The GDPR requires website administrators to provide a responsible approach to your private data, the way we use it, how it is stored and what you can do if your data is breached or is misused. This is a European requirement and reinforced version of existing privacy legislation, that has arisen following several serious breaches on well known internet websites.
Our obligation is to ensure you are informed and confident in the way we are providing well designed systems and safeguards to protect your data from abuse and misuse.
We must also tell you if anything goes wrong with that system, how we deal with it and how you can see what data we hold on you. You also have the right to request to see all data we hold about you and on you request, that it should be permanently deleted from our system.
We adhere as closely as possible to the guidelines set out by the ICO and the following sections will detail in clear and plain language everything to do with the data we hold about you
Please read all the sections following in this document and remember to check the consent boxes to remind you that you have allowed us to collect the data being sent to us. In all cases, the consent boxes will link back to this document so that you can review the data we collect, how we use and store it and what your rights are to delete or see what we hold about you.
Throughout this document, we may use certain words or phrases, and it is important that you understand the meaning of them. The following is a non-exhaustive list of definitions of words and phrases found in this document:
“Service” refers to the services that we provide and our Site itself;
“Site” refers to our websites, i.e. https://www.kashkalondon.com, https://www.kashkalondon.com, https://www.kashka.co.uk, domains and/or its subdomains;
“KASHKA London” refers to our company, registered as “The Small Luxuries Trading Company Limited”, our Site, our Service, or a combination of all or some of the preceding definitions, depending on the context in which the word is used;
“User” refers to anyone who uses our Service, including general visitors to our Site;
What personal data we collect and why we collect it
If you register on our website, we store your chosen username and your email address and any additional personal information added by yourself to your user profile. You can see, edit, or delete your personal information at any time (except changing your username). Website administrators can also see and edit this information.
As is true of most websites, we gather certain information automatically and store it in log files. In addition, when you use our Services, we may collect certain information automatically from your device. This information may include internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, clickstream data, landing page, and referring URL. To collect this information, a cookie may be set on your computer or device when you visit our Services. Cookies contain a small amount of information that allows our web servers to recognise you.
We store information that we collect through cookies, log files, and/or clear gifs to record your preferences. We may also automatically collect information about your use of features of our Services, about the functionality of our Services, frequency of visits, and other information related to your interactions with the Services. We may track your use across different websites and services. In some countries, including countries in the European Economic Area (“EEA”), the information referenced above in this paragraph may be considered the personal information under applicable data protection laws.
Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, this information alone cannot usually be used to identify you.
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
When you contact us using one of the contact forms available in the website, we collect the data explicitly indicated in the form (email, First Name and Last Name). This data is kept indefinitely for customer service purposes only.
If you leave a comment on our site you may opt-in to save your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Trough the chat popup available on the website pages, users can get in touch with an operator or send an offline message.
When the chat session ends, the user will be asked to evaluate the support received. After that, their data will be removed from Firebase and will be stored on the local database for verification or other purposes related to the support given via chat.
These data will be stored in the local database and will be used for support purposes or pre-sales support questions.
Who on our team has access
Members of our team have access to the information you provide us. For example, both Administrators and Chat Operators can access:
- The list of offline messages
- The list of chat logs
What we collect and store
While you visit our site, we’ll track:
- Products you’ve viewed: we’ll use this to, for example, show you products you’ve recently viewed
- Location, IP address and browser type: we’ll use this for purposes like estimating taxes and shipping
- Shipping address: we’ll ask you to enter this so we can, for instance, estimate shipping before you place an order, and send you the order!
When you purchase from us, we’ll ask you to provide information including your name, billing address, shipping address, email address, phone number, credit card/payment details and optional account information like username and password. We’ll use this information for purposes, such as, to:
- Send you information about your account and order
- Respond to your requests, including refunds and complaints
- Process payments and prevent fraud
- Set up your account for our store
- Comply with any legal obligations we have, such as calculating taxes
- Improve our store offerings
- Send you marketing messages, if you choose to receive them
If you create an account, we will store your name, address, email and phone number, which will be used to populate the checkout for future orders.
We generally store information about you for as long as we need the information for the purposes for which we collect and use it, and we are not legally required to continue to keep it. For example, we can store order information indefinitely for tax and accounting purposes. This includes your name, email address and billing and shipping addresses.
We will also store comments or reviews, if you choose to leave them.
Who on our team has access
Members of our team have access to the information you provide us. For example, both Administrators and Shop Managers can access:
- Order information like what was purchased, when it was purchased and where it should be sent, and
- Customer information like your name, email address, and billing and shipping information.
Our team members have access to this information to help fulfill orders, process refunds and support you.
What we share with others
We share information with third parties who help us provide our orders and store services to you; for example: Google Analytics, Facebook and MailChimp.
We accept payments through Stripe. When processing payments, some of your data will be passed to Stripe, including information required to process or support the payment, such as the purchase total and billing information.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
We may use your information and data to:
- Enhance or improve User experience, our Site, or our Service.
- Send e-mails about our Site or respond to enquiries.
- Send e-mails and updates about KASHKA London, including our e-mail marketing newsletter (in case we have clear consent for it). You may opt out of these emails at any time.
- Perform any other function that we believe in good faith is necessary to protect the security or proper functioning of our Site or Service.
If you do not consent to the collection, use or disclosure of your personal information as outlined in this policy, please do not provide any personal data to KASHKA London and no longer consent to its use or disclosure as outlined herein.
Access to your data
We don’t share your data with third-parties in a way as to reveal any of your personal information like email, name, etc. If you are a client with a registered account, your personal information can be accessed by us in order to provide you support and contact you back.
We do not sell, trade or otherwise transfer to outside parties any personally-identifiable information. The only exceptions to that rule are for partners we have to share limited data with in order to provide the services you expect from us.
We use Google Analytics on our site for anonymous reporting of site usage. So, no personalised data is stored. If you would like to opt-out of Google Analytics monitoring your behaviour on our site please use this link: Google Analytics Opt-out.
Facebook Pixels are used by us in order to collect data that can be use for Facebook Ads and as an additional Analytics tool to better understand our customers. Facebook provides more information about it here: https://www.facebook.com/policies/cookies/
You can disable and control what kind of information Facebook has access to by checking your Ad Preferences
Links to third party websites
KASHKA London may post links to third party websites on this Site. These third party websites are not screened for privacy or security compliance by KASHKA London, and you release us from any liability for the conduct of these third party websites.
All social media sharing links, either displayed as text links or social media icons do not connect you to any of the associated third parties, unless you explicitly click on them.
How long we retain your data
When you submit a support ticket or a comment, its metadata is retained until (if) you tell us to remove it. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data
In short, we cannot erase data that is vital to you being an active customer (i.e. basic account information like an email address).
If you wish that all of your data is erased, we will no longer be able to offer any support or other product related services to you.
Where we send your data
Visitor comments may be checked through an automated spam detection service.
How we protect your data
We use the SSL/HTTPS protocol throughout our site. This encrypts our user communications with the servers so that personal identifiable information is not captured/hijacked by third parties without authorisation.
In case of a data breach, system administrators will immediately take all needed steps to ensure system integrity, will contact affected users and will attempt to reset passwords if needed.
Address and contacts
Cardinal Point, Park Road, Rickmansworth
WD3 1RE, United Kingdom