Who we are
The website at https://www.twelvenunns.co.uk/ is the online shop for ‘Twelve Nunns’, a specialist mail order plant business.
What personal data we collect and why we collect it
We collect information about you during the checkout process on our store. While you visit our site, we’ll track:
- Products you’ve viewed: we’ll use this to, for example, show you products you’ve recently viewed
- Location, IP address and browser type: we’ll use this for purposes like estimating taxes and delivery
- Delivery address: we’ll ask you to enter this so we can, for instance, estimate delivery before you place an order, and send you the order
When you purchase from us, we’ll ask you to provide information including your name, billing address, delivery address, email address, phone number, credit card/payment details and optional account information like username and password. We’ll use this information for purposes, such as, to:
- Send you information about your account and order
- Respond to your requests, including refunds and complaints
- Process payments and prevent fraud
- Set up your account for our store
- Comply with any legal obligations we have, such as calculating taxes
- Improve our store offerings
- Send you marketing messages, if you choose to receive them
- If you create an account, we will store your name, address, email and phone number, which will be used to populate the checkout for future orders.
We generally store information about you for as long as we need the information for the purposes for which we collect and use it, and we are not legally required to continue to keep it. Please see ‘How long we retain your data’ for details of our data retention periods.
Our cookies help us:
- Make our website work as you’d expect
- Save you having to login every time you visit the site
- Remember your settings during and between visits
- Improve the speed/security of the site
- Continuously improve our website for you
- Make our marketing more efficient (ultimately helping us to offer the service we do at the price we do)
- Collect any personally identifiable information (without your express permission)
- Collect any sensitive information (without your express permission)
- Pass data to advertising networks
- Pass personally identifiable data to third parties
- Pay sales commissions
You can learn more about all the cookies we use below.
Our own cookies
- Making our shopping basket and checkout work
- Determining if you are logged in or not
- Remembering your search settings
- Allowing you to add comments to our site
There is no way to prevent these cookies being set other than to not use our site.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
Third party functions
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
Anonymous Visitor Statistics Cookies
Services we use:
- Google Analytics – you can opt out of Google Analytics using this tool
Turning Cookies Off
You can usually switch cookies off by adjusting your browser settings to stop it from accepting cookies (Learn how here). Doing so however will likely limit the functionality of our’s and a large proportion of the world’s websites as cookies are a standard part of most modern websites
It may be that your concerns around cookies relate to so called “spyware”. Rather than switching off cookies in your browser you may find that anti-spyware software achieves the same objective by automatically deleting cookies considered to be invasive. Learn more about managing cookies with antispyware software.
Who we share your data with
Who on our team has access
Members of our team have access to the information you provide us. For example, both Administrators and Shop Managers can access:
- Order information like what was purchased, when it was purchased and where it should be sent, and
- Customer information like your name, email address, and billing and delivery information.
Our team members have access to this information to help fulfill orders, process refunds and support you.
What we share with others
We share information with third parties who help us provide our orders and store services to you:
|PayPal||Payment processor||Order & customer information||Link|
|Hermes||Courier service||Order & customer information||Link|
|Parcel2Go||Courier service||Order & customer information||Link|
|Google Analytics||Website analytics||Anonymous visitor data & shopping behaviour||Link|
|Mailchimp||Marketing & transactional emails||Order & customer information||Link|
|Mailgun||Transactional emails||Order & customer information||Link|
|Supernova Design||Website administration & technical support||Order & customer information||Link|
How long we retain your data
|Data type||Retention period|
|Inactive accounts||2 years|
|Pending orders||1 year|
|Failed orders||1 month|
|Cancelled orders||1 month|
|Completed orders||3 years|
|Anonymous analytics data||26 months|
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data
You can request to receive an exported file of the personal data we hold about you, including any data you have provided to us.
You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where we send your data
We send your data to the following services for the purpose of running the website and maintaining backups:
- DigitalOcean (London) – Website hosting service
- Amazon S3 (Europe) – Backup storage
How we protect your data
We have implemented a number of security measures to keep your data safe & private.
Our website is encrypted using SSL – this ensures all data moving between you and the website remains private. A firewall protects the website against a number of common web-based attacks as well as a large amount of attacks specifically targeted at the technology we use to run the website. We also block brute-force attacks that attempt to guess user passwords in order to gain access. To help prevent these sort of attacks all user accounts are required to have strong passwords, and we periodically review and if necessary reset passwords that are deemed to pose a security risk.
What data breach procedures we have in place
In the event of data being accessed by unauthorised parties, we will disclose information to affected users with details of the steps we’ve taken to address the issue, and measures to mitigate possible adverse effects. We will disclose details as soon as possible once we become aware of any data breach.