TERMS AND CONDITIONS – Please read before sending me your order.
We start working on each item only after horse hair and full payment has been received.
Due to the individuality of each piece of jewellery, we do not offer refunds or exchanges. The only exception is if there is an error on our part such as a spelling mistake or a fault with the item. Should this be the case, we will replace the item for you. We cannot remake or refund without receipt of the original item. All jewellery is custom made by hand for you, therefore there are no refunds or exchange given for change of mind. Please check all details and spelling before placing your order. We reserve the right to judge our own quality and we do our absolute best to send out to you the highest quality pieces.
Equestrian Wish List will not be held responsible for the following –
If a product has been modified, changed or repaired by someone other than Equestrian Wish List.
Any faults or defects from wear and tear or lack of proper care and cleaning.
Any defects resulting from neglect, accidental damage or misuse.
MY GDPR STATEMENT OF COMPLIANCE
This document that follows explains how I comply to the guidelines.
If you have given me your email address (by emailing me, buying something from my website or subscribing to my website, for example) you should read this to reassure yourself that I am looking after your data extremely responsibly.
I value the security of your information extremely highly and will never intentionally breach the rules. However, the rules are designed for organisations and most artists/authors are sole traders just doing our best to keep up.
1 Awareness I am a sole trader so there is no one else in my organisation to make aware.
2 The information I hold :
Email addresses of people who have emailed me and to whom I have replied – automatically saved on gmail but not in a mailing list.
Email addresses, names of people who have subscribed to my mailing list via the opt-in link on my website– held by them.
Email addresses, postal addresses (for physical items) and names of people who have bought something from my website.
Orders are saved by default in the background of my website, which is securely password-protected.
Email addresses and physical addresses of those who have signed up to the membership club are held on a contacts list on my private work computer so they can be contacted re renewals. No one else has access to it. I do not share this information with anyone. Ever.
I only work on my work computer. If someone randomly asks for another person’s email address or address, I refuse. I will offer to send a parcel myself to someone or message them to ask or pass on the enquirers details. I will never give out addresses or emails even to friends.
3 Communicating privacy information I am taking 2 steps:
1 I have put this document on my website
2 I have added a link to it to my contact page.
3 Individuals’ rights. On request, I will delete data. If someone asked to see their data, I would take a screenshot of their entry/entries.
If they unsubscribe themselves from the list, their data is automatically deleted.
4 Subject access requests I aim to respond to all requests within a week and usually much sooner.
65Lawful basis for processing data
If people have emailed me, they have given me their email address. I do not actively add it to a list but gmail will save it. I will not add it to any database or spreadsheet unless someone asks me to or gives me explicit and detailed permission.
If people have opted into my subscribers list (by subscribing to my website) they have actively opted in, in the knowledge that they will receive the following:
Occasional newsletters and occasional bits of news about events, products etc.
They will be reminded (again) that they can unsubscribe at any time they wish by reply to the email.
If people have bought something from my website, their postal and email addresses are saved in my orders folder in the orders folder behind my website.
This is standard practice for purchasing online but I do not use their data for anything other than posting the order and the website automatically emailing to say it has been dispatched or contacting them about a problem with the order.
My old mailing list has been deleted and I only hold their data if they have actively subscribed, I regard this consent as confirmed. I have never harvested email addresses, nor would I. Anyone on my lists has contacted me.
I have not been contacted thus far by a minor, but if they did email me, I would not know their age unless they tell me – and I only have their word for that. I would not deliberately keep their
email address (but gmail would save it in my account.) Since I am not “processing” their data, I am not required to ask for parental consent. I would reply to the email and don’t contact them again.
9 Data breaches
I have done everything I can to prevent this, by strongly password- protecting my computer, website, and Google accounts. If any of those organisations were compromised I would take steps to follow their advice immediately.
10 Data Protection by Design and Data Protection Impact Assessments
I have familiarised myself with the ICO’s code of practice on Privacy Impact Assessments as well as the latest guidance from the Article 29 Working Party, and believe that I am using best practice.
11 Data Protection Officers
I have appointed myself as the Data protection Officer, in the absence of anyone else!
My lead data protection supervisory authority is the UK’s ICO.