Lawful Basis for Processing Personal Data
For the purposes of The GDPR, we are the Data Processor when selling on Shopify and processes all personal data lawfully, fairly and in a transparent manner. Under Article 6 of The GDPR, the lawful basis on which we process personal data received from Shopify is that of “Contract” - whereby processing is necessary in order to fulfill buyer orders and enquiries. We retain information provided by Shopify, such as transaction information for internal financial accounting purposes. It is a legal requirement to retain this information for a period of 7 years.
Data We Receive: Personally Identifiable Information
We receive personally identifiable information from Shopify only when it is voluntarily submitted by buyers when placing an on-line order. The data we receive includes: name, billing address, delivery name, delivery address, e-mail address (in encrypted format), telephone number, date of order, items ordered, value of items ordered, chosen method of delivery. We do not sell or rent personally identifiable information to any third party for any purpose.
How we use buyers’ personal information
We may use any personal buyer information provided by Shopify to:
- -Process and dispatch buyers’ order/s
- -Carry out regulatory checks to meet our legal obligations
- -Prevent and detect crime
- -Develop and improve our products
- -Undertake anonymised statistical analysis (we won’t be able to identify individuals from this data)
We treat all information we hold about buyers as private and confidential. We will not reveal any personal details or details concerning buyers’ orders to anyone not connected with us, unless:
- -A buyer asks us to reveal the information, or we have a buyer’s permission to do so
- -We are required or permitted to do so by law
- -It is required by law enforcement, fraud prevention or credit reference agencies
We may share buyer personal information with our suppliers, service providers and other contractors only to fulfil orders buyers place with us on Shopify.
Data Subject Access Requests
Under The GDPR buyers are entitled to obtain from us (the Data Processor for the purposes of The GDPR when selling on Shopify) a copy of the data held concerning them and to have any inaccuracies in the data rectified. We are obliged to provide this data to within 1 calendar month of the request and free of charge. However we have the right to refuse or charge for requests that are manifestly unfounded or excessive and repetitive.