PRIVACY POLICY FOR ELLIS HARPER LIMITED

This Privacy Policy describes how your personal information is collected, used, and shared when you visit or make a purchase from elinorsophia.com (the “Site”). Ellis Harper® Limited (“Ellis Harper®”, “we”, “our” or “us”) is committed to protecting and respecting your privacy.

DEFINITIONS
Personal Data - Data about a living individual who can be identified from those data or from those and other information either in our possession or likely to come in our possession
Service - the www.elinorsophia.com website
Usage data - is generated automatically either from the use of the Service or from the Service infrastructure itself
Cookies - small pieces of data stored on your device (computer or mobile device)

1. WHO WE ARE

Ellis Harper® Limited, principal place of business Ellis Harper® Limited, Augustine, Romsey Road, Cadnam, Hampshire, SO40 2NN, United Kingdom

2. PERSONAL INFORMATION WE COLLECT

When you visit the Site, we automatically collect certain information about your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device. Additionally, as you browse the Site, we collect information about the individual web pages or products that you view, what websites or search terms referred you to the Site, and information about how you interact with the Site. We refer to this automatically-collected information as “Device Information”.
We may employ third party companies and individuals to facilitate our Service (‘Service Providers’) to provide the Service on our behalf to perform Service-related services or to assist us in analysing how our Service used. These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

Our online shop is hosted on Squarespace Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you. For more insight, you may also want to read Squarespace’s Terms of Service here : https://www.squarespace.com/terms-of-service or Privacy Statement here: https://www.squarespace.com/privacy
We also use MailChimp to provide the very best service to you. Their cookie policy and privacy policy can be found here: https://mailchimp.com/legal/privacy/
We also use ActiveCampaign to provide the very best service to you. Their cookie policy can be found here: https://www.activecampaign.com/cookie-policy and their privacy policy can be found here: https://www.activecampaign.com/privacy-policy
We also use Facebook for social media advertising and their facebook pixel option as well as google analytics for tracking results from our adverts their cookie policies can be found here: https://www.facebook.com/policies/cookies/ & https://www.google.com/intl/en/policies/privacy/.

We collect Device Information using the following technologies:
- “Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org. Squarespace's Cookie Policy can be found here: https://www.squarespace.com/cookie-policy
- “Log files” track actions occurring on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
- “Web beacons”, “tags”, and “pixels” are electronic files used to record information about how you browse the Site.
We collect several different types of information for various purposes to provide and improve our Service to you.

USAGE DATA
We may also collect information regarding how the Service is accessed and used (‘Usage Data’). This Usage Data may include information such as your computer’s internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

TRACKING AND COOKIES DATA
We use cookies and similar tracking technologies to track the activity on our service and hold certain information. Cookies are files with small amounts of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags and scripts to collect and track information and to improve and analyse our Service.
You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

Examples of Cookies we use:
Session Cookies - We use session cookies to operate our service
Preference Cookies - we use preference cookies to remember your preferences and various settings.
Security cookies - we use Security Cookies for security purposes.
While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you (‘Personal Data’). Personally identifiable information may include, but is not limited to:
Email address
First name and last name
Phone number
Address, State, Province, ZIP/Postal Code, City

COOKIES AND USAGE DATA
We may use your Personal data to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in any e-mail we send or by contacting us by e-mail at customersupport@ellisharper.style

Security of Data:
The security of your data is important to us but remember that no method of transmission over the Internet, or method of electronic storage, is 100% secure. While we strive to use commercially acceptable methods to protect your personal data, we cannot guarantee its absolute security.

3. WHEN YOU MAKE A PURCHASE

Additionally, when you make a purchase or attempt to make a purchase through the Site, we collect certain information from you, including your name, billing address, shipping address, payment information (including credit card numbers, email address, and phone number. We refer to this information as “Order Information”. See also Section 6 - ‘Squarespace’.

We also use MailChimp to provide the very best service to you. Their cookie policy and privacy policy can be found here: https://mailchimp.com/legal/privacy/
We also use ActiveCampaign to provide the very best service to you. Their cookie policy can be found here: https://www.activecampaign.com/cookie-policy and their privacy policy can be found here: https://www.activecampaign.com/privacy-policy

When we talk about “Personal Information” in this Privacy Policy, we are talking both about Device Information and Order Information.

