Help - Privacy, Security & GDPR


Privacy Policy

We want to be completely open and transparent with you about how your data is used and give you control over what we do with it. We are compliant with the UK General Data Protection Regulation which has succeeded the original GDPR.


Our principles

-    Your information belongs to you, so you have control over it and you should be comfortable with everything that we do with your information.

-    We will be clear and open about the information we collect, why we collect it, and how it is used.

-    We will only collect, keep use and share your information for genuine business purposes which you have not objected to or where we are legally required to do so.

-    Security of data is highly important to us, we take all appropriate steps to ensure your data is safe with us and regularly review policies and practices.  

On the My Preferences page you can check which services you are opted in to and change whenever you like.

 

How we contact you

Email

If you are a customer or if you have opted into receiving emails from us, you will receive updates on new products and offers from Ethical Superstore. We do not pass on your address to other organisations apart from Mailchimp for the purpose of marketing. Mailchimp are our email service provider that processes the sending of our emails. Mailchimp are one of the leading providers used by many businesses in the UK, you can read more about Mailchimp’s security practices here.  Mailchimp are a USA-based operation – our transfer of data is covered by an appropriate safeguard, and validated by a risk assessment due to the limited personal data involved and the adequacy of Mailchimp’s security processes.

We may pass on your email to DPD, Evri or Royal Mail for delivery notification updates. These are service emails necessary for the delivery of your order and will not contain any marketing.

You can opt out of email marketing at any time, either through your My Preferences page, by simply clicking on the ‘Unsubscribe’ link which is at the bottom of all of our marketing emails or by contacting our Customer Care team. (Please note this might take a few days for all our systems to update). If you choose to opt out of marketing emails you will still receive order notification and delivery updates which are necessary for the delivery of your order as well as updates from DPD, Evri or Royal Mail but these emails will not contain any marketing.

Post

You can opt out of receiving catalogues by post by going to the My Preferences page and changing your preferences there or alternatively you can contact our Customer Care team. Please be aware that due to the long timescales involved with printing and packing catalogues you may still receive a catalogue if that process has already begun when we receive your request to opt out.

For the purpose of printing and delivering catalogues, address data is sent to our printing house Pure Print Group and Whistl who manage the delivery and shipping of catalogues. We also share the data with Basedata for the purpose of suppression, address cleaning, and de-duplication so we don’t send multiple catalogues to the same recipients. 

Telephone

We may from time to time wish to contact a small number of customers to conduct surveys or gather feedback on our products or services. You can opt out of this at any time on the My Preferences page or by contacting our Customer Care Team.

Please note if you have opted out of this we may still contact you to assist with the processing of your order, for example if there is a problem with delivery. 

Recommendations

We have a huge range of products covering many categories so it is important that we show you the products that you are more interested in. This is why we have developed a recommendations system which will show product recommendations based on a number of factors such as previous purchases, what other customers bought, and what products are popular right now. The data used for this is not shared with any other organisations. These recommendations will appear on Ethical Superstore and within our promotional emails.

Adverts can also be displayed on third party websites for Ethical Superstore, these may show products you have viewed on our site.

To opt out of receiving product recommendations please visit the My Preferences page.

Third Party Communications

We work with Epsilon Abacus (registered as Epsilon International UK Ltd), a company that manages the Abacus Alliance on behalf of UK retailers and charities. The participating retailers are active in the clothing, collectables, food & wine, gardening, gadgets & entertainment, health & beauty, household goods, and home interiors and travel categories. They share information on what their customers buy. Epsilon Abacus analyses this pooled information to understand consumer's wider buying patterns. From this information, retailers can tailor their communications, sending people suitable offers that should be of interest to them, based on what they like to buy.

Your contact details will not be made available for third-party communications unless you opt in to this on the My Preferences page or our Create an Account page,  but if you would prefer us not to share your data with the Epsilon Abacus Alliance at all please contact us.

 

What information we store about you and why

Personal details

If you are a customer we store your personal details such as your name, email, phone number and postal address details for the legal purpose of fulfilling our Contract to process your order. We also use your email address to send you our latest offers and your postal address to send you our catalogues on the Legitimate Interest grounds of marketing our business and products. If you choose to opt out of either of these we will honour this request, but may still hold some of your details where this is required for either Contractual purposes or under a Legal Obligation.  You can update your information and preferences at any time on the My Preferences page. 

