Privacy policy

Only & Eve - Luxury Scented Candles and Reed Diffusers - Privacy Policy

 

This privacy policy sets out how Only & Eve Ltd uses and protects any information that you give us when you use this website.

Only & Eve Ltd is committed to ensuring that your privacy is protected.  Should we ask you to provide certain information by which you can be identified when using this website, then you can be assured that it will only be used in accordance with this privacy statement.

Our policy complies with UK law accordingly implemented, including that required by the EU General Data Protection Regulation (GDPR).

The law requires us to tell you about your rights and our obligations to you in regards to the processing and control of your personal data. We do this now, by requesting that you read the information provided below.

Only & Eve Ltd may change this policy occasionally by updating this page.  You should check this page from time to time to ensure that you are happy with any changes.  This policy was last updated on 24th May 2018.

What we collect

We may collect the following information:

  • name 
  • contact information including email address
  • information required to process any order placed through this website
  • demographic information such as postcode, preferences and interests
  • order information
  • information required to process a product review (chosen screen-name, email address, review title and comment)
  • the pages of this website that you visited and how much time you spent on pages
  • other data given to us through our use of Google Analytics on this website

What we do with the information we gather

We require this information to understand your needs and provide you with a better service, and in particular for the following reasons:

  • internal record keeping
  • to improve our products and services
  • we may periodically send promotional email about new products, special offers or other information which we think you may find interesting using the email address which you have provided if you have consented to receiving our communications
  • we may use the information to customise the website according to your interests
  • except as set out in this policy, we do not share, or sell, or disclose to a third party, any information collected through our website.

The bases on which we process your information

The law requires us to determine under which of six defined bases we process different categories of your personal information, and to notify you of the basis for each category.

If a basis on which we process your personal information is no longer relevant then we shall immediately stop processing your data.

If the basis changes then, if required by law, we shall notify you of the change and of any new basis under which we have determined that we can continue to process your information.

 

1 Information we process because we have a contractual obligation to you

When you create an account on our website, buy a product from us, or otherwise agree to our terms and conditions, a contract is formed between you and us.

In order to carry out our obligations under that contract we must process the information you give us. Some of this information may be personal information.

We may use it in order to:

  • verify your identity for security purposes
  • sell products to you
  • provide you with our services
  • provide you with suggestions and advice on products, services and how to obtain the most from using our website

We process this information on the basis there is a contract between us, or that you have requested we use the information before we enter into a legal contract.

Additionally, we may aggregate this information in a general way and use it to provide class information, for example to monitor our performance with respect to a particular service we provide. If we use it for this purpose, you as an individual will not be personally identifiable.

We shall continue to process this information until the contract between us ends or is terminated by either party under the terms of the contract.

 

2. Information we process with your consent

Through certain actions when otherwise there is no contractual relationship between us, such as when you browse our website or ask us to provide you more information about our business, including employment opportunities, our products and services, you provide your consent to us to process information that may be personal information.

Wherever possible, we aim to obtain your explicit consent to process this information, for example, by asking you to agree to our use of cookies.

Sometimes you might give your consent implicitly, such as when you send us a message by e-mail to which you would reasonably expect us to reply.

Except where you have consented to our use of your information for a specific purpose, we do not use your information in any way that would identify you personally.  We may aggregate it in a general way and use it to provide class information, for example, to monitor the performance of a particular page on our website.

We continue to process your information on this basis until you withdraw your consent or it can be reasonably assumed that your consent no longer exists.

You may withdraw your consent at any time by instructing us help@onlyandeve.com.  However, if you do so, you may not be able to use our website or our services further.

 

3.  Information we process for the purposes of legitimate interests

We may process information on the basis there is a legitimate interest, either to you or to us, of doing so.

