PRIVACY POLICY

We, Annie Apple, (hereinafter “we”, “us”, or “our”) are committed to protecting and respecting your privacy when you use our website, shop, and services at www.annieapple.co.uk.

In principle, we will only use your data by applicable data protection laws, in particular the UK`s Data Protection Act (“DPA”), the EU`s General Data Protection Regulation (“GDPR”), and as described in this privacy policy.

Basic Information and Mandatory Disclosures

What is Personal Data?

Personal data is any information relating to personal or material circumstances that relate to an identified or identifiable individual. This includes, for example, your name, date of birth, e-mail address, postal address, or telephone number as well as online identifiers such as your IP address. In contrast, information of a general nature that cannot be used to determine your identity is not personal data. This includes, for example, the number of users of a website.

 

What is processing?

"Processing" means any operation or set of operations which are performed upon personal data, whether or not by automatic means. The term is broad and covers virtually any handling of data.

 

Responsible for data processing

Responsible for data processing is:

Annie Apple

If you wish to object to the collection, processing or use of your data by this privacy policy, either in whole or in respect of individual measures, you may send your objection using our contact form.

General Information on Data ProcessingThe legal bases for processing

All personal data that we obtain from you via the website will be processed for the purposes described in more detail below. This is done within the framework of the DPA and the GDPR or with your consent. In particular, we process personal data only when processing is permitted and if:

you have given your consent, the data is necessary for the fulfilment of contract / pre-contractual measures, the data is necessary for the fulfilment of a legal obligation or the data is necessary to protect the legitimate interests of our company, provided that your interests are not overridden. Your data subject rights

The following rights are available to you as a data subject:

the right to information, the right to rectification, the right to erasure, the right to restriction of data processing, the right to data portability, the right to object to data processing, the right to revoke any consent you have given, and the right to complain to the competent supervisory authority.

Please contact us at any time with questions and suggestions regarding data protection and/or to enforce your rights, using our contact form.

Exercising your rights

If you wish to access your data or exercise any of the rights listed above, you should apply in writing, providing evidence of your identity. Any communication from us about your rights as detailed above will be provided free of charge. However, in case of requests that are manifestly unfounded or excessive, in particular, because of their repetitive character, we may charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested; or refuse to act on the request.

Updating your information

If you believe that the information, we hold about you is inaccurate or that we are no longer entitled to use it and want to request its rectification, deletion, or object to its processing, please contact us using our contact form

The competent supervisory authority

The Information Commissioner`s Office (ICO) is the relevant authority in the UK. The ICO is located at Wycliffe House, Water Ln, Wilmslow SK9 5AF, UK (www.ico.org.uk). If you believe that the processing of your data is not lawful, you can complain to a data protection supervisory authority. We would, however, appreciate the chance to deal with your concerns before you approach any Supervisory Authority.

International data transfer

In the course of our business and website operations, we process data. This also includes disclosure by transmission to third parties and, where applicable, to so-called third countries outside the UK and the EEA. Where we transfer data outside the UK or the EEA, we make sure to use the necessary and appropriate safeguards to ensure that the security of your data is maintained and guaranteed. In particular, those include standard contractual clauses, binding corporate rules and data processing agreements. If you have any questions relating to our third-party providers, please refer to their relevant Privacy Policies or contact us for further details using our contact form

Storage and retention of your data

We process and store your data only for the period required to achieve the respective processing purpose or for as long as a legal retention period (in particular commercial and tax law) exists. Once the purpose has been achieved or the retention period has expired, the corresponding data is routinely deleted.

Security

We have implemented technical and administrative security measures to protect your data against loss, destruction, manipulation, and unauthorised access. All our employees and service providers working for us are bound by the applicable data protection laws.

Whenever we collect and process personal data, it is encrypted before it is transmitted. This means that your data cannot be misused by third parties. Our security measures are subject to a continuous improvement process and our privacy policy is constantly being revised.

