1. What information do I collect?
I do have to use your personal information to fulfill your order if you shop on my store. There are details provided to me by you that I need to use to complete your order, from processing to delivery. This personal information includes your name; your email address; your postal address; payment information; and details of the product or products you ordered.
You may also choose to give me other information, such as might be required for a custom message on a secret message bracelet or a custom ordered badge, if you contact me directly.
2. Why do I need to collect the above information?
I rely on a myriad of legal bases to collect, use and share your information. These include:
- providing my services to you: such as when I fulfill your order, to settle disputes or to provide you customer support
- when you have provided your affirmative consent (which you may rescind at any time!) such as signing you up to an email newsletter
- if necessary, to comply with any legal obligations or court order in connection with a legal claim; such as retaining information about your order when I do my self assessment tax return
- as necessary for the purposes of my legitimate interest, if those legitimate interests are not overridden by your rights or interests. This could include providing and improving my service (I use the information you provide me to provide the services you requested; and in my legitimate interest to improve my services).
3. You said you may share my information - who with?
I only share your information with a few necessary third parties in very limited circumstances, as follows:
- Wix: I share information with Wix to provide you my service (i.e. fulfilling your order).
- The service you use to pay: will receive your details when you do pay; i.e. PayPal or Stripe.
- Service providers: I use third parties to help me fulfill your order. This pretty much boils down to me sharing your personal details (name, address, etc.) with delivery companies. I use Royal Mail; they are a trusted third party and I require their service to complete your order.
- Business transfers: if I ever sell my business (not likely!) I may disclose your information as part of the transaction, but only to the extent permitted by law.
- Compliance with laws: I may collect, retain, use and share your information if I believe it it reasonable necessary to 1) respond to legal process or government requests; 2) enforce my agreements, policies and terms; 3) prevent, investigate and address fraud or other illegal activity, security or technical issues; 4) protect the rights, property and safety of my customers or others.
4. So how long are you keeping this information?
I will generally not keep your data any longer than six years; this is the time required for self employed people and small businesses to retain their accounts information for tax purposes.
5. What about transferring information outside of the EU?
If I have to, I may store and process your information through third party hosting services which are not based in the EU (for example, Google Cloud, Backblaze or other online backup services). This may mean I transfer your data to a jurisdiction with different data protection laws from territories within the EU. If I am to transfer your information outside the EU, it will only be through services with Privacy Shield.
6. What are my rights regarding you having my information?
If you reside in certain territories, including the EU, you have rights regarding your personal data and how I process it. Application of these rights can vary as explained below:
- Access: you have every right to access and have a copy of the information I have about you by contacting me via the contact information below
- Change, restrict, delete: you may also have the right to change, restrict my use of, or delete the personal information I have about you. Other than where I have to keep your information for legal reasons (like for my accounts/taxes), I can delete your information upon request
- Object: you can object to me using your information for my legitimate interests and for sending you marketing messages, even if you've previously given me express permission (for example, you signed up for my mailing list but you want out). I'll delete your information unless I have grounds to keep it/keep processing it (again, for the aforementioned legal reasons like taxes)
- Complain: if you're in the EU and you have an issue with how I'm using your information (and without prejudice to any other rights you may have), you can do so with your local data protection authority.
For the purposes of data protection law in the EU, I - Alyce Wood - am the data controller for your personal information. If you have any queries or concerns, you can contact me at