Privacy Policy

Catkin & Pussywillow is committed to protecting your privacy and takes its responsibilities regarding the security of customer information very seriously. This privacy policy explains what personal data we collect about you, how and why we use it, who we disclose it to, and how we protect your privacy.

Our Privacy Policy applies to the personal data that Catkin & Pussywillow collects and uses. References in this Privacy Policy to “Catkin & Pussywillow”, “we”, “us” or “our” mean Catkin & Pussywillow Limited (a company registered in England and Wales with a registered office at Winchester Railway Station, Station Hill, Winchester, SO23 8TJ). We control the ways your personal data are collected and the purposes for which your personal data are used by Catkin & Pussywillow and are the “data controller” for the purposes of the UK Data Protection Act 1998, EU General Data Protection Regulation (GDPR), PCI-DSS, and European data protection legislation. We also comply with the principles of the US Electronic Communications Privacy Act (18 USC §2510) and the Canadian Privacy Act and Personal Information Protection and Electronic Documents Act (PIPEDA) although our data is processed and hosted within the legal jurisdiction of England and Wales.

We have two purposes for processing your personal data: • To sell our products to you and carry out any logistics for delivery or return of goods This purpose allows Catkin & Pussywillow to lawfully process your data for legitimate interests (GDPR 6F) and our legal obligations to your country’s tax and revenue authorities. • To informyou about our products, services, events and offers This purpose allows Catkin & Pussywillow to seek your consent to process your data for communication, education and marketing purposes (GDPR 1). Without your explicit consent, Catkin & Pussywillow will not process your data for this purpose. The purpose and lawful basis for processing your data may change from time to time, where this policy will be updated.

Your consent will be an explicit action from 25th May 2018. Because of the need for consent we will not use defaulted opt-in checkboxes or include your personal data for communication and marketing purposes where you have asked only for a transactional email (receipts, proof of delivery etc…). We will keep your given consent on file for a period of up to ten years from the last change before checking if your consent is still valid. This is in line with our average customer cycle. We will not contact you if you have withdrawn consent. At ten years we will write to you by email with a statement of consent and your current choices. We will then send a reminder email after 30 days if no contact has been received. If this is not responded to then we will take that your granting of consent is still valid. We will also include the opportunity to unsubscribe or withdraw consent on all marketing emails.

When using the term “personal data” in our Privacy Policy, we mean information that relates to you and allows us to identify you, either directly or in combination with other information that we may hold. Your personal data may include for example your name, your contact details, information relating to your purchase (e.g. your order references) or information on how you use our website, or how you interact with us. We collect some personal data from you, for example when you purchase from us, use our website, our services or contact us. Categories of data we collect We may collect and process the following categories of information about you:

Name and surname and your contact details (email address, telephone number and postal address)
When you subscribe to our mailing list on our website When you purchase our products When you engage one of our services When you take part in our competitions When you attend our events When you choose an offer we make available on our website
Information about your event
When you engage one of our services
The communications you exchange with us (for example, your emails, letters, calls, or your messages on our online chat service)
When you contact Catkin & Pussywillow or you are contacted by us
Your social media account ID
When you interact with us on social media
When we target social media posts
Your posts and messages on social media directed to Catkin & Pussywillow
When you interact with us on social media
 Information about how you use our website, such as your searches for products
When you navigate on our website

Sensitive personal data Information that could reveal your racial or ethnic origin, physical or mental health, religious beliefs or alleged commission or conviction of criminal offences is considered “sensitive personal data” under the UK Data Protection Act 1998 and other data protection laws. We do not collect this data.

We use your personal data for the following purposes:

• To manage your orders and provide our services to you When you purchase from us, or seek advice, we use your information to perform our services in relation to your purchase or enquiry, for example to provide you with product, tailor specific advice to your project’s needs or change bookings for consultancy appointments.

• To communicate with you and manage our relationship with you Occasionally we may need to contact you by email and/or telephone for administrative or operational reasons, for example in order to send you confirmation of your purchases and your payments, to inform you about your consultancy appointments, to notify you when backordered products are available or to advise you of disruption and changes to your appointments and deliveries. If you are using our mobile app, we may also send you app notifications for these purposes. Please be aware that these communications are not made for marketing purposes and as such, you will continue to receive them even if you opt-out from receiving marketing communications. We will also use your personal data if we contact you after you have sent us a request, filled in a web-form through our website or contacted us on social media. Your opinion is very important to us, so we may send you an email or SMS to seek your feedback. We will use the communications you exchange with us and the feedback you may provide in order to manage our relationship with you as our customer and to improve our services and experiences for customers.

• To personalise and improve your customer experience We may use your personal data in order to tailor our services to your needs and preferences and to provide you with a personalised customer experience. We may also collect information on how you use our website, for example, which pages of our website you visit most, in order to understand what you like. We may use this information to tailor the content and offers that you see on our website and, if you have agreed to receiving marketing communications, to send you relevant messages that we think you like. If you are in the process of making a purchase under your account and you leave our website before your order has been placed, we may contact you in order to help you easily complete your purchase.

• To inform you about our news and offers that you may like We may send you marketing communications, if you have indicated that you are happy to receive these, for example when you subscribe to our mailing list on our website or purchase from us in-store and you explicitly agree to receive such communications. You can also request us to send you marketing communications through managing your preferences in your account. If you are happy to receive marketing communications, we will provide you with news from us such as new products, services or events that you may be interested in. Please note that we do not share your contact details and other personal data with other companies for marketing purposes, unless we have obtained your consent to do so. If you do not want to receive marketing communications from us, you can choose to opt out from receiving marketing communications at any time, by clicking on the relevant unsubscribe link at the bottom of any marketing related email you may receive from us. If you have a Catkin & Pussywillow online account, you can easily manage your marketing preferences through your account and you can at any time opt out from receiving marketing communications. If you prefer, you can also call our the shop on (Tel. +44 (0)1962 860345 ) or send an email to shop@catkinandpussywillow.com with the header “Unsubscribe”. We ask that you allow 28 working days to complete any unsubscribe request.

