Privacy policy

Rachel Webb Ceramics - Privacy policy

This Privacy Policy describes how rachelwebbceramics.ie (the “Site” or “we”) collects, uses, and discloses your Personal Information when you visit or make a purchase from the Site.

How and why we collect personal information.

When you visit our site we automatically collect certain information. For example, our analytics service will enable us to know what type browser you use, IP address, search terms used and general geographical location. Anyone accessing rachelwebbceramics.ie will have the opportunity to provide personal data in the contact box. This is completely optional, and you are under no statutory or contractual obligation to do so. When you do fill out the contact detail box you will be made aware that you are consenting to the processing of your personal data in accordance with the GDPR and this Privacy Notice. At this point more technical data will also be collected as outlined in the cookie section of this policy. This data will include more analytic and statistical information collected on an aggregate basis of visitors to the website. What is important to us is that you know that, when you visit the website, normally the IP address of your web server, your TLD name (.com, .ie, .org etc.), the type of web browser and operating system you use, will be retained. We make no attempt to use the technical details to try and identify individuals who visit the website.

Similar to most websites offering products for sale, the need for your personal information can be categorised under distinct headings:

Personal Information necessary to confirm sales, process payments, communicate with customers, issue receipts and invoices, expedite delivery of goods ordered, and after sale customer care. Here we include name, billing address, shipping address, payment information (including credit card numbers or PayPal email addresses), email address, and phone number. It will be necessary to share such information with our data processor Shopify, payment processors (Shopify Payments), shipping agents and couriers (An Post and DPD);

Device Information necessary to load the site accurately, and for the purpose of performing normal analytics on site usage, with the goal of optimising the site for business efficacy and visitor experience. Personal information collected here may include version of web browser, IP address, time zone, cookie information, what sites or products you view, search terms, and how you generally interact with the Site.

How are the data being collected on the website?

By availing of our contact box feature, amongst the data initially collected are personal/company name postal address, e-mail address, phone number. Other technical data are collected primarily through the use of ‘cookies’ on the website. A ‘cookie’ is a small piece of data that a website asks your browser to store on your computer or mobile device. Using a cookie allows the website to ‘remember’ your actions or preferences over time. The types of cookies used on this website and the data they collect are set out in the cookie section of this policy.

At a later stage further details will become necessary to complete a purchase, including financial data such as payment card information, type of card, name on the card and billing address. These data are consciously provided by visitors to the website, generally in contemplation of, or completion of, a purchase. These data are processed by our payments service provider (See Details Below). Other data collected such as IP address, geolocation information, and how you use the website are provided by our analytics service provider, Google Analytics (https://policies.google.com/privacy?hl=en-US) and are used in order to manage the business and web site more effectively. More data include how you interacted with the website, e.g., how long you stayed on the site, what pages you viewed etc. We emphasise, we make no attempt to use technical data to identify individuals who visit the website. Later we will set out the legal bases underpinning our data collection procedures.

How we use the data.

Any data collected directly through the website’s contact forms are used solely to have essential contact information. If you do fill out the contact form you will be made aware that you are consenting to the processing of your data in accordance with GDPR and this Privacy Notice. Primarily, we aim to use the data collected to assist us operate our business more effectively and efficiently. We use data collected to help us refine our products and service, and adapt to a changing marketplace. With such goals in mind, we work with our analytics partners, data processor Shopify, and some third parties to ensure that you have a good end to end customer experience. How, and with whom, data are shared is seen below. Where we intend to use your data for marketing purposes we will inform you at the outset. You can opt out or object to processing for direct marketing by e-mailing info@rachelwebbceramics.ie.

Disclosing/Sharing Personal Information.

Rachelwebbceramics.ie acts as data controller for your personal information. We are partnered with Shopify who power our online store. Shopify act as our data processor. They provide us with the online e-commerce platform that allows us to sell our products and services to you.

Your data is stored through Shopify’s data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall.

If you choose a direct payment using your card information to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.

All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.

PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.

