This policy applies to information we collect when you choose to use this website, and also to personal information which we process further to supplying goods to our customers and receiving personal data from our suppliers.
Who we are
This website is owned by Dorothy Chitty – Natural Medium and our registered office is at Hendom Farm, Huntsham, Tiverton, Devon EX16 7NR
United Kingdom. Dorothy Chitty – Natural Medium (‘we’ or ‘us’) is a ‘data controller’ for the purposes of the General Data Protection Regulation (‘’) where we control the purposes for which we process your personal information e.g. when we take your personal information to supply you with our products. Otherwise we are the data processor. We will take all appropriate steps to ensure compliance with the GDPR and all other laws which protect your personal data (the ‘Legislation’).
If you would like to find out more about how we process your personal data, the purposes we store it for and what processes we have in place to keep your personal data secure, then please feel free to get in touch with us, or contact our data controller at firstname.lastname@example.org (See ‘How to contact us’ below.)
Our principles of data protection
Our approach to data protection is built around four key principles. They’re at the heart of everything we do relating to personal data.
Transparency: We take a human approach to how we process personal data by being open, honest and transparent. That’s why we will endeavour to provide you with the personal data that we have on you within 30 days of a request being received by our data .
Enablement: We enable connections and efficient use of personal data to empower productivity and growth. However, we do not use personal data to make automated decisions.
Security: We champion industry leading approaches to securing the personal data entrusted to us. That’s why all of your personal data is stored in a secured & restricted . Occasionally, we use third party storage providers in order to help us achieve our Security principle. Such storage providers maintain their own privacy and protection policies. If you would like to find out more about which storage providers we currently use, please contact us or our data controller email@example.com (See ‘How to contact us’ below.)
When do we collect personal data about you?
– When you are using our services.
– When you interact with us in person, through correspondence, by phone, by social media, or through our websites.
– When we collect personal information from other legitimate sources, such as third-party data aggregators, marketing partners, public sources or social networks. We only use this data if you have given your consent to them to share your personal data with others.
– We may collect personal data if it is considered to be of legitimate interest, and if this interest is not overridden by your privacy interests. Before data is collected we make sure an assessment is made, ensuring that there is an established mutual interest.
Why do we collect and use personal data?
- We collect and use personal data mainly to provide a better service to you, enabling us to provide a more tailored experience. It is important for us to get to know our clients, in order to provide a bespoke and tailored service. Your personal data is of use to us in our research, but also in crafting your perfect experience using our services. Furthermore, in order to better our service and to build a rapport with yourselves, we may contact you occasionally with marketing material. Of course, you have the choice to opt-in or opt-out of this service at any time by contacting our data controller
We may use your information for the following purposes:
- First and foremost, we use your personal data to operate our websites and provide you with any services you’ve requested, and to manage our relationship with you. We also use your personal data for other purposes, which may include the following:
- or information we are required to send to you.
- operational communications, like changes to our websites and services, security updates, or assistance with using our websites and services.
- marketing communications (about Dorothy Chitty – Natural Medium or another product or service we think you might be interested in).
- To support you: This may include assisting with the resolution of technical support issues or other issues relating to the websites or services.
- Follow up on incoming requests (customer support, emails, chats, or phone calls).
- Perform contractual obligations such as order confirmation, invoice, reminders, and similar. The contract may be with Dorothy Chitty – Natural Medium directly.
Where you have given us consent, we shall provide you with information about any new products, services, events, promotions, special offers and other information which we think will be of interest to you.
You can withdraw your consent at any time. You can update your details or change your privacy preferences at any time by contacting us using the details at the bottom of this page. (See ‘How to contact us’ below.)
Disclosures of your information
We may disclose your personal information to third parties:
- to help us fulfil your order with us if needed
- for financial transactions relating to our website and services are handled by our payment services providers. We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds. You can find information about the payment services providers’ privacy policies and practices at https://stripe.com/gb/privacy
- In the event that we sell or buy any business or assets.
- If we are acquired by a third party, in which case personal data which we hold about our customers may be one of the transferred assets.
