This is HOW the cookies crumble
This website uses Google Analytics to collect visitor behaviour data. This data is collected anonymously to be used for marketing and optimisation purposes. All visitor data is saved using an anonymous user ID to aggregate a usage profile. Cookies may be used to collect and save this data, but the data is not personally identifiable. The data will not be used to identify a visitor personally and is not aggregated with any personal data.
Learn more about cookies...
A cookie is a small piece of data that a website asks your browser to store on your computer or mobile device. The cookie allows the website to ‘remember’ your actions or preferences over time. Many websites place cookies on your computer when you visit. Cookies are used to make websites work, or to make them work more efficiently, and to provide useful information to website operators. The table below explains what cookies we use and why. Most web browsers support cookies, but users can set their browsers to decline them and can delete them whenever they like through their browser settings.
- Retention Period
- User email ID
Only if you select ‘Remember me’ this cookie holds your email address so that you do not need to enter it on your next login.
No expiry, or until user clears cookies
Only if you select ‘Remember me’ this cookie holds your Password so that you do not need to enter it on your next login.
No expiry, or until user clears cookies
- Google Analytics
These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited.
No expiry, or until user clears cookies
This cookie allows our web servers to respond to your actions on the website such as ‘Buy Now / Add to Cart’ or browsing the website. The website wouldn’t work for you without it.
The Operator always takes the Customer’s privacy very seriously so that he/she can shop with confidence at www.badfishposters.com. When the Customer places an order, the Operator collects some personal information such as the Customer’s name, address and email address. This personal information is collected, kept in the strictest confidence and is held securely by the Operator. The Operator has obligations in relation to the Customer’s personal information and treats all personal information as confidential, complying completely with data protection and consumer legislation. By providing any personal information to the Operator, the Customer agrees that this information is used for the operation of the Website and the provision of Services and Products to him/her.
The Operator will not disclose the Customer’s personal information to any outside organisation except as part of the operation of the Website and/or as necessary for the provision of the Services and Products to the Customer where a third party may supply him/her with products (in which case the third party supplier will be notified of the Customer’s name, address and telephone number in order to fulfil the order).
The Operator is committed to handling all information supplied by the Customer and Registered Users of the Website with the utmost care and confidence. The Operator uses computer security measures including firewalls, strong passwords and data encryption to keep the Customer’s electronic information stored safely on a highly secure server managed by the Operator’s e-commerce provider. Hard copies of orders are only held long enough to process the Customer’s order, update the Operator’s accounting logs (which contain no personal data) and for the purpose of tax declarations. After which all records are shredded and destroyed. The Operator handles the Customer’s personal information as confidential (although reserves the right to disclose this information in the circumstances described below). All information provided is held securely and protected under strict security measures to prevent unauthorized access. The Operator will not sell or rent the Customer’s personal data to other parties.
The Operator aims to comply with the General Data Protection Regulations (GDPR). The Customer may contact the Operator in case of further questions at: firstname.lastname@example.org
1. Customer information
By using the Website and signing up for a Customer Account, the Customer agrees for the following information to be collected: Information provided at the time of signing up or using any service including but not limited to:
- Address (invoice and delivery)
- Contact numbers
- Email addresses
- VAT numbers
- Purchase order number (PO)
- Transaction details of orders placed on the Website
- Internal site search behaviour
- Traffic data and location data.This data is anonymized
If the Customer has decided to subscribe to receive the Website’s newsletter during the ordering/checkout process, then the Customer allows the Operator, on occasion, to email the Customer with relevant special offers/services or details on new products the Operator feels may be of interest to the Customer. These mailings will be relevant to the Operator’s industry and the Customer can, at any time, opt out of receiving these mailings by following the instructions at the bottom of the newsletter email or by emailing email@example.com and requesting his/her details to be removed. The Operator is entitled to notify the Customer in relation to the balance of any transaction that he/she has commenced but not completed on the Website even if the Customer has ‘opted-out’ of information notices.
