25. November 2018
At The Hebridean Mustard Company, we are committed to your privacy and the protection of your personal data. In this privacy notice, we will inform you about the information about you we collect, how we use this information and how we do so lawfully. If you have any further questions about our privacy practices, please do not hesitate to contact us.
10 Glen Kyles
Isle of Harris
What information do we collect?
We collect your name, address and e-mail address when you place an order with us or when you set up an account in our webshop. We also collect usage data from session cookies and log files. Log files allow us to record visitors' use of our website. Hosting UK, our technology provider for the website, collects log file information from all our visitors, with which we continuously check to optimize our website and make it as user-friendly as possible. Log files do not contain personally identifiable information.
How do we use personal information?
When you place an order with us, we use your personal information to set up and manage your account with us, process your order, notify you of the status of your order and ship the goods to you, and to contact you in case of any questions we have.
The legal basis we have for processing your personal data
When you place an order with us, we use your personal data because you have entered into a contract with us for the sale of goods.
When you have set up an account in our webshop we use your personal data because you have provided your consent.
When do we share personal data?
We pass on your personal data exclusively to third parties in connection with the processing of your order (e.g. forwarding agent and tax consultant) - all within the framework of the statutory provisions.
Processing of your personal data
We will store your personal data securely on our computer systems with strict access controls.
Under the GDPR (General Data Protection Regulation) we control and/or process any personal information about you electronically using the following lawful bases.
- We are exempt from registration in the ICO Data Protection Register because we are only processing personal data for core business purposes.
- Lawful basis: Consent
The reason we use this basis: to offer you an account for easy ordering, managing orders and questions and enquiries.
We process your information in the following ways: stored in our database on the server and using it for sending e-mails while answering questions and enquiries.
Data retention period: We will continue to process your information under this basis until you withdraw consent or it is determined your consent no longer exists.
Sharing your information: We do not share your information with third parties.
- Lawful basis: Contract
The reason we use this basis: to process your orders, deliveries and payments or refunds
We process your information in the following ways: stored in the database on the server and in our local database
Data retention period: We shall continue to process your information until the contract between us ends or is terminated under any contract terms
Sharing your information: We do share your personal information with third parties and they include; Royal Mail, DPD, Parcel Force, PayPal, Stripe, Bank of Scotland
- Lawful basis: Legal obligation
The reason we use this basis: to process your orders and payments and provide access data in case of legal authorities interests
We process your information in the following ways: printed on invoices and kept as PDF and access data on our server
Data retention period: 7 years
Sharing your information: We do share your personal information with third parties and they include; accountants, HMRC and tax authorities and legal authorities on special demand
- Lawful basis: Vital interests
We process your information in the following ways: collecting statistics about our client's behaviour and storing them in the database on our server
Data retention period: 3 years
Sharing your information: We do not share your information with third parties
If, as determined by us, the lawful basis upon which we process your personal information changes, we will notify you about the change and any new lawful basis to be used if required. We shall stop processing your personal information if the lawful basis used is no longer relevant.
Your individual rights
Under the GDPR your rights are as follows. You can read more about your rights in detail here;
- the right to be informed;
- the right of access;
- the right to rectification;
- the right to erasure;
- the right to restrict processing;
- the right to data portability (in some cases);
- the right to object; and
- the right not to be subject to automated decision-making including profiling.
You can always access your data, download a copy and demand for sending you a copy through your shop account. If you haven't set up a password just go for "forgot password" at the login and provide your e-mail address and you will be sent an e-mail to set/reset your password.
You also have the right to complain to the ICO [www.ico.org.uk] if you feel there is a problem with the way we are handling your data.
We handle subject access requests in accordance with the GDPR.
Some cookies are required to enjoy and use the full functionality of this website.
Cookies that we use are;
Necessary cookies and modules are vital for the functionality of this shop like e.g. the shopping cart. You won't be able to disable them.
"Concrete5" (shopping cart)
This provides and keeps the products inside your shopping cart. Deactivating this cookie would stop permitting the orders. This cookie doesn't save any personal Data about any shop client.
Cookies make sure to enable/disable cookies of your choice.
Preferences cookies are used for the shop's functionality like the shopping cart or login status. By disabling them you may not be able to order and/or login into your account!
Enables you to pay by credit/debit card. Disabling this cookie will mean you would be able to pay by bank transfer only.
The data is kept save inside the back-office, and serve solely as statistical data for improving our services and products.
A Shop Cookie, which saves data about orders, carts, locations, OS or e.g. browser type of our clients.
Use of automated decision-making and profiling
We do not use profiling or automated decision-making processes.
We use Google Analytics for aggregated, anonymized website traffic analysis. In order to track your session usage, Google drops a cookie
(_ga) with a randomly-generated ClientID in your browser. This ID is anonymized and contains no identifiable information like email, phone number, name, etc. We also send Google your IP Address. We use GA to track aggregated website behaviour, such as what pages you looked at, for how long, and so on. This information is important to us for improving the user experience and determining site effectiveness. If you would like to access what browsing information we have - or ask us to delete any GA data - please delete your
_ga cookies, reach out to us via this form, and/or install the Google Analytics Opt-Out Browser Add-On."
Social Media Platforms
All communication and engagement we undertake through external social media platforms will adhere to the terms and conditions as well as the privacy policies held with those social media platforms.
Data security and protection
We ensure the security of any personal information we hold by using secure data storage technologies and precise procedures in how we store, access and manage that information. Our methods meet the GDPR compliance requirement.
Transparent Privacy Explanations
We have provided some further explanations about user privacy and the way we use this website to help promote a transparent and honest user privacy methodology.