It describes how we collect, use and process your personal data, and how, in doing so, we comply with our legal obligations to you. Your privacy is important to us, and we are committed to protecting and safeguarding your data privacy rights.
For the purpose of applicable data protection legislation (including but not limited to the General Data Protection Regulation (Regulation (EU) 2016/679) (the "GDPR"), the company responsible for your personal data ("Boutique Blush" or "us") can be found in the contact us section of our website.
The Legal Bases for Processing Your Data
Article 6(1)(f) of the GDPR is the one that is relevant here - it says that we can process your data where it "is necessary for the purposes of the legitimate interests pursued by [us] or by a third party, except where such interests are overridden by the interests or fundamental rights or freedoms of [you] which require protection of personal data."
We will only collect your data if there is a purpose for this, such as a transaction or return or other services such as our mailing service or affiliate programme.
However, you do have the right to challenge us processing your personal data on this basis. If you would like to know more about how to do so, please see the section regarding consent.
In certain circumstances, we are required to obtain your consent to the processing of your personal data in relation to certain activities. This consent will be opt-in consent or soft opt-in consent.
Article 4(11) of the GDPR states that (opt-in) consent is "any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her."
In plain language, this means that:
- you have to give us your consent freely, without us putting you under any type of pressure;
- you have to know what you are consenting to - so we'll make sure we give you enough information;
- you should have control over which processing activities you consent to and which you don't.
When purchasing from our store, as part of the process, we collect personal data you give us such as your name, address and email address.
By browsing our store, we also receive your computer’s internet protocol (IP) address, this is automatic.
We also, providing we have your consent, may send you emails about our store, updates and new stock.
If you would like to withdraw your consent, you may do so at any time. To do this, simply email us on email@example.com
Disclosure of Your Information
We may disclose your information if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms and conditions to and other agreements; or to protect the rights, property, or safety of Boutique Blush Ltd, our customers, or others.
As you will by now know, our store is hosted by Shopify Inc. Shopify provide us with an online platform that allows us to provide our services to you.
Your data is stored via Shopify’s data storage and databases and the general application. All data is secured on a firewall protected server.
If using a direct payment gateway (DPG), Shopify stores your credit card data, which is encrypted through the PCI-DSS (Payment Card Industry Data Security Standard). This is stored only as long as is necessary to complete the transaction. After completion, this information is deleted.
All DPGs adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is made up of brands like Visa, Mastercard, American Express and many more and these standards help protect the secure handling of this data.
For more information, you may find Shopify’s Terms of Service (https://www.shopify.com/legal/terms) or Privacy Statement (https://www.shopify.com/legal/privacy).
Generally, third party providers will only collect and use your data in a manner that allows them to fulfil their service to us. However, each third party do have their own privacy policies and we recommend you look at these individually.
How Your Data is Secure
We take measures to ensure you data is not misused or misplaced, altered in any way or lost. Information including credit card details are encrypted using secure socket layer technology with AES-256 encryption.
Your Legal Data Protection Rights
You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right at any time by contacting us at firstname.lastname@example.org
Our site may, from time to time, contain links to and from other websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Who Is the First Point of Contact Regarding This Policy?