Updated: March 3rd, 2019.
GDPR – What data will we potentially collect and store:
We may collect, store, and use the following categories of your personal data:
- Personal contact details such as name, title, address, email address and telephone number.
- Date of birth.
- Details of purchases and transactions via our website that are fulfilled by Shadow’s Edge Miniatures
- Records of Social Media or email correspondence.
How is your personal data collected?
We collect data that you provide voluntarily. Certain parts of our website may ask you to provide personal data voluntarily, to register an account with us, to place an order with us, to subscribe to marketing communications from us, and/or to submit questions or concerns to us.
We also collect some data automatically when you visit the website. Collecting this data enables us to better understand the visitors who come to our website and what interests them most about our website, products, and services.
Some of this data may be collected using cookies and similar tracking technology. We use “Cookies” to collect and use personal data about you, including to serve internet-based advertising. Please see our Cookies page (coming soon).
Why do we collect your personal data?
The situations in which we will process your personal data are listed below:
- To create an account for you to allow you to more easily purchase our products or services.
- To ensure that the Website is presented in the most effective manner for you and your device(s).
- To send you newsletters, product updates or services that you request from us, and to announce new products that we feel may interest you.
- To carry out our obligations arising from any sale or contract.
- To process refunds.
- To interact with you and communicate regarding sales, inquiries, or other topics related to our company that may be pertinent to you.
- To notify you about changes to our service.
- To contact you and to update you of any partially fulfilled or incomplete orders you have made.
- To analyses customer purchases within the Website and improve the quality of our website.
- To facilitate the improvement and optimization of our products and services to you.
- To store data about your preferences to allow us to customize our site and newsletters according to your individual interests.
- To monitor delivery and viewing of our newsletters to facilitate the improvement and optimization of the delivery of the newsletter to you.
- To handle any conflicts that may arise with you.
- To detect and prevent illegal activities within our website.
Our legal basis for collecting and processing the personal information described above will depend on the personal information concerned and the specific context in which we collect it. These reasons include the purpose of performing a sale or contract with you, processing your personal data is in our genuine interest and not overridden by your rights, processing when we have your consent to process your personal data, or where we have a legal obligation to collect and/or process your personal data.
If we collect and use your personal data for any valid reason (or those of any third-party), this reason will typically be for our valid business interest, to operate our website or other services necessary to provide our products to you, for interacting with you, responding to your enquiries in a timely manner, for monitoring our communications with you, analyzing customer purchases statistic, undertaking and optimizing marketing and contacting you in respect of incomplete orders, operating our gift card services, obtaining customer feedback, handling disputes, and for the purposes of preventing illegal activities. We may have other legitimate reasons for processing your personal data and, if appropriate, we will make clear to you at the relevant time what those reasons are.
What if we want to use your data for a different purpose?
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent where it is required by law.
Do we make sure your data is secure?
We have in place appropriate technical and organizational security measures to prevent your personal data from being lost or inappropriately accessed, altered, or shared. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal data. Shadow’s Edge Miniatures uses industry standard security policies and procedures and requires all third-party services providers are fully vetted and using best practices and standards. All payments are done under SSL certification. If you would like to hear more about the methods we have in place, please Contact Us.
Who do we share your personal data with?
We will share your data only with the entities listed below and only for the reasons listed above.
- Service providers
We share your personal data with third parties who provide services to us. The following activities all involve the processing of personal data and are carried out by Third-Party service providers: website hosting, payment processing, delivery, marketing materials, customer survey services, hosting and maintenance of social media platforms, IT services. Further details on our third-party service providers are available on request. Please contact us for more info.
All service providers are required to take appropriate security measures to protect your personal data. We only permit them to process your personal data for specified purposes in line with our requests. We have ensured that all of our service providers are GDPR compliant.
Do you transfer my data outside of the European Union (E.U.)?
We are based in the United States, so personal data, if provided, will be transferred outside of the E.U. We will only transfer your personal data outside the E.U. if adequate protection measures are in place.
How long do we keep your personal data?
We only retain your data for as long as necessary for the purposes described above, including for the purposes of satisfying any legal, accounting, or reporting requirements.
When we have no current legitimate business need to process your personal data, we will either delete or remove any personal identifying data and only use generic data (Items ordered, the quantity, and from what geographical region without personal data) for metric purposes. If deletion is not possible (due to backups or other extraneous situations) then we will securely store your personal data and remove it from any subsequent processing until such a time as it can be deleted.
To determine the appropriate retention period for personal data, we consider the sensitivity and volume of the personal data, the potential risk of harm from security breaches of your personal data, the purposes for which it has been processed, and if it is necessary for our purposes, and the applicable legal requirements.
What are your rights with your personal data?
Under certain circumstances, by law you have the right to:
- Request access to a copy of the personal data we hold about you.
- Request correction of any of your incomplete or inaccurate data we store.
- Request erasure of data (Right to Erasure) where there is no good reason for continued processing.
- Object to processing of your data where we are relying on a legitimate interest to process your data.
- Where we are processing your data for a purpose based on your consent, you have the right to withdraw your consent at any time.
- Request restriction to stop our processing of your personal data.
- Request transfer of your personal data to another party which you have provided to us.
- Opt-out of marketing communications which we send to you.
If you want to exercise any of these rights, please contact us.
Please note that we may need to request data from you to confirm your identity and establish your entitlement to these rights.
All requests will receive a response within 72 hours. All Erasure requests may take up to 14 days to complete the process once the identity is confirmed and the request approved.
If you are not satisfied with our processing of your personal data, you also have the right to make a complaint to the relevant supervisory authority. Please see here for the relevant contact details.
Please make sure your data is current and accurate.
It is important that the personal data we store is accurate and up-to-date. Please contact us immediately and inform us of any changes to your personal data, if we are currently storing it.
If you provide us with data about another person (Gift Certificates, orders mailed to other persons, etc), you confirm that you have informed them of our identity, the purposes for which their personal data will be processed, and that you have obtained their permission to do so.