Last updated: 08/03/2019
Welcome to Kupto.co.uk! We take the privacy of our customers and website users very seriously. We ask that you read this Privacy Policy (‘the Policy’) carefully as it contains important information about how we will use your personal data.
For the purposes of the data protection legislation, Vinice Ltd, trading as Kupto (‘we’ or ‘us’) is the ‘data controller’ (i.e. the company who is responsible for, and controls the processing of, your personal data).
Summary:
We use your data to provide and promote our products to you, keep you informed of our products, and to meet and enforce our legal obligations.
Generally, we do not give your information to third parties, but there are some exceptions where we use external service providers to power our operations.
We are happy to answer your questions about any of this – email us at info@kupto.co.uk.
Personal data we may collect about you
We will obtain personal data about you (such as your name, address, email address and payment details) whenever you place an order for goods from our site, or if you create an account on our site.
How we use your personal data
We use your information for the following purposes:
- to help us identify you and any accounts you hold with us;
- administration of your order and of our business;
- (if you have consented to it) marketing—see ‘Marketing and opting out’, below;
- fraud prevention and detection;
- billing and order fulfilment;
- to notify you of any changes to this website or to our services that may affect you.
Marketing and opting out
If you have given us your permission, we may contact you by email about products that may be of interest to you. If you prefer not to receive any direct marketing communications from us, you can opt out at any time. See further ‘Your rights’, below.
Disclosure of your personal data
We may disclose your personal data to:
- our delivery service providers (including Royal Mail).
- Our site hosting partner, FastHosts Ltd, located in the United Kingdom.
- PayPal, which provides payment processing services in respect of orders placed from our site.
- Mailchimp, our email service provider, to help us send our newsletter.
Under certain circumstances we will transfer your information outside of the United Kingdom and European Economic Area. We will only do so where the receiving organisation has adequate safeguards in place.
Mailchimp is based outside the EEA, in the USA. The USA does not have the same data protection laws as the United Kingdom and European Economic Area (“EEA”). Whilst the European Commission has not given a formal decision that the USA provides an adequate level of data protection similar to those which apply in the United Kingdom and EEA, any transfer of your personal information to Mailchimp will be subject to the EU-US Privacy Shield, which is a safeguard sanctioned under the EU General Data Protection Regulation for personal data transferred outside the EEA. Mailchimp is certified under the EU-US Privacy Shield. You can view their certifications by searching for the company name here – https://www.privacyshield.gov/list. More detail on the EU-US Privacy Shield is available here – https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/eu-us-privacy-shield_en. Mailchimp’s Privacy Policy is here – https://mailchimp.com/legal/privacy/.
PayPal has in place ‘binding corporate rules’ which provide appropriate safeguards in the event that it transfers data outside the EEA and UK. For more information see PayPal’s Privacy Policy here – https://www.paypal.com/webapps/mpp/ua/privacy-prev.
Keeping your data secure
We will use technical and organisational measures to safeguard your personal data, for example, we store your personal data on secure servers and have internal processes intended to keep your data secure.
While we will use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data that are transferred from you or to you via the internet.
Your rights
Under the General Data Protection Regulation you have a number of important rights free of charge. In summary, those include rights to:
- access to your personal information and to certain other supplementary information that this Privacy Notice is already designed to address
- require us to correct any mistakes in your information which we hold
- require the erasure of personal information concerning you in certain situations
- receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations
- object at any time to processing of personal information concerning you for direct marketing
- object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
- object in certain other situations to our continued processing of your personal information
- otherwise restrict our processing of your personal information in certain circumstances
For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals rights under the General Data Protection Regulation.
If you would like to exercise any of those rights, please:
- email us at info@kupto.co.uk;
- let us have enough information to identify you,
- let us know the information to which your request relates, including any account or reference numbers, if you have them.
If you would like to unsubscribe from any email newsletter you can also click on the ‘unsubscribe’ button at the bottom of the email.
How long your personal information will be kept
- Payment and Transaction data: we will retain this as long as needed for the purposes of meeting our tax and accounting obligations.
- Name and email addresses for those who sign up to our newsletter: we will keep this for [3 years] following your last interaction with us.
Our contact details
We welcome your feedback and questions. If you wish to contact us, please send an email to info@kupto.co.uk.
We may change this privacy policy from time to time. You should check this policy occasionally to ensure you are aware of the most recent version that will apply each time you access this website.
How to complain
We hope that we can resolve any query or concern you raise about our use of your information.
The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone: 0303 123 1113.
Changes to this privacy notice
We may change this privacy notice from time to time; when we do we will inform you via email where appropriate.
Legal Bases for Processing
We use a number of different legal bases for processing your data. Further details on each of them are set out here.
Legitimate Interest – This means the interest of our business in conducting and managing our business to enable us to give you the best service and the best and most secure experience when buying our products. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.
Performance of Contract: This means processing your data where it is necessary for the performance of a contract between us and you (that is, selling you our products) or to take steps at your request before entering into such a contract. We use this to administer your order, ship your products, and take care of returns and refunds.
Comply with a legal or regulatory obligation: In some cases, we will process your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.
Consent: where we use your consent as the basis for processing your data, this means your affirmative, informed consent. We use consent as a basis for sending you our newsletter.