Your Data Protection Rights
Your principle rights under data protection law are:
The right to access – You have the right to request us for copies of your personal data.
The right to rectification – You have the right to request that we correct any information you believe is inaccurate. You also have the right to request us to complete the information you believe is incomplete.
The right to erasure – You have the right to request that we erase your personal data, under certain conditions.
The right to restrict processing – You have the right to request that we restrict the processing of your personal data, under certain conditions.
The right to object to processing – You have the right to object to our processing of your personal data, under certain conditions.
The right to data portability – You have the right to request that we transfer the data that we have collected to another organisation, or directly to you, under certain conditions.
These rights are subject to certain limitations and exceptions. You can learn more about the rights of data subjects by visiting the Information Commissioners Office - Individual Rights .
If you make a request, we have one month to respond to you. If you would like to exercise any of these rights in relation to your personal data, please contact us.
What personal data do we collect about you?
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (Anonymous data).
We collect a variety of personal information about our customers and visitors to www.itsfromtheshed.com which fall into the follow categories:
When you place an order with us, the personal information we collect includes:
- full name;
billing and delivery address;
a record of your order and details of the products purchased; and
credit/debit card details (all sensitive details are inaccessible even to us from moment of purchase and are securely encrypted)
This information is necessary for us to process your order, receive payment and deliver your goods to you.
When you create an account with us, we collect the following personal information:
username or similar identifier;
encrypted version of your login/password;
profile data including preferences and cookie consent (opt in/out) ;
newsletter subscription status; (We will not send you marketing emails unless you consent i.e. sign up to our newsletter. You can unsubscribe at any point, by clicking on the unsubscribe links in our emails, or by contacting us.)
feedback and survey responses;
billing and shipping addresses (if saved in account);
list of products you added to your “wish list”; and
Debit or credit card details (If saved, these details are stored securely and encrypted, and cannot be seen by us)
You can quickly and easily log into your account and change or edit any of your personal data by clicking on “My Account” either in the header of our website. If you’d like to delete your account please contact us .
You do not have to register for an account with us to place orders on our websites, but many returning customers find it helpful to have one.
If you contact us via phone, email or via the form on our contact us page we may collect the following data in order to deal with your query;
We will also note the date and nature of your query or complaint, and details of any actions taken.
When you visit our website, we may also collect the following information related to the device used:
internet protocol (IP) address,
browser type and version,
device (PC, tablet or mobile)
operating system and platform.
We gather this information to analyse our site’s performance on different devices and look for areas for improvement.
information regarding what pages are accessed and when;
general product preferences and interests based on your browsing history on our website.
This data also allows us to give you customised product recommendations based on best-sellers and product views.
Analytics data, also known as tracking data, includes information about how you use our website, along with information we or others collect about you from cookies and similar tracking technologies, such as web beacons, pixels, and mobile identifiers, and is used to improve our website and the content we provide.
To analyse engagement and performance of our website we use Google Analytics (GA). Google Analytics data is aggregated data. Aggregated data may be derived from your personal data but is not considered personal data in law, as this data does not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific website feature.
Using Google Analytics we are able to record visitors engagement with our website, such as page visits, bounce rates, time on site and traffic sources i.e whether you arrived at www.itsfromtheshed.com direct, through a search engine, social media site, or by clicking on an advert.
We can also track basic interaction with website forms, and eCommerce transactions. The transaction data in GA contains information such as order ids, products purchased and revenue , it does not contain any personal information.
Please note: We do not collect any Personal Data about you regarding your race or ethnicity, religious or philosophical beliefs, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
If you choose not to share personal data with us, or refuse certain contact permissions, we might not be able to provide the products and services you’ve asked for.
How do we collect your personal data?
We use different methods to collect data from and about you through:
You may provide us with your transactional, contact/account and communications data by:
- placing an order for any of our products;
- creating an account on our website;
- signing up to our mailing list;
- filling in our contact form to make enquiries;
- corresponding with us via email or phone;
- engaging with us on social media;
- entering a competition, promotion or survey;
- providing feedback on our website or social media pages; or
- leaving comments or reviews on our products.
Automated technologies or interactions.
