General Data Protection Regulation
As of May 2018 the law around data collection and protection is changing so it is important that you know where you stand with us as a business. The following page should provide you with all the necessary information, however if you are unsure of anything please contact us and we will be happy to answer any questions you may have.
Ways in which we collect data…
As an online retail store it is necessary that we collect personal data to allow us to communicate with you and process your order. Please be aware that you are providing us with your personal data when you complete the following actions on www.mayaofglastonbury.co.uk:
Email: If you send us an email, we will have access to your email address and any other information you chose to provide us with.
Contact Us: If you complete the contact form on our “Contact us” page, we will receive your email address, name and any other information you wish to provide us with.
Comments: If you comment on any of the products on our website, we will receive your name and any other information you wish to provide us with.
Orders: If you make an order on our website, we will receive your name, address, phone number and any other information you wish to provide us with. Your payment details are taken by our third party payment portals, Stripe and Paypal. This data is stored securely by these portals and their privacy policies can be found Here for Stripe and Here for Paypal.
The only people who have access to the Stripe and Paypal accounts that collect your financial data are the proprietors of Maya of Glastonbury, and this information is never shared. It should also be noted that we do not have full access to all your financial data through these payment portals – information such as your card number is kept securely by the payment portal itself – please see their privacy policies for more details.
What do we do with your data?
Not much! We need your data to be able to provide you with the service you need to order and receive your products, and to address any issues that may arise following this process. We keep order details for our own records and at most we may revisit data in order to build a general customer profile. This is so we have more information on who to aim our marketing at, so we are targeting people who are actually interested in seeing what we have to offer rather than becoming a nuisance to people who don’t want to see. We do not currently have a newsletter and if, in the future, we decide to launch one, we will always ask individual permission prior to sending one out. We will never send communications unless you have specifically said you would like to receive them and we will never share your personal data with anyone else.
Access to your data…
If, at any time, you are unsure of what data we have collected and how we are storing or using this data, you have the right to request full access and we will provide you with an exact history of how your data has been used.
Where is your data stored?
We collect your data when you enter it manually into our WordPress website, we do not collect any other data from you without you knowing. Your personal details and financial data, as previously mentioned, are stored either with Stripe, or Paypal, depending on which payment method your choose.
How long do you keep my data?
Maya of Glastonbury will keep Order information and the personal data associated with those orders for no more than 5 years.
If, at any time, you would like us to delete your personal data from our records, you are within your right to request we do so. Please contact us and we will delete your data immediately.
Please note: if you are unhappy with the way we are handling your data, you can make an official complaint with the Information Commissioner’s Office. Please visit their website here for more details.
In the unlikely event of a data breach, we will inform you immediately using the contact details you have provided us with, and will work quickly with our partners to resolve the issue.
At all times you have…
the right to be informed;
the right of access;
the right to rectification;
the right to erasure;
the right to restrict processing;
the right to data portability;
the right to object; and
the right not to be subject to automated decision-making including profiling.