Privacy Notice

Who we are?

We are Purple Pixie; producing beautiful handmade sterling silver jewellery from sterling silver sheet and wire. We are a small business based in Oswestry, Shropshire.

Your Privacy

Your privacy matters to us and we are committed to the highest data privacy standards, confidentiality and adherence with the Data Protection Act 2018 and UK GDPR.

To disclose this to you, our Privacy Notice includes the following:

What data we collect from you.
How and why we process it.
Who we share it with and why.

We adopt the six core principles of data protection which are:

Lawfulness, fairness and transparency- we process personal data lawfully, fairly and in a transparent manner in relation to you, the data subject.
Purpose limitation- we only collect personal data for a specific, explicit and legitimate purpose. We clearly state what this purpose is in this Privacy Notice, and we only collect data for as long as necessary to complete that purpose.
Data minimisation- we ensure that personal data we process is adequate, relevant and limited to what is necessary in relation to the processing purpose.
Accuracy- we take every reasonable step to update or remove data that is inaccurate or incomplete. You have the right to request that we erase or rectify erroneous data that relates to you, and we will complete this task as soon as possible but guarantee to do so within a month.
Storage limitation- we delete personal data when we no longer need it. Whilst the timescales in most cases aren't set, we outline our retention strategy within this Privacy Notice.
Integrity and confidentiality- we keep personal data safe and protected against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

Collection of your Personal Data

We may collect your personal information through disclosure directly from you. This might be via our website, social media, email, telephone or face to face engagement.

Categories and Type of Personal Data Collected and processed.

We will collect personal information from you in order to provide our products or respond to your enquiries. These will include:

Name
Address
Telephone number(s)
E mail addresses
Orders and Delivery preferences
Payment details
Marketing preferences

We may also capture some data which can be considered as personal data when you use our website/ online shop, through the use of cookies.

The majority of our engagement with customers who purchase our products is through our website/ online shop and we provide options for cookie preferences on the website and details of the cookies in use at the bottom of this policy; to ensure you are informed of them.

We will not need to collect any personal data from you which would be classified as ‘Special Category’ or that of children.

We will treat all personal data in the strictest confidence.

Reason for Data collection and processing activities.

The information which we collect about you, is used for the purposes of communicating with you, providing products you have ordered and answering enquires.

We will not use your personal data for marketing purposes unless you have agreed to this.

Sharing of Personal Data

During the delivery of our services to you, we may share your data with other companies who are critical in their delivery, receiving payment and in enabling communication with you. These companies will be Data Processors on our behalf and are contractually required to only process your personal data in accordance with contracted terms; which requires them to ensure your data is protected using appropriate technical and organisation measures.

Some of the companies with whom we share your personal data are located outside of the UK and in countries which do not have the same legal framework for the protection of privacy rights. This is in particularly relevant to the operation of our website and online shop by Shopify who are located in the USA.

We have ensured that these companies provide sufficient safeguards to protect your data.

A full list of processors is available on request.

We may also need to share your data in order to meet our commercial legal obligations, respond to requests from regulatory bodies or for our own legal defence.

Securing and Processing of your Personal Data

The personal data collected from you will be held securely by us or our processors and access to it will be limited to only those who need it.

We employ a range of Technical and Organisational measures to ensure that your data remains secure and cannot be accessed by unauthorised persons, mis-used, lost or altered. Our staff and processors work under the provisions of strict confidentiality requirements and receive training in our data security policies and procedures.

In the unlikely event that we lose your data, or a device on which your data resides, or it is accessed by someone unauthorised, we have a duty to inform you immediately. If the loss or unauthorised access of your data has potential to cause you harm, we will also report this to the Information Commissioners Office, who are responsible for regulating data protection legislation in the UK.

https://ico.org.uk/

Our legal basis for processing your personal data

We are required to identify one of six possible legal grounds for processing. These are:

consent
contract
legitimate interests
vital interests
public task
legal obligation

The majority of our processing activities are crucial to the provision the products which you order, so we process your personal data on the basis of that contractual relationship.

We also process your data under our legitimate interests when utilising various third-party systems through which to provide our products, facilitate online payments or communications.

How long do we keep your personal data for?

If you have purchased products from us, we will retain your data for 7 years following our last engagement, after which we will securely destroy it or erase it from our IT systems.

If you made enquiries with us we would only retain this data for as long needed to provide responses or support required.

We will only use your data for marketing purposes until such time that you withdraw your consent.

Your rights in relation to personal data

Under the UK GDPR, you have rights to access and control your personal data. These rights include:

access to personal information
correction and deletion
withdrawal of consent (if processing data on condition of consent)
data portability
restriction of processing and objection
lodging a complaint with the Information Commissioner’s Office

You can exercise your rights by emailing us at:

info@purplepixie.co.uk

If you are unhappy with anything we have done with your data, you have the right to complain to the Information Commissioners Office.

