Who we are
This privacy notice is for Cista Mystica, part of School of Myth ltd., and our website: https://cistamystica.com and governs the privacy of those who use it and interact with us.
YOUR INDIVIDUAL RIGHTS
Under the GDPR your rights are as follows. You can read more about your rights in detail here;
- the right to be informed;
- the right of access;
- the right to rectification;
- the right to erasure;
- the right to restrict processing;
- the right to data portability;
- the right to object; and
- the right not to be subject to automated decision-making including profiling.
You also have the right to complain to the ICO [ico.org.uk] if you feel there is a problem with the way we are handling your data. We handle subject access requests in accordance with the GDPR.
What personal data we collect and why we collect it
Comments
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection. An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.
An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.
Media
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Contact forms
Our website will generate the metadata associated with communications made using the website contact forms. The correspondence data may be processed for the purposes of communicating with you and record-keeping. The grounds for this processing is our legitimate interests, namely the proper administration of our website and business and communications with users.
Cookies
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
Analytics
We use Google Analytics to analyse the use of our website. The information gathered relating to our website may be used to create reports about the use of our website. Google’s privacy policy is available at: https://www.google.com/policies/privacy/.
Who we share your data with
Financial transactions relating to our website and services are handled by our payment services providers WooCommerce, Paypal and Stripe. We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds.
You can find information about the payment services providers’ privacy policies and practices at https://automattic.com/privacy/ and https://www.paypal.com/uk/webapps/mpp/ua/privacy-full and https://stripe.com/privacy respectively.
The shipping of orders from our website are fulfilled by the Post Office and Royal Mail. We will share your details only to the extent necessary for the fulfillment of your order. You can find information on Post Office and Royal Mail privacy policies at https://www.postoffice.co.uk/privacy and https://www.royalmail.com/privacy-notice respectively.
Our email newsletter service is provided by Mailchimp and is a self-subscription. This means that if you subscribe to our online newsletter some of your personal details, email address and name, will be stored and processed by Mailchimp. Subscribers are added to our email newsletter on an opt-in basis by using the form on the website. If you opt-in you may opt-out at any time by clicking the link in the footer of the email newsletter. You can find out more about Mailchimp’s privacy policy here: https://mailchimp.com/legal/privacy/.
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue. For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information. We only keep your information for so long as it is reasonably necessary. Your personal information is not shared with anyone except where we are required to do so to comply with the law, to protect our rights, or to efficiently operate our business. It is possible that outsourced IT providers may in certain circumstances require access to data held on our systems, for example when we need to troubleshoot a technical issue. Our IT providers are subject to strict contractual obligations to treat your personal information with the utmost sensitivity, to keep it confidential and to comply with data protection law at all times.
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where we send your data
Visitor comments may be checked through an automated spam detection service.
Your contact information
Customer information such as your name, postal address, email address, phone number, and VAT number if applicable associated with you entering into a transaction with us for the provision of goods and services may be retained as long as is necessary for the purposes of handling warranty claims, post-sale support, management of the risk of, and protection from fraud, and our accounting and reporting obligations. In this case the information will be deleted should the business cease trading.
Additional information
This is information that you provide by creating a website account, making purchases, filling out forms or by corresponding with us by email or otherwise. It includes any information you provide and may include your name, address, email, phone number, payment and transaction details. We use this information to carry out our obligations arising from any contracts entered into between you and us, provide our services, supply our purchased goods and services, keep proper records of those transactions, respond to enquiries, and maintain proper administration of our website and business and communications with users.
How we protect your data
We are committed to protecting and respecting your privacy. For the purposes of data protection law, the data controller with conduct of your personal data is School of Myth ltd. Our methods meet the GDPR compliance requirement. We do not use automated decision making about you based on your information.
Industry regulatory disclosure requirements
We may update this policy from to time by publishing a new version to our website. You should check this page occasionally to ensure you are aware of any changes to this policy. You can contact us by using our website contact form or by email to [email protected].