Last updated May 2018
For the purposes of data protection this policy refers to the 1998 Data Protection Act until 25th May 2018 and thereafter the EU General Data Protection Regulation (GDPR) or any subsequent, and successor, legislation.
Bluerock Bay is the data controller of the personal information we hold about you.
Our store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you.
Your data is stored through Shopify’s data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall.
If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
What is personal information?
Personal information, or personal data, refers to any information about an individual from which that person can be identified. It does not refer to anonymous data. Anonymous data is information where any personal identifiers have been removed.
What information do we collect?
• When you purchase from us we ask for, and collect, personal information such as your name, billing and delivery address, telephone number, email address, items ordered and payment details.
• We do not operate online accounts.
• We do not engage in email marketing or send newsletters.
• Third-party providers of advertisements may also collect information regarding your visit to our website. This may include where you are geographically, how you were referred to us (e.g. search engines), your browser and device type, the pages you viewed, the duration of your visit and any search terms used.
How do we use your personal information?
We use this information to make your shopping experience as easy and enjoyable as possible.
• To process your order including delivery, payment and returns.
• Any information we collect about customers' browsing and buying habits is used for statistical analysis and to continuously improve our and the products and services offered to our customers.
• To assist in the detection and prevention of fraud.
• Our Delivery Service has selected access to your details for delivery purposes only.
Why do we contact you?
• When you make a purchase online, we will contact you by email to notify you of updates to your order.
• We may also contact you about leaving reviews for products once you have received your order.
• We will contact you by telephone if there is a problem with your order or if we need to get in touch regarding a refund.
• For items being delivered by our courier, the courier company will send you an email or a text message with a delivery update if you provided a valid phone number and email address when you placed the order.
What are your rights?
Right of access - You have the right to obtain confirmation that your data is being processed and request access to your personal data. You can make a request by email to firstname.lastname@example.org, or in writing to:-
[Re: Privacy Compliance Officer]
PO Box 1120
In the first instance we will provide a copy of the information free of charge. However, we may charge a reasonable administration fee when a request is manifestly unfounded or excessive or to comply with requests for further copies of the same information although this does not mean that we will charge for all subsequent access requests.
We will without delay and within 1 month of your request (subject to extensions in some cases):
• confirm what personal data we hold about you;
• provide a copy of the data in commonly used electronic format if the request is made electronically.
• provide any supporting explanatory materials.
We can extend the time to respond by a further two months where requests are complex or numerous. If this is the case, we will inform you of this within one month of the receipt of the request and explain why the extension is necessary.
Rights of Rectification and Erasure (the right to be forgotten) You may ask us to correct or remove information you think is inaccurate or no longer necessary.
Third party sites
Our site may contain links to and from the websites of our partner networks, advertisers and other third parties. If you follow a link to any of these websites, please note that they have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Do not track (DNT) is a feature offered by most browsers, with some newer browsers offering it as default. If enabled, it sends a signal to websites to request that your browsing isn't tracked. Tracking is used for a wide variety of reasons ranging from social or advertising networks measuring effectiveness or third-party analytical services such as Google Analytics to improve customer experience and provide statistical analysis.
SSL and encryption
We use the latest secure server technology to ensure your information is protected to the highest standards. We use encryption to safeguard your personal information and only accept orders from web browsers that permit communication through Secure Socket Layer (SSL) technology - this means you cannot inadvertently place an order through an unsecured connection. Most web browsers above version three support this security.
email@example.com or by mail at
[Re: Privacy Compliance Officer]
PO Box 1120
Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer.
Our website and any transactions are hosted by Shopify Inc. in Canada and the United States.