General Data Protection Regulation Policy – www.mythesis.co.uk
Data Compliance Policy
Under the new General Data Protection Regulation (GDPR) coming into effect on 25th May 2018, we are obliged to obtain and be able to prove “freely given, specific, informed and unambiguous” consent in order to collect and process personal data.
We are taking action towards compliance and we believe that the GDPR is an opportunity for us to send better, more relevant communications.
We may change this privacy notice from time to time by updating this policy in order to reflect changes in the law and/or our privacy practices.
We encourage you to check this policy for changes whenever your visit our website.
What data is collected by www.mythesis.co.uk
Personal information that we’ll process in connection with all of our products and services includes:
Personal and contact details such as title, full name, contact details including address, phone number, and email address.
We collect this information so we can contact you about your order and when required use your address for delivery of products.
We also use your email address to send out information about our products and services and any discounts/offers/ promotions we may be running.
All payment details are taken and managed by SagePay. We do not hold, store or have access to your credit/debit card payments.
To read more about SagePay and their Privacy and Security Policy please visit https://www.sagepay.co.uk/policies
What is the source of your personal information?
We’ll collect personal information from the following general sources:
From you directly when placing an order on www.mythesis.co.uk.
Information generated about you when you use our products and services
What is the purpose of this data collection?
As a customer or potential customer we would like you to know about up-coming news from www.mythesis.co.uk including offers and promotions, events and our social responsibility strategy.
We also require personal data in order to fulfil your order.
How is your data processed?
For email marketing www.mythesis.co.uk uses the online email marketing solution by Mailchimp which operates from the US.
www.mythesis.co.uk uses Trust Pilot to collect reviews about your recent orders which involves sharing your data with Trust Pilot.
In these cases, when Trust Pilot sends out a review invitation on behalf of www.mythesis.co.uk, Trust Pilot act as a Data Processor for www.mythesis.co.uk.
Article 28 of the GDPR requires the data controller and data processor put in place a data processing agreement that describes the data processing activities being carried out.
You can find a copy of this agreement here: http://legal.trustpilot.com/data-processing-agreement
How long will your data be stored?
In regards to email marketing and In accordance with GDPR we will re-confirm all data every 2 years.
Until this time your personal data will only be kept as a confirmation of consent and stored on mail-chimp servers which can only be access by our nominated data controller.
You may opt out from any email marketing communications by using the unsubscribe links at the bottom of the marketing emails you receive.
Your data will then be removed instantaneously.
www.mythesis.co.uk Data Storage
Should you need to contacts us about any GDPR Policies or concerns, please email firstname.lastname@example.org