Who we are
We are magickbox: a business created and managed by Emma Paterson since 2017. We are based in Livingston, United Kingdom and our website address is: https://magickbox.co.uk.
What personal data we collect and why we collect it
While you visit our site, we’ll track:
- Products you’ve viewed: we’ll use this to, for example, show you products you’ve recently viewed
- Location, IP address and browser type: we’ll use this for purposes like estimating taxes and shipping
- Shipping address: we’ll ask you to enter this so we can, for instance, estimate shipping before you place an order, and send you the order!
When you purchase from us, we’ll ask you to provide information including your name, billing address, shipping address, email address, phone number, credit card/payment details and optional account information like username and password. We’ll use this data for purposes, such as, to:
- Send you information about your account and order
- Respond to your requests, including refunds and complaints
- Process payments and prevent fraud
- Set up your account for our store
- Comply with any legal obligations we have, such as calculating taxes
- Improve our store offerings
- Send you marketing messages, if you choose to receive them
If you create an account, we will store your name, address, email and phone number, which will be used to populate the checkout for future orders.
We generally store data about you for as long as we need the information for the purposes for which we collect and use it, and we are not legally required to continue to keep it. For example, we will store order information for up to 5 years for tax and accounting purposes. This includes your name, email address and billing and shipping addresses.
We will also store comments or reviews, if you choose to leave them.
When visitors leave comments on our site we collect the data shown in the comments form if provided to us (visitors name, email address, web address and the comment itself). We also collect the visitor’s IP address, referrer, Site URL and browser user agent string to help spam detection.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
When contacting us through our on-site contact form we collect your name, email address and message contents. We use this data for customer service purposes only. We do not use the information submitted through them for marketing purposes.
If you leave a comment on our site you may opt in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
|woocommerce_cart_hash||Session||Helps WooCommerce determine when cart contents/data changes.|
|woocommerce_items_in_cart||Session||Helps WooCommerce determine when cart contents/data changes.|
|wp_woocommerce_session_||2 Days||Contains a unique code for each customer so that it knows where to find the cart data in the database for each customer.|
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
We use Jetpack to track our site statistics and to help improve our site.
Stats tracks and retains the following information about our visitors:
- Post and page views
- video plays
- outbound link clicks
- referring URLs and search engine terms
As part of collating the above information, Stats uses data like IP address, WordPress.com user ID (if logged in), WordPress.com username (if logged in), user agent, visiting URL, referring URL, timestamp of event, browser language, and country code. However, none of this specific information is available to us.
To track site statistics we utilise cookies. You have the ability to accept or decline cookies by modifying the settings on your browser.
Who we share your data with
In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.
However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions. For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.
We accept payments through PayPal. When processing payments, some of your data will be passed to PayPal, including information required to process or support the payment, such as the purchase total and billing information.
How long we retain your data
We generally store data about you for as long as we need the information for the purposes for which we collect and use it, and we are not legally required to continue to keep it. For example, we will store order information for up to 5 years for tax and accounting purposes. This includes your name, email address and billing and shipping addresses. We keep contact form entries for 6 months and analytics records for 1 year. Stats data is retained by Automattic for 28 days.
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register an account on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information. We will delete inactive accounts after 1 year.
What rights you have over your data
You have the right of access to, and to receive a copy of, information held about you. Please contact us if you wish to see a copy of the information we hold and we will respond to you within 14 days of receiving your request once the validity of it has been confirmed. We will require proof of identity to be provided before we can respond to any such access request.
If for any reason you are concerned that the personal information held by us is not correct, or you wish to have your name or information removed from our records, please contact us, and we will happily review, update, or remove information as appropriate.
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes. All account users have the ability to see, edit, or delete their personal information at any time (except they cannot change their username).
Where we send your data
Our website is hosted by Stablepoint Hosting. Your data is stored through Stablepoint’s data storage and databases on secure UK servers behind a firewall.
How we protect your data
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed. When you give us your personal information (name, email address, personal addresses and order history) the data is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption.
We as a business, have no access to any of your credit/debit card data. Although no method of transmission over the Internet or electronic storage is 100% secure, we outsource the handling of payments to Paypal who are 100% PCI-DSS compliant.
What data breach procedures we have in place
The definition of a data breach according to the GDPR is “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed”.
In the event of a data breach we will first judge the severity of the breach to determine whether it is of low, moderate or high risk. We will then take the appropriate steps depending on the severity of the breach. These steps may include: improving internal procedures to avoid another breach, reporting the breach to the ICO and informing all affected customers via email.
If you would like to access, correct, amend or delete any personal information we have about you, or you would simply like more information please contact us at email@example.com.