PRIVACY STATEMENT

Frankenskein Yarn Company, a company whose registered office is at Flat 7, Foundry House, 21 Foundry Row, Redruth, Cornwall, TR15 1AN (referred to as ‘Frankenskein Yarn Company’, ‘FYC’, ‘Us’ or ‘We’) have created this privacy statement (‘Statement’) in order to demonstrate our firm commitment to the privacy of the details that You provide to Us when using www.frankenskein.co.uk (the ‘Site’) to access FYC Services.
We are committed to protecting and respecting Your privacy. For the purpose of the Data Protection Act 1998 and the GDPR as from the 25th May 2018 Frankenskein Yarn Company is the Data Controller.
In this Statement, references to ‘You’, ‘Your’ and ‘Customer’ are references to the person who visits or purchased products from the Site. When You use the Site to access the hand-dyed yarn and other craft accessory Services, You are consenting to the practices set forth in this Statement.
We aim to be as clear as possible in this Statement in respect of Your Personal Data. This Statement applies inter alia to Your Personal Data that We collect about You when You use the Site, how and when it is used, how We protect it and who has access to it. This Statement incorporates the Terms and Conditions and Cookie Policy, the FYC Website Terms of Use (and the FYC Service Terms) by this reference (together the ‘Licence OR Contract OR Agreement’)].
● Your Acceptance of this Privacy Statement
●What Data is collected & how?
● How is your Data used?
● Who has access to your Data?
● How do we protect your Personal Data and for how long?
● Do we use cookies?
● Complaints or queries
● Your rights under Data Protection Legislation?
● Definitions & Interpretations
● Changes to this Privacy Statement
1. YOUR ACCEPTANCE OF THIS PRIVACY STATEMENT
This Statement governs Your use of the FYC Services, including any dispute concerning privacy. By using the FYC Services, You accept this Statement in full. You should read the Statement carefully and ensure that You understand its effect before proceeding to use the Site to access the FYC Services. We reserve the right to make reasonable modifications to this Statement at any time with or without notice by posting the changes on this page. Your continued use of any portion of the Site following the posting of the updated Statement will constitute Your acceptance of the changes.
2. WHAT DATA IS COLLECTED & HOW?

A. PERSONAL DATA
2.1 In order for us to provide You with the Services, We need to collect various types of Personal Data to enhance the quality of the FYC Services. In any event, We are committed to ensuring that the information We collect and use is appropriate for this purpose, and does not constitute an invasion of your privacy. Some types of Personal Data may be voluntarily inputted by You which is shared with Us (and FYC Service Providers as applicable) in respect of yourself (or in respect of one or more other individuals where lawful authority is granted to You by those other individuals) which shall include:
[• name;
• date of birth;
• gender;
• business/company name;
• job title;
• profession;
• email address(es);
• telephone number(s);
• postcode(s);]

2.2 [Types of Sensitive Personal Data that may be shared with Us (and FYC Service Providers as applicable) are: insert]
2.3 As part of the process of using the Site to access the FYC Services, We collect Your Personal Data (and other Data or content of a non-personal nature) in various ways:
• via the “Contact Us”;
• upon Account sign-up/ newsletter registration;
[insert others as required]
2.4 As part of the process of using the Site to access the FYC Services, We may also collect the following types of Data automatically about You (as applicable) as follows via Our use of cookies and other technologies:
• Your visits to the Site and the FYC Content that You download;
• Your IP address;
• Your geographical location;
• Your browser type and version;
• Your operating system;
• Your referral source;
• Your length of visit;
• Your page views and Site navigation and exit;
[insert others as required e.g. any other information that You choose to send to us, including any request for further services, general correspondence, reports of a problem with the Site or the FYC Services.]
To learn more, please see our FYC Cookie Policy.
2.5 FYC agrees and warrants that it will adhere to all Data Protection Legislation and will take appropriate technical and organisational security measures against the unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to Personal Data.
2.6 FYC shall process Personal Data only to the extent, and in such a manner, as is necessary for the sole purpose of fulfilling the FYC Services (including making improvements to the FYC Services. For the avoidance of doubt, FYC is the exclusive owner of the Site and the FYC Content.
B. FINANCIAL PERSONAL DATA
2.7 Each monetary transaction made on this Site shall be processed by a third-party payment processing partner who is a FYC Service Provider – PayPal. You will be required to provide the FYC Service Provider with Personal Data including financial data in order to use the payment processing services. To make and complete a financial purchase or to receive a payment via the Site, the policies of PayPal (or any other third party that FYC use shall apply.) We shall ask You for Your consent at the relevant time if We need to collect Your payment information and pass this on to Our FYC Service Provider or any other third party FYC Service Provider or the (or the FYC Service Provider) will ask You for Your consent directly. You are subject to the https://www.paypal.com/uk/webapps/mpp/ua/legalhub-full.

