Last updated; 17/08/2018
Here at Eco Vibe, the security and privacy of our clients are of the utmost importance. We are committed to protecting your personal information, being transparent about what data we hold and giving you control over how we use it.
When we talk about “Eco Vibe”, “we”, “our”, or “us” in this policy, we are referring to Ecom Lab Limited. We are registered in the UK with Companies House (11267092), our registered address is New York House, 1 Harper Street, Leeds, England, LS2 7EA. We also operate under different trading styles and we abide by the same policy standards set out in this document for all our subsidiary trading styles. We comply with the General Data Protection Regulation (GDPR) 2016, the data controller is Ecom Lab Limited, we are registered with the Information Commissioners Office (ICO) (ZA341077).
When we say subsidiary trading styles, we mean trading names which are owned by Ecom Lab Limited and are also registered with the ICO. If we mention third party companies within this policy, these are separate and individual companies that are not part of Eco Vibe and therefore are not bound by this policy. We would suggest that you review their Privacy Policies.
What information is being collected and why is it being collected?
Eco Vibe may collect, process and hold your personal data in different ways, depending on the type of information. You do not have to provide us with this information, but if you don’t we may be unable to purchase goods from us.
The table below set this out in detail, showing what data we collect and why:
What information is being collected?
Why is my personal information being collected?
1. Name and contact details (including email address and telephone number)
1.1 We must take these details for us to perform our contract. We will use your name and contact details to enable us to fulfil your order (take payment, update you regarding the order, ship the order to you).
1.2 We will use these details for any order management issues we have, this is to enable us to perform our contract.
1.3 We are required to keep a record of any transactions such as purchases or refunds for 6 years for legal requirements.
1.4 We will ask you if you wish to be emailed promotions, offers and events when you create an account on our website. We use a third party, Force 24 to help us manage and send out communications. It is our legitimate interest to promote our products of which we believe you may be interested in, to enable us to sell our products. We will ask you for your consent for email marketing when you sign up and you can opt out of this at any time.
1.5 Eco Vibe will use this information to detect and prevent fraud, it is our legitimate interest to protect ourselves from Fraud and other crimes.
1.6 To enable Shopify to provide you with a receipt, this is to enable us to perform our contract.
1.7 We will use this information to send you information required by law, such as product recalls, this is a legal obligation and we do not need your consent to send this however these will not include any promotional content.
2. Post code
2.1 We will also use this information to help us determine the demographics of our audience to enable us to develop ads for which we have a legitimate interest in targeting more customers and selling our products.
3. Payment Details
3.1 If you decide to purchase a product from us, Shopify will process the purchase on our behalf. We require this information to enable us to process and complete your order and perform our contract with you.
4. Marketing consents
4.1 We will keep a record of what consents you have provided us in relation to marketing. If you decide to withdraw consent, we will also record this along with the original consent provided.
5. Your device information, preferences, browsing history and cookies provided when you browse our website
5.1 When you consent to cookies, we will use them to show you advertising on Social Media platforms such as Facebook or third-party advertising that may appear on other websites you use.
Who has access to my information?
A small number of our employees to enable them to complete tasks within their role and on your behalf.
Who will my information be shared with?
In order for us to provide our services to you, we will share your data in the following ways;
- Our store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you. Your data is stored through Shopify’s data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall. If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted. All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers. For more insight, you may also want to read Shopify’s Terms of Service https://www.shopify.com/legal/terms or Privacy Statement https://www.shopify.com/legal/privacy.
- We may share your data with professional service providers, such as IT providers, marketing agencies, advertising partners and website hosts who help us run our business and deliver our marketing and advertising to you, including third party print companies for mailing purposes.
- We may share your personal information to a third party as part of a sale, merger, acquisition, bankruptcy, dissolution, reorganisation, restructure of all or a portion of the business. Or if we are under a duty to disclose this to comply with any legal obligations, lawful requests, court orders or regulatory requirements.
- We may also share your personal information to protect the rights, property or safety of us or third parties; or relating to investigating and preventing fraud.
What are my rights over my information?
The Right to Access: You have the right to access any information that we hold about you and you can do this by submitting a Subject Access Request (SAR). We have one month from receipt of your request to provide the information you have asked for and, in most cases, will be free of charge. To protect your information, we will need to verify your identity before providing any personal data. We may also ask you to provide us some additional voluntary information to help us process your request more efficiently.
The Right to Erasure: Also known as the "right to be forgotten". Unless we have a reason for keeping your personal information (for example, where we need this to provide a service to you or deal with an ongoing complaint), you can request for us to stop holding your personal information. If we need to hold on to your information we will tell you when we respond.
For more information on your individual rights and how to use them, you can visit the Information Commissioners Office website; https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
How long do you retain my information?
We will retain your personal information for as long as you have an account with us or as needed to provide any products or services to you. Our general retention period is up to 6 years to retain information, however there may be times when we hold data for longer such as by law or regulations, to resolve any disputes or to prevent fraud or abuse. We also retain any consent options and marketing preferences you provide us with.
We will appropriately dispose of any information you have provide in a confidential and secure manner once it is no longer required.
We understand the obligations of the GDPR in relation to the privacy of children, however our business model is not targeted to children and our services would not be of interest to children. We will update this policy should this change.
Like many other websites, our website used cookies. Cookies are small text files sent by us to your computer or device and from your computer or device to us each time you visit our website. They are unique to your browser however do not identify you as an individual. Session-based cookies last only whilst your browser is open and are automatically deleted when you close your browser. Persistent cookies last until you or your browser delete them or they expire.
It is possible to switch off cookies by setting your browser preferences; see our Cookies Policy for more information on how to switch off cookies on your computer. Disabling some or all cookies may result in a loss of functionality when using our website.
Eco Vibe protects personal information against unauthorised access (both physical and logical), when you give us your personal information, we will use strict procedures and security features to try to prevent any unauthorised access.
Links to Other Websites
Our website may contain links to other websites run by other businesses, these websites have their own privacy policies and we encourage you to check these policies prior to submitting any personal information to these websites. We do not accept any responsibility or liability for the policies and the practices of a third-party website even if you have access them using links from our website.
Transferring Your Information Outside of the UK
The information we collect from you may be transferred to and stored in countries outside of the UK, for example, as we use the Cloud to hold our data it is likely that your personal information won’t be held in the UK but it will be held in the EU. The General Data Protection Regulation applies to all EU countries including the UK, even post Brexit, meaning that all countries in the European Economic Area (EEA), have similar standards of legal protection for your personal information.
If you use our services while you are outside of the EU, your information may be transferred outside the EU to provide the service to you.
Monitoring and Enforcement
Eco Vibe monitors compliance with its privacy policies and procedures and has procedures in place to address any privacy related complaints or disputes.
What Rules do we abide by?
As we are based in the UK we are required to comply with UK and European legislation, in particular the General Data Protection Regulation (April 2016) and the Privacy and Electronic Communications Act 2003. For further information on these acts, please visit www.ico.gov.uk.
What can I do if I have a Complaint about how you use my data?
We would like to hear your concerns first, so we can try to put things right for you. You can contact us by using our details below or you can use the details within our complaints policy.
If you are unhappy with how we have handled your data, you can contact the Information Commissioners Office at ico.gov.uk or via telephone on 0303 123 1113.
Contacting Eco Vibe
Please feel free to contact us if you have any questions in relation to this policy or our practices by using the details below;
In Writing: Ecom Lab Limited, New York House, 1 Harper Street, Leeds, LS2 7EA.
By Email: firstname.lastname@example.org