Privacy policy


    Privacy Policy

    This privacy policy describes how Shipton Mill Ltd (We / the Company) collect and use the personal information of our customers and prospective customers in accordance with the General Data Protection Regulation (GDPR) and other relevant legislation.

    We need to gather some data in order to offer the best website experience. We want to be transparent about why we need the personal details we request when you engage with us and our Website, and how we will use them.

    We will always take all reasonable steps within our power to keep your information safe, and will protect the privacy and security of your personal information.

    Please read this policy carefully, along with our Terms and Conditions and any other documents referred to within this policy to understand why we use, how we collect, and how we store your personal information.

    By providing us with your personal information, you consent to the collection and use of any information you provide in accordance with this privacy policy.

    Data protection principles

    Minors

    The Website is not intended for individuals under the age of 18. We do not intentionally collect Personal Information from children. If you are the parent or guardian and believe your child has provided us with Personal Information, please contact us to request deletion at enquiries@shipton-mill.com or call us on 01666 505050.

     

     

    We comply with the principles of data protection law. This says that the personal information we hold about you must be:

    1. Used lawfully, fairly and in a transparent way.
    2. Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
    3. Relevant to the purposes we have told you about and limited only to those purposes.
    4. Accurate and kept up to date.
    5. Kept only as long as necessary for the purposes we have told you about.
    6. Kept securely.

    For the purpose of the General Data Protection Regulations (GDPR) the data controller is Shipton Mill Ltd, Long Newnton, Tetbury, Gloucestershire, GL8 8RP.

    What data do we collect, and how do we collect your data?

    Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). There are "special categories" of more sensitive personal data which require a higher level of protection.

    We collect information when you interact with us. The information we may collect from these interactions may include, but is not limited to:

    1. Information you give to us
      • By filling in forms on our Website (www.shipton-mill.com) or sites we control
      • By sending it to us on social media
      • By filling in forms at shows, cookery classes, or events
      • By corresponding with us by email, telephone, in person, via our blog, or otherwise
      • By placing orders on our Website
      • By entering competitions, promotions or surveys, including via social media
      • By responding to one of our mailings, including our newsletter
      • By signing up to receive information from us, including but not limited to newsletter, stock alerts, product information including launches.

    The information we collect may include: your name, address, email address, telephone number, payment information, login information (customers), and shopping preferences including products, for example, what you may save on your “wish list” or “favourites”.

    1. Information we collect when you interact with our Website
      • By filling in forms on our Website (www.shipton-mill.com) or sites we control
      • By filling in forms at shows, cookery classes or events
      • By corresponding with us by contact form, phone, email, blog, in person or otherwise
      • By placing orders on our Website
      • By entering competitions, promotions or surveys
      • By responding to one of our mailings, including our newsletter or blog
      • When you participate in social media functions (e.g. commenting, sharing, liking, or reviewing stories, products or blogs)
      • When you report a problem with our Website

    The information we collect may include: Your internet protocol (IP) address, browser type and version details, time zone settings, browser plug-in types and version, your operating system and platform, the pages you visit, for how long and the actions you perform, page response times, your browser cookies, your shopping preferences and other areas of interest to you.

    COOKIES

    A cookie is a small amount of information that’s downloaded to your computer or device when you visit our Website. We use a number of different cookies, including functional, performance, advertising, and social media or content cookies. Cookies make your browsing experience better by allowing the website to remember your actions and preferences (such as login and region selection). This means you don’t have to re-enter this information each time you return to the website or browse from one page to another. Cookies also provide information on how people use the website, for instance whether it’s their first time visiting or if they are a frequent visitor.

    We use the following cookies to optimize your experience on our Site and to provide our services.

    Name

    Function

    Duration

    _ab

    Used in connection with access to admin.

    2y

    _secure_session_id

    Used in connection with navigation through a storefront.

    24h

    _shopify_country

    Used in connection with checkout.

    session

    _shopify_m

    Used for managing customer privacy settings.

    1y

    _shopify_tm

    Used for managing customer privacy settings.

    30min

    _shopify_tw

    Used for managing customer privacy settings.

