We take data privacy very seriously and this document describes how we handle and manage your data.
- We are The Glass Scribe (International) Ltd, and you can contact us at firstname.lastname@example.org.
- We process your data to provide our services to you, or for our legitimate interests.
- We only process your data for as long as we need to, and then we delete it.
- We do not sell or share your data with others unless they are providing a service to us (such as payment service providers), or unless you ask us to share your data.
- Our service includes a number of places where you can send data to third parties. If you want to use these, you should check you are happy with the way they use your data.
- We do not market to you without your consent and, if you give us your consent, you can withdraw it at any time.
- You’ve got lots of rights, including the right to complain to the Information Commissioner’s Office. If you need a hand in exercising your rights, feel free to contact us on email@example.com.
Who we are
How we process your data
Throughout your interactions with us we will collect only the data that we require in order to provide you with the service that you are requesting.
We may use your data to:
- fulfil any contract that you have placed with us;
- notify you about changes to our website or services from time to time;
- review website and usage to improve and develop our website and our products and services;
- where we have your consent, send promotions about new products and latest offers by email, phone or post;
- respond to your queries;
- where necessary, resolve your queries by passing information to relevant third parties such as a delivery company.
- deliver prizes that you have won when entering competitions;
- carry out analysis of data generated during your visit to our website for our own market research purposes and to track and measure the impact, results or pattern of website traffic and preferences from other promotional and marketing activities;
- comply with any applicable law, legal process or enforcement by any regulatory body.
The key information that we capture and process is shown below for your information:
When you access our service we will store a record of your IP address along with details of your request in our logs. This information is stored and used by our web developer to ensure the integrity of our service.
If third party cookies or services make use of your IP address we make sure that it is anonymised in whole or in part so you cannot be identified. For example, we use IP anonymisation in Google Analytics.
Authorisation and session data
Whenever you visit our website we will use several cookies that will identify your session to our service. This is necessary to provide the service to you.
Session cookies are used to match your browser with your actions on our website. For example, selecting a product and adding it to your order.
Browser cookies are used to associate and authenticate you with our site, and retain information pertaining to your use of our shop.
In addition to these cookies, there are several third party cookies and services which are used to track your actions on our site so we can identify areas in which we can improve the functionality of our site and give you a better service.
You may block, delete or disable any of these as your browser or device permits, but doing so will limit what you can do on our website.
Your contact information
We ask for contact information, including your name, e-mail address, telephone number and business name (if appropriate) so that we can fulfil any service with you. We may obtain this implicitly if you send it to us without us first requesting it, e.g. as an e-mail signature.
We require your postal address and/or e-mail address in order to provide you with an invoice for our service. This information is collected as a legal obligation and will be stored on our systems along with invoices for a minimum period of 7 years.
Your contact information may be stored in various systems that we use (for example: our accounting system). This is necessary to provide our service to you.
Your contact information will be retained until we are no longer under any legal obligation to store this information, or we have deemed all services with you to have been fulfilled, whichever is the later.
We store your e-mail address for the purposes of managing your account with us. This will be used for transactional e-mails that relate directly to your account or services. This information is required in order to ensure you are informed about your account and can take appropriate actions in various situations.
We may also use your e-mail address to send you messages about our service which may include notifications about newly launched features, improvements to the service, upcoming maintenance as well as ways to help you make the most of your service.
We will not send you any marketing messages unless you subscribe to our newsletter or special offers. You may withdraw this consent at any time by unsubscribing from the messages or contacting us, or amending your user profile accordingly via our website.
Your e-mail address will be kept until such time as all information associated with it are deleted from our systems.
If you send us e-mails, these will be passed through our mail server. This is necessary to provide our service to you.
If we send you transactional e-mails, such as order confirmations, these will be passed through our external mail server and stored for a period of time (currently 5 days) to assist with debugging delivery problems and ensuring messages are appropriately delivered to their destinations. This is necessary to provide our service to you.
The information stored includes the contents of the message sent, the e-mail addresses of the recipients and any other headers.
E-mails directly to/from our employees
If you communicate with our employees directly by e-mail, we may retain your name and e-mail address in the mailboxes of the employee(s) that you communicate with, together with its contents and metadata. This is necessary to provide our service to you.
Call logs & recordings
We do not log or record telephone calls.
We store rotating backups of data for use in disaster recovery. Backup data is stored on site, and off site. This is necessary to provide our service to you.
Backups can only be obtained by authorised members of staff.
In the execution of our service, we may receive or produce designs that are to be printed or engraved onto our products, or a product that you supply to us. These designs are backed up as described above.
You can ask us for the personal information stored in a design, but we retain ownership and copyright of all designs we create ourselves.
