We are strongly committed to protecting your privacy. We will not sell or share your data with a third party for any purpose not mentioned in this policy.
You can navigate the majority of our site without giving us any personal information about yourself. However, sometimes we need additional information about you in order to provide the information or services you are requesting.
Personal information that this website collects, why we collect it, and how it is stored
We will only ever collect, store and use your personal data when we have an identified lawful basis and reason to do so, such as keeping in touch with you or processing your payments for goods.
At present, we collect Personally Identifiable Information submitted to this website in the following ways:
We invite and enjoy your comments on our blog posts. In order for you to submit a comment, we have a form on our website. The personal information you provide on these forms includes your name and email. This helps us know who you are and also helps to prevent SPAM comments. We display your name when your comment is published, but we do not use your name or email address for any other purpose.
We have a form on our website that enables you to submit questions/information to us. The personal information you provide on these forms may include your name, title, company name, address, contact numbers and email.
Should you choose to contact us using a contact form on this website, the data submitted is collated into an email, encrypted and then sent over the internet to our email service provider, where we access your email. The email is securely stored on the servers of our email provider for us to access. We don’t store any of this data locally. We will only ever use this data in order to contact you in relation to your enquiry. You may request to see your data and ask for it to be deleted.
E-newsletter sign up
We use a third party provider called MailChimp to send our e-newsletters. When you sign up to our e-newsletter you are sharing your email and name with ourselves and MailChimp. Your details will only ever be used to send an e-newsletter when we have some new news and if you want to unsubscribe at any time then it is a simple matter of clicking the unsubscribe link at the bottom of the e-newsletter.
Payment for products
The ICO defines the lawful basis for processing your data for payment for products as ‘contractual’. To administer your payment we collect your personal data to:
- Send you items you have purchased from our online shop
- Process your payment for products
- Get in touch should there ever be any issues processing your payment
All electronic forms that request financial data will use the Secure Sockets Layer (SSL) protocol to encrypt the data between your browser and our servers.
If you use a debit or credit card to pay for a product we will pass your card details securely to our payment provider. Other payment methods are handled in a similar manner.
james & tilla waters comply with the payment card industry data security standard (PCI-DSS) published by the PCI Security Standards Council, and will never store card details.
Of course, we cannot guarantee the security of your home computer or the internet, and any online communications (e.g. information provided by email or our website) are at the user’s own risk.
Site visitation tracking
Like most websites, this site uses Google Analytics (GA) to track user interaction. We use this data to determine the number of people using our site, to better understand how they find and use our web pages and to see their journey through the website.
Website and server security
The way we store/use information
We store the information you provide about yourself in a secure environment in order to provide you with the information, products, and/or services you request. The information is stored for the lifetime of the system unless you request that it be removed. We continually review what information we hold, and delete what is no longer required. We use a number of third party data processors who are all compliant with strict data processing requirements.
All of the personal data we process is processed by our staff in the UK. However, for the purposes of IT hosting and maintenance your information may be situated outside of the European Economic Area (EEA). This will be done in accordance with guidance issued by the Information Commissioner’s Office.
Electronic data and databases are stored on secure computer systems and we control who has access to information (using both physical and electronic means). Our staff receive data protection training and we have a detailed data protection procedure which personnel are required to follow when handling personal data.
You must opt-in or give consent for us to share your identifiable information with third parties, who would be bound by a confidentiality agreement. However, the information you provide us about yourself may be shared with our employees to the extent necessary to accommodate your request. For example, if you provide your name, mailing address, telephone and email address, this information will be shared with appropriate personnel to fulfill your request.
Finally, unless otherwise excepted below, we would not use your personally identifiable information provided to us online for purposes other than those you requested without also providing you an opportunity to agree or otherwise limit such unrelated purposes.
We will take reasonable precautions to prevent the loss, misuse or alteration of information you give us. Whilst we endeavour to keep our systems and communications protected against viruses and other harmful effects we cannot bear responsibility for all communications being virus-free.
All traffic (transferral of files/data) between this website and your browser is encrypted and delivered over HTTPS.
Our website is protected by a web application level firewall. This website’s server is also protected by a firewall. It is hosted within a UK data centre. Some of the data centre’s more notable physical security features are as follows:
- 24 x 7 x 365 manned security and monitoring on site
- Smart Card access policies
- Internal and external CCTV systems
- Security breach alarms
Leaving our website
We are not responsible for the privacy practices or the content of any other websites linked to our website. If you have followed a link from this website to another website you may be supplying information to a third party.
Your Right to Access Your Data
We respect your right to control your data. You have a right to update, correct or delete your personally identifiable information at any time by contacting us. Your rights include:
- The right to be informed about how we capture, store and use your data.
- The right of access. If you wish to obtain a record of the personal data we hold about you, through a Subject Access Request, we will respond within one month.
- The right to rectification. If we have captured information about you that is inaccurate or incomplete, we will update it.
- The right to erase. You can ask us to remove or randomise your personal details from our records.
- The right to restrict processing. You can ask us to stop using your personal data.
- The right to data portability. You can ask to obtain your personal data from us for your own purposes.
- The right to object. You can ask to be excluded from marketing activity.
- Rights in relation to automated decision making and profiling. We respect your right not to be subject to a decision that is based on automated processing.
For more information on your individual rights, please see the Information Commissioner’s Office.
Making a complaint
We want to exceed your expectation in everything we do. However, we know that there may be times when we do not meet our own high standards. When this happens, we want to hear about it in order to deal with the situation as quickly as possible and put measures in place to stop it happening again.
We take complaints very seriously and we treat them as an opportunity to develop our approach. This is why we are always very grateful to hear from people who are willing to take the time to help us improve.
If you are still unhappy with how we have dealt with a complaint about how we use your data, please contact the Information Commissioner’s Office.