Who we are
Heels2Bags is a small family run business based in Shropshire, UK. Our website address is: https://heels2bags.co.uk
What personal data we collect and why we collect it
We are committed to keeping buyers’ personal information secure and confidential. Lawful Basis for Processing Personal Data For the purposes of The GDPR, we are the Data Processor and process all personal data lawfully, fairly and in a transparent manner. Under Article 6 of The GDPR, the lawful basis on which we process personal data received is that of “Contract” – whereby processing is necessary in order to fulfill buyer orders and enquiries.
We retain information provided by you, such as transaction information for internal financial accounting purposes. It is a legal requirement to retain this information for a period of 7 years.
We receive personally identifiable information from you when you place an order on heels2bags.co.uk only when it is voluntarily submitted by buyers when placing an on-line order. The data we receive includes: name, billing address, delivery name, delivery address, e-mail address, telephone number, date of order, items ordered, value of items ordered, chosen method of delivery.
We may use any personal buyer information provided to:
Process and dispatch buyers’ order/s, via Royal Mail, carry out regulatory checks to meet our legal obligations, Prevent and detect crime, Develop and improve our products.
We treat all information we hold about buyers as private and confidential. We will not reveal any personal details or details concerning buyers’ orders to anyone not connected with us, unless: The buyer asks us to reveal the information, or we have a buyer’s permission to do so, We are required or permitted to do so by law, It is required by law enforcement, fraud prevention or credit reference agencies, Data Subject Access Requests.
Under The GDPR buyers are entitled to obtain from us a copy of the data held concerning them and to have any inaccuracies in the data rectified. We are obliged to provide this data to within 30 calendar days of the month of the request and free of charge. However we have the right to refuse or charge for requests that are manifestly unfounded or excessive and repetitive.
To request a copy please email firstname.lastname@example.org
Contact us & Comments
When visitors use the contact us form or leave comments on the site we collect the data shown in the form, and also the visitor’s IP address and browser user agent string to help spam detection.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
You may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you use our site in the future. These cookies will last for one year.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue. By law all business records must be retained for a minimum of 7 years therefore all personal data provided to us will be kept for this period in order for us to comply with UK laws.
What rights you have over your data
You can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where we send your data
We do not sell or rent personally identifiable information to any third party for any purpose. Only relevant personal data required for processing your order will be passed to a third party. In order for us to dispatch your order we must provide Royal Mail with your name and full address. This is the only time we pass any of your data to a third party and its sole purpose is for fulfilling the order you requested.