PURPOSE OF THIS PRIVACY STATEMENT
This Privacy Statement aims to give you information on how we collect and process the personal data we obtain about you when you interact with us. Maintaining the security of your data is a priority at Create & Craft, and we are committed to respecting your privacy rights. We pledge to handle your data fairly and legally at all times. We are also dedicated to being transparent about what data we collect about you and how we use it. This Privacy Statement, which applies whether you visit our website, use your mobile device or contact us over the telephone, provides you with information about:
- what personal data we collect;
- how we use the data we collect from you;
- whether we will disclose your details to anyone else;
- how we ensure your privacy is maintained;
- your choices and rights regarding the personal data you provide to us; and
We understand that there is a lot of information in this Statement, but we want you to be fully informed about your rights and how Create & Craft uses and looks after your data.
WHAT PERSONAL DATA DO WE COLLECT?
Create & Craft may collect the following information about you:
- your name, age/date of birth and gender;
- your contact details: postal address including billing and delivery addresses, telephone numbers (including mobile numbers) and email address;
- purchases and orders made by you;
- your Create & Craft password(s) (for security – these are kept in an encrypted format);
- when you make a purchase or place an order with us, your payment card details or bank account details. If you provide us with your debit or credit card details, we will encrypt and record them so that you can save time and use them when you next order with us;
- your communication and marketing preferences;
- your interests, preferences, feedback and survey responses;
- your geographical location;
- your correspondence and communications with Create & Craft, including recordings we may make when you contact our customer services; and
- other publicly available personal data, including any which you have shared via a public platform (such as a Twitter feed or public Facebook page).
This list is not exhaustive and, in specific instances, we may need to collect additional data for the purposes set out in this Statement. Some of the above personal data is collected directly, for example when you set up an on-line account on our website, send an email to our customer services team or enter a competition. Other personal data is collected indirectly, for example, from your browsing or shopping activity. We may also collect personal data from third parties who have your consent to pass your details to us, or from publicly available sources.
Our website is not intended for children and we do not knowingly collect data relating to children.
HOW WILL CREATE & CRAFT USE MY PERSONAL DATA?
Create & Craft may use the personal information that you provide or that is obtained by us for a number of purposes including the following:
To make our services available to you:
- to register you with our website and to administer our website services;
- to provide our goods and services to you and for associated purposes, including carrying out our obligations arising from any contracts entered into between you and us;
- to process any orders you make with us, including contacting you if we have any queries regarding your order;
- to respond to your queries, refund requests and complaints;
- where you have purchased a subscription to the Create and Craft Club, to provide you with the benefits of this club;
- to manage our loyalty rewards programme.
We need to process your personal data so that we can manage your customer accounts, provide you with the goods and services you want to buy and help you with any orders and refunds you may ask for. We do this on the basis of our contractual obligations to you, our legal obligations and our legitimate interests in providing you with the best service.
To contact and interact with you:
- to contact you about our products, services, offers which we think may be of interest to you, subject always to your marketing preferences;
- to contact you in relation to and to administer any prize draws, competitions or other promotions that you have entered or subscribed to;
- to invite you to take part in and manage customer surveys, questionnaires and other market research activities carried out by Create & Craft and by other organisations on our behalf, including contacting you for your feedback on our products and services, to enable us to review, develop and improve the products and services we offer. If you tell us that you do not want us to contact you for market research, we will respect this choice.
To manage and improve our services and operations:
- to help develop and improve our product range, services, information technology systems, know-how and the way we communicate with you. This allows us to serve you better as a customer.
- to enable us to comply with any legal or regulatory requirements and in the detection and prevention of theft, fraud or other crimes.
- to protect our business and your account from fraud and other illegal activities.
- to send you communications required by law (for example, a product recall notice or legally required information relating to your order) or which are necessary to inform you about changes to the services we provide. These service messages will not include any promotional content and do not require prior consent. If we do not use your personal data for these purposes, we would be unable to comply with our legal obligations.
We may supplement the information that you provide to us with information we receive from third parties.
We strive to provide you with choices regarding certain personal data uses, particularly around marketing. We have established a Preference centre where you can view and make certain decisions about your personal data use and marketing choices. If you choose to subscribe to our marketing programme, we may use your information to make decisions about you using computerised technology, for example, automatically selecting products or services which we think will interest you. We may keep you informed of such products and services (including special offers, discounts, offers, competitions and so on) by email, telephone, SMS text message or post. If you wish to amend your marketing preferences, you can do so either logging into your account and going to the Preference Centre, and then following the directions or by calling our Customer Services Team. We won't send you marketing messages if you tell us not to but we will still need to send you occasional service-related messages.
