Privacy and GDPR
Privacy Policy
GDPR and privacy rules are absolutely essential pieces of legislation and are often quite complex. However here at The Stumpy Quilter I want to make sure that you understand what your rights are, what information I collect, why I collect it, how I use it as well as how to get it deleted. As a quilter the main information that I use and collect is of course to complete your transaction or to arrange your experience. Much of the information detailed and collected below is done by the platforms I use for the website and shop.
​
The following privacy document has been correlated using the WIX website templates for small businesses.
The rules on processing of personal data are set out in the General Data Protection Regulation (the “GDPR”).
​
1. Definitions
-
Data controller - A controller determines the purposes and means of processing personal data.
-
Data processor - A processor is responsible for processing personal data on behalf of a controller.
-
Data subject – Natural person
-
Categories of data: Personal data and special categories of personal data
-
Personal data - The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier (as explained in Article 6 of GDPR). For example, name, passport number, home address or private email address. Online identifiers include IP addresses and cookies.
-
Special categories personal data - The GDPR refers to sensitive personal data as ‘special categories of personal data’ (as explained in Article 9 of GDPR). The special categories specifically include genetic data, and biometric data where processed to uniquely identify an individual. Other examples include racial and ethnic origin, sexual orientation, health data, trade union membership, political opinions, religious or philosophical beliefs.
-
Processing - means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
-
Third party - means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
​​
This Privacy Policy does not apply to the practices of third parties that I do not own or control, including any third party services you access through the website, the mailer system or Etsy. All parties privacy policies are linked below where possible.
​
2. Who am I?
The Stumpy Quilter is a small hobby business working with clients from all over the UK and abroad in the supply of handmade quilted items and in offering long arm teaching experiences at the studio. As a data controller and processor I must publish my use of your data.
​
For all data matters contact Jackie Millins-Horne at
​
​
3. What information do I collect?
​
I receive, collect and store any information you enter on my website or provide me in any other way. In addition, I collect the Internet protocol (IP) address used to connect your computer to the Internet; login; e-mail address; password; computer and connection information and purchase history. I may use software tools to measure and collect session information, including page response times, length of visits to certain pages, page interaction information, and methods used to browse away from the page.
​
I also collect personally identifiable information (including name, email, password, communications);payment details (where applicable only) comments, feedback, product reviews, recommendations, and personal profile.
4. How do I collect this information?
When you conduct a transaction on my website or at the studio, be that a purchase, sign up or enquiry, as part of the process I collect personal information that you give me such as your name, address, phone number and email address. Your personal information will be used for the specific reasons stated in this policy only.
​
5. Why do I collect this information
​
I rely on a number of legal bases to collect, use, and share your information, including:
​
-
To provide and operate the services offered by The Stumpy Quilter;
-
To provide my Visitors and Users with ongoing customer assistance and technical support;
-
To be able to contact my Visitors and Users with general or personalised service-related notices and promotional messages;
-
To create aggregated statistical data and other aggregated and/or inferred Non-personal Information, which me or my business partners may use to provide and improve our respective services;
-
Providing and improving my services. I use your information to provide the services you requested and in my legitimate interest to improve my services
-
To comply with any applicable laws and regulations.
-
To settle any disputes
-
When you have provided your affirmative consent, which you may revoke at any time, such as by signing up for a mailing list;
-
If necessary to comply with a legal obligation or court order or in connection with a legal claim, such as retaining information about your purchases if required by tax law;
-
Compliance with the Etsy, Wix and Mailer lite Terms of Use. I use your information as necessary to comply with my obligations under their policies and Terms of Use
6. How do I store, use, share and disclose my site visitors' personal information?
​
Information about my customers is important to my business. I share your personal information for very limited reasons and in limited circumstances, as follows:
​
Web Site
The Stumpy Quilter website is hosted on the Wix.com platform. Wix.com provides me with the online platform that allows me to showcase my products and services to you. Your data may be stored through Wix.com’s data storage, databases and the general Wix.com applications. They store your data on secure servers behind a firewall.
All direct payment gateways offered by Wix.com and used by my company adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by my store and its service providers.
The WIX Privacy Policy may be found here:
​
​
Etsy Shop
My shop is hosted by Etsy and I share information with Etsy as necessary to provide you my services and comply with my obligations under both the Etsy Seller Policy and Etsy Terms of Use.
