Who we are
Please contact our Data Protection Officer if you have any questions (details at bottom of page).
What personal data we collect and why we collect it
When a user subscribes to our mailing list via the Site we collect the user’s name and email address. This information is shared with the MailChimp marketing automation platform for the purposes of delivering news, articles and information via email newsletters.
Users can opt-out or manage subscriptions to email newsletters at any time by clicking the ‘unsubscribe’ or ‘update preferences’ links in a previously emailed newsletter.
When a user registers an account as a forum participant on the Site we collect the data shown in the form. This may include the user’s name, email, username and password, and is used to approve and create the user’s account.
When a user registers an account as a customer on the Site we collect the data shown in the form. This may include the user’s name, address, email and phone number, which will be used to populate the checkout for future orders. We’ll also collect information including your name, billing address, shipping address, email address, phone number, credit card/payment details, username and password. We’ll use this information for purposes, such as to:
- Approve and create the user’s account
- Send you information about your account and order
- Respond to your requests, including refunds and complaints
- Process payments and prevent fraud
- Set up your account for our store
- Comply with any legal obligations we have, such as calculating taxes
- Improve our store offerings
- Send you marketing messages, if you choose to receive them
Users may edit or delete their account at any time.
Comments, reviews and forum topics/replies
When a user leaves comments, reviews or forum topics/replies on the Site we collect the data shown in the form including the user’s name, email address, website (optional) and also the user’s IP address and browser user agent string to help spam detection and reporting.
An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. After approval of your comment, your profile picture is visible to the public in the context of your comment.
When a user submits a contact form on the Site all data is sent directly to Krolyn Studios. No personal information is stored.
When a user browses store pages on the Site, we may track:
- Products you’ve viewed: we’ll use this to, for example, show you products you’ve recently viewed
- Location, IP address and browser type: we’ll use this for purposes like estimating taxes and shipping
- Shipping address: we’ll ask you to enter this so we can, for instance, estimate shipping before you place an order, and send you the order!
Cookies are small pieces of data sent from the Site or a third-party website to the user’s computer via their browser to collect and store data and/or to improve the user’s browsing experience.
Necessary cookies are required for the website to function correctly and include the following:
If you leave a comments, reviews or forum topics/replies on the Site you may opt-in to saving your name and email address in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you have an account and you log in to the Site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser. We will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
Optional cookies do not directly affect the website’s functionality and include those added for social sharing and web analytics.
The StatCounter service cookies policy is available here: https://statcounter.com/about/cookies/
EU Countries & GDPR
A user located in the European Union (EU) can manage cookies at any time via the ‘Cookies’ tab in the bottom right hand corner of their browser window.
Embedded content from other websites
Analytics & Spam Protection
Data including the user’s location, IP address and browser information may be shared with our web analytics service (StatCounter) for the purpose of analysing web data.
Data including the user’s IP address, user agent, referrer, and Site URLs (along with other information such as their name, username and email address) may be shared with our anti-spam service (Akismet) for the purpose of spam detection.
Who we share your data with
Data collected on the Site is hosted and secured with the GoDaddy web hosting company, and may be shared with the Site administrator(s) via automated email for the purposes of action and reply.
Mailing list data may be shared with the MailChimp marketing automation platform: https://mailchimp.com/legal/privacy/
Hash data may be shared with the Gravatar service: https://automattic.com/privacy/
Location, IP address and browser data may be shared with the StatCounter analytics service: https://statcounter.com/about/legal/
Comments, location, IP address and browser data may be shared with the Akismet anti-spam service: https://automattic.com/privacy/
Who on our team has access to your data
Access to personal data is restricted to Site administrators and the Data Protection Officer.
How long we retain your data
If a user leaves a comment, review or forum reply/topic, the content and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.
Mailing list data is retained on MailChimp indefinitely or until such time the user chooses to update preferences or unsubscribe from the mailing list.
User account data is retained indefinitely or until such time as the user chooses to delete their account.
User purchase history is retained for a period of seven years to satisfy Australian taxation laws.
Server and browser data are retained for a period of between 1-3 months.
What rights you have over your data
If a user has an account on this Site, or has left comments, the said user can request to receive an exported file of the personal data we hold about them, including any data provided to us. The user can also request that we erase any personal data we hold about them. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Request Export of Data
Request Deletion of Data
How we protect your data
Data collected on the Site is hosted with the GoDaddy web hosting company. GoDaddy offers 24/7 security monitoring and DDoS protection. Back-ups (full installation) are completed on a frequent basis (usually weekly) and remain intact for two months.
What data breach procedures we have in place
In the event of a data breach or malware/viral attack, immediate steps will be taken in collaboration with the data host (GoDaddy) to address and resolve the breach and identify perpetrators (if any).
What automated decision making and/or profiling we do with user data
Personal information is not used for user profiling or decision making.
Please contact our Data Protection Officer if you have any queries:
Krolyn Studios (Envy)
Data Protection Officer & Proprietor
13/9 Dix Avenue, Marden SA
Phone +61 403 045 132
Last update: 5 June 2018