This Privacy Policy describes how www.thepersonalisedchristmascompany.com  (the “Site”, "TPCC" or “we”) collects, uses, and discloses your Personal Information when you visit or make a purchase from the Site.

Your privacy is of the highest importance to us.
But, your trust in us is even more important.
Shop with confidence and feel secure knowing that your information is safe
Have a read below, and feel free to contact us if you still have any questions!

YOUR RIGHTS
The right to be informed about how your personal information is being used by companies.

• The right to access the personal information we hold about you.

• The right to request the correction of inaccurate personal information we hold about you.

• The right to request that we purge your data, stop processing it or collecting it in some circumstances.

• The right to stop direct marketing messages.

• The right to request that we transfer elements of your data either to you or another service provider.

• The right to complain to your country’s data protection regulator — in the UK this is the Information Commissioner’s Office.
  
  
  

WHAT IS GDPR & WHAT DOES IT MEAN TO YOU?
WHAT IS GDPR?
The General Data Protection Regulation (GDPR), which came into force on May 25th, 2018, aims to protect the fundamental right to privacy and the protection of personal data of European Union (EU) citizens. 
This regulation affects any entity (including websites) that processes EU citizens' personal data. Whether or not you or your business is located in the EU, if you have EU site visitors, or if your marketing campaigns target EU citizens, this affects you. 

WHAT DOES GDPR MEAN FOR YOU?
Transparency and communication with your site visitors are key elements of the GDPR. As part of the new regulation, you must let your site visitors know how you collect, store, and use their data, in a clear and transparent way. In addition, you must comply with your site visitors' requests to receive a copy of their data that is processed on your site. 

WHAT TYPE OF INFORMATION DO WE COLLECT?
We receive, collect and store any information you enter on our website or provide us in any other way. In addition, we collect the Internet protocol (IP) address used to connect your computer to the Internet; login; e-mail address; password; computer and connection information and purchase history. We may use software tools to measure and collect session information, including page response times, length of visits to certain pages, page interaction information, and methods used to browse away from the page. We also collect personally identifiable information (including name, email, password, communications); payment details (including credit card information), comments, feedback, product reviews, recommendations, and personal profile.

HOW DO WE COLLECT INFORMATION?
When you conduct a transaction on our website, as part of the process, we collect personal information you give us such as your name, address and email address. Your personal information will be used for the specific reasons stated above only.
Most of the information you, the customer, provide us with happens when you’re engaging with us and our brand. This could be from anything from browsing the site, to purchasing and registering for an account.

WHY DO WE COLLECT SUCH PERSONAL INFORMATION?
We collect such Non-personal and Personal Information for the following purposes:

• To provide and operate the Services;
• To provide our Users with ongoing customer assistance and technical support;
• To be able to contact our Visitors and Users with general or personalized service-related notices and promotional messages;
• To create aggregated statistical data and other aggregated and/or inferred Non-personal Information, which we or our business partners may use to provide and improve our respective services; 
• To comply with any applicable laws and regulations.

HOW DO WE STORE, USE, SHARE AND DISCLOSE OUR SITE VISITORS PERSONAL INFORMATION?
Our company is hosted on the Shopify.com platform. Shopify.com provides us with the online platform that allows us to sell our products and services to you. Your data may be stored through Shopify.com’s data storage, databases and the general Shopify.com applications. They store your data on secure servers behind a firewall. 
All direct payment gateways offered by Shopify.com and used by our company adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.

HOW DO WE COMMUNICATE WITH OUR SITE VISITORS?
We may contact you to notify you regarding your account, to troubleshoot problems with your account, to resolve a dispute, to collect fees or monies owed, to poll your opinions through surveys or questionnaires, to send updates about our company, or as otherwise necessary to contact you to enforce our User Agreement, applicable national laws, and any agreement we may have with you. For these purposes we may contact you via email, telephone, text messages, and postal mail.

HOW CAN OUR SITE VISITORS WITHDRAW THEIR CONSENT?
If you don’t want us to process your data anymore, please contact us at contact@thepersonalisedchristmascompany.com 

WHAT INFORMATION DO WE STORE? 
HOW DO WE ACCESS, STORE & PROCESS YOUR INFORMATION?
LOG INFORMATION
When you use our website or services, we automatically collect and store certain information in our server logs. This information can include details of what you search for, your internet protocol address (IP), device information such as operating system, browser language and date/time of any requests you make

LOCATION INFORMATION
When shopping or engaging with our services we may use your IP address or location services from your device to geo-locate your approximate location. We do this to ensure we’re providing you with a relevant and optimum shopping experience with regards to everything from showing you the correct prices for your country, delivery methods and address options.

LOCAL DEVICE STORAGE
We may collect and store information locally on your device using mechanisms such as browser web storage and application data caches. These techniques are used to ultimately enhance your user experience when shopping with us.

DELIVERY
We, of course use your address and contact data to ensure we can deliver your products to your front door as soon as possible. We will also drop you several emails updating you with the progress of your order. On this, we will also share selected information with our trusted courier partners,so they can also keep you updated on your parcels progress.

