Boxcitement - Privacy

Privacy policy and secure payments


©Boxcitement Ltd, latest update April 30th 2018

We are Boxcitement Ltd, a company registered in the UK. We operate the website www.boxcitement.co.uk. The term “Boxcitement Ltd”, “Boxcitement”, “us” or “we” refers to the owner of the website whose registered office is William Burford House, Lansdown Place Lane Cheltenham, Glos GL50 2LB. The term “you” refers to the user or viewer of our website.

AN INTRODUCTION TO OUR PRIVACY POLICY

The team at Boxcitement want you to fully trust and have confidence in using our website - it's really important to us to look after your data. We want you to know that we will never sell or share email lists with other companies for marketing purposes. In this Privacy Policy, we’ve provided lots of detailed information on when and why we collect your personal information, how we use it, the limited conditions under which we may disclose it to others and how we keep it secure. We may change this policy from time to time by updating this page; please check back from time to time to ensure that you remain happy with our policy. Ready? Grab a cuppa and read on.

THE PRINCIPLES BEHIND OUR PRIVACY POLICY

We take your privacy seriously and are committed to protecting it, as indeed we are required to by law. We will only use the information that we collect about you within the restrictions placed on us by law. Boxcitement is based in the UK and operates in accordance with UK law. This policy tells you how we deal with your personal data (i.e. any data that can identify you), what kinds of personal data we collect, how we use and protect it, and who we disclose it to. Please do not use our website unless you are completely happy with this policy. If you do use our website, we will assume that you do accept it.

YOUR PRIVACY AND BOXCITEMENT

This website is an e-commerce site, and needs to maintain customer details and associated information for the purpose of maintaining records so that we can send our boxes to customers, communicate with customers about their account and market to them, and for website optimisation.
Our website is hosted and maintained by Cratejoy, an e-commerce company who specialise in subscription-based sites. Cratejoy is based in the USA; the GDPR privacy regulations regarding our use and storage of data don't require personal data to be stored in Europe, only that the data is appropriately protected. Please be assured that personal data stored by Cratejoy is encrypted and compliant under the GDPR. Cratejoy are also currently reviewing their Privacy Policy and Terms of Service to include information on data processing, data retention periods, and EU customers’ rights to information. Cratejoy's current privacy policy is provided here and will be updated to reflect their policy changes.
Secure payment card transactions and associated privacy are handled by our payment providers Stripe and Paypal. Their privacy statements are can be found on their respective websites. Please see below for further details on our secure payment systems.

THE DATA WE GATHER

We may collect the following information: name, contact information (physical and email addresses) and website usage data including IP addresses, the web browser used, and referrer IP sites. We may occasionally gather additional information when it is relevant such as during competitions, special offers and the use of discounts.
We will not collect any personally-identifiable information about you (e.g. your name, address, telephone number or e-mail address), unless you voluntarily choose to provide it to us (e.g. by deciding to use this site, by purchasing a product, or by signing up for newsletters or competitions). By providing us with personal information, you consent to the use of it as set out in this policy.
We will use this data to communicate with you, answer your queries, process your order, or provide you access to specific account information and also, subject to you agreeing to receive marketing communications, to support our relationship with you and offer you free products and special offers. In cases of suspicious activity we may use information provided by you in order to conduct appropriate anti fraud checks. We may store and process personal information to better understand your business needs and how we can improve our products and services. We may disclose personal data so far as reasonably necessary if we have reason to believe that it breaches our terms and conditions, or that such steps are necessary to protect us or others, or that a criminal act has been committed, or if there has been a complaint about content posted by you, or if we are required to do so by law. If you choose not to have your personal information used to support our customer relationship by receiving marketing communications, we will respect your choice. You can choose to opt out of marketing communications at any time by unsubscribing using the link provided on our email marketing.
We do not store credit card details nor do we share customer details with any third parties except for the purpose of processing orders (e.g. for creating postage labels and processing payments) unless you give us permission to do so, or we are obliged or permitted by law to disclose them.
Customers are requested to log in and keep their own personal information, such as name, address, email, billing information etc up to date.

HOW WE STORE YOUR DATA

The e-commerce engine used (Cratejoy) captures customer contact details (email, postal address etc) so that we know who to send our boxes to. We use this information to print address labels, and communicate with customers if necessary for example if an address is incomplete. The only data we store is for the purpose of printing address labels; all information is kept within password-protected documents on encrypted servers and all information is deleted as soon as its purpose has been fulfilled. When you access our website, we may automatically collect information that is not personally identifiable (e.g. type of Internet browser and computer operating system used; domain name of the website from which you came; number of visits, average time spent, pages viewed etc).
The information that we collect from you may be transferred to and stored at a destination outside the United Kingdom: for example our website is hosted in the USA. The GDPR doesn’t require personal data to be stored in Europe, only that the data is appropriately protected; please be assured that personal data stored by Cratejoy is encrypted and compliant under the GDPR.

MAILING LISTS

As part of the registration process for our e-newsletter, we collect personal information. We use that information for a couple of reasons: to tell you about stuff you’ve asked us to tell you about; to contact you if we need to obtain or provide additional information; to check our records are right and to check every now and then that you’re happy and satisfied. We use a third-party provider, MailChimp, to deliver our newsletter. We gather statistics around email opening and clicks using industry standard technologies to help us monitor and improve our e-newsletter. You can unsubscribe to general mailings at any time of the day or night by clicking the unsubscribe link at the bottom of any of our emails or by emailing our data protection officer Debi McCormack at [email protected]
Information regarding Mailchimp's commitment to data privacy can be found here. For more information, please see MailChimp’s privacy notice.

