Privacy Policy

Who we are

We are Pastel Pretty: a business created and managed by Emma Paterson since 2017. We are based in Livingston, United Kingdom and our website address is: www.pastelpretty.co.uk.

 

What personal data we collect and why we collect it

While you visit our site, we’ll track:

  • Products you’ve viewed: we’ll use this to, for example, show you products you’ve recently viewed
  • Location, IP address and browser type: we’ll use this for purposes like estimating taxes and shipping
  • Shipping address: we’ll ask you to enter this so we can, for instance, estimate shipping before you place an order, and send you the order!

We’ll also use cookies to keep track of basket contents while you’re browsing our site. For more information please see our cookies section below.

When you purchase from us, we’ll ask you to provide information including your name, billing address, shipping address, email address, phone number, credit card/payment details and optional account information like username and password. We’ll use this data for purposes, such as, to:

  • Send you information about your account and order
  • Respond to your requests, including refunds and complaints
  • Process payments and prevent fraud
  • Set up your account for our store
  • Comply with any legal obligations we have, such as calculating taxes
  • Improve our store offerings
  • Send you marketing messages, if you choose to receive them

If you create an account, we will store your name, address, email and phone number, which will be used to populate the checkout for future orders.

We generally store data about you for as long as we need the information for the purposes for which we collect and use it, and we are not legally required to continue to keep it. For example, we will store order information for up to 5 years for tax and accounting purposes. This includes your name, email address and billing and shipping addresses.

We will also store comments or reviews, if you choose to leave them.

Comments

When visitors leave comments on our site we collect the data shown in the comments form if provided to us (visitors name, email address, web address and the comment itself). We also collect the visitor’s IP address, referrer, Site URL and browser user agent string to help spam detection.

An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. Please see the Gravatar Privacy Policy for more details. After approval of your comment, your profile picture (if applicable) is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contact forms

When contacting us through our on-site contact form we collect your name, email address and message contents. We use this data for customer service purposes only. We do not use the information submitted through them for marketing purposes.   

Cookies

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functions of the website. We also use third-party cookies that help us analyse and understand how you use this website. These cookies will be stored in your browser only with your consent. You have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.

If you leave a comment on our site you may opt in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

We use cookies in a variety of ways to support your shopping experience. No personal data is stored within these cookies. We also utilise cookies to track our site statistics. This includes visitor and view numbers, views by country, referrers and search engine terms and allows us to improve our site.

Cookie Duration Purpose
woocommerce_cart_hash Session  Helps WooCommerce determine when cart contents/data changes.
woocommerce_items_in_cart Session  Helps WooCommerce determine when cart contents/data changes.
wp_woocommerce_session_  2 Days Contains a unique code for each customer so that it knows where to find the cart data in the database for each customer.
eucookielaw 180 Days Remembers the state of visitor acceptance to the use of cookies.

You have the ability to accept or decline cookies by modifying the settings on your browser. If you disable cookies, please be aware that some features may not function correctly. Please see the Automattic Cookie Policy for more details on our cookie use.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.

Analytics

We use Jetpack to track our site statistics and to help improve our site.

Stats tracks and retains the following information about our visitors:

  • Post and page views
  • video plays
  • outbound link clicks
  • referring URLs and search engine terms
  • country

As part of collating the above information, Stats uses data like IP address, WordPress.com user ID (if logged in), WordPress.com username (if logged in), user agent, visiting URL, referring URL, timestamp of event, browser language, and country code. However, none of this specific information is available to us.

To track site statistics we utilise cookies. You have the ability to accept or decline cookies by modifying the settings on your browser.

Please see the Automattic Privacy Policy for more details.

 

Who we share your data with

In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.
However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions. For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.

We accept payments through PayPal. When processing payments, some of your data will be passed to PayPal, including information required to process or support the payment, such as the purchase total and billing information.

Please see the PayPal Privacy Policy for more details.

Once you leave our store’s website or are redirected to a third-party website or application, you are no longer governed by this Privacy Policy or our website’s Terms of Service.

 

How long we retain your data

We generally store data about you for as long as we need the information for the purposes for which we collect and use it, and we are not legally required to continue to keep it. For example, we will store order information for up to 5 years for tax and accounting purposes. This includes your name, email address and billing and shipping addresses. We keep contact form entries for 6 months and analytics records for 1 year. Stats data is retained by Automattic for 28 days.

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register an account on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information. We will delete inactive accounts after 1 year. 

 

What rights you have over your data

You have the right of access to, and to receive a copy of, information held about you.  Please contact us if you wish to see a copy of the information we hold and we will respond to you within 14 days of receiving your request once the validity of it has been confirmed. We will require proof of identity to be provided before we can respond to any such access request.

If for any reason you are concerned that the personal information held by us is not correct, or you wish to have your name or information removed from our records, please contact us, and we will happily review, update, or remove information as appropriate.

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes. All account users have the ability to see, edit, or delete their personal information at any time (except they cannot change their username).

 

Where we send your data

Our website is hosted by Stablepoint Hosting. Your data is stored through Stablepoint’s data storage and databases on secure UK servers behind a firewall.

 

How we protect your data

To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed. When you give us your personal information (name, email address, personal addresses and order history) the data is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption.

We as a business, have no access to any of your credit/debit card data. Although no method of transmission over the Internet or electronic storage is 100% secure, we outsource the handling of payments to Paypal who are 100% PCI-DSS compliant. 

 

What data breach procedures we have in place

The definition of a data breach according to the GDPR is “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed”.

In the event of a data breach we will first judge the severity of the breach to determine whether it is of low, moderate or high risk. We will then take the appropriate steps depending on the severity of the breach. These steps may include: improving internal procedures to avoid another breach, reporting the breach to the ICO and informing all affected customers via email. 

 

Contact information

If you would like to access, correct, amend or delete any personal information we have about you, or you would simply like more information please contact us at enquiries@pastelpretty.co.uk.