HerbaSoap Privacy Policy

Here at HerbaSoap we take your privacy seriously – collecting only the data we need to be able to provide you with our services. We do not share your data with any other organisations, and make every effort to ensure that the data we hold is kept secure.

What personal data we collect and why we collect it:

Buying from Our Shop

When you visit our shop checkout, we collect your order details, billing and delivery information, and any other contact details that you provide us with. This information is collected solely for the purposes of processing your order.

Payment Details

We do not collect or hold any card details. All payments are processed externally to our site – PayPal privacy policies are available here and Stripe here.

Contact forms

If you use the contact form on our website, your name, email address and message are sent directly to us in the form of an email from the website. We will then hold this information for the purposes of replying to your message, and for any continuing correspondence.

Mailing List Sign-Up

If you sign up for our mailing list, we will hold your email address for the purposes of sending you newsletters and news items from our website. You can opt out of the service at any time, by clicking on the “Unsubscribe” link, or by contacting us. The service is provided by MailChimp – their privacy policy is available here.

Accounts

If you create an account on our website, your username and email address will be stored in the site database. Passwords are converted to an anonymized string (also called a hash), through the use of a one-way encryption algorithm, and it is only this anonymized string that is securely stored by the site. The password itself cannot be accessed, or re-created from the hash – by us or anybody else. The website also stores any other personal information that you provide in your user profile. You can see, edit, or delete your personal information at any time. Our website administrators can also see and edit that information.

Cookies (not activated)

Analytics Cookies

When you visit our site, Google Analytics sets a cookie to enable it to distinguish individual users, which expires after 2 years. It also sets a temporary cookie, which expires after 1 minute, to control the rate of exchange of data with its servers. The cookies do not contain any personally identifiable data.

We use Google Analytics to collect information about the number of visits to our site. We use a standard implementation of Google Analytics, which does not store any personally identifiable information. Visitors’ IP addresses are used, where possible, to determine the area in which their device is located but the IP address itself is not data that can be accessed through Google Analytics. All data in Google Analytics is aggregated and anonymised.
 

Marketing Cookies

We do not directly set any marketing cookies. However, Third Party content embedded within our site may set additional cookies for their own marketing purposes. Pages on this site may include embedded content (such as Google Maps or YouTube videos). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account (such as a Google or YouTube account) and are currently logged in to that account in your web browser. Third Party cookies can be disabled in your web browser in the privacy section of the browser’s settings – for instructions on how to do this in the most popular browsers, visit the providers’ support sites: Google Chrome, Apple Safari, Mozilla Firefox or Microsoft Edge.
 

Security and Spam Protection

This site employs software to protect against unauthorised login, spam and other malicious activity. Where malicious activity is detected, the IP address from which it originated will be stored.
 

How long we retain your data

If you provide us with your contact details or other information, we will retain it indefinitely, unless you have specifically requested via e-mail (contact@herbaholistic.co.uk) otherwise or until such time as you request that it is removed. During the time that we retain your details, we will use them only for the purpose(s) for which you gave your consent – such as corresponding over a question or request, receiving news updates, or for processing orders from our shop.

What rights you have over your data

If you have an account on this site, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request via e-mail (contact@herbaholistic.co.uk) that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

This site is hosted on secure servers of Wix which are situated all over the world, including Europe and the US. Information provided when you sign up to the email subscription service may be held by MailChimp on servers outside the EU, where it is safeguarded to the same standards as if the data was held within the EU – see details here.

Your contact information, and information for processing your orders may also be held securely in our own computer and paper records systems. Some data might held in our own systems is also stored in secure cloud storage provided by Microsoft, where it remains private and is held on servers based in the EU or on servers where it is safeguarded to the same standards as if the data was held within the EU – see here.

How we protect your data

This site employs a secure (https) connection and, as such, any data you exchange with the site is transmitted over a secure, encrypted connection – details of our security certificate can be viewed by clicking on the symbol to the left of our website address in your browser address bar. Access to data held within the site, within our own computer systems or within our account with MailChimp (the providers of the email subscription service) is password-protected and subject to additional layers of security.

What data breach procedures we have in place

If we suspect that there has been any unauthorised access to, or disclosure of the personal data we hold, we will immediately inform anyone who we believe may have been affected.

Our contact information

For any matter related to privacy or the storage and processing of personal data, please contact us at: contact@herbaholistic.co.uk