MARKETING
If you decide to opt-in we’ll use your info provided to keep you up to date with all our latest news and offers. With your permission, we can contact you via email, text message (SMS) or by post. You can edit your marketing preferences, or choose to opt out at any time.

PAYMENT
We use your card and address information to process your transaction via our third-party payment processors. If when checking out you select the option requesting us to save your card details for future use, we use a secure storage method called tokenisation

FRAUD PREVENTION
To protect our customers and services, we use data to prevent fraud and malicious activity. This includes the use of your Internet Protocol address aka your IP address, device information and address data. This also ensures we meet our legal responsibilities to ensure our business and customers are protected at all times

PURCHASE HISTORY
We get a pretty good idea of what you like, or might like based on what you have purchased before. We use your purchase history as data to show you more stuff you might like

LOGGING IN VIA THIRD PARTY SERVICES
If you decide to log in via third party services, such as Facebook for example, some information must be shared for this to work. Doing this helps you log in faster in future and saves you remembering several passwords at once

CUSTOMER SERVICE
If you ever need to contact us via customer service, we’ll keep a record of your communication to help us in the future with any issues you may have. We may also use this to improve our team and ensure we can answer your questions correctly and efficiently

USER EXPERIENCE
We use cookie information and other technologies to provide a personalised user experience to our customers to give them the best shopping experience possible. This allows us to improve the quality of our services, and provide customers with the most relevant content. We use several automated systems that analyse content to provide customers with personalised search results, promotions and offers

ADVERTISING
We’re pretty big on putting ourselves and our brand out there to keep our customers up to date on our goings on and latest product offering. We do this through advertising. With this, we look to target you, the customer, with our banners and adverts - even when you’re using other websites and services not associated with us. To deliver this content, we use a number of digital marketing networks, as well as several advertising technologies including pixels, ad tags, cookies, device identifiers and web beacons. The adverts you see from us will use some of the information we’re currently holding about you, or pervious information from your use of our services.

SHARING INFORMATION
We take the protection of our customer’s data very seriously, so you can trust we wouldn’t, and don’t, sell or distribute any of your personal data to untrusted third parties. We do, however, share relevant parts of your data with select third parties if they are processing data on our behalf. These are closely selected, monitored and audited companies who assist us in providing our services to you the customer. We call these companies data processors, to help explain what they do we have broken these down to four key categories: 

Companies and/or future companies within The Personalised Christmas Company Limited

Companies that help us and our customers use our services such as payment processors, warehouse team, courier companies and return services.

Service providers that we work closely with to help us run things day to day and provide better experiences to customers. These companies include Google, advertising partners, our website hosting company and various other tools we use such as multi-variant testing etc.

Companies that we feel sure get our customer’s approval. These include social media sites (such as when you login with Facebook), or if you decide to checkout using PayPal when shopping with us.

Any other third parties will not receive your personal identifiable information. They may however get access to anonymized data which we use to identify patterns and market trends.

 

YOUR INFORMATION AND USAGE OUTSIDE OF THE EUROPEAN ECONOMIC AREA(EEA)
Any third parties processing customer data outside of the EEA on behalf of The Personalised Christmas Company must participate in the EU-US and Swiss-US Privacy Shield frameworks. This ensures that companies have a standard for protecting and processing your data. We sometimes provide personal information to third parties to perform services on our behalf. If we transfer personal information to a third party, the third party's access, use, and disclosure of the personal data must also comply with Privacy Shield obligations

If you are a resident of the EEA, you have the right to access the Personal Information we hold about you, to port it to a new service, and to ask that your Personal Information be corrected, updated, or erased. If you would like to exercise these rights, please contact us via email.

Your Personal Information will be initially processed in Ireland and then will be transferred outside of Europe for storage and further processing, including to Canada and the United States. For more information on how data transfers comply with the GDPR, see Shopify’s GDPR Whitepaper: https://help.shopify.com/en/manual/your-account/privacy/GDPR

KEEPING YOUR INFORMATION ON FILE
When it comes to keeping your details on file, we basically hold your personal information for

• As long as you have an account with us.
• As long as it is needed to provide services to you.
• Or as long as it is necessary in order to produce support related activities.
• In certain cases, we may keep hold of some of your information after you have closed your account, or it is no longer needed to provide the services to you. This type of situation may arise if your details are needed to meet legal or regulatory requirements, resolve disputes, prevent fraud and abuse, or enforce our terms and conditions

SAYING NO TO UNWANTED MARKETING MESSAGES
If, at any time, you decide you want us to stop hitting you up via your inbox - this is cool. You can stop receiving any form of marketing messages from us by

• Letting us know via updating your account settings to reflect this new request.
• Clicking on the ‘unsubscribe’ link in any email or text message you receive from us.
• Getting in touch and contacting our customer services team direct.

Once any of the above are actioned, we’ll update your profile. Don’t worry, choosing to stop receiving our marketing messages won’t stop communications with us completely. You’ll still get important updates you need to know about from us with regards to your order(s), we call these ‘service contacts’.