Please be aware that if you choose not to share your personal data with us, or refuse certain contact permissions, we may not be able to provide some services you’ve asked for. For example, if you withdraw your general consent to hear from us, we won’t be able to tell you about any of our great new product offerings, or whether a product you were interested in has come back into stock.
EXPLAINING THE LEGAL BASES WE RELY ON TO PROCESS YOUR PERSONAL DATA
The law on data protection sets out a number of different reasons for which a company may collect and process your personal data. The basis for our processing of your personal information may vary depending on the different purposes set out in the section above. These include:
Contractual obligations: We will need your personal data to comply with our contractual obligations, which includes selling and supplying goods to our customers. For example, where you have placed an order from our website the basis of our processing your personal information will be to process your order and perform the sales order contract between us. We’ll need to collect your address details to deliver your purchase, and pass them to our supplier or courier.
Legal compliance: If the law requires us to, we may need to collect and process your data. For example, in the prevention or investigation of fraud, other criminal or anti-social activity affecting our business, we may pass on details to law enforcement agencies, or where we are complying with our legal and regulatory obligations.
Legitimate interests: In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests. For example, we may use your purchase history to send you or make available personalised offers, or to improve and develop our website and/or our services and products made available to you, or in promoting, marketing and advertising our products and services.
Consent: In specific situations, we can collect and process your data with your consent. For example, where you have registered to receive email or SMS text notifications and/or promotional information from us the basis of our processing will be subject to your consent, which we will ask for and can be withdrawn by customers at any time. Where consent is the only legal basis for processing, we will cease to process data after consent is withdrawn.
We will communicate with you according to the preferences you set within the Preference centre of our website. You may change your preferences at any time. This includes an automated soft opt-in setting based on your purchase history that is in accordance with the Privacy and Electronic Communications Regulations. Any elections you make in the Preference centre will override the soft opt-in settings.
When collecting your personal data, we will make clear to you which data is necessary in connection with a particular service.
WHO MIGHT CREATE & CRAFT SHARE MY INFORMATION WITH?
We will share your personal information with third parties where required by law, where it is necessary to administer our agreement with you or where we have another legitimate interest in doing so.
We may share your personal information with other companies within our group from time to time. We share your personal information with other such entities to provide other services and products which might be of interest to you.
Service providers and suppliers
We work with carefully selected and trusted service providers who carry out certain functions on our behalf. These include companies that help us with technology services, storing and combining data, taking and processing payments and delivering your orders. For example, we share your name, address and contact details with courier companies to enable them to deliver the goods you have ordered to you. Some of our products are sent to our customers direct from our suppliers, and we will give those suppliers your name, address and contact details so that they can fulfil your order. When you are using our secure online payment gateway, your purchase is processed by a third-party payment processor, who specialises in the secure online capture and processing of credit/debit card transactions.
Please be assured that:
- We only share personal data that enables our service providers to provide their services to us or to facilitate them providing their services to you.
- All our third-party service providers and suppliers are required to take appropriate security measures to protect your personal information.
- We do not allow our third-party service providers and suppliers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
- If we stop using their services, any of your data held by them will either be deleted or rendered anonymous.
- We will not sell or rent your information to third parties.
Our advertiser partners
For some of our advertiser partners, where you purchase one of their products through our website, mobile app or over the telephone, we take your order and process payment on behalf of that advertiser, and then we transfer your data to that advertiser for fulfillment of your order. In those cases, you will become a customer of that advertiser and subject to their privacy policies and the terms and conditions. However, we do not pass your payment information to such advertiser partner.
Create & Craft’s loyalty rewards programme
When you register with Create & Craft as a customer, you will automatically be subscribed to our loyalty rewards programme, Maker Rewards. This programme is administered by a third party, Loyalty Prime Limited, on our behalf, and your data will be processed by that company for the purpose of providing you with the benefits of our loyalty programme.
What about other third parties?
We may share personal data with other organisations in the following circumstances:
- if required to by law, under any code of practice by which we are bound or we are asked to do so by a public or regulatory authority such as the Police;
- if we need to do so in order to exercise or protect our legal rights, systems and services (this includes providing personal data to others for the purposes of preventing fraud and reducing credit risk);
- for debt collection with a debt collection agency (where a customer defaults under their Flexi-pay plan);
- with third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Statement;in response to requests from individuals (or their representatives) seeking to protect their legal rights;
- for the administration of prize draws, competitions or promotions;
- we will share your purchase and contact details when required to do so by a regulatory authority.
To help personalise and monitor your journey through our website we currently use third parties who will process your personal data as part of their contracts with us. These currently include:
- IBM Tealeaf
- New Relic
- Google Tag Manager
We may also interact with you through social media sites such as Facebook, Twitter or Pinterest.