For more insight, you may also want to read Shopify’s Terms of Service (https://shopify.com/legal/terms)

You may also view the Privacy Policy at https://shopify.com/legal/privacy

In the normal course of business, information is shared with partners such as Shopify Payments, Facebook, Instagram, An Post, DPD and Google Analytics, but the ultimate responsibility for securing your personal data remains with the Site. It is sometimes necessary to share information with other partners and 3^rd parties. While it is not always strictly necessary to share information, sharing information for business purposes may fall under the ‘legitimate interests’ lawful basis. Business arrangements change from time to time, and therefore it is foreseeable that we may engage new partners and 3^rd parties in the future. In this context we will inform you, and make the privacy policies of these third parties available to you. At all times we act in accordance with data protection principles. Analytics data may be shared with 3^rd party advertisers and partners and used to target advertising to you from your visit to the website. We may also work with advertisers in order to display our own adverts on 3^rd party websites based on cookies set on your visit to the website. No attempt is ever made to identify individual visitors to the Site, or to associate any technical details with any individual.

As we use some 3rd party services as a part of our fulfilment process, we also make these available for your review below:

DPD Privacy Policy; (https://dpd.ie/Privacy-Policy)

An Post Privacy Policy; (https://www.anpost.com/Privacy)

Most especially, anytime data is collected we act in harmony with the principle of transparency. What this means in practice is that at the time data is collected, you are made aware of your relevant rights under the GDPR. (See https://www.dataprotection.ie/en/individuals. )

Transparency

Effective exercise of your rights, such as the right of access, is dependent on you being aware that your data is being processed in the first place. In light of this, GDPR mandates that certain information must be provided in cases where the personal information is collected either directly or indirectly from a data subject. In our case, much of the personal information will be collected directly from you, and accordingly, the following set of information is provided to comply with GDPR art 13(1) and 13(2). In essence, these articles provide for ‘Rights to Information’.

FOR YOUR INFORMATION

Data Controller: Rachel Webb Ceramics, 30 Boireann Bheag, Roscam, Galway, Galway, H91 W6P3, Ireland

Purposes of the Data Processing: to provide products or services to you to fulfil our contract, to process your payment information, arrange for shipping, and provide you with invoices and/or order confirmations, communicate with you, screen our orders for potential risk or fraud, and when in line with the preferences you have shared with us, provide you with information or advertising relating to our products or some service. For example, you will only receive marketing emails if you opt in to email marketing.

Legal Bases for Processing.

The GDPR lays out the lawful bases for the processing of personal information. At least one of these is necessary before it is lawful to process personal information. The following are the lawful bases that will be relied upon by us:

Consent; initially your consent to personal data processing will be evidenced by ticking our consent box or by submitting any information using forms on our website.

Contract; it will be necessary for the purchase and shipment of any goods that a contract is entered into between you, the purchaser, and rachelwebbceramics, the seller;

Legitimate Interests; it is lawful to process personal data on the basis of ‘legitimate interests’, but only where necessary in pursuit of those legitimate interests and where other rights of the data subject are not overridden ( See note below)

Legal Obligation; we may process personal information to comply with legal obligations such as under Revenue Law and Anti Money Laundering legislation, amongst others.

Recipients or Categories of Recipients of Personal Data

There are times during processing operations when we are required to disclose data to third parties. Sometimes these will be neither data processors working on our behalf, nor data controllers on whose behalf we are working. These recipients include The Revenue Commissioners, and law enforcement authorities, where needed for the investigation, detection, prosecution or prevention of criminal offences. Personal data may also be disclosed to third parties who provide services to us in connection with our lawful purposes associated with the operation of the Site. Third parties in this category include IT service providers, analytic service providers, payment processors such as Shopify Payments, and postal and shipping agents such as An Post or DPD. Only the minimum information necessary to complete sales and deliveries, or to provide other services, will be disclosed.

Third Party Link

From time to time, the Site will include links to 3^rd party websites, plug-ins and /or applications. Typical of these are Facebook, Instagram, Twitter and in most cases the links are there to share our websites content or facilitate ads on related platforms. Clicking on the links may allow 3^rd parties to collect or share data about you. As we do not control these 3^rd party websites, we cannot be held responsible for their privacy statements. However, we only deal with websites we have found to be reputable to date. When you leave our website we encourage you to read the privacy notice of every website you visit.

