Privacy policy
Lay of the Land Ltd
11/05/2020
Our contact details
Name: Lay of the Land LTD
Address: Lay of the Land Garden Centre, Kings Mill Lane, Settle, North Yorkshire, United Kingdom, BD24 9BS
Phone Number: 01729 824247
Email: mail@layoftheland.co.uk
The Type of Personal Information We Collect
When you visit our website: We automatically collect certain information about your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device. Additionally, as you browse the Site, we collect information about the individual web pages or products that you view, what websites or search terms referred you to the Site, and information about how you interact with the Site. We refer to this automatically-collected information as “Device Information”.
We collect Device Information using the following technologies:
- “Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org.
- “Log files” track actions occurring on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
- “Web beacons”, “tags”, and “pixels” are electronic files used to record information about how you browse the Site.
When you make an online purchase: Additionally when you make a purchase or attempt to make a purchase through the Site, we collect certain information from you, including your name, billing address, shipping address, payment information (including credit card numbers), email address, and phone number. We refer to this information as “Order Information”.
When we talk about “Personal Information” in this Privacy Policy, we are talking both about Device Information and Order Information.
When you become an account customer in-store: When you setup an account in-store, we collect information to differentiate you from other customers and so that we might contact you with regards to the status of your account, which includes: Name, Address, Email & Phone Number, we will also assign you a unique identifier.
When you make purchases, we will assign those transactions to your account, which includes the products purchased, the price paid, and how it was paid for (cash, card, cheque etc). If you pay by card we will also record a transaction identification number which identifies your transaction on our payment processors system, we do not record your credit card information ourselves, this is handled by our payment processor which is iZettle AB a subsidiary of PayPal.
When you make a purchase in-store: When you make a purchase in store without an account, we do not collect personal information directly from you. However, if you pay by card this information will be sent to our payment processor which is iZettle AB a subsidiary of PayPal. We attach a transaction identification number to your in-store receipt, we cannot connect this receipt to you, unless you provide your receipt to us.
How do we use your personal information?
We use the Order Information that we collect generally to fulfil any orders placed through the website or in store (including processing your payment information, arranging for shipping, and providing you with invoices and/or order confirmations). Additionally, we use this Order Information to:
- Communicate with you;
- Screen our orders for potential risk or fraud; and
- When in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services.
We use the Device Information that we collect to help us screen for potential risk and fraud (in particular, your IP address), and more generally to improve and optimize our Site (for example, by generating analytics about how our customers browse and interact with the Site, and to assess the success of our marketing and advertising campaigns).
Sharing your personal Information
We share your Personal Information with third parties to help us use your Personal Information, as described above.
We use Shopify to power our online store: You can read more about how Shopify uses your Personal Information here: https://www.shopify.com/legal/privacy
We use Vend to power our till and in-store account system: You can read more about how Vend uses your Personal Information here: https://www.vendhq.com/uk/privacy-policy Customer account data is shared securely to Xero our accounting software.
We use Xero to process our accounts: You can read more about how Xero uses your Personal Information here: https://www.xero.com/uk/about/legal/privacy/
We use iZettle to process payments: If you make a card purchase in-store or over the phone we use iZettle to process that payment. In store that is handled via iZettle’s payment terminal which sends your card details directly to iZettle. If you make an order over the phone, we will email you a payment link which will take you to iZettle’s website. We will be able to see some information about online transactions through their customer portal, but not card details. You can read more about how iZettle uses your Personal Information here: https://www.izettle.com/gb/privacy-policy
We use Stripe to process payments: If you are sent an invoice and choose to use the online payment option you will be provided with a link that takes you to the Stripe website. You will be asked to enter some personal details, which we will be able to see through their customer portal, such as name and email address, but we will not be able to see card details. https://stripe.com/gb/privacy
We also use Google Analytics to help us understand how our customers use our website: You can read more about how Google uses your Personal Information here: https://www.google.com/intl/en/policies/privacy/ You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout
Finally, we may also share your Personal Information to comply with applicable laws and regulations, to respond to a court summons, search warrant or other lawful request for information we receive, or to otherwise protect our rights.
Do Not Track
Please note that we do not alter our Site’s data collection and use practices when we see a Do Not Track signal from your browser.
LAWFUL BASIS
Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are:
Website newsletter: Your Consent – You may remove your consent by asking to un-subscribe via the appropriate link.
Why: You have given consent by subscribing to the newsletter, either on the homepage, or, by clicking the ‘subscribe to newsletter’ box in the checkout.
Contact Form: Legitimate Interest
Why: We have a legitimate interest in responding to your query, we will not use this information for anything else.
Cookies: Legitimate Interest
Why: We have a legitimate interest in placing cookies or similar tracking files on your machine; to enable our website to function (for example keeping track of the items you have added to your basket), and to understand how customers use our website so that we can improve it.
Personal data collected when making a purchase on our website: Legitimate Interest
Why: We have a legitimate interest in collecting some personal data for the purpose of processing transactions, including taking payments and fulfilling orders, for understanding how you use the website to determine how we can improve our service and limited PR activities.
Personal data collected to setup in-store account: Legitimate Interest
Why: We have a legitimate interest in collecting some personal data for the purpose of processing transactions, including taking payments and fulfilling orders, and limited PR activities.
Log Files: legal obligation
Why: Our service partner Shopify, who provides and hosts our ecommerce website, has a legal obligation to store log files, which may contain information about your computer, for example, IP addresses & operating system information, to allow them to monitor, debug and ensure site security.
How We Store Your Personal Data
Website Newsletter: Your email address will be stored on *Shopify’s servers. We keep this information until you unsubscribe.
Online Forms: Your message and contact information will be stored on *Shopify’s servers and sent to our email address. This information will be deleted once we have dealt with your enquiry.
Website Logs & Cookie Information: This information will be stored on *Shopify’s servers. This information is retained by Shopify in accordance with their privacy policy.
Personal data collected when making a purchase on our website: Your personal data and order details will be stored on *Shopify’s servers and will be printed out in the form of a delivery note to be included with your order. Shopify retains this information indefinitely, or until we close our store, you may request that this information is deleted, this information can only be deleted 180 days after your last order was made.
Personal data collected when setting up an in-store account: Your personal data and order details will be stored on *Vend’s servers. We will review these accounts annually and delete accounts that have been dormant for over 18 months. You may request that we delete your account, if you request that your account is deleted your personal information (name, address, email etc) will be deleted and information about your purchases (i.e. cost, date, products) anonymised and no longer identifiable.
Payment details when purchases are made: Payment information required to facilitate purchases is collected on or behalf by *Shopify, *iZettle and *Stripe, that information is stored by them in accordance with their privacy policy.
Email Correspondence, Letters, Mailing Lables etc: From time to time it may be necessary to store personally identifiable information outside these systems to produce correspondence etc. This information will be limited in scope, for example your address if we need to send a letter. We are currently transitioning from a self-hosted a self-hosted NAS drive to Microsoft 365 for this information, all computers are password protected.