Our Commitment To Privacy
Your privacy is important to us. To better protect your privacy we provide this notice explaining our online information practices and the choices you can make about the way your information is collected and used. To make this notice easy to find, we make it available on our homepage and at every point where personally identifiable information may be requested.
- User privacy and data protection are human rights
- We have a duty of care to the people whose data we hold
- Data is a liability, it should only be collected and processed when absolutely necessary
- We will never sell, rent or otherwise distribute or make public your personal information
- We hate spam. I mean really REALLY hate spam. We will never intentionally sell or give your data to anyone who would spam you. Ever.
- The Information We Collect and why
This site uses Google Analytics (GA) to track user interaction. We use this data to determine the number of people using our site, to better understand how they find and use our web pages and to see their journey through the website. Although GA records data such as your geographical location, device, internet browser and operating system, none of this information personally identifies you to us. GA also records your computer’s IP address which could be used to personally identify you but Google does not grant us access to this. We consider Google to be a Third Party Data Processor.
This notice applies to all information collected or submitted on this website. On some pages, you can order products, make requests, and register to receive materials. The types of personal information collected under Article 6 are (a) Consent and (b) Contract. The information collected as a Data Controller is:
Company Name (if applicable)
You also have the option to sign up for a marketing email from us. We send out emails about once a year (usually less!) containing information about us or new products we offer. You can easily unsubscribe in the footer of all emails.
The Information We DONT Collect:
Credit/Debit Card Information
Should you choose to add a comment to any posts that we have published on our blog. The name and email address you enter with your comment will be saved to this website’s database, along with your computer’s IP address and the time and date that you submitted the comment. This information is only used to identify you as a contributor to the comment section of the respective blog post and is not passed on to any of the Third Party Data Processors detailed below. Only your name will be shown on the public-facing website although if the supplied email address is linked to a Gravatar account, your Gravatar photo will also be displayed.
Your comment and its associated personal data will remain on this site until we see fit to either:
- Remove the comment
- Remove the blog post.
Should you wish to have the comment and its associated personal data deleted, please contact us.
If you are under 16 years of age you MUST obtain parental consent before posting a comment on our blog.
Contact Forms and email links
Should you choose to contact us using a contact form on our Contact us page or via an email link, none of the data that you supply will be stored by this website or passed to / be processed by any of the Third Party Data Processors. The data will be collated into an email and sent to us over the Simple Mail Transfer Protocol (SMTP).
People who call us
When you call us, we collect Calling Line Identification (CLI) information. We use this information to help improve its efficiency and effectiveness.
If you choose to sign up for our email newsletter, the details that you submit to us will be forwarded to MailChimp who provide us with email marketing services. We consider MailChimp to be a Third Party Data Processor. The details that you submit will not be stored within this website’s own database or in any of our internal computer systems. We gather statistics around email opening and clicks using industry standard technologies including clear gifs to help us monitor and improve our e-newsletter.
Your email address will remain within MailChimp’s database for as long as we continue to use MailChimp’s services for email marketing or until you specifically request removal from the list. You can do this by unsubscribing using the unsubscribe links contained in any and all email newsletters that we send you or by requesting removal via email or our contact form. When requesting removal via email, please send your email to us using the email account that is subscribed to the mailing list.
If you are under 16 years of age you MUST obtain parental consent before joining our email newsletter.
If you contact us via Social Media, your details will be stored in accordance with their Terms & Conditions and will not be passed to any Third Party unless there is a legitmate basis as part of a service or to answer your query.
- Log data
When you use our services, our servers record information (“log data”), including information that your browser or email client automatically sends whenever you visit a website, send an email, or your mobile app automatically sends when you’re using it. This log data includes your Internet Protocol address along with other details.
- Cookie data
- Device Information
In addition to log data, we collect information about the device you’re using, including a type of device, operating system, settings, unique device identifiers and crash data that helps us understand when something breaks. Whether we collect some or all of this information often depends on what type of device you’re using and its settings.
- How We Use Your Information
We use the information you provide about yourself when placing an order only to complete that order. We do not share this information with outside parties except to the extent necessary to complete that order.
We use the information you provide about someone else when placing an order only to ship the product and to confirm delivery. We do not share this information with outside parties except to the extent necessary to complete that order.
We offer gift-cards by which you can personalise a product you order for another person. The information you provide to us to create a gift-card is only used for that purpose, and it is only disclosed to the person receiving the gift.
We use return email addresses to answer the email we receive. Such addresses are not used for any other purpose and are not shared with outside parties.
We use the information within our log files as a legitimate interest of the data controller concerned. For example and not exclusively: to include preventing unauthorised access to electronic communications networks and malicious code distribution and stopping ‘denial of service’ attacks and damage to the computer and electronic communication systems. [Recital 49]
You can register with our website if you would like to receive our newsletter. The information you submit on our website will not be used for this purpose unless you fill out the registration form.
Finally, we never use or share the personally identifiable information provided to us online in ways unrelated to those described above.
- Our Commitment To Data Security
To prevent unauthorised access, maintain data accuracy, and ensure the correct use of information, we have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the information we collect online.
We take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
Our servers are hosted in secure locations which comply with ISO/IEC 27001. The ISO/IEC 27001 standard provides a framework for businesses seeking to establish, implement, maintain and continually improve an information security management system (ISMS).
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
- Notice of Breach of Security
If a security breach causes an unauthorised intrusion into our system that materially affects you or your customers, then The Nifty Harp Project will notify you as soon as possible and later report the action we took in response.
- Our Commitment To Children’s Privacy
Protecting the privacy of the very young is especially important. For that reason, we never collect or maintain information at our website from those we actually know are under 16, and no part of our website is structured to attract anyone under 16.
- How To Access Or Correct Your Information
You can access all your personally identifiable information that we collect online and maintain by either logging into your control panel, calling us or sending us an email. We use this procedure to better safeguard your information.
You can correct factual errors in your personally identifiable information by also logging into your control panel, or sending us a request that credibly shows error.
We will provide a copy of the information free of charge. However, we can charge a ‘reasonable fee’ when a request is manifestly unfounded or excessive, particularly if it is repetitive.
We may also charge a reasonable fee to comply with requests for further copies of the same information.
To protect your privacy and security, we will also take reasonable steps to verify your identity before granting access or making corrections.
- Accuracy and Retention of Data
We do our best to keep your data accurate and up to date, to the extent that you provide us with the information we need to do so. If your data changes (for example, if you have a new email address), then you are responsible for notifying us of those changes. Upon request, we will provide you with a copy of your Personal Information. We will retain your information for as long as your account is active or as long as needed to provide you with our Services. We may also retain and use your information in order to comply with our legal obligations, resolve disputes, prevent abuse, and enforce our Agreements.
- Third Party Data Processors
In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.
However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies with respect to the information we are required to provide to them for your purchase-related transactions.
For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.
We use a few third parties to process personal data on our behalf. These third parties have been carefully chosen and are industry standards. All of them comply with the relevant legislation.
- Other Websites
Our site may, from time to time, contain links to other websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for your use of such websites.
- How To Contact Us
Should you have other questions or concerns about these privacy policies, please contact us.
- Data Protection Officer (DPO)
The Nifty Harp Project C.I.C. has appointed Doug Jeffrey as the Data Protection Officer (DPO). If you have any queries about our policy or concerns about your data please contact us. Full details are available on our contact page.