To make a complaint to the Information Commissioners Office use the link below or call their hotline on Tel No.: 0303 123 1113.

https://ico.org.uk/concerns/

How to contact us

For all data protection matters or questions relating to how we manage your data, you can contact our responsible personnel:

Responsible Personnel: Denise Perret

Email: info@purplepixie.co.uk

or by writing to:

Denise Perret

Purple Pixie. 8 Meadow Way. Gobowen. SY11 3LY .

Cookies

Our website / online shop is provided and hosted by Shopify. The below tables details the types of Cookies which may be used when using our website and ordering products from it.

You can set your cookie preferences on our website or use the settings in your browser.

NAME	FUNCTION	DURATION
_ab	Used in connection with access to admin.	2y
_customer_account_shop_sessions	Used in combination with the _secure_account_session_id cookie to track a user's session for new customer accounts	30d
_secure_account_session_id	Used to track a user's session for new customer accounts	30d
_secure_session_id	Used to track a user's session through the multi-step checkout process and keep their order, payment and shipping details connected.	24h
_shopify_country	For shops where pricing currency/country set from GeoIP, that cookie stores the country we've detected. This cookie helps avoid doing GeoIP lookups after the first request.	session
_shopify_m	Used for managing customer privacy settings.	1y
_shopify_tm	Used for managing customer privacy settings.	30min
_shopify_tw	Used for managing customer privacy settings.	2w
_storefront_u	Used to facilitate updating customer account information.	1min
_tracking_consent	Used to store a user's preferences if a merchant has set up privacy rules in the visitor's region.	1y
_cmp_a	Used for managing customer privacy settings.	1d
c	Used in connection with checkout.	1y
cart	Used in connection with shopping cart.	2w
cart_currency	Set after a checkout is completed to ensure that new carts are in the same currency as the last checkout.	2w
cart_sig	A hash of the contents of a cart. This is used to verify the integrity of the cart and to ensure performance of some cart operations.	2w
cart_ts	Used in connection with checkout.	2w
cart_ver	Used in connection with shopping cart.	2w
checkout	Used in connection with checkout.	4w
checkout_token	Used in connection with checkout.	1y
customer_account_locale	Used in connection with new customer accounts	1y
dynamic_checkout_shown_on_cart	Used in connection with checkout.	30min
hide_shopify_pay_for_checkout	Used in connection with checkout.	session
keep_alive	Used in connection with buyer localization.	2w
master_device_id	Used in connection with merchant login.	2y
previous_step	Used in connection with checkout.	1y
discount_code	Used in connection with checkout.	session
remember_me	Used in connection with checkout.	1y
secure_customer_sig	Used to identify a user after they sign into a shop as a customer so they do not need to log in again.	1y
shopify_pay	Used in connection with checkout.	1y
shopify_pay_redirect	Used in connection with checkout.	1 hour, 3w or 1y depending on value
shop_pay_accelerated	Used in connection with checkout.	1y
source_name	Used in combination with mobile apps to provide custom checkout behavior, when viewing a store from within a compatible mobile app.	session
storefront_digest	Stores a digest of the storefront password, allowing merchants to preview their storefront while it's password protected.	2y
tracked_start_checkout	Used in connection with checkout.	1y
checkout_session_lookup	Used in connection with checkout.	3w
checkout_prefill	Used in connection with checkout.	5m
checkout_queue_token	Used in connection with checkout.	1y
checkout_queue_checkout_token	Used in connection with checkout.	1y
checkout_worker_session	Used in connection with checkout.	3d
checkout_session_token	Used in connection with checkout.	3w
checkout_session_token_<<token>>	Used in connection with checkout.	3w
cookietest	Used to ensure our systems are working correctly	1m
order	Used in connection with order status page.	3w
identity-state	Used in connection with customer authentication	24h
identity-state-<<token>>	Used in connection with customer authentication	24h
identity_customer_account_number	Used in connection with customer authentication	12w
card_update_verification_id	Used in connection with checkout.	20m
customer_account_new_login	Used in connection with customer authentication	20m
customer_account_preview	Used in connection with customer authentication	7d
customer_payment_method	Used in connection with checkout.	1h
customer_shop_pay_agreement	Used in connection with checkout.	20m
pay_update_intent_id	Used in connection with checkout.	20m
localization	Used in connection with checkout.	2w
profile_preview_token	Used in connection with checkout.	5m
login_with_shop_finalize	Used in connection with customer authentication	5m
preview_theme	Used in connection with the theme editor	session
shopify-editor-unconfirmed-settings	Used in connection with the theme editor	16h
wpm-test-cookie	Used to ensure our systems are working correctly.	session