In addition if you have chosen to opt in to receiving email or postal communications from us, either on our website or elsewhere such as during a competition entry, we hold the personal details you provide on a Consent basis until you contact us to withdraw that consent.

Where we receive pooled data from the Epsilon Abacus Alliance we process this for the single postal despatch of our catalogue on the Legitimate Interest grounds of marketing our business and products and do not retain personal data after that. 

Order history and communications

We keep a record of your previous orders and other requests. This data is held under a Legal Obligation for accounting purposes, and also to help with any queries you have on your previous purchases or deliveries.

Survey information

We occasionally run voluntary customer surveys to get your opinions and find out how we can provide you with a better service and better products. We keep the information collected from here on a Legitimate Interest basis for future reference and analysis. We use SurveyMonkey to conduct our surveys, and SurveyMonkey will store the information you enter in the survey so we can access this to evaluate the survey responses. SurveyMonkey will not pass your information on to third parties. SurveyMonkey Privacy Policy. 

IP Address

Your IP address is an identifying number for the device you are using to connect to the internet. We store IP addresses of customers and visitors. We use this information to analyse market trends, gather broad demographic information, and to prevent abuse of our services.  We record activity on our site so we can provide you with relevant product suggestions. If you’d rather we didn’t you can opt out of this on the My Preferences page.

Cookies

Cookies are small pieces of information in the form of text files that are sent to your browser from our web server and are stored on your computer. Some cookies are essential to using the Ethical Superstore website.

There are three different categories these cookies are split into:

Essential to site function cookies – these cookies allow you to browse the site, search for products and add items to the basket.
Helpful, non-intrusive cookies – these help improve your experience on the site, for example by recognising your location therefore displaying appropriate delivery options in a banner, and reminding you of your recently viewed items.
Third party cookies – to help us record customer experience and to allow us to test new services, to help us improve the customer journey on the website.  You can read about these below.
  

Site Analytics and Tracking Cookies

Affiliate Window

Affiliate Window are an affiliate network. Affiliates display advertising for companies and are rewarded when customers visit or shop on the advertiser's website. Our order confirmation page notifies Affiliate Window of transactions so that they can determine whether the order should be credited to a particular affiliate. No personally identifiable information is stored in the cookie. Affiliate Window have their own privacy policy.

Google Analytics

We analyse the performance of our website and improve customer experience using Google Analytics. You can read more about Google Analytics in their Privacy Policy

Google Ads

We advertise the products we sell through Google Ads (previously called Google Adwords). Sales through our site are recorded by Google Ads so we can track the performance of our adverts. As part of this we use remarketing to show adverts on 3rd party websites for products we think you will like based on your purchases and the products you have viewed on our site. You can opt out of this by visiting Google’s Ads Settings page.

Microsoft Advertising

We advertise products we sell through Microsoft Advertising. Sales through our site are recorded by Microsoft Advertising so we can track the performance of our adverts. Microsoft Advertising privacy policy.

 

Who we share your data with

Email

Mailchimp are our Email Service Provider, this is the system we use to send our weekly newsletters. For this we must share customer email addresses with Mailchimp to process the emails. Addresses in Mailchimp remain within the Ethical Superstore account and are not shared with any third parties. Mailchimp are one of the leading providers used by many businesses in the UK, you can read more about Mailchimp’s security practices here.  Mailchimp are a USA-based operation – our transfer of data is covered by an appropriate safeguard, and validated by a risk assessment due to the limited personal data involved and the adequacy of Mailchimp’s security processes.

Delivery and order processing

To process your order we must pass on your details to Whistl Fulfilment (Gateshead) Ltd (our parent company) who manage our warehouse and ship orders. This will include your name, address, phone number, email and order details, you will only be contacted by Whistl Fulfilment (Gateshead) Ltd in relation to your order.

We use a number of courier services to get your order safely out to you. In order for this to be done we must supply these couriers with your name, address and telephone number and email address so they can complete the delivery and contact you if there are any problems with the delivery. This data will then be processed according to their own policies.

