Laurens Cows - Placeholder default page header

Privacy Policy

Last modified 10th October 2022

1. Contents

  • 1. Contents
  • 2. Introduction
    • 2.1 Data controller
    • 2.2 Lawful basis for processing
    • 2.3 Individual rights
    • 2.4 Security
    • 2.5 Disclosures
    • 2.6 Changes to this privacy policy
  • 3. Cookies
  • 4. Data collected when you contact us
    • 4.1Comments
  • 5. Data collected by our shop
      • 5.1 Accounts
      • 5.2 Basket
      • 5.3 Wishlists
      • 5.4 Orders
      • 5.5 Payment through PayPal
    • 5.6 Payment through Stripe
    • 5.7 Payment through Worldpay
    • 5.8 How is Data Stored?
  • 6. Data Storage
    • 6.1 How is Data Stored?
    • 6.2 Is Sensitive Data Held?
    • 6.3 Has Specific Consent been received for this Data to be Held?
    • 6.4 How Long Is Data Stored?
    • 6.5 How Is Data Disposed Of?
  • 7. Data collected by third parties on our behalf
    • 7.1 Facebook pixel
    • 7.2 Google Ads
    • 7.3 Google Analytics
  • 8. Other data collected by third parties
    • 8.1 YouTube video player
  • 9. Data Processors
    • 9.1 How is Data Shared with Data Processors?
    • 9.2 Are any Processors Based Outside the EU?
  • 10. Mailchimp
  • 11. Security
  • 12. Amendments
  • 13. Data Subjects Rights

2. Introduction

We protect your personal data in line with the requirements of the General Data Protection Regulation (GDPR). The GDPR requires data controllers such as ourselves to document our lawful basis for processing personal data. It also gives you rights over how your data is processed. This privacy policy documents the data we collect, why and how we process it, and how to exercise your rights.

2.1 Data controller

The data controller responsible for this website is Lauren’s Cows, who can be contacted at Kings Barn, Crakenthorpe, Appleby-in-westmorland, Cumbria, England CA16 6AF.
This website contains links to third-party websites, which have their own data controllers and privacy policies. This privacy policy applies only to this website.

2.2 Lawful basis for processing

For each method by which we collect personal data, this privacy policy documents our lawful basis for processing the data. Where we rely on your consent to process your data, we explain how you can withdraw your consent and delete your data.

2.3 Individual rights

The GDPR gives you rights over how your personal data is processed. You can exercise your rights by contacting us. In some cases you can also exercise your rights through automated systems, as described at the relevant points in this privacy policy.

2.4 Security

The GDPR requires us to implement appropriate technical measures to protect data. We verify the identity of any individual who requests access to data before granting access. We use Transport Layer Security (TLS, also known as SSL) to encrypt any data you supply to us through our website. Additional technical measures are described at the relevant points in this privacy policy.

2.5 Disclosures

In addition to any sharing of data described elsewhere in this privacy policy, we may disclose data for legal reasons. If we suspect criminal activity we may disclose data relating to those involved or affected to the appropriate authorities. We may also be obliged to disclose data if we receive a request from an appropriate authority.

2.6 Changes to this privacy policy

We may occasionally make changes to this privacy policy. Following any changes, the date at the top of this privacy policy will be updated. If any change allows for wider access to data, such changes will only apply to data collected after the date of the updated privacy policy.

3. Cookies

Cookies are small pieces of text that are stored by your browser. Each cookie has a name and is associated with a particular site. When your browser sends a request to a site (for example, to download a page, image, or video), the computer that responds (known as a server) may tell your browser to set one or more cookies. When your browser makes further requests to the same site it sends the cookies back to the server. This allows the server to remember you as you browse the site, and provide features such as shopping baskets or password-protected areas. For more information on the cookies we use, see our cookie policy.

4. Data collected when you contact us

4.1 Comments

When you submit a comment through a ‘Leave a comment’ form on our site we collect your name, e-mail address, and comment. We may choose to publish your name and comment on our site. Comments are submitted to the Akismet anti-spam service in order to detect and block spam. For more information on how Automattic (the operator of Akismet) handles the data it collects, see Automattic’s privacy policy.

You can delete a comment by contacting us with your request. Lawful basis for processing: Consent given by data subject.

Why? You have given your consent by checking the box on the ‘Leave a comment’ form

5. Data collected by our shop

5.1 Accounts

When you place an order you can either create a guest account or register for a full account. A registered account allows you to log in to your account in future and view your order history or wishlist, or place further orders without needing to enter your details again. You can also choose to create a registered account without placing an order. When you register for an account we collect your name, e-mail address, telephone number, and company.

You can download the data we have collected about you by going to your account page and following the link to download your data.

