Edited April 2019
This policy sets out how Arnall-Culliford Knitwear Ltd uses and protects information that you give when you use this website.
Arnall-Culliford Knitwear Ltd. will be what is known as the “Controller” of the personal data you provide to us. We will only collect personal data, including name, address, email, phone number, but not any special or sensitive information.
We may hold information about you as a newsletter subscriber and/or as a customer. Because there is a different legal basis for each of these groups, they are explained separately here, even though both may apply to you.
1. Why we need your data
If you have subscribed to our newsletter or blog post update email, we need your personal data to keep you up to date with our products and projects. We will not collect any personal data that we do not need to provide this service. The legal basis for our holding this data is that you have given us your consent for the purpose of marketing.
If you have bought from our online store, we need slightly more information about you. This will include data that may ensure speedier transit through customs of your order, or information such as your IP address for identification for VAT on digital products within the EU. We need to hold onto your data to comply with tax laws in the UK. The legal bases for us holding this information is for the purpose of fulfilling a contract (when you place an order) and as part of our legitimate business activities (analysis of customer activity).
We collect general data to inform planning for our business, and to help us to reach new potential customers.
2. What data do we collect and hold?
When you subscribe, you give us your name and email address. Using tools supplied by MailChimp, our newsletter service, we also collect information about your activity once you have received the email. This includes whether you have opened the email and which links within the email you have clicked. MailChimp also collects information on your preferred email client, location, age, gender and the amount you have spent in our online store (where the email address you have used in the store is the same as that which is used for the mailing list).
Online shop customers provide us with their name, email address, a shipping and billing address, a telephone number. Shopify collects the IP address from which the order is made. We will also retain information on the number of orders, the value of those orders, the number of visits you have made to our shop (using your IP address), the referral website or link that brought you to our site, if applicable. We may also link your Ravelry username to your customer account or order notes.
We use Google Analytics and Facebook Pixel to measure visits to our website and online shop. These tools allow us to track which pages are viewed as well as where visitors are referred from, and what actions you take while on our website.
3. What we do with your data
We process personal data in the UK, however for the purposes of IT hosting and maintenance, this information is located on servers within the EU. Your data will not be shared with 3rd parties unless the law allows it. For example, data held by Shopify International Ltd, based in the Republic of Ireland may be transferred via legal mechanisms approved by the EU, USA and Canada from the EU to Shopify in the USA and Canada.
We use your personal information to keep you informed of offers in our shop, new products in our shop and to keep you up to date with our projects and activities.
The information we collect as a result of analysing the activity of subscribers is used to help us to judge the relative success of a newsletter. The type of questions we look to answer include: What percentage of recipients opened the newsletter and was it above or below our average? If we were promoting a particular product, what proportion of newsletter subscribers looked at the product and ultimately bought it?
We also use this activity information to help us to personalise newsletters.
We store your information to allow us to comply with tax laws.
We use your address and email contact details to fulfil your orders and to communicate with you about your orders. Depending on how your order is shipped, we may share your contact telephone number and email address with the courier service so that you are able to track your package.
We hold your IP address to help us with fraud prevention as it helps us to see whether an order has been made from a different territory from the billing address.
If we have your Ravelry username, it helps us to provide support in accessing ebooks and patterns – if something goes wrong with the automated processes, we can manually add products to your Ravelry library.
We will use your order history, location etc. for the purpose of statistical analyses, both automated through the software we use and through our own analyses. This allows us to look at trends and decide how we can provide the most attractive products and services.
If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.
PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
For more insight, you may also want to read Shopify’s Terms of Service or Privacy Statement.
4. How long we keep your data
We will hold and use your information until you tell us you would like to unsubscribe, or for us to delete your information.
We are required under UK tax law to keep customers’ basic personal information for a minimum of 6 years (10 years for digital services) after a transaction, after which time it will be destroyed. Your information we use for marketing will be retained until you notify us that you no longer wish to receive this information, at which point we will delete your data.
When you click on links on our store, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
Cookies are small files which are placed on your computer's hard drive. Cookies help this website to analyse traffic and visitors and help our site respond to you as an individual.
We use traffic log cookies to identify which pages are being used on our site and analyse visitor behaviour through statistics.
8. Age of consent
By using this site, you represent that you are at least the age of majority in your state or province of residence, or that you are the age of majority in your state or province of residence and you have given us your consent to allow any of your minor dependents to use this site.
9. Your rights
If at any point you believe the information we process on you is incorrect you can request to see this information and have it corrected or deleted. If you wish to raise a complaint on how we have handled your personal data, please contact us at email@example.com.
If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the Information Commissioner’s Office https://ico.org.uk/