This Privacy Notice aims to give you information on how we collect and process your personal data using this website, including any data you may provide through this website when you purchase a product or otherwise interact with us.
This website is not intended for children and we do not knowingly collect data relating to children.
It is important that you read this Privacy Notice together with any other Privacy Notice or Fair Processing Notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are truly aware of how and why we are using your data. This Privacy Notice supplements the other notices and is not intended to override them.
Who we are
Moondance Cafes and Gift Shops are private companies in Somerset.
This Privacy Notice is issued on behalf of Moondance Cafes & Gift Shops so when we mention Moondance, Moondance Cafes, Moondance Gift Shops, “we”, “us” or “our” in this privacy notice, we are referring to Moondance Cafes and Gift Shops who are responsible for processing your data.
When you use our services, you’ll share some information with us. We want to be upfront about the information we collect, how we use it, who we share it with and the choices we give you to control, access and update your information. For the purposes of data protection legislation, we are the data controller of your personal data.
We have appointed a data privacy manager who is responsible for overseeing questions in relation to this Privacy Notice.
The personal information we collect and use
Information collected by us
If you have registered with us, or ordered items from us, we will have your email address, telephone number, postal address and the method you chose to make your purchase with.
In addition, our servers, logs, and other technologies automatically collect certain information (see below) to help us administer, protect, and improve our services; analyse usage; and improve users’ experience. We share personal information with others only as described in this policy, or when we believe that the law permits or requires it.
Information we collect automatically
Device information: We may also collect information about your device each time you use a site. If you have an account with us, we may collect information from or about the computers, phones or other devices where you log into our services. We may associate the information we collect from your different devices, which helps us provide consistent services across your devices. Here are some examples of the device information that we may collect:
- Attributes such as the operating system and hardware version.
- Browser type and IP address
Log information: We may also collect log information when you use our website. That information includes, among other things:
- Details about how you’ve engaged with us.
- Device information, such as web browser type and language.
- Access times.
- Pages viewed.
- IP address.
- Identifiers associated with cookies or other technologies that may uniquely identify your device or browser.
- Pages you visit before or after navigating to our website.
How we use your personal information
We use your information in several different ways. The table below set this out in detail, showing what we do, and why we do it.
|Category of personal data
|Purpose for processing
|Legal basis under the GDPR
|Name and contact details
|Deliver your purchase to you
|Performance of a contract
|Send you service messages by email or text, such as order updates
|Performance of a contract
|Send you information by email or post about our new products or services
|Fraud prevention and detection||Legal obligation
|Promotion of our goods and services||Legitimate Interest|
|Payment information (we don’t store this information)
|Take payment and give refunds
Fraud prevention and detection
|Performance of a contract
|Contact history with us, e.g. your previous order history
|Provide customer service and support
|Performance of a contract
|Train our staff
|Information about your phone or laptop, and how you use our website and app
|Improve our website and set default options for you (such as language and currency)
|Fraud prevention and detection
Who we share your personal information with
We share your data with the following categories of companies as an essential part of being able to provide our services to you:
- Companies that get your order to you, such as payment service providers, warehouses, order packers, and delivery companies
- Professional service providers, such as marketing agencies, advertising partners and website hosts who help us run our business
- Credit reference agencies, law enforcement and fraud prevention agencies, so we can help tackle fraud
- Companies approved by you, such as social media sites
For a list of our third-party suppliers see at the foot of this page Some of those third-party recipients may be based outside the European Economic Area — for further information including how we safeguard your personal data when this occurs, see ‘Transfer of your information out of the EEA’.
We will not share your personal information with any other third party.
How long your personal information will be kept
We will hold on to your information for as long as you have your account, or as long as is needed to be able to provide the services to you, or (in the case of any contact you may have with our Customer Care team) for as long as is necessary to provide support-related reporting and trend analysis only.
If reasonably necessary or required to meet legal or regulatory requirements, resolve disputes, prevent fraud and abuse, or enforce our terms and conditions, we may also keep hold of some of your information as required, even after you have closed your account, or it is no longer needed to provide the services to you.
Transfer of your information out of the EEA
We may transfer your personal information outside of the EEA.
Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is attached to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
- Where we use certain service providers, we may use specific countries approved by the European Commission which give personal data the same protection it has in Europe.
- Where we use service providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US.
Control over your information
Under the General Data Protection Regulation, you have several important rights available to you for free. In summary, those include rights to:
- Access the personal information we hold about you
- Request that we transfer elements of your data to another service provider
- Request us to correct any mistakes in your information which we hold
- Request the erasure of personal information concerning you in certain situations
- Receive the personal information concerning you which you have provided to us, in a structured format
- Stop any direct marketing
- Object to processing of your personal data
For further information on each of these rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals rights under the General Data Protection Regulation.
If you would like to exercise any of these rights, please:
- Address to Privacy, Moondance Cafe, 5 South Parade, Chew Magna, B40 8SH. or email us at: privacy at moondancecafe at outlook.com, with a subject line of Privacy.
- let us have enough information to identify you;
- let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill); and
- let us know the information to which your request relates
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made many requests. In this case, we will notify you and keep you updated.
Keeping your personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost, used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.
How to complain
We hope that we can resolve any query or concern you raise about our use of your information. If you are not happy with how we manage your personal data, you have the right to lodge a complaint with a supervisory authority. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/.
Changes to this privacy notice
This privacy notice was published on 23/05/2018 and last updated on 23/05/2018.
Any changes we make to this notice will be posted on this page.
How to contact us
If you wish to contact us please send an email to moondancecafe at outlook.com, with a subject line of Privacy or write to Privacy, Moondance Cafe, 5 South Parade, Chew Magna, B40 8SH.
Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
Comply with a legal or regulatory obligation means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.