We are committed to protecting your privacy and the security of any information given to Us. We will not sell or pass your details to third party organizations except for the purpose of processing your order or as is necessary for our legitimate interests, this will include but may not be limited to passing information on to the courier company or companies involved in your transaction, this may include our suppliers/manufacturers. We may use information recorded anonymously for marketing research in order to track customer usage trends and to help improve the website.
Who We Are
We are Toolnut Ltd of Unit 7, Beeching Close, Bexhill-On-Sea, TN39 3YF. We are an online retailer specialising in the sale of tools. Our website is www.toolnut.co.uk
Third Party Services We Use
The following is a list of third party services we use:
Shopify (Our Ecommerce Website Provider)
Shopify believes strongly in protecting your and your customers’ personal data, and understands that doing so is critical to help you preserve the trust and confidence of your customers. Shopify has designed its platform to allow merchants to operate anywhere in the world. GDPR-compliant features are built into Shopify's platform, including features to enable you to offer your customers transparency into and control over their personal data, and technical measures to ensure that your customers’ personal data is protected as it crosses borders. Shopify also believes that it is its responsibility to make it easy for merchants to use our platform in a manner that complies with privacy and data protection laws like the GDPR.
PayPal is one of the world’s largest online banking systems with a top rated Payment Card Industry Data Security Standard (PCI DSS) compliance.
PayPal: “PayPal allows any business or individual with an email address to securely, conveniently and cost-effectively send and receive payments online. Our network builds on the existing financial infrastructure of bank accounts and credit cards to create a global, real-time payment solution. We deliver a product ideally suited for small businesses, online merchants, individuals and others currently underserved by traditional payment mechanisms.
The size of our network and widening acceptance of our product have helped us become one of the leading payment networks for online auction websites. PayPal is also being increasingly used on other ecommerce sites for the sale of goods such as electronics and household items, the sale of services such as web design and travel, and the sale of digital content. Offline businesses, including lawyers, contractors and doctors, have increasingly begun to receive payments online through PayPal. PayPal's service, which lets users send payments for free, can be used from computers or web-enabled mobile phones.
PayPal (Europe) S.à r.l. et Cie, S.C.A. is duly licenced as a Luxembourg credit institution in the sense of Article 2 of the law of 5 April 1993 on the financial sector as amended and is under the prudential supervision of the Luxembourg supervisory authority, the Commission de Surveillance du Secteur Financier, with registered office in L-1150 Luxembourg.”
I would be amazed if anyone hasn’t heard of Google but if you haven’t, prepared to be enlightened…
Google are the largest online search engine company in the world. Google’s core business is helping users to find relevant websites relating to what they are searching for. Beyond this Google offers many other related web based services including website analytics and online advertising.
MailChimp is a US business specialising in the email newsletter / marketing industry.
MailChimp is one of the largest businesses in this industry, possibly the largest.
MailChimp: “MailChimp is entrusted with the data of millions of people, and it’s critical that we (MailChimp) preserve that trust by protecting the information we process.
We’re (MailChimp) certified to the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework”.
What Information We Collect About You
When you purchase something from our store, as part of the buying and selling process, we collect the personal information you give us such as your name, address and email address.
When you browse our store, we also automatically receive your computer’s internet protocol (IP) address in order to provide us with information that helps us learn about your browser and operating system.
We collect information about you from the details you provide us with:
The following information is also collected:
We don’t store card information. This information is processed by the third party payment provider you have chosen to pay through which are either PayPal or Shopify. PayPal and Shopify both have Level 1 PCI compliance, the highest level of Payment Card Industry Data Security Standard (PCI DSS), an information security standard for organizations that handle credit card and debit card information.
If you choose a direct payment gateway to complete your purchase, then your credit card data is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover.
PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
How We Collect Information About You, What We Use The Information For And The Legal Basis
Information is collected:
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
When credit card information is entered through the website, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
How do you get my consent? When you provide us with personal information to complete a transaction, verify your credit card, place an order, arrange for a delivery or return a purchase, we imply that you consent to our collecting it and using it for that specific reason only. If we ask for your personal information for a secondary reason, like marketing, we will either ask you directly for your expressed consent, or provide you with an opportunity to say no.
Newsletters (Marketing Mail)
We run an email newsletter for people who have opted to receive the newsletter.
The newsletter contains marketing which usually is provided in the form of discounts, promotions and new product updates. It may also contain news related to our business and may also contain links to third party companies which we feel may be of interest to you. This is not the exhaustive list but broadly covers what you expect to receive.
The newsletter signup operates on a double opt-in system. The first opt-in is made by either selecting the opt-in tick box when placing an order, by entering your details in the newsletter sign-up box on the website or by requesting we sign you up to the newsletter. The second opt-in is made in the form of a confirmation email being sent to you with an activation link; this requires you to click on the activation link in order to start receiving the newsletter.
The newsletter is operated on the third party MailChimp email newsletter system.
Customer name and email address details are stored on the Toolnut Mailchimp newsletter for users who have subscribed to the newsletter. These details are needed to send the newsletters to you.
Usage trend analytics are stored allowing us to see newsletter viewing trends.
At any time: The newsletter system allows you to unsubscribe at any time by clicking on the link at the bottom of the email. Alternatively you can email us to unsubscribe.
Here is a list of cookies that we use. We’ve listed them here so that you can choose if you want to opt-out of cookies or not.
_session_id, unique token, sessional, Allows our merchant to store information about your session (referrer, landing page, etc).
No data held, Persistent for 30 minutes from the last visit, Used by our website provider’s internal stats tracker to record the number of visits
No data held, expires midnight (relative to the visitor) of the next day, Counts the number of visits to a store by a single customer.
cart, unique token, persistent for 2 weeks, Stores information about the contents of your cart.
_secure_session_id, unique token, sessional
storefront_digest, unique token, indefinite If the shop has a password, this is used to determine if the current visitor has access.
When you click on links on our store, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
Your Personal Information
If you would like to know what personal information we hold or require any of your information changed or removed, please contact us. It is your information, you have the right to it.
If our store is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell products to you.