You can close your account by going to your account page and following the link to close your account. If you close your account we will retain records of any orders you have placed (as described below), but will delete any other data you have supplied.

Lawful basis for processing: Consent given by data subject.

Why? You have supplied us with this data in order to create an account.

5.2 Basket

As you browse our shop you may choose to add items to your basket. Some items in our shop allow personalisation, and you may choose to enter personal data when you add these items to your basket. If you are not logged in to an account the details of your basket will be deleted after thirty days. If you are logged into an account the details of your basket will be stored for as long as your account exists.

You can delete this data by removing the items from your basket or closing your account.

Lawful basis for processing: Consent given by data subject.

Why? You have supplied us with this data in order to create a basket of items you wish to purchase.

5.3 Wishlists

If you have a registered account you may choose to add items to your wishlist. Some items in our shop allow personalisation, and you may choose to enter personal data when you add these items to your wishlist. Your wishlist has a public page whose address you can share. Your public wishlist page displays your name and the items on your wishlist.
You can delete this data by removing the items from your wishlist or closing your account.

Lawful basis for processing: Consent given by data subject.

Why? You have supplied us with this data in order to create a wishlist.

5.4 Orders

When you place an order we collect your name, e-mail address, telephone number, company, delivery and billing addresses, and any comments you choose to leave.

Lawful basis for processing: Performance of a contract.

Why? To enable us to enter into a contract with you and fulfil our obligations under it.

Lawful basis for processing: Compliance with a legal obligation.

Why? To maintain a record of financial transactions for taxation purposes.

5.5 Payment through PayPal

When you make a payment through PayPal, we send PayPal your name, billing address, and e- mail address. After you enter your card details, PayPal attempts to take payment and tells us whether the payment was successful. For more information on how PayPal handles the data it collects, see PayPal’s privacy policy.

Lawful basis for processing: Performance of a contract Why? To enable you to pay for your purchase.

5.6 Payment through Stripe

When you make a payment through Stripe, we send Stripe your name, billing address, and e-mail address. After you enter your card details, Stripe attempts to take payment and tells us whether the payment was successful. For more information on how Stripe handles the data it collects, see Stripe’s privacy policy.

Lawful basis for processing: Performance of a contract Why? To enable you to pay for your purchase.

5.7 Payment through Worldpay

When you make a payment through Worldpay, we send Worldpay your name, billing address, e- mail address, and telephone number. After you enter your card details, Worldpay attempts to take payment and tells us whether the payment was successful. For more information on how Worldpay handles the data it collects, see Worldpay’s privacy policy.

Lawful basis for processing: Performance of a contract Why? To enable you to pay for your purchase.

6. Data Storage

6.1 How is Data Stored?

Physical copies of customer data are stored in the Lauren’s Cows secure office. Our website www.laurenscows.com is hosted by a third party provider Spoton.net Limited. The Spoton.net Limited privacy policy which can be viewed at http://itseeze.co.uk/privacy-policy/ applies to this site. Any customer activity on our website or data entered on one of our forms will be processed by our hosting service. This data is stored on the security protected Lauren’s Cows Customer Database via Dropbox, Inc. based in the USA, a third territory. This company complies with the international information security standard ISO/IEC 27001 including ISO/IEC 27018. Any info received via email will be stored on Mail cloud storage of Apple, Inc based in the USA, a third territory. This company complies with the international information security standard ISO/IEC 27001 including ISO/IEC 27018. The legal basis for this is legitimate interest.

6.2 Is Sensitive Data Held?

Sensitive data includes; Medical info, Personal Information that reveals racial or ethnic origin (not nationality), political opinion, religious or philosophical belief or trade union membership, genetic data biometric data, data concerning health, or sexual orientation, NHS number, details of disability – requests for improvements to the property to accommodate a disability.

No sensitive data is held on customers.

6.3 Has Specific Consent been received for this Data to be Held?

This is not relevant to Lauren’s Cows as we do not hold any sensitive data. 6.4 How Long Is Data Stored?

Data is stored either indefinitely or until a data subject requests it is deleted. Unless we are required to hold the data due to other legal obligations to which we are subject in which case the legal basis is compliance with a legal obligation.

6.5 How Is Data Disposed Of?

When requested data is deleted from the digital Customer Database and any physical copies are destroyed by shredder.

7. Data collected by third parties on our behalf

7.1 Facebook pixel

We use Facebook pixel to track visitor interaction with our site in order to measure the success of our advertising and target it more effectively. Facebook collects details of the adverts with which you interact, pages you view and the time you viewed them, the features of your browser, and your IP address. For more information on how Facebook handles the data it collects, see Facebook’s privacy policy.

To opt out of Facebook pixel tracking on our site, see the Facebook pixel section of our cookie policy. To opt out of Facebook pixel tracking on all sites, see Facebook’s Ad Preferences.

