OUR PRIVACY STATEMENT
SECTION 1 - WHAT DO WE DO WITH YOUR INFORMATION?
When you purchase something from our Cupsmith store, as part of the buying and selling process, we collect the personal information you give us such as your name, address and email address.
When you browse our store, we also automatically receive your computer’s internet protocol (IP) address in order to provide us with information that helps us learn about your browser and operating system.
Email marketing (if applicable): With your permission, we may send you emails about our store, new products and other updates.
SECTION 2 - CONSENT
How do you get my consent?
When you provide us with personal information to complete a transaction, verify your credit card, place an order, arrange for a delivery or return a purchase, we imply that you consent to our collecting it and using it for that specific reason only.
If we ask for your personal information for a secondary reason, like marketing, we will either ask you directly for your expressed consent, or provide you with an opportunity to say no.
How do I withdraw my consent?
If after you opt-in, you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at anytime, by contacting us at firstname.lastname@example.org or mailing us at:
Cupsmith at Runwick Roastery Ltd, Runwick Hill, Runwick Lane, Farnham, Surrey GU10 5EE
SECTION 3 - DISCLOSURE
We may disclose your personal information if we are required by law to do so or if you violate our Terms of Service.
SECTION 4 - SHOPIFY
Our store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you.
Your data is stored through Shopify’s data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall.
If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover.
PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
For more information, you may also want to read Shopify’s Terms of Service (https://www.shopify.com/legal/terms) or Privacy Statement (https://www.shopify.com/legal/privacy).
SECTION 5 - THIRD-PARTY SERVICES
In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.
However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.
For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.
In particular, remember that certain providers may be located in or have facilities that are located a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.
Links: when you click on links on our store, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
SECTION 6 - SECURITY
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
SECTION 7 - COOKIES
A cookie is a small amount of information that’s downloaded to your computer or device when you visit certain websites. Cookies can improve your browsing experience by allowing the website to remember your actions and preferences (such as login and region selection). This means you don’t have to re-enter this information each time you return to the site or browse from one page to another. Cookies also provide us with information on how people use our website, for instance whether it’s their first time visiting or if they are a returning visitor. We use this information to improve the browsing experience for all of our users.
Here is a list of specific cookies that we use. We’ve listed them here so you that you can choose if you want to opt-out of cookies or not:
- _session_id, unique token, sessional; this allows Shopify (our ecommerce platform) to store information about your session (your referrer, your landing page, etc).
- _shopify_visit, no data held, Persistent for 30 minutes from the last visit; this is used by our website provider’s internal stats tracker to record number of visits.
- _shopify_uniq, no data held, expires midnight (relative to the visitor) of the next day; this counts the number of visits to a store by a single customer.
- cart, unique token, persistent for 2 weeks; this stores information about the contents of your cart.
- _secure_session_id, unique token, sessional
- storefront_digest, unique token, indefinite; if the shop has a password, this is used to determine if the current visitor has access.
Some cookies are necessary to allow you to browse the Cupsmith website, use its features, and access secure areas. The use of these cookies is essential for our website to work, and we do not use these cookies to collect personal information about you.
We also use functional cookies to remember choices you’ve made or information you’ve provided, such as your username, language, or the region you are in. This allows us to tailor your website experience specifically to your preferences. For example, authentication cookies are functional cookies that are used for the duration of a session (or persistent, if you agree to the “remember me” function) to allow users to authenticate themselves on subsequent visits or to gain access to authorised content across pages. The functional cookies we use include:
- User-centric security cookies to detect authentication abuse for a limited persistent duration, like repeated failed login attempts. These cookies are set for the specific task of increasing the security of the service.
- Multimedia content player session cookies (flash cookies) are used for the duration of a session to store technical data needed to play back video or audio content (e.g. image quality, network link speed, and buffering parameters).
- Load balancing session cookies are used for the duration of the session to identify the same server in the pool in order for the load balancer to redirect user requests appropriately.
- User interface customization persistent cookies are used to store a user’s preference regarding a service across web pages.
Shopify is dedicated to user experience and we use many tools to help us improve our website. To this end, we use performance cookies to collect information about how you use our website and how often. These cookies only gather information for statistical purposes and do not gather any information that can personally identify you. However, because these cookies are not strictly necessary for the use of our website, we require your consent to use them. The performance cookies we use include:
- First party analytics cookies - We use these cookies to estimate the number of unique visitors, to improve our website and to detect the most searched for words in search engines that lead to a webpage. These cookies are not used to target you with online marketing. We use these cookies to learn how our website is performing and make relevant improvements to improve your browsing experience.
- We also use Google Analytics and other third-party analytics providers to help measure how users interact with our website content. These cookies “remember” what our users have done on previous pages and how they’ve interacted with the website. For more information on Google Analytics, visit Google’s information page. For instructions on how opt out of Google Analytics, see below.
Targeting cookies are used on our website to tailor marketing to you and your interests and provide you with a more personalised service in the future, via retargeting adverts. These cookies remember that you visited our website and we may share this information with third-parties, such as advertisers. Although these cookies can track your visits to our website and other sites, they typically cannot personally identify you. Without these cookies, the advertisements that you see may be less relevant and interesting to you.
Finally, Social plug-in tracking cookies are used by many social networks that have “social plug-in modules” including the Facebook Pixel. We integrate these modules into our platform to provide services than can be considered as “explicitly requested” by our users. Your consent, however, is required because some third-party social plug-in tracking cookies are used for things like behavioural advertising, analytics, and/or market research.
The length of time that a cookie remains on your computer or mobile device depends on whether it is a “persistent” or “session” cookie. Session cookies last until you stop browsing and persistent cookies last until they expire or are deleted. Most of the cookies we use are persistent and will expire between 90 days and two years from the date they are downloaded to your device. See the section below on how to control cookies for more information on removing them before they expire.
You can control and manage cookies in various ways. Please keep in mind that removing or blocking cookies can negatively impact your user experience and parts of our website may no longer be fully accessible.
Most browsers automatically accept cookies, but you can choose whether or not to accept cookies through your browser controls, often found in your browser's “Tools” or “Preferences” menu. For more information on how to modify your browser settings or how to block, manage or filter cookies can be found in your browser’s help file or through such sites as: www.allaboutcookies.org.
You can opt out of customized ads by visiting:
To opt-out of Google Analytics:
If you use our website without opting out in the above ways, it means that you understand and agree to data collection for the purpose of marketing ads to you.
Here is a list of cookies that we use. We’ve listed them here so you that you can choose if you want to opt-out of cookies or not.
_session_id, unique token, sessional, Allows Shopify to store information about your session (referrer, landing page, etc).
_shopify_visit, no data held, Persistent for 30 minutes from the last visit, Used by our website provider’s internal stats tracker to record the number of visits
_shopify_uniq, no data held, expires midnight (relative to the visitor) of the next day, Counts the number of visits to a store by a single customer.
cart, unique token, persistent for 2 weeks, Stores information about the contents of your cart.
_secure_session_id, unique token, sessional
storefront_digest, unique token, indefinite If the shop has a password, this is used to determine if the current visitor has access.
SECTION 8 - AGE OF CONSENT
By using this site, you represent that you are at least the age of majority in your state or province of residence, or that you are the age of majority in your state or province of residence and you have given us your consent to allow any of your minor dependents to use this site.
If our store is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell products to you.
QUESTIONS AND CONTACT INFORMATION
If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information contact our Privacy Compliance Officer at email@example.com or by mail to:
Cupsmith at Runwick Roastery Ltd, Runwick Hill, Runwick Lane, Farnham, Surrey GU10 5EE