We at The Core Story™ respect your right to privacy and comply with our obligations under the Data Protection Acts 1988 and 2002 and the introduction of GDPR from May 25th 2018.
How we collect your information
We collect email addresses and contact details via our in-store and online competitions and surveys as part of our terms and conditions and also when customers sign up to our mailing list via our online portals. We only ever collect address details submitted to us as part of our online ordering system, to fulfill orders placed online or over the phone. We do not use details sourced from anywhere else.
Types of Information Collected
We retain two types of information:
1. Personal Data
This is data that identifies you or can be used to identify or contact you and may include your name, address, email address, user IP addresses in circumstances where they have not been deleted, clipped or anonymised, telephone number, and credit card billing information. We never have access to or store your payment card details. Such information is only collected from you if you voluntarily submit it to us. If you choose to use the website to buy something and do so as a “guest” we only record your details for the purpose of delivering your order, if you choose to set up an account with us, we will keep these details securely on our server until such time as you inform us that you want to delete the account.
2. Non-Personal Data
Like most web sites, we gather statistical and other analytical information collected on an aggregate basis of all visitors to our web site. This Non-Personal Data comprises information that cannot be used to identify or contact you, such as demographic information regarding, for example, user IP addresses where they have been clipped or anonymised, browser types and other anonymous statistical data involving the use of our web site.
Purposes for which we hold your Information
We use the Non-Personal Data (cookies) gathered from visitors to our web site in an aggregate form to get a better understanding of where our visitors come from and to help us better design and organise our web site.
We will process any Personal Data you provide to us for the following purposes:
- to provide you with the goods or services you have ordered;
- to contact you if required in connection with your order or to respond to any communications you might send to us;
- to send you Newsletters/Event Alerts for The Core Story™ and to communicate with you about association activities.
All of our emails have an unsubscribe link at the end which allows you to remove yourself from our mailing list. If you ever want to be removed outside of receiving an email from us, email [email protected] stating as much and we will remove you straight away. Once you have been removed by either method, we cannot re-add you using the same address. Please note all credit card or other payment information is transmitted using SSL encryption. All payment information details, including credit card numbers and bank details, are passed to payment portals with RealControl and PayPal and we never have access to these details or have the ability to retain these details. To comply with credit card payments and chargeback regulations, we do keep orders on file for 12 months but these copies are shredded once that period has expired.
Disclosure of Information to Third Parties
We may provide Non-Personal Data to third parties, such as Google, Facebook or Bing in the form of cookies to give an example. Where such information is shared, it is combined with similar information of other users of our web site. For example, we might inform third parties regarding the number of unique users who visit our web site, the demographic breakdown of our community users of our web site, or the activities that visitors to our web site engage in while on our web site. The third parties to whom we may provide this information may include potential or actual advertisers, providers of advertising services (including web site tracking services), commercial partners, sponsors, licensees, researchers and other similar parties. We will not disclose your Personal Data to third parties unless you have consented to this disclosure as part of an opt-in for one of our competitions or unless the third party is required to fulfil your order, ie, a courier service (in such circumstances, the third party is bound by similar data protection requirements). We will disclose your Personal Data if we believe in good faith that we are required to disclose it in order to comply with any applicable law, a summons, a search warrant, a court or regulatory order, or other statutory requirement.
Sales of Business
Your Personal Data is held on secure servers hosted by AWS. The nature of the Internet is such that we cannot guarantee or warrant the security of any information you transmit to us via the Internet. No data transmission over the Internet can be guaranteed to be 100% secure. However, we will take all reasonable steps (including appropriate technical and organisational measures) to protect your Personal Data.
Updating, Verifying and Deleting Personal Data
You may inform us of any changes in your Personal Data, and in accordance with our obligations under the Data Protection Acts 1988 and 2002 plus all of the guidance to comply with GDPR, we will update or delete your Personal Data accordingly. To find out what Personal Data we hold on you or to have your Personal Data updated, amended or removed from our database, please send an email to [email protected] which will be sent directly to The Core Story offices. Any such data subject requests may be subject to the time constraints but they will be followed up as soon as possible.