Data Processors

Data processors and the information we share

As part of our policy to provide you with and open and transparent overview of what information we hold, we have listed the companies we work with. Below is a list who we share your information with to help provide our service to you and what that information is.

MailChimp

Why we use them

If you consent and opt-in to allow us to send you marketing communications, we use MailChimp to send those e-mails and to track who opens and what is clicked within those e-mails.

What we share

We maintain a list of e-mail addresses and keep a list of those e-mail addresses in Mailchimp. When you click on a link that information will be stored, and we will use that information to help us provide you with similar offers.

What safeguards are in place?

Information may be sent out of the EU for processing. MailChimp has self-certified to both the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield regimes and lawfully transfers EU/EEA personal data to the U.S. pursuant to our Privacy Shield Certification. We also complete a SOC II Type 2 examination on an annual basis for the Trust Principal Criteria of Security, Processing Integrity, Confidentiality, and Availability.

https://mailchimp.com/legal/privacy/

Mandrill

Why we use them

When you place an order, we will send you updates on your order status through Mandrill. Mandrill will log when you open or click on a link within the e-mail. These are transactional e-mails we send to ensure you are kept in informed. If you contact us through our customer care links our reply will go through Mandrill.

What we share

We will share your e-mail address and name along with any content that was sent to you. E-mails sent this way are retained for 30 days for audit purposes and to allow us to re-send them if requested.

What safeguards are in place?

As Above. Mandrill is now a part of MailChimp.

Stripe

Why we use them

We use STRIPE to process your payment if you opt to pay by card or Apple pay.

What we share

In order to identify you and to process your payment whilst making appropriate checks for fraud we send STRIPE your name, address, e-mail and billing address details and your transaction number. We use a secure method of sending them your card number, expiry dates and CVV that we cannot access and do not store. We do keep a token that relates to your transactions in order to verify payment.

What safeguards are in place?

Information may be transferred outside the EU.

Stripe has certified to the EU-US and Swiss-US Privacy Shield for this reason. Stripe’s Privacy Shield certification is here, and our Privacy Shield Policy here. For more information, please visit Stripe’s EU data transfer support page here.

PayPal

Why we use them

We use PayPal to process payments

What we share

We send PayPal your name and delivery address. And the amount we need to charge you. As you sign in to their systems as they handle all of the payment we do not need to send any other information.

What safeguards are in place?

Information may be passed outside the EU. Further information can be found at: https://www.paypal.com/uk/webapps/mpp/ua/privacy-full

Trustpilot

Why we use them

If you consent and opt to receive Trustpilot invitations, you will receive an e-mail invitation to review our service.

What we share

We will send them only what they need to contact you, your name and e-mail address along with the transaction number so that we can confirm that your review is a genuine review.

What safeguards are in place?

Information may be transferred outside the EU. Only the minimum amount of information required to provide the service you ask for is transferred. Further details available at: https://support.trustpilot.com/hc/en-us/articles/360000306528--How-do-we-protect-your-data-

Google

Why we use them

When you visit our website Google use cookies identify you and see what it is you look for on our website. We use this to see what people find interesting about our site so we can improve the services and products we offer.

What we share

Using this website will result in small data files being stored on your computer. These are known as cookies. Most websites do this.

We use cookies for:

· Remembering settings, so you won’t have to re-complete an entire form if there is a mistake.

· Measuring how our website is used so we can improve your experience (see Google Analytics below).

· Our cookies aren’t used to identify you personally. You can manage and/or delete them as you wish, refer to your web browsers help documentation and settings for details on how to do this, the information is usually found under privacy/security settings.

What safeguards are in place?

Google may transfer data outside the EU. They are committed to the highest levels of data security. Further details can be found at: https://privacy.google.com/businesses/compliance/#?modal_active=none

DPD

Why we use them

We use DPD to deliver your order to you.

What we share

In order to do this, we share your name and address along with your transaction number. We will also send them your contact details including e-mail and mobile telephone number to allow you to track your deliveries

What safeguards are in place?

DPD have high levels of security. Further details of their information security policy can be found at http://www.dpdlocal.co.uk/gdpr.pdf

Microsoft

Why we use them

We use some Microsoft services to provide the services you request. If we contact you or you contact us via e-mail then this information will be stored on Microsoft server computers.

What we share

This may include your name and address, your e-mail address and other contact details such as telephone number along with sensitive personal information in the content of the e-mail. We have a retention policy which says we will not keep e-mails longer than is necessary.

What safeguards are in place?

Microsoft may send information outside the EU. Microsoft has extensive expertise in protecting data, championing privacy, and complying with complex regulations, and currently complies with both EU-U.S. Privacy Shield privacy and EU Model Clauses. We believe that the GDPR is an important step forward for clarifying and enabling individual privacy rights. We want to help you focus on your core business while efficiently preparing for the GDPR.

Royal Mail

Why we use them

We use Royal Mail to deliver your order to you.

What we share

In order to do this, we share your name and address along with your transaction number. If you opt to receive order updates we will also send them your contact details including e-mail and mobile telephone number.

What safeguards are in place?

Royal Mail Group may need to transfer personal information about customers to third parties located outside the UK. If we do, we will ensure that information is protected to a level which meets the requirements of UK law. https://www.royalmail.com/privacy-policy

Freshdesk

Why we use them

We use Freshdesk to help with our contact management. Our e-mails, live chat, twitter and Facebook contacts are run through Freshdesk.

What we share

The information held includes your name and contact details including e-mail address and location along with the content of any communication we have with you, which may include sensitive information. In addition, we may supplement this information with notes we make to help process your order.

What safeguards are in place?

Freshworks, Inc. participates in and has certified its compliance with the EU-U.S. and Swiss-US Privacy Shield Framework. Freshworks, Inc. is committed to subjecting all personal data received from European Union (EU) member countries and Switzerland, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List [https://www.privacyshield.gov/list].

Algolia

Why we use them

We use Algolia to support our online search functionality.

What we share

We pass through limited details such as name and contact details which are indexed and stored in Algolia’s systems. We do not send any sensitive personal information.

What safeguards are in place?

Algolia, Inc. is a USA based company with subsidiaries in France and UK operating our services globally in more than 15 regions. Your data primarily stay in regions where you decide your data to reside. Logs of search queries and operations can be processed outside of the EU but always stay in a system respecting privacy and security.https://www.algolia.com/security

Amazon

We use Amazon servers to keep all of your data and to process that information in order to deliver the services you request from us. Our servers use the highest levels of security available including encryption at rest, London based servers using DMZ and encryption of data in transit using SSL.

The personal data we hold is:

Account details

Name, Addresses, E-mail, Gender, Date of Birth, Telephone number.

Order details

Status of order, internal notes relating to your order, the content of your order, how much you paid, delivery tracking details, IP address, any data passed back from payment providers, any information we needed to collect to verify your order.

Options

If you opt-in to receive different types of communication.

Notes

Relating to your order including any communication we have had with you, this may include sensitive information.

Partner orders

As above.