3. HOW IS YOUR DATA USED?
3.1 FYC will process i.e. collect, store and use the information You provide in a manner that is compatible with the GDPR. We will endeavor to keep Your information accurate and up to date and not keep it for longer than is necessary. Our aim is not to be intrusive, and We undertake not to ask irrelevant or unnecessary questions. Moreover, the information You provide will be subject to rigorous measures and procedures to minimise the risk of unauthorised access or disclosure.
3.2 You are under no obligation to provide Your Personal Data to the Site. However, if You choose not to, some of the FYC Services may not be available to You.
3.3 You acknowledge that, Your Personal Data may be used by FYC to contact You by:
• Electronic Mail; and/ or,
• telephone; and/ or,
• direct mail post;
when necessary in connection with Your use of the Site to access the FYC Services e.g. in respect of a change to any of our legal terms and conditions to which You are subject.
3.4 From time to time and with Your permission, FYC may contact You by:
• Electronic Mail; and/ or,
• telephone; and/ or,
• direct mail post;
by way of sending You various:
• order confirmations/ notifications; and/ or,
• feedback requests; and/ or,
• any other newsletter or information or offers regarding upcoming promotions, services or surveys.
If You change Your mind, You can opt out of receiving some but not all of these (as some are required as a necessary part of continuing to receive access to the FYC Services e.g. order confirmations/ notifications. We do not need Your express consent for this as the “processing is necessary for the performance of a contract” under Article 6(1)(b) of the GDPR.
You can opt out of receiving direct marketing communications from FYC as described below.
3.5 PROFILING: We may from time to time use publicly available demographic information to determine who We target for specific events or marketing campaigns so as to avoid contacting individuals unnecessarily.
3.6 OPTING OUT FROM RECEIVING MARKETING COMMUNICATIONS FROM US: If You do not wish to be sent future marketing communications, We will give You the opportunity to unsubscribe to the receipt of such communications in every Electronic Mail communication that is sent to You (or shall procure that any of our FYC Service Providers such as [insert mailing supplier e.g. Mailchimp shall do the same). Alternatively, and additionally, You can contact FYC by sending an email to unsubscribe@frankenskein.co.uk with “UNSUBSCRIBE REQUEST” in the subject line.
3.7 If Personal Data has been passed to third parties with Your consent, You will need to contact them separately if You change Your mind in relation to their use of Your Personal Data.
3.8 RETENTION: FYC will use its discretion to ensure that We do not keep records outside of our normal business requirements. The following is a list of our retention periods:

Purpose Retention
Mailing List 5 years
Client Marketing: Sale items, new items, special offers for newsletter subscribers 5 years
Customer Invoices 5 years

4. WHO HAS ACCESS TO YOUR DATA?
4.1 To minimise the risk of unauthorised access to Your Personal Data, We use some of Your Personal Data to authenticate Your identity when You use the Site to access the FYC Services.
4.2 For our daily operations, We may use the services of FYC Service Providers to provide some of our business and operational functions on our behalf. Consequently, some of the FYC Services are provided by FYC Service Providers and We need to disclose Your information to them for the sole purpose of fulfilling the FYC Services only (including making improvements to the FYC Services) and not for the purposes of those FYC Service Providers sending marketing communications to You.
4.3 If We wish to pass Your Sensitive Personal Data on to one or more of our of FYC Service Providers, We will only do so once We have obtained Your consent, unless we are legally required to do so.
4.4 Disclosure of Your Personal Data in Compliance with Laws
You should be aware that We may release Your Personal Data when We believe it is necessary to comply with laws or regulations, to assist law enforcement, to enforce the terms under which You transact or communicate with FYC [or with a [FYC User/ Member]] via the Site], or to protect the rights, property or safety of FYC, [a [FYC User/ Member]] or other third parties.
4.5 Transfer of Your Personal Data outside of the EU
From time to time, We may transfer Your Personal Data to a related company, agent or contractor in order to improve our FYC Services or to assist our security, credit risk or fraud protection activities and as permitted by Data Protection Legislation from time to time. Currently, Your Personal Data will only be stored within the United Kingdom. You are deemed to consent to this by using Our Site and submitting information to Us. Should We need to do so in the future, it will be in compliance with the GDPR requirements for external transfer and all details will be added to our Privacy Statement. AND/ OR Some or all of Your Personal Data may be stored or transferred outside of the United Kingdom e.g. in the European Economic Area (the “EEA”) (The EEA consists of all EU member states, plus Norway, Iceland, Liechtenstein.) If We do store or transfer Your Personal Data outside the United Kingdom, We will always obtain Your consent beforehand and take all reasonable steps to ensure that Your Personal Data is treated as safely and securely as it would be within the United Kingdom and under the Data Protection Legislation.
You should be aware that in territories outside the United Kingdom and the EEA, laws and practices relating to the protection of Personal Data are likely to be different and in some cases may be weaker than those within the United Kingdom and the EEA. We comply with the safeguards to protect Your Personal Data required by Data Protection Legislation.
4.6 Transfer of Personal Data in the Event of the Sale of Frankenskein Yarn Company or its Assets
In the event that Frankenskein Yarn Company is sold or transfers some of its assets to another party, Your Personal Data could be one of the transferred assets. If Your Personal Data is transferred, its use will remain subject to this Statement. Your Personal Data will be passed on to a successor in interest in the event of a liquidation or administration of Frankenskein Yarn Company.
4.7 Other Sites and their Privacy Policies and Cookie Policies
The Site may contain links to other websites or applications. FYC is not responsible for the privacy practices or the content of such websites or applications or for the privacy policies, cookie policies and practices of other third parties, so You should be careful to read and understand those policies independently.

