Last updated: 15th Jan 2019
Who controls and processes your data
The whatlydiamade.com website is operated by What Lydia Made.
Our data controller contact details are:
- Website Address: https://www.whatlydiamade.com
- Contact Name: Lydia Morrow.
- Contact Email: firstname.lastname@example.org
What we may collect
We may collect and process the following data about you through our website:
- Information you put into forms and input fields.
- A record of any correspondence between us
- Details of transactions you carry out through our site, as an customer.
- Details of visits to our sites and the features you use.
- Information about your device (e.g. your IP address, web browser, operating system) for system administration, debugging and aggregate reporting.
We take the privacy and security of your data seriously, and we are bound under GDPR to ensure that your personal data is processed lawfully, fairly and transparently, without adversely affecting your rights. We will only process your personal data if at least one of the following core basis applies:
- You have given consent to the processing of your personal data for one or more specific purposes;
- Processing is necessary for the performance of a contract to which you are a party or in order to take steps at the request of you prior to entering into a contract;
- Processing is necessary for compliance with a legal obligation to which we are subject;
- Processing is necessary to protect the vital interests of you or of another person;
- Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; and/or
- Processing is necessary for the purposes of the legitimate interests pursued by us or by a third party such as our credit card payment processing, except where such interests are overridden by the fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
A few of the cookies we use last only for the duration of your web session and expire when you close your browser. Other cookies are used to remember you when you return to the site and will last for longer.
Most computer and some mobile web browsers automatically accept cookies but, if you prefer, you can change your browser to prevent that or to notify you each time a cookie is set. You can prevent the setting of cookies by adjusting the settings on your browser. Please note however, that by blocking or deleting cookies you may not be able to take full advantage of the site.
Our cookies will be used for:
Essential session management
- creating a specific log-in session for a user of the site in order that the site remembers that a user is logged in and that their page requests are delivered in an effective, secure and consistent manner;
- recognising when a user of the site has visited before allowing us to identify the number of unique users we receive to the site and make sure we have enough capacity for the number of users that we get;
- recognising if a visitor to the site is registered with us in any way;
- we may also log information from your computer including the existence of cookies, your IP address and information about your browser program in order to allow us to diagnose problems, administer and track your usage of our site.
- customising elements of the promotional layout and/or content of the pages of the site.
Performance and measurement
- collecting statistical information about how our users use the site so that we can improve the site and learn which parts are most popular to users.
How we use the data we collect
We use information about you to:
- Present site content effectively to you.
- Capture and process underwear and product orders.
- Tell you about our products, updates and services.
If you don't want to be contacted with updates, please tick the relevant box that you will find within the checkout.
In addition, if you don’t want us to use your personal data for any of the other reasons set out in this section and policy, you can let us know at any time by contacting us at email@example.com, and we will delete your data from our systems. However, you acknowledge this will limit our ability to provide our services to you, both now and in the future.
In some cases, the collection of personal data may be a statutory or contractual requirement, and we will be limited in the services we can provide you if you don’t provide your personal data in these cases.
Where we store your data
We store your collected data on servers within the European Economic Area (EEA). Your data may, however, be transferred and processed outside the EEA - e.g. to our trusted partners for email delivery or payment processing. By giving us your personal data, you agree to this storage and transfer arrangement. We make every reasonable effort to keep your data secure.
We do not store or transmit confidential payment information - instead this is handled directly by our payment processor and exchanged for a secure token.
We only keep your personal data for as long as we need to in order to use it as described above, and/or for as long as we have your permission to keep it. In any event, we conduct regular reviews to audit recorded personal data, and your personal data will be deleted if we no longer need it.
When we disclose your information
We disclose your data and personal information in the following cases:
- If our company is purchased, we will disclose your information to the buyer.
- We can disclose if we have a legal obligation to do so, or in order to protect other people’s property, safety or rights.
- We can exchange information with others to protect against fraud or criminal activity.
We also contract trusted third parties to supply certain services to you on our behalf. These may include payment processing, search index tools, reporting, email delivery providers and our accounting software. In some cases, third parties may require access to some or all of your data and personal information. Where any of your data is required for such a purpose, we will take all reasonable steps to ensure that your data is handled safely, securely and accordance with your rights, our obligations and the obligations of the third party under GDPR and privacy law.
Third parties we use which may have access to your information include:
- Email Delivery: Postmark (postmarkapp.com)
- Email Inbox: Google (gmail.com)
- Hosting: Digital Ocean (digitalocean.com)
- Error Handling: Sentry (sentry.io)
- Server Management: Laravel Forge (forge.laravel.com)
- Data Backups: Amazon Web Services (aws.amazon.com)
- Analytics: Google (analytics.google.com)
- Payments: Stripe (stripe.com)
- Payments: PayPal (paypal.com)
- Technical: Papertank (papertank.com)
You can ask us not to use your data for communications or marketing. You can do this by ticking the relevant boxes on our forms, or by contacting us at any time at firstname.lastname@example.org
Under the GDPR, your rights include:
- Right of Access. This includes your right to access the personal information we gather about you, and your right to obtain information about the sharing, storage, security and processing of that information.
- Right to Correction. This is your right to request correction of your personal information.
- Right to Erasure. This is your right to request, subject to certain limitations under applicable law, that your personal information be erased from our possession (also known as the “Right to be forgotten”). However, if applicable law requires us to comply with your request to delete your information, fulfillment of your request may prevent you from using Basecamp services and may result in closing your account.
- Right to Complain. You have the right to make a complaint regarding our handling of your personal information with the appropriate supervisory authority.
- Right to Restrict Processing. This is your right to request restriction of how and why your personal information is used or processed.
- Right to Object. This is your right, in certain situations, to object to how or why your personal information is processed.
- Right to Portability. This is your right to receive the personal information we have about you and the right to transmit it to another party.
- Right to not be subject to Automated Decision-Making. This is your right to object and prevent any decision that could have a legal, or similarly significant, effect on you from being made solely based on automated processes. This right is limited, however, if the decision is necessary for performance of any contract between you and us, is allowed by applicable European law, or is based on your explicit consent.
Links to other sites
Please note that our terms and conditions and our policies will not apply to other websites that you visit via a link from our site, nor to websites who link to our service. We have no control over how your data is collected, stored or used by other websites and we advise you to check the privacy policies of any such websites before providing any data to them.
Changes to this policy