Legitimate Interests as a Legal Basis

If we, or a third party, are to use ‘legitimate interests’ as a legal basis for processing, we will inform you of those ‘legitimate interests’. For example, it is in the legitimate interest of our business to process information for administration and accounting requirements. We will only use ‘legitimate interests’ as a solitary basis for processing when under a legal obligation to do so. Processing on the basis of ‘legitimate interests’ means the processing must be ‘necessary’ for the purposes of the ‘legitimate interests’ pursued by the Site or a third party. Being useful or convenient does not mean processing is ‘necessary’. These ‘legitimate interests’ may be overridden by your rights and interests, but not in all cases. However, in all cases, ‘legitimate interests’ as a lawful basis has to be balanced against all your other rights, and not just your data protection rights.

Transfers to 3^rd country or International Organisation.

Your Personal Information will be initially processed in Ireland and then will be transferred outside of Europe for storage and further processing, including to Canada and the United States. Transfers to Canada are protected by Canadian which have been the subject of an Adequacy Decision by the European Commission. At present transfers to the USA are guaranteed protection pursuant to contractual commitments similar to Standard Contractual Clauses. For more information on how data transfers comply with the GDPR, see Shopify’s GDPR Whitepaper, https://help.shopify.com/en/manual/your-account/privacy/GDPR. In light of the recent European Court Of Justice ruling in Schrems many will be re-evaluating best procedures and practices to transfer data to the United States. Our Privacy Notice at a later date may reflect this very recent ruling.

In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.

Retention Period

We will keep personal information only for as long as necessary. We retain personal information only for as long as we need it for the purposes described earlier in this Privacy Notice, including for the purposes of satisfying any legal, accounting or reporting requirements.

Requirement to provide personal data.

There is no statutory or contractual obligation on you the Site visitor to provide us with any personal data. However, if you do not, clearly there can be no relationship, and no goods may be purchased or shipped.

Right to lodge a complaint to a supervisory authority

You have the right to lodge a complaint to the appropriate Supervisory Authority. In Ireland this will be the Data Protection Commission. You can find details of how to lodge a complaint here.

Consent

Where processing is based on consent you have the right to withdraw consent at any time, without affecting the lawfulness of processing based on that consent before the withdrawal. Silence, pre-ticked boxes or inactivity cannot constitute consent. On this website any request for consent will be clearly distinguishable from other matters contained on the website.

Automated decision making

If you are a resident of the EEA, you have the right to object to processing based solely on automated decision-making (which includes profiling), when that decision-making has a legal effect on you or otherwise significantly affects you. We do not engage in fully automated decision-making that has a legal or otherwise significant effect using customer data.

Our data processor Shopify uses limited automated decision-making to prevent fraud that does not have a legal or otherwise significant effect on you.

Services that include elements of automated decision-making include:

Temporary ‘deny list’ of IP addresses associated with repeated failed transactions. This ‘deny list’ persists for a small number of hours.

Temporary deny list of credit cards associated with deny listed IP addresses. This ‘deny list’ persists for a small number of days.

The Existence of rights

We are obliged to make you aware that in certain circumstances and subject to certain restrictions you have the following rights:

Right of Access: You have the right to request a copy of your data and confirmation whether data concerning you is being processed;
Right to Rectification: you have the right to have any inaccurate data corrected and any incomplete information made complete;
Right to Erasure: You have the right to request us to delete any personal data we hold about you;
Right to Restrict Processing: You have the right to request that we no longer process your data for particular reasons;
Right to Object: You have the right to object to processing of your data for particular purposes;
Right to Data Portability; You have the right to request us to provide you, or a third party, with a copy of your data, in a structured, commonly used and machine readable format.
If you wish to exercise any of these rights, please contact info@rachelwebbceramics.ie

Where we obtain personal data, other than from the data subject, we will disclose the category of such data to the data subject, as well as all the foregoing information.

Cookies

A cookie is a small amount of information that’s downloaded to your computer or device when you visit our Site. We use a number of different cookies, including functional, performance, advertising, and social media or content cookies. Cookies make your browsing experience better by allowing the website to remember your actions and preferences (such as login and region selection). This means you don’t have to re-enter this information each time you return to the site or browse from one page to another. Cookies also provide information on how people use the website, for instance whether it’s their first time visiting or if they are a frequent visitor.