Nonetheless, databases or data sets that include personal data may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, we will notify all affected individuals whose personal data may have been compromised, and the notice will be accompanied by a description of the action being taken to reconcile any damage as a result of the data breach. Notices will be provided as expeditiously as possible after the breach was discovered.

Processing of Automatically Collected Data a) Collection of access data and log files

We, also collect data on every access to our website. The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.

Log file information is stored for security reasons (e.g., for the clarification of abuse or fraud) for a maximum of 7 days and then deleted. Data whose further storage is necessary for evidentiary purposes is exempt from deletion until the respective incident is finally clarified. The legal basis for the data processing is our legitimate interest in providing an appealing website.

b) Use of cookies

We use so-called cookies on our website. Cookies are small text files that are stored on your respective device (PC, smartphone, tablet, etc.) and saved by your browser. For further information please refer to our Cookie Policy. The legal basis for the use of cookies is your consent as well as our legitimate interest. 

c)Shopify

We use the store system Shopify of the service provider Shopify International Limited ("Shopify"), for the purpose of hosting and displaying the shop based on processing on our behalf. All data collected on our website is processed on Shopify's servers. As part of Shopify's services, data may also be transferred to Shopify Inc, 150 Elgin St, Ottawa, ON K2P 1L4, Canada, Shopify Data Processing (USA) Inc, Shopify Payments (USA) Inc or Shopify (USA) Inc as part of further processing on our behalf. If data is transferred to Shopify Inc. in Canada, the appropriate level of data protection is guaranteed. Further processing on servers other than the aforementioned Shopify will only take place within the framework communicated below. The legal basis for the data processing is our legitimate interest in providing an appealing website and shop.

Data processing when you submit Personal Data to our website and shop) Registration

On our website, we offer you the opportunity to register by providing Personal Data. The data entered in the registration form is transmitted to us and stored and includes your full name, your e-mail address, and your password. We will also send you a verification e-mail to ensure that the account creation is made for the intended person. The processing of the data for this registration thus serves the fulfilment of the contract of use or the implementation of pre-contractual measures. You can delete your account at any time either by using the delete function in your account or by contacting us. 

b) Storage of data in your account

For the conclusion and processing of contracts, we require contact details, such as name, delivery and billing address and e-mail address, as well as information on the type of payment method you have chosen. You can store this data in your account. In addition, we use your data to maintain our customer database so that only accurate data is stored by us. To avoid typing errors and to ensure that the items you have ordered reach you, we check the completeness and accuracy of your address when you enter it. 

Following your order, you will receive a corresponding order confirmation as well as further documents, which we are obliged to provide to fulfil our legal information obligations for an effective conclusion of a contract with you.

c) Guest order

You have the option to place your orders as a guest. If you choose this order type, you do not have to register before placing an order. Please note that you will have to enter your data again for each subsequent order.

We collect, process, and use the information you provide in the context of a guest order to execute the contract. We store the information you provide for the period of processing and handling your order. Afterwards, your data will be deleted unless you decide to activate your customer account within 14 days of placing your order. Data that we are required to store due to legal, statutory, or contractual retention obligations will be blocked instead of deleted to prevent it from being used for other purposes. The processing of the data serves the fulfilment of the contract with you.

d) Order confirmation/dispatch confirmation

To process the contract and provide you with our services, for example, the web shop or to send you your order, we use your contact details to send you registration confirmations, customer service information, order confirmations, contract documents or payment processing information. We are obliged to send you these documents to comply with our legal information obligations for an effective conclusion of a contract with you. The processing of your data is therefore necessary to fulfil our legal information obligations for an effective conclusion of a contract with you.

e) Legal Obligations

Based on our legal obligation and our legitimate interest, we use and store your Personal Data and technical information to the extent necessary to prevent or prosecute misuse or other illegal behaviour on our website, e.g., to maintain data security in the event of attacks on our IT systems. This also takes place insofar as we are legally obliged to do so, for example, due to official or court orders, and for the exercise of our rights and claims as well as for legal defence.

f) Financial Information

To make a purchase, you may need to provide a valid payment method (e.g., credit or debit card). Your payment information will be collected and processed by our authorised payment vendors ShopPayKlarnaClearpayLaybuy and PayPal. We do not directly collect or store credit or debit card numbers ourselves in the ordinary course of processing transactions. Accordingly, the data is processed based on our contractual relationship.

