What is GDPR?
GDPR is a new law comign into effct on 25th May 2018 giving any citizen of an EU country control over their personal data and to strengthen data protection. The full details fo the law can be found at https://gdpr-info.eu/
What data do we collect?
With regard to your account when you place an order, either as a registered customer or a guest we collect and store these details:
- First Name
- E-mail address
- Delivery Addresse(s)
- Billing Address
- Order Number(s)
- Invoice Number(s)
- IP Address of the device used when placing the order
- Order Status
- Order Date(s)
- Order Price
- Products ordered
- A record of all emails sent by us to you, regarding your order and its status
- User registration date
- Last login date
- Annonomised Google Analytics data
All data is stored sceurely in our dedicated database with controlled and restricted access. You password is completely secure and cannot be retrived by anyone. The password system used by Cotswold Lavender uses what is known as MD5 hashing with salt. MD5 Hashing takes the user password, appends the salt value (a random number assigned when the password was set) and converts it into bytes using a method such that although the same password will always give the same hash value, you cannot reverse the process to get the original password.
Access to your data
With the GDPR law coming into effect on 25th May you now have the ability to request a complete copy of all the data Cotswold Lavender stores about you. You can make this request in writitng to our Registered Address: Hill Barn Farm, Snowshill, Broadway, Worcestershire, WR12 7JY, UK. Alternatively you can email us directly at .
Under Article 17 of the GDPR, individuals have the right to have personal data erased. This is also known as the ‘right to be forgotten’. If you so wish, you can request the complete removal and deletion of all your personal data held by Cotswold Lavender. We are allowed 30 days to then comply with your request and delete your data.
Cotswold Lavender is constantly working to ensure your data remains secure. We will continue to work to ensure GDPR guidelines are followed.