Help

Privacy

Privacy and Cookies Policy

  1. About this policy. 
Stories Behind Things Ltd is committed to protecting and respecting your privacy. This policy sets out who we are and how and why we collect, store, use and share your personal information. It also explains your rights in relation to your personal information, so please read it carefully. This policy applies to your use of www.storiesbehindthings.com (the “Site”) or any services offered through or associated with the Site (the “Services”).
  1. What is “personal data”? 
  • Personal data” means any information that identifies an individual person. It does not include data about a company or anonymous data (i.e. data where the personal identity has been removed.)
  • About us. 
    • The Site is owned and operated by Stories Behind Things Ltd, a limited company registered in England and Wales under company number 11143931 (the “Company” or “us”). When we process personal data, we are responsible as a “controller” of that personal data for the purposes of the General Data Protection Regulation and the Data Protection Act 2018 (the “data protection laws”). In this policy, “we”, “us” “our” or “Company” refers to Stories Behind Things Ltd. 
    1. Third-party links. 
    • The Site may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our Site, we encourage you to read the privacy policy of every website you visit.
  • How we collect data. 
    • Most of the data we collect is collected directly from you—you give us personal data when you visit our Site or when you communicate with us in person, via social media or by email. This includes data you provide when you fill out forms on our Site (like registering to use the Site, subscribing to our mailing list, placing an order or using other interactive features). We may also receive information from third parties, like analytics providers, payment service providers, third-party accounts you use to log in to our Site (like Google or Facebook) and other third parties we use to help us deliver our Services such as Shopify. For more information on how these companies handle your personal data, please refer to their privacy policies.
  • Data we collect about you. 
    • The personal data we collect about you includes your name and contact information (like email address, phone number, mailing address), billing information and payment card information, location data, behavioural data (like information about past orders and how you use our Site (including your IP address). 
  • How and why we use your data. 
    • Under data protection laws, we can only use your personal information if we have a proper reason for doing so, such as complying with our legal and regulatory obligations, fulfilling contractual obligations to you (or taking any steps at your request before entering into a contract), where you have given consent or for our (or a third party’s) legitimate interest. (A “legitimate interest” is when we have a business or commercial reason to use your information, which is a proper reason for using your personal data as long as it’s not overridden by your own rights and interests.) This section explains what we use your personal information for and our reasons for doing so.
      • Providing our Site to you. We use your personal data to administer the Site, to ensure content from the Site is presented in the most effective manner for you and for your device, as part of our efforts to keep the Site safe and secure and to allow you to participate in interactive features of our Site (when you choose to do so). We use your personal data this way for our legitimate interests in maintaining our Site.
      • Providing Services to you. We use your personal data for internal operations, to administer and manage your account, respond to communications from you and provide you with information you request from us, notify you about changes to the Services and carry out any other obligations arising from any contracts entered into between you and the brands. We use your personal data this way to fulfil contractual obligations to you (or take steps at your request before entering into a contract).
      • Improving our Site and Services. We use your personal data to make our Site and Services better, including troubleshooting, data analysis, testing, research, statistical and survey purposes.
      • Improving our marketing. We use your personal data to measure and understand the effectiveness of our marketing efforts, deliver relevant marketing to you and make relevant suggestions and recommendations to you. We use your personal data this way for our legitimate interests in promoting our business and Services.
      • Complying with legal obligations. We also use your personal data to comply with legal obligations like mandatory reporting and record retention, ensuring confidentiality of commercially sensitive information and responding to any requests from regulatory or legal authorities.
      • Handling sensitive data. We do not collect sensitive personal data.
  • Marketing and promotional communications. 
    • We have a legitimate interest in processing your personal information for promotional purposes, which means we don’t usually need your consent to send you these types of communications. However, we’ll only send you updates about Services you have used or that we think you might be interested in, including exclusive offers, promotions or new Services. We won’t subscribe you to our mailing list without your explicit consent. You can ask us to stop sending you marketing messages at any time by the following opt-out links on such marketing messages or by contacting us at enquiries@storiesbehindthings.com.
