Privacy Policy

Published Date: 09/09/2020

1. Who we are

AcroWear (also referred to as “we”, “us”, or “our”) is an online shop, our website address is: https://acrowear.nz

2. What personal data we collect and why we collect it

We collect information about your:

  • name
  • contact information
  • location
  • computer or network
  • how you use our website
  • billing or purchase information
  • IP Address

We collect your personal information in order to:

  • complete purchases and ship items to you 
  • to help with spam detection
  • marketing research purposes, for example, seeing what pages or items are popular

Comments

When visitors leave comments / reviews on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service Privacy Policy is available here: https://automattic.com/privacy/. After approval of your comment / review, your Gravatar profile picture is visible to the public in the context of your comment / review.

Media

If you upload images to the website (for example, within your comment / review), you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

3. Contact forms

This website’s contact form is currently created by WPForms Lite. WPForms do not collect any entry data. The form will send our team an email however, and of course show some of the data as mentioned in section 2.

4. Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year before expiring. For more details on how long data is retained for, see section 7 below.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

5. Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

6. Analytics

We may use third-party Service Providers to monitor and analyse the use of our website.

7. How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website, we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

We securely destroy the following data in the the time frames listed below:

  • Inactive accounts are kept for 1 year, then deleted with any linked orders converted to guest orders to anonymise the data.
  • Pending orders are kept for 1 week, then deleted.
  • Failed orders are kept for 1 week, then deleted.
  • Cancelled orders are kept for 1 week, then deleted.
  • Completed orders will be kept for 2 years, then anonymised.
  • Stripe data that we have on our online store such as customer ID or source ID will be kept for 3 weeks, then deleted.

8. What rights you have over your data

You have the right to ask for a copy of any personal information we hold about you, and to ask for it to be corrected if you think it is wrong. If you’d like to ask for a copy of your information, or to have it corrected, please contact us using our contact form. Our contact form will automatically send us what you enter as an email, and by not putting our email address in this policy will help to protect against spam. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

9. Who we share your data with

These websites / plugins may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content. Please refer back to section 5 about embedded content.

Jetpack & Gravatar

Jetpack & Gravatar provides us with a host of tools including things such as security, spam protection, and analytics. They are owned by Automattic, which was mentioned earlier in section 2, their service Privacy Policy is available here: https://automattic.com/privacy/.

Stripe

Stripe is our third party payment processor. We don’t really send them data, as much as you do yourself. You can read more about that in section 11. Processing your payment.

Mailchimp

Mailchimp is used for delivery of email updates and newsletters. We store your name and email address for purposes of delivering such communications.  For more details and information, refer to Mailchimp’s Privacy Policy https://mailchimp.com/legal/privacy/.

Wordfence

Wordfence is used to protect our website from potential hackers, malware, and vulnerabilities. We do not send personal information to Wordfence, however a scan could find personal information that is published publicly on this website such as in a comment or review. However, IP addresses are sent to Wordfence if they show malicious behaviour. Please refer to Wordfence Privacy Policy https://www.wordfence.com/privacy-policy/.

We do not sell data to any companies.

10. Your contact information

If you have an account on this website, you can update your contact information at any time by logging in, and editing your profile.

11. Processing your payment

After you place an order on our website you will need to make payment for the goods you have ordered. In order to process your payment we use Stripe, a third party payment processor, see section 9 above.

We will not store or collect your payment card details. That information is provided directly to our third-party payment processors whose use of your personal information is governed by their Privacy Policy. Your payment will be processed by Stripe, who collect, use and process your information, including payment information, in accordance with their Privacy Policies.

You can access their Privacy Policy via the following link: https://stripe.com/gb/privacy

This payment processor adheres to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information.

12. How we protect your data

We keep your information safe by using appropriate technical and organisational measures such as storing your information on secure servers, encrypting transfers of data to or from servers using Secure Sockets Layer (SSL) technology, encrypting payments you make on or via our website using Secure Sockets Layer (SSL) technology and only granting access to your information where necessary.

The security of your data is important to us, but remember that no method of transmission over the internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

13. What data breach procedures we have in place

In the unlikely instance that there is a breach of privacy, we will;

  • Contain the breach and make a first assessment
  • Evaluate the breach
  • Notify affected people if necessary
  • Prevent the breach from happening again

14. What third parties we receive data from

We do receive some data from third parties in order to provide our services and for internal administration purposes.

We receive data from 1st Domains, (our web-host), Jetpack (statistics), Stripe (our payment processor), Wordfence (security), Mailchimp (newsletter), and WPForms (contact form).

15. What automated decision making and/or profiling we do with user data

We don’t do automated profiling with user data. We may do some marketing towards users who have opted in for newsletters and show a specific audience things we believe they may be interested in based on what they have selected, but this will be done by people, not bots.

16. Changes To This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.

We will let you know via a prominent notice above our header on our website, prior to the change becoming effective and update the “published date” at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page