HOUSE OF SPARKLEZ U.K LTD
Updated: 23/05/18 in accordance with the new GDPR (General Data Protection) Law.
The site then ’knows’ that you have been there before, and in some cases, tailors what pops up on screen to take account of that fact. For instance, it can be helpful to vary content according to whether this is your first ever visit to a site – or your 51st.
Without cookies enabled we cannot guarantee that your user experience whilst visiting our site is as intended as it should be. None of the cookies used on our website collect any personal data about you.
- To track how visitors find our site and the path they take through it help us improve our service for you.
- Our shopping basket uses a session cookie, without a cookie you will not be able to use our shopping cart.
- To monitor and manage our website traffic.
You may find www.aboutcookies.org helpful which contains more detailed information on how to do this, it also provides more information about cookies.
This statement describes what types of information we collect from you, how it is used by us, how we share it with others, how you can manage the information we hold and how you can contact us.
House of Sparklez U.K LTD will not contact or send any marketing messages to any person other than those who have subscribed to receive it. House of Sparklez U.K LTD will never send you unsolicited ‘junk’ email or communications, or share your data with anyone else who might. We do not sell your information to third parties, but we do share data with Mail Chimp in order to send you communications and newsletters via email.
The data we collect from you
We collect information about you when you engage with our website. We only collect information which is necessary, relevant and adequate for the purpose you are providing it for.
We may collect the following information:
- Name (including title);
- Phone number;
- Date of birth;
- Email address;
- The date and time you used our services;
- The pages you visited on our website and how long you visited us for;
- Your IP address;
- The internet browser and devices you are using;
- The website address from which you accessed our website;
- Details of any transactions between you and us
- Any information within correspondence you send to us.
Where you have provided your consent, we may use and process your information to:
- Internal record keeping.
- We may use the information to improve our products and services.
- We may periodically send promotional emails about new products, special offers or other information which we think you may find interesting using the email address which you have provided.
From time to time, we may also use your information to contact you for market research purposes. We may contact you by email, phone, fax or mail. We may use the information to customise the website according to your interests
You can withdraw your consent at any time by contacting us or, in relation to any marketing messages you receive, by using the unsubscribe option included in those messages.
We may use and process your personal information where this is necessary to perform a contract with you and to fulfil and complete your orders, purchases and other transactions entered into with us.
To administer competitions and promotions that you enter with us from time to time and to distribute prizes;
Processing necessary for us to operate the administrative and technical aspects of our business efficiently and effectively
To verify the accuracy of information that we hold about you and create a better understanding of you as a customer;
For network and information security purposes i.e. in order for us to take steps to protect your information against loss, damage, theft or unauthorised access;
To comply with a request from you in connection with the exercise of your rights (for example where you have asked us not to contact you for marketing purposes, we will keep a record of this on our suppression lists in order to be able to comply with your request);
To inform you of updates to our terms and conditions and policies.
How do we share this information?
We do not sell your information to third parties, but we do share information for marketing purposes with Mail Chimp so we can send you email commincations through their platform.
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
How long do we keep your information for?
We do not retain personal information in an identifiable format for longer than is necessary.
If we have a relationship with you (e.g. you are a customer who has purchased goods from us), we hold your personal information for 6 years from the date our relationship ends. We hold your personal information for this period to establish, bring or defend legal claims. Our relationship is deemed as having ended if you do not interact with us in any way for over a year.
The only exceptions to the periods mentioned above are where:
- The law requires us to hold your personal information for a longer period, or delete it sooner;
- Where you have raised a complaint or concern regarding a product or service offered by us, in which case we will retain your information for a period of 6 years following the date of that complaint or query; or
- You exercise your right to have the information erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted or required under the law.
How can you manage the information we hold about you?
You have the right as an individual to access your personal information we hold about you and make corrections if necessary. You also have the right to withdraw any consent you have previously given us and ask us to erase information we hold about you. You can also object to us using your personal information (where we rely on our business interests to process and use your personal information).
You have a number of rights in relation to your personal information under data protection law. In relation to most rights, we will ask you for information to confirm your identity and, where applicable, to help us search for your personal information. Except in rare cases, we will respond to you within 30 days after we have received any request (including any identification documents requested).
You have the right to:
- Ask for a copy of the information that we hold about you;
- Correct and update your information;
- Withdraw your consent (where we rely on it).
- Object to our use of your information (where we rely on our legitimate interests to use your personal information) provided we do not have any continuing lawful reason to continue to use and process the information. When we do rely on our legitimate interests to use your personal information for direct marketing, we will always comply with your right to object;
- Erase your information (or restrict the use of it), provided we do not have any continuing lawful reason to continue to use and process that information;
- Transfer your information in a structured data file (in a commonly used and machine readable format), where we rely on your consent to use and process your personal information or need to process it in connection with your contract.
You can exercise the above rights and/or manage your information by contacting us at firstname.lastname@example.org
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
Our store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you.
Your data is stored through Shopify’s data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall.
Credit Card/ Debit Card Payments: SagePay
As a payment service provider (PSP), thousands of businesses outsource their transaction security to us. It is our top priority to ensure that your customers’ transaction data is kept secure at all times.
All transaction information passed between merchant sites and Sage Pay’s systems is encrypted using 128-bit SSL certificates. No cardholder information is ever passed unencrypted and any messages sent to your servers from Sage Pay are signed using MD5 hashing to prevent tampering. You can be completely assured that nothing you pass to Sage Pay’s servers can be examined, used or modified by any third parties attempting to gain access to sensitive information.
Encryption and Data Storage
Once on our systems, all sensitive data is secured using the same internationally recognised 256-bit encryption standards used by, among others, the US Government. The encryption keys are held on state-of-the-art, tamper proof systems in the same family as those used to secure VeriSign's Global Root certificate, making them all but impossible to extract. The data we hold is extremely secure and we are regularly audited by the banks and banking authorities to ensure it remains so.
Sage Pay’s systems are scanned quarterly by Trustwave which are an independent Qualified Security Assessor (QSA) and an Approved Scanning Vendor (ASV) for the payment card brands.
Sage pay is also audited annually under the Payment Card Industry Data Security Standards (PCI DSS) and is a fully approved Level 1 payment services provider, which is the highest level of compliance. We are also active members of the PCI Security Standards Council (SSC) that defines card industry global regulation.
Links to banks
Sage Pay has multiple private links into the banking network that are completely separate from the Internet and which do not cross any publicly accessible networks. Any cardholder information sent to the banks and any authorisation message coming back is secure and cannot be tampered with.
Sage Pay is controlled by Iris Scanners, which are the latest and most precise biometric security devices available for identification. As used by; chemical plants, airports, police stations, prisons and other facilities where security is paramount. No one can enter or leave the building without a valid security pass.
All employees at Sage Pay are Criminal Records Bureau (CRB) checked prior to employment and no unauthorized individual has access to or is able to decrypt transaction information or cardholder data. Our systems only allow access to our most senior staff and only in extenuating circumstances (such as investigations of Card Fraud by the Police). All transaction information and customer card information is secure even from our own employees.
Sage Pay operates on twin data centres to ensure optimal system security and up-time and has a full disaster recovery and business continuation policy.
You can unsubscribe from our newsletter by clicking on the unsubscribe link provided at the end of every newsletter/email from us. You can also email email@example.com to update your email address, or to request that we delete your email.