We currently use these courier services:

DPD - DPD Privacy Notice

Evri - Evri Privacy Policy

Royal Mail - Royal Mail Privacy Notice

Some of the products on our site are sent on a ‘dropship’ basis , this means that they are sent out directly by the manufacturer rather than from our warehouse. If you order a product your delivery information will be passed on to the supplier so your order can be processed. These businesses do not own your data and should only contact you regarding your order.

 

Payment Processing

When we process orders a fraud review is automatically conducted.

If you choose to pay by card our payment provider Opayo will process the payment. For the purpose of processing the payment securely your name, address and order details are passed on to Opayo. When ordering with your credit or debit card we do not see or store your full card details, these are processed by Opayo.

If you choose to pay with PayPal you will pass details directly to PayPal. PayPal will confirm with us when the payment is completed through their systems. We do not see or store your bank or card details at any point in this process.

 

Verified by Visa

Ethical Superstore is participating in Verified by Visa and MasterCard SecureCode for added online payment security. These services are offered by Visa and MasterCard, in association with the bank that has issued your credit or debit card. It is aimed at protecting your details when shopping online by ensuring your card is not being used by someone else and is becoming a standard across all shopping websites.

If the credit or debit card you're using to pay for your order qualifies for one of these services (not all cards do), you will be taken to a page hosted by your card issuer. This is a completely secure process. The information you provide is completely private, will only be visible to you and your card issuer, and would never be shared with other parties.

If you haven't registered before and your card qualifies, you will need to follow the on-screen instructions to register securely and create a password for your card. This is not the same as the PIN number you use for your regular shopping. It's an online shopping code that you'll be able to use to identify yourself and your card when shopping online on Ethicalsuperstore.com or any other participating websites. It's the online equivalent of chip and pin which is used on the High Street. Once registered, you will be taken back to Ethicalsuperstore.com to confirm your order. If you're unsure about this new service, you may be able to complete your order without registering but we recommend that you contact your card issuer to find out more about the service, as they will eventually require you to register to continue shopping online.

If you have already registered, you will be required to use your password on future online transactions.

If you would like to learn more about these services or have any difficulty with the process, please contact your card issuer who should be able to assist you, as Ethicalsuperstore.com are unfortunately not able to help. Alternatively, you can always place your order by calling our Customer Service team.

 

Reviews

To help us monitor how good our service and products are, you may be asked for a review after you have made a purchase on our site.  Only if you agree to this, we will then pass on your email address, name and products purchased to eKomi (eKomi Privacy Policy) who will process your review on our behalf in our Legitimate Interest of monitoring our service and products.  Your review will be available to view on the eKomi website, and may also be published on ours. In this case, your first name and last initial will be displayed.  If you would like not to be asked to review your purchase please contact us.

After you have completed a purchase you may see a notification from Google asking if you would like Google to send an email with a survey after your order is complete. If you agree to this your email address will be passed on to Google so they can contact you to conduct the survey. If you do not want your information passed to Google select 'No' on the notification.

 

Competitions

We regularly run competitions on our website and on social media. We use Woobox to administer and collect entries to our competitions, where you can also choose to opt in to receive marketing from us if you wish. Your data is not used by Woobox in any way other than to record these details. Woobox privacy policy.  Woobox are a USA-based operation – our transfer of data is covered by an appropriate safeguard, and validated by a risk assessment due to the voluntary and limited nature of the data processed.

 

Postcode Anywhere

We use a service called Postcode Anywhere (administered by GB Group PLC) to make it easier to enter your address details. This enables you to enter your postcode and select the address from the drop down list this provides. Postcode data is sent to Postcode Anywhere so that they can provide a list of addresses for you to choose from. No personal data is processed in the use of this service. 

 

Catalogues 

The production of our catalogues requires us to send data to a number of organisations to facilitate this. If you would prefer not to receive a catalogue from us you can opt out of this on the My Preferences page.

Mailing house and printers – address data must be provided to the mailing house and printers. This data is only used for the production of the catalogues. Our printers Pure Print Group will receive name and address details from us in order to print addresses onto catalogues. This data is also passed on to Whistl who are responsible for the mailing of the catalogues, for the management of this they data will be passed on to them, this data is only used for the purposes of the fulfilment and delivery of the catalogues.