Disclosure or transfer of Personal Data

We do not transfer or disclose your information to third parties unless there is a legal basis for such disclosure. An example of such a basis typically consents from you or a legal basis that requires us to disclose the data.

For the operation and optimisation of our website and our shop and the processing of contracts, various service companies work for us, e.g., for central IT services or the hosting of our website, for the payment and delivery of products, or order fulfilment, to whom we pass on the data required for the fulfilment of the task (e.g., name, address).

Some of these companies act for us by way of commissioned processing and may therefore use the data provided exclusively by our instructions. In this case, we are legally responsible for appropriate data protection measures at the companies we commission. We, therefore, agree on specific data security measures with these companies and monitor them regularly. 

In contrast, in order processing, in these cases, we transmit data to third parties for their use to process the contract to the necessary logistics companies and the postal service provider specified when the order was placed.

If we use service providers in third countries, we take additional measures to ensure an adequate level of data protection for the transfer of Personal Data and thus ensure that the transfer is generally permissible and that the special requirements for a transfer to a third country are met (e.g., by concluding standard contracts and additional guarantees, supplementary technical and organisational measures such as encryption or anonymisation).

We will disclose your data to third parties or government agencies within the framework of existing data protection laws if we are legally obliged to do so, e.g., due to official or court orders, or if we are entitled to do so, e.g., because this is necessary for the prosecution of criminal offences or the exercise and enforcement of our rights and claims.

Sending information, Advertising and Direct Marketing

We use your data for sending information ordered by you about our offer and other promotions from us to the e-mail address provided by you. If you purchase goods on our website or forget something in your shopping cart, we may send you information on our similar goods to your specified e-mail address even without your consent. The legal basis for this data processing is our legitimate interest because advertising related products by way of direct advertising represent a legitimate interest for us as a business and the provider of this website. You may object to the processing of your Personal Data for direct advertising at any time without giving reasons by unsubscribing via the unsubscribe link at the end of each e-mail or by contacting us.  

Insofar as you have also given us your separate consent to process your data for marketing and advertising purposes, we are entitled to contact you for these purposes via the communication channels you have given your consent.

You may give us your consent in several ways including by selecting a box on a form where we seek your permission to send you marketing information, or sometimes your consent is implied from your interactions or contractual relationship with us. Where your consent is implied, it is on the basis that you would have a reasonable expectation of receiving marketing communication based on your interactions or contractual relationship with us.

Direct Marketing generally takes the form of e-mail but may also include other less traditional or emerging channels. These forms of contact will be managed by us, or by our contracted service providers. Every directly addressed marketing sent or made by us or on our behalf will include a means by which you may unsubscribe or opt-out.  

Analysis and Marketing

Based on both, your consent when you first visit our website and our legitimate interest, we use the following tools for analytics and marketing services. For further details, please also refer to our cookie policy.

a)Shopify Statistics

We use the Shopify Statistics feature on our website. This allows us to measure the reach of our website and provides us with a statistical analysis of visitor behaviour on our website. The data is processed on servers of Shopify, which we have commissioned with the processing. The legal basis for the data processing in connection with the Shopify statistics function is our legitimate interest in the analysis of user behaviour on our website. You can object to this processing at any time in the cookie settings.

b) Shopify Analytics

We use Shopify Analytics, a web analytics service provided by Shopify, on our website. Shopify Analytics uses cookies, which are text files placed on your computer, to help the website analyse how users use the site. The information generated by these cookies, such as the time, place and frequency of your website visit, including your IP address, is transmitted to Shopify and stored there. In this case, your IP address will already be shortened by Shopify and thus anonymised.