4. HOW DO WE USE YOUR INFORMATION?

We use the collected data for various purposes:
To provide and maintain our service
To notify you about changes to our service
To allow you to participate in interactive features of our Service when you choose to do so
To provide customer support
To gather analysis or valuable information so that we can improve our Service
To monitor the usage of our Service
To detect, prevent and address technical issues
To provide you with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless you have opted not to receive such information.
Legal basis for processing personal data under General Data Protection Regulation (GDPR)
If you are from the European Economic Area (EEA), Ellis Harper® Limited’s legal basis for collecting and using the personal information described in this Privacy Policy depends on the Personal Data we collect and the specific context in which we collect it.
Ellis Harper® Limited may process your Personal Data because: -
We need to perform a contract with you
You have given us permission to do so
The processing is in our legitimate interest and it’s not overridden by your rights
For payment processing purposes
To comply with the law
We use the Order Information that we collect generally to fulfil any orders placed through the Site (including processing your payment information, arranging for shipping, and providing you with invoices and/or order confirmations). Additionally, we use this Order Information to:
- Communicate with you;
- Screen our orders for potential risk or fraud; and
- When in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services.
We use the Device Information that we collect to help us screen for potential risk and fraud (in particular, your IP address), and more generally to improve and optimize our Site (for example, by generating analytics about how our customers browse and interact with the Site, and to assess the success of our marketing and advertising campaigns). See also Section 6 - ‘Squarespace’.

We also use MailChimp to provide the very best service to you. Their cookie policy and privacy policy can be found here: https://mailchimp.com/legal/privacy/
We also use ActiveCampaign to provide the very best service to you. Their cookie policy can be found here: https://www.activecampaign.com/cookie-policy and their privacy policy can be found here: https://www.activecampaign.com/privacy-policy

5. SHARING YOUR INFORMATION

We share your Personal Information with third parties to help us use your Personal Information, as described above. For example, we use Squarespace to power our online store--you can read more about how Squarespace uses your Personal Information here: https://www.squarespace.com/privacy. We also use Google Analytics to help us understand how our customers use the Site -- you can read more about how Google uses your Personal Information here: https://www.google.com/intl/en/policies/privacy/. You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.

In general, the third party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us. However, certain third party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase related transactions. Once you leave our store’s website or are redirected to a third party website or application, you are no longer governed by this privacy policy or our website’s policies.
Our site, and social media pages may contain links to other websites run by other organisations which we do not control. This policy does not apply to those other websites so we encourage you to read their privacy policies. We specifically disclaim responsibility for their content, privacy practices and terms of use, and we make no endorsements, representations or promises about their accuracy, content or thoroughness. Your disclosure of personal information to third party websites is at your own risk.

6. SQUARESPACE

Our online shop is hosted on Squarespace Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you.
Your data is stored through Squarespace’s data storage, databases and the general Squarespace application. They store your data on a secure server behind a firewall.

When you buy something through our website Squarespace uses your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.

We will not store or collect your payment card details. That information is provided directly to our third-party payment processors whose use of your personal information is governed by their Privacy Policy. These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council.

All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.

PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.

For more insight, you may also want to read Squarespace’s Terms of Service here: https://www.squarespace.com/terms-of-service or Privacy Statement here: https://www.squarespace.com/privacy

7. BEHAVIOURAL ADVERTISING

We may use third party Service Providers to monitor and analyse the use of our Service e.g.
Google Analytics - this is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google Services. Google may use the collected data to contextualise and personalise that ads of its own advertising network. You can opt-out of having made your activity on the Service available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js and dc.js) from sharing information with Google Analytics abut visits activity. For more information on the privacy practices of Google, please visit the Google Privacy and Terms web page: https://policies.google.com/privacy?hl=en
Google Adwords -Google AdWords - Google AdWords remarketing services is provided by Google Inc. You can opt out of Google Analytics for Display Advertising and customise the Google Display Network ads by visiting the Google Ads Settings page: http://www.google.com/settings/ads
Google also recommends installing the Google Analytics Opt-out browser Add-on - https://tools.google.com/dlpage/gaoptout? - for your web browser. Google Analytics Opt-out browser Add-on provides visitor with the ability to prevent their data from being collected and use by Google Analytics.
For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy?hl=en
Facebook
Facebook remarketing service is provided by Facebook Inc.
You can learn more about interest-based advertising from Facebook by visiting the page: https://www.facebook.com/help/164968693837950
To opt-out from Facebook’s interest-based ads follow these instructions from Facebook: https://www.facebook.com/help/568137493302217
Facebook adheres to the Self-Regulatory for Online Behavioural Advertising established by the Digital Advertising Alliance. You can also opt-out from Facebook and other participating companies through the Digital Advertising Alliance in the USA http://www.aboutads.info/choices/, the Digital Advertising Alliance of Canada in Canada http://youradchoices.ca/ or the European Interactive Digital Advertising Alliance in Europe http://www.youronlinechoices.eu/ or opt-out using your mobile device settings.
For more information on the privacy practices of Facebook, please visit the Facebook’s Data Policy: https://www.facebook.com/privacy/explanation and also their cookie policy here to understand how they use the data https://www.facebook.com/policies/cookies/
As described above, we use your Personal Information to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.
You can opt out of targeted advertising by using the links below:
- Facebook: https://www.facebook.com/settings/?tab=ads
- Google: https://www.google.com/settings/ads/anonymous
- Bing: https://advertise.bingads.microsoft.com/en-us/resources/policies/personalized-ads
Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at: http://optout.aboutads.info/. With your permission we may send you emails about our online store, new products and other updates including our newsletter. You can unsubscribe from our newsletter by clicking on the unsubscribe link or emailing us at: customersupport@ellisharper.style

8. DO NOT TRACK

Please note that we do not alter our Site’s data collection and use practices when we see a Do Not Track signal from your browser.

