At Stitch Club, we want to ensure that you’re aware of how your data is stored and used. Privacy is important to all of us and we respect and value yours. We collect and use the personal data of our customers in a way that is consistent with GDPR (the General Data Protection Regulation) and your rights by law.
Information About Us
Stitch Club is legally known as ‘Jenny Gale, trading as Stitch Club’.
Postal and Trading Address: 48 Meadow Lane, Lindfield, West Sussex, RH16 2RL, UK
Data Protection Officer and Regulator: Jenny Gale
Email Address: firstname.lastname@example.org
Telephone Number: 07903 972 591
If you are not happy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk).
What This Policy Covers
This policy explains what data we hold, how we use your data, how it is collected, how it is held, how long it is held, the legal basis for using it and it also explains your rights under the law relating to your personal data.
What Is Personal Data
Personal data is defined by the GDPR EU Regulation 2016/679 as any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier. Simply put, personal data is data about you that enables you to be identified. Personal data can be your name, gender, date of birth and contact details but it also covers other information such as financial, transactional, useage, marketing and communications or technical data. The personal data we hold is covered below.
What Are Your Rights
Under the GDPR, you have certain rights which we always work to uphold.
- The right to be informed about the collection and use of your data. You can ask any questions about this using the contact details above.
- The right to access and correct the data we hold about you.
- The right to have your personal data erased.
- The right to object to the processing of your personal data.
- The right to restrict the processing of your personal data.
- The right to request the transfer of your personal data.
- The right to withdraw consent.
For more information please visit: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
We do not collect any Sensitive Data about you. Sensitive data refers to data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. We do not collect any information about criminal convictions and offences.
Where we are required to collect personal data by law, or under the terms of the contract between us and you do not provide us with that data when requested, we may not be able to perform the contract (for example, to deliver goods or services to you). If you don’t provide us with the requested data, we may have to cancel a product or service you have ordered but if we do, we will notify you at the time.
How We Collect Data
Direct Interactions - by filling in forms on our website or by communicating with us by post, phone, email or otherwise, including when you order products, create an account, subscribe to newsletters, request materials are sent to you, entering a competition or providing feedback.
Automated Technologies or Interactions - we may automatically collect technical data about your equipment, browsing actions and usage patterns. We collect this data by using cookies, server logs and similar technologies. We may also receive this data about you if you visit other websites that use our cookies.
Our website is hosted by Shopify and they store your data on a secure server.
We may receive personal data about you from various third parties and public sources for example Google based outside the EU, data from providers of technical, payment and delivery services for example PayPal based outside the EU, identity and contact data from sources such as Companies House and the Electoral Register based inside the EU and contact information from Mailchimp, an automated marketing service provider based in the USA.
How We Use Data
Where you have provided us with your data, we may use this data to provide you with products, to notify you of any changes, to ensure effective presentation of the content within our products and site for you and for your device and to obtain your feedback.
Where you have indicated to us that you are happy for us to do so, we may also use this data to provide you with information about other products we offer that are similar to those that you have already enquired about or received from us.
We will only use your personal data when legally permitted for example, where we need to perform the contract between us, where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests or where we need to comply with a legal or regulatory obligation.
We do not generally rely on consent as a legal ground for processing your personal data, other than in relation to sending marketing communications to you via email. You have the right to withdraw consent to marketing at any time by contacting us using the details above.
We will get your express consent before we share your personal data with any third party for marketing purposes. You can request at any time that we stop sending you marketing emails (by contacting us using the details above).
Where you opt out of receiving marketing emails, this does not apply to personal data provided to us as a result of a purchase or other transactions. We will only use your personal data for the purposes for which we collected it. If we need to use your personal data for a purpose unrelated to the purpose for which we collected the data, we will notify you and we will explain the legal ground of processing. We may process your personal data without your knowledge or consent where this is required or permitted by law.
Where We Store Data
All data you provide to us is stored on our secure servers or on secure servers operated by a third party. Unfortunately, the transmission of data via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot completely guarantee the security of your data transmitted to our site. Any transmission is at your own risk. Once we have received your data, we will use strict procedures and security features to try to prevent unauthorised access.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We limit access to your personal data only to those employees, agents, contractors and essential other third parties who have a business need to access the data. They will only process your personal data in accordance with our instructions and they are subject to a duty of confidentiality.
We have procedures to deal with any suspected data breach and we will notify you and any applicable regulator of a breach where we are legally required to do so.
We will not store your personal data for any longer than is necessary. If you are a user of our services, then your data will be held for as long as you continue to use our services. In determining the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes.
You will not have to pay to access your personal data (or to exercise any of your other rights) however, we may charge a reasonable fee if your request is unfounded, repetitive or excessive, or we may refuse to comply with your request.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to it. We will endeavor to provide a response to all legitimate requests within 28 days. It may take us longer if your request is particularly complex or you have made a number of requests.
Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements.
Changes To This Policy
By using our website, you (the visitor) agree to allow third parties to process your IP address, in order to determine your location for the purpose of currency conversion. You also agree to have that currency stored in a session cookie in your browser (a temporary cookie which gets automatically removed when you close your browser). We do this in order for the selected currency to remain selected and consistent when browsing our website so that the prices can convert to your (the visitor) local currency.