We are Boxcitement Ltd, a company registered in the UK. We operate the website www.boxcitement.co.uk.
The term “Boxcitement Ltd”, “Boxcitement”, “us” or “we” refers to the owner of the website whose registered office is William Burford House, Lansdown Place Lane Cheltenham, Glos GL50 2LB. The term “you” refers to the user or viewer of our website.
We may change this policy from time to time by updating this page; please check back from time to time to ensure that you remain happy with our policy. Ready? Grab a cuppa and read on.
We take your privacy seriously and are committed to protecting it, as indeed we are required to by law. We will only use the information that we collect about you within the restrictions placed on us by law. Boxcitement is based in the UK and operates in accordance with UK law.
This policy tells you how we deal with your personal data (i.e. any data that can identify you), what kinds of personal data we collect, how we use and protect it, and who we disclose it to. Please do not use our website unless you are completely happy with this policy. If you do use our website, we will assume that you do accept it.
YOUR PRIVACY AND BOXCITEMENT
This website is an e-commerce site, and needs to maintain customer details and associated information for the purpose of maintaining records so that we can send our boxes to customers, communicate with customers about their account and market to them, and for website optimisation.
Our website is hosted and maintained by Cratejoy, an e-commerce company who specialise in subscription-based sites. Cratejoy is based in the USA; the GDPR privacy regulations regarding our use and storage of data don't require personal data to be stored in Europe, only that the data is appropriately protected. Please be assured that personal data stored by Cratejoy is encrypted and compliant under the US Privacy Shield and under GDPR.
Secure payment card transactions and associated privacy are handled by our payment providers Stripe and Paypal. Their privacy statements are can be found on their respective websites. Please see below for further details on our secure payment systems.
THE DATA WE GATHER
We may collect the following information: name, contact information (physical and email addresses) and website usage data including IP addresses, the web browser used, and referrer IP sites. We may occasionally gather additional information when it is relevant such as during competitions, special offers and the use of discounts.
We will not collect any personally-identifiable information about you (e.g. your name, address, telephone number or e-mail address), unless you voluntarily choose to provide it to us (e.g. by deciding to use this site, by purchasing a product, or by signing up for newsletters or competitions). By providing us with personal information, you consent to the use of it as set out in this policy.
We will use this data to communicate with you, answer your queries, process your order, or provide you access to specific account information and also, subject to you agreeing to receive marketing communications, to support our relationship with you and offer you free products and special offers. In cases of suspicious activity we may use information provided by you in order to conduct appropriate anti fraud checks. We may store and process personal information to better understand your business needs and how we can improve our products and services. We may disclose personal data so far as reasonably necessary if we have reason to believe that it breaches our terms and conditions, or that such steps are necessary to protect us or others, or that a criminal act has been committed, or if there has been a complaint about content posted by you, or if we are required to do so by law.
If you choose not to have your personal information used to support our customer relationship by receiving marketing communications, we will respect your choice. You can choose to opt out of marketing communications at any time by unsubscribing using the link provided on our email marketing. We do not store credit card details nor do we share customer details with any third parties except for the purpose of processing orders (e.g. for creating postage labels and processing payments) unless you give us permission to do so, or we are obliged or permitted by law to disclose them.
Customers are requested to log in and keep their own personal information, such as name, address, email, billing information etc up to date.
HOW WE STORE YOUR DATA
The e-commerce engine used (Cratejoy) captures customer contact details (email, postal address etc) so that we know who to send our boxes to. We use this information to print address labels, and communicate with customers if necessary for example if an address is incomplete. The only data we store is for the purpose of printing address labels; all information is kept within password-protected documents on encrypted servers and all information is deleted as soon as its purpose has been fulfilled.
When you access our website, we may automatically collect information that is not personally identifiable (e.g. type of Internet browser and computer operating system used; domain name of the website from which you came; number of visits, average time spent, pages viewed etc).
The information that we collect from you may be transferred to and stored at a destination outside the United Kingdom: for example our website is hosted in the USA. The GDPR doesn’t require personal data to be stored in Europe, only that the data is appropriately protected; please be assured that personal data stored by Cratejoy is encrypted and compliant under the GDPR.
We retain the personal data that you provide to us when you registered with our website and/or application or any other information that you volunteered while using the website and/or application for (i) as long as your account is active or (ii) otherwise for a limited period of time as long as we need to fulfill the purposes for which we have initially collected it, unless otherwise required by law. Emails received for customer service purposes and to fulfull an order are deleted on a regular basis, no less than once a month. Data gathered by Google Analytics is removed entirely after 14 months.
As part of the registration process for our e-newsletter, we collect personal information. We use that information for a couple of reasons: to tell you about stuff you’ve asked us to tell you about; to contact you if we need to obtain or provide additional information; to check our records are right and to check every now and then that you’re happy and satisfied.
We use a third-party provider, MailChimp, to deliver our newsletter. We gather statistics around email opening and clicks using industry standard technologies to help us monitor and improve our e-newsletter. You can unsubscribe to general mailings at any time of the day or night by clicking the unsubscribe link at the bottom of any of our emails or by emailing our data protection officer Debi McCormack at [email protected] Information regarding Mailchimp's commitment to data privacy can be found here. For more information, please see MailChimp’s privacy notice.
Our website also uses Google’s remarketing technology. This technology enables users who have already visited our website and shown interest in Boxcitement to see targeted advertising on the websites of the Google partner network. The advertising will be displayed using cookies. The information generated by the cookie about the website use will be transmitted to and stored on servers in the United States by Google. In the event that the IP address is transferred, it will be reduced by the last 3 digits thereby becoming anonymous. Using cookies, the user behavior on a website can be analysed to provide targeted advertising based on the user’s interests.
Our website also uses the Conversion Tracking Pixel service provided by Facebook. This tool allows us to follow the actions of users after they are redirected to our website by clicking on a Facebook advertisement. We are then able to record how effective our Facebook advertisements are. The collected data remain anonymous. This means that we cannot see the personal data of any individual user. However, the collected data is saved and processed by Facebook. Facebook is able to connect the data with your Facebook account and use the data for their own advertising purposes, in accordance with Facebook’s Data Use Policy found here. Facebook Conversion Tracking also allows Facebook to show you advertisements on and outside Facebook. In addition, a cookie will be saved onto your computer for these purposes.
Facebook Pixel information can be found here. Please click here if you would like to change your ad preferences within Facebook.
CONTROLLING HOW WE USE YOUR DATA
Because it is Cratejoy who store and process our customer information, you have the right to have your data removed completely from Cratejoy IF you meet the following requirements:
If and only if your relationship with Boxcitement is completely terminated. Your subscription cannot be active; subscriptions must be cancelled or expired before Cratejoy can remove a customer's information.
The subscription must have no unshipped boxes; removing data includes removing your mailing address, which will make it impossible to ship future shipments.
What Cratejoy will remove: Customer Name.
Any EU customer with requests for personal data information or deletion can also contact [email protected] for assistance.
Please note that we are obliged to keep some transactional records for audit or in case of disputes. You have the right to request personal data that we hold about you, subject to us reserving the right to withhold such data to the extent permitted by law. We may require appropriate evidence of identity. Note that you may be able to amend aspects of your personal data within your account on our website. If you believe that any information we are holding on you is incorrect or incomplete, please email us as soon as possible, at [email protected] so we can amend any information found to be incorrect.