From 25 May 2018 the Data Protection Act 1998 is superseded by the European Union General Data Protection Regulation (GDPR). The regulatory authority in the UK is the Information Commissioners Office (ico.org.uk).
The GDPR gives you have the right to know what personal data of yours we hold, to have it corrected, to have it erased, to receive a copy of it, to restrict its use and to prevent its use in automated decision-making and profiling.
The GDPR obliges us to identify the lawful basis for processing your data, have procedures in place to respond to your requests, to respond quickly to your requests (within a month) and to notify the regulatory authority of any data breaches (within 72 hours).
The personal data of yours that we hold is entered by you when placing an order for goods through our website. This can include your name, cardholder address, delivery address, email address, telephone number, the goods which were ordered, the IP address of the transaction, the card type used, the last four digits of the card and the payment authorisation result.
We use your details to manage your account, orders and deliveries. We do not send marketing emails; we send emails relating to orders, deliveries and account management.
We will not give your details to any third party, other than to process payments and deliveries.
During our checkout process you are redirected to our payment service provider so that you can pay for your order. We do not see your card details; we are only told whether or not your payment was authorised by your card issuer. We do not store your full card details, only the last four digits and the card type.
We use Sage Pay to collect and process transaction information. Their security policy can be read at http://www.sagepay.co.uk/policies/security-policy.
We market our services using this website, our Facebook page and our Instagram account. At present, we do not send marketing emails and have no plans to do so. We promise that if we started to in the future, you would have to explicitly sign up for them to receive them. So it is possible that we might contact you by email to tell you about the service and ask you if you want to receive it.
When you use this website, we may personalise your use of it by showing recently viewed items, or by displaying other items that we think are relevant. This history is only used within this website and is not shared with anyone else.
When using this website, all communication between it and your browser is encrypted and cannot be read by anyone else, even if it were intercepted.
Cookies are small data files that a website saves to your computer for later retrieval. Cookies are not computer programs, have no intelligence and no ability to read anything from your computer. Cookies are like reminders or bookmarks that a website reads while you are using it.
We use the Mastercard SecureCode™ and Verfied by Visa™ schemes to authorise your payment. For both schemes, your browser must allow "Third Party Cookies". This is turned on in most browsers by default. If you have technical problems after entering your Verified by Visa™ or Mastercard SecureCode™ password, then go to 'Internet Options', 'Settings' and 'Advanced Settings' in your browser, and check whether third party cookies are allowed.
Every time you sign in to our website, we use an encrypted cookie to identify you to the site. This means you do not need to sign in again for the rest of that visit. Additionally, when signing in, if you tick the checkbox labelled "Remember Me", an encrypted cookie is saved to your computer that identifies you to the website so that when you return, it automatically signs you in.
Your password is not saved but to better protect your privacy, you should not use "Remember me" on a shared computer.
Cookies can stay on your computer after your website session finishes. Therefore, most browsers provide a means for you to delete them and also for you to refuse them.
Paul and Julia Andrews, trading as Three Bears Cottage.
This page was last updated 9 February 2019