Privacy & Cookies Policy

This privacy policy is for the website makingpositivechanges.co.uk and served by Making Positive Changes who is committed to safeguarding your privacy and governs the privacy of those who use it. The purpose of this policy is to explain to you how we control, process, handle and protect your personal information while browsing or using this website, including your rights under current laws and regulations. If you do not agree to the following policy you may wish to cease viewing / using this website.

Policy key definitions:

  • “I”, “our”, “us”, or “we” refer to the business, Making Positive Changes.
  • “you”, “the user” refer to the person(s) using this website.
  • GDPR means General Data Protection Act.
  • PECR means Privacy & Electronic Communications Regulation.
  • ICO means Information Commissioner’s Office.
  • Cookies mean small files stored on a users computer or device.

Processing of your personal data

We promise to follow the following data protection principles:

  • Personal information must be fairly and lawfully processed
  • Personal information must be processed for limited purposes
  • Personal information must be adequate, relevant and not excessive
  • Personal information must be accurate and up to date
  • Personal information must not be kept for longer than is necessary
  • Personal information must be processed in line with the data subjects’ rights
  • Personal information must be secure
  • Personal information must not be transferred to other countries without adequate protection

Your individual rights

Under the GDPR your rights are as follows:

  1. The right to be informed
  2. The right of access
  3. The right to rectification
  4. The right to erasure
  5. The right to restrict processing
  6. The right to data portability
  7. The right to object
  8. Rights in relation to automated decision making and profiling.

You also have the right to complain to the ICO (www.ico.org.uk) if you feel there is a problem with the way we are handling your data.

We handle subject access requests in accordance with the GDPR.

Data we gather

Information you have provided us with

When a visitor requests information from this website using our enquiry form, we collect their name, email address, optionally their phone number and non-personally identifiable information about the request which includes the IP address of the computer making the request and the time and date of the request.

When a visitor subscribes to the website, we collect their email address and non-personally identifiable information about the request which includes the IP address of the computer making the request and the time and date of the subscription.

While you visit our site, we may track: products you’ve viewed, location, IP address and browser type, shipping address. We’ll also use cookies to keep track of cart contents while you’re browsing our site.

When you purchase from us, we’ll ask you to provide information including your name, billing address, shipping address, email address, phone number and optional account information like username and password. We also store the details of the orders you have placed with us such as products costs and coupons. If you create an account, we will store your name, billing and shipping addresses, email and phone number. We will not store or collect your payment card details. That information is provided directly to our third-party payment processors, for more information, see below.

When visitors leave comments on the site we collect their name,  email address and and non-personally identifiable information about the request which includes the visitor’s IP address and browser user agent string to help spam detection. An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Information automatically collected about you

When a visitor accesses this website, we automatically collect certain non-personally identifiable information about the request. This information is stored by cookies and other session tools. This information includes the IP address of the computer making the request and the time and date of the request, the type of web browser being used, and, sometimes, the page from which the visitor is coming. The information does not contain the visitor’s name or email address.

How we use your personal data

We use your Personal Data in order to:

  • In order to answer any queries and questions that you may have.
  • Provide our services to you. This includes for example registering your account; providing you with other products and services that you have requested; providing you with promotional items at your request and communicating with you in relation to those products and services; communicating and interacting with you and notifying you of changes to any services.
  • Enhance your customer experience.
  • Fulfil an obligation under law or contract.

We use the following lawful bases in order to process your personal data:

Consent

You explicitly give your consent to a specific kind of processing of your personal information.

With your consent we process your personal data:

  • To answer any specific queries or questions
  • To send out newsletters with information on our products and promotions
  • For other purposes we have asked your consent for

You can at any time request that your personal information is deleted.

We will continue to process your information until you withdraw consent or it is determined your consent no longer exists.

Your personal data under the consent lawful basis is not shared with any third parties.

Contract

On the basis of contractual necessity, we process your personal data for the following purposes:

  • Process your orders
  • Send you information about your account and order
  • Respond to your requests, including refunds and complaints
  • Process payments and prevent fraud – through a 3rd party payment gateways (see below for Data shared with other parties)
  • Set up your account for our store which can be used to populate the checkout for future orders.
  • Improve our store offerings

We keep your information while you are our customer and afterwards for a variety of reasons. We will only keep it for as long as we need to. If you have an account you have direct access in order to manage your data.

