This policy applies to information we collect when you choose to use this website, and also to personal data which we process further to supplying services/goods to you should you purchase from our retailers using this website and app.
This website is owned by ShopAppy Limited and our registered office is at 15 Victoria Park, Shipley, West Yorkshire BD15 4RL (Company No. 10285855) ShopAppy ('we' or 'us') are a 'data controller' for the purposes of the Data Protection Act 2018 (the "Act") where we control the purposes for which we process your personal data.
Any questions about our data protection policy or how we handle your personal data should be addressed to Jackie@shopappy.com. (See ‘How to contact us’ below.)
We collect personal data about you (such as your name, address, email address and contact number, age, credit/debit card information), when you make an enquiry, fill out forms on the website (or email, telephone or otherwise contact us), subscribe with us, use social media functions available on our website, or when you purchase products or services from our retailers via our website.
We may send information about you to other parties, our retailers, service providers and law enforcement agencies in connection with any investigation to help prevent unlawful activity.
Due to the nature of our business we work with a variety of service providers who act as our processors who store and process your personal data on our instructions. Below is a list of our service providers for your information:
We only send your data outside the EEA where we have in place a legal agreement which complies with the Legislation and where you have given your express consent. In order to fulfil our contractual agreement with you, we use an invoicing platform called Xero to process all of our invoices and to ensure an improved experience for our customers we use services called MailChimp and Drip.
MailChimp, Drip and Xero's servers are all based in the US which means the personal data of our customers is transferred and stored within the US. Due diligence has been completed with these processor’s which has confirmed that Mailchimp and Xero have the EU-US Privacy Shield which is required as the legal basis by the Act for transferring personal data to the US. Drip complies with the Act by agreeing to EU approved standard moral clauses for the transfer of personal data.
You can find out more information about how they safeguard your personal data by visiting: https://www.xero.com/uk/about/terms/privacy/, https://www.drip.com/privacy and https://mailchimp.com/legal/privacy/.
We process information about you so that we can:
We use any personal data submitted to us by you to provide you with further information by email about the products and services we offer or our retailers offer which you have requested and/or which may be similar and which we consider could be of interest to you. You can choose to unsubscribe at any point by clicking on the link at the bottom of the emails or removing yourself from notifications or our social medial platoforms. We shall not sell your personal data or disclose your data third parties for the purpose of such third party marketing to their products or services to you.
Email marketing campaigns published by us may contain tracking facilities within the actual email. Subscribed activity is tracked and stored in a database for future analysis and evaluation. Such tracked activity may include: the opening of emails, forwarding of emails, the clicking of links within the email consent, times, dates and frequency of activity (this is by no means a comprehensive list).
Any comments you make on these social media platforms in general must be not offensive, insulting or defamatory. You are responsible for ensuring that any comments you make comply with any relevant policy on acceptable use of those services.
Lawful basis for processing personal data
We will only process your personal data where we have a legal basis for doing so. There are 6 lawful reasons for processing personal data which are:
Most of the processing we carry out in relation to your personal data is done in order to fulfil our contractual obligations with you but we also have legal obligations to keep and use certain personal data, legitimate interest and consent.
If we are relying on the legitimate business interest basis for lawful processing be assured that we only do this where we have considered carefully the risks to your rights and freedoms (as we are required to do by the GDPR) and we will not process personal data on this basis if we have any doubt that your rights might be adversely affected. We also revisit this assessment regularly and update our procedures according to our findings.
Our staff and associates are bound by obligations of confidentiality and trained in the protection of personal data. We will take all reasonable steps to comply with the Act and use the appropriate technical and organisational measures necessary to safeguard your personal data. We only share your personal data with third parties who are required to comply with the Act.
While we will use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data that is transferred from you or to you via the internet. If you have any particular concerns about your information, please contact us (see ‘How can you contact us?’ below).
If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.
We store your personal data on secure servers for a period of:
in each case unless the law requires us to store the data for a longer period.
The GDPR provides the following rights for individuals whose personal data is processed:
1. The right to be informed
2. The right of access
3. The right to rectification
4. The right to erasure
5. The right to restrict processing
6. The right to data portability
7. The right to object to processing
8. Rights in relation to automated decision making and profiling. We do not carry out automated decision making and profiling)
You can request a copy of your information which we hold (this is known as a subject access request). If you would like a copy of some or all of it, please:
You can require us to correct any mistakes in your information which we hold free of charge. If you would like to do this, please:
You can ask us to stop contacting you for particular purposes or remove your information completely from our records. There may be a legal reason why we need to keep your personal data and in that circumstance we will destroy your personal data as soon as we are legally entitled to do so. If you would like us to stop contacting you with information about our services, please:
If you have any concerns or complaints about how we use your personal data we hope you will alert us to these directly (see the Contact information below). You are entitled to complain to the Information Commissioners Office (ICO) which is the supervisory authority in the UK. Their contact details and the procedure can be found at www.ico.gov.uk
For example, your log-in information, browser type and version, we may monitor how many times you visit the website, dates and times, which pages you go to, page response time, download errors, traffic data, page interaction information, (such as scrolling, clicks and mouse overs), location data (IP address) and the originating domain name of a user's internet service provider, to improve the user's experience whilst visiting the website, and better understand how you use it. This information helps us to build a profile of our users. Some of this data will be aggregated or statistical, which means that we will not be able to identify you individually.
You can set your browser not to accept cookies and the websites below tell you how to remove cookies from your browser. However, some of our website features may not function as a result.
Third Party Cookies: These are cookies set on your machine by external websites whose services are used on this site. Cookies of this type are the sharing buttons across the sites which allow visitors to share content onto social networks. Links are currently provided to LinkedIn, Twitter, Facebook,and Instagram. In order to implement these buttons, and connect them to the relevant social networks and external sites, there are scripts from domains outside of our websites. You should be aware that these sites are likely to be collecting information about what you are doing all around the internet, including on our websites. You should check the respective policies of each of these sites to see how exactly they use your information and to find out how to opt out, or delete, such information.