Privacy Policy


Due to new regulations which apply specifically to EU customers, I need to provide you with far more information on this subject than I used to. Let it be said that your privacy, wherever you may live, is a top concern of mine. Nevertheless, I thought I would start with the easy, more general version, and work up to the tough stuff ... 


HERE'S THE SHORT & SWEET VERSION: Your privacy is very important to me. Any information you submit for the purposes of making a purchase are confidential and private. Credit cards are processed securely so that I, as the seller, never see card numbers or other sensitive data. 

 

I run my business from Des Moines, Iowa in the United States, and my host site, SupaDupa, is in England.  I will take your order and send it out directly from my home in Iowa. Be reassured that both I and SupaDupa are bound by laws which protect your privacy. 

 

If you choose to sign up for my customer e-mail list, I always treat your sign-up information as confidential and privileged. I do not, and will never engage in buying or selling customer lists. You may opt out of the list or change your e-mail settings at any time.  

 

For any further comments or questions, please contact me.


HERE'S THE HOLY-MOLY CONVOLUTED REALLY LONG VERSION: 

The following is provided in compliance with the General Data Protection Regulation (GDPR) which goes into effect May 25, 2018.
 
1. Introduction
This Privacy Notice explains in detail the types of personal data we may collect about you when you interact with us.
It also explains how we’ll store and handle that data, and keep it safe.

 
We know that there’s a lot of information here, but we want you to be fully informed about your rights, and how we uses your data. We hope the following sections will answer any questions you have but if not, please do get in touch with us.

 

2. The legal bases we rely on
The law on data protection sets out a number of different reasons for which a company may collect and process your personal data, including:
 
Consent
In specific situations, we can collect and process your data with your consent.
For example, when you tick a box to receive email newsletters.

 

By using our website or submitting any Personal Information, you consent to the collection, transfer, storage, disclosure, and use of your Personal Information in the manner set out in this Privacy Policy. If you do not consent to the use of your Personal Information in these ways, please stop using this website.
 
Contractual obligations
In certain circumstances, we need your personal data to comply with our contractual obligations.

 

For example, if you order an item from us for home delivery, we’ll collect your address details to deliver your purchase, and pass them to our courier.
 
Legal compliance
If the law requires us to, we may need to collect and process your data.

 

For example, we can pass on details of people involved in fraud or other criminal activity to law enforcement.
 
Legitimate interest
In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests.

 

For example:

  • We may use your purchase history to send you personalised offers. 
  • We also combine the shopping history of many customers to identify trends and ensure we can keep up with demand, or develop new products/services.
  • We will also potentially use your address details to send you direct physical marketing by post covering products and services that we think might be of interest to you.

 

3. Security
We take the utmost care and take all appropriate steps to protect your data.
We use industry best practices to keep any information collected and/or transmitted secure. This includes the use of HTTPS with TLS (Transport Layer Security), which encrypts all transmitted data. All transactional areas of our websites operate as secure access only, using HTTPS technology and follow all guidelines from our payment gateway providers.

 

Our website is hosted and operated by SupaDupa (SupaDupa.me) who regularly monitor their systems for possible vulnerabilities and attacks, and carry out regular testing to identify ways to further strengthen security.


 
4. When do we collect your personal data?

  • When you visit our websites and purchase products or services.
  • When you make an online purchase.
  • When you engage with us on social media.
  • When you contact us by any means with queries, complaints etc.
  • When you choose to complete any surveys we send you. 
  • When you enter prize draws, competitions or sign up to our mailing list.

 

5. How long do we keep your data?
Whenever we collect or process your personal data, we’ll only keep it for as long as is necessary for the purpose for which it was collected.

 

When you place an order, we’ll keep the personal data you give us for at least five years so we can comply with our legal and contractual obligations. In the case of certain products, such as electrical items, we may need to keep the data for at least 10 years for waranty and other legal purposes. At the end of that retention period, your data may be retained, deleted completely or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.
 

6. How and why do we use your personal data
We use your personal data for the following general purposes: To process any orders that you make through website.
We will need to collect some personal data from you during the checkout process. The data we require may include - but not limited to - your name, delivery details, phone number, email address, billing information including billing name and address, credit card number, among other personal data.
 
To comply with legal obligations
To be able to provide some of our products and services to you, we may be required by law to request and hold some personal data.
 
Additionally, we may use the order details to:

  • Communicate with you​
  • Screen our orders for potential risk or fraud
  • When in line with the preferences you have shared with us, provide you with information or advertising relating to additional products or services that might be of interest to you.

 

You can opt out of providing this additional information by simply not entering it when asked or you could stop using this website.


To better understand how visitors use our website
We may also collect other information regarding your use of the Website.

 

We collect and use certain information from your computer or mobile devices to monitor the activities and performance, and more generally to improve and optimize our website (for example, by generating analytics about how our customers browse and interact with the site).

 

Remember, if you choose not to share your personal data with us, or refuse certain contact permissions, we might not be able to provide you with the products or services you have asked for.
 

7. The data we receive or collect
When you use this website, place orders or communicate with us, we collect some personal data about you such as:

 

  • First name and Last name
  • Email address 
  • Shipping & delivery address
  • Your billing details and any necessary other information to complete any financial transaction. When making purchases through the checkout, we may also collect your credit card or PayPal information
  • Your IP Address and, when applicable, timestamp related to your consent and confirmation of consent
  • The geographic area where you use your computer and mobile devices
  • other information submitted by you through various methods (phone, email, online forms, surveys, in-person meetings, etc)
  • Information we may receive relating to communications you send us, such as queries or comments concerning our products or services
  • Information relating to an individual’s real time location
  • The type of hardware and software you are using (for example, your operating system or browser)

 

8. Cookies and trusted third-parties
We use a number of trusted third-party services or companies to enhance or personalise your journey through our website. For these services to work, we sometimes share your personal data with them.
We provide only the information they need to perform their specific services.


