1.0 PRIVACY AND DATA PROTECTION POLICY
- Your privacy and data protection are human rights
- We have a duty of care for your data
- We only collect and process your data when absolutely necessary
- We will not knowingly sell, share or otherwise distribute your data publicly or privately
Along with our business and internal procedures, this website is designed to comply with the following legislation:
- UK Data Protection Act 1988 (DPA)
- EU Data Protection Directive 1995 (DPD)
- EU General Data Protection Regulation 2018 (GDPR)
3.0 PERSONAL INFORMATION THIS WEBSITE COLLECTS AND WHY
This website collects and uses the following personally identifiable information and for the following reasons:
3.1 Website interaction and visitation
Like many websites, this one uses Google Maps to embed an interactive representation of our location on our contact us page. By visiting the contact us page with cookies enabled in your internet browser, Google Maps may be able to record data such as your approximate geographical location, device, internet browser and operating system, however none of this information personally identifies you to Rea's of Finvoy. Google Maps may also record your IP address. We consider Google a third party data processor.
Google Maps is not required for the normal functioning of this website and disabling cookies on your internet browser will stop Google from tracking any aspect of your visit.
If you do not agree to this policy or any of our terms and conditions please discontinue your use of this website.
3.2 Email communication
If you choose to contact us using any of the available forms, none of the data you provide will be stored by this website. The data will be assembled into an email and sent to us over the Simple Mail Transfer Protocol (SMTP). Our SMTP servers are provided by Mailgun, a third party data processor and are protected by TLS (sometimes known as SSL) meaning that the email content is encrypted using SHA-2, 256-bit cryptography before being sent across the internet.
Automated or manually triggered emails that we send to you from the website (such as in the course of buying goods and services) are processed in the same manner.
The implications of using Mailgun to send and receive email from the web server and on Mailgun servers are managed separately in accordance with privacy policies set out by Mailgun (see Section 5.0).
We kindly request that you do not submit personally identifiable or financial information via the contact forms. If such information is detected, it will be immediately deleted and your enquiry may not be acknowledged.
3.3 Shopping with us
In the process of purchasing goods or services from this website we need to collect both payment and delivery information - these data points include:
- Your email address
- Your first and last name
- Your billing address
- Your delivery address
- Your credit/debit card or digital wallet details
In order to process your order correctly and to satisfy legal requirements, we retain a record of the above data only for as long as we need too in a secure database on our server, with the exception of credit/ debit card or digital wallet details which is never stored by us or processed on our server.
Your credit/ debit card or digital wallet details are submitted securely to our third party payment provider "Stripe" in a PCI compliant manner using their hosted services. Stripe are hereby designated the role of data processor "processor" in regards to our instruction to Stripe to collect your payment information for the purposes of completing a payment and facilitating our business relationship with Stripe.
Upon successful completion (or cancelation) of payment through Stripe you will be redirected back to this website, thereby terminating the checkout process, unless you attempt to submit another payment, which, if then successful will terminate the checkout process. Once you begin the checkout process you can cancel at any time until payment is complete, after which time you have entered into as services contract with us.
Additional details of your contract with us can be found in our Terms and Conditions.
Your email address is transmitted securely to Stripe for the purposes of both identifying you/ your order and easing friction in the payment process. Your email address is held securely on Stripe managed servers for the purposes outlined above and in accordance with their policies.
By submitting your payment information directly to Stripe though their "Prebuilt Checkout page" you hereby consent to the terms and conditions in this document with the understanding that Rea's of Finvoy in this relationship are considered a data controller "controller" and to those which apply to Stripe as the processor.
In certain circumstances Stripe may be referred to both a controller and processor with a view to conducting business operations in adherence with applicable law(s).
For the purposes of conducting business with Stripe and fulfilling your request to us, we are considered a "Stripe User", while you (our customer) are considered as a "Customer of a Stripe User".
4.0 THIS WEBSITE'S SERVER
This website maintains a log of all access and request activity for the purposes of maintaining data and network security.
We are currently reviewing our processes for handling web server logs as they currently contain a record of your IP address. While we may need to retain this for a short period of time, we would like to ensure that logs can be automatically purged within an appropriate timeframe. This document will be updated to reflect the decision on this aspect as soon as we reach a solution.
This website is hosted by Pixelmodified in a UK data centre with services provided by IFDNRG Ltd. which is a trusted web hosting provider based in Edinburgh, Scotland.
All traffic (transfer of data) between this website and your internet browser is encrypted and delivered via the secure hypertext protocol (HTTPS).
5.0 THIRD PARTY DATA PROCESSORS
We use various third parties to process personal data on our behalf. They comply with legislation set out in section 2.0 (despite residing in the USA) and are EU-U.S Privacy Shield compliant.
6.0 DATA BREACHES
We will report any unlawful or unintentional compromise of personally identifiable information within the scope of this website, including those relevant to our third party data processors with 72 hours to any and all relevant authorities.
7.0 DATA CONTROLLER AND DATA PROCESSOR
With the exception of data submitted directly to our third-party services "Data Processors", we handle all data internally and are designated the role of "Data Controller".
Please contact us if you have any concerns about your use of this website or any data that we or third-party services may hold on you.
8.1 Change log
- 30/01/2021 - Policy updated to reflect a change in the service we use to communicate via email; 3.2 - Contacting us changed to 3.2 - Email communication
- 22/01/2021 - Policy updated to reflect data collection and usage while interacting with e-commerce functionality; various updates to policy terms and definitions to reflect updates in related policies
- 13/05/2018 - 3.1 Website interaction and visitation: updated to correct reference to third party data processors section
- 13/05/2018 - 3.2 Contacting us: updated to reflect opt-in policy; removed GMAIL email retrieval method; added webmail method of email retrieval; clarified implications of using GMAIL to send email from the web server
- 13/05/2018 - 4.0 This website's server: updated to reflect log retention policy; updated to reflect 'potential' collection of referral page
Last updated: 30 January 2021