Where we process your information on this basis, we do after having given careful consideration to:

  • whether the same objective could be achieved through other means
  • whether processing (or not processing) might cause you harm
  • whether you would expect us to process your data, and whether you would, in the round, consider it reasonable to do so

For example, we may process your data on this basis for the purposes of:

  • record-keeping for the proper and necessary administration of our business
  • responding to unsolicited communication from you to which we believe you would expect a response
  • protecting and asserting the legal rights of any party
  • insuring against or obtaining professional advice that is required to manage business risk
  • protecting your interests where we believe we have a duty to do so

4.  Information we process because we have a legal obligation

Sometimes, we must process your information in order to comply with a statutory obligation.

For example, we may be required to give information to legal authorities if they so request or if they have the proper authorisation such as a search warrant or court order.

This may include your personal information.

 

Specific uses of information you to provide to us

5.  Information provided on the understanding that it will be shared with a third party

Our website allows you to post comments on blog articles that may be viewed or copied by other people.

In posting personal information, it is up to you to satisfy yourself about the privacy level of every person who might use it.

We do not specifically use this information except to allow it to be displayed as a contribution to the blog content or entry into a competition that require entry via commenting on a blog article.

We do store comments as they are retained against blog articles, but we do not use this data for marketing purposes and will not contact you for marketing purposes when registering your email address to post on our blog articles.  

We will only use your email address used to register to post on our blog if it is required to contact you to inform you that you are a competition winner.

Once your chosen posting name/comment enters the public domain, we have no control over what any individual third party may do with it. We accept no responsibility for their actions at any time.

Provided your request is reasonable and there is no legal basis for us to retain it, we will delete blog comments and registered blog accounts. You can make a request by contacting us at help@onlyandeve.com.

 

6.  Complaints regarding content on our website

Our blog is a publishing medium. Anyone may register and then publish information about himself, herself or some other person.  

We attempt to moderate user-generated content.

If you complain about any of the content on our website, we shall investigate your complaint.

If we feel it is justified or if we believe the law requires us to do so, we shall remove the content while we investigate.

Free speech is a fundamental right, so we have to make a judgment as to whose right will be obstructed: yours, or that of the person who posted the content that offends you.

If we think your complaint is vexatious or without any basis, we shall not correspond with you about it.

 

7.  Information relating to your method of payment

When you choose to place an order with us, we offer two data processor options as payment processing providers.  These are Shopify (if you click the gold Checkout button) or Paypal (if you click the Paypal Checkout button).

We pass your payment information to your chosen payment gateway provider.  We do not retain or store your data on our website or any physical or digital location owned or occupied by Only & Eve Ltd.

GDPR Article 28 requires that we impose strict contractual obligations on how a Data Processor (such as Shopify) use your data.  This is known as a Data Processing Agreement (DPA).

Full details of our DPA with Shopify can be accessed at https://www.shopify.com/legal/dpa

Full details of Paypal's privacy policy and commitment to you can be accessed at https://www.paypal.com/uk/webapps/mpp/ua/privacy-prev

Notification of Automated Decision Making

We have an obligation under the requirements of GDPR to notify you that Shopify and Paypal might automatically block a payment card number or IP address (a digital computer address) after a certain number of unsuccessful payment attempts or in the interests of other forms of fraud protection. Shopify and Paypal do not believe this has a significant legal effect on customers because the automated blocking lasts only for a short period of time.

 

8.  Job application and employment

If you send us information in connection with a job application, we may ask if you wish us to keep it for up to 12 months in case we decide to contact you at a later date.  We seek your consent to do this.  Without your consent, all data relating to your application will be destroyed within 28 days of advising you that you were unsuccessful in your application or that we had no vacancies at the time of application.

If we employ you, we collect information about you and your work from time to time throughout the period of your employment. This information will be used only for purposes directly relevant to your employment. After your employment has ended, we will keep your file for 5 years before destroying or deleting it.

 

9.  Sending a message to our Customer Services team

When you contact us, whether by telephone, through our website or by e-mail, we collect the data you have given to us in order to reply with the information you need.

We record your request and our reply in order to increase the efficiency of our business.

We keep personally identifiable information associated with your messages, such as your name and email address, so as to be able to track our communications with you to provide a high-quality service.  We do not use this information for any other purpose other than that which you initially contacted us or for the purpose of resolving any queries in the direction a conversation may take through the process of natural resolution.

