Our website and marketing is owned and managed by Craft Buddy Limited (“Craft Buddy”) registered in England and Wales with company number 07236303 and whose registered office address is at Unit 7 Anglo Business Park, Asheridge Road, Chesham HP5 2QA.
At Craft Buddy we are committed to protecting and preserving the privacy of our visitors when visiting our site or communicating electronically with us.
This privacy notice explains when and why we collect personal, how we use it, the conditions under which we may disclose it to others and how we keep it secure. Whilst we will keep all of your personal information confidential, we reserve the right to disclose this information in the circumstances as set out within this policy.
We confirm that we will keep the information on a secure server and that we will comply fully with all applicable UK and EU General Data Protection legislation (GDPR).
We may change this Policy from time to time so please check this page occasionally to ensure that you’re happy with any changes.
Any questions regarding this Policy and our privacy practices should be sent by email to firstname.lastname@example.org
We are Craft Buddy Limited, a proud British brand.
The GDPR sets out the following rights applicable to data subjects (please refer to the parts of this policy indicated for further details):
The right to be informed;
The right of access;
The right to rectification;
The right to erasure (also known as the ‘right to be forgotten’);
The right to restrict processing;
The right to data portability;
The right to object; and
Rights with respect to automated decision-making and profiling.
The GDPR seeks to ensure that personal data is processed lawfully, fairly, and transparently, without adversely affecting the rights of the data subject.
The GDPR states that processing of personal data shall be lawful if at least one of the following applies:
- The data subject has given consent to the processing of their personal data for one or more specific purposes;
- The processing is necessary for the performance of a contract to which the data subject is a party, or in order to take steps at the request of the data subject prior to entering into a contract with them
- The processing is necessary for compliance with a legal obligation to which the data controller is subject;
- The processing is necessary to protect the vital interests of the data subject or of another natural person
- The processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller; or
- The processing is necessary for the purposes of the legitimate interests pursued by the data controller or by a third party, except where such interests are overridden by the fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
If the personal data in question is “special category data” (also known as “sensitive personal data”) (for example, data concerning the data subject’s race, ethnicity, politics, religion, trade union membership, genetics, biometrics (if used for ID purposes) at least one of the following conditions must be met:
- The data subject has given their explicit consent to the processing of such data for one or more specified purposes (unless UK or EU Member State law prohibits them from doing so);
- The processing is necessary for the purpose of carrying out the obligations and exercising specific rights of the data controller or of the data subject in the field of employment, social security, and social protection law (insofar as it is authorised by UK or EU Member State law or a collective agreement pursuant to EU Member State law which provides for appropriate safeguards for the fundamental rights and interests of the data subject);
- The processing is necessary to protect the vital interests of the data subject or of another natural person where the data subject is physically or legally incapable of giving consent;
- The data controller is a foundation, association, or other non-profit body with a political, philosophical, religious, or trade union aim, and the processing is carried out in the course of its legitimate activities, provided that the processing relates solely to the members or former members of that body or to persons who have regular contact with it in connection with its purposes and that the personal data is not disclosed outside the body without the consent of the data subjects;
- The processing relates to personal data which is clearly made public by the data subject;
- The processing is necessary for the conduct of legal claims or whenever courts are acting in their judicial capacity;
- The processing is necessary for substantial public interest reasons, on the basis of EU or EU Member State law which shall be proportionate to the aim pursued, shall respect the essence of the right to data protection, and shall provide for suitable and specific measures to safeguard the fundamental rights and interests of the data subject;
- The processing is necessary for the purposes of preventative or occupational medicine, for the assessment of the working capacity of an employee, for medical diagnosis, for the provision of health or social care or treatment, or the management of health or social care systems or services on the basis of EU or EU Member State law or pursuant to a contract with a health professional, subject to the conditions and safeguards referred to in Article 9(3) of the GDPR;
- The processing is necessary for public interest reasons in the area of public health, for example, protecting against serious cross-border threats to health or ensuring high standards of quality and safety of health care and of medicinal products or medical devices, on the basis of EU or EU Member State law which provides for suitable and specific measures to safeguard the rights and freedoms of the data subject (in particular, professional secrecy); or The processing is necessary for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes in accordance with Article 89(1) of the GDPR based on EU or EU Member State law which shall be proportionate to the aim pursued, respect the essence of the right to data protection, and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject.
- Adequate, Relevant, and Limited Data Processing Craft Buddy Ltd will only collect and process personal data for and to the extent necessary for the specific purpose or purposes of which data subjects have been informed (or will be informed) Accuracy of Data and Keeping Data up to date
- Craft Buddy Ltd shall ensure that all personal data collected, processed, and held by it is kept accurate and up to date. This includes, but is not limited to, the rectification of personal data at the request of a data subject.
