The Crafty Crow Ltd (referred to in this notice as “we”, “us”, or “our”) are committed to protecting and respecting your privacy.
This policy, along with any other documents referred to in it, provides you with details of any personal data that we collect from you, from your use of our site: https://thecraftycrow.co.uk, and how we process it.
It includes any information you provide to us when you purchase or receive a product or service from us or sign up to our newsletter.
For the purpose of the Data Protection Act 1998, the data controller is Kerry Anne Orr, who is responsible for any of your personal data provided and is registered with the Information Commissioners Office under number ZA364769.
Our contact information is:
Business name: The Crafty Crow Ltd
Email address: firstname.lastname@example.org
Postal address: Rutherford Hall, High Street, Gatehouse of Fleet. DG7 2HS
If you have concerns about the way in which we collect and process your data, you have a right to complain to the Information Commissioners Office; (https://ico.org.uk), the UK’s independent authority to uphold information rights and data privacy.
Naturally, we would prefer the opportunity to resolve any issues you may have directly with us first.
What personal identifiable data we collect from you:
Types of personal identifiable data collected may include:
Identity data: name, usernames, marital status, gender and date of birth
Contact data: address, email address and contact telephone number
Transaction data: purchase and accounting records
Technical data: Login information, IP address, browser information, operating system and platform used to access this site.
Profile data: username, password, purchases, orders, interests, social media accounts, feedback and survey responses
Communications data: your preferences in relation to marketing and communicating
We do not collect any sensitive data
How and why we collect your personal identifiable data:
Information you give us:
Information you provide by filling in forms on our website, interacting with our site, commenting on our blog, request information from us, give us feedback, or by telephone, social media, email or postal correspondence
This may contain your name, address, email address, telephone number and information about your business.
This helps us to carry out our contractual obligations between you and us, and provide you with information, products and services you have requested.
Information we collect about you:
Information we collect during time spent visiting our site, including technical information such as browser used, time spent on our site and IP address, and is collected using small data files known as ‘cookies’.
This helps us to ensure you have a good user experience on our site and helps us to improve the way our site operates, as well as internal operations, such as site security and system updates, research, statistical and data analysis purposes.
It also allows you to participate in interactive features of our site, when you choose to do so.
Information we receive from other sources:
Information from third parties such as analytics providers, and search information providers listed below:
Google Analytics (based outside EU). Data is anonymised at the point of collection and automatically deleted after 28 months
Social media platforms including Facebook, Twitter, Linked In, YouTube, Quora and so on.
Third party support services, such as accounting and invoicing systems: (Wave, Paypal, iZettle, Stripe, Paymo); email service providers, (Drip, Infusionsoft, Aweber, Mailchimp).
This helps us to ensure you have a good user experience with our site and also helps us to provide you with relevant information, products and services where you have requested to do so. Such contact is only made via email or telephone and you can opt out at any time, using the links provided in the email or by notifying us by email to email@example.com
Why we collect your personal identifiable data:
Under GDPR regulations, there are six lawful bases set out (Article 6 of GDPR) for processing data, listed below.
(a) Consent: the individual has given clear consent to process their personal data for a specific purpose. This includes email marketing, which you can op-out of at any time by following the links within the email or by sending an email to firstname.lastname@example.org
(b) Contract: the processing is necessary for a contract we have, or because you have asked us to take specific steps before entering into a contract. This includes undertaking work on your behalf, purchase of our products and services.
(c) Legal obligation: the processing is necessary for us to comply with the law (not including contractual obligations). This includes accounting information.
(d) Vital interests: the processing is necessary to protect someone’s life.
(e) Public task: the processing is necessary for us to perform a task in the public interest or for official functions, and the task or function has a clear basis in law.
(f) Legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party unless there is a good reason to protect your personal data which overrides those legitimate interests.
We do not usually rely on consent as a legal ground for processing personal identifiable data other than for sending marketing communications via email, telephone, messenger or sms. You have the right to withdraw consent to marketing at any time by emailing us at email@example.com
Disclosure of your personal identifiable information
We do not share your data to third parties for marketing purposes.
We may share your information with:
Any member of our business, partners and sub-contractors for the performance of any contract we enter into with them or you
Analytics and search engine providers to assist us in optimizing and improving our site
Third party support services, project management tools, accounting systems
To protect our rights, property or safety, or those of our clients or others
Storage & protection of your personal identifiable data
All information you provide to us is stored on our, or our selected business partners secure servers, and we will take reasonable steps to ensure your data is protected in accordance with this policy
This site operates via SSL (Secure Sockets Layer) which is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral.
This website is also protected using up-to-date anti-virus software, and regularly backed-up to a secure server.
Retention of your personal identifiable data
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. You can ask us about retention periods for different aspects of your personal data by emailing firstname.lastname@example.org.
In some cases, we may anonymise your personal data (so that is can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
Where you have consented to us using your details for direct marketing, we will keep such data until you notify us otherwise and/or withdraw your consent, which you can do by using the opt out links provided in every email we send, or by emailing email@example.com
You have the following rights under law in respect of your personal identifiable data:
- The right to be informed about the collection and use of your personal information;
- The right of access to your information to verify the legality of our use of it;
- The right to request that inaccurate or incomplete information about you is rectified;
- The right to request the deletion or removal of your information where there is no further reason for us to use it (such as you have withdrawn your consent or we no longer provide you with products or services);
- The right to restrict the use of your information;
- The right to obtain and reuse the information that we have about you for your own purposes;
- The right to object to certain uses (such as for marketing purposes); and
- The right not to be subject to a decision that has a legal effect on you that has been based on an automated decision.
Should you wish to exercise any of these rights, you may do so at any time by emailing us at firstname.lastname@example.org
You do not have to pay a fee to access your personal identifiable data, or to exercise any of your other rights, however in some cases, we are permitted to charge a small fee of no more than £10 in respect of our administrative costs.
If you feel that your rights have been breached in any way, you should contact Kerry Anne Orr at the address given above or lodge an official complaint with the Information Commissioner’s Office via their website (https://ico.org.uk) or by writing to:I nformation Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
We aim to respond to all legitimate requests within one month, however should it take longer than this, we will notify you and keep you updated with appropriate timescales.
Third party links
From time to time, this site may contain links to and from the websites of our partner networks, sites of interest, affiliates, plug-ins and applications.
If you follow a link to any of these websites, please note that these websites have their own privacy policies, of which we do not control and are not responsible or liable for. We recommend you check their privacy policies before you submit any personal data to these websites.
This policy was updated 05 November 2019 and is reviewed regularly.