We use the following cookies to optimise your experience on our Site and to provide our services.

Cookies Necessary for the Functioning of the Store

Name	Function
_ab	Used in connection with access to admin.
_secure_session_id	Used in connection with navigation through a storefront.
cart	Used in connection with shopping cart.
cart_sig	Used in connection with checkout.
cart_ts	Used in connection with checkout.
checkout_token	Used in connection with checkout.
secret	Used in connection with checkout.
secure_customer_sig	Used in connection with customer login.
storefront_digest	Used in connection with customer login.
_shopify_u	Used to facilitate updating customer account information.

Reporting and Analytics (Targeting/Advertising Cookies)

Name	Function
_tracking_consent	Tracking preferences.
_landing_page	Track landing pages
_orig_referrer	Track landing pages
_s	Shopify analytics.
_shopify_fs	Shopify analytics.
_shopify_s	Shopify analytics.
_shopify_sa_p	Shopify analytics relating to marketing & referrals.
_shopify_sa_t	Shopify analytics relating to marketing & referrals.
_shopify_y	Shopify analytics.
_y	Shopify analytics.

The length of time that a cookie remains on your computer or mobile device depends on whether it is a “persistent” or “session” cookie. Session cookies last until you stop browsing and persistent cookies last until they expire or are deleted. Most of the cookies we use are persistent and will expire between 30 minutes and two years from the date they are downloaded to your device.

You can control and manage cookies in various ways. Please keep in mind that removing or blocking cookies can negatively impact your user experience and parts of our website may no longer be fully accessible.

Most browsers automatically accept cookies, but you can choose whether or not to accept cookies through your browser controls, often found in your browser’s “Tools” or “Preferences” menu. For more information on how to modify your browser settings or how to block, manage or filter cookies can be found in your browser’s help file or through such sites as www.allaboutcookies.org.

Additionally, please note that blocking cookies may not completely prevent how we share information with third parties, such as our advertising partners.

Ad Targeting/Behavioural Advertising

The use of cookies, just discussed above, is closely related to the prevalence of ad targeting. We may use your personal information to provide you with targeting advertising and marketing communications we believe will be of interest to you. For example, Google provides our analytics service and we may also run Google Ads.

You can read more about how Google uses your personal information at https://policies.google.com/privacy?hl=en

To opt out entirely of Google analytics go to https://tools.google.com/dlpage/gaoptout

We share information about your use of the Site, your purchases, and your interaction with our ads on other websites with our advertising partners. We collect and share some of this information directly with our advertising partners, and in some cases through the use of cookies or other similar technologies.

The various advertising platforms we use all provide opt outs for their targeted ads. For example, you can view the Facebook Privacy Policy at https://facebook.com/policy.php

Most browsers will also accommodate those who do not wish to be tracked when they browse the web. The Do Not Track (DNT) is supposed to work by sending a signal to websites, analytics companies, ad networks, plug in providers and other web services you encounter while browsing, to stop tracking your activity. In truth, the effectiveness of DNT has been limited.

From time to time the Site may include various links to third-party websites, plug-ins and/or applications. In most cases such links are there to facilitate ad campaigns on those other platforms. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

Marketing

When you have told us you are happy to receive marketing information from us we may contact you from time to time about other products. You may opt out at any time by e-mailing info@rachelwebbceramics.ie or simply by clicking the unsubscribe link present in the footer of our marketing emails.

Children under 16.

Our website and services are not intended to be used by children under 16 years old. We will never knowingly collect data from or on children below 16 years old. If you become aware of such a child (or another person) supplying data on that child to us, please contact us as below.

Contact

For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e-mail at info@rachelwebbceramics.ie or by mail using the details provided below:

30 Boireann Bheag, Roscam, Galway, Galway, H91 W6P3, Ireland

Privacy Policy Changes and updates

We reserve the right to change or update this Privacy Policy at any time, without notice, to reflect operational adjustments necessitated by changes in the legal or regulatory landscape. This policy was last updated on 27November 2020.