These services may use cookies to track and identify you as you use the website. This is so they can deliver the enhancements they are contracted with us to provide. 

 

For example, we use SupaDupa to power this website. 
You can read more about how SupaDupa handles your data in the SupaDupa privacy policy: http://info.supadupa.me/privacy.


These are the third-party services we currently work with that will process your personal data as part of their contracts with us: 


SupaDupa - we use the SupaDupa ecommerce platform to power this website and online checkout. You can read more about how SupaDupa handles your data in the SupaDupa privacy policy: http://info.supadupa.me/privacy.
 
Google Analytics - we use Google Analytics to monitor site traffic and user behaviour. 
Google Analytics is a web analysis service provided by Google Inc. (“Google”). Google utilizes the Data collected to track and examine the use of this Website, to prepare reports on its activities and share them with other Google services. Google may use the Data collected to contextualize and personalize the ads of its own advertising network.
You can learn more about privacy at Google and to opt-out of this feature by installing the Google Analytics Opt-out Browser Add-on.
 
Google AdWords - we use Google AdWords to advertise our products and services.
Google AdWords conversion tracking is an analytics service provided by Google Inc. that connects data from the Google AdWords advertising network with actions performed on this Application.

You may opt out of such display advertising at any time by visiting your Google Ads Settings page or by installing and running the Google Analytics Opt-out Browser Add-on.
 
Facebook Pixel - we use Facebook Pixel to monitor site traffic and user behaviour
Facebook Pixel is a web analysis service provided by Facebook, Inc. Facebook Pixel utilizes the Data collected to track and examine the use of this Website, to prepare reports on its activities and share them with other Facebook services.
 
YouTube video widget - YouTube is a video content visualization service provided by Google Inc. that allows us to incorporate video content on our pages.

 
Vimeo video widget - Vimeo is a video content visualization service provided by Vimeo Inc. that allows us to incorporate video content on our pages.
 
New Relic - used to monitor website performance and customer experience to inform improvements to our website.
 
Addthis - we use Addthis to offer social sharing tools to visitors of our website.
You can read more about Addthis privacy policy and how to opt out of being tracked at http://www.addthis.com/privacy/opt-out. 
 
Mailchimp - we use Mailchimp to manage email lists for customers.
 
9. Where your personal data may be processed
Sometimes we will need to share your personal data with third parties and suppliers outside the European Economic Area (EEA), such as Australia, Canada or the USA.
 
The EEA includes all EU Member countries as well as Iceland, Liechtenstein and Norway. We may transfer personal data that we collect from you to third-party data processors in countries that are outside the EEA. For example, this might be required in order to fulfil your order, process your payment details or provide support services. If we do this, we have procedures in place to ensure your data receives the same protection as if it were being processed inside the EEA. 
 
SupaDupa, the service that powers this website, is a British company with its head-office located in London, England. For the purposes of EU data protection law, the United Kingdom is considered a country which provides adequate protections for Personal Information, as confirmed by the European Commission in Commission Decision 2002/2/EC.  

The service is run mainly from their offices in London. However, by the very nature of the service, the data that is viewed, collected, stored or posted on or through their platform also needs to flow from wherever you are located in the world, to where they are storing the data (i.e. in most cases, in the United States). In addition, SupaDupa also uses third-party service providers (such as managed hosting providers, card processors, sub-processors of Customer Content and technology partners) to provide the necessary hardware, software, networking, storage and other services that we use to operate their services. These third party providers may process, or store, the same Customer Content on servers outside of the EEA, including in Canada or the US.
 
By continuing to use this website, or submitting any personal data, you authorise SupaDupa and its authorised service partners to use and process your Data (including any personal information you provide) in these countries. Please be aware that the privacy protections and the rights of authorities and Government agencies to access your personal information in some of these countries may not be equivalent to those in your country. You can read more about SupaDupa’s privacy policy at https://info.supadupa.me/privacy

 

10. How “Do Not Track” requests are handled
This website does not support "Do Not Track" requests.
To determine whether any of the third-party services we use honor the “Do Not Track” requests, please read their respective privacy policies.

 

11. Your rights
If you are a EEA resident, you have the right to access personal information we hold about you and to ask that your personal information be corrected, updated, or deleted. If you would like to exercise this right, please contact us through the contact information below.
You have the right to contact us to obtain a copy of the personal information we hold about you. This may be subject to a fee not exceeding any prescribed fee permitted by applicable law. Please note that certain personal information may need to be retained for a period of time following cancellation of your account where this is necessary for our legitimate business purposes or required or authorised by applicable law. 

 

Additionally, if you are a EEA resident we note that we are processing your information in order to fulfill contracts we might have with you (for example if you make an order through the website), or otherwise to pursue our legitimate business interests listed above. Additionally, please note that your information will be transferred outside of the EEA, including to Canada and the United States.
 

12. Data retention
When you place an order through the website, we will maintain your Order Information for our records unless and until you ask us to delete this information.

 

13. Changes to this privacy policy
We reserve the right to make changes to this privacy policy at any time by giving notice to the website users on this page. We may also include notices of changes within the website itself. Where technically and legally feasible to do so, we may notify you of the changes directly as well. It is strongly recommended that you check this page often. 

 

14. How to contact us
If you have any questions or would like to make a complaint, you can contact us using the details below:

 

Shop Contact Page: https://shop.naturallynickelfree.com/contact
Email: naturallynickelfree@gmail.com
Letter: PO Box 193, Des Moines, Iowa 50301

This notice was last revised on May 31, 2018