    2w

    _storefront_u

    Used to facilitate updating customer account information.

    1min

    _tracking_consent

    Tracking preferences.

    1y

    c

    Used in connection with checkout.

    1y

    cart

    Used in connection with shopping cart.

    2w

    cart_currency

    Used in connection with shopping cart.

    2w

    cart_sig

    Used in connection with checkout.

    2w

    cart_ts

    Used in connection with checkout.

    2w

    cart_ver

    Used in connection with shopping cart.

    2w

    checkout

    Used in connection with checkout.

    4w

    checkout_token

    Used in connection with checkout.

    1y

    dynamic_checkout_shown_on_cart

    Used in connection with checkout.

    30min

    hide_shopify_pay_for_checkout

    Used in connection with checkout.

    session

    keep_alive

    Used in connection with buyer localization.

    2w

    master_device_id

    Used in connection with merchant login.

    2y

    previous_step

    Used in connection with checkout.

    1y

    remember_me

    Used in connection with checkout.

    1y

    secure_customer_sig

    Used in connection with customer login.

    20y

    shopify_pay

    Used in connection with checkout.

    1y

    shopify_pay_redirect

    Used in connection with checkout.

    30 minutes, 3w or 1y depending on value

    storefront_digest

    Used in connection with customer login.

    2y

    tracked_start_checkout

    Used in connection with checkout.

    1y

    checkout_one_experiment

    Used in connection with checkout.

    session

    Reporting and Analytics

    Name

    Function

    Duration

    _landing_page

    Track landing pages.

    2w

    _orig_referrer

    Track landing pages.

    2w

    _s

    Shopify analytics.

    30min

    _shopify_d

    Shopify analytics.

    session

    _shopify_s

    Shopify analytics.

    30min

    _shopify_sa_p

    Shopify analytics relating to marketing & referrals.

    30min

    _shopify_sa_t

    Shopify analytics relating to marketing & referrals.

    30min

    _shopify_y

    Shopify analytics.

    1y

    _y

    Shopify analytics.

    1y

    _shopify_evids

    Shopify analytics.

    session

    _shopify_ga

    Shopify and Google Analytics.

    session

     

    The length of time that a cookie remains on your computer or mobile device depends on whether it is a “persistent” or “session” cookie. Session cookies last until you stop browsing and persistent cookies last until they expire or are deleted. Most of the cookies we use are persistent and will expire between 30 minutes and two years from the date they are downloaded to your device.

    Please keep in mind that removing or blocking cookies can negatively impact your user experience and parts of our Website may no longer be fully accessible.

    Most browsers automatically accept cookies, but you can choose whether or not to accept cookies through your browser controls, often found in your browser’s “Tools” or “Preferences” menu. For more information on how to modify your browser settings or how to block, manage or filter cookies can be found in your browser’s help file or through such sites as: www.allaboutcookies.org.

     

    1. Information we receive from other sources
      • If you consent to hear from Shipton Mill Ltd on other sites
      • If we require information to execute a contract
      • If you visit one of our sites we may collect CCTV footage for security purposes only
      • If you contact our team members, including our sales representatives, directly, for example to discuss opening an account, or request advice
      • If you contact us via social media

    The information we collect may include: your name, address, email address, telephone number, payment information, login information (customers), payment card verification and CCTV footage.

    Legal basis we rely on to collect information

    The law on data protection sets out a number of different reasons for which a company may collect and process your personal data, including:

    1. To fulfil a service: We use your information to execute contracts or services that you have entered into. This includes communications relating to your order, deliveries and payments via phone, email and SMS (for example to let you know if a delivery is delayed or payment has failed). In order to process and fulfil your order, we may need to share your information with a third-party courier (eg delivery address) and payment processors (eg to collect payment).
    2. When you consent: We may use your personal information and order history to tell you about news, relevant products, events, and competitions. For example, when you sign up to a newsletter or tell us you want to hear from us by completing your preferences. You can ask us to stop sending you marketing messages by contacting us at any time. If you change your mind you can update your choices at any time by logging into your account or contacting us.
    3. If we have legitimate interest: The GDPR defines legitimate interest as a reasonable business or commercial interest for processing your personal information. For example, sending an email update when a product you previously ordered is back in stock.

