PRIVACY STATEMENT
Brief Summary
We are committed to protecting your privacy and the security of any information given to Us. We will not sell or pass your details to third party organizations except for the purpose of processing your order or as is necessary for our legitimate interests, this will include but may not be limited to passing information on to the courier company or companies involved in your transaction, this may include our suppliers/manufacturers. We may use information recorded anonymously for marketing research in order to track customer usage trends and to help improve the website.
Detailed Privacy Statement
Who We Are
We are Toolnut Ltd of Unit 7, Beeching Close, Bexhill-On-Sea, TN39 3YF. We are an online retailer specialising in the sale of tools. Our website is www.toolnut.co.uk
Third Party Services We Use
The following is a list of third party services we use:
- Shopify
- PayPal
- VerifyMyAge (For Age Verified Orders / Items only)
Shopify (Our Ecommerce Website Provider)
Shopify believes strongly in protecting your and your customers’ personal data, and understands that doing so is critical to help you preserve the trust and confidence of your customers. Shopify has designed its platform to allow merchants to operate anywhere in the world. GDPR-compliant features are built into Shopify's platform, including features to enable you to offer your customers transparency into and control over their personal data, and technical measures to ensure that your customers’ personal data is protected as it crosses borders. Shopify also believes that it is its responsibility to make it easy for merchants to use our platform in a manner that complies with privacy and data protection laws like the GDPR.
PayPal
PayPal is one of the world’s largest online banking systems with a top rated Payment Card Industry Data Security Standard (PCI DSS) compliance.
PayPal: “PayPal allows any business or individual with an email address to securely, conveniently and cost-effectively send and receive payments online. Our network builds on the existing financial infrastructure of bank accounts and credit cards to create a global, real-time payment solution. We deliver a product ideally suited for small businesses, online merchants, individuals and others currently underserved by traditional payment mechanisms.
The size of our network and widening acceptance of our product have helped us become one of the leading payment networks for online auction websites. PayPal is also being increasingly used on other ecommerce sites for the sale of goods such as electronics and household items, the sale of services such as web design and travel, and the sale of digital content. Offline businesses, including lawyers, contractors and doctors, have increasingly begun to receive payments online through PayPal. PayPal's service, which lets users send payments for free, can be used from computers or web-enabled mobile phones.
PayPal (Europe) S.à r.l. et Cie, S.C.A. is duly licenced as a Luxembourg credit institution in the sense of Article 2 of the law of 5 April 1993 on the financial sector as amended and is under the prudential supervision of the Luxembourg supervisory authority, the Commission de Surveillance du Secteur Financier, with registered office in L-1150 Luxembourg.”
I would be amazed if anyone hasn’t heard of Google but if you haven’t, prepared to be enlightened…
Google are the largest online search engine company in the world. Google’s core business is helping users to find relevant websites relating to what they are searching for. Beyond this Google offers many other related web based services including website analytics and online advertising.
VerifyMyAge
We have an effective and monitored age verification process provided by VerifyMyAge, a company that has verified millions of transactions.
VerifyMyAge has been independently certified as meeting the requirements of PAS1296:2018 – the Code of Practice for Online Age Verification by the official Age Check Certificate Scheme (ACCS), more information can be found on their website ACCS
What Information We Collect About You
When you purchase something from our store, as part of the buying and selling process, we collect the personal information you give us such as your name, address and email address.
When you browse our store, we also automatically receive your computer’s internet protocol (IP) address in order to provide us with information that helps us learn about your browser and operating system.
We collect information about you from the details you provide us with:
- Name, Billing Address, Delivery Address, Telephone Number(s), Email Address
- In some instances we store the Year Of Birth to confirm you are 18 years of age or older.
- Any emails you send
The following information is also collected:
- Fraud analysis results of each transaction.
- Technical Data – Various forms of technical data are used by our ecommerce website provider Shopify in order to run the site smoothly, including Internet protocol (IP) address, login data, browser type and version, internet connection type, time zone setting and location, browser plug-ins and versions, operating system and platform and other technology on the devices you use to access our website.
- Anonymous Google Analytics information for marketing research in order to track customer usage trends and to help improve the website. This third party data often requires your use of cookies.
- Cookies
Payment Details
We don’t store card information. This information is processed by the third party payment provider you have chosen to pay through which are either PayPal or Shopify. PayPal and Shopify both have Level 1 PCI compliance, the highest level of Payment Card Industry Data Security Standard (PCI DSS), an information security standard for organizations that handle credit card and debit card information.
If you choose a direct payment gateway to complete your purchase, then your credit card data is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover.
PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
How We Collect Information About You, What We Use The Information For And The Legal Basis
Information is collected:
- Each time you place an order:
- Used For: Processing your order (as is necessary for fulfilling the order / or as is necessary for our legitimate interests).
- Used For: Sending your order via courier; your address is placed on a delivery sticker on the parcel, and depending on the courier service used may be entered into the courier booking system. In some instances your phone number and email address is entered into the courier booking system in order to help the courier deliver the parcel to you and often to allow you to track your parcel (as is necessary for fulfilling the order / or as is necessary for our legitimate interests).