• To improve our services, fulfil our administrative purposes and protect our business interests The business purposes for which we will use your information include accounting, billing and audit, credit or other payment card verification, fraud screening, security and legal purposes, statistical and marketing analysis, systems testing, maintenance and development. • To comply with our legal obligations, for example, our obligation to provide your information to local police agencies.

You have a right to request access to the personal data that we hold about you. This could include purchase information relating to products and services. If you have questions in relation to your personal data, please contact us at: shop@catkinandpussywillow.com

You have a right to be forgotten and have data erased and / or stop being processed where the personal data is no longer necessary for the purpose of collection, you withdraw consent, when you object to the processing or to comply with a legal obligation. We will not erase your records as we need to maintain your transactional data for our legal obligations to the local tax and revenue authorities. What we will undertake is to anonymise your records, overwriting your personal data with fictional names, addresses and emails. Once this has been done it will be impossible to restore a single customer, and a new customer registration will be required. We have a number of security and governance protections in place that will be excluded from your right to be forgotten:
• Encrypted system backups, held for up to 10 years. It is practically impossible to alter these backup files
• Our anti-spam and email gateway. We maintain email archiving for security reasons, and your info may be kept in this archive. Access to this gateway is limited to named data controllers for Catkin & Pussywillow. If you have questions in relation to your personal data, please contact us at: shop@catkinandpussywillow.com.

You have a right for your personal data to be stored but not processed. This is achieved through the withdrawal of consent. If you have questions in relation to your personal data, please contact us at: shop@catkinandpussywillow.com.

We are committed to taking appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing and against accidental loss, destruction or damage to personal data. When you provide your personal data through our website, stores or our mobile app, this information is transmitted across the internet securely using high-grade encryption. Furthermore, Catkin & Pussywillow is a PCI DSS compliant organisation. This means that we adhere to high security standards in order to protect your payment card details when you are sending us this information. As described in this Privacy Policy, we may in some instances disclose your personal data to third parties. Where Catkin & Pussywillow discloses your personal data to a third party, we require that third party to have appropriate technical and organisational measures in place to protect your personal data; however, in some instances we may be compelled by law to disclose your personal data to a third party, such as local police agencies, and have limited control over how it is protected by that party. The information that you provide to us will be held in our systems, which are located on our premises or those of an appointed third party. We may also allow access to your information by other third parties who act for us for the purposes described in this Privacy Policy or for other purposes approved by you. Your personal data may be accessed by and processed outside the European Economic Area (the European Economic Area being the European Union and Iceland, Liechtenstein and Norway, also referred to as the “EEA”) - including by staff operating outside the EEA who work for us or for one of our suppliers or agents (this includes staff engaged in, among other things, the fulfilment of your booking, ground handlers, and the provision of support services). Where your personal data are transferred outside of the EEA, we require that appropriate safeguards are in place. We will retain your personal data for as long as we need it in order to fulfil our purposes set out in this Privacy Policy or in order to comply with the law, but for a period no more than 10 years.

In order to improve our services, to provide you with more relevant content and to analyse how visitors use our website and app, we may use technologies, such as cookies, pixels or tracking software. Please be aware that in most cases we will not be able to identify you from the information we collect using these technologies. For example, we use software to monitor customer traffic patterns and website usage to help us develop the design and layout of the website in order to enhance the experience of the visitors to our website. This software does not enable us to collect any personal data. In addition, in order to understand how our customers interact with the emails and the content that we send, we use pixels that allow us to know if the emails we send are opened or if the content of our emails is displayed in text or html form. We also use cookies in our website, mobile app or in our emails. Cookies are small pieces of information stored by your browser on your computer's hard drive. They enable you to navigate on our website or app and allow us to provide features such as remembering aspects of your last flight search to make subsequent searches faster. You can delete cookies if you wish; while certain cookies are necessary for viewing and navigating on our website or app, most of the features will be still accessible without cookies. For more information on how we use cookies and how you can remove them, read our Cookie Policy. In store, we use our Wi-Fi solution to provide statistics on how many visitors we have, how long they spend in store and what parts of the store are visited. This does not depend on the use of guest Wi-Fi and this data does not have any personal identifying information within it.

We will not sell your name, address, e-mail address, credit card information or personal information to any third party. We may however share some of your personal data with the following categories of third parties:

• Credit and debit card companies
Catkin & Pussywillow shares some of your personal data, which includes information about your method of payment and purchase value, to the credit or debit card company that issued the card you used to make your booking. In order to ensure the security of your transactions and prevent or detect fraudulent transactions, we may also share your information with our fraud screening partner.

• Authorities
We may disclose your personal data when this is required by the law of any jurisdiction to which Catkin & Pussywillow may be subject. Through our website we provide links to third party websites which are subject to separate Privacy Polices. Please be aware that this Privacy Policy does not apply to such websites and Catkin & Pussywillow is not responsible for your information that third parties may collect through these websites.

We may make changes to this Privacy Policy from time to time we will update the Privacy Policy and we will publish on our website any new version of this Policy.

Questions, comments and requests regarding this privacy policy are welcomed and can be directed to us via the form below or emailed to shop@catkinandpussywillow.com.