- If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of; or to protect the rights, property, or safety of our business, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
Information we collect from you
We may collect, store and use information about your visits to the Site and about your computer, tablet, mobile or other device through which you access the Site. This includes the following information:
- technical information, including the Internet protocol (IP) address, your login information to our website, your browser type and settings, time zone setting, browser plug-in types and versions, operating system and platform, and geographical location; and information about your visits and use of the Site, including the full Uniform Resource Locators (URL), clickstream to, through and from our Site, pages you viewed and searched for, page response times, length of visits to certain pages, referral source/exit pages, page interaction information (such as scrolling, clicks and mouse-overs), and website navigation and search terms .
In order to use some services on our website, including the completion of online purchases, we will ask you for certain personal data such as your name, address, and payment details. Such personal data is deemed to be provided by you voluntarily and we do not collect such personal data automatically. We do not store such personal data on our systems, except for purposes of completing orders.
We do not collect personal data that consists of race or ethnic origin, political opinions, religious or philosophical beliefs, trade union memberships, genetic or biometric data, health or mortality, sex life or sexual orientation.
Information we collect about you from other sources
We may also collect information about you from other sources, such as commercially available sources.
We use analytics tools, Facebook Pixel and Google Adwords Conversion Tracking on our Site. These tools automatically collect information about you when you click on one of our ads displayed on Facebook or alongside a Google search and any other participating ad networks. This is called a “conversion”.
We use Facebook Pixel and Google Adwords Conversion Tracking tools to track conversions to our Site from our ads displayed on Facebook or alongside a Google search and any other participating ad networks. We use this information to direct our adverts to you and to ensure that our adverts are personalised to your interests, such as our products you have recently searched for. We also use these tools to measure the results of our ads.
The legal basis for the use of this service is Art. 6 paragraph 1 sentence 1 letter f GDPR. Users can prevent the collection of data generated by cookies by downloading and installing the browser plug-in that is available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en.
Facebook Pixels (Visitor Action pixel)
We use the “visitor action pixels” from Facebook Inc (1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are based in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”)) on our website.
This allows user behavior to be tracked after they have been redirected to the provider’s website by clicking on a Facebook ad. This enables us to measure the effectiveness of Facebook ads for statistical and market research purposes. The data collected in this way is anonymous to us, i.e. we do not see the personal data of individual users. However, this data is stored and processed by Facebook, which is why we are informing you, based on our knowledge of the situation. Facebook may link this information to your Facebook account and also use it for its own promotional purposes, in accordance with Facebook’s Data Usage Policy https://www.facebook.com/about/privacy/. You can allow Facebook and its partners to place ads on and off Facebook. A cookie may also be stored on your computer for these purposes.
The legal basis for the use of this service is Art. 6 paragraph 1 sentence 1 letter f GDPR. You can object to the collection of your data by Facebook pixel, or to the use of your data for the purpose of displaying Facebook ads by contacting the following address: https://www.facebook.com/settings?tab=ads.
Facebook is certified under the Privacy Shield Agreement and thus guarantees compliance with European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
How long we keep your data
This means that we may retain your personal data for a reasonable period of time after your last interaction with us. When the personal data that we have collected is no longer required, we will delete it in a secure manner.
What rights do you have?
The GDPR provides the following rights for individuals whose personal data is processed:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object to processing
- Rights in relation to automated decision making and profiling (We do not carry out automated decision making and profiling)
To exercise any of your rights
You can request a copy of the personal information which we hold or amend it or ask us not to use it for particular purposes by:
- emailing or writing to us (see ‘How can you contact us?’ below);
- providing us with proof of your identity (a copy of your driving licence or passport); and
- letting us know what information you want or what you want us to do.
- let us know the information that is incorrect and what it should be replaced with.
You can ask us to stop contacting you for particular purposes or remove your information completely from our records. There may be a legal reason why we need to keep your personal data and in that circumstance we will destroy your personal information as soon as we are legally entitled to do so.
Right to lodge a complaint with the Supervisory Authority
If you have any concerns or complaints about how we use your personal data we hope you will alert us to these directly (see the Contact information below). You are entitled to complain to the Information Commissioners Office (ICO) which is the supervisory authority in the UK. Their contact details and the procedure can be found at www.ico.gov.uk
How to contact us
Or write to us at
Tiverton, Devon EX16 7NR