What personal information do we collect about you and why?
Personal information means any information about an individual from which that person can be identified. We collect and process your personal information in the following ways:
Information you provide us
- If you contact us through our website or over the phone, sign up to be a new customer, purchase an item of clothing or sign up for the latest Cucumber news, we may collect, use, store and transfer the personal information that you give to us, including your first name, last name, email address, phone number, billing address, delivery address and payment card details.
- We will use this personal information only to provide you with the service you have requested from us or fulfil the contract you have made with us, for example to complete any transactions. We will contact you at the email address you have provided us with to confirm receipt of your order and then to let you know that we have dispatched the items ordered by you. If you sign up for the latest news we will send this to the email address that you provide for this purpose and you will have the right to stop receiving this news at any time.
- If you do not provide the personal information necessary, or withdraw any consent for the processing of your personal information, where this information is necessary for us to provide services to you, we will not be able to provide these services to you.
Information we collect automatically
- We will keep a record of any username and password you register and of any purchases you have made previously. We may also collect information from or through the device you use to connect to the Cucumber website. This includes, for example, technical information such as your internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access the website.
- We will use this information where necessary for our legitimate interests, such as to help improve our website and our products, to administer our website for internal operations, to ensure that content from our website is presented in the most effective manner and to facilitate keeping our website safe and secure.
How long do we keep your personal information for?
- We only retain your information for as long as is necessary for us to use your information as described above or to comply with our legal obligations. However, please be advised that we may retain some of your information after you cease to use our services, for instance if this is necessary to meet our legal obligations, such as retaining the information for tax and accounting purposes.
- When determining the relevant retention periods, we will take into account factors including our contractual obligations and rights in relation to the information involved, legal obligations under applicable law to retain data for a certain period of time and guidelines issued by relevant data protection authorities. Otherwise, we securely erase your information once this is no longer needed.
Who do we share your personal information with?
- We share your personal information with third parties who perform functions on our behalf and who also provide services to us, such as payment service providers, IT consultants carrying out testing and development work on our business technology systems and mailing houses. These third parties comply with similar and equally stringent undertakings of privacy and confidentiality.
- Our store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products to you. Your data is stored through Shopify’s data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall.
- If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted. All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers. For more insight, you may also want to read Shopify’s Terms of Service here or Privacy Statement here.
- We may share your personal information with law enforcement agencies, regulators, courts or other public authorities if we have to, or are authorised to by law.
- As we continue to develop our business, we may sell or purchase assets. If another entity acquires us or merges with us, your personal information will be disclosed to such entity.
- We do not sell your personal information to third parties.
Do we transfer your personal information outside the European Economic Area?
We do not transfer your personal data outside the European Economic Area.
What are your rights?
By law you have the following rights (subject to certain conditions) when it comes to your personal information:
- The right to rectification - you are entitled to have your information corrected if it is inaccurate or incomplete. You can request that we rectify any errors in personal information that we hold by contacting us on the details provided below.
- The right to erasure – this essentially enables you in some circumstances to request and obtain the deletion of your information where there is no compelling reason for us to keep using it.
- The right to restrict processing – you have rights to suspend further use of your information, whereby we can still store your information but cannot use it further.
- The right to data portability – you have rights in some circumstances to obtain and reuse your personal data for your own purposes across different services.
- The right to object to processing – you have the right to object to certain types of processing, including processing for direct marketing (i.e. receiving our Cucumber newsletter).
- The right to withdraw consent - if you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal data with your consent up to that point is unlawful).
- The right to lodge a complaint. You have the right to lodge a complaint about the way we process your personal data with your national data protection regulator.
Do we link to other websites?
Our website includes links to third-party websites such as Twitter, Facebook, Pinterest and Instagram. Clicking on those links may allow such third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
What are cookies and how do we use them?
A cookie is a simple text file of letters and numbers that is stored on your browser or the hard drive of your computer. Cookies contain information that is transferred to your computer's hard drive.
We use the following types of cookies:
- Strictly necessary cookies – these are cookies that are needed for the operation of our website. These include cookies that enable you to log into secure areas of our website and use shopping carts.
- Analytical / performance cookies – these cookies allow us to recognise and count the number of visitors and see how visitors utilise our website. This allows us to ensure users are able to navigate our website easily.
- Functional cookies – these cookies are used to recognise you if you return to our website. This allows us to personalise content for you on our website, greet you by name and remember preferences you have set on our website.
The individual cookies that we use are:
- _session_id, unique token, sessional, allows Shopify to store information about your session (referrer, landing page, etc)
- _shopify_visit, no data held, persistent for 30 minutes from the last visit, used by our website provider’s internal stats tracker to record the number of visits
- _shopify_uniq, no data held, expires midnight (relative to the visitor) of the next day, counts the number of visits to a store by a single customer
- cart, unique token, persistent for 2 weeks, stores information about the contents of your cart
- _secure_session_id, unique token, sessional
- storefront_digest, unique token, indefinite, if the shop has a password, this is used to determine if the current visitor has access
You may block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. If you block all cookies (including essential cookies) you might not be able to access all parts of our site.
For more information on cookies and how to manage your preferences, please see http://www.allaboutcookies.org/.
How can you contact us?
If you have any questions
email us at firstname.lastname@example.org