 

COLLECTING PERSONAL INFORMATION
When you visit the Site, we collect certain information about your device, your interaction with the Site, and information necessary to process your purchases. We may also collect additional information if you contact us for customer support. In this Privacy Policy, we refer to any information that can uniquely identify an individual (including the information below) as “Personal Information”. See the list below for more information about what Personal Information we collect and why.

Device information

• Examples of Personal Information collected: version of web browser, IP address, time zone, cookie information, what sites or products you view, search terms, and how you interact with the Site.
• Purpose of collection: to load the Site accurately for you, and to perform analytics on Site usage to optimize our Site.
• Source of collection: Collected automatically when you access our Site using cookies, log files, web beacons, tags, or pixels.
• Disclosure for a business purpose: shared with our processor Shopify.

Order information

• Examples of Personal Information collected: name, billing address, shipping address, payment information (including credit card numbers, log-in information for Google Pay, Apple Pay, PayPal, Klarna and Clearpay), email address, and phone number.
• Purpose of collection: to provide products or services to you to fulfill our contract, to process your payment information, arrange for shipping, and provide you with invoices and/or order confirmations, communicate with you, screen our orders for potential risk or fraud, and when in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services.
• Source of collection: collected from you.
• Disclosure for a business purpose: shared with our processor Shopify, Google Pay, Apple Pay, PayPal, Klarna, Clearpay, Tidio & Royal Mail.

Customer support information

• Examples of Personal Information collected: Including but not limited to names, addresses, log in information, email addresses and payment information.
• Purpose of collection: to provide customer support.
• Source of collection: collected from you.
• Disclosure for a business purpose: via Tidio

 

MINORS
The Site is not intended for individuals under the age of 18. We do not intentionally collect Personal Information from children. If you are the parent or guardian and believe your child has provided us with Personal Information, please contact us to request deletion.

SHARING PERSONAL INFORMATION
We share your Personal Information with service providers to help us provide our services and fulfill our contracts with you, as described above. For example:

• We use Shopify to power our online store. You can read more about how Shopify uses your Personal Information here: https://www.shopify.com/legal/privacy.
• We may share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.

BEHAVIOURAL ADVERTISING
As described above, we use your Personal Information to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For example:

• We use Google Analytics to help us understand how our customers use the Site. You can read more about how Google uses your Personal Information here: https://policies.google.com/privacy?hl=en.You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
• We share information about your use of the Site, your purchases, and your interaction with our ads on other websites with our advertising partners. We collect and share some of this information directly with our advertising partners, and in some cases through the use of cookies or other similar technologies (which you may consent to, depending on your location).

For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.

You can opt out of targeted advertising by:

• FACEBOOK - https://www.facebook.com/settings/?tab=ads
• GOOGLE - https://www.google.com/settings/ads/anonymous
• BING - https://advertise.bingads.microsoft.com/en-us/resources/policies/personalized-ads]

Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at: http://optout.aboutads.info/.

USING PERSONAL INFORMATION
We use your personal Information to provide our services to you, which includes: offering products for sale, processing payments, shipping and fulfillment of your order, and keeping you up to date on new products, services, and offers.

LAWFUL BASIS
Pursuant to the General Data Protection Regulation (“GDPR”), if you are a resident of the European Economic Area (“EEA”), we process your personal information under the following lawful bases:

• Your consent;
• The performance of the contract between you and the Site;
• Compliance with our legal obligations;
• To protect your vital interests;
• To perform a task carried out in the public interest;
• For our legitimate interests, which do not override your fundamental rights and freedoms.

RETENTION
When you place an order through the Site, we will retain your Personal Information for our records unless and until you ask us to erase this information. For more information on your right of erasure, please see the ‘Your rights’ section below.

AUTOMATIC DECISION-MAKING
If you are a resident of the EEA, you have the right to object to processing based solely on automated decision-making (which includes profiling), when that decision-making has a legal effect on you or otherwise significantly affects you.

We engage in fully automated decision-making that has a legal or otherwise significant effect using customer data.

Our processor Shopify uses limited automated decision-making to prevent fraud that does not have a legal or otherwise significant effect on you.

Services that include elements of automated decision-making include:

• Temporary denylist of IP addresses associated with repeated failed transactions. This denylist persists for a small number of hours.
• Temporary denylist of credit cards associated with denylisted IP addresses. This denylist persists for a small number of days.

CONTACT
For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e-mai or by mail using the details provided below:

The Personalised Christmas Company Limited, 61 Bridge Street, Kingston, HR5 3DJ, United Kingdom

Last updated: 1st November 2020

If you are not satisfied with our response to your complaint, you have the right to lodge your complaint with the relevant data protection authority. You can contact your local data protection authority, or our supervisory authority here https://ico.org.uk/make-a-complaint/

If you would like to: access, correct, amend or delete any personal information we have about you, you are invited to contact us at contact@thepersonalisedchristmascompany.com

Here’s when to get in touch..

• If you have any questions or feedback about this notice.
• If you would like us to stop using your information.
• If you want to exercise any of your rights mentioned above.
• If you have a complaint - if you feel we’ve let you down or there’s any areas we could do better, we want to know about it.

PRIVACY POLICY UPDATES
We reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it.