General Data Protection Regulations (GDPR) Policy
From the 25th of May 2018 the DPA (Data Protection Act) is changing to the General Data Protection Regulations (GDPR). The essence of this change is about bringing legislation up-to-date and making your online data choices clearer.
What's changing with Sweet Cures?
Not much, because at Sweet Cures we've always done our utmost to Protect customer data. For example, when ordering online we only ask and store those details which are required to deliver our products to your doorstep. We never store card details and only process cards via the secure solutions offered by PayPal and Worldpay.
If Sweet Cures is safe, what's the point of all this?
Whilst we can't do more to minimise your data risk online, it's the law for every company to inform its customers of these changes and provide a page like this one, to clearly break down how and where your data is used online.
All data has been collected via previous DPA rules and will now be collected adhering to GDPR rules. It's important to note that all Sweet Cures contact is also considered a 'legitimate interest', for example, important bank holiday notifications, related product information and policy updates.
For more information - Recital 47 GDPR
When does Sweet Cures collect personal data?
- When you make an online purchase online or by phone.
- When you engage with us on social media.
- When you contact us with queries, complaints, etc.
- When you send a cheque.
- When you leave a customer review.
What sort of personal data does Sweet Cures collect?
- Name and Address: Required to Ensure successful delivery of any order products.
- Billing Address: Required to process orders where your billing address is different to your delivery address.
- Phone Number: Required by some delivery companies to successfully deliver products. Used by Sweet Cures to contact a customer if a problem has arisen with an order.
- Email: Required to send order receipts, tracking numbers and answers to enquires / complaints; Optional to send Sweet Cures product information, offers and health tips via our email newsletter; New customers can opt in to the Sweet Cures Newsletter at the checkout when ordering for the first time or at the contact form when contacting Sweet Cures for the first time.
- Login and Password: Required for access to your online Sweet Cures customer account and to make ordering tailored and quicker. Your login and password combination are encrypted on a secure server.
- Returning Customer ID: Required If you order via one of our websites, our system will create a unique customer ID. This ID is stored in a cookie which will allow a more tailored shopping experience online. To prevent this ID being stored, you can log out of your account after placing your order and optionally remove any stored cookies from your browser.
- Residing country, by IP address: Required to tailor our website to display your local currency and residing country, on your first visit our system will match your location based on the IP address you are using to access the internet.
- Social Media: Optional, if you decide to connect with us on social media we'll see the details you have decided to share with that platform. Should you wish to change those setting please look at your privacy settings on Facebook, Twitter, Google etc.
Who do we share your personal data with?
There are occasions we have to share your personal data with third parties, such as your name and address with Royal Mail, otherwise delivery of your order just wouldn't be possible. Below is a full list of trusted third-party companies we work with, who we may share your personal data with, depending on how you use our website and place an order.
- Delivery Services: Royal Mail, Parcel Force & DHL - Name, Address and Phone Number (Overseas only). These details are required to successfully deliver orders to your chosen address.
- Trust Pilot: Optional - Name, Email Address & Order Details - Trust Pilot provides independent review platform for some of the largest businesses in the world. Customers who have previously opted out of Trust Pilot review emails will not receive any further invitations.
- Mailchimp: Optional - Name & Email Address - Mail Chimp is one of the largest providers for email services. Mailchimp is used to send important customer information, Sweet Cures News, Product information and Offers. When ordering for the first time if you don't want to receive these emails simply leave the tick box unchecked.
- Worldpay: Required* - Name, Address, Phone, Email & Credit / Debit Card Details. Worldpay is considered one of the most trustworthy credit and debit card processing companies. These details are required to take payment for order placed online where Worldpay (Credit / Debit Card) is selected or when ordering by phone. You can learn more about Worldpay Security here.
- Paypal: Required* - Name, Address, Phone, Email, PayPal Account and/or Credit/Debit Card Details. PayPal has become an online favourite for secure payments. These details are required to take payment for an order place online where PayPal is selected. You can learn more about PayPal Security here.
*Either Paypal or Worldpay is Required to be able to complete an order. Details will only be shared with your chosen payment provider.
How long will we keep your personal data?
We'll only keep your data for as long as it is necessary for the purpose it was collected for, for example;
- Orders: When you place an order with us we'll keep your data for a minimum of 10 years. This is to allow us to comply with legal obligations and to make reordering for any returning customers easier. We'll only store your name, address and order history. No payment details are stored.
