This privacy notice will change from time to time – particularly if we change the way we collect or use your personal information, so do check back here every now and then. It was last updated on 31st January 2019.
At One Little Hut, we fully understand how important privacy is to every one of our visitors and customers. We collect, use, store and retain your personal data in line with data protection legislation. This privacy notice aims to provide as much information as possible to help you understand how we look after your data, what your legal rights are in relation to that information – and how you can contact us if you have any questions or queries about how we look after your personal information.
How is your Personal Information Used – The Basics
There are a number of ways that your personal information will be collected when you make contact with One Little Hut – mostly though it is so that we can respond to queries you send, or to process orders you have made. You can contact us through:
One Little Hut Etsy pages
Our Facebook Page/Facebook Messenger
If you purchase from us, these systems are used for processing payments:
You will be sent an invoice via PayPal
You may purchase through the website.
You can choose to pay via BACS transfer, at which point I will send bank details for One Little Hut in order for you to do so.
You can also pay by card and choose to receive a card payment link.
If you purchase from us, your order will be posted to you via Royal Mail. We do not have a contract with them, how they use your information can be found on their website. Royalmail.com
One Little Hut and Marketing Materials
One Little Hut does not currently have a newsletter or send out any kind of marketing materials, but we may do that in future. If and when that happens, this policy will be updated and will only send that information to those who have specifically asked to receive it. Information sent to us via the website contact form or any of the methods mentioned above are currently used only to answer the specific query or process order as applicable.
How your Personal Information is Used – The more technical bits
In this section, we try to explain they type of information we will collect or process, why we do that and how it is done. We can only process your information if we have a “legal basis” for doing that. There are 6 of those listed in the General Data Protection Regulation (GDPR). In this notice, we explain which of these apply in each case. Here we go:
If you visit our website, we may process data about your use of the site (this is technically called “usage” data”). This would include information like what pages you visit, how long you spend on the site, if you got to our website through a link somewhere else– or how often you visit our website. Our website platform is WordPress. This type of information is gathered to help to continuously improve the website and services. We do not currently have any analytic software or plug-ins attached to the website.
Legal Basis – Legitimate Interest: administration of our website and services. Some usage information is also collected by Facebook – to allow us to see where visitors are based and how they found those pages. We do not have access to the personal information gathered by these though – only the statistics.
Contact and Enquiry Information
We may process information about you to answer your query or process an order. This may include your name, address, email address, postal address and telephone number – depending on what information you provide to us. We will receive this either directly from you for example in an email, FB message or through the contact form on our website. In all cases we receive only the information you choose to provide – and it will be used to correspond with you until your query is resolved. (If correspondence leads to a purchase we will require and process further information – please see the section “Ordering and Purchasing Information”.
Legal Basis – Consent OR the performance of a contract between you and us, and/or taking steps, at your request to enter into a contract OR legitimate interests, in particular, managing relationships with our customers.
Feedback and Other Information That You Send to Us
We may process information you send to us for publication on our website – for example, if you email feedback on an order you have received, we may share this on our website and/or social media platforms. We will always ask you if it is OK to use you personal information in this way.
Legal basis – Consent: if you have sent this information by private communication channels (such as email) then we will ask for your consent to publish this. (NOTE – if you have posted the information on any of our public sites (social media channels) we do not require consent as you have chosen to make this public – and it is therefore exempt from data protection provisions. However, we will endeavour to contact you to check if it may be shared on other social media channels)
Ordering and Purchasing Information
You can order from us in two ways – by contacting us directly through one of our social media channels or our email address – or by making a purchase through Etsy. If you wish to order through our social media channels you may be asked to provide (through a private message) your email address, currently payment is arranged directly on these platforms, but that may change in the future. This policy will update in accordance.
If you choose to pay via Paypal, they will ask you for further contact details – such as your address, and for payment information (credit card or account details). If you order through Etsy, you do this directly through that site – and will be asked for the same type of information.
One Little Hut does not receive any of your payment account details. We only receive the information we need to complete your order – the most important being your address, so that we can send your purchases to you.
Legal Basis – This processing is necessary for the performance of a contract between you and us, and/or taking steps, at your request to enter into a contract and our legitimate interests, in particular, managing our business appropriately.
We may process any of the personal information mentioned in this policy – where necessary – for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out of court procedure. We may process personal information for the purposes of obtaining or maintaining insurance coverage, or obtaining professional advice in relation to business risk – however, this is unlikely.
Legal Basis – Legitimate Interest: The protection and assertion of our legal rights, your legal rights and the rights of others; the protection of our business against business risk.
We may also process personal information where we are required to do so to comply with any legal obligations to which we are subject – or where it is necessary to protect our vital interests or the vital interests of anyone else. (As specified in relevant legislation).
Is your data transferred outside of the UK or EU?
One Little Hut is based in the UK, and only accesses your information on devices in the UK. The One Little Hut website is hosted here in the UK. However, my email system (Gmail for Business) and the social media platforms are not all based in the UK/EU. This means that the data you provide may be held outside of the UK/EU – but I have made checks to make sure those companies comply are safe to use, and that they also comply with all the relevant information. (This means they either have server in the UK/EU – or they are part of an agreement called the “Privacy Shield”. I’ve included links to the privacy information for each of them at the end of this document.
How long do we keep data?
How long we keep you data will depend on why we have it. Mostly – it’s not long – we only keep your data as long as we need to answer your query or process your order. If you are a regular customer, we may keep your address or email information longer, so we don’t need to keep asking you every time – but we will ask if that is OK – and you can ask us to remove your details at any time.
We are required to keep our invoices and details of sales etc – which might include your name and address, and sometimes your email address. This is a requirement – should we need to submit information to HMRC. But like everything else we do – that information is kept safe and secure and accessed only by One Little Hut.
Data Protection legislation is in place to help protect your personal information – and give you control over how it is used. It gives you rights associated with your data, the main ones are listed below. They won’t always apply in every circumstance – but we will explain it to you if you choose to exercise any of your rights.
Right to access – you can request copies of any information we hold about you
Right to rectification – If you believe we have any of you details wrong, you can ask us to correct them
Right to Erasure – You can ask us to delete any information we hold about you. This will apply only when we do not have a legal basis to retain that information.
Right to Restrict or Object to Processing – this is controlling exactly what data we hold – you can ask us to stop using certain data or stop carrying out certain processes with your data.
The right to complain to a “Supervisory Authority” – an organisation that oversees Data Protection. This could be the Authority where you live, where you work – or the one for the UK, where we are based, which is the Information Commissioners Office.
As I have already mentioned – where we rely on consent to process your data, you can withdraw that consent at any time.
This website is owned by Emily Parkinson– who can be contacted at firstname.lastname@example.org. Emily is also our data protection officer.
Links to external privacy information
Google G Suite for Business – G-Suite
Instagram is owned by Facebook, so you can find information on those same links