COOKIES

Boxcitement uses cookies to enhance your experience of using our services. By using services provided by Boxcitement, you consent to the use of cookies. Cookies are small pieces of text sent to your web browser by a website you visit. We use cookies for the following purposes: to enable certain functions of the Service, to provide analytics, to store your preferences, and to enable advertisements delivery. Using cookies, the user behavior on a website can be analysed to provide targeted advertising based on the user’s interests. We may use essential cookies to authenticate users and prevent fraudulent use of user accounts. In addition to our own cookies, we may also use various third parties cookies to report usage statistics of the Service, and deliver advertisements on and through the Service. If you'd like to delete cookies or instruct your web browser to delete or refuse cookies, please visit the help pages of your web browser or visit this website for detailed instructions. Please note, however, that if you delete cookies or refuse to accept them, you might not be able to use all of the features we offer, you may not be able to store your preferences, and some of our pages might not display properly.
Visiting our website generates a variety of cookies and javascript actions provided by third parties. We have linked their policies here but please check their websites for further information or if the links are not working due to circumstances beyond our control.

Our website uses tracking and analytical cookies from Google. Google's commitment to data protection is outlined here. Google Analytics privacy statement is provided here. We have set the data stored within Google to expire after 14 months. Google Analytics’ terms also require us to include the following wording: “This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.”
Our website also uses Google’s remarketing technology. This technology enables users who have already visited our website and shown interest in Boxcitement to see targeted advertising on the websites of the Google partner network. The advertising will be displayed using cookies. The information generated by the cookie about the website use will be transmitted to and stored on servers in the United States by Google. In the event that the IP address is transferred, it will be reduced by the last 3 digits thereby becoming anonymous. Using cookies, the user behavior on a website can be analysed to provide targeted advertising based on the user’s interests.

Our website also uses the Conversion Tracking Pixel service provided by Facebook. This tool allows us to follow the actions of users after they are redirected to our website by clicking on a Facebook advertisement. We are then able to record how effective our Facebook advertisements are. The collected data remain anonymous. This means that we cannot see the personal data of any individual user. However, the collected data is saved and processed by Facebook. Facebook is able to connect the data with your Facebook account and use the data for their own advertising purposes, in accordance with Facebook’s Data Use Policy found here. Facebook Conversion Tracking also allows Facebook to show you advertisements on and outside Facebook. In addition, a cookie will be saved onto your computer for these purposes.
Facebook Pixel information can be found here. Please click here if you would like to change your ad preferences within Facebook.

CONTROLLING HOW WE USE YOUR DATA

You may choose to restrict the collection or use of your personal information by cancelling your subscription with Boxcitement, by unsubscribing from any marketing emails and/or by emailing us asking us to confirm that we have removed all records about you. Any EU customer with requests for personal data information or deletion can also contact [email protected] for assistance. Please note that we are obliged to keep some transactional records for audit or in case of disputes. You have the right to request personal data that we hold about you, subject to us reserving the right to withhold such data to the extent permitted by law. We may require appropriate evidence of identity. Note that you may be able to amend aspects of your personal data within your account on our website. If you believe that any information we are holding on you is incorrect or incomplete, please email us as soon as possible, at [email protected] so we can amend any information found to be incorrect.

SECURE PAYMENT

As you are no doubt aware, the Internet is not a completely secure communication system, and users must assume that this may pose a risk to the integrity of information they provide. Accordingly, we accept no legal responsibility for any loss or misuse of the data that may occur while the data is in transmission. For payment services however, we make use of e-commerce infrastructure providers who provide encrypted internet level security. The methods used are based on Certification Authority certificates (built into computer operating systems) and encrypted communication methods based on HTTPS and SSL/TLS techniques (built into browser applications). We of course have no responsibility for the security of users’ own IT and communication systems, and strongly recommend that all users follow good IT practices when using the web. We are committed to ensuring that your information is secure, and have chosen the following providers who have the necessary infrastructure to provide secure communications.
As noted previously this website is hosted by the US e-commerce subscription specialist Cratejoy. We make use of Cratejoy’s payment provider partners Stripe and PayPal to process credit card and processor payments.
Stripe and PayPal are both major international payment providers. Stripe have provided comprehensive documents on their commitment to data protection within the framework of the GDPR - please read them here.
PayPal's privacy policy can be read here. Please take the time to check you are happy with the details provided by our payment processors.
Please note that payment details including credit card numbers are supplied directly to our payment partners. We do not receive or store any financial details, other than the bare minimum needed to trace transactions for auditing purposes. For anti fraud reasons and to ensure your payments have not been misused, your personal data may be supplied by our payment partners to relevant third parties including credit reference and fraud prevention agencies, who may keep a record of that information.
The outcome of any payment transaction (successful or otherwise), is communicated back to the e-commerce engine, and in turn this information is related back to Boxcitement. We will then fulfil the order if the payment has succeeded or make contact in case there is a problem with the credit card (for example if the credit card expiry date has been reached).
To comply with online payment security regulations we do not accept payment by any other means other than those outlined here.
©Boxcitement Ltd 2018.