- The accuracy of personal data shall be checked when it is collected and at regular intervals thereafter. If any personal data is found to be inaccurate or out-of-date, all reasonable steps will be taken without delay to amend or erase that data, as appropriate.
- Craft Buddy Ltd shall not keep personal data for any longer than is necessary in light of the purpose or purposes for which that personal data was originally collected, held, and processed.
- When personal data is no longer required, all reasonable steps will be taken to erase or otherwise dispose of it without delay.
- Craft Buddy Ltd shall ensure that all personal data collected, held, and processed is kept secure and protected against unauthorised or unlawful processing and against accidental loss, destruction, or damage.
Data we use
- First name, Surname, Login email address, IP address, physical address plus postcode, messages, emails, date of account creation, date of account cancellation, date of birth, gender etc.
- Others may include: a cookie ID*, the advertising identifier of your phone, data held by a hospital or doctor - which could be a symbol that uniquely identifies a person.
We may on pass your personal data on to third-party service providers contracted to Craft Buddy Ltd in the course of dealing with you such as auditors, consultants, and legal advisers. Any such third parties that we may share your data with are obliged to keep your details securely, and to use them only to provide our products and services to you. When they no longer need your data to fulfil this service, they will dispose of the details in line with Craft Buddy Ltd retention policy. If we wish to pass your sensitive personal data onto a third party, we will only do so once we have obtained your consent unless we are legally required to do otherwise. Any other personal information we collect, not described in any of the categories above will be brought to your attention with a message at the point of collection from you.
Craft Buddy Ltd will not transfer your personal data outside of the EEA.
Where you give us your consent to process your personal data, you can at any time withdraw your consent.
If you wish to raise a complaint about how we have handled your personal data, or if you want to exercise any of these rights, you can email email@example.com .
If you are not satisfied with our response of believe we are not processing your personal data in accordance with the law, you can lodge a complaint with the Information Commissioners Office. More details are available at https://ico.org.uk/concerns/. You are not obliged to provide Craft Buddy Ltd your personal information, but failure to do so may result in our inability to provide you with our products and services.
SMSWe will send periodic free SMS messages to users who have opted in to receiving offers, news and other subjects.
- Message frequency - We will rarely send SMS messages.
- Possible fees - There will be no fees.
- How to opt-in - You can opt in at checkout.
- How to opt-out - Simply send “STOP” or contact our customer services.
- Abandoned checkout messages - From time to time we may send you abandoned cart SMS messages to follow up.
In order to offer you Klarna’s payment methods, we might in the checkout pass your personal data in the form of contact and order details to Klarna, in order for Klarna to assess whether you qualify for their payment methods and to tailor those payment methods for you. Your personal data transferred is processed in line with Klarna’s own privacy notice.
- Definitions and Interpretation
“Cookie” means a small file placed on your computer or device by Our Site when you visit certain parts of Our Site and/or when you use certain features of Our Site;
“Cookie Law” means the relevant parts of the Privacy and Electronic Communications (EC Directive) Regulations 2003 [and of EU Regulation 2016/679 General Data Protection Regulation (“GDPR”)];
“personal data” means any and all data that relates to an identifiable person who can be directly or indirectly identified from that data, as defined by the Data Protection Act 2018 AND/OR EU Regulation 2016/679 General Data Protection Regulation (“GDPR”); and
“We/Us/Our” Means Craft Buddy Ltd, a limited company registered in England under company number 04022675, whose registered address is Units 7, Anglo Business Park, Asheridge Road, Chesham, HP5 2QA which is its main trading address.
- Information About Us
2.1 Our Site is owned and operated by Craft Buddy, a limited company registered in England under company number 07236303, whose registered address is is Units 7, Anglo Business Park, Asheridge Road, Chesham, HP5 2QA which is its main trading address.
2.2 Our VAT number is GB101470273.
2.3 Our Data Protection Office can be contacted by email at firstname.lastname@example.org , by telephone on +44 (0) 203 417 6565, or by post at Units 7, Anglo Business Park, Asheridge Road, Chesham, HP5 2QA.
3.2 By using Our Site, you may also receive certain third-party Cookies on your computer or device.
Third party Cookies are those placed by websites, services, and/or parties other than Us. Third party Cookies are used on Our Site for advertising services. For more details, please refer to section 4 below.
3.3 All Cookies used by and on Our Site are used in accordance with current Cookie Law. We may use some or all of the following types of Cookie:
3.3.1 Strictly Necessary Cookies
A Cookie falls into this category if it is essential to the operation of Our Site, supporting functions such as logging in, your shopping basket, and payment transactions.