9. CONSENT

When you provide us with personal information to complete a transaction, verify your credit card, place an order, arrange for a delivery or return a purchase, we imply that you consent to our collecting it and using it for that specific reason only (‘Legitimate Interests’).

To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed. If you provide us with your credit card information, the information is encrypted using Secure Socket Layer technology (SSL) and stored with a 256-bit SSL encryption. Although no method of transmission over the internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.

If we ask for your personal information for a secondary reason, like marketing, we will always ask you directly for your expressed consent (no pre-ticked opt-in boxes).
If after you opt-in, you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at anytime, by contacting us at customersupport@ellisharper.style or clicking ‘unsubscribe’ at the bottom of one of our emails.

We may disclose your personal information if we are required by law to do so or if you violate our terms of service.

10. YOUR RIGHTS

If you are a resident of the European Economic Area (EAA) you have certain data protection rights. You have the right to access personal information we hold about you and to ask that your personal information be corrected, updated, or deleted. If you would like to exercise this right, please contact us through the contact information below or email us at customersupport@ellisharper.style

Additionally, if you are a European resident we note that we are processing your information in order to fulfil contracts we might have with you (for example if you make an order through the Site), or otherwise to pursue our legitimate business interests listed above. Additionally, please note that your information will be transferred outside of Europe, including to Canada and the United States.

Below, we have summarised the rights that you have under data protection law (General Data Protection Regulations in force from 25th May 2018). Some of the rights are complex, and not all of the details have been included in our summaries. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights. Ellis Harper® Limited respects the 6 principles of GDPR - namely lawfulness, fairness and transparency, purpose limitation, data minimisation, accuracy and storage limitation, integrity, confidentiality and accountability and we work at all times within these principles.

Your principal rights under data protection law are:
(a) the right to access;
(b) the right to rectification;
(c) the right to erasure;
(d) the right to restrict processing;
(e) the right to object to processing;
(f) the right to data portability;
(g) the right to complain to a supervisory authority; and
(h) the right to withdraw consent.

You have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee. Data will be provided within 1 month, unless it is going to take longer, in which case we will write to you within one month explaining the reasons why - the time can be extended up to 3 months, but only for very good reason.

You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed.

In some circumstances you have the right to the erasure of your personal data without undue delay. Those circumstances include: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent to consent-based processing; you object to the processing under certain rules of applicable data protection law; the processing is for direct marketing purposes; and the personal data have been unlawfully processed. However, there are exclusions of the right to erasure. The general exclusions include where processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for the establishment, exercise or defence of legal claims.

In some circumstances you have the right to restrict the processing of your personal data. Those circumstances are: you contest the accuracy of the personal data; processing is unlawful but you oppose erasure; we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defence of legal claims; and you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your personal data. However, we will only otherwise process it: with your consent; for the establishment, exercise or defence of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest.

You have the right to object to our processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is a) the processing is necessary for the performance of a task carried out in the public interest or in the exercise of any official authority vested in us; or b) the purposes of the legitimate interests pursued by us or by a third party. If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.

You have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal data for this purpose.
You have the right to object to our processing of your personal data for scientific or historical research purposes or statistical purposes on grounds relating to your particular situation, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

To the extent that the legal basis for our processing of your personal data is:
(a) consent; or
(b) that the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract, and such processing is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.
To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal. You have the right to complain to a Data Protection Authority about our collection and use of your Personal Data. For more information please contact your local data protection authority in the EEA.

You may exercise any of your rights in relation to your personal data by written notice to us at customersupport@ellisharper.style

11. DATA RETENTION

We will not hold your personal information in an identifiable format for any longer than is necessary for the purposes for which we collected it. For certain purposes we retain your personal information indefinitely (e.g. to supress marketing messages). We will retain and use your personal data to the extent necessary to comply with our legal obligations (e.g. If we are required to retain your data to comply with applicable laws), resolve disputes and enforce our legal agreements and policies. Ellis Harper® will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, expect when this data is used to strengthen the security or to improve the functionality of our service or we are legally obligated to retain this data for longer time periods.

When you place an order through the Site, we will maintain your Order Information for our records unless and until you ask us to delete this information, if you would like us to delete this information please email us at customersupport@ellisharper.style

12. CHANGES

We may update this privacy policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal or regulatory reasons.

13. AGE RESTRICTIONS

Our service does not address anyone under the age of 18 ‘Children’.
We do not knowingly collect personal identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information immediately.

14. CONTACT US

For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e-mail at customersupport@ellisharper.style.