Privacy Policy

THIS POLICY WAS UPDATED ON 24/5/2018


Nifty Needles understands that your privacy is important to you and that you care about how your information is used and shared online. We respect and value the privacy of everyone who uses our services and will only collect and use information in ways that are useful to you and in a manner consistent with your rights and our obligations under the law.

This policy applies to Our use of any and all data collected by Us in relation to your use of Our services.

Please read this Privacy Policy carefully and ensure that you understand it.


By visiting Our website and using Our services you agree to the terms of this policy. This privacy policy may change from time to time. If any changes are made, then you will be notified by revising the date at the top of this policy.


1. About Nifty Needles

The Data Controller is Nifty Needles (referred as “We”, “Our” or “Us” in this policy).

We are a UK based business offering a wide range of Craft related services, operating since 2013.

Nifty Needles is owned and operated by –

Nancy Moreland

36 Rosevale Road, Banbridge, County Down, BT32 3QJ, Northern Ireland Phone 078 6018 6261

You can learn more on Our ‘About Us’ page from Our website –

https://store11663069.ecwid.com/


2. How information is collected

Here is how Nifty Needles collects your information –

• By subscribing to one/both of Our Mailing Lists

• By email via the website - http://nifty-needles.com/index.html

• By private message via Our Facebook page - https://www.facebook.com/fibrecottage

• If you purchase a pattern via Our online shop or Craftsy

• If you enrol in any of Our workshops, classes, courses or Retreats

• If you enrol in any of Our BOM pattern subscriptions

• If you book into Our Residential or Day Retreats

• If you book a community group demonstration or workshop.

   

3. What data do we collect?

When you enrol in a workshop, course or Retreat, We require personal information about you to process purchases, enrolments into classes, workshops and/or Retreats. We work on a Lawful Basis of Consent, so can only receive/use this information with your consent. The types of personal information may include –

• Name

• Address/email address

• Telephone number

• Next of Kin (Retreat purposes only)

• Medical/Allergies/dietary requirements (Retreat purposes only)


Sensitive Data

The only sensitive data that We will request is in regard to any relevant medical conditions or allergies, that We should be aware of to ensure your health and safety if you enrol in any of Our residential or one day Retreats. This information is kept securely and never shared with anyone unless it is in your best interest to do so and then it is done discreetly and securely.


Children’s Data

Our service does not address anyone under the age of 13 (“Children”). If you are a parent or guardian and you are aware that your child or children have provided Us with personal data, please contact Us. If We become aware that We have collected personal data from children without verification of parental consent, We will take steps to remove that information.


4. How do we use your data?

All personal data is stored securely in accordance with the EU General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR). Your personal data is never sold or given away to any unauthorised third party.

We use your data to provide the best possible service to you. This includes –


4.1 Mailing Lists Retreats & Workshops

If you decide to join one/both of Our mailing lists via any of our many sign-up options, then your email address is all that we require in order to send you our list of upcoming workshops/classes or information on upcoming Retreats.

At the bottom of every email you receive from Us (via Mail Chimp) will include a link to unsubscribe. You may unsubscribe from the mailing list at any time. If you have trouble unsubscribing or would like to be removed from the mailing list, then simply send Us an email at info@nifty-needles.com asking to be removed.


4.2 BOM Pattern subscription

If you decide to enrol in one of Our BOM pattern subscriptions, We require your name, address or email address depending on format (PDF or printed) purchased in order to fulfil your monthly subscription.

   

4.3 Retreat Application/booking form

If you decide to book into either Our Residential or One Day Retreats, We require the following –

• Name

• Contact number of applicant

• Next of kin (Name & contact details)

• Relevant Medical condition/allergies

• Relevant dietary requirements

• Permission for use of photographs being taken for promotion purposes


4.4 Classes/Workshops

If you decide to enrol in any of Our weekly classes, courses or one day workshops, then your name and phone contact details is all that We require.

This information is required so that We can contact you in relation to any class/workshop you have enrolled in.


4.5 Community Group demonstrations/workshops

If a community group decides to book Us to do a demonstration or workshop, then all we require is the name/email address (if relevant) and contact details of the lead person of that group along with the group name and address of the venue.

This information is required so that We can contact the lead person of the group in relation to any queries that may arise in connection to the upcoming demonstration or workshop.


4.6 Online Purchases

Currently We offer our patterns (in PDF form) for sale, through our online store - http://nifty-needles.com/NiftyEcwidShop.html

And our Craftsy Shop - https://www.craftsy.com/profile/nifty-needles


Online purchases made through Ecwid and Craftsy deal with all the data information collection and they retain their own data. We do not have information that is collected by Ecwid and Craftsy. Their individual policies are as follows –

Ecwid - https://www.ecwid.com/privacy-policy Craftsy - https://www.nbcuniversal.com/privacy/full-privacy-policy


However, We are sent a confirmation email from either Ecwid or Craftsy to inform Us that a PDF purchase has been made with the customers name only and that payment has been credited to our PayPal account.


