1.0 OUR CORE BELIEFS REGARDING USER PRIVACY AND DATA PROTECTION User privacy and data protection are human rights. We have a duty of care to the people within our data. Data is a liability, it should only be collected and processed when absolutely necessary. We loathe spam as much as you do! We will never sell, rent or otherwise distribute or make public your personal information. 2.0 RELEVANT LEGISLATION We comply with the following national and international legislation with regards to data protection and user privacy: UK Data Protection Act 1988 (DPA) EU Data Protection Directive 1995 (DPD) EU General Data Protection Regulation 2018 (GDPR) 3.0 PERSONAL INFORMATION I COLLECT AND WHY I COLLECT IT 3.1 Order Processing When you place an order via my shop on ConsciousCrafties.com, I receive only the required information in order to process your order (your name, address and email). I do not receive any card or bank details. 4.0 HOW I USE THE INFORMATION The information you provide is used to fulfil your order on a ‘contract’ basis and is only used for the purpose of communicating with you regarding your purchase and for delivery of your items. Your personal information will not be added to my mailing list and you will not be contacted for marketing or advertising purposes unless you request me to do so. 5.0 SHARING WITH THIRD PARTIES We will NEVER sell or rent your personal data. To process your order and to fulfil your contract with us, your information is shared with third parties for the purpose of delivery (Royal Mail and courier services). 6.0 HOW I SECURE, STORE AND RETAIN DATA We use Conscious Crafties website to trade and complete your purchase. Your data is secured, stored and retained by Conscious Crafties to complete your purchase. We do not hold hard copies of your data and any data collected is held only as long as is necessary to carry out your order and to maintain adequate and accurate business and financial records (7 years). 7.0 HOW YOU CAN ACCESS, UPDATE OR DELETE INFORMATION HELD ABOUT YOU You have the right to access, update or ask us to delete your personal information. Please email our Data Controller found in section 9.0 below. We are obliged by law to provide this service within 30 calendar days of your request free of charge. However, we have the right to refuse or charge for requests that are manifestly unfounded or excessive and repetitive. 8.0 DATA BREACHES We will report any unlawful data breach to any and all relevant persons and authorities within 72 hours of the breach, if it is apparent that personal data stored in an identifiable manner has been stolen. If you feel your data has been compromised you have a right to contact the Information Commissioners Office (ICO). 9.0 DATA CONTROLLER Our data controller is Whose registered and operating office is: Email: 10.0 CHANGES TO OUR PRIVACY POLICY This privacy policy may change from time to time inline with legislation or industry developments. We will not explicitly inform our users of these changes. Instead, we recommend that you check this page occasionally for any policy changes. Specific policy changes and updates will be mentioned in the change log below: Version 1.0 25th May 2018 – New Privacy Policy to be compliant with GDPR