All you need to know about your privacy on our site
Please contact us if you experience any problems.
Who we are
Our website address is: https://copperfishdistillery.co.uk.
Cornish Spiritsmith Ltd
The Quay, East Looe,
Registered Business No: 11113599
Trading As: Copperfish Distillery
What personal data we collect and why we collect it
We collect your personal data such as your name, email address, personal account preferences; transactional data, such as purchase information; and technical data generated and stored by cookies.
We do not collect sensitive personal data, such as data concerning your health. Personal data is not just created by your interactions with our site, personal data is also generated from technical processes such as contact forms, comments, cookies, analytics, and third-party embedded software.
Why we collect this information
Legal requirements for our data collection and retention
- To be able to run an online business
- To comply with alcohol related age restrictions
- To be able to send you your orders
- To be able to run the essential elements required to operate the website
Active consent you have given in using and interacting with this site
- In using the Wishlist feature
- In filling out the email signup
- In sending messages to the site owners
- In purchasing products
- In creating accounts
- In filling out the contact form
- In leaving reviews on products
- In confirming your age
We collect data shown on the User Profile screen from registered users.
However some our other website features may collect personal data. We have added the relevant information below.
Comments and Gravatar Service
Our website has a feature which allows us to collect comments.
When you leave comments on the site, we collect the data shown in the comments form. Also your IP address and browser user agent string to help spam detection.
An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it.
Gravatar is an automated worldwide avatar creation service, to which users provide registration and a picture to be used as their avatar on comments throughout the internet.
All uploaded files are usually publicly accessible. If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Please note that, visitors to the website can download and extract any location data from your images on the website.
Personal data is captured when someone submits a contact form, but we only keep this information for as long as we need to retain it for customer service.
We do not use the information submitted through contact forms for marketing purposes.
If you leave a comment on our site you may opt in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
As a result of browsing our site we may collect location, internet and connection information. We also collect information on the type of browser you use. We use Google Analytics, so by default we collect your internet protocol (IP) address. The type of information we gather through Google Analytics can be discovered here. People’s identities are not shown.
We also collect information to measure the length of time users spend per session on our website, and page interaction information.
You may read Google Policies here
Who we share your data with
here’s a list of all third-party providers with whom we share site data, including partners, cloud-based services, payment processors, and third party service providers.
We share your personal data with
- Paypal in order to complete transactions
- Wishlist (YITH WooCommerce) – in order to allow you to create, store and share Wishlists
- Mailchimp – for sending you news, deals, competitions and coupons
- Google Analytics – in order to analyse site traffic and improve services
- Google Search Console – to find the best keywords and to monitor trends
- Gravatar – to give you an avatar when commenting (if you have one with them)
- reCapcha – to prevent spammers and robots making comments and filling out contact forms
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.
If you register on our website, we also store the personal information you provide in your user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
How long do we retain personal data collected or processed by the web site?
- We keep contact form entries for six months
- We keep analytics records for a year
- We keep customer purchase records for ten years
What rights you have over your data
What rights our users have over their data. How you can invoke those rights.
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where we send your data
All transfers of our site data outside the European Union is safeguarded to European data protection standards.
- Web hosting
- Cloud storage
- Other third party services
European data protection law requires data about European residents which is transferred outside the European Union to be safeguarded to the same standards as if the data was in Europe. So, in addition to listing where data goes, we ensure that these standards are met either by us or by our third-party providers, whether that is through an agreement such as Privacy Shield, model clauses in our contracts, or binding corporate rules.
Visitor comments may be checked through an automated spam detection service such as reCapcha.
Your contact information
Please contact us at firstname.lastname@example.org for privacy-specific concerns.
How we protect your data
We take your privacy seriously and take measures to protect your data. We have a very small team and so your data is seen by the minimum of people required to process your data, and only for the essential running of this website. Our emails are kept on a mail server with two factor authentication, and only administrators have the right to look at this information along with those dealing with customer services. However due to our having a very small business we have not carried out a Privacy Impact Assessment.
What data breach procedures we have in place
We have a security system on our website to protect the site and any content produced and held on the website by customers. We will be notified immediately through an internal reporting system in the unlikely event of a data breach. We will take every step possible to clear up any issues with data breaches, and inform those who may have been affected.
What third parties we receive data from
Currently we are not collecting information about users from third parties. With further enhancements to the website and as it grows, we will be adding other 3rd party services such as advertising, which will include user data.
In these cases this 3rd party data will only be used to improve our service and get better targeting on our users, preferences, and etc. We will not be keeping this information beyond its use in making sales generated from that plugin. In other words we will not be keeping user data except that user data essential to running our business, and for processing sales as mentioned in this policy.
What automated decision making and/or profiling we do with user data
Our website aggregates your data into an advertising profile, and this information is used to generate sales, you have the right to remove your data from our website, delete your account and write to us to remove your personal data. But we do not have the option to change that data when it has been submitted to a 3rd party service, and when that 3rd party service passes that information to our website. In other words – if you have added your avatar on Gravatar and then submitted a comment to the website, your image has been generated by a 3rd party… and is not controlled by our website. Please see the section on “Embedded content from other websites” above.