 

10.  Complaining

When we receive a complaint, we record all the information you have given to us.

We use that information to resolve your complaint.

If your complaint reasonably requires us to contact some other person, we may decide to give to that other person some of the information contained in your complaint. We do this as infrequently as possible, but it is a matter for our sole discretion as to whether we do give information, and if we do, what that information is.

We may also compile statistics showing information obtained from this source to assess the level of service we provide, but not in a way that could identify you or any other person.

 

11.  Affiliate and business partner information

This is information given to us by you in your capacity as an affiliate of us or as a business partner.

It allows us to recognise visitors that you have referred to us, and to credit to you commission due for such referrals. It also includes information that allows us to transfer commission to you.

The information is not used for any other purpose.

We undertake to preserve the confidentiality of the information and of the terms of our relationship.

We expect any affiliate or partner to agree to reciprocate this policy.

 

12.  Data may be processed outside the European Union (EU)

Our websites are hosted through a Content Delivery Network (CDN) operated by Shopify.  We may also use outsourced services in countries outside the European Union from time to time in other aspects of our business.

Accordingly, data obtained within the UK or any other country could be processed outside the European Union.

For example, some of the software our website uses may have been developed in the United States of America or other country outside of the EU.

We use the following safeguards with respect to data transferred outside the European Union:

  • the processor is within the same corporate group as our business or organisation and abides by the same binding corporate rules regarding data processing -or- the processor is under the obligations required by Shopify (as the CDN hosting our site) to abide by the same binding rules regarding lawful processing of data under GDPR requirements

 

13.  Verification of your information

When we receive any request to access, edit or delete personally identifiable information we shall first take reasonable steps to verify your identity before granting you access or otherwise taking any action. This is important to safeguard your information.

Encryption of data sent between us

We use Secure Sockets Layer (SSL) certificates to verify our identity to your browser and to encrypt any data you give us.

Whenever information is transferred between us, you can check that it is done so using SSL by looking for a closed padlock symbol or another trust mark in your browser’s URL bar or toolbar.

Security

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.

How we use cookies

A cookie is a small file which asks permission to be placed on your computer's hard drive. The cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes.

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

Links to other websites

Our website may contain links to enable you to visit other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. We cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

Controlling your personal information

You may choose to restrict the collection or use of your personal information in the following ways:

  • If we ask you do complete an online form, look for the box that you can click to indicate that you do not want the information to be used by anybody for direct marketing purposes. 
  • If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by writing to or emailing us at help@onlyandeve.com
  • In most cases, we operate a policy of OPT-IN where you will need to tick a box to be contacted by us for marketing purposes in future. 

You may request details of personal information which we hold about you under the requirements of GDPR. A small fee will be payable. If you would like a copy of the information held on you please email us at help@onlyandeve.com.

If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible, at the above address. We will promptly correct any information found to be incorrect.

Retention period for personal data

Except as otherwise mentioned in this privacy policy, we keep your personal information only for as long as required by us:

  • to provide you with the products and/or services you have requested;
  • to comply with other law, including for the period demanded by government authorities;
  • to support a claim or defence in court.

How you can complain

  • If you are not happy with our privacy policy or if have any complaint then you should tell us by email. Our address is help@onlyandeve.com.
  • If a dispute is not settled then we hope you will agree to attempt to resolve it by engaging in good faith with us in a process of mediation or arbitration.

If you are in any way dissatisfied with how we process your personal information, you have a right to lodge a complaint with the Information Commissioner's Office. This can be done at https://ico.org.uk/concerns/ 

Internet Copyright Notice

This website and its content is copyright of Only & Eve Ltd - © 2017. All rights reserved.

Any redistribution or reproduction of part or all of the contents in any form is prohibited other than the following:

  • you may print or download to a local hard disk extracts for your personal and non-commercial use only.
  • you may copy the content to individual third parties for their personal use, but only if you acknowledge the website as the source of the material.
  • you may not, except with our express written permission, distribute or commercially exploit the content. Nor may you transmit it or store it in any other website or other form of electronic retrieval system.