    How will we use your data?

    Our Company collects your data so that we can process your order, and manage your account. By understanding our customers, trends and behaviours, we can provide a better and more relevant service.

    If you wish to change how we use your data, you’ll find details in the “What are my rights?” section below. Please note that if you choose not to share your personal data with us, or refuse certain contact permissions, we might not be able to provide some services you’ve asked for.

    What we use your data for and the legal basis which applies

    1. Service
      • To process your orders and services requested from us
      • To respond to your queries, complaints or refund requests
      • To keep a record of your relationship with us and your information up to date
      • To process payments
      • To save details of your past orders, for your order history and in case you want to repeat order
      • To remind you of your order cut-off deadline to enable you to place, amend or cancel an order
      • To let you know when you have an unconfirmed order in your basket.
      • To let you know about changes to your order or deliveries
      • To let you know about changes to our service (eg delisting products)
      • To check if you’d like to keep your account open after a period of no orders
      • To contact you by phone if we notice unusual activity in your account such as a significantly larger order than your regular order
    2. Consent
      • To invite you to events and cookery classes and process your bookings
      • To tell you about relevant new products and services you may be interested in based on your buying history
      • To tell you when a product you have purchased in the past is back in stock
      • To administer competitions and promotions
    3. Legitimate interest
      • To protect our Website and our customers (eg to investigate phishing or fraudulent activity)
      • To exclude you from online advertising and avoid unnecessary spend on marketing
      • To develop and improve our systems (eg pages you visit to investigate any problems you encounter with our Website)
      • To send you requests for feedback via surveys to help improve our service
      • To build a picture of who are current customers are and what they like, to inform our business decisions
      • To ensure the content on our Website is presented effectively for your device and is secure
      • To measure and understand advertising effectiveness through research and analysis
      • To contact you if we notice unusual activity in your account such as a significantly larger order than your regular order
      • To contact you if you cancel all orders to understand your reasons for leaving Shipton Mill Ltd

    Please note that if you purchase a gift for someone from Shipton Mill Ltd, we will need their personal details (for example name and address) in order to process the order and delivery. However, we will never contact them for any other purpose other than to process your gift.

    Who we share your information with:

    Sometimes we may share your data with trusted third parties for the legal bases defined above (service, legitimate interest and consent).

    An additional basis of ‘legal compliance’ applies here. We have a duty to pass on information to law enforcement agencies, if we become aware of people involved in fraud, non-payment or other criminal activity.

    We may also be legally bound to share your data in the future if Shipton Mill Ltd is subject to sale or asset transfer.

    Who we share your data with, how we protect it and your rights:

    1. Our business partners in order to fulfil our contract with you. Data is accessed from centrally maintained systems. No personal information is sent across the open internet. This includes sharing the information you provide for delivery with our couriers, in order that we can arrange for your order to be delivered to the place of your choosing.
    2. We use an external email platform provided by Klavyo to fulfil our service and marketing communication needs. Klavyo adheres to the GDPR when processing data for customers operating within the EU.

    Use of a third-party email provider is necessary and legitimate for us to execute the email service you sign up for with Shipton Mill Ltd.

    1. We use your Personal Information to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For example:
    • We use Google Analytics to help us understand how our customers use the Website. You can read more about how Google uses your Personal Information here: https://www.google.com/intl/en/policies/privacy/. You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
    • We use Shopify Audiences to help us show ads on other websites with our advertising partners to buyers who made purchases with other Shopify merchants and who may also be interested in what we have to offer. We also share information about your use of the Website, your purchases, and the email address associated with your purchases with Shopify Audiences, through which other Shopify merchants may make offers you may be interested in.
    1. Selected business partners you consent to hear from (for example when we run joint competitions with companies matching our ethics). If you enter a joint competition and tick a box agreeing that our partner can send you promotional information directly, we will share your information via the legal basis of consent which will be gained each time you enter a competition.

    The third party will have their own Privacy Policy which you should read to ensure you are comfortable with it.