  • Who we share your data with.
    • We routinely share personal information with third parties we use to help run our business and deliver our Services (like Shopify Payments to facilitate payments, brands we promote on our Site to facilitate deliveries, Google Analytics to help us understand how users interact with our Site, Mailchimp to market our business, Shopify to host our website and for account management and Priority One to help manage the Site’s customer data and make our Services secure). We only allow these service providers to handle your personal data if we are satisfied, they take appropriate measures to protect your personal data.
    • We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations, enforce any of our rights or protect ourselves and others.
    • We may also need to share some personal information with other parties, such as potential buyers of some or all of our business or during a restructuring. The recipient will only be permitted to use the data for the purposes we originally collected it for, and they will be bound by confidentiality obligations.
  • How long we keep your data. 
    • We keep your personal data while you have an account with us or we are providing Services to you. You can tell us to stop providing Services to you by deleting your account or contacting us. After that, we keep your personal information for as long as is necessary to respond to any questions, complaints or claims made by you or on your behalf, to show that we treated you fairly and to keep records required by law. We won’t retain your personal data for longer than necessary for the purposes set out in this policy. However, please note that different retention periods apply for different types of personal data. By law we have to keep basic information about our customers (including contact, identity, financial and transaction data) for six years after customers have purchased from our Site, for tax purposes. 
    • In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you. 
  • How we secure your data.
    • We have appropriate security measures to prevent personal information from being accidentally lost, or used or accessed unlawfully. We limit access to your personal information to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. We also have engaged Priority One to support our: Firewall/cyber security protection, DR assistance, Cloud back up and technical support. 
    • We also have procedures in place to deal with any suspected data security breach. We’ll notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
    • Unfortunately, sending personal data via the internet is not completely secure. Although we do our best to protect your personal data, we can’t guarantee the security of data sent to our Site, and you send personal data to us at your own risk.
  • Where your data is stored. 
    • To deliver our Services to you, it’s sometimes necessary for us to share your personal information outside the UK and/or the European Economic Area (EEA), such as with our offices outside the UK/EEA, with service providers located outside the UK/EEA or if you are based outside the UK/EEA. These transfers are subject to special rules under data protection laws. Although non-UK/EEA countries don’t have the same data protection laws as the UK/EEA,  however we will ensure the transfer complies with data protection laws and that all personal data will be secure. Where this is the case personal data is adequately protected by EU Commission approved standard contractual clauses, an appropriate Privacy Shield certification, the Processor Binding Corporate Rules, or another adequacy mechanism established under applicable data protection law. If you’d like more information about what happens to your personal data when it’s transferred outside the UK/EEA, please contact us.
  • Your rights.
    • Under data protection laws you have the right to:
      • Be informed: the right to be informed of what  personal data we have about you and our purpose for processing it.
      • Access: the right to be provided with a copy of your personal data.
      • Rectification: the right to require us to correct any mistakes in your personal data.
      • Be forgotten: the right to require us to delete your personal data—in certain situations.
      • Restriction: the right to require us to restrict processing of your personal data—in certain circumstances.
      • Portability: the right to receive the personal data you provided to us in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations.
      • Object: the right to object to your personal data being processed for direct marketing (including profiling) and, in certain circumstances, the right to object to our continued processing of your personal data.
      • Not to be subject to automated decision-making: the right not to be subject to a decision that has legal effects on you or significantly affects you based solely on automated processing (including profiling).
      • Complain: the right to complain to a supervisory authority if you think any of your rights have been infringed by us. In the UK, this is the Information Commissioner’s Office (ICO).
    • If you would like to exercise any of these rights, please contact us.
  • Cookies (and other similar technologies).