Lawful basis for processing: Pursuance of our legitimate interests Why? To allow us to analyse the effectiveness of our advertising.

7.2 Google Ads

We use Google Ads to track visitor interaction with our site in order to measure the success of our advertising and target it more effectively. Google collects details of the adverts with which you interact, pages you view and the time you viewed them, the features of your browser, and your IP address. For more information on how Google handles the data it collects, see Google’s privacy policy.

To opt out of Google Ads tracking on our site, see the Google Ads section of our cookie policy. To opt out of Google Ads tracking on all sites, see Google’s Ad Settings.
Lawful basis for processing: Pursuance of our legitimate interests Why? To allow us to analyse the effectiveness of our advertising.

7.3 Google Analytics

We use Google Analytics to track visitor interaction with our site in order to produce statistical reports. Google collects details of the pages you view and the time you viewed them, the features of your browser, and your IP address. For more information on how Google handles the data it collects, see Google’s privacy policy.
To opt out of Google Analytics tracking on our site, see the Google Analytics section of our cookie policy. To opt out of Google Analytics tracking on all sites, use the Google Analytics Opt-out Browser Add-on.

Lawful basis for processing: Pursuance of our legitimate interests.

Why? To allow us to analyse how visitors interaction with our site in order to improve our site and our services.

8. Other data collected by third parties

8.1 YouTube video player

When you view a page containing the YouTube video player, your browser connects to YouTube. For more information on how Google (the operator of YouTube) handles the data it collects, see Google’s privacy policy.

Lauren’s Cows is committed to protecting the privacy of anyone using our site and the confidentiality of any information that you provide us with. The purpose of this statement is to set out how we use any personal information that we may obtain from you.

9. Data Processors

9.1 How is Data Shared with Data Processors?

Data is shared with third parties such as distribution providers to arrange the delivery of orders to individuals. Such processors include Parcelforce Royal Mail Group, Hermesparcelnet Ltd, & FedEx Corporation for shipping purposes, Worldpay UK, PayPal Inc, MasterCard Inc, Visa Inc & JCB International (Europe) Ltd for customer payment solutions and MailChimp for email marketing purposes. GDPR policy details have been requested by Lauren’s Cows.

9.2 Are any Processors Based Outside the EU?

FedEx, Dropbox, Inc. Outlook, Microsoft Corporation. Apple, Inc. Visa, Inc, MasterCard, Inc.

PayPal, Inc, MailChimp all based in the USA. Lauren’s Cows has requested GDPR policy details and each processor offers individuals details of their respective Privacy & GDPR policies available by contacting them directly.

10. MailChimp

Lauren’s Cows use MailChimp to store our customers information so that we can fulfil your orders, keep you updated on news and promotional offer relating only to Lauren’s Cows. Their servers are located in the United States. Because MailChimp certifies to the Privacy Shield framework, it can lawfully receive EU data. A Data Processing Agreement has been received from MailChimp for these purposes. The legal basis for this is legitimate interest.

11. Security

We endeavour to take all reasonable steps to protect your personal information. However, we cannot guarantee the security of any data that you disclose online and we will not be responsible for any breach of security unless this is due to our negligence or wilful default.

12. Amendments

We may update this policy from time to time, such updates shall be published on our website. Individuals are encouraged to review this page occasionally to ensure they are happy with any changes to the policy. We may notify individuals of changes to this policy by email or telephone.

13. Data Subjects Rights

Data subjects have specific rights under data protection law; the right to be informed via a Privacy Policy, a data subject access request can be made to obtain access to confirmation that your data has been processed free of charge or to amend your data, such requests will be responded to within 14 days at no charge, a reasonable fee can be charged but only where a request is manifestly unfounded or excessive, especially if it is repetitive. The right to restrict processing, the right to data portability, the right to erasure also known as right to be forgotten where individuals may request to have personal data erased or to prevent processing in specific circumstances such as:
Where the personal data is no longer necessary in relation to the purposes for which it is was originally collated/processed.

  • Where an individual withdraws consent
  • When an individual objects to the processing and there is no overriding or legitimate interest for continuing the processing
  • The personal data was unlawfully processed
  • The personal data must be erased to comply with a legal obligation

The right to opt out, data subjects may withdraw consent to Lauren’s Cows holding and using data as set out in the privacy policy should they wish. Lauren’s Cows is required to be able to delete personal data should a data subject request based on valid grounds. Individuals are advised to submit this in writing to Lauren Terry at lauren@laurenscows.com. Due to the complex nature of this legislation, not all details have been included here. A full explanation of data subjects rights can be found by visiting the Information Commissioner’s Office website.

Sign up to our Newsletter
to get updates
X