Last updated May 2018
For the purposes of data protection this policy refers to the 1998 Data Protection Act until 25th May 2018 and thereafter the EU General Data Protection Regulation (GDPR).
What is personal information?
Personal information, or personal data, refers to any information about an individual from which that person can be identified. It does not refer to anonymous data. Anonymous data is information where any personal identifiers have been removed.
What information do we collect?
When you purchase something from our store, we ask for, and collect, personal information such as your name, billing and delivery address, telephone number, email address, items ordered and payment details.
If you set up an online account with us, we will also store your password.
When you browse our store, we also automatically receive your computer’s internet protocol (IP) address in order to provide us with information that helps us learn about your browser and operating system.
If you sign up to receive our email newsletter, we will request and store your email address.
Mimosa Street and third-party providers of advertisements may also collect information regarding your visit to our website. This may include where you are geographically, how you were referred to us (e.g. search engines or email marketing), your browser and device type, the pages you viewed, the duration of your visit and any search terms used. This information may be collected even if you do not register an account with us.
We use Google Analytics to help us understand how our customers use the Site - you can read more about how Google uses your Personal Information here: https://www.google.com/intl/en/policies/privacy/. You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
How do we use your personal information?
We use this information to make your shopping experience as easy and enjoyable as possible.
- To process your order including delivery, payment and returns.
- Online account holders require an email address and password to access their account.
- To send you special offers and promotions that may be of interest if you have consented for us to do so. You may opt-out of receiving these messages at any time.
- Any information we collect about customers' browsing and buying habits is used for statistical analysis and to continuously improve the website and the products and services offered to our customers.
- To assist in the detection and prevention of fraud.
Why do we contact you?
If you have signed up for our newsletters, we contact you to update you about exciting new product launches, sales, offers and news. You can opt out of marketing emails at any time – see below for more details.
When you make a purchase online, we will contact you by email to notify you of updates to your order.
If successful when entering any of our competitions or prize draws we may contact you by email to notify you.
We will contact you by telephone if there is a problem with your order or if we need to get in touch regarding a refund.
What are your rights?
Right of access – You have the right to obtain confirmation that your data is being processed and request access to your personal data. You can make a request by emailing us using the form on the 'contact us' page.
In the first instance we will provide a copy of the information free of charge. However, we may charge a reasonable administration fee when a request is manifestly unfounded or excessive or to comply with requests for further copies of the same information, although this does not mean that we will charge for all subsequent access requests.
We will without delay and within 1 month of your request (subject to extensions in some cases):
confirm what personal data we hold about you; provide a copy of the data in commonly used electronic format if the request is made electronically; provide any supporting explanatory materials.
We can extend the time to respond by a further two months where requests are complex or numerous. If this is the case, we will inform you of this within one month of the receipt of the request and explain why the extension is necessary.
Data portability – In addition to your access right you can require us to provide a copy of your information that we hold in a commonly used machine-readable format.
Rights of Rectification and Erasure (the right to be forgotten) – You may ask us to correct or remove information you think is inaccurate or no longer necessary.
You can sign up to receive marketing communications through our online sign-up form, when you create an account or during the checkout process. Simply tick the opt-in box at any of these stages.
How to unsubscribe from marketing communications
If you do not wish to continue to receive marketing from us, click on the ‘Unsubscribe’ link in any email communications or log into your account to change your preferences.
We may disclose your personal information if we are required by law to do so.
Our store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you.
Your data is stored through Shopify’s data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall.
You can read more about how Shopify uses your Personal Information here: https://www.shopify.com/legal/privacy.
If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.
PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.
However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.
For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.
In particular, remember that certain providers may be located in or have facilities that are located a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its
Our site may contain links to and from the websites of our partner networks, advertisers and other third parties. If you follow a link to any of these websites, please note that they have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with an AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
Here is a list of cookies that are used by Shopify. We’ve included them here so that you can choose if you want to opt-out.
session_id is used to track a given user's session and allows for communication between two parts of the shop, for example the storefront and the cart. If a customer adds a product to their cart and navigates back to the storefront, the session_id cookie allows the cart to know the product was added to cart. The default expiry time for a customer login session is 24 hours. This default can be extended under special circumstances.
cart_token is a cookie generated when a cart is created that serves as a unique identifier for a particular cart as it is attached to a particular order. This token is also copied to the checkout from the storefront, otherwise it wouldn't be able to attach to a given order. Irrespective of whether or not someone is logged into their customer account, the cart cookie can be present on an individual browser for up to two weeks, depending on browser settings.
In addition, there is a cookie within the checkout which helps to prevent accidental sharing of a checkout. There are also tracking cookies used for analytics which allows Shopify to generate reports and overviews of the online store.
If you would like to find out more detailed information about cookies, how they work and how to control them, visit www.aboutcookies.org.
Questions and contact information