Data cleaning – before we print catalogues we must ensure our data is as accurate as possible. For this we use Basedata who are one of the leading data cleaning and management companies in the UK.  Find out more about Basedata .


Epsilon Abacus 

We work with Epsilon Abacus (registered as Epsilon International UK Ltd), a company that manages the Abacus Alliance on behalf of UK retailers. The participating retailers are active in the clothing, collectables, food & wine, gardening, gadgets & entertainment, health & beauty, household goods, and home interiors categories. They share information on what their customers buy. Epsilon Abacus analyses this pooled information to understand consumer's wider buying patterns. From this information, retailers can tailor their communications, sending people suitable offers that should be of interest to them, based on what they like to buy.  Find out more about The Abacus Alliance.

Your contact details will not be made available for third-party communications unless you opt in to this on the My Preferences page.

 

How long we keep your information for

If you are a customer we will keep your information as long as your account is active or as needed to provide our services to you.

We have a Legal Obligation to retain order information for 7 years after processing, even in the event of you closing your account.

If you have otherwise consented to receive communications from us, we will retain your contact details until you withdraw your consent to our processing, or else for at most 2 years after our last communication.

 

Your rights as a data subject

Data subjects have certain legal rights with which we are fully compliant, namely:

 

1. The right to be informed. We tell you how we use and store your data in this Privacy Policy.
 
2. The right of access. You have the right to access any record we have of your personal data to verify that we are using it lawfully. Should you wish to do so, you can submit a Subject Access Request to us. Please be aware that in some circumstances it may be necessary for you to provide us with more information so we can correctly confirm your identity.
 
3. The right to rectification. You should tell us if we hold any inaccurate or outdated information about you, and we undertake to correct it accordingly.
 
4. The right to erasure. You can request us to delete any personal data we hold about you by contacting us, and we will do so except where we are under a legal obligation to retain it.
 
5. The right to restrict processing. As this policy outlines, we only use your data in limited ways. If, however you would like us to keep your data but change the ways in which we use it, you can contact us to request this.
 
6. The right to data portability. If you wish us to provide you or another company with a copy of the data we hold about you, you have the right to request that we do so.
 
7. The right to object. Similar to some of the above rights, you have the right to object to certain usages of your data on grounds relating to your particular situation or if you dispute our Legitimate Interests as stated above. You also have an absolute right to refuse all direct marketing from us. Again, you should contact us should you wish to do so.
 
8. Rights in relation to automated decision making and profiling. We specify above the limited level of profiling we operate, being only an analysis of your activity on our website. If you object to this, please contact us.
 
9. The right to complain to a supervisory authority. If you are unhappy with how we are processing your data, you can lodge a complaint to the Information Commissioner’s Office (ico.org.uk).
 
In any case listed above where you are required to contact us, or with any other queries about our use and storage of your data, please contact us using the below details.  We will respond to any request in a prompt manner, without any undue delay and within one month of receipt.
 
-    Write to us at Spark Etail, Follingsby Avenue, Follingsby Park, Gateshead, NE10 8HQ
-    Contact our customer services team via email enquiries@ethicalsuperstore.com or by phone on 0333 400 0464

-    Contact our parent company Whistl UK’s Data Protection Officer via email gdpr@whistl.co.uk

 

 

We will not sell your information

We do not sell data.  At no point will we sell your personally identifiable information – including your name, address, e-mail address, or credit card information - to any third party.  

 

Security

For orders through the Shop, we work to protect the security of your payment information during transmission by using Secure Sockets Layer (SSL) software, which encrypts information you input.

This Site uses reasonable security methods to protect the personal data (e.g. contact details) that resides on our servers. However, no security system is impenetrable. Ethicalsuperstore.com cannot warrant or guarantee the security of its or its partners' servers, nor can it guarantee that information that Shop Users supply will not be intercepted while being transmitted to Ethicalsuperstore.com or its partners over the Internet.

When you register to purchase products on the Shop, you will be asked provide your email and password. You must keep your passwords confidential and must not disclose it to or share it with anyone. You are responsible for all activities that occur under your login details for the Shop. If you know or suspect that someone else knows your password, notify us immediately at enquiries@ethicalsuperstore.com.

Spark Etail Ltd are registered with the ICO, registration number Z2703572.

Privacy Policy updated: 17/02/2023