessing our online shop confidential. We do not ask for your password other than to log in to the website for making an order.

If you choose to order over the telephone, all bank card details and addresses are shredded immediately once the transaction is complete.

 

How can I change or delete personal information?
If you create an online account with us when placing an order, you can login at any time and amend your personal information. If you are unable to do this, or would like your information to be deleted, please contact us and we will either amend your data on your behalf or delete it as requested.

If you are otherwise unhappy with the way in which we hold or have handled your data, please contact us. Your complaints will be addressed as early as possible and within one month. If you feel we have not been able to sort it out satisfactorily, you have the right to lodge a complaint with the ICO.

 

Changes to our privacy policy
We reserve the right to modify this privacy policy at any time so we recommend checking this page frequently. Any changes we make will take effect immediately upon posting to the website. A date of the last modification is always listed at the bottom of the document.

Policy last updated: 24th May 2018