Date: November 2023
Reviewed: Cotone Collection Ltd
At Cotone Collection (Company Registration Number Ireland: 707294) we take your data privacy very seriously and strive to comply with GDPR General Data Protection Regulation (EU) 2016/679.
On our website we ask you to provide us with certain information (Name, Telephone, Email, Address). This enables us to make contact with you to discuss our products and/or to process your online order. The information you provide is used for this purpose only and is not shared with any 3rd party.
Online orders are processed on our behalf by Stripe payments gateway. Cotone Collection does NOT retain any Credit Card or Debit Card information.
The data you provide will be transmitted via SSL encryption (Secure Sockets Layer) which is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral. SSL is an industry standard and is used by millions of websites in the protection of their online transactions with their customers.
The information is kept in a database on our server (located within the EU) provided by WP-Engine. Our hosting partners are themselves GDPR compliant.
Only our staff have access to the personal data you have provided us with. Each staff member has received one-to-one training in the correct handling of this data. Each staff member has a unique username and password to access this information. The access codes provided to our staff are complex and updated on a regular basis. We also keep automated log-in records. Finally, we have implemented robust security tools to protect our website from potential threats such as malware attacks, DDoS attacks and hacking.
Under General Data Protection Regulation (EU) 2016/679 if the personal data that you store about you has been compromised in any form we will report the breach to the DPC (Data Protection Officer) within 72 hours. We have procedures in place to detect, report and investigate a personal data breach and will comply with these and review them on a regular basis. If a data breach is likely to bring harm to the ‘individual’ (such as identity theft or breach of confidentiality) you will also be notified.
You have a right under General Data Protection Regulation (EU) 2016/679 to contact us at any time if you require assistance with the following:
- Request to access the information we are storing about you
- Correct any inaccuracies you may feel we have about your data on record/file
- Request us to delete any information that we have about you
- Opt In/Out or object to any direct marketing or contact we may make to you
To avail of any of these services please contact us at firstname.lastname@example.org.