My shop has a separate privacy policy which sits alongside the main Etsy policy and protocols which can be found under Shop Policies on my Etsy shop here:
​
​
Newsletter
I use an email marketing system called Mailerlite so that I may contact you with the newsletter where you have subscribed. I must comply with this policy as well which can be found here:
​
​
​
General Communication
​
For all processing of general emails, use of phone numbers and contacts I use Microsoft 365 and iCloud from Apple which has appropriate encryption to ensure that your data remains safe. The privacy policy for Apple and Microsoft can be found on their respective websites.
Service providers.
​
I engage certain trusted third parties to perform functions and provide services to my shop, such as delivery companies. I will share your personal information with these third parties, but only to the extent necessary to perform these services, i.e. your name and address for delivery.
Sale of Business
​
Business transfers. If I sell or merge my business, I may disclose your information as part of that transaction, only to the extent permitted by law.
​
Compliance with legislation
​
I may collect, use, retain, and share your information if I have a good faith belief that it is reasonably necessary to:
​
-
respond to legal process or to government requests;
-
enforce my agreements, terms and policies;
-
prevent, investigate, and address fraud and other illegal activity, security, or technical issues; or
-
protect the rights, property, and safety of my customers, or others
7. How do I communicate with visitors?
​
I may contact you to notify you regarding your account, your quilting experience, your custom order, a purchase, to troubleshoot problems with your account, to resolve a dispute, to collect fees or monies owed, to send updates about the company, or as otherwise necessary to contact you to enforce my User Agreement, applicable national laws, and any agreement I may have with you. For these purposes I may contact you via email, telephone, text messages, and postal mail as you have agreed to.
8. How do I use cookies and other tracking tools?
​
Websites track personal information through the use of cookies and so I must make this clear to my site visitors.
As the host of my website a full list of Wix cookies can be found here
​
​
​
If you use the Etsy site then their details are here:
​
​
You are given the choice on entering each site to decline certain cookies of course.
9. Providing me with your personal data
​
Clients are under no statutory or contractual requirement or obligation to provide me with personal data. But failure to do so will restrict the quality of support and service given to the client .
10. Further processing
​
If I wish to use personal data for a new purpose, not covered by this Data Privacy Notice, then I will provide the client with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions.
11. Transfer of Data Abroad
​
I do not transfer personal data collected directly from the client about the client outside the EEA.
In terms of the website hosting and use of social media please note that some data recipients may be located outside the EEA. In such cases I will transfer your data only to such countries as approved as providing adequate level of data protection or enter into legal agreements ensuring an adequate level of data protection.
12. Data Retention
​
I retain your personal information only for as long as necessary to provide you with my services and as described in this Privacy Policy. However, I may also be required to retain this information to comply with my legal and regulatory obligations, to resolve disputes, and to enforce my agreements. I generally keep your data for the following time period: 5 years.
If you have subscribed to the newsletter and updates then this consent may be retracted at any time (see withdrawing your consent).
​
13. Withdrawing your consent
​
If you do not want me to process your data anymore, please contact me at:
​
​
​
or you can always message me through the various social media platforms.
14. Privacy policy updates
​
I reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website. If I make material changes to this policy, I will notify you here that it has been updated, so that you are aware of what information I collect, how I use it, and under what circumstances, if any, I use and/or disclose it.
15. Questions and your contact information
​
If you would like to: access, correct, amend or delete any personal information I have about you, you are invited to contact me at
​
​
or you can always message me through the various social media platforms.
16. How to Contact Me
​
For purposes of EU data protection law, I, Jackie Millins-Horne, am the data controller of your personal information. If you have any questions or concerns, you may contact me at
​
​
17. Your Rights
​
-
If you reside in certain territories, including the EU, you have a number of rights in relation to your personal information. While some of these rights apply generally, certain rights apply only in certain limited cases. I describe these rights below:
-
Access. You may have the right to access and receive a copy of the personal information I hold about you by contacting me using the contact information below.
-
Change, restrict, delete. You may also have rights to change, restrict my use of, or delete your personal information. Absent exceptional circumstances (like where I am required to store data for legal reasons) I will generally delete your personal information upon request.
-
Object. You can object to (i) my processing of some of your information based on my legitimate interests and (ii) receiving marketing messages from me after providing your express consent to receive them. In such cases, I will delete your personal information unless I have compelling and legitimate grounds to continue using that information or if it is needed for legal reasons.
-
Complain. If you reside in the EU and wish to raise a concern about my use of your information (and without prejudice to any other rights you may have), you have the right to do so with your local data protection authority.