Here at The Dartmoor Soap Company we take your privacy seriously – collecting only the data we need to be able to provide you with our services. We do not share your data with any other organisations, and make every effort to ensure that the data we hold is kept secure.

What personal data we collect and why we collect it:

Buying from Our Shop

When you visit our shop checkout, we collect your order details, billing and delivery information, and any other contact details that you provide us with. This information is collected solely for the purposes of processing your order.

Payment Details

We do not collect or hold any card details. All payments are processed externally to our site, by PayPal – their privacy policy is available at: https://www.paypal.com/en/webapps/mpp/ua/privacy-full

Comments & Reviews

If you leave comments or reviews on our website, we collect the data shown in the comments form, and also your IP address and browser user agent string to help with spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Contact forms

If you use the contact form on our website, your name, email address and message are sent directly to us in the form of an email from the website. We will then hold this information for the purposes of replying to your message, and for any continuing correspondence.

Mailing List Sign-Up

If you sign up for our mailing list, we will hold your email address for the purposes of sending you newsletters and news items from our website. The service involves a “double opt-in”, so that email addresses entered on the site are verified through the sending of a confirmation email – if the email address is not confirmed, then we do not retain it. You can opt out of the service at any time, by clicking on the “Unsubscribe” link, or by contacting us. The service is provided by MailChimp – their privacy policy is available at: https://mailchimp.com/legal/privacy/

Accounts

If you create an account on our website, your username and email address will be stored in the site database. Passwords are converted to an anonymized string (also called a hash), through the use of a one-way encryption algorithm, and it is only this anonymized string that is securely stored by the site. The password itself cannot be accessed, or re-created from the hash – by us or anybody else. The website also stores any other personal information that you provide in your user profile. You can see, edit, or delete your personal information at any time. Our website administrators can also see and edit that information.

Cookies

If you leave a comment, leave a review or sign up for an account on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you place products in your shopping basket, we will set three cookies to help manage your shopping experience. The first two cookies contain information about the basket as a whole and help the site know when there have been changes to the items in the basket. The final cookie contains a unique code for each customer so that it knows where to find your basket data in the database. No personal information is stored within these cookies.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

When you visit our site, Google Analytics (see below) sets a cookie to enable it to distinguish individual users, which expires after 2 years. It also sets a temporary cookie, which expires after 1 minute, to control the rate of exchange of data with its servers. The cookies do not contain any personally identifiable data.

Embedded content from other websites

Pages on this site may include embedded content (such as Google Maps or YouTube videos). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account (such as a Google account) and are currently logged in to that account in your web browser.

Analytics

We use Google Analytics to collect information about the number of visits to our site. We use a standard implementation of Google Analytics, which does not store any personally identifiable information. Visitors’ IP addresses are used, where possible, to determine the area in which their device is located but the IP address itself is not data that can be accessed through Google Analytics. All data in Google Analytics is aggregated and anonymised.

Security and Spam Protection

This site employs software to protect against unauthorised login, spam and other malicious activity. Where malicious activity is detected, the IP address from which it originated will be stored.


How long we retain your data

If you leave a comment or review, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

If you provide us with your contact details or other information, we will retain it indefinitely, unless you have specifically requested otherwise or until such time as you request that it is removed. During the time that we retain your details, we will use them only for the purpose(s) for which you gave your consent – such as corresponding over a question or request, receiving news updates, or for processing orders from our shop.


What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.


Where we send your data

This site is hosted on a secure server situated within the EU. Information provided when you sign up to the email subscription service may be held by MailChimp on servers outside the EU, where it is safeguarded to the same standards as if the data was held within the EU – see: https://mailchimp.com/legal/privacy/

Your contact information, and information for processing your orders may also be held securely in our own computer and paper records systems. Some data held in our own systems is also stored in secure cloud storage provided by Microsoft, where it remains private and is held on servers based in the EU or on servers where it is safeguarded to the same standards as if the data was held within the EU – see: https://products.office.com/en-gb/business/office-365-trust-center-privacy


How we protect your data

This site employs a secure (https) connection and, as such, any data you exchange with the site is transmitted over a secure, encrypted connection – details of our security certificate can be viewed by clicking on the symbol to the left of our website address in your browser address bar. Access to data held within the site, within our own computer systems and cloud storage, or within our account with MailChimp (the providers of the email subscription service) is password-protected and subject to additional layers of security.


What data breach procedures we have in place

If we suspect that there has been any unauthorised access to, or disclosure of, the personal data we hold, we will immediately inform anyone who we believe may have been affected.


Our contact information

For any matter related to privacy or the storage and processing of personal data, please contact us at: hello@thedartmoorsoapco.co.uk