1. About this Policy
We are Oakshott and Company Limited and this is our Privacy and Data Policy. The policy sets out how we handle your personal information if you’re a customer, subscriber or visitor to our site. On this page
- 'We', 'us', 'our' or ‘Oakshott’ refers to Oakshott and Company Limited
- 'You' or 'your' relates to any person using the site
- 'Policy' refers to this privacy and data policy
- 'Terms’ relates to our Terms of Service
Oakshott respects and is committed to protecting your privacy. Any information that we store about you is intended to enable us to provide an appropriate level of service and assistance.
For purposes of the General Data Protection Regulations (May 2018), the data controller is Oakshott & Company Ltd of Unit 6, Wheal Agar, Tolvaddon Business Park, Pool, Redruth TR14 0HX, UK.
2. The data we store
When you purchase something from our store, as part of the buying and selling process, we collect the personal information you give us such as your name, address and email address.
When you browse our store, we also automatically receive information such as (but not limited to) your computer’s internet protocol (IP) address, your behaviour and actions, location data etc.
When collecting information, we may ask for your permission to market to you.
We may also choose to store additional information about you, such as conversations or correspondence that we deem significant to help us serve you better or progress a relationship.
We will store details around when and by what method this occurred.
If you contact us, we may keep a record of that correspondence.
3. How we use your data
We use personal data held about you in the following ways:
- For internal record keeping
- To improve our products and services
- To provide you with relevant information that we feel may be of interest to you
- To personalise your visit to our website
- To ensure that content on our website is presented in the most effective manner for you and for your computer
- To fulfil orders when you make a purchase
- To allow you to participate in interactive activities, if you choose to do so
- To notify you about changes to our service and important changes to our website
- To administer any competitions, events or promotions you may have chosen to participate in
We may contact you by email, phone or mail.
We do not, never have and never will sell or share your information with 3rd party partners of any kind other than as stated in clauses 5, 6 and 10.
Obtaining your consent
When you provide us with personal information to complete a transaction, verify your credit card, place an order, arrange for a delivery or return a purchase, we imply that you consent to our collecting it and using it for that specific reason only.
If we ask for your personal information for a secondary reason such as marketing, we will ask you directly for your express consent.
Withdrawing your consent
If, after opting-in, you later change your mind, you may at any time withdraw your consent for us to contact you. Please see clause 9.
5. Where your data is held
Our store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you. Your data is stored through Shopify’s data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall.
If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands such as Visa, Mastercard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
Our marketing facility is hosted by Campaign Monitor Pty Ltd. They provide us with the platform that allows us to email you, provided that you have given us express consent to do so. All data used for this purpose resides in a tightly controlled, secure data centre. This means that information about your identity and preferences is strongly protected by Campaign Monitor against unauthorised access. They maintain safeguards to protect the security of their servers and your personal information.
6. Third party services
In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.
However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect of the information we are required to provide to them for your purchase-related transactions. We recommend that you read the privacy policies of these providers so you can understand the manner in which they will handle your personal information.
Please note that certain providers may be located in, or have facilities located in, a different jurisdiction from either you or us. If you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located. For example, if you are located in the UK and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.
Once you leave our store’s website or are redirected to a third-party website or application, you are no longer governed by this Privacy and Data Policy or our website’s Terms of Service.
When you click on links in our store, you may be directed away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
7. How we safeguard your data
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with an AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
We do not have the ability to access any saved passwords.
Except in the case of fraud resulting from our negligence, we do not, to the extent permitted at law, accept responsibility for or any liability resulting from any security breaches which may occur.
In order to comply with the EU Cookie Directive, we are obliged to inform you about the cookies we use and the reasons why we would like to set them.Here is a list of cookies that we use, so that you can choose whether or not to opt-out:
_session_id Unique token: sessional. Allows Shopify to store information about your session (referrer, landing page, etc)
_shopify_visit No data held: persistent for 30 minutes from the last visit. Used by our website provider’s internal stats tracker to record the number of visits
_shopify_uniq No data held: expires at midnight (relative to the visitor) of the next day. Counts the number of visits to a store by a single customer.
cart Unique token: persistent for 2 weeks. Stores information about the contents of your cart
_secure_session_id Unique token: sessional
storefront_digest Unique token: indefinite. If the shop has a password, it is used to determine if the current visitor has access
9. Your rights
You have the right, after you opt-in, to change your mind at any time:
- You may request your data be amended
- You may request your data be deleted
- You may request not to be contacted again
- You may request to move, copy or transfer your data
You may also
- Request copies of the personal data that we hold about you
- Request details of how your data is processed
- Object to or restrict processing of your data
In all cases, please email us at email@example.com.
We may disclose your personal information if we are required by law to do so or if you violate our Terms of Service.
If our store is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell products to you.
11. Age of consent
By using this site, you represent that you are at least the age of majority in your country or state of residence, or that you are the age of majority in your country or state of residence and have given us your consent to allow any of your minor dependents to use this site.
12. Changes to this Policy
We reserve the right to modify this Privacy and Data Policy at any time. Changes and clarifications will take effect immediately upon being posted on the website. If we make material changes to this policy, we will notify you here so that you are aware of the information we collect, how we use it and under what circumstances, if any, we use and / or disclose it.
QuestionsIf you require more information, please email firstname.lastname@example.org or call us on +44 (0)7486 463821.