Tesoros Gifts is committed to respecting your privacy and protecting your personal data. This policy will detail how we take care of your data, how we use it, why we use it and how you can control the data we hold about you.
The data controller responsible for the personal data you share with us is Maxine Purdy.
Additional contact details can be found here.
The data we collect about you
Personal data and information we may collect about you, as a website visitor or customer of Tesoros Gifts, include:
Identity data: First name, maiden name, last name, title and gender (derived from title)
Contact data: Billing addresses, delivery addresses, email addresses and telephone numbers
Transaction data: What you purchased, when you purchased, how much you paid and how you purchased.
Technical data: IP addresses, login username and password (if you create an account), browser type and plug-ins, time zone, geographic location, operating system and device, and other types of non-identifiable data relating to the device you use.
Financial data: Debit and credit card data for the purposes of ordering.
Profile data: Feedback, product and service reviews, preferences and survey responses.
Usage data: How you use our website and products.
Aggregated data: We may also collect statistical or demographic data, but this anonymised and non-identifiable.
We do NOT collect any data that falls under special categories of personal data, such as race, ethnicity, philosophical beliefs, religious beliefs, sexual orientation, political opinions, health or criminal history.
If you do not wish to provide personal data
Some personal data is integral to the products or services we provide, and in some cases we must collect personal data by law. If you do not wish to provide such data, we may not be able to supply products or services to you. In the event that you have already purchased products or services, we may have to cease these orders and refund you.
How we collect and share data
We collect data in the following ways:
Direct interactions – For example, if you fill in our checkout or a search field on our website, click a button to consent or provide an opinion, or respond to correspondence we have sent to you.
Third parties – We may use the following third parties to assist us in collecting data, and we may share types of data to these third parties to improve our website and business practices, or in some cases to offer the purchase of products:
- Analytics providers for the purposes of tracking, measuring and benchmarking website and business performance, as well as user actions, to improve our services and user experience (Identity data, contact data, transaction data, technical data, profile data, usage data, aggregated data)
- Online review providers for the purposes of collecting feedback and sharing public reviews to visitors and potential customers (Identity data, contact data, transaction data, technical data, profile data, usage data, aggregated data)
- Advertising networks for the purposes of optimising and targeting our marketing (Identity data, contact data, transaction data, technical data, profile data, usage data, aggregated data)
- Conversion optimisation software for the purposes of split testing and improving our website (Identity data, contact data, transaction data, technical data, profile data, usage data, aggregated data)
- Payment gateway platforms for the purposes of taking payment for your orders (Identity data, contact data, transaction data, technical data, financial data, profile data, usage data, aggregated data)
- Delivery providers for the purposes of delivering your orders (Identity data, contact data, transaction data, technical data, profile data, usage data, aggregated data)
- Marketing professionals, IT support professionals and web hosting companies for the purposes of optimising marketing and delivering and optimising our website and IT systems (Identity data, contact data, transaction data, technical data, profile data, usage data, aggregated data)
- Professional advisors, solicitors, accountants, regulators or other authorities for the purposes of legitimate business interests and where required by law to share data (Identity data, contact data, transaction data, technical data, profile data, usage data, aggregated data)
We only share your data for important uses relating to our company and require that all third parties adhere to strict privacy and security standards. Third parties may not use your personal data for any purpose other than what we have instructed.
How we use your personal data
We only use personal data under which the law allows. Circumstances include:
- To process and deliver an order that you have purchased
- Where it is required for our legitimate business interests (for example: service provision, website management, business strategy, user experience optimisation, customer support, business growth and fraud prevention)
- Where we must comply with legal obligations
- To provide returns, replacements or refunds for products under warranty or guarantees
We may also send you correspondence (such as emails and calls) relating to:
- Order confirmation, processing and dispatch
- Account creation and activities relating to that account
- Customer support
- Taking payment and processing refunds and replacements
- Requests for feedback and reviews, and following up to request the level of satisfaction you experienced with your order
Disclosures of personal data
Some of your personal data may be transferred outside of the EEA to third parties as described in “How we collect and share data”. As safeguards, we ensure that the countries these third parties are in have regulations and laws that provide sufficient protection for your data, and/or third parties may be part of the EU-US Privacy Shield.
We will only store your personal data for as long as required to meet all legal, accounting and business requirements.
According to UK tax law requirements, we must keep certain information about our customers (for example, identity, contact and transaction data) for six years after your last purchase.
In some cases we may make your personal data anonymous so it cannot be used to identify you, and use it for statistical needs. Such information may be retained and used permanently without informing you.
We have taken all reasonable steps to ensure the security of your personal data and to minimise the risk of accidental loss, access or use in an unauthorised manner. This includes site-wide SSL/TLS encryption. In the case of employees, agents and third parties, personal data is only shared on a need-to-know basis, and all parties are bound by a duty of confidentiality with strict instructions.
In case of a suspected breach of personal data, you will be notified via our website. We will also notify regulators where we are legally obliged to do so.
Your legal rights
You may have the following rights under the data protection laws when it comes to your personal data:
- Request access (we may be able to share with you the data we hold about you)
- Request correction (we may be able to correct any data we hold about you)
- Request erasure (we may be able to delete any data we hold about you)
- Request transfer (we may be able to transfer your personal data to a third party of your choosing upon request)
- Right to withdraw consent/object to processing (we may be able to stop using data we hold about you, but this may impact the ability to offer our products and services to you)
Please contact us if you would like to utilise any of these rights. You will not have to pay a fee unless we believe the request is excessive, unfounded or repetitive. We reserve the right to decline your request or charge a reasonable fee for these reasons, or if we are bound by law to not enact your request.
In some cases, for security purposes, we may need additional identifiable information from you to confirm who you are and make sure no unauthorised parties are requesting access.
We will attempt to respond to legitimate requests within 30 days, although in some cases it may take longer due to resource restrictions or the overall complexity of the request.