Privacy Policy

Who I am

My website address is: https://www.lisaswift.co.uk.

This website is owned by Lisa Swift, 48 St Johns Road, Staveley, Chesterfield, Derbyshire, S43 3QW.

How I Use Your Data

I will only ever use your data for legitimate business interests, or to comply with any legal or regulatory obligations that I may have. Examples of this include:

  • Fulfilling an order placed with me;
  • Contacting you if I have a query with your order;
  • Responding to an enquiry you have placed via phone, E-Mail or contact form;
  • Sending you marketing materials which you have explicitly consented to;
  • Providing information to legal or regulatory bodies such as the HMRC or the ICO to comply with legal obligations;

You own your data, and you have certain rights under GDPR. These have been enhanced to further your right to privacy and control over your personal data, as well as clarifying my rights to use it under fair processing.

Security of Data

I have a range of mechanisms in place to safeguard your data and ensure that your privacy is maintained.

Strong passwords are required for all services used within the business which store or are used to process your data including my website, E-Mail accounts and backup facilities. Any machines or devices used to access any of these services are password protected and are stored in a secure location when not in use. All PC’s used within the business have up to date antivirus software and are regularly checked for malware to ensure they remain secure.

Secure backup services are used routinely to ensure that your data remains protected and to safeguard against loss or accidental deletion.

Where personal data exists in paper form, it is either stored in a secure location should it be required for accounting purposes, or securely shredded once it is no longer required. Orders through my website is paid for via 3rd-party gateways; I do not handle your payment details.

Comments

When visitors leave comments on the site I collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Cookies

If you leave a comment on my site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit my login page, I will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, I will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Who we share your data with

If you request a password reset, your IP address will be included in the reset email.

In some circumstances I may need to share your data with third parties. Your data is regularly shared with the following:

Service Provider Service Data Processed & Purpose Safeguards in Place
Google Website Analytics Visitor information including browser, country of origin, pages visited, duration of visit and so on may be tracked via Google Analytics. This may be used for business development purposes to improve our website to meet identified needs of visitors. Strong passwords are required for the accessing of any Google Accounts. Individuals data is not identifiable through anonymising of the IP address attributed to browsing sessions.
Dropbox Cloud storage & Backup Customer-provided content such as business logos, backups of our website files/databases for backup, archive or transfer purposes, order information. Access is limited to only those who require it for the purposes of fulfilling orders or day-to-day running of the business such as accounting. Data is only synced to machines which are password-protected and stored in secure locations.
Square Payment Processing, Accounting Customer details including name, E-Mail address, credit card number and billing postcode for the process of taking payment over the phone. Access to Square is strictly limited to staff and feeds to our accounting software. Staff are strictly supervised by the owners; staff may take payments over the phone. Payment details are entered straight into the Virtual Terminal; at no point are credit card details written down or stored.
Quickfile Accounting Customer details including name, address, E-Mail address, payment method and order details for accounting purposes. Access is limited to only the owners and bookkeeper/accountant via strong passwords. Data is stored for the minimum time required by law.
Bookkeeper and Accountant Accounting Customer details including name, address, E-Mail address, payment method and order details for accounting purposes. Documents are shared via Dropbox or handed over in-person. All data is stored in a secure location which is inaccessible to the public. Data which is no longer required by law is permanently deleted or shredded.
HMRC Accounting Customer details including name, address, E-Mail address, payment method and order details for auditing or investigative purposes. Personnel data is stored with HMRC for the purposes of running payroll. Customer data is not routinely shared with HMRC; However, in the event of an investigation or court order, we may be obliged to provide full access to our accounts which include sales data.
MailChimp Contact Management & Marketing Client contact details including name and E-Mail are stored, alongside other details which may include where they signed up from and a consent statement where express consent was granted to send E-Mail communication. Aggregated data may also be stored alongside E-Mail campaign data for business development purposes, such as seeing the proportion of E-Mails opened or the number of clicks on a link within an E-Mail. Access is limited to only those who need it for the day-to-day running of the business. E-Mail communication is only sent to users who have provided explicit consent for us to contact them.
Siteground Ltd E-Mail & Hosting Our website and E-Mail are hosted with Siteground. Subsequently any orders placed through the website, online enquiries and E-Mails are stored on our secure hosting account. Access to our hosting account is protected with a strong password, and strictly limited to the owners. Backups are stored by both Siteground and in secure remote locations to protect against deletion or loss of data.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so I can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on my website (if any), I also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

Data relating to an order is kept for the minimum time required by law.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data I hold about you, including any data you have provided to me. You can also request that I erase any personal data I hold about you. This does not include any data I am obliged to keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service.