We ask that you read this policy carefully and contact us if you have any further queries. It contains information on who we are, how and why we collect your personal information and how we use, store and share this information.
Past Pastiche sells Antiques, Vintage and Collectable goods online via this website, as well as at antique fairs UK wide.
Aims of this policy
Past Pastiche is required by law to tell you about your rights and our obligations regarding our collection and processing of any of your personal information, which you might provide to us.
We follow the General Data Protection Regulations (GDPR), which applies to the United Kingdom and across the European Union. In line with these regulations we will ensure that the information that we hold about you is:
- Used lawfully, fairly and in a transparent way
- Collected for purposes that have been explained to you and is not used in any way that is incompatible with these
- Accurate and updated regularly
- Kept only as long as necessary
- Kept securely
- Not traded or sold on to a third party
The data we collect & how it is used
– Your IP address
– Which pages you visit
– How you navigate the site
– Button presses
– Forms filled in
– Time spent on a page
– Web browser used
– Operating system used and device the website was viewed via
This data is collected by Google Analytics and Facebook Pixel. We use your data lawfully and fairly. The data above is used in our legitimate interests, as it helps us to understand how people are using our website, and enables us to improve our customers’ experience.
If you purchase an item from us then we will ask for personal data that includes your name, billing address, shipping address, email address and phone number. This information is necessary so that we can process your order, get your item to you quickly and communicate with you during this process to make it as smooth as possible.
If you sign up to one of our mailing lists we will use your name and email address to communicate offers, events, products or services along with other information that we think may be of use to you. This will be no more frequently than twice per month and you may unsubscribe at any time using the link in the email.
How we keep your data secure
We take your privacy and security very seriously. Any information you provide to us is stored on secure servers and is encrypted using Secure Socket Layer (SSL) technology.
Personal information is contained behind secure networks and is only accessed by a limited number of people, who understand the need to keep this data secure and confidential at all times.
Where we have provided you (or where you have chosen) a password or user ID that allows you access to certain parts of our website, it is your responsibility to keep these safe. Do not share your password with anyone else and logout of your account after any sessions, to reduce risks on shared computers or networks.
We do not store any of your financial data on our servers. Our nominated third party payment providers, Paypal and Stripe host all payments securely.
Wherever possible, we keep your data within the EEA. Where this is not possible, the following safeguards are in place:
- We use Facebook Pixel for website analytics and marketing purposes and your data may be transferred outside of the EU. When this happens, your data is protected by the EU-US and Swiss-US Privacy Shield Frameworks, adhered to by Facebook.
- We use Google Analytics for website analytics, and your data may be transferred outside of the EU. When this happens, your data is protected by the EU-US and Swiss-US Privacy Shield Frameworks, adhered to by Google Analytics.
- If you’ve joined our mailing list, your name and email is stored with MailChimp on their data servers in the US. MailChimp has self-certified to both the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield regimes, and lawfully transfers EU/EEA personal data to the U.S. pursuant to their Privacy Shield Certification.
How & when we share your data
As an ecommerce website, there is inevitably some sharing of data with third-party companies. When any data is shared we make a risk assessment to ensure that your data will remain protected. We transfer data to a third party in the following ways:
- When data is sent to Facebook Pixel to track site visitors
- When data is sent to Google Analytics to help us understand our website traffic, behaviour on our website and ways we can improve user experience
- When you sign-up to receive email communications from us and your name and email are stored in MailChimp.
- When data is sent to Royal Mail or our preferred courier service to expediate the transport of your purchases
We will never sell or trade your personal data in any way.
Under GDPR you have a number of rights, in summary, these are:
- The right to be informed– this means that we have to tell you how we collect personal information, why, how we use it, who we share it with and how it is stored.
- The right of access– you have the right to request access a copy of the personal information that we hold about you. This will be done within one month, which is given to all organisations to provide this information.
- The right to rectification– if you discover that we hold personal information about you that is accurate or incomplete you can ask us to update it. As above, all organisations are given one month to complete this.
- The right to erasure– you have the right to request that we erase your personal data in certain circumstances.
- The right to restrict processing– you have the right to request that we limit the way we use personal information in certain circumstances- this is usually done as an alternative to erasure.
- The right to data portability– you are entitled to obtain and reuse your personal information for your own purposes across different services.
- The right to object– you have the right to object to the processing of personal information in certain circumstances. The organisation that holds your information, shall no longer process the personal data unless they can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of yourself, or for the establishment, exercise or defence of legal claims.
- Rights related to automated decision making including profiling- if data has been collected with no human involvement, such as during profiling the rules surrounding this must have been followed. If you believe these rules have not been followed, you can challenge and request a review of the processing involved.
Click here to find out more about GDPR.
Obtaining a copy of your data
If you would like to request a copy of the personal data that we hold on you please email firstname.lastname@example.org. We will need copies of two types of approved identity in order to process your request. You can also ask us to make changes to any data that you consider to be incorrect.
Cookies also provide information on how people use the website, for instance whether it’s their first time visiting or if they are a frequent visitor. We use this information to improve the browsing experience for all of our users.
You can manage your cookie preferences when you first browse our website. To learn more please see our cookies policy.