FAO: Data Privacy Officer
Nature's Journey Ltd/Verdant Health Ltd
Nature's Journey CBD Wellness
Isle of Wight
You can also contact us by sending an email to firstname.lastname@example.org
Our commitment to you
We promise to safeguard your privacy and personal information, always. We will keep your personal information safe and will never pass it to third parties for marketing purposes without your express consent.
Looking after your information
Nature’s Journey Ltd. is registered as a ‘Data Controller’ (the company that is responsible for collecting and controlling information obtained from you, including its privacy), with the UK Information Commissioner’s Office (ICO). Details are published on a register on the ICO website at http://ico.org.uk, where you can also find lots of useful information about data protection, what it means to you as an individual and how it applies to companies like Nature’s Journey.
(GDPR) General Data Protection Regulation
Our website collects data from visitors throughout the website experience. This is largely to provide a level of interactive functionality that would otherwise be ineffective without collecting a minimum amount of data. Some data is also used to analyse your experience anonymously to develop and improve website functionality.
We will not sell your data to third parties, allow any access to the data that isn’t necessary to honour orders we have in place or store excessive amounts of data we no longer need.
Data Controller – any organisation that stores Personally Identifiable Information
Data Processor – any organisation that works on (processes) Personally Identifiable Information
Personal Data - data belonging to, relating to, or generated by a living person
Personally Identifiable Information - Personal Data that can be used to uniquely identify the person to whom it relates
How we obtain your data
We collect Personal Data from you during your usage of this website and your other interactions with us. Some of the data may be Personally Identifiable Information. This may be entered into web forms or provided to the website by the browser (such as IP address). We may also obtain Personally Identifiable Information about you from a Third Party as part of a contract to work with that data.
How we use your data
We primarily use data from you to provide necessary functionality on this website and to supply our products and services. We may also collect additional data to satisfy other legal requirements, such as those required for businesses engaged in e-commerce.
We work with several Third Parties to provide the service you have requested. In all cases there is either an explicit contract in place between us and the Third Party, Terms and Conditions or another legally binding relationship.
Any Personally Identifiable Information shared with a third-party data will be limited to the minimum data needed to provide the relevant service. At present the only Third Parties to whom this applies are our courier network for delivering customer orders, though other Third Party service providers may be added in the future as required.
Our online store is hosted on Shopify Inc.
Shopify provide us with the online e-commerce platform that allows us to sell our products and services to you. They store your Personal Data on a secure server behind a firewall. All payment Personally Identifiable Information is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction Personal Data is stored only as long as is necessary to complete your purchase transaction and is then deleted. For more insight, you may also want to read Shopify Terms of Service or Privacy Notice
We will not share your Personally Identifiable Data with any Third Parties for marketing purposes unless you have explicitly opted in.
Aggregated Analytical Data
We allow Shopify and Google Analytics to gather anonymous analytical data about the use of our website. This data is anonymous, aggregated and not used for identification purposes.
Data Security and Storage
We intend to store data only as long as necessary to fulfil the purpose for which it was obtained. Some data may be held for longer if it is either held on other systems that have not been updated, in backup data that has not expired or for another lawful reason.
Personal data protection principles
We adhere to the principles relating to processing of Personal Data set out in the GDPR (as follows) which require Personal Data to be:
- Processed lawfully, fairly and in a transparent manner
- Collected only for specified, explicit and legitimate purposes
- Adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed
- Accurate and where necessary kept up to date
- Not kept in a form which permits identification of persons for longer than is necessary for the purposes for which the data is processed
- Processed in a manner that ensures its security using appropriate technical and organisational measures to protect against unauthorised or unlawful processing and against accidental loss, destruction, or damage
- Not transferred to another country without appropriate safeguards being in place
- Made available to you and allow you to exercise certain rights in relation to your Personal Data
Your rights and requests
You have rights when it comes to how we handle your Personal Data. These include rights to:
- Withdraw consent to processing at any time
- Receive certain information about the Data Controller's processing activities
- Request access to your Personal Data that we hold
- Prevent our use of your Personal Data for direct marketing purposes
- Ask us to erase Personal Data if it is no longer necessary in relation to the purposes for which it was collected or processed or to rectify inaccurate data or to complete incomplete data
- Restrict processing in specific circumstances
- Challenge processing which has been justified on the basis of our legitimate interests or in the public interest
- Object to decisions based solely on automated processing, including profiling
- Prevent processing that is likely to cause damage or distress to you or anyone else
- Be notified of a personal data breach which is likely to result in high risk to your rights and freedoms
- Make a complaint to the supervisory authority
- Receive or ask for your Personal Data to be transferred to a third party in a structured, commonly used, and machine-readable format.
Updates to our Privacy Notice
This Privacy Notice will be reviewed regularly, and this page will be updated with changes.
If you have any questions or concerns regarding the use or disclosure of your Personal Data, you can contact us by sending an email to email@example.com
Please be aware that Nature’s Journey Ltd is a UK based company and stores personal data in the UK.
Our website is not intended for persons under the age of 18, and we do not knowingly collect data relating to such persons.