    Do Not Track

    Please note that because there is no consistent industry understanding of how to respond to “Do Not Track” signals, we do not alter our data collection and usage practices when we detect such a signal from your browser.

     

     

    We only provide third parties with the information they need to perform the exact services we specify in our contract with them and we never sell your data to third parties. We work closely with them to ensure that your privacy is respected and protected at all times. If at any time we stop using third party services, any information held by them will either be deleted or rendered anonymous.

    Where we keep your information

    The data that we collect from you is stored within the European Economic Area ("EEA"). We take all reasonable steps necessary to ensure that your data is treated securely and in accordance with this privacy policy. Where we share your data with third parties, that information may be held outside of the EU but remains under the jurisdiction and strict principles of the GDPR.

    All information you provide to us is stored on our secure servers, except payment card information. To maintain the highest level of security, we never store or have visibility of your card details. We use a method called client-side encryption to take your card details. This means that your card details are encrypted on your device before they are sent to Shipton Mill Ltd. This encrypted data is sent to our payment provider Shopify ensuring that we are never able to see your card details.

    Shopify Payments is PCI compliant and supports 3D Secure checkouts. The Processor is Stripe Payments Europe, Ltd.

    All transactions and communication between your browser and our website are encrypted using the Transport Layer Security (TLS) protocol which is standard in modern web browsers. Where you have chosen a password which enables you to access certain parts of our Website, you are responsible for keeping this password confidential. Do not share your password with anyone and change it regularly.

    From time to time, our Website may contain links to third party websites – see our Terms and Conditions for more details. If you follow a link to any of these websites, please note that they will have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

    How do we store your data?

    We will hold your personal information on our system for as long as is necessary for the processing of our contractual obligations with you or when you give consent for us to keep your account open.

    If your account is closed either as part of our retention or as a request under Article 17 of the General Data Protection Regulation your personal information will be held securely on a deactivated basis for the remainder of our legal obligations to meet government financial and audit regulations for a maximum of 7 years unless there is an extended legal basis to retain for longer. Should you wish to become a Shipton Mill Ltd customer in the future, you will be prompted to set up a new account.

    What are your data protection rights?

    Our Company would like to make sure you are fully aware of all your data protection rights. Every user is entitled to the following:

    • To ask us not to process your data for marketing purposes
      • Update your preferences online on your account. Changes may take 48 hours to come into effect.
      • Email enquiries@shipton-mill.com
      • Call 01666 505050
    • To ask us to erase all of the personal information we hold about you (Right to Erasure also known as the right to be forgotten) (Article 17 GDPR)
      • Email enquiries@shipton-mill.com
      • Write to Shipton Mill Data and Compliance, Shipton Mill Limited, Long Newnton, Tetbury, Gloucestershire, GL8 8RP.

     

    The GDPR requires us to act upon the request within one month of receipt.

    *To request access to all of the information we hold about you (Article 15 GDPR)

      • Email enquiries@shipton-mill.com
      • Write to Shipton Mill Data and Compliance, Shipton Mill Limited, Long Newnton, Tetbury, Gloucestershire, GL8 8RP.

    The GDPR requires us to act upon the request within one month of receipt.

    *To ask us not to process your data for the purpose of our legitimate interest. We will action your request unless we believe the legitimate interest overrides your circumstances

    Changes to this policy

    This policy was last updated on 10th January 2023.

    Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy policy.

    Questions and Contact

    If you have any questions that haven’t been covered, please contact us who will be pleased to help you:

    *Email enquiries@shipton-mill.com

    *Write to Shipton Mill Data and Compliance, Shipton Mill Limited, Long Newnton, Tetbury, Gloucestershire, GL8 8RP.

    *Call 01666 505050

     

    If you would like to make a complaint, please contact us by e-mail or by mail using the details provided under “Contact” above.

    If you are not satisfied with our response to your complaint, you have the right to lodge your complaint with the relevant data protection authority. You can contact your local data protection authority, or our supervisory authority here:  https://ico.org.uk/make-a-complaint/

    If you are not satisfied with our response to your complaint, you have the right to lodge your complaint with the relevant data protection authority. You can contact your local data protection authority: https://ico.org.uk/make-a-complaint/.