Policy key definitions:
- “I”, “our”, “us”, or “we” refer to the business, Making Positive Changes.
- “you”, “the user” refer to the person(s) using this website.
- GDPR means General Data Protection Act.
- PECR means Privacy & Electronic Communications Regulation.
- ICO means Information Commissioner’s Office.
- Cookies mean small files stored on a users computer or device.
Processing of your personal data
We promise to follow the following data protection principles:
- Personal information must be fairly and lawfully processed
- Personal information must be processed for limited purposes
- Personal information must be adequate, relevant and not excessive
- Personal information must be accurate and up to date
- Personal information must not be kept for longer than is necessary
- Personal information must be processed in line with the data subjects’ rights
- Personal information must be secure
- Personal information must not be transferred to other countries without adequate protection
Your individual rights
Under the GDPR your rights are as follows:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling.
You also have the right to complain to the ICO (www.ico.org.uk) if you feel there is a problem with the way we are handling your data.
We handle subject access requests in accordance with the GDPR.
Data we gather
Information you have provided us with
When a visitor requests information from this website using our enquiry form, we collect their name, email address, optionally their phone number and non-personally identifiable information about the request which includes the IP address of the computer making the request and the time and date of the request.
When a visitor subscribes to the website, we collect their email address and non-personally identifiable information about the request which includes the IP address of the computer making the request and the time and date of the subscription.
When you purchase from us, we’ll ask you to provide information including your name, billing address, shipping address, email address, phone number and optional account information like username and password. We also store the details of the orders you have placed with us such as products costs and coupons. If you create an account, we will store your name, billing and shipping addresses, email and phone number. We will not store or collect your payment card details. That information is provided directly to our third-party payment processors, for more information, see below.
Information automatically collected about you
When a visitor accesses this website, we automatically collect certain non-personally identifiable information about the request. This information is stored by cookies and other session tools. This information includes the IP address of the computer making the request and the time and date of the request, the type of web browser being used, and, sometimes, the page from which the visitor is coming. The information does not contain the visitor’s name or email address.
How we use your personal data
We use your Personal Data in order to:
- In order to answer any queries and questions that you may have.
- Provide our services to you. This includes for example registering your account; providing you with other products and services that you have requested; providing you with promotional items at your request and communicating with you in relation to those products and services; communicating and interacting with you and notifying you of changes to any services.
- Enhance your customer experience.
- Fulfil an obligation under law or contract.
We use the following lawful bases in order to process your personal data:
You explicitly give your consent to a specific kind of processing of your personal information.
With your consent we process your personal data:
- To answer any specific queries or questions
- To send out newsletters with information on our products and promotions
- For other purposes we have asked your consent for
You can at any time request that your personal information is deleted.
We will continue to process your information until you withdraw consent or it is determined your consent no longer exists.
Your personal data under the consent lawful basis is not shared with any third parties.
On the basis of contractual necessity, we process your personal data for the following purposes:
- Process your orders
- Send you information about your account and order
- Respond to your requests, including refunds and complaints
- Process payments and prevent fraud – through a 3rd party payment gateways (see below for Data shared with other parties)
- Set up your account for our store which can be used to populate the checkout for future orders.
- Improve our store offerings
We keep your information while you are our customer and afterwards for a variety of reasons. We will only keep it for as long as we need to. If you have an account you have direct access in order to manage your data.
The processing of the personal data is a legitimate, expected behaviour of a business.
On the basis of legitimate interest we process your personal data for the following purposes:
- To improve our store offerings
- To administer and analyse our client base (purchasing behaviour and history) in order to improve the quality, variety, and availability of products / services offered/provided;
- To conduct questionnaires concerning client satisfaction;
As long as you have not informed us otherwise, we consider offering you products/services that are similar or same to your purchasing history/browsing behaviour to be our legitimate interest.
The processing of the personal data is required for legal reasons (e.g., accounting and tax purposes).
On the basis of legal obligation we process your personal data on the basis in order to fulfil obligation rising from law and/or use your Personal Data for options provided by law.
We reserve the right to anonymise personal data gathered and to use any such data. We will use data outside the scope of this Policy only when it is anonymised.
We generally store information about you for as long as we need the information for the purposes for which we collect and use it, and we are not legally required to continue to keep it. For example, we will store order information for 7 years for tax and accounting purposes. This includes your name, email address and billing and shipping addresses.
We might process your personal Data for additional purposes that are not mentioned here, but are compatible with the original purpose for which the data was gathered. To do this, we will ensure that:
- The link between purposes, context and nature of Personal Data is suitable for further processing
- The further processing would not harm your interests and
- There would be appropriate safeguard for processing
We will inform you of any further processing and purposes.
If, as determined by us, the lawful basis upon which we process your personal information changes, we will notify you about the change and any new lawful basis to be used if required. We shall stop processing your personal information if the lawful basis used is no longer relevant.
We do not intend to collect or knowingly collect information from children. We do not target children with our services.
Cookies we use
Some cookies are required to enjoy and use the full functionality of this website.
