This policy sets out how The Silk Route uses and protects any information that you provide when you use this website.
At The Silk Route, we are committed to protecting your privacy. We will only use the information that we collect about you lawfully (in accordance with the General Data Protection Regulations – GDPR).
What information we collect
The type of information that we collect about you through this website includes:
- your name,
- your address,
- your telephone number,
- your email address,
- your account password (although this is encrypted and we have no way of viewing this. We do, however, have the facility to reset the password manually),
- your order details, including:
- order date,
- products ordered,
- delivery name and address,
- telephone number for the delivery address,
- payment processing details (but NOT any card information other than the data passed back to us as part of the payment process including the last 4 digits of the card used for payment, the card expiry date and whether the payment has been accepted or refused),
- despatch date,
- IP address of ordering computer,
- your agreement to our Terms and Conditions,
- your agreement for us to contact you with occasional marketing or otherwise emails.
We may also collect and retain email conversations to and from yourselves.
We hold no information about you that is classed as ‘sensitive’ by GDPR.
The information that we store on our servers is held and processed in the UK.
Please note that the ‘Checkout’ process at the end of our online ordering asks whether you wish the card details for the card being used for payment to be saved. This is a facility offered by WorldPay, with the card details saved by them. We do not save that information ourselves.
How we use the information that we gather.
We collect information about you to enable us:
- to process your order,
- to provide customer service,
- to support and substantiate our financial records legally required by UK fiscal authorities,
- to provide occasional marketing information to you where you have consented.
We do not use personal data in any form of profiling.
Disclosure or sharing of your information
We do not sell, trade or otherwise pass on personal information to any other organisation or person, other than that required by:
- WorldPay, our Card Merchant, as part of the secure payment authorisation process (we do not see, receive or store any card information other than the data passed back to us as part of the payment process including the last 4 digits of the card used for payment and whether the payment has been accepted or refused),
- our delivery contractors to enable the delivery of your order (your name and delivery address and, where the goods are being delivered by courier, your telephone number and email address may be provided to them to assist delivery). Where orders are being delivered outside the UK we may have to provide a ‘customs’ invoice to allow the authorities of the receiving country to assess the delivery for customs charges,
- a Court of Law under UK jurisdiction.
Accuracy of information
You can check this information through our website through logging in to your account from any screen on our website. Whilst we make every effort to maintain your information accurately, please feel free to correct any item of information about yourself through the ‘Edit Account’ or ‘Edit Addresses’ facility within the ‘My Account Home’ screen. Alternatively, you may contact us with your corrections or other instructions by telephone on +44 (0)1252 83578, by letter to our address (see ‘Contact‘) or by email (firstname.lastname@example.org) either directly or through the use of the ‘contact us’ facility on our website.
Privacy of email communications
Please note that communications to us via the ‘contact us’ facility on our website or any direct email communications with us are via widely available email systems and are not considered fully secure. Accordingly we advise that you do not send any information that you wish to protect by a single email.
Compliance to and adherence of security standards
The security of our website and of our manual systems is covered by our adherence to the Payment Card Industry Data Security Standards (PCIDSS). This is mandated by our Card Merchant and our compliance is validated annually.
Other related policies
We maintain, separately:
These can be found by following the links above, or from the footer of anyone of our web pages.
We maintain customer data where legally required to support our financial data and tax submission to the relevant UK authorities. This is stored securely and any paper copies shredded under supervision when no longer required.
If you believe that we have not given sufficient care to the privacy of your information we would hope that you would contact us in the first case to resolve the issue. However, you have the right to make a complaint to The Information Commissioner’s Office (ICO), the UK supervisory authority for information protection issues (www.ico.org.uk).