Log in Sign up
Cart (0)

Privacy policy

Privacy policy notice of the Earth Mother Shoppe

 

 What is the Earth Mother’s Shoppe Privacy policy notice?

 

New EU regulations known as the General Data Protection Regulation (GDPR) came into force on 25th May 2018.  The GDPR places significant additional responsibilities, over and above those defined in the Data Protection Act 1998, on those who collect and process personal data to ensure that providers of personal data understand the lawful basis for the collection and processing of their data.  The document which explains this basis is known as a ‘Privacy Notice’.  The present document constitutes the Sisters of the Mists Privacy Notice. 

 

What personal data does Earth Mother Shoppe need to collect?

 

For each person who is, adding to basket, enquiring about goods or workshops, either an email address or contact number is held for reply and contact.

 

For those who are purchasing from the Shoppe their name, address, email, contact number is held in a data base either for Shipping and correspondence.

 All of which is confidential.

 

 Who is collecting the data? 

 

The data will be collected by Earth Mother Shoppe and all who conduct business on the Shoppes behalf.

 

 How is the data collected? 

 

Data is mainly collected by means of electronic e-mail and orders.

 

 Why does Earth Mother Shoppe need to collect this data? 

 

Earth Mother Shoppe collects this data so that information is held for those who are Purchasing products for them to be shipped, those who sign up for newsletters, and workshops and to be contacted with updates and discount codes.

How will the data be used? 

 

Data is used for the sole purpose of shipping and future contact on related products, updates and Shoppe information.

 

 With whom will the data be shared? 

 

The data is shared only for shipping and update requirements within the staff of the Earth Mother Shoppe. Data is not shared with anyone outside of Earth Mother Shoppe. None of the data will be placed elsewhere online, stored in the Cloud or shared with any outside agency or organisation.  None of the data will be sold to or shared with any other organisation.  The Earth Mother Shoppe does not receive commercial sponsorship.

 

Does anyone else associated with the Earth Mother Shoppe collect data?

 

No. Data is purely collected via the Earth Mother Shoppe online website.

 

Can I see my data or ask for it to be deleted?

 

 You have the right to see your personal data, and to ask for it to be deleted.  A request to view your data is known as a ‘subject access request’.  Such requests should be made to Earth Mother Shoppe, and Earth Mother Shoppe is legally obliged to respond to your request within 30 days.

 

 How long will my data be kept? 

 

The Earth Mother Shoppe has no timescale for the erasing of electronically held data.  The data form a historical record of the Earth Mother Shoppe trading records, and the aim is to preserve that record.  We would therefore like to maintain a reasonable historical record.  If you would like your details erased from the historic record you should make a subject access request.  Your data will then be anonymised in the database.

How secure is my data?

 

Electronic data is held in a password-protected database and a backup copy maintained.  None of the data is accessible online or stored in the Cloud.  Paper documents (e.g invoices) are kept in a private dwelling with normal domestic security measures in place; the Earth Mother Shoppe will take reasonable measures to ensure that the paper data is not lost or stolen or viewed by unauthorised persons, but does not guarantee to store it under lock and key.  e-mail communications are not subject to special encryption measures.  The GDPR mandates procedures which must be followed for reporting a breach or suspected breach of data security.

 

How will the new measures affect future years?

 

You will need to tick a lot more boxes in future to make it clear that you understand data collection issues and have ‘opted in’.  A requirement of the GDPR is that providers of personal data must positively ‘opt in’ to having their data collected; it is no longer sufficient to assume that ‘silence gives consent’.  Shopify contains suitable ‘opt-in’ statements, but it is the responsibility of purchaser to ensure that these are completed. 

 

 

Earth Mother Shoppe 31/08/21