As you interact with us, we may automatically collect technical data about your technical data equipment, browsing actions and patterns.
If you have provided consent we may also collect marketing and analytics data when you use our website, or when you click on one of our adverts (including those shown on third party websites).
Third parties or publicly available sources.
We may receive personal data about you from various types of third parties, including:
- Technical data and/or tracking data from analytics providers, advertising networks and search information providers;
- Contact and financial data from providers of payment and fraud prevention services; and
- Identity and contact data from external sites such as Google or Facebook if you choose to login to your account via these options.
Legal basis for collecting your personal data
Your privacy is protected by law. According to Data Protection Laws, we are allowed to use personal information only if we have an acceptable reason to do so. There are several different reasons why we might collect and process your personal data.
Most commonly, we will use your personal data in the following circumstances:
1. When we have your consent
In certain circumstances, we will only process your personal data with your clear consent. For example, we will add you to our mailing list only if you sign up to our newsletter or tick the relevant box at the checkout.
2. To fulfil a contract we have with you
Where we need to form a contract with you, for example when you place an order, purchase our products, and to process and deliver your order. These details will be then passed on to our courier company to deliver the goods to you.
- We will use your e-mail address to provide you with updates regarding your order, such as order confirmation, despatch & tracking information.
- We will also collect your phone number to be able to contact you in case of any problems with your order.
- Depending on which delivery option you choose, your phone number and/or e-mail address might be passed on to our courier so that they can keep you updated when your goods will be delivered (whenever applicable).
3. When it is in our legitimate interest
In certain situations, we will use your data to pursue our legitimate interests in a way which might reasonably be expected as part of running an e-commerce business.
We will process personal data for the following legitimate interests:
- to better understand how people interact with our website in order to improve the website and our customers general shopping experrience
- to provide you with the best possible service, including a personalised browsing experience, tailored to your preferences.
- to improve our product selection and service based shopping trends and any post-purchase feedback.
- to administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)
- to deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you
- to define types of customers for our products and services, to keep our website updated and relevant, and to inform our marketing strategy
4. To comply with legal or regulatory obligations
- keeping records of our sales for tax compliance.
- to identify and prevent fraud and keep our services safe and secure
Who do we share/disclosure your personal data with?
All information that you provide to us is for the sole purpose of providing you with the best shopping experience and customer service.
Suppliers and service providers (such as technology service providers, payment processing and fraud prevention providers, delivery and courier services);
Makers and artists selling their products through our site, for the purposes of shipping any products you have ordered from them;
Auditors and professional advisers like bankers, lawyers, accountants and insurers; and
government, regulators and law enforcement.
We may also share data (with your consent) with third parties connected to marketing, advertising and analytics.
How do we store your personal information?
www.itsfromtheshed.com is hosted on the Wix.com platform, which allows us to sell our products and services securely online.
It's From The Shed uses third party payment processors provided by Wix.com and PayPal to process payments made for products and services via the website.
If you choose to pay by Debit or Credit card at the checkout, your credit card details are communicated directly from your browser to these third party payment processors.
In accordance with Payment Card Industry (PCI) data security standards your billing information (which is only used by these payment processors for the purpose of performing fraud protection) is encrypted before being communicated to them.
Unless you request your card details are remembered It's From the Shed will also not have access to your billing or bank account details.
If you choose to remember your card details on checkout It's From The Shed stores the card type, a Masked PAN (only the first 6 and last 4 digits) and the card’s expiry date as well as an associated token, used to identify and remember your stored card for you to use for future purchases from www.itsfromtheshed.com .
Please note: This stored information can be updated or deleted at any by logging onto your account on It's From the Shed and clicking on "My Wallet"
If you use PayPal to check out your order It's From The Shed does not have access to your payment or bank account details, these are stored within your Paypal account.
It's From The Shed only store the tokens required to identify the transaction with PayPal and issue refunds through Paypal.
Links to External Third-party websites
How long do we retain your personal data for?
the amount, nature, and sensitivity of the personal data;
the potential risk of harm from unauthorised use or disclosure of your personal data;
the purposes for which we process your personal data whether we can achieve those purposes through other means; and
the applicable legal requirements.