- Online Accounts: If you've created an online account, it will be flagged if no orders have been placed after 5 years. We'll contact you to ask if you want the account to remain open, and if no reply is received the account will be deleted along with any personal details held.
- Reviews / Trust Pilot: If you've been kind enough to leave us a review, your review may be used online or within Sweet Cures marketing during the life of the company. Should you wish to anonymise the review by removing your name, this can be requested; however, use and ownership of the review belongs to Sweet Cures.
- Email Campaigns / Mailchimp: If you've requested our email newsletter we will continue to send to the email provided until one of the following conditions is met:
- 1. Customer Unsubscribes
- 2. Email Address is no-longer accepting emails
- 3. Sweet Cures removes the data
- 4. Sweet Cures decides to close its email marketing program.
How we protect your personal data
We know how important security is to all our customers and we treat all data with the upmost care. For example;
- Our websites are secured by Secure Sockets Layer (SSL).
- Our websites are stored on privately owned servers, where Sweet Cures retain all means of access.
- Servers are regularly updated to the latest versions of OS and Firewall.
- We regularly follow First Data guidelines to insure our websites and offline procedures are PCI compliant.
- If you have an account with Sweet Cures, your password is encrypted.
- Sweet Cures never sees your payment details when you order online. When you order through our website, we pass you to a secure payment gateway, either Paypal or Worldpay to process all payments, thus ensuring our systems never see or store sensitive data.
- The only time Sweet Cures systems and staff require card details is for payments made over the phone. These details are used instantly via a secure connection to Worldpay, using the latest computers, with up to date firewalls and Antivirus software. Your card details are never stored.
- We constantly review our policies to ensure your data is treated with most respect and care.
How you can protect your personal data
When ordering online it is important to consider what security you have for your computer or tablet as many data breaches online can be related to an infected device rather than the website you are visiting being at fault.
We'd advise anyone ordering online to consider the following before giving any company their personal information;
- Only use the internet if you have an antivirus and firewall package installed.
- Only purchase a well-known security package from companies. Make sure your firewall is active before browsing the web.
- Regularly run your antivirus.
- Before entering any details on a website, make sure the website connection is over https:// look for the display of a padlock in the browser window.
- If you have any concerns call the company, you are purchasing from and express your concerns.
If you have any concerns about using Sweet Cures websites, please contact us on +4401904-789559.
What are your rights over your personal data?
Even though Sweet Cures holds the absolute minimum data required to process an order, you have the right to request:
- Access to the personal data we hold about you.
- Correction of any personal data that is incorrect or out of date.
- The option to unsubscribe at any time from our email marketing campaigns, simply click 'unsubscribe' in the received email or contact us as below.
You can contact us to request to exercise these rights at any time as follows:
To ask for your information please contact, Data Protection Officer, Sweet Cures, Pyramid Court, Rosetta Way, YO26 5NB or email DPO@sweet-cures.com. To update your details please follow instructions when placing your order or contact us here. Please note: All requests need to be placed in writing using the address or email above, these requests cannot be made by phone. Any request may take up to 30 days to action, any refusal will be sent by the same means as the initial request.
What personal data do Sweet Cures need to keep?
Under extremely rare circumstances Sweet Cures can refuse to erase data. For example, any data which relates to the following:
- Freedom of expression and information in relation to product reviews.
- To comply with a legal obligation for the performance of a public interest or exercise of official authority.
- To support legal claims.
- For public health purposes in the public interest.
- For archiving purposes in the public interest, scientific, historical or statistical.
How do I make a complaint about Sweet Cures?
If you have any concern about how Sweet Cures uses your data, please contact us using the following methods;
Post: Data Protection Officer, Sweet Cures, Pyramid Court, Rosetta Way, York, YO26 5NB.
Phone: +4401904-789559. Please only use this number to raise a complaint; any requests regarding your rights over your personal data must be made in writing to the above address or email.
If, after that, you feel our reply wasn't satisfactory, you have the right to lodge a complaint with the Information Commissioner's Office.
Phone: 0303 123 1113.
If you are based outside the UK, you have the right to lodge a complaint with the relevant data protection in your country. Please contact your government's official website to find the appropriate complaint procedure.
If you have any questions about the above, please contact us directly on;