5. HOW DO WE PROTECT YOUR PERSONAL DATA & FOR HOW LONG?
5.1 The privacy and protection of Your Personal Data is important to us. Any [FYC User/ Member]] statistics that We may collect and may provide to prospective FYC Service Providers regarding Your usage of the FYC Services are provided in anonymised and aggregate form and do not include any individually identifiable data. It is used primarily to aid the technical administration of the Site, to better understand how the Site is functioning and to draw conclusions upon demographic information.
5.2 You acknowledge that email messages sent over the internet are not encrypted and are not secure. Despite efforts to protect Your Personal Data, We cannot ensure or warrant the security of any Personal Data You transmit to us or any of our FYC Service Providers (or other [FYC User/ Member]]), via, to, or from the Site.
5.3 You accept that FYC cannot be held liable for any breaches of confidentiality that may occur as a result of the use of email. If there is any sensitive or confidential Personal Data which You do not wish to communicate by email, please contact FYC by telephone or post to arrange an alternative method of communication.
5.4 Unfortunately, the transmission of Personal Data or information via the internet is not completely secure. Although We will do our best to protect Your Personal Data, We cannot guarantee the security of Your data transmitted to the Site; any transmission is at Your own risk. Once We have received Your information, We will use procedures and security features to try to prevent unauthorised access. How long We keep Your Personal Data collected through the Site depends on the context in which You provide it and the purpose for which We use it. We will only retain it for as long as is necessary for such purposes. We may send You direct marketing communications for as long as You do not opt-out from receiving the same from FYC.
5.5 Telephone calls: If You call any of the service telephone numbers We provide, We may record Your call. These recordings are used for training and quality control to ensure that We continuously monitor and improve our service standards.
5.6 We may disclose Your Personal Data to any Subscriber of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the Companies Act 2006.

6. DO WE USE COOKIES?
For information about cookies and how they are used on the Site, please visit our FYC Cookie Policy.

7. COMPLAINTS OR QUERIES
We endeavor to provide every protection possible to Your Personal Data. Should you have cause for concern or a general request for information about our Statement or a Subject Access Request, please contact us:

Contact Name: Erikka Chew

Contact Details: admin@frankenskein.co.uk

FYC tries to meet the highest standards when collecting and using Personal Data. For this reason, We take any complaints We receive about this very seriously. We encourage You to bring it to our attention. We would also welcome any suggestions for improving our procedures.

This Statement does not provide exhaustive detail of all aspects of FYC’s collection and use of Personal Data. However, We are happy to provide any additional information or explanation needed. Any requests for this should be sent to the postal address below. If You are not happy with the way in which Your Personal Data is being handled by us, please contact us.

8. YOUR RIGHTS UNDER DATA PROTECTION LEGISLATION

.
What is your right under the GDPR? How do we honour your right?
The right to be informed We must provide ‘fair processing information’, typically through a privacy statement such as this describing how and why we collect and use your Personal Data.

Read more guidance from the ICO on what information we should supply you and when you should be informed (which shall differ depending on whether or not we obtained the Personal Data directly from you or a third party.
The right of access We try to be as open and transparent as We can be in terms of giving people access to their Personal Data. You are entitled to be aware of and be able to check the lawfulness of any processing of Your Personal Data. You can find out if We hold (and process) any Personal Data by making a ‘Subject Access Request’ under the Data Protection Act 1998/ GDPR. If We do hold Personal Data about You, We will let You have a copy of that Personal Data. To make a request to access Your Personal Data that We may hold, You need to put the request in writing addressing it to the postal address provided below. Will action Your request without delay and at the latest within one month of Your request subject to any extensions granted.
Read more guidance from the ICO.

