Security & Privacy
We reserve the right to pass on any information you provide to us via the website to aid parties involved in fraud prevention and detection.
Our website is hosted by Shopify Inc. who take website security extremely serious.
Is Shopify PCI compliant?
Yes, Shopify is certified Level 1 PCI DSS compliant. This compliance extends to all online stores powered by Shopify.
Shopify are very serious about securely hosting our online store and have invested significant time and money to certify our solution is PCI compliant. From annual on-site assessments validating compliance to continuous risk management, they work really hard to ensure our shopping cart software and ecommerce hosting is secure.
Shopify is certified PCI compliant in the following documents:
What is PCI DSS Compliance?
The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that handle credit card and debit card information. Defined by the Payment Card Industry Security Standards Council, the standard was created to increase controls around credit card data to reduce credit card fraud via its exposure.
If you want to sell online and accept payments from Visa, Mastercard, American Express or Discover credit cards, your software and hosting needs to be PCI compliant.
Shopify meets all 6 categories of PCI standards
This compliance extends to all online stores powered by Shopify
General Data & Privacy Regulation 2018
We understand that privacy and the security of your personal information is extremely important. Because of that, this policy sets out what we do with your information and what we do to keep it secure. It also explains where and how we collect your personal information, as well as your rights over any personal information we hold about you.
Lyncroft Marketing Services Ltd trading as Stitchkits.co.uk and AndersonandWebb.com acts as Data Controller and can be contacted at Moat Cottage, Weir Lane, Whitchurch, Bucks HP22 4EP
Company number 3500918
VAT number 685 7403 03
Your data is being shared with our fulfilment house, MRM Ltd, who acts as Sub Processor to process and despatch your order. Their address is: Barberton House, Farndon Road, Market Harborough, Leicestershire LE16 9NR
Company number: 04716827
VAT number: 253 832 404
They may in turn authorise third parties to process your data for the purposes of payment and despatch, such as Royal Mail, couriers etc
What Type of information do we hold?
- Information that you provide to us such as your name, address, telephone number, email address, bank account and payment card details and any feedback you give to us, including by phone, email, post, or when you communicate with us via social media;
- Information about the Services that we provide to you (including for example, the goods we have sold you, when and where, what you paid, and so on);
- Your account login details, including your user name and chosen password;
- Information about any device you have used to access our Services and also how you use our Services.
- Your contact details and details of the emails and other electronic communications you receive from us, including whether that communication has been opened and if you have clicked on any links within that communication. We want to make sure that our communications are useful for you, so if you don't open them or don't click on any links in them, we know we need to improve our Services
- Information from other sources such as our retail partners such as The National press, magazines and marketplaces.
The information we collect may be used to:
- Make available our Services to you;
- Process your orders;
- Take payment from you or give you a refund;
- Personalise your shopping experience, for example how you use our websites to provide you with personalised offers or shopping ideas;
- Help us ensure that our customers are genuine and to prevent fraud;
- For statistical analysis;
- Help us understand more about you as a customer, the products and services you consume
- Find ways to improve our Services, and websites;
- Contact you about products and services from us;
- Provide you with online advertising;
- Provide for the safety and security of our colleagues and customers;
- Help answer your questions and solve any issues you have;
The information we collect will not be:
- At no point will your data be passed outside the EEA for any purpose;
- Your data will not be held for longer than one year from the date of despatch of your order; we retain your details to process any claim under our 12 month guarantee;
- We will never sell or give your data to any other third party.
Email Newsletter Subscription
- If you authorise Anderson & Webb or Stitch Kits to email you their Newsletter, we will provide you with information regarding our products and services.
- Subscribing to the Newsletter may require using Data given upon sign up (i.e.. first and last name) to personalise the email.
- If you are a registered user, you can change your preferences related to the sending of these commercial communications through the My Account section.
- You can also unsubscribe through either website's Newsletter section at any time, or by following the information we provide in each communication.
- We will never sell or give your data to any other third party.
DATA PROTECTION RIGHTS
- As Data Controller, LMS undertakes to respect the confidentiality of your Personal Data and to guarantee you can exercise your rights. You may exercise your rights of access, deletion, correction by sending an email to: firstname.lastname@example.org
- If you decide to exercise these rights, and if part of the personal data you provided was your email address, we would ask you to please specify this circumstance in your written request, indicating the email address from which you wish to exercise your rights of access, deletion, correction. LMS will then verify that the requester is the same as the data subject (that is, the requester is not asking to erase someone else’s personal data) and confirm there is no legal reason to preserve this data, before carrying out the request.
- Personal data cannot be erased while it is associated with a pending order or an order made fewer than 180 days before the request (the usual window in which a buyer can make a chargeback).
- Under the GDPR, controllers and processors are required to implement appropriate technical and organisational measures. LMS’ Data Processor, Shopify, which operates our website platform, has implemented many of the controls and processes identified in the GDPR, including:
- Anonymising and encrypting personal data
- Ensuring confidentiality, integrity, availability, and resilience of processing systems
- Restricting who may access personal data
- Ensuring availability and access to personal data in the event of a physical or technical incident
- Performing regular testing, assessments, and evaluation of technical and organisational security measures.
- Shopify and all online stores powered by Shopify are Level 1 PCI-DSS compliant. Shopify uses third-party data centres with industry-standard certifications, such as Tier III and
GDPR Compliant Third-Party Apps Used by Us
Spin to Win app by Secomapp - Collect names and email addresses for marketing purposes only.
Free Gifts app by Secomapp - Has app permission to modify store data, script tags, products, variants, collections, read orders, transactions and fulfilments.
Facebook product feed – Has permission to the following personal data: * shop name. * myshopify domain. * email address of the shop owner. * meta data, for example; date of installation and last update. The store’s feed is piped through shopify's system to generate the product feed on to the business facebook page. The data is obtained through shopify upon installation of the app and is only used to provide us with the service of the app.
Mailchimp for Shopify - Permission to collect email data, recording sales and data clicks.
Product Options by Bold – Gift wrap options and has app permission to modify store data, script tags, products, variants, collections, read orders, transactions and fulfilments.
WebInterpret – Translates website into local language. Has app permission to modify store data, script tags, products, variants, collections, read orders, transactions and fulfilments.
https://www.webinterpret.com/uk/terms-conditions/ https://www.webinterpret.com/uk/privacy-policy/ http://pages.webinterpret.com/rs/658-RPA-926/images/privacy-policy.pdf?_ga=2.64723111.927502581.1525160907-244698953.1507208093
Xporter Data Export Tool – Collects data and feeds to MRM (Fulfilment warehouse)
Has app permission to modify store data, script tags, products, variants, collections, read orders, transactions and fulfilments. Export orders and products.
The Xporter Data Tool uses secure servers, and has locked down access, they do don't sell, keep or pass on data.