Dandelion Craft (“Dandelion”) complies with the EU Data Regulations and as such provides you with the following information about your data and how it is used by Dandelion and your rights with regard to this regulation.
Information Collected By Dandelion
Customer Orders Taken In The Shop
To fulfil your order, you must provide Dandelion with certain information such as your name and telephone number and the details of the product you’re ordering. You may also choose to provide Dandelion with additional personal information (custom orders, for example).
Customer Orders Taken Via Dandelion’s Website
This applies to products, workshops and event bookings bought via Dandelion’s website (www.dandelioncraft.co.uk) To fulfil your order, you must provide Dandelion with certain information such as your name, email address, postal address, payment information and the details of the product you’re ordering. You may also choose to provide Dandelion with additional personal information (custom orders, for example).
2. Why this information is required and how it is used
Dandelion relies on a number of legal bases to collect, use, and share your information, including:
as needed to provide our services, such as when your information is used to fulfil your order, to settle disputes, or to provide customer support;
when you have provided your affirmative consent, which you may revoke at any time, such as by signing up for Dandelion’s newsletter;
if necessary to comply with a legal obligation or court order or in connection with a legal claim, such as retaining information about your purchases if required by tax law; and
as necessary for the purpose of Dandelion’s legitimate interests, if those legitimate interests are not overridden by your rights or interests, such as providing and improving Dandelion’s services. Your information is used to provide the services you requested and in Dandelion’s legitimate interest to improve its services.
3. Information Sharing and Disclosure
Information about Dandelion’s customers is important to the business. Your personal information is shared for very limited reasons and in limited circumstances, as follows:
Service providers. Dandelion engages certain trusted third parties to perform functions and provided services to the shop, such as suppliers. Dandelion will share your personal information with these third parties, but only to the extent necessary to perform these services.
Business transfers. If the business is sold or merged, your information may be disclosed as part of that transaction, to the extent permitted by law.
Compliance with laws. Dandelion may collect, use, retain, and share your information if there is a good faith belief that it is reasonably necessary to: (a) respond to legal process or to government requests; (b) enforce Dandelion’s agreements, terms and policies; (c) prevent, investigate, and address fraud and other illegal activity, security, or technical issues; or (d) protect the rights, property, and safety of our customers, or others.
4. Data Retention
5. Transfer of Personal Information Outside the EU
Dandelion may store and process your information through third-party hosting services in the US and other jurisdictions. As a result, your personal information may be to a jurisdiction with different data protection and government surveillance laws than your jurisdiction. Dandelion is deemed to transfer information about you outside of the EU, Privacy Shield will be relied upon as the legal basis for the transfer, as Google Cloud is Privacy Shield certified.
6. Your Rights
If you reside in certain territories, including the EU, you have a number of rights in relation to your personal information. While some of these rights apply generally, certain rights apply only in certain limited cases. These rights are described below:
Access. You may have the right to access and receive a copy of the personal information Dandelion holds about you by contacting Dandelion using the contact information below.
Change, restrict, delete. You may also have rights to change, restrict Dandelion’s use of, or delete your personal information. Absent exceptional circumstances (such as where Dandelion is required to store data for legal reasons) Dandelion will generally delete your personal information upon request.
Object. You can object to (i) Dandelion’s processing of some of your information based on its legitimate interests and (ii) receiving marketing messages from Dandelion after providing your express consent to receive them. In such cases, Dandelion will delete your personal information unless there are compelling and legitimate grounds to continue using that information or if it is needed for legal reasons.
Complain. If you reside in the EU and wish to raise a concern about Dandelion’s use of your information (and without prejudice to any other rights you may have), you have the right to do so with your local data protection authority.
How to Contact Dandelion
For purposes of EU data protection law, I, Helen Morris, owner of Dandelion Craft, am the data controller of your personal information. If you have any questions or concerns, you may contact me at firstname.lastname@example.org. Alternately, you may mail me at:
Dandelion, 8, Henry Street, Glossop, Derbyshire SK13 8BW