International transfers of your personal information
We may transfer your personal information to our suppliers or service providers based outside of the UK and the European Economic Area (EEA) for processing for the purposes described in this Privacy Statement. These countries may not have similar data protection laws to the UK. If we do this, we have procedures in place to ensure that your personal information will continue to be subject to an adequate level of data protection, for example by means of a contract incorporating the model contractual clauses approved by the European Commission or the US Privacy Shield scheme. We will also ensure that other appropriate safeguards are in place to ensure your information continues to be treated in accordance with applicable law.
COMMUNICATING WITH CREATE & CRAFT
When you call our customer services: Your call may be recorded (so we can act on any instructions you may give, including taking your order, and so we can improve our services to you). This call recording is retained for a period of 12 months. Any data you provide on a customer services call is entered into our CRM application (Numero) and is retained in line with our retention policy. Our call centre is provided by a third party service provider (Intelenet Global Services Private Limited).
When you email us: We will monitor any emails sent to us, including file attachments, for viruses or malicious software.
When you place an order through the IVR: We use a third party provider, Eckoh UK Limited, to provide our IVR service. Your order information is not recorded by Eckoh. They will however keep a record of the telephone number that you used to place your order through the IVR for 3 months.
When you use our Web Chat service: We use a third party provider, Eckoh UK Limited, to provide our Web Chat service, which we use to handle customer enquiries in real time.
When you complain to us: When we receive a complaint from a person we put together a file containing the details of the complaint which is entered into our CRM application. This normally contains the identity of the complainant (and any other individuals who may be involved in the complaint). We will only use the personal information we collect to process and resolve the complaint and to check on the level of service we provide. We will keep personal information contained in complaint files in line with our retention policy.
HOW LONG WILL CREATE & CRAFT KEEP MY DATA?
We will keep your personal information for as long as necessary and consistent with the purpose for which you have given it to us, including for the purposes of satisfying any legal, accounting, or reporting requirements . We will always retain your personal information in accordance with law and regulation and never retain your information for longer than is necessary.
At the end of that retention period, your data will either be deleted or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for business planning or statistical analysis. Where we anonymise data, we may use such information without further notice to you.
We will keep the personal data, including details of the product you purchase, which you provide to us when you place an order with us for six years so we can comply with our legal and contractual obligations, including the Consumer Rights Act 2015.
What is a cookie?
Our cookies do not contain confidential information such as your home address, telephone number or credit card details. We do not exchange cookies with any third party websites or external data suppliers.
Your web browser also generates other information, including which language the site is displayed in, and your Internet Protocol address (IP address). An IP address is a set of numbers which is assigned to your computer during a browsing session whenever you log on to the Internet via your internet service provider or your network (if you access the Internet from, for example, a computer at work). Your IP address is automatically logged by our servers and used to collect traffic data about visitors to our website. We do not use your IP address to identify you personally. Learn more about cookies and how we use them by visiting our Cookies Policy page.
SAFETY AND SECURITY
You can rest assured that shopping online with Create & Craft will be as safe and secure as shopping in a store. We have safeguards in place to prevent your personal information from being lost, stolen or damaged and to prevent cyber-attacks, phishing or other malicious activity.
How does Create & Craft keep my personal information safe?
- We require you to create a unique user name and password to sign into your Create & Craft account. For tips on keeping your password secure, please see below.
- We use up to date technology to provide you with reliable access to your account, and we have processes to back up all user data on a regular basis.
- We use additional security to protect payment information – please see How secure is my payment information? below.
- Before you enter any personal information or payment details, your browser will go into secure mode, protecting any information you input.
How can I keep my password secure?
We do appreciate that remembering passwords can be tricky, but setting effective and secure passwords on all the sites you use is vital in combating possible fraudulent activity using your personal details.You can control the safety of your password. Here are some important things to keep in mind:
- We will never ask you to disclose your password to us or anyone else, and you should not share it with anyone. For security, we store your password in an encrypted format.
- We recommend that you change your account password periodically. You can update your password at any time through the “My Account” page.
- A strong password contains a mix of numbers, letters and symbols and should only be used for your Create & Craft account. Avoid using obvious phrases like “password” or your name or phone number.
- You should log out of our website when you use a computer you share with other people.
- You can find useful guidance on how to secure your password, prevent online fraud and identity theft on many sites – for example the Google Safety Centre.
How secure is my payment information?
