Published Date: 09/09/2020
1. Who we are
AcroWear (also referred to as “we”, “us”, or “our”) is an online shop, our website address is: https://acrowear.nz.
2. What personal data we collect and why we collect it
We collect information about your:
- contact information
- computer or network
- how you use our website
- billing or purchase information
- IP Address
We collect your personal information in order to:
- complete purchases and ship items to you
- to help with spam detection
- marketing research purposes, for example, seeing what pages or items are popular
When visitors leave comments / reviews on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
If you upload images to the website (for example, within your comment / review), you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
3. Contact forms
This website’s contact form is currently created by WPForms Lite. WPForms do not collect any entry data. The form will send our team an email however, and of course show some of the data as mentioned in section 2.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year before expiring. For more details on how long data is retained for, see section 7 below.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
5. Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
We may use third-party Service Providers to monitor and analyse the use of our website.
7. How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website, we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
We securely destroy the following data in the the time frames listed below:
- Inactive accounts are kept for 1 year, then deleted with any linked orders converted to guest orders to anonymise the data.
- Pending orders are kept for 1 week, then deleted.
- Failed orders are kept for 1 week, then deleted.
- Cancelled orders are kept for 1 week, then deleted.
- Completed orders will be kept for 2 years, then anonymised.
- Stripe data that we have on our online store such as customer ID or source ID will be kept for 3 weeks, then deleted.
8. What rights you have over your data
You have the right to ask for a copy of any personal information we hold about you, and to ask for it to be corrected if you think it is wrong. If you’d like to ask for a copy of your information, or to have it corrected, please contact us using our contact form. Our contact form will automatically send us what you enter as an email, and by not putting our email address in this policy will help to protect against spam. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
9. Who we share your data with
Jetpack & Gravatar
Stripe is our third party payment processor. We don’t really send them data, as much as you do yourself. You can read more about that in section 11. Processing your payment.
We do not sell data to any companies.
10. Your contact information
If you have an account on this website, you can update your contact information at any time by logging in, and editing your profile.
11. Processing your payment
After you place an order on our website you will need to make payment for the goods you have ordered. In order to process your payment we use Stripe, a third party payment processor, see section 9 above.
This payment processor adheres to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information.
12. How we protect your data
We keep your information safe by using appropriate technical and organisational measures such as storing your information on secure servers, encrypting transfers of data to or from servers using Secure Sockets Layer (SSL) technology, encrypting payments you make on or via our website using Secure Sockets Layer (SSL) technology and only granting access to your information where necessary.
The security of your data is important to us, but remember that no method of transmission over the internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.
13. What data breach procedures we have in place
In the unlikely instance that there is a breach of privacy, we will;
- Contain the breach and make a first assessment
- Evaluate the breach
- Notify affected people if necessary
- Prevent the breach from happening again
14. What third parties we receive data from
We do receive some data from third parties in order to provide our services and for internal administration purposes.
We receive data from 1st Domains, (our web-host), Jetpack (statistics), Stripe (our payment processor), Wordfence (security), Mailchimp (newsletter), and WPForms (contact form).
15. What automated decision making and/or profiling we do with user data
We don’t do automated profiling with user data. We may do some marketing towards users who have opted in for newsletters and show a specific audience things we believe they may be interested in based on what they have selected, but this will be done by people, not bots.