ARTICLE 1 – PERSONAL DATA COLLECTED

When you make a purchase in our shop, we collect the personal information you provide us during the purchase and sales process, such as your name, address, and email address. When you browse our shop, we also automatically receive your computer’s Internet Protocol (IP) address, which helps us learn about your browser and operating system. Email marketing (if applicable): With your permission, we may send you emails about our shop, new products, and other updates.

ARTICLE 2 – CONSENT

How do we get your consent? When you provide us with personal information to complete a transaction, verify your credit card, place an order, arrange for a delivery or return a purchase, we imply that you consent to our collecting and using it for that specific reason. If we ask for your personal information for a secondary reason, like marketing, we will directly ask you for your expressed consent or provide you with an opportunity to say no. How can I withdraw my consent? If you change your mind after you opt-in, you may withdraw your consent for us to contact you, for the continued collection, use, or disclosure of your information, at any time by contacting us at contact@bed-canopy.co.uk.

ARTICLE 3 – DISCLOSURE

We may disclose your personal information if we are required by law to do so or if you violate our Terms of Service.

ARTICLE 4 – WOOCOMMERCE

Our store is hosted on WooCommerce Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you. Your data is stored through WooCommerce’s data storage, databases, and the general WooCommerce application. Your data is stored on a secure server behind a firewall. Payment: If you make a purchase through a direct payment gateway, WooCommerce stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted. All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, a joint effort of brands like Visa, MasterCard, American Express, and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers. For more insight, you may also want to read WooCommerce’s terms of service here or privacy policy here.

ARTICLE 5 – THIRD-PARTY SERVICES

In general, the third-party providers used by us will only collect, use, and disclose your information to the extent necessary to allow them to perform the services they provide to us. However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect of the information we are required to provide to them for your purchase-related transactions. For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers. Remember that certain providers may be located in or have facilities that are located in a different jurisdiction than either you or us. If you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located. As an example, if you are located in Canada and your transaction is processed by a payment gateway in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act. Once you leave our store’s website or are redirected to a third-party website or application, you are no longer governed by this Privacy Policy or our website’s Terms of Service. Links: When you click on links on our store, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.

ARTICLE 6 – SECURITY

To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered, or destroyed. If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.

SECTION 7 – COLLECTED DATA TYPES PERSONAL DATA

When using our service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you (“Personal Data”). Personally identifiable information may include, but is not limited to: * Email address * Address * First name and last name * Cookies and Usage Data We may use your Personal Data to contact you with newsletters, marketing or promotional materials, and other information that may be of interest to you. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in any email we send. USAGE DATA We may also collect information on how the service is accessed and used (“Usage Data”). This Usage Data may include details such as your computer’s Internet Protocol address (IP address), browser type,

browser version, the pages of our service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers, and other diagnostic data.

TRACKING & COOKIES DATA We use cookies and similar tracking technologies to track the activity on our service and hold certain information. Cookies are files with a small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyze our service. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our service. Examples of cookies we use:

  • Session Cookies: We use Session Cookies to operate our service.
  • Preference Cookies: We use Preference Cookies to remember your preferences and various settings.
  • Security Cookies: We use Security Cookies for security purposes.

DATA USAGE We use the collected data for various purposes:

  • To provide and maintain our service
  • To notify you about changes to our service
  • To allow you to participate in interactive features of our service when you choose to do so
  • To provide customer care and support
  • To provide analysis or valuable information so that we can improve our service
  • To monitor the usage of our service
  • To detect, prevent, and address technical issues
  • To provide you with news, special offers, and general information about other goods, services, and events which we offer that are similar to those that you have already purchased or enquired about unless you have opted not to receive such information

SECTION 8 – DATA SECURITY

The security of your data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. Whilst we endeavour to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.

SECTION 9 – LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA UNDER THE GENERAL DATA PROTECTION REGULATION (GDPR)

If you are a member of the European Economic Area (EEA), our legal basis for collecting and using the personal information described in this Privacy Policy depends on the Personal Data we collect and the specific context in which we collect it. WE MAY PROCESS YOUR PERSONAL DATA BECAUSE: * We need to perform a contract with you or ship products to you that you have purchased. * You have given us permission to do so * The processing is in our legitimate interests and not overridden by your rights * For payment processing * To comply with the law DATA STORAGE * We will retain your personal data only for as long as is necessary for the purposes set out in this Privacy Policy. * We will retain and use your personal information to the extent necessary to comply with our legal obligations (for example, if we are required to retain your information to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

ASECTION 10 – YOUR DATA PROTECTION RIGHTS UNDER THE GENERAL DATA PROTECTION REGULATION (GDPR)

If you are a resident of the European Economic Area (EEA), you have certain data protection rights. We endeavour to take reasonable steps to allow you to correct, amend, delete or limit the use of your personal data. If you would like to be informed what personal information we hold about you and if you would like it to be removed from our systems, please contact us. UNDER CERTAIN CIRCUMSTANCES YOU HAVE THE FOLLOWING PRIVACY RIGHTS: * The right to access, update or delete the information we hold about you. Whenever possible, you can access, update or request deletion of your personal information directly from your account settings area. If you are unable to perform these actions yourself, please contact us to assist you. * The right to rectification. You have the right to rectify your information if that information is inaccurate or incomplete. * The right to object. You have the right to object to our processing of your personal data. * The right to restriction. You have the right to request that we restrict the processing of your personal information. * The right to data portability. You have the right to receive a copy of the information we hold about you in a structured, machine-readable and commonly used format. * The right to,
to withdraw your consent. You also have the right to withdraw your consent at any time where we relied on your consent to process your personal information. Please note that we may ask you to verify your identity before responding to such requests. You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority in the European Economic Area (EEA).

ARTICLE 11 – AGE OF CONSENT

By using this website, you represent that you are at least the age of majority in your state or province of residence and that you have given us your consent to allow persons under the age of majority to use this website on your behalf.

ARTICLE 12 – AMENDMENTS TO THIS PRIVACY POLICY

We reserve the right to change this Privacy Policy at any time, so please check it regularly. Changes and clarifications will take effect immediately after they are posted on the website. If we make material changes to this policy, we will notify you here that it has been updated so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. If our shop is acquired by or merged with another company, your information may be transferred to the new owners so that we can continue to sell products to you.

QUESTIONS AND CONTACT INFORMATION

If you would like to: request access to, correct, amend or delete any personal information we hold about you, lodge a complaint or simply want more information, please contact our Data Protection Officer at contact@bed-canopy.co.uk