FREE FROM DIRECT PRIVACY STATEMENT
SECTION 1 - WHO ARE WE & WHAT DO WE DO WITH YOUR INFORMATION?
The Site is owned and operated by Free From Direct Ltd 10132869 of 36 Gorsey Place, Skelmersdale, Lancashire, England, WN8 9UP (our Company Address). Free From Direct Ltd processes personal data as a Data Controller, as defined in the Directive and the General Data Protection Regulation (GDPR).
Free From Direct Ltd respects your privacy and is committed to protecting your personal data. This privacy notice will inform you as to how we look after your personal data when you visit our website (regardless of where you visit it from) and tell you about your privacy rights and how the law protects you.
When you purchase something from our store, as part of the buying and selling process, we collect the personal information you give us such as your name, address and email address, login details, telephone numbers, bank/credit card information and location data.
With your express permission, we may send you emails about our store, new products and other updates.
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
Where we need to perform the contract we are about to enter into or have entered into with you including but not limited to executing your orders.
Where we need to collect data for website traffic purposes using Google Analytics.
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
Where we need to comply with a legal or regulatory obligation.
SECTION 2 - CONSENT
We rely upon express consent to use and process the data described above. This data is necessary for our legitimate interests and for us to fulfil our contractual obligations to you, and we rely on this as a lawful basis to use and process the data described above.
When you provide us with personal information to register as a customer, complete a transaction, verify your credit card, place an order or arrange for a delivery or return a purchase, we process your data in order to fulfil our contract with you. If we ask for your personal information for a secondary reason, like marketing, we will either ask you directly for your expressed consent, or provide you with an opportunity to opt-out.
How do I withdraw my consent?
If after you opt-in, you change your mind, you may withdraw your consent for us to be continued collection, use or disclosure of your information, anytime, by contacting us at email@example.com or mailing us at
Free From Direct
36 Gorsey Place
SECTION 3 - DISCLOSURE
We may have to share your personal data if required to do so by law and with the following third parties set out below for the purposes set out above.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We use third parties including but not limited to Google Workspace, Amazon, Paypal, Ebay, Shopify, Royal Mail, Hermes Parcelnet, Zenstores, Shipstation, Mailchimp.
These third parties have access to data we share with their platforms. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
SECTION 4 - SHOPIFY
Our store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you. Your data is stored through Shopify’s data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall.
If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers. For more insight, you may also want to read Shopify’s Terms of Service here or Privacy Statement here.
SECTION 5 - THIRD-PARTY SERVICES
In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to Us.
We will use our reasonable endeavours to enquire our third parties on their data protection policy without guaranteeing their compliance.
However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.
For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers. We are not responsible for the content, accuracy or opinions expressed on any provider or third party websites. In particular, remember that certain providers may be located in or have facilities that are located a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.
Third Party Links
When you click on links on our website, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
SECTION 6 - Data Retention
We will only keep your personal data for as long as is necessary for the performance of the original legitimate purpose for collecting the information and/or for as long as we have your permission to keep it. Upon your confirmation that you have received our report and require no further services, we shred all hard copies and delete all electronic files and related emails. We also consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements to determine if expedited deletion is necessary. You have the right to request deletion of your personal data at any time.
SECTION 6 - SECURITY
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed. If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry Standards.
Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Site; any transmission is at your own risk. Once we have received your information, we use strict procedures and the security features described above to try to prevent unauthorised access.
SECTION 7 - COOKIES
Some of the cookies we use are essential for the Site to operate. If you use your browser settings to block all cookies (including essential cookies), you may not be able to access all or parts of our Site.
Before any non-essential cookies are placed on your device, you will be shown a pop-up message requesting your consent to setting those cookies. By default, most internet browsers accept cookies, but you can choose to enable or disable some or all cookies via the settings on your internet browser. Most internet browsers also enable you to choose whether you wish to disable all cookies or only third party cookies. For further details, please consult the help menu in your internet browser.
We use the following cookies. We’ve listed them here so you that you can choose if you want to opt-out of cookies or not:
Strictly necessary cookies. These cookies are required to save your session and to carry out other activities that are strictly necessary for the operation of the Site. They include, by way of general example, cookies that enable you to log into secure areas of the Site, use a shopping cart, or make use of e-billing services. These cookies are session cookies, which means they’re temporary and will expire when you close your browser.
Analytical/performance cookies. These cookies allow us to recognise and count the number of visitors and to see how visitors move around the Site when they’re using it. These cookies help us improve the way the Site works by, for example, ensuring that users are finding what they’re looking for easily.
Functionality cookies. These cookies are used to recognise you when you return to the Site. They enable us to personalise our content for you, greet you by name and remember your preferences.
Targeting cookies. These cookies record your visit to the Site, the pages you visit, and the links you follow. We use this information to make the Site and the advertising displayed on it more relevant to your interests. We also share this information with third parties for the same purpose.
Social Media cookies. These cookies work together with social media plug-ins. For example, when we embed photos, video and other content from social media websites, the embedded pages contain cookies from these websites. Similarly, if you choose to share our content on social media, a cookie may be set by the service you have chosen to share content through.
SECTION 8 - AGE OF CONSENT
By accessing and using this site, you represent that you are at least the age of majority in your state or province of residence, or that you are the age of majority in your state or province of residence and you have given us your consent to allow any of your minor dependents to use this site.
If our store is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell products to you.If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
SECTION 10 - YOUR RIGHTS
You have the right to ask us not to process your personal data for marketing purposes. We will get your express opt-in consent before we share your personal data with any third parties for marketing purposes. You can exercise your right to prevent such processing by contacting us at the Company Address.
You have the right to access information held about you and to ask for a copy of such information. Please contact us for more details at the Company Address or via email at firstname.lastname@example.org
Under the GDPR, you have the right to:
Request access to, or deletion or correction of, the information that we hold about you.
Be informed of what data we hold and the purpose for processing the data, as a whole or in parts.
Be forgotten and have your data erased by ourselves and our affiliates (although this is not an absolute right).
Correct or supplement any information we hold about you that is incorrect or incomplete.
Restrict processing of the information we hold about you (for example, so that inaccuracies may be corrected).
Object to the processing of your data.
Obtain your data in a portable manner and reuse the information we hold about you.
Complain to a supervisory authority.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
QUESTIONS AND CONTACT INFORMATION
If you would like to: access, correct, amend or delete any personal information we have
about you, register a complaint, or simply want more information contact our Privacy Compliance Officer at email@example.com or by mail at
Free From Direct
36 Gorsey Place