2. Legal bases and GDPR
Why the Operator needs the Customer’s information and how it is used
The Operator relies on a number of legal bases to collect, use, and share the Customer’s information, including:
- as needed to provide its services, such as when the Operator uses the Customer’s information to fulfil his/her order, to settle disputes, or to provide customer support;
- when the Customer has provided his/her affirmative consent, which he/she may revoke at any time, such as by signing up for the Operator’s mailing list;
- if necessary to comply with a legal obligation or court order or in connection with a legal claim, such as retaining information about the Customer’s purchases if required by tax law; and
- as necessary for the purpose of the Operator’s legitimate interests, if those legitimate interests are not overridden by the Customer’s rights or interests, such as:
- providing and improving the Operator’s services. The Operator uses the Customer’s information to provide the services he/she requested and in the Operator’s legitimate interest to improve its services; and
- the third parties with whom the Operator shares personal information;
Information sharing and disclosure
Information about the Operator’s customers is important to its business. The Operator shares the Customer’s personal information for very limited reasons and in limited circumstances, as follows:
The Operator engages certain trusted third parties to perform functions and provide services to its shop, such as delivery companies. The Operator will share the Customer’s personal information with these third parties, but only to the extent necessary to perform these services.
If the Operator sells or merges its business, it may disclose the Customer’s information as part of that transaction, only to the extent permitted by law.
Compliance with laws
The Operator may collect, use, retain, and share the Customer’s information if the Operator has a good faith belief that it is reasonably necessary to: (a) respond to legal process or to government requests; (b) enforce the Operator’s agreements, terms and policies; (c) prevent, investigate, and address fraud and other illegal activity, security, or technical issues; or (d) protect the rights, property, and safety of its customers, or others.
3. The length of time we keep personal information
4. If transferring personal information outside of Europe, how the transfer will be handled
Transfers of personal information outside the EU
GDPR requires the Operator to disclose if it transfers personal information outside of the EU and the legal bases it relies on to do so, such as consent and contractual necessity. The Operator may store and process the Customer’s information through third-party hosting services in the US and other jurisdictions. As a result, the Operator may transfer the Customer’s personal information to a jurisdiction with different data protection and government surveillance laws than his/her jurisdiction. If the Operator is deemed to transfer information about the Customer outside of the EU, the Operator relies on Privacy Shield as the legal basis for the transfer, as Google Cloud is Privacy Shield certified.
5. Customers’ rights regarding the Operator’s use of the Customer’s personal information and the Operator’s contact details
The Customer’s rights
If the Customer resides in certain territories, including the EU, he/she has a number of rights in relation to his/her personal information. While some of these rights apply generally, certain rights apply only in certain limited cases. The Operator describes these rights below:
The Customer may have the right to access and receive a copy of the personal information the Operator helds about him/her by contacting the Operator using the contact information below.
Change, restrict, delete
The Customer may also have rights to change, restrict our use of, or delete his/her personal information. Absent exceptional circumstances (like where the Operator is required to store data for legal reasons) the Operator will generally delete the Customer’s personal information upon request.
The Customer can object to (i) the Operator’s processing of some of his/her information based on the Operator’s legitimate interests and (ii) receiving marketing messages from it after providing his/her express consent to receive them. In such cases, the Operator will delete the Customer’s personal information unless the Operator has compelling and legitimate grounds to continue using that information or if it is needed for legal reasons.
If the Customer resides in the EU and wishes to raise a concern about the Operator’s use of his/her information (and without prejudice to any other rights the Customer may have), the Customer has the right to do so with his/her local data protection authority.
Order information and payments are taken using an SSL Certificate with a secure 128 bit encryption. (SSL is the standard security technology for creating an encrypted link between a web server and a browser). The Operator offers secure payment by PayPal, the world’s largest payment gateway through which the Customer can easily pay by credit/debit card OR by using a PayPal account. If the Customer does not have a PayPal account, the following major credit cards VISA, MasterCard, American Express and Discover are accepted for payment. For card payments via PayPal, no registration for a PayPal account is required. During the payment process, all data is encrypted and there is no possibility of misuse of personal data. An order is executed after receiving information from PayPal that the payment has been made (PayPal sends payment notification immediately).
Please note that the Operator and the Website does not store any of the Customer’s financial details.
The Operator cannot be held responsible for security breaches occurring on the Customer’s electronic device (Personal Computer or other electronic device used to browse the Website), which may result due to the lack of adequate virus protection software or spyware that the Customer may inadvertently have installed on his/her device.
All payments are processed securely by PayPal. PayPal also handles credit card and debit card transactions and is also under strict legal and contractual obligations to keep the Customers’ personal and financial information private.
The Website is operated by Monoko, based in Sweden (EU), Pontonjärvägen 10, 961 43 Boden, trading as www.badfishposters.com.
If the Customer has any questions, queries or wishes to request permission to use any part of this website, the Customer may contact the Operator by email at: firstname.lastname@example.org.