P R I V A C Y P O L I C Y
1. Statement of intent
An Angel At My Table Limited t/a Angel and Boho, is a company registered in England under no.03377312.
Our registered office address is: An Angel At My Table Ltd, Amours Farm Barns, Good Easter, Chelmsford, Essex, CM1 4RG.
'An Angel At My Table', 'us', 'we', or 'our' operates the angelandboho.com website (the 'Site').
The purpose of this policy is to be transparent about how we collect, use and protect the personal information you provide to us, whether via our Site, telephone, email, in letters or in any other correspondence.
Personal data is information that relates to identifiable living individuals. We will act in accordance with current legislation and meet current best practice in the processing of personal data. We are committed to safeguarding your personal information.
2. Collection of personal data
When you are using our Site, we, like all businesses, are able to collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information.
Our Site will deliver the following cookies to your browser:
Purpose: Temporary cookie generated to test if cookies are enabled on the visitor's browser.
Expires: 72 hrs (3 days)
Purpose: Stores a unique reference to visitor's cart contents. Stores authentication details for customer logged in section.
Content: Unique ID
Expires: On Exit
Purpose: Stores a reference to the visitor's order number after an order has been generated.
Content: Unique ID
Expires: On Exit
Google Analytics, a web analytics service provided by Google, Inc. ('Google') also places cookies on your computer, to enable Google to provide us with activity reports relating to our Site. Google uses this data only to provide us with information on how users use our Site and does not associate your IP address with any other data held by Google. The information generated by Google cookies about your use of the platform (including your IP address) will be transmitted to and stored by Google on servers in the United States. You may refuse these cookies by selecting the appropriate settings on your browser or by downloading and installing the browser plug-in available under https://tools.google.com/dlpage/gaoptout?hl=en-GB.
Read Google's Privacy and Terms: https://policies.google.com/technologies/ads
4 How we use your personal data
We shall only use your data for the purpose for which it is provided where there is a lawful basis to do so. For example, where we need to fulfil a contract with you, or where we have obtained your specific consent to use your information for a previously notified purpose, such as to send you email marketing, or to provide information at your request.
We balance our legitimate interests against your rights as an individual and make sure we only use personal information in a way or for a purpose that you would reasonably expect in accordance with this policy and that does not intrude on your privacy.
4.1 Email marketing
If you actively provide your consent to us along with your email address we may contact you for marketing purposes. By subscribing you grant us the right to use email to send you news and special offers about our products and our business.
5 Data processors
We may need to share your information with 'data processors' such as third party service providers, who help us to prepare and send information relating to our products and business. These 'data processors' will only act under our instruction and we will not allow these organisations to use your data for their own purposes and will take care to ensure that they keep your data secure.
The processors we use are:
EKM is a UK eCommerce provider, with registered offices at EKM Systems Ltd, Caxton Road, Fulwood, Preston PR2 9ZB. They are registered in England under No. 4774091.
The EKM platform and its content and databases are located on EKM's servers, housed within a secure data centre in Manchester which is ISO27001 and PCI-compliant, and has BS5979 security on-site.
5.2 EKM Response
EKM Response is an online email marketing system provided by EKM Systems Ltd. We use EKM Response exclusively for the purpose of email campaign marketing. You are entered into our email list only if you have elected to do so.
Read EKM Response terms and conditions: www.ekmresponse.com/terms.asp
5.3 Postal and courier services
We use the following services for delivery of our products:
Royal Mail Group includes Royal Mail and Parcelforce Worldwide www.parcelforce.com/privacy
Pinnacle Storage Solutions www.pinnaclestorage.co.uk/ourservices using Journease delivery software: www.journease.co.uk/faq
5.4 Payment processors
Our Payment Service Provider is SagePay (formerly Protx) - the largest independent payment service provider (PSP) in the UK and Ireland.
SagePay provides a secure payment gateway (Level 1 PCI DSS), processing payments for thousands of online businesses, including ours. It is SagePay's utmost priority to ensure that transaction data is handled in a safe and secure way.
SagePay uses a range of secure methods such as fraud screening, I.P address blocking and 3D secure. Once on the SagePay systems, all sensitive data is secured using the same internationally recognised 256-bit encryption standards.
SagePay is PCI DSS (Payment Card Industry Data Security Standard) compliant to the highest level and maintains regular security audits. They are also regularly audited by the banks and banking authorities to ensure that their systems are impenetrable.
SagePay is an active member of the PCI Security Standards Council (PCI SSC) that defines card industry global regulation.
In addition, you know that your session is in a secure encrypted environment when you see https:// in the web address, and/or when you see the locked padlock symbol alongside the URL. So when buying through our Site, you can be sure that you are completely protected.
5.5 Debit and credit card information
If you use your credit or debit card to purchase a product/products from us we will ensure that this is done securely and in accordance with the Payment Card Industry Data Security Standard (PCI DSS). You can find out more information about PCI DSS here: www.pcisecuritystandards.org/security_standards/index.php
In the case of a telephone payment, we do not store your credit or debit card details following the completion of your transaction. All card details and validation codes are securely destroyed once the payment has been processed. Only staff authorised and trained to process payments will be able to see your card details. We do not see your card details for any payments made directly on our Site.
If we receive an email containing any credit or debit card details, it will be immediately deleted, no payment will be taken and you will be notified about this. All purchases can be completed securely through the Site or by calling 0845 2000 723.
6 Your rights in relation to personal data
You may opt-out of our marketing communications at any time by clicking the 'unsubscribe' link contained in all our emails.
You have the right to update and correct the personal data we hold. You also have the right to request from us all personal information that we hold that relates to you, to request restriction of the processing of that data and to request that we delete that data. Where allowed by applicable law there may be an administrative charge for supply of copies of data and we may also require you to provide us with appropriate identification before we comply with this request. You also have the right to object to our continued processing of your personal data. You may also have the right to data portability. If you have a complaint about the way in which we use your personal information you have the right to complain to the Information Commissioner https://ico.org.uk/
6.1 Data sharing and third parties
6.2 Data security
We maintain technical and physical safeguards which are designed to protect the security and integrity of your personal data, and to guard it against accidental or unauthorised access, use, alteration or disclosure to unauthorised third parties. These measures include device encryption, firewalls and virus checking procedures.
Where we keep personal data files on local devices, these devices are protected and accessible only to authorised employees. We regularly review our security systems to ensure that your personal data remains safe and secure.
6.3 Duration of storage
We will maintain records of your personal data for as long as you remain:
• a subscriber to our mailing list
• have completed a purchase with Angel and Boho in the last 7 years
if you have not opened any email communication from us or interacted with us in any other way for 3 years we will regard you as an inactive subscriber and delete your details from our records, except where retention is necessary to enable us to enforce our legal rights, or to protect the rights, property or safety of the business.
6.4 Links to other websites
Our Site and emails may, from time to time, contain links to and from other websites. If you follow a link to any of these websites, please note that they have their own privacy policies and that we do not accept any responsibility or liability for them. Please check their policies before you submit any personal data to other websites.
7 Contacting us
We are the 'Data Controller' in respect of any personal data you submit to us or that we collect from or about you. We are a limited company registered in England (registered no. 03377312) with offices at:
An Angel At My Table Limited
Amours Farm Barns
Telephone: +44 (0)333 200 7371
Last updated 01 June 2019.