PRIVACY POLICY
Privacy Notice
Last updated: 6 February 2019
At Coresteady, we understand that your privacy is important to you and that you care about how your information is used and shared online. We respect and value the privacy of everyone who visits our site and will only collect and use information in ways that are useful to you and in a manner consistent with your rights and Our obligations under the law. This Privacy Notice, inclusive of our General Terms of Service, explains what personal data we collect, how we use your personal data, reasons we may need to disclose your personal data to others and how we store your personal data securely. For clarity, Coresteady may be both data controller and data processor for your personal data under certain circumstances. We must advise that this policy is subject to change, so please check our website on a regular basis for any further changes.
Data Protection law changed on 25 May 2018
This Privacy Notice sets out your rights under the new laws.
Who are we?
Coresteady is a fitness brand and online retailer, based in London, England. Coresteady have a registered office at Kemp House, 160 City Road, London, EC1V 2NX and company number 10252802. Richard Stephens is the registered Data Protection Officer for Coresteady.
How the law protects you
Data protection laws state that we are only able to process personal data if we have valid reasons to do so. The reasons we process your personal data include, but not limited to, your consent, performance of a contract, billing and to contact you.
How do we collect personal data from you?
We receive information about you from you when you use our website, complete forms on our website, if you contact us by phone, email, live-chat or otherwise in respect of any of our products and services or during the purchasing of any such product. Additionally we also collect information from you when you sign up, enter a competition, promotion or survey or when you inform us of any other matter. If you provide us with personal data about a third party (for example when registering a domain on their behalf), you warrant that you have obtained the express consent from the third party for the disclosure and use of their personal data. Your personal data may be automatically collected when you use our services, including but not limited to, your IP address, device-specific information, server logs, device event information, location information and unique application numbers.
What type of data do we collect from you?
The personal data that we may collect from you includes your name, address, email address, phone numbers, payment information and IP addresses. We may also keep details of your visits to our site including, but not limited to traffic data, location data, weblogs and other communication data. We also retain records of your queries and correspondence, in the event you contact us. Please be aware that any video, image, or other content posted, uploaded or otherwise made available by you onto your website, whether published content or not, is not subject to our Privacy Notice. We merely process such data on your behalf, subject to our Terms and Conditions and you are responsible for any applicable legal requirements in respect of your content.
How do we use your data?
We use information about you in the following ways: To process orders that you have submitted to us; To provide you with products and services; To comply with our contractual obligations we have with you; To help us identify you and any accounts you hold with us; To enable us to review, develop and improve the website and services; To provide customer care, including responding to your requests if you contact us with a query; To administer accounts, process payments and keep track of billing and payments; To detect fraud and to make sure what you have told us is correct; To carry out marketing and statistical analysis; To review job applications; To notify you about changes to our website and services; To provide you with information about products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes; and To inform you of service and price changes. Retention periods We will keep your personal data for the duration of the period you are a customer of Coresteady. We shall retain your data only for as long as necessary in accordance with applicable laws. On the closure of your account, we may keep your data for up to 7 years after you have cancelled your services with us. We may not be able to delete your data before this time due to our legal and/or accountancy obligations. We may also keep it for research or statistical purposes. We assure you that your personal data shall only be used for these purposes stated herein.
We envisage asking for the following types of information from you:
|
Information type |
Purpose and related details |
Justification |
|
Payment details (credit/debit card number, expiry date, security code, billing address) |
· We ask for this to process your payment. · We intend to share this data with Shopify Inc. so that they can process the payment for us. They will be processing the data for purposes that they determine. · This data may be transferred to the US, and the receiving entity is registered with the EU-US Privacy Shield. |
· It's necessary for the performance of a contract with you. |
|
Contact information (address, phone number, email address) |
· We ask for this to fulfil your order, tell you about special offers, help display appropriate advertising on the website and verify your identity when you contact us. · We intend to share this data with Amazon Services Europe, its assignees and affiliates so that they can deliver the item that you've purchased. They will be processing it for our purposes, under our directions. · This data may be transferred to the US, and the receiving entity is registered with the EU-US Privacy Shield. |
· It's necessary for the performance of a contract with you. |
Who has access to your personal data?
We process your data for administration, billing, support and the provision of goods and services. Your data (Registrant) may be sent to the domain registrar outside of the EEA. Additionally, to provide customer domain and connection details to the service. Your data is sent to third party suppliers both within and outside of the EEA.
