Privacy Policy

At Tuftbox we are committed to protecting and respecting your privacy. This Privacy Policy describes how we (Tuftbox Ltd) processes your personal information when you interact with us or our services. 

If we make any changes to the way we process your data, we’ll always update this notice. If you have any questions we’re always happy to hear from you. You can reach us by email at hello@tuftbox.co.uk.

Device Information
We collect device information automatically when you access our website. This could include information about your web browser and version, IP address, time zone, what sites or products you view, search terms and how you interact with the website. We use this data to make sure our website loads accurately for you and to perform analytics on how our website is used so that we can optimise it for everyone. 

Orders
You might share your information with us if you want to buy some craft goodies. This can include your name, address, payment information (e.g. credit card numbers), email address and phone number. We use this information: 

• To process your orders, take payments and give refunds, arrange delivery, provide invoices and order confirmations and keep you updated on your order. We do this so we can meet our contractual commitments to you.
• To screen orders for potential risks or fraud, this is important to us to keep Tuftbox running
• To keep records of any financial transactions you make with us. This helps us meet our legal obligations (and keep the tax man informed!)

Customer Service 
You might share your information with us when you contact us for help, support or updates on your orders.  We use this information to: 

• Provide you with the best possible customer service and support, which is an important part of our service and contractual commitments to you. 
• To identify you or verify your order when you contact us. This helps us to prevent fraud.

Other Interactions 
We reach out to awesome artists and crafters to ask to feature their content on our social media channels, website or other marketing channels. If you give us the thumbs up to showcase, we may share your creative content and personal info such as your social media handle. You can find out more in our terms and conditions. 

You might also share information with us by;

• posting content, comments or feedback to our website and socials
• emailing us creative suggestions, feedback or other comments
• contacting us to participate in any of our promotions or offers (such as social media giveaways or competitions). You can find out more in our terms and conditions.

If you do share any of your personal information (e.g. your email, name, social handles etc.) when contacting us, we’ll only use it to respond to you or manage your participation in any of our promotions or offers. 

Marketing communications and targeted advertising
You choose when you hear from us and we only contact you in line with the preferences you share with us. If you give us your permission or sign up to any mailing lists, we’ll provide you with information and marketing messages about our products and services. This can include: 

• Letting you know about any key changes to our services and terms and conditions 
• Updating you when an item is back in stock
• Keeping you aware of what we’re up to and any new offers or promotions
• Sharing information on our latest and best products and services
• Asking for your feedback on our products and services

You can click on the ‘unsubscribe’ link in any marketing email you receive if you don’t want to receive any messages going forward. Alternatively you can contact us anytime and we’ll update our records. Please note if you opt out, you will still receive important service communications like updates on any orders you place with us.

If you order something from us, we may email you a survey to invite you to rate and review the products you’ve purchased. If you choose to respond to us (thank you!) we use your valuable insights to improve our products and services we provide to you. 

We use your personal information to analyse how you use our services and provide you with targeted ads and marketing:

• We use Google Analytics to help us understand how you use our website. These insights into how you interact with our products and services helps us to understand how we can improve to give you the best shopping experience possible. You can read more about how Google uses your personal information here: https://www.google.com/intl/en/policies/privacy/. You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout. 
• We also use google services to personalise your experience with us and offer you relevant advertising that keeps you aware of what we’re up to and helps you to see and find our products. We share information about how you use our website, your purchase history, and your interaction with our ads on other websites. This data helps us to recommend products that we think you’ll love or services and offers that may interest you. For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page. You can manage your preferences about the ads shown to you on Google and on sites and apps that partner with google to show ads, you can modify your interests, choose whether your personal information is used to make ads more relevant to you and turn on or off certain advertising services by visiting https://www.google.com/settings/ads/anonymous.

Both of these processes rely on your cookie consent - you can find out more information in the cookies section of this policy. 

Fraud prevention and detection
We use your personal information to identify, detect and prevent fraud, against either you or against us. This is important to ensure that we meet our contractual commitments to you, fulfil our other legal obligations and protect our business interests.

We share your personal information with following companies and categories of third parties:

• We use Shopify to power our online store. You can read more about how Shopify uses your Personal Information here: https://www.shopify.com/legal/privacy/customers.
• We work with companies that help us fulfil our contracts with you, such as payment service providers (e.g. Shopify Payments) and various delivery companies to get your purchases to you. 
• We work with professional service providers such as analytics and advertising partners (e.g. Google). 