- Used For: In a tiny amount of orders / situations, your delivery address details may be passed on to a respective manufacturer / supplier in order to fulfil an order; this nearly always relates to rare unfortunate circumstances when there is a problem with a tool (as is necessary for fulfilling the order / or as is necessary for our legitimate interests).
- In some instances: Request of copy of ID or Year Of Birth and Place Of Birth information to perform an age check search. Once age is checked, the ID or information given is deleted other than a note placed against your name stating 18+ along with the Year Of Birth.
- Used For: To check a customer is over 18 in order to be able to release age related goods (as is necessary for fulfilling our legal obligations / or as is necessary for our legitimate interests).
- Each time you send us an email:
- Used For: Communicating with you (as is necessary for fulfilling the order / or as is necessary for our legitimate interests).
- Used For: Sometimes used within staff communications (as is necessary for fulfilling the order / or as is necessary for our legitimate interests).
- Used For: Communicating with a manufacturer / supplier (as is necessary for fulfilling the order / or as is necessary for our legitimate interests).
- Used For: Communicating with a courier (as is necessary for fulfilling the order / or as is necessary for our legitimate interests).
- Shopify collate a brief transaction fraud analysis report based on a comparison of bank details between what has been made and what is stored with the respective bank. Shopify has Level 1 PCI compliance, the highest level of Payment Card Industry Data Security Standard (PCI DSS), an information security standard for organizations that handle credit card and debit card information:
- Used For: To carry out anti-fraud checks (as is necessary for fulfilling the order / or as is necessary for our legitimate interests).
- Used For: In certain circumstances we may provide your details to law enforcement and fraud prevention agencies (as is necessary for our legitimate interests).
- Technical Data is collected by Shopify:
- Used For: used for instance to allow the website to display and operate in the best manner based on your device, used to see how many people have been viewing the website, which products have been viewed the most, which countries the website has been view from and other similar trends (as is necessary for our legitimate interests).
- Anonymous usage trends is collected by Google Analytics:
- Used For: to allow us to see for instance how many people have been viewing the website, which products have been viewed the most, which countries the website has been view from and other similar trends (as is necessary for our legitimate interests).
- Cookies are collected through your website browser:
- Used For: to allow the website to operate in what is deemed the best manner for most users, cookies for instance allows your website to remember what is in your shopping cart for a limited time, turning cookies off could mean having to add items to the basket again which for many users can be frustrating (as is necessary for our legitimate interests).
Security
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
When credit card information is entered through the website, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow PCI-DSS requirements and implement additional generally accepted industry standards. Our website uses the Shopify system and the Shopify payment provider and PayPal payment provider, both of which operate some of the highest levels of security worldwide.
Consent
How do you get my consent? When you provide us with personal information to complete a transaction, verify your credit card, place an order, arrange for a delivery or return a purchase, we imply that you consent to our collecting it and using it for that specific reason only. If we ask for your personal information for a secondary reason, like marketing, we will either ask you directly for your expressed consent, or provide you with an opportunity to say no.
Newsletters (Marketing Mail)
We run an email newsletter for people who have opted to receive the newsletter.
The newsletter contains marketing which usually is provided in the form of discounts, promotions and new product updates. It may also contain news related to our business and may also contain links to third party companies (Shopify) which we feel may be of interest to you. This is not the exhaustive list but broadly covers what you expect to receive.
The newsletter signup operates on a double opt-in system. The first opt-in is made by either selecting the opt-in tick box when placing an order, by entering your details in the newsletter sign-up box on the website or by requesting we sign you up to the newsletter. The second opt-in is made in the form of a confirmation email being sent to you with an activation link; this requires you to click on the activation link in order to start receiving the newsletter.
The newsletter is operated on the third party Shopify email newsletter system.
Customer name and email address details are stored on the Shopify newsletter for users who have subscribed to the newsletter. These details are needed to send the newsletters to you.
Usage trend analytics are stored allowing us to see newsletter viewing trends.
At any time: The newsletter system allows you to unsubscribe at any time by clicking on the link at the bottom of the email. Alternatively you can email us to unsubscribe.
Cookies
Here is a list of cookies that we use. We’ve listed them here so that you can choose if you want to opt-out of cookies or not.
_session_id, unique token, sessional, Allows our merchant to store information about your session (referrer, landing page, etc).
No data held, Persistent for 30 minutes from the last visit, Used by our website provider’s internal stats tracker to record the number of visits
No data held, expires midnight (relative to the visitor) of the next day, Counts the number of visits to a store by a single customer.
cart, unique token, persistent for 2 weeks, Stores information about the contents of your cart.
_secure_session_id, unique token, sessional
storefront_digest, unique token, indefinite If the shop has a password, this is used to determine if the current visitor has access.
Links
When you click on links on our store, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
Your Personal Information
If you would like to know what personal information we hold or require any of your information changed or removed, please contact us. It is your information, you have the right to it.
Changes To The Privacy Policy
We reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it.
If our store is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell products to you.