Designs are retained indefinitely, to facilitate expedient delivery of a future service, e.g. an award ceremony that occurs once a year.
We never store your own passwords on our servers in plain text. Passwords are hashed using an industry standard hashing algorithm.
As a good security practice, we recommend the following with regards to choosing your password:
- Use a unique password with our website that is not shared with any others.
- Choose a long secure password containing either multiple random words, or a good combination of letters, numbers & symbols.
- Exercise good password hygiene and change your password on a regular basis.
We do not store your full card details on our system.
As permitted by Stripe, we store the last 4 digits of your card, its type and its expiry date on our systems so that you can identify which card(s) may be used for future payments.
You can store several cards in your account and choose which you wish to use during checkout.
Any data added by you and stored in your account
When you use our website you might upload or generate personal information, e.g. a design, or some engraving text. You will remain the data controller for all such data that is stored within our systems and are responsible for ensuring you have an appropriate lawful basis & notices in place to allow us to store this data on your behalf.
We do not recommend customers store any personal data in areas of our systems that are not designed for the purposes of storing this information.
Support by e-mail
If you contact us by e-mail or through our website, you will be sharing your contact details (e-mail address and/or phone number) with us for the purposes of responding to your query. This is necessary to provide our service to you.
We retain all support requests (including name & contact details) that we receive for the purposes of auditing and training of staff.
If you apply for a job with us, we will store the personal data that you submit for the purposes of considering your application.
Job application data is kept for one month after the corresponding position has been filled.
We operate servers which are managed by companies compliant with GDPR regulations or are covered by the EU-US Privacy Shield or have other written privacy policies which we deem sufficient commensurate with the data they store or process.
Transfer of data to group companies
We may share and/or transfer your data with other companies within our group for the purposes of administration and company structuring.
Transfer of data on product or service acquisition
If we are acquired by another company or entity, we may share your information with the acquiring company so that they may continue to provide you with the services that you have elected to receive. You will be notified by e-mail in the event that such an acquisition occurs.
Third party processors
We use third parties to provide us with additional services in order to carry out our business. We maintain a list of third parties that process data on our behalf.
- We may share your details with professional service companies such as delivery companies, accountants or accounting software.
- We may share your details with companies who provide us with payment services for taking payments from credit/debit cards.
- We may share your details with companies we use to provide computing services.
- We may share your details with e-mail marketing software providers to allow us to send e-mails to you.
- We may share your details with companies who provide us with communication services such as live chat or e-mail.
Some of our applications allow users to configure integrations with third party services (such as e-Commerce Websites). When using any of these integrations, you share your data with the organisations who operate these services. You should review their own privacy information with regard to how they will treat this information once it has been provided.
Correcting your personal data
It is important to us that the information we store is up to date and accurate. You may update the majority of your details at any time through our website, or you can contact us.
Removal of your personal data
In some cases, you may be able to request that we remove your personal data from our systems. As with correcting your data, you can often delete your data yourselves through our website. In other cases, though, please feel free to contact us using the information below.
You have a lot of rights, including right to request access to and rectification or erasure of your personal data or restriction of processing of it. You also have the right to object to our processing of your data in some situations, as well as the right to data portability.
However, we may continue to process your personal data, despite your objection, where there are compelling legitimate grounds to do so or we need to process your personal data in connection with any legal claim.
If we make a decision which is based solely on automated processing (without human involvement) and that decision produces a legal effect or otherwise significantly affects you, you can request that we involve one of our employees or representatives in the decision-making process.
Notification of data breaches
Upon discovering any data breaches, we will notify any affected individuals as soon as it is practical. In the event of a data breach concerning personal data, the affected parties will be notified by e-mail to the main e-mail address we store with your account.
Use of our services by persons under the age of 18
We do not allow anyone under the age of 18 to signup, use or store any personal data with us on any of our services. If we discover or are notified about the presence of a user under this age, we will remove their data from our systems without notice.
Our lawful basis for data processing
Under the General Data Protection Regulation, unless we have otherwise specified above, we will be processing your data as a legitimate interest. These interests include staff training, ensuring the security of our systems and to allow us to operate our business in an efficient manner.
Where our processing is based on consent, you may withdraw consent at any time.
Where our processing is necessary for us to perform our contract with you, or to take steps to enter into a contract with you, we will not be able to enter into a contract with you or deliver our service to you if you do not give us the data in question.
Disclosure of information to law enforcement agencies
We may disclose your information if we are requested to by any law enforcement agency where we believe we are required to comply with the request under any applicable laws.
Data protection authority
You may have the right to lodge a complaint with your local data protection authority or the Information Commissioner’s Office (ICO) in the United Kingdom (our authority).
The ICO can be contacted at: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Other information can be found on their website at ico.gov.uk.