INTRODUCTION
At tinytags.co.uk, we prioritise safeguarding your privacy. Our privacy notice informs you about the collection and processing of your personal data when using our website. It encompasses the information you provide during purchases, newsletter sign-ups, and participation in prize draws or competitions. We are dedicated to upholding the security and confidentiality of your personal information ensuring compliance with applicable data protection laws and regulations.
Emails and other messaging services are not completely secure, therefore please do be careful when sending us personal and sensitive information by email or or other messaging services/apps such as Facebook Messenger or WhatsApp.
When setting up an account with tinytags, we recommend that you create a strong password. This should contain 11 to 16 characters using a mix of letters, numbers and special characters.
WHO ARE WE?
Hi I’m Katie and I run tinytags. .
I am the data controller. This means that I am responsible for your personal information in accordance with data protection laws and regulations from the EU and UK.
Contact via email: [email protected]
WHAT INFORMATION DO WE COLLECT
Contact information: This includes your name, address, phone number, and email address.
Payment data: When making purchases, we collect payment-related information such as the payment method used, payment details, and other relevant transaction information. It’s important to note that tinytags does not store credit or debit card information, as this is handled by banking systems.
Record of products bought and sales information: We maintain a record of the products you have purchased from us, along with related sales information.
Website usage data: We gather website usage data through Google Analytics. This information includes site visits, IP addresses, pages visited, time spent on each page, engagement with videos, actions such as newsletter requests, and other on-page interactions. For more details on how Google Analytics is used, please refer to our Cookie Policy.
Email addresses, sales information, and preferences: We may collect your email address along with associated sales information and preferences to effectively communicate with you and tailor our offerings to your needs.
Social media addresses and information: If you choose to connect with tinytags through social media platforms, we may collect your social media addresses and relevant information to facilitate interactions and provide a personalised experience.
This personal information is handled in accordance with applicable data protection laws and regulations.
HOW WE COLLECT YOUR PERSONAL DATA
We value your feedback and reviews, as they help us improve our services. If you choose to provide us with feedback, reviews, creative ideas, suggestions, through our website, email, postal mail, or any other means, you agree that we have the right to use, such content in any medium, without any compensation to you.
In addition to the data you provide directly, we may also receive data from third-party sources. This includes analytics and information providers like Google & Facebook, as well as our payment service provider, and delivery service providers.
MARKETING
We process your personal data for the purpose of sending you marketing communications based on your consent. We do not currently contact customers via SMS.
In accordance with the Privacy and Electronic Communications Regulations, we may send you marketing communications if you have either made a purchase or requested information about our products or services. Additionally, if you have previously agreed to receive marketing communications from us and have not opted out since then, we may continue to send you such communications. You always have the option to unsubscribe from receiving marketing emails from us at any time.
We prioritise the protection of your personal data and do not share it with any third parties for their own marketing purposes.
SHARING YOUR DATA
Service providers: We may disclose your personal data to service providers who assist us with IT and system administration services to ensure the smooth operation of our systems.
We hold all third parties to whom we transfer your data accountable for respecting the security and confidentiality of your personal data. They are only permitted to process your personal data for specified purposes and in accordance with our instructions, ensuring compliance with applicable laws and regulations.
DATA SECURITY
To safeguard your personal data, we have implemented security measures to prevent accidental loss, unauthorised access, alteration, disclosure, or misuse. Access to your personal data is granted solely to employees and partners who have a legitimate business need to access such information. They are bound by confidentiality obligations and will process your personal data strictly in accordance with our instructions.
DATA RETENTION
We will retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including any legal, accounting, or reporting obligations.
After a period of 5 years we anonymise personal data or delete it. Once anonymised the data cannot identify any ‘natural person’ and as such falls out of the scope of data protection laws and regulations.
We may anonymise your personal data for research or statistical purposes.
We keep a suppression file for those who have withdrawn their consent to direct marketing. This is a legal requirement under the Data Protection Act 2018. This is required so that we do not inadvertently contact you if you have asked us not to do so.
THIRD-PARTY LINKS
Our website may contain links to third-party websites, applications and plug ins. By clicking on those links or enabling such connections, you may allow third parties to collect or share data about you. It is important to note that we do not have control over these third-party websites and cannot be held responsible for their privacy practices or statements. Therefore, we strongly recommend that you review the privacy notice of every website you visit when leaving our site.
YOUR LEGAL RIGHTS
Under data protection laws you have rights in relation to your personal data that include the right to request access to the information we hold about you.
This is known as a Subject Access Request or SAR. You can request a copy of the personal information that we hold about you.
This gives you the right to the following information:
Confirmation that we are processing your personal data
A copy of that personal data
Clarification of the information contained in this privacy notice.
We may need to ask for information from you to confirm your identity.
This will be provided to you within 30 days, unless there are exceptional circumstances, and be supplied in an electronic format.
Transferring Data out of the EU/EEU
We may in certain circumstances transfer, store or process your data outside of the EU/EEA. We will take all reasonable steps to ensure that your data is treated securely and in accordance with our privacy policy and that the transfer and processing complies with the GDPR and other data protection laws and regulations.
For transfers to the USA, these will be made in accordance with the Privacy Shield agreement between the EU and USA. For example, we currently use Mail Chimp as our email service provider and Woo Commerce as a payment provider, both are based in the USA and are registered with the Privacy Shield scheme.
Any questions?
If you have any questions relating to this Privacy Notice, please contact us at [email protected]