At Everything Dinosaur, we respect your concerns about your personal data and we are committed to safeguarding and preserving your privacy. This Privacy and Cookies Policy explains what data we collect about you and how we use it. Everything Dinosaur is committed to being transparent, lawful and fair in regard to how we hold, process, store and dispose of personal data.
This policy applies whether you visit one of our websites, use our products and services or contact Everything Dinosaur via other communication channels such as letter, telephone or email.
It provides you with information about:
- what personal data we collect
- how we use it
- how we protect your privacy
- your rights relating to your personal data
What Personal Data do we Collect?
Typically, we collect information such as your name, delivery address (and billing address if different), contact details such as an email and phone number along with details of the orders made by you, payment methods, user account information and any communication or marketing preferences. In addition, information such as your browsing habits, which web pages you visited and the products viewed may also be collected.
How do we Use your Data?
We use the personal data we gather in a number of ways, for example, a lot of the personal data that we gather is necessary so that we can deliver goods and services that you have purchased. Personal data may help us to verify your identity and assist with fraud prevention. Such information will also help us to resolve issues such as lost or forgotten user account passwords. With your consent, the data can permit us to contact you with updates and news of Everything Dinosaur’s products and services that we think may be of interest.
Information on your website browsing habits and page visits can help us better to manage and develop our on-line presence, with the aim of making a more user-friendly, tailored website available to you.
How do we Protect your Privacy?
At Everything Dinosaur, we have implemented appropriate technical and organisation systems to protect your personal data. These measures include the safe and secure disposal of written records, minimising, where practical, whilst still ensuring that we comply with legal obligations, the amount of data we hold, storing information securely, data encryption and all our sites are safeguarded by HTTPS protocols.
Everything Dinosaur is PCI DSS (Payment Card Industry Data Security Standard), compliant, it adheres to a set of security standards and protocols designed to ensure that credit/debit card information is processed, stored, transmitted and maintained in a secure environment. There are also a number of simple precautions that you can take to help protect your privacy and personal data. For further information and some helpful tips check out our blog article on safeguarding and personal security: Keeping Safe Online – Some Helpful Tips
Your Rights Relating to your Personal Data?
At Everything Dinosaur, we respect your rights regarding your personal data:
- you have the right to ask what personal data we hold about you and access this information at any time.
- you have the right to ask us to update, correct or erase any personal data that we hold about you.
- you have the right to opt out of any marketing communications that we may send you, for example, we always ensure that there is a prominent “unsubscribe” button on our e-newsletters.
- you have the right to object to and to restrict the processing of your personal data.
- you have the right to data portability.
- you have the right not to be subject to automated decision-making including profiling.
If you wish to exercise any of the above rights, please get in touch with us using the contact details set out below:
Email: firstname.lastname@example.org addressing your email to the Data Protection Officer. Alternatively, you can write to the Data Protection Officer, Everything Dinosaur, 1 Goodwood Rise, Middlewich, Cheshire, United Kingdom CW10 9FJ. Please ensure that you include your name, address and if applicable, your email address in any correspondence to us along with an outline of how you would like us to assist you. We will take all reasonable steps to confirm your identity before providing you with details of any personal data.
Lawful Grounds for Processing
Everything Dinosaur collects, holds, processes and stores personal data because it is necessary for entering into or performing a contract with a data subject such as supplying goods and services. In addition, we gather personal data to comply with legal obligations related to running the business. In general, we only rely on consent for processing data in relation to direct marketing communications.
Withdrawing your Consent
You have the right to withdraw your consent at any time. The contact details of the Data Protection Officer have been provided within this Privacy and Cookies policy statement to help expedite your right to withdraw consent should you wish to exercise this right.
Disclosure of Data to Third Parties
Everything Dinosaur does not sell or pass on your personal data to third parties (other than as set out under the lawful grounds for processing), unless you have given us permission. Passing on your data to a third party under our lawful grounds for processing would be, for example, disclosing your payment card details to validate a credit/debit card purchase or passing on your contact details and delivery address to a mail fulfilment company or courier in order for us to send out your purchase.
Everything Dinosaur’s Blogs, Social Media and Product Reviews
Everything Dinosaur operates a substantial blog The Everything Dinosaur Blog, this specialist school site too, hosts a weblog and we have an extensive social media platform which includes, Facebook, Pinterest, a YouTube channel, Twitter and Google Plus accounts. In addition, our main site Everything Dinosaur contains feedback on purchases either as reviews placed online by customers themselves or via our partnering relationship with Feefo, which provides independent product and customer service ratings. Blog comments, reviews and feedback that you make about us on our websites will be shared with all other members of that service and the public at large. With respect to the third party social media platforms, for example, a comment posted up onto Everything Dinosaur’s Facebook page, this will be shared under the terms of the relevant social media platform upon which the data has been posted. Everything Dinosaur is not responsible for this kind of social media sharing. We suggest that you review the terms, conditions and privacy policies of any social media platforms that you might use. With knowledge of the terms and conditions of social media sites such as Facebook, Google Plus, Twitter and Pinterest, you can gain a better understanding of how these sites might use your data. It is advisable to check your account settings with such platforms, if necessary you can adjust the site’s privacy controls.
Links to Other Websites
On occasion, Everything Dinosaur includes links to third parties on our various websites. When we provide a link, it does not mean that we endorse or approve that site in terms of the management of your personal data or safeguarding of your privacy. You should review that third party’s Privacy and Cookies Policy before sending them any personal data.
How Long do we Keep Your Information For?
One way of helping to protect your privacy and personal data is to minimise the information that we hold, process and store. We keep your personal data to ensure that we comply with our legal obligations, such as the storage of invoices and sales records in accordance to HM Revenue & Customs requirements. Everything Dinosaur might keep data for a period after you stop using our products and services, to permit us to try and persuade you to come back to us. At any time, you have the right to unsubscribe to any marketing communications and you have the right to ask us to update, correct or erase any personal data that we hold about you.
We undertake regular data cleaning processes to minimise the amount of personal data that we might hold either on our servers, via a cloud or another data storage device. Paper records that may contain personal data are held to ensure we comply with legal requirements related to our business records for at least 5 years after the 31st January submission deadline of the relevant tax year. After which, these records are shredded and disposed of as part of our data security policy.
If you have any questions about how Everything Dinosaur holds, processes, stores and disposes of your personal data, or if you want to exercise any of your rights regarding your personal data, please contact us by any of the following means:
- Email: email@example.com addressing your email to the Data Protection Officer
- Write to us at: Data Protection Officer, Everything Dinosaur, 1 Goodwood Rise, Middlewich, Cheshire, United Kingdom CW10 9FJ
You have the right to lodge a complaint with our Supervisory Authority (the Information Commissioner’s Office), which is based in the UK. Further information, including contact details can be found here: The Information Commissioner’s Office