We realise how important it is to store securely any payment information that you provide. Our website uses high-level Secure Socket Layer (SSL) encryption technology. This technology prevents you from inadvertently revealing personal information when using an insecure connection. Encryption creates billions of code combinations to protect each transaction made on our website, so your card details cannot be viewed by anyone else using the internet. If you are using one of the more recent browser versions, our website supports 128 bit encryption.
We use Card Verification Value levels (CVV2) for “card not present” purchases. All online purchases therefore require this additional information to ensure that the person using the card has actual possession of it.
PCI-DSS Certification: Being compliant with PCI DSS means that we are doing our very best to keep our customers valuable information safe and secure and out of the hands of people who could use that data in a fraudulent way. PCI ensure technical and operational strengths to raise the bar on our security.
You can tell whether a web page is secure as ‘https’ will replace the ‘http’ at the front of the address in your browser address window. A small locked padlock will also appear at the bottom of your browser window.
Although we will do our best to protect your personal information, we cannot guarantee the security of your information transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. Using an unsecured network in a public place can be risky as unauthorised people may try to intercept anything you're doing online. We recommend you only connect to secure wireless networks that you trust, and to always be aware of the risks associated with using public WiFi. If you experience any strange activity on your account or suspect that your account has been compromised, please contact our Customer Services team who will arrange to secure your account and then investigate your concerns.
We may occasionally send you emails, but we would never send an email asking for your personal information, security information or log in details, or direct you to a web page that asks for this information. If you receive an email that appears to be from Create & Craft that you suspect is fraudulent, do not click on any links contained within the email or provide any credit card or log in details, but do let us know about it.
If you have any further concerns about security, please contact us.
LINKS TO OTHER WEBSITES
WHAT ARE YOUR RIGHTS OVER YOUR PERSONAL DATA?
You have the right to:
- have access to the personal information we hold about you (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- have rectified any incomplete, inaccurate or out-of-date personal information that we hold about you;
- have personal information we hold about you erased from our systems;
- object to processing of your personal data;
- have the processing of your personal information restricted; and
- request the transfer of the personal information we hold about you to you or to another party.
Please note that these rights may only apply in certain circumstances. You may only request details about yourself and no other person.
You also have the right to withdraw consent at any time where we are relying on consent to process your personal data.
If you wish to exercise any of the rights set out above, please contact us.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
If you do contact us to exercise any of these rights we may ask you to verify your identity and to provide other details to help us to respond to your request. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We will only use this information in order to verify your identity.
Where you believe Create & Craft have not taken their responsibilities seriously with regard to your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office. Further information, including contact details, is available at https://ico.org.uk.
CHANGES TO CREATE & CRAFT’S PRIVACY STATEMENT AND COOKIES POLICY
We may need to update this Privacy Statement and our Cookies Policy from time to time so you may wish to check occasionally to ensure you’re happy with any changes. We will mark each with the date of the most recent updates. If you do not agree to these changes, please do not continue to use this website or submit personal information to Create & Craft. If material changes are made to either this Privacy Statement or the Cookies Policy, for instance affecting how we would like to use your personal information, we will provide a more prominent notice (including, for certain services, email notification of Privacy Statement changes).
WHO ARE WE?
Create & Craft is a trading name of Ideal Shopping Direct Limited, a company registered in England and Wales under company number 01534758, whose registered office is at Ideal Home House, Newark Road, Peterborough, Cambridgeshire, PE1 5WG, United Kingdom.
CONTACT INFORMATION AND UPDATING YOUR ACCOUNT
We hope that you have found this Privacy Statement helpful in setting out the way we look after and handle your personal data. If you have any questions about how Create & Craft uses your personal data that are not answered here, or if you want to exercise your rights regarding your personal data, please contact us by any of the following means:
- phone us on: 0330 3321300
- e-mail us at: [email protected]; or
- write to us at: The Data Protection Manager, Ideal Shopping Direct Limited, Ideal Home House, Newark Road, Peterborough, PE1 5WG.
How do I change any details stored on www.createandcraft.com/gb/?
You can review, update, change or delete most information about yourself by going to the www.createandcraft.com/gb/ website, clicking on 'My Account' and enter your login name and password. Once logged in, change any of the details shown and click 'Change Details'. If you have any questions about how to change or update your information, you can contact our Customer Services team for help.
How can I get my name removed from the Create & Craft mailing list?
If you have registered to receive information from us, you can remove your contact details from our list by updating your account online as detailed above or by contacting our Customer Services team. We’ll action your request as soon as we reasonably can.
If you receive communications from us and wish to opt out:
- from email, please click the 'Unsubscribe' link on one of the emails, or
- if you receive an SMS from us, reply to the message with STOP.
- Alternatively, call our Customer Services team on 0330 3321300
This Privacy Statement was most recently updated in May 2018