We take your privacy seriously
Black Spell Limited are registered with the Information Commissioner’s Office
2018 GDPR UPDATE
New data protection laws are in force in the UK from the 25th May 2018. Black Spell is committed to full compliance when it comes to our customers data and privacy. In short this means that:
Data Collection – When you place and order with us or want to subscribe to our newsletters, consent will now be clear, specific and explicit. We have also reached out to previous customers to provide re-consent that they wish to be kept in touch with.
Data Security – We have re-evaluated security measures to keep your data safe. Your data is stored through the general WooCommerce application using a 1&1UK server. Your data is encrypted as it is transferred, using secure socket layer technology (SSL) and stored on a secure server behind a firewall.
Your Data Rights – Our customers have the right to:
- The right to be informed – all organisations must be completely transparent in how they are using personal data
- The right of access – individuals will have the right to know exactly what information is held about them and how it is processed
- The right of rectification – individuals will be entitled to have personal data rectified if it is inaccurate or incomplete
- The right to erasure – also known as ‘the right to be forgotten’, this refers to an individual’s right to having their personal data deleted or removed without the need for a specific reason as to why they wish to discontinue
- The right to restrict processing – an individual’s right to block or suppress processing of their personal data.
- The right to data portability – this allows individuals to retain and reuse their personal data for their own purpose
- The right to object – in certain circumstances, individuals are entitled to object to their personal data being used. This includes, if a company uses personal data for the purpose of direct marketing, scientific and historical research, or for the performance of a task in the public interest
- Rights of automated decision making and profiling – the GDPR has put in place safeguards to protect individuals against the risk that a potentially damaging decision is made without human intervention. For example, individuals can choose not to be the subject of a decision where the consequence has a legal bearing on them, or is based on automated processing
For any request you have about the data we store about you, please contact us at email@example.com.
FULL PRIVACY STATEMENT
SECTION 1 – WHAT DO WE DO WITH YOUR INFORMATION?
When you purchase something from our store, as part of the buying and selling process, we collect the personal information you give us such as your name, address and email address.
When you browse our store, we also automatically receive your computer’s internet protocol (IP) address in order to provide us with information that helps us learn about your browser and operating system.
Email marketing: When you place an order with us and ‘subscribe’ to blackspell, we may send you emails about our store, new products, discounts and competitions. We will limit these to information which we feel is important or useful to you, we do not intend on spamming any of our customers. If you do not wish to receive these you can follow the unsubscribe link on the bottom of our emails.
SECTION 2 – CONSENT
How do you get my consent?
When you provide us with personal information to complete a transaction, verify your credit card, place an order, arrange for a delivery or return a purchase, we imply that you consent to our collecting it and using it for that specific reason only.
If we ask for your personal information for a secondary reason, like marketing, we will either ask you directly for your expressed consent, or provide you with an opportunity to say no.
How do I withdraw my consent?
If after you opt-in, you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at anytime, by contacting us at firstname.lastname@example.org.
SECTION 3 – DISCLOSURE
We may disclose your personal information if we are required by law to do so or if you violate our Terms of Service.
SECTION 4 – WOO COMMERCE
WooCommerce provide us with the online e-commerce platform that allows us to sell our products and services to you.
Your data is stored through the general WooCommerce application using a 1&1UK server. Your data is encrypted as it is transferred, using secure socket layer technology (SSL) and stored on a secure server behind a firewall.
We use WooCommerce combined with Stripe, Paypal, Apple Pay and Google Pay in order to process payments you make on our website.
All payments are subject to each payment vendor’s privacy statement respectively.
PayPal transactions are subject to Paypal’s privacy statement, which can be viewed online at:
SECTION 5 – THIRD-PARTY SERVICES
In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.
However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.
For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.
In particular, remember that certain providers may be located in or have facilities that are located in a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.
When you click on links on our store, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
SECTION 6 – SECURITY
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
If you provide us with your credit/debit card information, the information is encrypted using secure socket layer technology (SSL). Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
To keep track of cart data, WooCommerce makes use of 3 cookies:
The first two cookies contain information about the cart as a whole and helps WooCommerce know when the cart data changes. The final cookie (wp_woocommerce_session_) contains a unique code for each customer so that it knows where to find the cart data in the database for each customer. No personal information is stored within these cookies.
SECTION 7 – AGE OF CONSENT
By using this site, you represent that you are at least the age of 16.
If our store is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell products to you.
QUESTIONS AND CONTACT INFORMATION
[Our Data Protection Officer works alongside these third party companies; www.viode.co.uk – www.phelanhaulage.com – www.handymanhomeandgarden.co.uk – https://www.lamour.co.uk – www.highway-logistics.co.uk – https://cswatersports.com – https://cswatersportsacademy.com – http://thewatersportscentre.com – https://hampshirewatersports.com/ – https://www.hampshirekitesurfing.com/ – www.surfdek.co.uk – www.northernkites.co.uk – www.infinitysportkitesurfing.com – but no information is shared between them.]
If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information contact our Data Protection Officer at email@example.com or by mail at Black Spell.
[Re: Data Protection Officer]
[14 Kingsley Close, Sunderland, SND, SR5 2AP, United Kingdom]