Your privacy and data security are very important to us. This website only exists so that you can learn more about our candles and balms and, hopefully, order some from us - not to collect information about you. Once you place an order with us, how we handle the personal information you have provided is something that we take very seriously. We have thought very carefully as a Data Controller about how we can collect and store as little information about you as possible and explain very clearly what information we have collected, why we have done so, where we will store it and how long we will keep it for.

When you contact us

What information do we collect?

When you submit an order form or otherwise contact us, we may collect:

• Identity data - your first and last name

• Communication data - your email and delivery address

• Transaction data - which box and batch number you have ordered

• Financial data - the information required to process your payment or refund, which we do not hold or process ourselves but via Paypal

• Contact preference data - whether you wish to be notified when new batches are made available

When you complete an order form or otherwise contact us and provide us with this information, we imply that you consent to us collecting this data, processing, holding and retaining it for the purpose of fulfilling the transaction or otherwise responding to your request. You may withdraw this consent at any time.

How do we use your data?

• We use your identity, communication and transaction data to assign you a box, contact you to confirm availability and to request payment, and to arrange delivery

• We use your financial data via a third party provider, Paypal, to process payments and refunds

• We use your contact preference data together with your identity and communication data to determine whether to notify you when new batches are made available to purchase

Where do we store your data?

We have implemented an order form approach in order to minimise the amount of data collected about you and the number of third parties necessary in the completion of our transactions and communications with you.

Identity, Communication, Transaction and Contact Preference Data

We maintain a record holding the identity, communication, transaction and contact preference data for each of the orders made with us, which we call our Sales Record. This is held in a password protected Microsoft Excel spreadsheet, stored in Microsoft OneDrive cloud storage. We use strong passwords and two-factor-verification measures and follow up-to-date best practice guidance on keeping this data safe and secure. You can find out more about Microsoft’s privacy policies here and specifically about OneDrive here.

We manage our correspondence using Google Workspace, and this is where your emails will be stored for the duration that is necessary to fulfil your order, respond to your queries or otherwise provide services to you. We use strong passwords and two-factor-verification measures and follow up-to-date best practice guidance on keeping this data safe and secure. You can find out more about Google’s privacy policies here.

Financial Data

When you place an order with us, we respond by email with a unique box number and a link to make payment via Paypal. We receive an email notification when payment has been received and your payment will appear in our Paypal statement of transactions. We use strong passwords and two-factor-verification measures and follow up-to-date best practice guidance on keeping this data safe and secure. You can find out more about Paypal’s privacy policies here.

How long do we keep your data?

Identity, Communication, Transaction and Contact Preference Data - Sales Record

We maintain a Sales Record, as detailed above, for the purpose of fulfilling orders, managing new-batch notifications and making sure they are sent to only those who have requested them, and so that we can keep track of who received each uniquely identified box. This is important because it means that, in the very unlikely event that a customer reports an issue with their candle or balm, we are able to notify everyone who received that batch, report the problem and offer a refund as appropriate. The Sales Record will be retained by us indefinitely but you can request to be removed from it at any time by emailing us at hello@nearestthesky.com.

Identity, Communication, Transaction and Contact Preference Data - Email Correspondence

We will archive our email correspondence with you within six months and permanently delete it within two years. You may request that we delete it at any time by emailing us at hello@nearestthesky.com.

Financial Data

We will permanently delete email from Paypal notifying us of payments or refunds within one month of receiving them. The information stored and retained by Paypal in processing your payment or refunds is controlled by them. Their policy states:

We retain Personal Data in an identifiable format for the least amount of time necessary to fulfill our legal or regulatory obligations and for our business purposes. We may retain Personal Data for longer periods than required by law if it is in our legitimate business interests and not prohibited by law. If your Account is closed, we may take steps to mask Personal Data and other information, but we reserve our ability to retain and access the data for so long as required to comply with applicable laws. We will continue to use and disclose such Personal data in accordance with this Privacy Statement.

Who do we share your data with?

We have worked very hard to implement processes and systems that minimise the need for sharing your data to the fullest extent possible. However, in order to maintain a website, correspond with you, process payments/refunds and deliver our products, it is necessary for us to work with other parties. We have described these relationships above and there is more information about our website partner below, but for clarity here is a summary of the parties we work with and why:

• Paypal - our payment services provider - for the purpose of receiving payments and making refunds

• Google - our email provider - for the purpose of corresponding with you

• Microsoft - our cloud storage provider - for the purpose of maintaining our Sales Record

• Royal Mail - our delivery service - for the purpose of sending out our boxes - their privacy policy is here

• Squarespace - our website hosting platform - for the purpose of maintaining our website

When you use our website

Cookies

Cookies are small pieces of data that websites store on your device. They fall into two categories: ‘analytics and performance’ and ‘functional and required’.

Analytics and performance cookies

You may notice that when you visit our site there is no banner requesting you to accept the use of cookies. This is because we have disabled them within our website settings and we do not use any third party integrations. We do not monitor website traffic and therefore we have no need to review statistics about visitors to our site.

Necessary cookies

Necessary cookies enable core functionality such as security, network management, and accessibility. You may disable these by changing your browser settings, but this may affect how the website functions.

Fonts

Our hosting platform is Squarespace, which uses font files from Google Fonts and Adobe Fonts. To properly display this site to you, servers where the font files are stored may receive personal information about you, including:

• Information about your browser, network, or device

• Your IP address

Visitor Data

As with all platforms, our hosting platform collects personal data when you visit this website, including:

• Information about your browser, network and device

• Web pages you visited prior to coming to this website

• Your IP address

Squarespace needs the data to run this website, and to protect and improve its platform and services. Squarespace analyses the data in a de-personalised form.

Your Data Protection Rights

Under data protection law, you have rights including:

• Your right of access - You have the right to ask us for copies of your personal information.

• Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

• Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.

• Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.

• Your right to object to processing - You have the the right to object to the processing of your personal information in certain circumstances.

• Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

Please contact us at hello@nearestthesky.com if you wish to make a request.

Contact Us

If you would like to access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information regarding this privacy policy please email as at hello@nearestthesky.com or write to us at 12 Freemans Walk, Pembroke, Pembrokeshire, SA71 4AS.

How to complain

If you have any concerns about our use of your personal information, you can make a complaint to us at hello@nearestthesky.com

You can also complain to the ICO if you are unhappy with how we have used your data. The ICO’s address is:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113

ICO website: https://www.ico.org.uk