Privacy Policy - Vintage Style Mannequins

Who we are

Our website address is: https://vintagestylemannequins.co.uk

What personal data we collect and why we collect it

Comments

There is a blog in the ‘News’ section of the website where you are able to leave comments. When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contact forms

When you contact me through the contact form on the website, I will receive your email address to be able to reply to you. I will not add your email address to a mailing list of any kind. I will only ever email you to answer your question or to discuss your order. If you want me to ring you, then you can add your phone number and indicate you would like me to ring you. Again, I will never add your number to a contact list and will only ring you to discuss your question or order.

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Analytics

Who we share your data with

Other than our payment processor, we do not share your data with a third party. Our payment processor is ‘Stripe’ and when you make a card payment you are directed to their website. Once you have placed your order, I will have access to the contact and delivery details you entered during the payment process, but not your payment details, e.g. card number etc. Stripe’s security details are below and are taken from their website:

‘Stripe has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry. To accomplish this, we use the best-in-class security tools and practices to maintain a high level of security at Stripe.

Stripe forces HTTPS for all services using TLS (SSL), including our public website and the dashboard.

Stripe.js is served over TLS

Stripe’s official libraries connect to Stripe’s servers over TLS and verify TLS certificates on each connection.

We regularly audit the details of our implementation, including the certificates we serve, the certificate authorities we serve, and the ciphers we support. We use HSTS to ensure that browsers interact with Stripe only over HTTPS. Stripe is also on the HSTS preloaded lists for both Google Chrome and Mozilla Firefox.

All card numbers are encrypted at rest with AES-256. Decryption keys are stored on separate machines. None of Stripe’s internal servers and daemons can obtain plaintext card numbers but can request that cards are sent to a service provider on a static Allowlist. Stripe’s infrastructure for storing, decrypting and transmitting card numbers runs in a separate hosting environment, and doesn’t share any credentials with Stripe’s primary services (API, website, etc.’

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service.

Your contact information

If you have any questions about this policy or our use of your data, please contact me through the CONTACT PAGE

Additional information

How we protect your data

We use Stripe as our payment processor. Please see ‘Who we share your data with’ for more details. I do not add any of your contact information to mailing lists and will only contact you to discuss your order or respond to a query.