3.3.2 Analytics Cookies
It is important for Us to understand how you use Our Site, for example, how efficiently you are able to navigate around it, and what features you use. Analytics Cookies enable us to gather this information, helping Us to improve Our Site and your experience of it.
3.3.3 Functionality Cookies
Functionality Cookies enable Us to provide additional functions to you on Our Site such as personalisation and remembering your saved preferences. Some functionality Cookies may also be strictly necessary Cookies, but not all necessarily fall into that category.
3.3.4 Targeting Cookies
It is important for Us to know when and how often you visit Our Site, and which parts of it you have used (including which pages you have visited and which links you have visited). As with analytics Cookies, this information helps us to better understand you and, in turn, to make Our Site and advertising more relevant to your interests. Some information gathered by targeting Cookies may also be shared with third parties.
3.3.5 Third Party Cookies
Third party Cookies are not placed by Us; instead, they are placed by third parties that provide services to Us and/or to you. Third party Cookies may be used by advertising services to serve up tailored advertising to you on Our Site, or by third parties providing analytics services to Us (these Cookies will work in the same way as analytics Cookies described above).
3.3.6 Persistent Cookies
Any of the above types of Cookie may be a persistent Cookie. Persistent Cookies are those which remain on your computer or device for a predetermined period and are activated each time you visit Our Site.
3.3.7 Session Cookies
Any of the above types of Cookie may be a session Cookie. Session Cookies are temporary and only remain on your computer or device from the point at which you visit Our Site until you close your browser. Session Cookies are deleted when you close your browser.
3.4 Cookies on Our Site are not permanent and will expire as indicated in the table below.
3.6 For more specific details of the Cookies that We use, please refer to the table below.
- What Cookies Does Our Site Use?
In operating our store, it is essential for us to capture some information about your device, such as your IP address and information related to your visit when you browse our store. For example, this might include time-stamp, the last page or product you visited, the indication that you logged in.
We do that in order to:
- remember who you are after you log in so that you do not need to authenticate at each click;
- monitor if our website is running with the high performance we are dedicated to providing;
- let you browse between products without having to start back from the home page at each click;
- remember if you put something in your shopping cart before you decide to checkout;
- control that your data is processed securely.
4.1 Our Site uses analytics services provided by Google Analytics.
Website analytics refers to a set of tools used to collect and analyse anonymous usage information, enabling Us to better understand how Our Site is used. This, in turn, enables Us to improve Our Site and the products AND/OR services offered through it. You do not have to allow Us to use these Cookies, however whilst Our use of them does not pose any risk to your privacy or your safe use of Our Site, it does enable Us to continually improve Our Site, making it a better and more useful experience for you.
4.2 The analytics service(s) used by Our Site use(s) analytics Cookies to gather the required information.
4.3 The analytics service(s) used by Our Site use(s) the following analytics Cookies:
Name of Cookie
Purpose & Type
Used to distinguish users.
Used to distinguish users
Used to throttle request rate. If google Analytics is deployed via Google Tag Manager, this cookie will be named _dc-gtm_. Contains a token that can be used to retrieve a Client ID from AMP Client ID Service
Other possible values indicate opt-out, inflight request or an error retrieving a Client ID from AMP Client ID Service
30 seconds to 1 year
Contains campaign related information for the user. If you have linked your Google Analytics and Google ads
- Consent and Control
5.1 Before Cookies are placed on your computer or device, you will be shown a pop-up requesting your consent to set those Cookies. By giving your consent to the placing of Cookies you are enabling Us to provide the best possible experience and service to you. You may, if you wish, deny consent to the placing of Cookies; however certain features of Our Site may not function fully or as intended. You will be given the opportunity to allow and/or deny different categories of Cookie that We use. You can return to your Cookie preferences to review and/or change them at any time by changing the settings in your browser.
5.2 In addition to the controls that We provide, you can choose to enable or disable Cookies in your internet browser. Most internet browsers also enable you to choose whether you wish to disable all Cookies or only third-party Cookies. By default, most internet browsers accept Cookies but this can be changed.
For further details, please consult the help menu in your internet browser or the documentation that came with your device.
5.3 The links below provide instructions on how to control Cookies in all mainstream browsers:
5.3.1 Google Chrome
5.3.3 Microsoft Edge: (Please note that there are no specific instructions at this time, but Microsoft support will be able to assist)
5.3.4 Safari (macOS)
5.3.5 Safari (iOS)
5.3.6 Mozilla Firefox
5.3.7 Android: (Please refer to your device’s documentation for manufacturers’ own browsers)
- Further Information
7.3 For more information about privacy, data protection and our terms and conditions, please visit the following:
7.3.1 www.craftbuddyshop.co.uk / privacy-policy;
7.3.2 www.craftbuddyshop.co.uk /terms-&-conditions.