PRIVACY & COOKIES POLICY

Introduction

We are committed to safeguarding the privacy of our website visitors and service users of Under the Cherry Tree. 

​

This policy applies where we are acting as a data controller with respect to the personal data of our website visitors and service users, which is where we determine the purposes and means of processing of that personal data. 

​

We are registered as a data controller with the Information Commissioner’s Office who are the UK’s supervisory authority for all data protection matters.

​

We use cookies on our website (see section marked ‘Cookies’ below). 

​

How we use your personal data

​

The main reason we collect personal information is in order to fulfil an order.  We only process personal data in accordance with applicable privacy laws including the UK General Data Protection Regulation and the Data Protection Act 2018.

​

We set out as follows (1) the general categories of personal data that we may process, (2) the source and specific categories of that data, (3) the purposes for which we may process personal data and (4) the legal basis for the processing.

​

Usage Data: We may process data about your use of our website and services (Usage Data).  The Usage Data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths. The source of the Usage Data is Google Analytics.  Usage Data may be processed for the purposes of analysing the use of the website and services.  The legal basis for this processing is either consent or our legitimate interests, in this case, monitoring and improving our website and services.

​

Account Data: We may process your account data (Account Data).  This may include your name and email address, the source of which data is you.  Account Data may be processed for the purposes of operating our website, providing our services, ensuring the security of our website, maintaining back-ups of our databases and for communicating with you.  The legal basis for this processing is either consent or our legitimate interests, in this case, the administration of our website and services.

​

Profile Data: We may process information included in your personal profile on our website (Profile Data).  This may include your name, email address, telephone number and email address.  Profile Data may be processed for the purposes of enabling and monitoring your use of the website and services.  The legal basis for this processing is either consent or our legitimate interests, in this case, the administration of our website and services.

​

Service Data: We may process personal data that is provided to us in the course of the use of our services (Service Data).  Service Data may include your name, email address, telephone number and email address and may be processed for the purposes of operating our website, providing our services, ensuring the security of our website, maintaining back-ups of our databases and for communicating with you.  The legal basis for this processing is either consent or our legitimate interests, in this case, the administration of our website and services.

​

Publication Data: We may process information that you post on our website or through your use of our services (Publication Data).  Publication Data may be processed for the purposes of enabling such publication and administering our services.  The legal basis for this processing is either consent or our legitimate interests, in this case, the administration of our website and services.

​

Enquiry Data: We may process personal data that is contained in any enquiry you submit to us (Enquiry Data) which may be processed for the purposes of marketing and selling our services to you.  The legal basis for this processing is consent.

​

Customer Relationship Data: We may process information relating to our customer relationships, including customer contact information such as your name, contact details and any other information contained in any communications between us (Customer Relationship Data).  Customer Relationship Data may be processed for the purposes of managing our customer relationships, communicating with customers, keeping records of those communications and promoting products to customers.  The legal basis for this processing is either consent or our legitimate interests, namely managing customer relationships for the purposes of operating the website and services.

​

Transaction Data: We may process information relating to transactions, including purchases of goods and services which you enter into with us through our website (Transaction Data).  Transaction Data may include your contact details, contact details of the recipient of any gift, payment card details and details of the transaction which may be processed for the purpose of supplying products and services and keeping proper records of those transactions.  When you share information about a child with us for the purpose of sending a product, you represent to us that you are either the parent or care giver of the child and have the authority to share this information or have obtained consent to share such information.  The legal basis for the processing of Transaction Data is the performance of a contract, at your request, as well as our legitimate interests, namely the proper administration of our website and services. 

​

Notification Data: We may process information that you provide to us for the purpose of subscribing to email notifications or newsletters (Notification Data) which may be processed for the purposes of sending our such information.  The legal basis for this processing is consent or the performance of a contract, in this case, interest in entering in such a contract.

​

In addition to the specific purposes for which we may process your personal data as set out above, we may also process any of your personal data where such processing is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.

​

Disclosure of your personal data

Our website is hosted on the Wix.com platform which allows us to sell our products to you.  Data is stored on Wix.com’s own servers in Europe.

​

Financial transactions relating to our website and services are handled using Wix.com.  All direct payment gateways used by Wix.com adhere to the standards set by PCI-DSS, as managed by the PCI Security Standards Council, which is a joint collaboration from organisations such as Visa, MasterCard and American Express to ensure the secure handling of credit card information.

​

Any onward transfer of personal data by Wix to a recipient operating on Wix’s behalf that is located in a country outside the UK, EEA and Switzerland shall be conducted by either entering into the standard contractual clauses or similar mechanism approved by the European Commission or UK Government or by ensuring that other appropriate safeguards are in place pursuant to Article 46 of the UK GDPR or equivalent provision in applicable data protection legislation in the UK.

​

We may disclose a name, address, email address and telephone numbers to our suppliers or subcontractors for the purpose of fulfilling an order. We currently use the Royal Mail Group to dispatch any orders and further details on the Royal Mail Group’s approach to data protection can be found at https://www.royalmail.com/gdpr.

​

In addition to the specific disclosures set out above, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.  We may also disclose your personal data where such disclosure is necessary for the exercise or defence of legal claims.

​

Retaining and deleting personal data

​

Personal data that we process for any purpose shall not be kept longer than is necessary for that purpose.  Personal data relating to orders will be retained for a minimum period of 1 year from the date of the order and for a maximum period of 7 years from the date of the order where required for legal and accounting purposes.

​

Security of personal data

​

We implement appropriate technical and organisational measures to secure personal data and to prevent the loss or misuse of your personal data.  Personal data is stored on secure servers and, where applicable, is protected using encryption technology.

​

Amendments

​

We may update this policy from time to time by publishing a new version on our website.  Please check this page regularly to ensure that you are happy with any changes.  Any significant changes to our policy or to take into account changes to data protection legislation will be notified to you via email.

Your rights

​

Please let us know if the personal information we hold about you needs to be corrected or updated.  Please contact us via the ‘contact us’ page on the website or by email to kate@underthecherrytreegifts.com.

​

If you consider that our processing of your personal information infringes data protection laws, you have a legal right to make a complaint with the Information Commissioner’s Office (ICO) (www.ico.org.uk). We would ask that you contact us in the first instance so that we can try to deal with any concerns.

​

COOKIES

​

A cookie is a small file that is placed on your device when you visit a website.  Cookies help us to give you a better experience when you browse and shop with us.  We use only strictly necessary cookies which enable core functionality such as security, network management and accessibility. We do not use any advertising cookies.

​

How we use cookies

​

We use cookies for essential functionality, like logging in, browsing the site, adding items to the basket and making purchases.  

Cookie list

​

Below are the cookies we use:

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​