4.7 Under GDPR We will ensure that your personal data is processed lawfully, fairly and transparently, without adversely affecting your rights. We will only process your personal data if at least one of the following basis applies –

• You have given consent to the processing of your personal data for one or more specific purposes;

• Processing is necessary for the performance of a contract to which you are a party or in order to take steps at the request of you prior to entering into a contract;

• Processing is necessary to protect the vital interests of you or of another natural person;

• Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; and/or

• Processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are over ridden by the fundamental rights and freedoms of the data subject which require protection of the personal data, in particular where the data subject is a child;


5. Social Media

Nifty Needles uses various Social Media platforms. We are not responsible for what you post on Nifty Needles social media channels.


6. How do we store your data?

We know how important it is to keep your data secure.

To prevent unauthorised access, maintain data accuracy, and ensure the correct use of information, We have put in place appropriate physical, electronic and managerial procedures to safeguard and secure the information you have given us.

We use technical safeguards, such as firewalls, anti-virus and passwords, and access to your data is only given to employees who need it to carry out their job responsibly.

We enforce safeguards in connection with the collection, store and disclosure of personal data. We have put appropriate checks and protection in place to ensure that your data is protected in line with this policy.

We only keep your data for as long as We need in order to use it as described above in section 4, and/or for as long as we have your permission to keep it. In any event, We will conduct an annual review to ascertain whether We need to keep your data or update any changes to your personal data.


7. Do we share your data?


7.1 We may contract with third parties to supply products and services to you on Our behalf. These may include payment processing, delivery of goods, advertising and marketing. In some cases, the third parties may require access to some or all of your data. Where any of your data is required for such a purpose, we will take all reasonable steps to ensure that your data will be handled safely, securely, and in accordance with your rights, Our obligations, and the obligations of the third party under the law.


7. 2 We currently contract with the following third parties-


EMAIL MARKETING 


Third Party: Mail Chimp Personal Data: Email Address

Purpose: To provide you with informational and marketing emails

Lawful Basis: Consent


PROCESSING ORDERS OF GOODS AND SERVICES 


Third Party: Ecwid

Personal Data: Name. Email Address,

Purpose: Online shopping cart which allows us to collect payment for goods

Lawful Basis: Contract


Third Party: Craftsy

Personal Data: Name. Email Address,

Purpose: Online shopping cart which allows Us to collect payment for goods & services

Lawful Basis: Contract


Third Party: Royal Mail

Personal Data: Name. Postal Address

Purpose: To arrange delivery of products you have purchased or requested

Lawful Basis: Contract


Third Party: PayPal

Personal Data: Name, Email Address, Postal Address, Telephone Number, Payment information

Purpose: Payment Processing

Lawful Basis: Contract


WEBSITE ADMINISTRATION 


Third Party: Go Daddy

Personal Data: Name, Email Address, IP Address,

Purpose: Website Hosting

Lawful Basis: Legitimate Interests


Third Party: McAfee Firewall

Personal Data: IP Address,

Purpose: To protect Our website from cyber-attacks

Lawful Basis: Legitimate Interests


RECEIVING AND RESPONDING TO CUSTOMER ENQUIRIES 


Third Party: Gmail

Personal Data: Name, Email Address, Other Contact Information

Purpose: To allow Us to maintain contact with our customers, prospective customers and suppliers

Lawful Basis: Contract


Third Party: Go Daddy

Personal Data: Name, Email Address, Other Contact Information

Purpose: To allow Us to maintain contact with our customers, prospective customers and suppliers

Lawful Basis: Contract


Third Party: BTinternet

Personal Data: Name, Email Address, Other Contact Information

Purpose: To allow Us to maintain contact with our customers, prospective customers and suppliers

Lawful Basis: Contract


Retreat Enrolments


Third Party: Retreat Accommodation

Personal Data: Dietary requirements or food allergies

Purpose: To allow Us to ensure your health & safety during the Retreat, however no names are passed onto the Retreat accommodation

Lawful Basis: Contract


8. Summary of your rights under GDPR


Under GDPR, you have –

• The right to be informed of what data processing is taking place;

• The right to request access to, deletion of or correction of your personal data held by us;

• The right to object or restrict how your data is processed;

• The right to data portability;

• The right to complain to a supervisory authority


If you request your personal data, We may ask for proof of identity before supplying it to you.


You have the right to withhold information or to withdraw information after you have given it, but understand, that in doing so, this may restrict Us in giving you the amount of service that we could provide you.


9. Contacting us

If you have any questions about this Privacy Policy, please feel free to contact Us - info@nifty-needles.com