Last updated: 15th October 2020
Who we are
What personal data we collect and why we collect it
You have the option to opt-in to marketing communications from us such as Newsletters and Offers. If you decide to opt-in, your name and email address will be sent securely to our email marketing database hosted at MailChimp. You are able to opt out of marketing communications any time by either emailing us (see below), or by clicking ‘unsubscribe’ in any marketing material you receive from us.
Comments or reviews
When visitors leave comments or reviews on the site we collect the data shown in the comments/review form, and also the visitor’s IP address and browser user agent string to help spam detection.
If you leave a comment on our site or place an order, you may opt-in to saving your name, email address, billing address and payment details (see more below on the secure storage of your payment details by our payment provider). These are for your convenience so that you do not have to fill in your details again when you wish to place another order. These cookies will last for one year. You do have the option of creating an account but not saving your payment details if you wish.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
Billing and Contact Tracing Information
We currently only accept payments by a Test Card, with no actual transfer of funds. Going forward, the below privacy statements will apply in all cases where SipApp has been deployed in a live environment, not in a non-demo capacity.
In order for our payment processor (Stripe) to process your payment, we are required to collect the following information:
- First and Last Name
- Payment Card Details
This information is sent in an encrypted form directly to Stripe who will process the transaction. Your payment information is not stored by us.
You do have the option to “store” credit cards on our site via a secure method called tokenisation. Tokenised payment methods can be used for convenience in future purchases. Credit card tokens include the last four digits of a card, the card brand/type, and its expiration date, mostly so the customer can identify which token is for which card.
Tokenisation is extremely secure. With tokenisation, customers’ actual credit card information is stored on the servers of our payment processor (Stripe) and not by us.
The only data saved on our site is in the form of a string of characters called a token. These tokens are designed to be useless outside the precise context they’re created for. Imagine if, when you exchanged your money for chips at a casino or ride tickets at a fair, those chips or tickets not only couldn’t be spent on anything outside the casino or fair but couldn’t be spent by anyone but you.
Tokens are super-specific — specific to you, the customer, specific to our website, specific to the payment gateway’s payment processor (Stripe), and specific to our merchant account with our processor, Stripe. If any of those factors aren’t precise, the token won’t work as a placeholder for a customer’s payment information.
Payment gateways that allow tokenisation require websites to meet higher security standards set by the payment processors, which we adhere to.
We are required by law to collect your contact details for a limited time for Contact Tracing purposes. The information we require is:
- First and Last Name
- Contact Telephone Number
- Some Order Details (Date and Time, and Table Number)
We use the date and time of orders created under each transaction so we are aware of when you were present. Your information is kept secure and is transmitted in an encrypted form. The padlock icon in the URL shows that the connection is secure. Contact Tracing information we have collected may be shared with a legitimate public health authority when requested.
Creating an account
You have the option at checkout to create an account with us. Creating an account is a great way of storing previous orders so that you can quickly re-order items you loved. In order to create an account, we require the following information:
- Email Address
Your username will automatically be created from your name and email address. A safe one-time password and account verification will be emailed to you. Once you verify your account, you will then need to change your password. This information is securely stored in an encrypted form on our server and can only be accessed by you. We have the ability to reset your password, but we cannot see what your password is.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
Who we share your data with
By design, we do not store credit/debit card numbers or security codes on our website. The payment gateway gives this sensitive information directly to the payment processor (Stripe) to process.
How long we retain your data
If you leave a comment or review, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information, but not your password.
Pending, Failed, and Cancelled Orders
Pending orders are unpaid and may have been abandoned by a customer. Failed orders are unpaid and may have been abandoned by a customer. Cancelled orders are unpaid and may have been cancelled by us, or a customer. Pending, Failed, and Cancelled orders are automatically deleted after 2 days.
In order to comply with contact tracing initiatives, unless you have setup an account with us, we will retain data in completed orders for 2 weeks before anonymising the personal data within them. Our payment process, Stripe, requires us to store unique tokens, including Stripe Customer ID and Source ID. These will be deleted after 2 weeks.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. Please email us at firstname.lastname@example.org. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Our contact information
Data Protection Officer: Daniel Chesney
How we protect your data
Your data security is of the upmost importance to us. Not only do we not store your payment information, but our servers are based within the EU and are thus compliant of strict EU security laws. For more information on our servers, please visit our supplier: www.ionos.co.uk.
Our website’s connection to our server is secure (HTTPS with an SSL certificate – look for the padlock in the URL) with all information sent encrypted. Passwords are stored securely and in an encrypted form.
Moreover, if you decide to create an account with us, your details are stored in an encrypted database and only accessible by you.
What data breach procedures we have in place
In the event of a data breach, our data protection officer and/or site administrators will be in touch with you immediately. Upon doing so, we will reset the passwords of affected user(s).