Loch Ness Origins
and how we protect your privacy. We won’t let you down!
Essential information we collect
In operating our store, it is essential for us to capture some information about your device, such as your IP address and information related to your visit when you browse our store. For example, this might include time-stamp, the last page or product you visited, the indication that you logged in. We do that in order to:
● remember who you are after you log in so that you do not need to authenticate at each click;
● monitor if our website is running with the high performance we are dedicated to providing;
● let you browse between products without having to start back from the home page at each click;
● remember if you put something in your shopping cart before you decide to checkout; and
● control that your data is processed securely.
Order information you expressly provide
If you buy something from our store, we will need more specific information about you. To fully process your order and ship the merchandise you selected, we need your personal data such as your first and last name, your email address and your shipping and billing address. We also use your contact and order information to send you communication related to the processing of your order. We will ask you to provide this information in our “checkout page” before letting you finalize your purchase with the payment.
If you have started to buy one of our products, but have not completed the purchase, you may have provided partial information, such as your email. In that case, we might send you an email to remind you about your interest. If you are not comfortable in receiving further emails of this kind, we will give you a simple opportunity to opt-out. Your privacy means a lot to us and we will stop sending you these communications right away.
We also use some specific information related to your visit, such as the timestamp of your visit, the page or the product you viewed, where you are coming from (if you came to our store because you clicked on an advertisement or you just opened our direct link). This is very similar to the “essential information,” but we use it to provide you with a personalized experience. The information on your visit provides us with insights on your interests and allows us to send you relevant communications. We capture this information through cookies, called a "beacon," that we allow you to block.How do we process your information?
We use an external provider to run our store, BigCommerce. BigCommerce is based in the US and is a participant in the EU-US Privacy Shield Framework and committed to providing best-in-class service and data protection. You can check its participation in the Privacy Shield here on the official site of The International Trade Administration (ITA), U.S. Department of Commerce.
Through BigCommerce, we also use other, highly specialized external providers to provide the most competitive services.
● Payment: Our store is PCI-DSS compliant (a very strict industry standard with requirements for the security of credit card information), but we want to use accredited companies to process your credit card information. Our payment providers are PayPal and Stripe.
● Shipping: We integrate with a number of shipping companies to fulfill your orders. We ship our orders using Royal Mail or TNT UK.
Partnering with highly specialized external companies allows us to focus on what we do best: selling great products.
How can you control your personal data?
If you are one of our customers who is in the EU, and we are specifically selling our products to the Member State where you are located, you have specific rights that we are honored to enforce without undue delay: Access, Correct, Erasure, Port, Object. If you cannot exercise your choice on your account page or if you do not have an account with us, please reach out to us, at the contact details at the bottom of this page. We will be more than happy to help.
How long do we keep your data?
We keep your data for as long as you have an account with us. We also keep some data for security investigation. Most importantly, we have specific obligations for fraud detection and tax reasons. Therefore, we might need to retain certain data even if you ask to delete it. The UK's HMRC (Her Majesty's Revenue & Customs) require business records to be kept for seven years.
Do we have any legal obligations when handling your data?
Many. We might need to share your personal information to comply with applicable legal obligations. We need to keep records for tax reasons or fraud detection.
Who can you reach out to for privacy matters?
You can contact our Data Protection Officer here:
Mill of Divach, Drumnadrochit, Inverness-shire, IV63 6XW
Do you need to lodge a complaint?
If you have any privacy complaint, you have the right to lodge a complaint with us.