We may also share your personal information to; comply with applicable laws and regulations, meet our legal obligations, enforce our agreements, tackle fraud or to otherwise protect our rights. This could include sharing your information with credit reference agencies, law enforcement and fraud prevention agencies.

Our online store is powered by Shopify Inc. Shopify is a Canadian company that processes data about individuals all over the globe. For customers located in the European Economic Area (EEA), UK or Switzerland using a shopify store like ours, personal information is initially processed in Ireland by Shopify’s Irish affiliate, Shopify International Ltd. Data is then transferred outside of Europe for storage and further processing, including to Canada and the United States, these data transfers are done in accordance with applicable laws. You can find out more about how Shopify handles your data here: https://www.shopify.com/legal/privacy. 

We may process data about our customers and their purchases outside of the Shopify platform, before we do so we’ll make sure that the information does not identify you, such as by aggregating it, anonymising it or removing any personal identifiers from it.

We’ll hold onto your information for as long as you continue to be our customer or as needed for the functions outlined in this policy. You can ask us to delete your data anytime (please see the ‘your rights’ section for more details) however we have a legal requirement to keep some of your personal data even after you have asked us to delete it. We only keep what we need to meet our legal or regulatory obligations, resolve disputes, prevent fraud and enforce our terms and conditions or other legal agreements.

Our data processor Shopify works tirelessly to protect your information and to ensure the security and integrity of their platform. They use strict procedures, advanced security features and have independent auditors assess their security. No method of transmission over the internet, or method of electronic storage, is however 100% secure. This means we cannot guarantee the absolute security of your personal information. You can find out more about Shopify’s security measures at https://www.shopify.com/security.

If we have given you (or you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential and secure. 

Our website contains third party links which we may use to guide you to information or services that we think might be useful to you. If you follow a link to any of these websites, they will have their own data security and privacy measures. We cannot guarantee the security of these sites or how they might use your data and you should only click through at your own risk. We recommend you take measures to protect your devices and data and carefully read the privacy notices of any websites you visit so you understand how they might collect and process your data.

Automated decision-making is when computers use rules, algorithms or data to make decisions about you without any human involvement. Our data processor Shopify uses limited automated decision-making to prevent fraud and improve their services, examples include:

• temporary lists of IP addresses associated with repeated failed transactions - this list lasts for a small number of hours
• temporary lists of credit cards associated with the above - this list last for a small number of days

Any Shopify services involving automated decision-making either still have a human involved in the process (so are not fully automated) or use machine learning in ways that don’t have any legal (or other similarly significant) effects on you or us.

You have a lot of rights relating to your personal information, these are:

• The right to be informed about how your personal information is being used
• The right to access the personal information we hold about you
• The right to have any inaccuracies corrected in the personal information we hold about you
• The right to have personal data held about you deleted
• The right to stop direct marketing messages
• The right to withdraw your consent to our processing of your personal data at any time 
• The right to request that we transfer or port your personal data to you or another service provider
• The right to restrict our processing of your personal data
• The right to ask us to explain or stop any automatic-decision making
• The right to complain to your data protection regulator — in the UK, the Information Commissioner’s Office (ICO)

You can exercise any of your rights outlined above by emailing us at help@tuftbox.co.uk.

Cookies are data files which can hold a small amount of info, they are stored on your computer or smartphone when you first visit a website. Cookies make your browsing experience better by allowing the website to remember your actions and preferences. Cookies can also provide information on how you use a website, for instance whether you are visiting for the first time or if you visit a site frequently.  

We use cookies that are essential to making our website work properly, they allow you to navigate our site and use our features like adding items to your shopping cart. We also use cookies that help us to analyse how people use our site and we use these insights to improve the functionality of our website and your experience when using it. Our online store is hosted on Shopify Inc. They provide us with the online e-commerce platform that enables us to offer our products and services to you. You can find out more about the essential and analytical cookies we use by reading Shopify’s Cookie Policy. The policy contains details of individual cookies, what they are used for and how long that cookie remains on a computer or mobile device. 

When you visit our store you’ll see a banner that asks for your consent to use cookies. If you click decline or don’t respond to the banner, only cookies that are strictly necessary to the functionality of the website will be allowed. You can also choose whether or not to accept cookies through the controls on your web browser, try looking in your browser’s ‘tools’ or ‘preferences’ menus. You can find out more about cookies including how to block, manage and filter them by visiting www.allaboutcookies.org. If you choose to block some cookies this may negatively impact your experience with our website and parts of our website and services may no longer be fully accessible to you.

If you have any questions about this policy, want to exercise any of your rights or want to make a complaint please contact us by email at help@tuftbox.co.uk.