Legitimate interests

The processing of the personal data is a legitimate, expected behaviour of a business.

On the basis of legitimate interest we process your personal data for the following purposes:

  • To improve our store offerings
  • To administer and analyse our client base (purchasing behaviour and history) in order to improve the quality, variety, and availability of products / services offered/provided;
  • To conduct questionnaires concerning client satisfaction;

As long as you have not informed us otherwise, we consider offering you products/services that are similar or same to your purchasing history/browsing behaviour to be our legitimate interest.

Legal obligation

The processing of the personal data is required for legal reasons (e.g., accounting and tax purposes).

On the basis of legal obligation we process your personal data on the basis in order to fulfil obligation rising from law and/or use your Personal Data for options provided by law.

We reserve the right to anonymise personal data gathered and to use any such data. We will use data outside the scope of this Policy only when it is anonymised.

We generally store information about you for as long as we need the information for the purposes for which we collect and use it, and we are not legally required to continue to keep it. For example, we will store order information for 7 years for tax and accounting purposes. This includes your name, email address and billing and shipping addresses.

Additional purposes

We might process your personal Data for additional purposes that are not mentioned here, but are compatible with the original purpose for which the data was gathered. To do this, we will ensure that:

  • The link between purposes, context and nature of Personal Data is suitable for further processing
  • The further processing would not harm your interests and
  • There would be appropriate safeguard for processing

We will inform you of any further processing and purposes.

If, as determined by us, the lawful basis upon which we process your personal information changes, we will notify you about the change and any new lawful basis to be used if required. We shall stop processing your personal information if the lawful basis used is no longer relevant.

Children

We do not intend to collect or knowingly collect information from children. We do not target children with our services.

Cookies we use

We use cookies on this website to provide you with a better user experience. We do this by placing a small text file on your device / computer hard drive to track how you use the website, to record or log whether you have seen particular messages that we display, to keep you logged into the website where applicable, to display relevant adverts or content, referred you to a third party website.

Some cookies are required to enjoy and use the full functionality of this website.

You can remove cookies stored in your computer via your browser settings. Alternatively, you can control some 3rd party cookies by using a privacy enhancement platform such as optout.aboutads.info or youronlinechoices.com. For more information about cookies, visit allaboutcookies.org.

Cookies that we use are:

Name

Domain

Description

Expiration

viewed_cookie_policy makingpositivechanges.co.uk This cookie is set to ‘yes’ when you click on the “Continue” button that is contained in the message in the footer warning you about the website using cookies. Once set the message no longer appears. 1 year
PHPSESSID makingpositivechanges.co.uk This cookie is used store information about the current session as visitors move around the site. When browser is closed
woocommerce_items_in_cart makingpositivechanges.co.uk This cookie is set if a site visitor adds an item to the shopping basket and is essential for the ecommerce functionality of the website. When browser is closed
comment_author_ comment_author_email_
comment_author_url_
makingpositivechanges.co.uk When visitors write a review or comment on any other post, they will have cookies stored on their computer. This is purely for convenience, so that the visitor will not be required to re-type all their information again when they want to leave another comment in the future. 1 year
_ga makingpositivechanges.co.uk We use Google Analytics to monitor traffic levels, search queries and visits to this website. These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited. Full details of the cookies that Google Analytics uses can be found in Cookies & Google Analytics in documentation for Google’s Analytics tracking code. 2 years
_gat 30 minutes
_gid 24 hours
__utmc When browser is closed
__utmz 6 months
wordpress_ makingpositivechanges.co.uk These cookies are loaded onto their browser when when a visitor logs into their account. They identify that cookies are enabled and that the user is logged in. These cookies are required so that the user can navigate to and from their account and use the checkout and remain logged in. 2 weeks
wordpress_logged_in_ 2 weeks
wordpress_test_cookie When browser is closed
guest_id twitter.com This cookie is set for the browser to remember the guest id to display the latest news from our twitter account. 2 years
Various Paypal and related cookies from Paypal paypal.com
mediaplex.com
apmebf.com
We use Paypal to enable our customers to make payments for goods. When a customer places an order from the checkout they are taken to the Paypal website which loads the Paypal cookies onto their browser. For further information, please review the Paypal Privacy Policy. Various
Various third party cookies shareaholic.com, facebook.com, scorecardresearch.com,
linkedin.com, google.com, quantserve.com, imrworldwide.com,
accounts.google.com, doubleclick.net,
accounts.youtube.com, stumbleupon.com, w55c.net, printfriendly.com, lijit.com, bluekal.com, adnxs.com, turn.com, simpli.fi, mathtag.com, media6degrees.com, chango.com, orbengine.com, pubmatic.com, tag.admeld.com, rubiconproject.com, pixel.rubicomproject.com, opennx.net, ad360yield.com, invitemedia.com, adjug.com, adscale.de, ih.adscale.de, adbrite.com, afy11.net, casalemedia.com, adap.tv,sptxchange.com, rfihub.com
We use ‘shareaholic’ buttons in our blogs and for some of the services that may be purchased. These allow the user to connect to one of the sharing social media sites log-on screens and then share our pages on that site, be able to email the details or print them out. These third party cookies are only loaded if the site visitor clicks on one of these buttons. When they do so these thrid party companies, including Shareaholic, collect certain anonymous information when you visit our website. These companies may use non-personally identifiable information during your visits to this and other websites in order to provide advertisements about goods and services likely to be of greater interest to you. These companies typically use a cookie or a third party web beacon to collect this information. To learn more about this behavioral advertising practice, you can visit www.networkadvertising.org. Various

Data security and protection

We do our best to keep your personal data safe.  We use safe protocols for communication and transferring data (such as HTTPS). We use anonymising and pseudonymising where suitable. We monitor our systems for possible vulnerabilities and attacks.

Even though we try our best we can not guarantee the security of information. However, we promise to notify suitable authorities of data breaches. We will also notify you if there is a threat to your rights or interests. We will do everything we reasonably can to prevent security breaches and to assist authorities should any breaches occur.

If you have an account with us, note that you have to keep your username and password secret.

Links to other websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

Transparent Privacy Explanations

We have provided some further explanations about user privacy and the way we use this website to help promote a transparent and honest user privacy methodology.

Data shared with other parties

We sell products through this websites. In that case, we use third-party services for payment processing (e.g. payment processors).

We will not store or collect your payment card details. That information is provided directly to our third-party payment processors whose use of your personal information is governed by their Privacy Policy. These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information.

The payment processors we work with are:

Email marketing messages & subscription

Under the GDPR we use the consent lawful basis for anyone subscribing to our newsletter or marketing mailing list. We only collect certain data about you, as detailed in the “Processing of your personal data” above. Any email marketing messages we send are done so through an EMS, email marketing service provider. An EMS is a third party service provider of software / applications that allows marketers to send out email marketing campaigns to a list of users.

Email marketing messages that we send may contain tracking beacons / tracked clickable links or similar server technologies in order to track subscriber activity within email marketing messages. Where used, such marketing messages may record a range of data such as; times, dates, I.P addresses, opens, clicks, forwards, geographic and demographic data. Such data, within its limitations will show the activity each subscriber made for that email campaign.

Any email marketing messages we send are in accordance with the GDPR and the PECR. We provide you with an easy method to withdraw your consent (unsubscribe) or manage your preferences / the information we hold about you at any time. See the footer of any marketing messages for instructions on how to unsubscribe or manage your preferences.

Our EMS provider is MailChimp. We hold the following information about you within our EMS system;

  • Email address
  • Subscription time & date

The MailChimp privacy policy can be viewed at: https://mailchimp.com/legal/privacy/

Contact information

Questions, comments and requests regarding this privacy policy are welcomed and you can either send an email to:
christine@makingpositivechanges.co.uk
or call us on: 01243 699646.

Changes to this Privacy Policy

We reserve the right to make change to this Privacy Policy.
Last modification was made 25th May 2018.