Nextend Social Login
What personal data we collect and why we collect it
Nextend Social Login collects data when you register, login or link the account with with any of the enabled social provider. It collects the following data: email address, name, social provider identifier and access token. Also it can collect profile picture and more fields with the Pro Addon’s sync data feature.
Who we share your data with
Nextend Social Login stores your personal data on our site and does not share it with anyone except the access token which used for the authenticated communication with the social providers – e.g. facebook.
Does the plugin share personal your data with third parties
Nextend Social Login use the access token which the social provider gave to communicate with the providers, this will be to verify account and securely access personal data.
How long we retain your data
Nextend Social Login removes the collected personal data when you close your account on our website.
Does the plugin use personal data collected by others?
Nextend Social Login uses your personal data collected by the social providers to create your account on our site when you authorise it.
Does the plugin store things in the browser?
Yes, Nextend Social Login must create a cookie for you if you use social login, in the authorisation flow. This cookie is required for every social media account to secure the communication and to redirect you back to where you came from.
Buying from our website
This includes the basics around what personal data our store may be collecting, storing and sharing, as well as who may have access to that data. Depending our settings and which additional plugins are used.
What we collect and store while you visit our site:
We collect information about you during the checkout process on our store.
We’ll track products you’ve viewed: we’ll use this to, for example, show you products you’ve recently viewed
We’ll track your location, IP address and browser type: we’ll use this for purposes like estimating taxes and shipping
We’ll track your shipping address: we’ll ask you to enter this so we can, for instance, estimate shipping before you place an order, and send you the order!
When you purchase from us, we’ll ask you to provide information including your name, billing address, shipping address, email address, phone number, credit card/payment details and optional account information like username and password. We’ll use this information for purposes, such as, to:
- Send you information about your account and order
- Respond to your requests, including refunds and complaints
- Process payments and prevent fraud
- Set up your account for our store
- Comply with any legal obligations we have, such as calculating taxes
- Improve our store offerings
- Send you marketing messages, if you choose to receive them
If you create an account, we will store your name, address, email and phone number, which will be used to populate the checkout for future orders.
We generally store information about you for as long as we need the information for the purposes for which we collect and use it, and we are not legally required to continue to keep it. For example, we will store order information for 10 years for tax and accounting purposes. This includes your name, email address and billing and shipping addresses.
We will also store comments or reviews, if you choose to leave them.
Who on our team has access
Members of our team have access to the information you provide us. For example, both Administrators and Shop Managers can access:
- Order information like what was purchased, when it was purchased and where it should be sent, and
- Customer information like your name, email address, and billing and shipping information.
Our team members have access to this information to help fulfil orders, process refunds and support you.
What we share with others
In this section you should list who you’re sharing data with, and for what purpose. This could include, but may not be limited to, analytics, marketing, payment gateways, shipping providers, and third party embeds.
We share information with third parties who help us provide our orders and store services to you; for example —
These will handle customer data.
We accept payments through PayPal. When processing payments, some of your data will be passed to PayPal, including information required to process or support the payment, such as the purchase total and billing information.
YITH WooCommerce Wishlist
While you visit our site, we’ll track:
- Products you’ve added to the wishlist: we’ll use this to show you and other users your favourite products, and to create targeted email campaigns.
- Wishlists you’ve created: we’ll keep track of the wishlists you create, and make them visible to the store staff
Who on our team has access
Members of our team have access to the information you provide us with. For example, both Administrators and Shop Managers can access:
- Wishlist details, such as products added, date of addition, name and privacy settings of your wishlists
Our team members have access to this information to offer you better deals for the products you love.
MailChimp – for emails
We share your data with MailChimp so we can send you promotional emails.
What MailChimp say…
PayPal and Ecommerce Services
In order to run a shop with payments we are sharing information with payment providers; we will be storing personal data and sharing data with an external payment service. E.g. including but not limited to Stripe or PayPal.
For example. If you pay using PayPal some of your data will be passed to PayPal including information required to process or support your payment, such as the purchase total and your billing information.
Information shared with a payment provider to process payments includes:
- Unique payment identifier
- Payment provider identifier
reCAPTCHA – used to prevent Spam emails being sent through the site for nefarious means
We have to use a common service provided by Google to stop people spamming our website via the forms and signup process.
reCAPTCHA API works by collecting hardware and software information, such as device and application data, and sending this data to Google for analysis. The information collected in connection with your use of this website will be used for improving reCAPTCHA and for general security purposes. It will not be used for personalised advertising by Google. Pursuant to Section 3(d) of the Google APIs Terms of Service, we will provide any necessary notices or consents for the collection and sharing of this data with Google. For users in the European Union, we comply with the EU User Consent Policy.
In using this site you agree to the above.