Privacy Policy

Last updated: 19th May 2018

Who We Are

Hawthorn Pet And Animal Supplies operates https://hawthornpetsupplies.co.uk, for our contact information please see contact us

What personal data we collect and why we collect it

We use your Personal Information only for providing and improving the Site. By using the Site, you agree to the collection and use of information in accordance with this policy.
Information Collection And Use.

While using our Site, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you. Personally identifiable information may include but is not limited to :

  • name, we collect this to reference you and properly address you in communications
  • email address, email correspondence is our primary form of communication with our customers, we will send order confirmations and updates after an order is placed and may send you occasional marketing content
  • address, we require an address for billing and postage services we will not send you any marketing material to any address you provide us
  • Telephone, we collect a phone number you as a backup communication method in case we cannot contact you via email

Please note we do not store any form of bank details on our site and we do intend on changing this, we use WorldPay as a third party payment gateway. When you place an order online you provide your payment details to WorldPay and they then tell us whether the payment was successful or not, they do not share your payment information with us and we do not see or store this

Comments/Reviews

For Reviews and Comments, we collect a name and email address to address you correctly on the site and attribute the content provided correctly. We also store an anonymised hash produced from your email, IP address (The way you are addressed over the internet) and Browser Agent (information your web browser provides to websites to help sites tailor content to your device and platform) this is used for spam prevention and we pass this information to a Third Party Anti-Spam service: Gravatar. The Gravatar service privacy policy is available here. After approval of your comment, your profile picture (if you have one on your account) is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contact forms

We provide a contact form on our contact page. This allows you to contact us regarding customer service questions, such as product and order queries. We do not store any of your data when you post a contact request through this option. An email is generated and sent to our customer service team which will be actioned. The email address and information you provide in the contact form will not be used for marketing purposes.

Cookies

Cookies are files with small amount of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your computer's hard drive.
Like many sites, we use "cookies" to collect information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Site.
For more information on how we use cookies see our cookie policy

Cookie Breakdown
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select "Remember Me", your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

When interacting with our e-commerce systems such as adding a product to your cart, we will also add a session token cookie to your browser so we can maintain your basket even if you navigate away from the site and maintain the information you have provided throughout your visit.

Embedded content from other websites

We avoid using embedded content on our site to help improve your privacy, although there are occasions when this is the best way for us to provide a high-quality service to you. One example of this form of embedded content is videos, as videos are large and can take a lot of your bandwidth when loading them. We embed videos from third-party sites such as YouTube as they have produced very good proprietary compression and transmission protocols which can save you loading times and bandwidth.

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website

In every instance of embedded third-party content, it will be made clear to you, and you will see a logo of the hosting third party and a link to access the original content directly. We do not sell any advertising space on our site and therefore all third party content is chosen by us and we will take the decision on whether or not to use the content based on your privacy and security.

Analytics

Like many site operators, we collect information that your browser sends whenever you visit our Site.

This Log Data may include information such as your computer's Internet Protocol ("IP") address, browser type, browser version, the pages of our Site that you visit, the time and date of your visit, the time spent on those pages and other statistics.

All of the content provided is anonymised and we ensure that you as an individual cannot be identified based on your interactions or the data obtained from these interactions.

We use Google Analytics to collate and analyse usage data of the site and therefore we recommend that you see their Privacy Policy for information on how they use the data they collect: Google Analytics Terms and Privacy

Who we share your data with

WorldPay
We use WorldPay as our payment gateway and processor. Therefore when you are redirected to the WorldPay payment gateway, your order details are sent to WorldPay This data includes :

  • Order Reference Number - this is required for our system to communicate with WorldPay to check the payment status of your order and verify that the payment was successful
  • Order Amount - this is used by WorldPay to charge you the correct amount to cover your order
  • Your Name - used for billing purposes this will be sent to your payment provider to verify the payment
  • Your Billing Address - used for billing purposes this will be sent to your payment provider to verify the payment
  • Telephone - used for WorldPay to contact you if they notice anything unusual with your request
  • Email- used for WorldPay to contact you if they notice anything unusual with your request, they will also send you a verification email upon completion of your payment

WorldPay Privacy Policy

Automattic
Automattic provides a number of technologies that we use to provide our service. These include WordPress and JetPack. We use Automattic for anti-spam tools and site analytics which requires that we share some of your data with them this data includes :

    Comments

  • A Hash produced from your email, IP address and Browser Agent is shared with Automattic to verify and approve comments This Hash on its own is completely anonymised, although it is important for you to be aware of this data
    Analytics

  • Hashed Transaction Identifiers - these are hashed IDs to track your usage of the site and this is completely anonymised
  • IP - the IP address you are using to access the site which is anonymised for your privacy ensuring that this cannot be assigned to any of your usage
  • Browser Data - this contains information regarding your web browser and device used to see which devices and browsers are accessing our site

Automattic Privacy Policy

Google Analytics
We use Google Analytics for obtaining information regarding the demographics of our users and their interactions with our site so we can improve our service the data we share includes:

  • Hashed Transaction Identifiers - these are hashed IDs to track your usage of the site and this is completely anonymised
  • IP - the IP address you are using to access the site which is anonymised for your privacy ensuring that this cannot be assigned to any of your usage
  • Browser Data - this contains information regarding your web browser and device used to see which devices and browsers are accessing our site

Google Analytics Privacy Policy

We will not share your information for marketing purposes

How long we retain your data

For customer order information and records we require that this data is stored for 6 years for tax and accountability reasons, this also allows us to save your details for any future orders that you place.

If you leave a comment or review, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website, we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

Who on our team has access

Select members of our team have access to the information you provide us, these include the site administrator and 3 members of our management team. The data these members of staff can access include:

  • Order information like what was purchased, when it was purchased and where it should be sent
  • Customer information like your name, email address, and billing and shipping information.
  • Our team members have access to this information to help fulfil orders, process refunds and support you throughout your shopping experience with us. Access and actions completed by our staff are monitored and audited so that in the event of an issue we can rectify the problem quickly and efficiently.

    What rights you have over your data

    If you have an account on this site, ordered products or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes. You can also opt out of any of our services.

    To request a copy of the data we hold on you, have the data we hold on you removed or opt out of any of our services, please contact us and we will respond as soon as possible, but please note we maintain that these request may take up to 30 days from the date of the request to action.

    Where we send your data

    Visitor comments may be checked through an automated spam detection service provided by Automattic who are based in the US and site analytic data is also sent to Google Analytics who are also based in the US. All personally identifiable data is kept within the EU.

    How we protect your data

    Our site uses https, SSL encryption to ensure your communications with us are secure. We also have our own software based firewalling solution to prevent unauthorised or automated access to our site and its backend. Data such as Passwords are stored using a one-way hash to ensure that your data is secure. We do not store any form of bank or card details via our site which means in the event of a data breach you can rest assured that these details are secure.

    We maintain two PCI security assertations which require we regularly perform security intrusion scans and penetration tests.

    What data breach procedures we have in place

    We also have a number of internal policies for actioning data requests and breaches. We maintain internal monitoring systems which regularly check for changes to our system and record and alert administrators regarding login attempts.

    In the event of a data breach whether we will asset the situation and alert ALL potentially effect users, via email if possible and if not telephone.

    What third parties we receive data from

    We do not receive data from any advertisers or third party companies regarding our users.

    Contact information

    To contact us regarding data or privacy concerns please see our contact page