The right of rectification You are entitled to have Your Personal Data rectified if it is inaccurate or incomplete. If We have disclosed this to third parties, We will inform You. We have one month initially to rectify subject to possible extension. Where We decide not to rectify, We shall inform You of Your further rights.
Read more guidance from the ICO.

The right of erasure You have a legal and personal “right of erasure” which is also known as the “right to be forgotten”. Upon Your request, We will close Your Account and remove Your Personal Data as soon as reasonably possible from all of our records unless a lawful reason exists for Us to retain some or all of it.

Read more guidance from the ICO.

The right to restrict processing You have a right to ‘block’ or ‘suppress’ the processing of your Personal Data under certain circumstances but We are still entitled to store just enough of Your Personal Data to ensure that the restriction is respected in future.
Read more guidance from the ICO.

The right to data portability You have the right to object to us processing your Personal Data: Unless:
• based on legitimate interests or the performance of a (legal) task in the public interest/exercise of official authority (including profiling) You can demonstrate compelling legitimate grounds for the processing, which override the interests, rights and freedoms of the individual; and, the processing is for the establishment, exercise or defence of legal claims.
for purposes of scientific/historical research and statistics provided that you have “grounds relating to your particular situation”. the processing is necessary for the performance of a public interest task
for direct marketing (including profiling) N.B. There are no exemptions or grounds to refuse.

Read more guidance from the ICO.

The right to object You are entitled to obtain (in a commonly used and machine readable form) and reuse Your Personal Data that You have provided to us (via consent or contract performance) and which We process by automated means for Your own purposes across different services and free of charge. We must respond to a request without undue delay, and within one month whether or not We decide to action Your request. Where We decide not to, We shall inform You of Your further rights.
Read more guidance from the ICO.

Rights related to automated decision making and profiling Subject to any GDPR exceptions, We should not take a potentially damaging decision concerning you as a result of using automated processing operations without human intervention. We must ensure that you have the opportunity to: obtain human intervention; express your point of view; and obtain an explanation of the decision and challenge it.

The GDPR defines profiling as any form of automated processing intended to evaluate certain personal aspects of an individual, in particular to analyse or predict e.g. their performance at work; health; personal preferences; behaviour; or, location. When processing personal data for profiling purposes, we must ensure that the processing:
– is fair and transparent and logical;
– uses appropriate mathematical or statistical procedures;
– uses appropriate technical and organisational measures to enable inaccuracies to be corrected and minimise the risk of errors;
– is proportionate to the risk to the interests and rights of the individual and prevents discriminatory effects.

Read more guidance from the ICO.

9. DEFINITIONS & INTERPRETATIONS
Data Protection Legislation: refers to the Data Protection Act 1998/ GDPR together with any other applicable regulations, orders, code of practice and guidance.
Electronic Mail: includes email, text, video, voicemail, picture and answerphone messages (including push notifications and in-app notifications).
Intellectual Property Rights: patents, rights to inventions, copyright and neighbouring and related rights, trademarks and service marks, business names and domain names, rights in get-up and trade dress, goodwill and the right to sue for passing off or unfair competition, rights in designs, database rights, rights to use, and protect the confidentiality of, confidential information (including know-how and trade secrets) and all other intellectual property rights, in each case whether registered or unregistered and including all applications and rights to apply for and be granted, renewals or extensions of, and rights to claim priority from, such rights and all similar or equivalent rights or forms of protection which subsist or will subsist now or in the future in any part of the world.
Personal Data: has the meaning set out in the Data Protection Act 1998/ GDPR.
[Sensitive Personal Data: has the meaning set out in the Data Protection Act 1998/ GDPR and may consist of racial or ethnic origin, political opinion, religious or other beliefs of a similar nature, trade-union membership, physical or mental health or condition, sex life, the commission or alleged commission by them of any offence, any proceedings for any offence committed or alleged to have been committed by them and the disposal of such proceedings or the sentence of any court in such proceedings.]
FYC Content: the content including all Intellectual Property Rights therein residing on the Site (which may or may not include Personal Data).
[FYC User/ Member]]: refers to the person using the Site.
FYC Services: refers to the services We may provide to You.
FYC Service Providers: refers to the third parties with whom We work with from time to time as a necessary part of providing the Services to You who are listed here:
[insert OR Not Applicable].
Subject Access Request(s): refers to a written request made in accordance with the Data Protection Act 1998/ GDPR.

10. CHANGES TO THIS STATEMENT
We keep our Statement under regular review. This Statement was last updated on 19.08.2018.