Security and GDPR

Security & Privacy

GDPR UPDATE 2018

Identity

The Broken Chair Café is a café based at Arklow, as well as an online retail sales channel. Our address is: 

The Broken Chair Café

Moneylands,

Arklow

Co. Wicklow

Y14 F858

Ireland

 

Purpose

The Broken Chair Café collect personal data for the purpose of identification when logging in to the online store, we also collect your email address, delivery address, and mobile phone number for the purpose of delivering any items purchased by you.  Your email address is collected as a unique identifier and to allow for purchase information to be sent to you once your transaction has been completed.  Your credit card details are not handled by The Broken Chair Café directly by a dedicated specialist payments processor called Relax Payments as The Broken Chair Café understands we do not specialize in this type of data collection and processing.

Right of Access

As a customer of The Broken Chair Café, you have the right to access any personal data being held by us.  This can be requested by sending an email to thebrokenchaircafe@gmail.com.  We may then contact you in relation to providing proof of identification to confirm your identity.  We will then process your subject access request according to our policies and provide the information requested within a reasonable period of time.  We aim to provide the data within 30 days, but sometimes this can take longer due to the type or complexity of the request or the current volume of request.

Right of rectification or erasure

If you find or feel that the information we hold on you is excessive or inaccurate you have the right to have this information removed or rectified.  Please send all these types of requests to thebrokenchaircafe@gmail.com stating the information to be rectified or the data to be removed with the reason for this.  Please be aware that The Broken Chair Café has a legal obligation to hold some types of personal data and may not be able to delete these types of data on request.  We will however inform you of this along with the time period we have to hold this data on your request.

Cookies

A ‘cookie’ is a small piece of information that many web sites use to help make shopping online easier. Information is stored on your computer’s hard drive (in your browser’s temporary internet files folder). Our Website uses and stores this type of information, as with that obtained from other cookies used on the site, to help it improve the services to its users. Our Website does not store personally identifiable information in your cookie in order to minimize any security risk. When you visit this site, your cookie helps us keep track of your shopping cart contents. If you choose to buy from us, your cookie allows us to recognize you and the contents of your shopping cart. Both the cookies and the embedded code provide statistical information about visits to pages on the site, the duration of an individual page view, paths taken by visitors through the site, data on visitors’ screen settings, and other general information. This data is for The Broken Chair Café use only.

Security

The Broken Chair Café takes the security of your personal data seriously and as such employs appropriate physical and technical measures, including staff training and awareness, and that you review these measures regularly.  This includes the use of SSL encryption of web traffic between you the customer and our website.

Accurate, complete, and up-to-date

The Broken Chair Café understands the importance of holding only accurate, complete, and up-to-date data. If you discover that we hold inaccurate information about you, you can request us to correct that information and The Broken Chair Café would very much encourage you to do so. Any such request must be in writing and should be transmitted to us either by post or by email at the addresses referred to above. We may require photo I.D. to confirm and fulfill the request.  We will review permissions already given by you before any actions are taken in respect of any further processing and update these as or if required by contacting you.

Adequate, relevant, not excessive

The Broken Chair Café adheres to the principle that data gathered must be adequate, relevant and not excessive. It is important to note that laws, rules, and practices can evolve or change, so this will be reflected in the application and the operative spectrum of the three guiding sub-principles below.

Adequate: To provide the services on offer, personal data must be gathered for the purpose of communication, information, administration, and legal compliance.

Relevant: Only personal data which is germane, appropriate, and necessary under the law to the requirements of the services provided and legitimate interests of The Broken Chair Café are sought.

Not excessive: The necessity of having an ‘upper limit’ of personal data collection is acknowledged. The Broken Chair Café is mindful of the potential for ‘excessive data creep’.

Retention

The Broken Chair Café minimizes the quantum of personal data held. To facilitate this, unnecessary and/or superfluous data will be deleted/discarded in a secure manner. Where information must be held e.g. under a legal obligation then the appropriate amount of time for that data to be held under the specific industry guidelines, will not be retained for any longer than this said period. All files (electronic and hard-copy) are protected securely by The Broken Chair Café.

Complaint resolution mechanism

If you have any queries or complaints about how The Broken Chair Café collects, processes, or retains our customers’ personal data please email thebrokenchaircafe@gmail.com.