Shopify will use this information to evaluate your use of our website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Shopify may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Shopify's behalf.

Shopify will not, according to its information, associate your IP address with any other data held by Shopify. You may refuse the use of cookies by selecting the appropriate settings on your browser, however, please note that if you do this you may not be able to use the full functionality of this website.

c)Google Tag Manager

We use Google Tag Manager, a web analytics service provided by Google, Inc. This service allows website tags to be managed via an interface. The Google Tag Manager only implements tags. No cookies are set, and no Personal Data is collected. The Google Tag Manager triggers other tags that may collect data. The Google Tag Manager does not access this data.  If a deactivation has been made at the domain or cookie level, it remains in place for all tracking tags, insofar as these are implemented with the Google Tag Manager. More information on the Google Tag Manager can be found at the following link: http://www.google.com/tagmanager/use-policy.html. The legal basis for this data processing is my legitimate interest.

d)Klaviyo

We use the services of Klaviyo, Inc to analyse user behaviour on our website for our advertising and market research purposes. Klaviyo also uses cookies and can link your behaviour on our website with your data if you have registered for our newsletter or marketing, created a customer account or gone through an order process on our website.

e) Google Analytics

Based on our legitimate interests and your consent (i.e., interest in the analysis, optimisation, and economic operation of our website) Google Analytics, a web analytics service provided by Google Inc. The information generated by the cookie about the use of the online offer by the users is usually transmitted to a Google server and stored there.

Google will use this information on our behalf to evaluate your use of our website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. In doing so, pseudonymous user profiles can be created from the processed data.

The IP address transmitted by your browser will not be merged with other data from Google. You can prevent the storage of cookies by setting your browser accordingly. You can also prevent the collection of the data generated by Google as well as the processing of this data by Google by downloading and installing the browser plugin available under the following link: http://tools.google.com/dlpage/gaoptout?hl=en

f)Facebook Remarketing (Facebook pixel, Facebook conversion, Facebook ads)

On the same legal basis as Google Analytics, we use the so-called "Facebook pixels" of the social network Facebook, which is operated by Meta Platforms Inc. With the help of the Facebook pixels (_fbp and fr), Facebook can determine the visitors to our website as a target group for the display of advertisements, so-called "Facebook ads".

You can object to the collection of Facebook pixels and use your data for the display of Facebook ads. To do so, you can visit the page set up by Facebook and follow the instructions there on the settings for usage-based advertising: https://www.facebook.com/settings?tab=ads or declare the objection via the US page http://www.aboutads.info/choices/ or the EU page http://www.youronlinechoices.com/

Miscellaneous and Closing 

Automated decision-making

Automated decision-making including profiling does not take place.

Personal data and children

Our services are aimed at people aged 18 and over. We will not knowingly collect, use or disclose personal data from minors under the age of 18 without first obtaining consent from a legal guardian through direct offline contact.

Online presence in social media

We maintain an online presence within social networks and platforms to be able to communicate with the customers, interested parties and users active there and to inform them about our services there. When calling up the respective networks and platforms, the terms and conditions and data processing guidelines of their respective operators apply. Unless otherwise stated in our privacy policy, we process the data of users if they communicate with us within the social networks and platforms, e.g., write posts on our online presences or send us messages.

Changes and updates to the privacy policy

We kindly ask you to regularly inform yourself about the content of our privacy policy. We will amend the privacy policy as soon as changes to the information processing activities we carry out make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g., consent) or other individual notification.

Concerns and Contact

If you have any concerns about a possible compromise of your privacy or misuse of your data on our part, or any other questions or comments, you can contact us. This Privacy Policy was last updated on Thursday, 24 November 2022