Hairy Fairy ( from now on referred to a “us”, “we”, or “our”) operates https://hairyfairy.gifts (the “website or site”) to bring you information about our products and services.
We only use your personal information to communicate with you regarding your purchase, improve your experience of the website and to manage the processing of your order. We are committed to holding your data securely, never sharing it unless you agree to this and putting you in control of how you update, delete and access your data.
The information we collect from you
While using our website, we may ask you to provide us with certain information which is personally identifiable. This may include, but is not limited to, your name and email address, mobile phone number and address (“Personal Information”).
We process your data under contract to provide you with the product you have ordered.
If you have only registered to hear more from us then we are processing your data under consent as you have opted in to our newsletter.
We will never sell, distribute or lease your personal information to anyone.
How long is information stored?
Your personal information is stored for set periods. We require this information to understand your needs and provide you with a better service, and in particular for the following reasons:
- Where the information is necessary for the adequate performance of the contract between you and us for us to provide our services.
- For customer service and resolution purposes.
- Internal record keeping.
- We may use the information to improve our products and services.
- We may periodically send promotional emails about new products, special offers or other information which we think you may find interesting using the email address which you have provided and we may personalise such content based on what we believe may be of interest to you.
- We may use the information to customise the website according to your interests.
- We may use the information to send you relevant, personalised communications by post in relation to updates, offers, services and products. We’ll do this on the basis of our legitimate business interest. You are free to opt out of hearing from us by post at any time by writing to or emailing us
- We may use the information for the purposes of fraud detection and prevention and enhancing safety on our website.
We also store Log Data
As with the majority of websites we store information on the visits people make to our website. This is done by collecting information that your browser sends whenever you visit our website (“Log Data”) using Google Analytics.
This Log Data may include information such as your computer’s Internet Protocol (“IP”) address, browser type, browser version, the pages of our Site that you visit, the time and date of your visit, the time spent on those pages and other statistics.
We use the information provided by Google Analytics and Log Data to see how effective our website is and how to make changes to improve your experience. Google Analytics provides options to limit the amount of time data is retained and these are currently set to 26 months.
The legal basis for holding your details
We hold information about your order for 7 years in accordance with requirements to keep legitimate business records. We will only contact you about your order or if you have given your permission to receive further marketing information.
All of your details are stored with password protection and managed by a designated data controller. You have a right (see below) to ask for your details to be deleted and forgotten and can do this by contacting us.
Your data and your right to access Personal Information
It’s very important to us that you feel comfortable with the way in which your data is used and stored by us.
You have the right, under the GDPR, to:
- Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request a correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information, ensuring your ‘right to be forgotten’. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below). You should be aware that, for legal reasons, we may be unable to erase certain information.
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal information to another party.
If you would like to make a request, email@example.com and we will endeavour to answer and deal with your request as speedily as possible. You will not have to pay a fee to access your personal information. However, we may have to charge a reasonable fee if your request for access is deemed unfounded or excessive.
The security of your Personal Information is vitally important to us. All users of the internet should feel safe in accessing and sharing information online and so ensuring that we store your information safely and responsibly is of high priority to us.
However we all need to understand that no method of transmission over the Internet, or method of electronic storage, is 100% secure. We have set up a series of safeguards and complied with current regulations to protect your Personal Information, but we cannot guarantee its absolute security.
In the event of a breach of security we pledge to notify you within three days of its discovery with a plan of action to help you to take any necessary steps if your data has been compromised.
Communicating with you
We promise that we will only use your Personal Information to contact you with emails, newsletters and information which is of legitimate interest to you.
Your name and email address will be stored securely with our email provider MailChimp on servers in the United States. MailChimp may not supply this information to third parties unless there is a legal obligation to do so.
Who we share information with
MailChimp lawfully transfers EU/EEA personal data to the U.S. pursuant to our Privacy Shield Certification. MailChimp also complete a SOC II Type 2 examination on an annual basis for the Trust Principal Criteria of Security, Processing Integrity, Confidentiality, and Availability.
We have signed a Data Processing Agreement with MailChimp in order to meet the requirements of the GDPR. This permits us to continue to lawfully transfer EU personal data to MailChimp and permits MailChimp to continue to lawfully receive and process that data so we can send you newsletters about activities which are of interest to dental professionals.
We take online payments using the PayPal payment gateway. In providing PayPal Services, PayPal transfers personal data to the US.
In addition to Privacy Shield, PayPal continues to employ additional compliance measures to ensure an adequate level of protection of personal data transferred outside the European Economic Area.
Cookies are files with small amounts of data which are generated when you click on a site or specific pages in a site. The data gathered may include what is known as an anonymous unique identifier. The identifier identifies the action taken, not you, which is why they are called anonymous.