You can remove cookies stored in your computer via your browser settings. Alternatively, you can control some 3rd party cookies by using a privacy enhancement platform such as optout.aboutads.info or youronlinechoices.com. For more information about cookies, visit allaboutcookies.org.
Cookies that we use are:
|viewed_cookie_policy||makingpositivechanges.co.uk||This cookie is set to ‘yes’ when you click on the “Continue” button that is contained in the message in the footer warning you about the website using cookies. Once set the message no longer appears.||1 year|
|PHPSESSID||makingpositivechanges.co.uk||This cookie is used store information about the current session as visitors move around the site.||When browser is closed|
|woocommerce_items_in_cart||makingpositivechanges.co.uk||This cookie is set if a site visitor adds an item to the shopping basket and is essential for the ecommerce functionality of the website.||When browser is closed|
|makingpositivechanges.co.uk||When visitors write a review or comment on any other post, they will have cookies stored on their computer. This is purely for convenience, so that the visitor will not be required to re-type all their information again when they want to leave another comment in the future.||1 year|
|_ga||makingpositivechanges.co.uk||We use Google Analytics to monitor traffic levels, search queries and visits to this website. These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited. Full details of the cookies that Google Analytics uses can be found in Cookies & Google Analytics in documentation for Google’s Analytics tracking code.||2 years|
|__utmc||When browser is closed|
|wordpress_||makingpositivechanges.co.uk||These cookies are loaded onto their browser when when a visitor logs into their account. They identify that cookies are enabled and that the user is logged in. These cookies are required so that the user can navigate to and from their account and use the checkout and remain logged in.||2 weeks|
|wordpress_test_cookie||When browser is closed|
|guest_id||twitter.com||This cookie is set for the browser to remember the guest id to display the latest news from our twitter account.||2 years|
|Various Paypal and related cookies from Paypal||paypal.com
|Various third party cookies||shareaholic.com, facebook.com, scorecardresearch.com,
linkedin.com, google.com, quantserve.com, imrworldwide.com,
accounts.youtube.com, stumbleupon.com, w55c.net, printfriendly.com, lijit.com, bluekal.com, adnxs.com, turn.com, simpli.fi, mathtag.com, media6degrees.com, chango.com, orbengine.com, pubmatic.com, tag.admeld.com, rubiconproject.com, pixel.rubicomproject.com, opennx.net, ad360yield.com, invitemedia.com, adjug.com, adscale.de, ih.adscale.de, adbrite.com, afy11.net, casalemedia.com, adap.tv,sptxchange.com, rfihub.com
|We use ‘shareaholic’ buttons in our blogs and for some of the services that may be purchased. These allow the user to connect to one of the sharing social media sites log-on screens and then share our pages on that site, be able to email the details or print them out. These third party cookies are only loaded if the site visitor clicks on one of these buttons. When they do so these thrid party companies, including Shareaholic, collect certain anonymous information when you visit our website. These companies may use non-personally identifiable information during your visits to this and other websites in order to provide advertisements about goods and services likely to be of greater interest to you. These companies typically use a cookie or a third party web beacon to collect this information. To learn more about this behavioral advertising practice, you can visit www.networkadvertising.org.||Various|
Data security and protection
We do our best to keep your personal data safe. We use safe protocols for communication and transferring data (such as HTTPS). We use anonymising and pseudonymising where suitable. We monitor our systems for possible vulnerabilities and attacks.
Even though we try our best we can not guarantee the security of information. However, we promise to notify suitable authorities of data breaches. We will also notify you if there is a threat to your rights or interests. We will do everything we reasonably can to prevent security breaches and to assist authorities should any breaches occur.
If you have an account with us, note that you have to keep your username and password secret.
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
Transparent Privacy Explanations
We have provided some further explanations about user privacy and the way we use this website to help promote a transparent and honest user privacy methodology.
Data shared with other parties
We sell products through this websites. In that case, we use third-party services for payment processing (e.g. payment processors).
The payment processors we work with are:
Email marketing messages & subscription
Under the GDPR we use the consent lawful basis for anyone subscribing to our newsletter or marketing mailing list. We only collect certain data about you, as detailed in the “Processing of your personal data” above. Any email marketing messages we send are done so through an EMS, email marketing service provider. An EMS is a third party service provider of software / applications that allows marketers to send out email marketing campaigns to a list of users.
Email marketing messages that we send may contain tracking beacons / tracked clickable links or similar server technologies in order to track subscriber activity within email marketing messages. Where used, such marketing messages may record a range of data such as; times, dates, I.P addresses, opens, clicks, forwards, geographic and demographic data. Such data, within its limitations will show the activity each subscriber made for that email campaign.
Any email marketing messages we send are in accordance with the GDPR and the PECR. We provide you with an easy method to withdraw your consent (unsubscribe) or manage your preferences / the information we hold about you at any time. See the footer of any marketing messages for instructions on how to unsubscribe or manage your preferences.
Our EMS provider is MailChimp. We hold the following information about you within our EMS system;
- Email address
- Subscription time & date
or call us on: 01243 699646.
Last modification was made 25th May 2018.