Third Parties
For the avoidance of doubt, we do not and never shall sell your personal data to third parties for marketing or advertising purposes. We work closely with a number of third parties (including business parties, service providers and fraud protection services) and we may receive information from them about you. These third parties may collect information about you including, but not limited to, your IP address, device-specific information, server logs, device event information, location information, and unique application numbers. We use their features within our website, however, in some instances, they may be acting as data controller and they will have their own privacy policies, which we advise you to read. We may pass your personal data to third parties for the provision of services on our behalf (for example processing your payment). However, we will only ever share information about you that is necessary to provide the service and we have specific contracts in place, which ensure your personal data is secure and will not be used for any marketing purposes. We may share your information if we are acquired by a third party and therefore your data will be deemed an asset of the business. In these circumstances, we may disclose your personal data to the prospective buyer of our business, subject to both parties entering into appropriate confidentiality undertakings. Similarly, we may share your personal data if we are under a duty to disclose data in order to comply with any legal obligation or to protect the rights, property, or safety of Coresteady, our customers, or others. This includes but is not limited to exchanging information with other companies and organisations for the purposes of fraud protection, credit risk reduction and dispute policies. However, we will take steps with the aim of ensuring that your privacy rights continue to be protected. Your rights In preventing the use or processing of your personal data, it may delay or prevent us from fulfilling our contractual obligations to you. It may also mean that we shall be unable to provide our services or process the cancellation of your service. You have the right to object to our use of your personal data, or ask us to delete, remove or stop using it if there is no need for us to keep it. This is known as your right to be forgotten. There are legal and accountancy reasons why we will need to keep your data, but please do inform us if you think we are retaining or using your personal data incorrectly. Our Privacy Notice shall be made clear to you at the point of collection of your personal data. You can also make choices about Coresteady’s collection of your data and how we use it. You have the right to ask us not to process your personal data for marketing purposes. We will not contact you for marketing purposes unless you have given us your prior consent. You can change your marketing preferences at any time by sending an email to support@coresteady.com.
Accessing and updating your data
You must maintain the accuracy of your information and ensure all your details, including but not limited to, name, address, title, phone number, email address and payment details are kept up to date at all times. You must do this by updating your personal details within the order details page on our website https://www.coresteady.com. You have the right to access the information we hold about you. Please email your requests to support@coresteady.com so that we can obtain this information for you.
Cookies
Here is a list of cookies that we use. We’ve listed them here so you that you can choose if you want to opt-out of cookies or not.
_session_id, unique token, sessional, Allows Shopify to store information about your session (referrer, landing page, etc).
_shopify_visit, no data held, Persistent for 30 minutes from the last visit, Used by our website provider’s internal stats tracker to record the number of visits
_shopify_uniq, no data held, expires midnight (relative to the visitor) of the next day, Counts the number of visits to a store by a single customer.
cart, unique token, persistent for 2 weeks, Stores information about the contents of your cart.
_secure_session_id, unique token, sessional
storefront_digest, unique token, indefinite If the shop has a password, this is used to determine if the current visitor has access.
PREF, persistent for a very short period, Set by Google and tracks who visits the store and from where.
_ga, allows Google Analytics to distinguish users over a 2 year period.
_gid, allows Google Analytics to distinguish users over a 24 hour period.
Links to other sites
Coresteady may provide links to third party sites. Since we do not control those websites, we encourage you to review the privacy policies of these third party sites. Any information that is supplied on these sites will not be within our control and we cannot be responsible for the privacy policies and practices of these.
Where we store your personal data
We follow accepted ISO standards to store and protect the personal data we collect, including the use of encryption if appropriate. All information you provide to us is stored on our secured servers within the EEA. From time to time, your information may be transferred to and stored in a country outside the EEA in relation to provision of the services. The laws in these countries may not provide you with the same protection as in the EEA; however, any third party referred to above outside of the EEA has agreed to abide by European levels of data protection in respect of the transfer, processing and storage of any personal data. By providing your data to us, you agree to this transfer and storage. However, we will ensure that reasonable steps are taken to protect your data in accordance with this privacy notice. As the transmission of information via the internet is not completely secure, we cannot guarantee the security of your data transmitted to our site and any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. Any sensitive data (payment details for example) are encrypted and protected. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping the password confidential. We ask you not to share a password with anyone. Liability we agree to take reasonable measures to protect your data in accordance with applicable laws and in accordance with our General Terms and Conditions.
Data Breaches
In the event of a data breach, we shall ensure that our obligations under applicable data protection laws are complied with where necessary.
Do Not Track
Please note that we do not alter our Site’s data collection and use practices when we see a Do Not Track signal from your browser.
Your Rights
If you are a European resident, you have the right to access personal information we hold about you and to ask that your personal information be corrected, updated, or deleted. If you would like to exercise this right, please contact us through the contact information below. Additionally, if you are a European resident we note that we are processing your information in order to fulfill contracts we might have with you (for example if you make an order through the Site), or otherwise to pursue our legitimate business interests listed above. Additionally, please note that your information will be transferred outside of Europe, including to Canada and the United States.
Your right to make a complaint
You have the right to make a complaint about how we process your personal data to the Information Commissioner: https://ico.org.uk/concerns/ Information Commissioner's Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF Tel: 0303 123 1113
Shopify
Our store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you. Your data is stored through Shopify’s data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall. You can read more about how Shopify uses your Personal Information here: https://www.shopify.com/legal/privacy.
Analytics
We also use Google Analytics to help us understand how our customers use the Site -- you can read more about how Google uses your Personal Information here: https://www.google.com/intl/en/policies/privacy/. You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
Behavioural Advertising
We may use your personal data to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.
You can opt out of targeted advertising by using the links below:
- Facebook: https://www.facebook.com/settings/?tab=ads
- Google: https://www.google.com/settings/ads/anonymous
- Bing: https://advertise.bingads.microsoft.com/en-us/resources/policies/personalized-ads
Security
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
Contact us
For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e‑mail at dataprotection@coresteady.com or by mail using the details provided below:
Coresteady
[Re: Privacy Compliance Officer]
Kemp House
160 City Road
London
EC1V 2NX
United Kingdom