    • What are cookies? A cookie is a small (ordinarily, text) file of letters and numbers that we store on your browser. Cookies contain information that is transferred to your computer's hard drive (or the hard drive of another relevant device). We use cookies to distinguish you from other users on the Site, to tailor your experience to your preferences, and to help us improve the Site.
    • Cookies we use.
      • Strictly necessary cookies. These cookies are required to save your session and to carry out other activities that are strictly necessary for the operation of the Site. They include, by way of general example, cookies that enable you to log into secure areas of the Site, use a shopping cart, or make use of e-billing services. These cookies are session cookies, which means they’re temporary and will usually expire when you close your browser. 
      • Analytical/performance cookies. These cookies allow us to recognise and count the number of visitors and to see how visitors move around the Site when they’re using it.  These cookies help us improve the way the Site works by, for example, ensuring that users are finding what they’re looking for easily.
      • Functionality cookies. These cookies are used to recognise you when you return to the Site. They enable us to personalise our content for you, greet you by name and remember your preferences.
      • Targeting cookies. These cookies record your visit to the Site, the pages you visit, and the links you follow.  We use this information to make the Site and the advertising displayed on it more relevant to your interests. We also share this information with third parties for the same purpose. When we use third parties for advertising and targeting purposes, we may disclose: Personally identifiable information, such as email address, and any other information you have provided us. Generic, aggregated or anonymised data relating to your visits and use of our Site; or Information in a pseudonymised form such as a browser cookie ID / code or cryptographic hash of your email address to help us tailor and display our ads to you on other services. This ID or code is matched against your equivalent unique code similarly generated by our ad partners to tailor adverts to you.
      • Social media cookies. These cookies work together with social media plug-ins. For example, when we embed photos, video and other content from social media websites, the embedded pages contain cookies from these websites. Similarly, if you choose to share our content on social media, a cookie may be set by the service you have chosen to share content through.
      • Third party cookies. Please note that some of the above cookies are placed by third parties (such as Facebook and Instagram and that the Site does not block third party cookies.
    • Consenting to cookies. You will be shown a pop-up message requesting your consent to setting non-essential cookies before any are placed on your device. When you give your consent, a unique token is generated to show that you have consented and you won’t receive the pop-up message again when you return to our Site.
    • Disabling cookies.
      • By default, most internet browsers accept cookies, but you can choose to enable or disable some or all cookies via the settings on your internet browser. Most internet browsers also enable you to choose whether you wish to disable all cookies or only third party cookies. For further details, please consult the help menu in your internet browser.
      • Some of the cookies we use are essential for the Site to operate. If you use your browser settings to block essential cookies, you may not be able to access all or parts of our Site. 
      • You have the right to opt out of social media cookies and third-party cookies. To enforce this right, please contact us.
    • Sessions. Sessions are a mechanism that enable a webpage to remember information from a previous webpage. By default, a webpage forgets information from a previous webpage—sessions are used to help a website function when it needs to remember certain information from one webpage to the next (for example, to help you fill out forms or make payments). Sessions ordinarily work with cookie files, but they can also work without cookies. Information from sessions is deleted when you close your window or tab. We use sessions in addition to cookies to help our Site function.
    • Local storage. Local storage is a mechanism that enables us to store information locally on your device. Like sessions, local storage is used to help a website function when it needs to remember certain information, but local storage is used to continue remembering information after you close your window or tab. We also use local storage to help our Site function.
    • Hidden fields. Hidden fields are a mechanism used to store information on a webpage. Users can’t typically see hidden fields or submit information through them. We use hidden fields to help present our Site in the best way for you and your device (for example, to retain information about what language you’re viewing the Site in).
    • Changes to this policy. We keep this privacy policy under review. Any changes we may make to this policy will be posted on this page (and, where appropriate, notified to you by email). Please check back frequently for updates and changes.
    • Keeping information up-to-date. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
    • Contact us. Questions, comments and requests regarding this policy are welcomed. You can contact us by post at our registered address (above) or by email at enquiries@storiesbehindthings.com.