What we do with your information
At Oakdene Designs we recognise that data protection and security is a major concern in today’s digital world. That is why at Oakdene Designs we are committed and comply with the Data Protection Act 1998 as well as the General Data Privacy Regulation (GDPR) and publish this information so you can understand how we collect information from you and for whom such information is disclosed and what your rights are.
How we use your information
- Process your orders, notify you of your order status and inform you of any promotions or special offers.
- Manage your account.
- Administer this website
- Monitor customer journey patterns and site usage to help and develop the functionality and layout of this website.
- Notify you of the enhancements to our services, such as updates to our website and special offers or promotions. We may contact you by mail, telephone or email from Oakdene Designs which is a trading name for Oakdene Products LTD
- Email marketing (if applicable): With your permission, we may send you emails about our store, new products, and other updates only if you have opted in.
Circumstances in which we may share data with others
- If we are requested by law to disclose your personal information we may do so.
- Third Party Providers (See Below)
In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.
However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies with respect to the information we are required to provide to them for your purchase-related transactions.
For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.
In particular, remember that certain providers may be located in or have facilities that are located in a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
How we protect your information
We take every precaution necessary to ensure that your data is kept safe and secure. As our store is hosted by Shopify Inc. They store your data on a secure server, behind a firewall in a safe environment. They provide us with the online e-commerce platform that allows us to sell our products and services to you.
We use Shopify as our e-commerce platform because they meet all six categories of PCI DSS standards (Payment Card Industry Data Security Standard)
- Maintain a secure network
- Maintain a Vulnerability Management Program
- Regularly Monitor and Test Networks
- Protect Cardholder Data
- Implement Strong Access Control Measures
Maintain an Information Security Policy
We use SSL (Secure Socket Layer) encryption technology for the protection of information in transit for sensitive transactions such as payments.
We do not store or process your card details ourselves, they are processed and stored via one of our contract third-party providers (see below).
Shopify Payments powered by Stripe (Visa, MasterCard, American Express)
Accelerated Payments via Shopify Payments (Shopify Pay, Apple Pay, Andriod Pay)
Paypal Express Checkout
Only Employees and any third party service providers who need the information to perform a specific task are granted access to personally identifiable information.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
You acknowledge that the internet is not a completely secure medium for communication and, accordingly, we cannot guarantee the security of any information you send to us (or we send to you) via the internet. We are not responsible for any damages which you, or others, may suffer as a result of the loss of confidentiality of such information.
We will only retain personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period of for personal data, we consider all factors and the potential risk of harm of unauthorised access and our legal regulatory obligations.
For example, details of your order will be kept for as long as we need to retain that data to comply with our legal and regulatory requirements. This is generally 7 years unless the law prescribes a longer / shorter period.
In regards to the photo products we sell we will request photos at the time of purchase. These will be stored on the Marketplaces Servers (Shopify, NOTHS, Next, Etsy). At the point of personalising and making your order, they are downloaded for the sole purpose of creating your photo product. They are then locally stored on our highly encrypted server with a secondary firewall in place for up to three months to cover any replacement, reprints, and proofs requested by yourself. After this time they are permanently deleted from our servers. The original images will still be stored on the marketplaces servers in accordance with regulatory and legal obligations.
You are entitled to request the following for Oakdene Designs, these are called your Data Subject Rights and there is more information on these on the information Commissioners website www.ico.org.uk
- Right of access - to request access to your personal information and information about how we process it
- Right to rectification - to have your personal information corrected if it is inaccurate and to have incomplete personal information completed
- Right to be forgotten - to have your personal information erased. Please contact firstname.lastname@example.org
- Right to restriction in processing - to restrict processing of your personal information
- Right to data portability - to electronically move, copy or transfer your personal information in a standard form
- Right to object - to object to the processing of your personal information
- Rights with regards to automated individual decision making, including profiling - rights relating to automated decision making, including profiling
If you have any questions about your rights or the need to exercise them please contact email@example.com
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your rights to access your personal data (or to exercise any other rights). This is a security measure to ensure that your personal data is only disclosed to a person who has the right to receive it. We may ask for further information in order to speed up a request made by you.
When you click on links on our store, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
We may need to update this Policy at any time and without notice and where we do this we will notify you by including pop up boxes on our website and/or emailing our customers. This policy was last updated on 24th May 2018
If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information.
Please contact our Privacy Compliance Officer
[RE: Privacy Compliance Officer]
14 Fairlawn Enterprise Park