Envy

Privacy Policy

Who we are

This Privacy Policy sets out our commitment to protecting the privacy of your personal information that we, Krolyn Studios (Jonathon Tyler James Barratt trading as ABN 44 695 808 923), collect through our website http://envy.krolyn.com (“Site”) or directly from you (“User”).

Please read this Privacy Policy carefully. If you do not wish to provide personal information to us, then you do not have to do so, however it may affect your use of the Site and/or any of its products and services.

Please contact our Data Protection Officer if you have any questions (details at bottom of page).

 

What personal data we collect and why we collect it

Mailing list

When a user subscribes to our mailing list via the Site we collect the user’s name and email address. This information is shared with the MailChimp marketing automation platform for the purposes of delivering news, articles and information via email newsletters.

The MailChimp service privacy policy is available here: https://mailchimp.com/legal/privacy/

Users can opt-out or manage subscriptions to email newsletters at any time by clicking the ‘unsubscribe’ or ‘update preferences’ links  in a previously emailed newsletter.

User accounts

When a user registers an account as a forum participant on the Site we collect the data shown in the form. This may include the user’s name, email, username and password, and is used to approve and create the user’s account.

When a user registers an account as a customer on the Site we collect the data shown in the form. This may include the user’s name, address, email and phone number, which will be used to populate the checkout for future orders. We’ll also collect information including your name, billing address, shipping address, email address, phone number, credit card/payment details, username and password. We’ll use this information for purposes, such as to:

  • Approve and create the user’s account
  • Send you information about your account and order
  • Respond to your requests, including refunds and complaints
  • Process payments and prevent fraud
  • Set up your account for our store
  • Comply with any legal obligations we have, such as calculating taxes
  • Improve our store offerings
  • Send you marketing messages, if you choose to receive them

Users may edit or delete their account at any time.

Comments, reviews and forum topics/replies

When a user leaves comments, reviews or forum topics/replies on the Site we collect the data shown in the  form including the user’s name, email address, website (optional) and also the user’s IP address and browser user agent string to help spam detection and reporting.

An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. After approval of your comment, your profile picture is visible to the public in the context of your comment.

The Gravatar service privacy policy is available here: https://automattic.com/privacy/

Contact form

When a user submits a contact form on the Site all data is sent directly to Krolyn Studios. No personal information is stored.

Tracking

When a user browses store pages on the Site, we may track:

  • Products you’ve viewed: we’ll use this to, for example, show you products you’ve recently viewed
  • Location, IP address and browser type: we’ll use this for purposes like estimating taxes and shipping
  • Shipping address: we’ll ask you to enter this so we can, for instance, estimate shipping before you place an order, and send you the order!

We’ll also use cookies to keep track of cart contents while you’re browsing our site (more information on cookies below).

Cookies

Cookies are small pieces of data sent from the Site or a third-party website to the user’s computer via their browser to collect and store data and/or to improve the user’s browsing experience.

Necessary cookies are required for the website to function correctly and include the following:

If you leave a comments, reviews or forum topics/replies on the Site you may opt-in to saving your name and email address in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to the Site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser. We will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

Optional cookies do not directly affect the website’s functionality and include those added for social sharing and web analytics.

Our web analytics service (StatCounter) uses cookies to record data on a user’s visits to the Site. Cookies are used to determine whether a user is a first-time or returning visitor and to estimate the accumulated number of visits to a page. No personal information is stored in the cookie.

The StatCounter service cookies policy is available here: https://statcounter.com/about/cookies/

EU Countries & GDPR

A user located in the European Union (EU) can manage cookies at any time via the ‘Cookies’ tab in the bottom right hand corner of their browser window.

Embedded content from other websites

Articles may include embedded content (e.g. videos, images, articles etc.). Embedded content from other websites behaves in the exact same way as if the user has visited the other website. These other websites may collect data about the user, use cookies, embed additional third-party tracking, and monitor the user’s interaction with that embedded content, including tracking their interaction with the embedded content if the user has an account and are logged in to that website.

Analytics & Spam Protection

Data including the user’s location, IP address and browser information may be shared with our web analytics service (StatCounter) for the purpose of analysing web data.

The StatCounter service privacy policy is available here: https://statcounter.com/about/legal/ (further information in relation to StatCounter and what constitutes personal data can be located here: https://statcounter.com/support/knowledge-base/314/ ).

Data including the user’s IP address, user agent, referrer, and Site URLs (along with other information such as their name, username and email address) may be shared with our anti-spam service (Akismet) for the purpose of spam detection.

The Akismet service privacy policy is available here: https://automattic.com/privacy/

 

Who we share your data with

Data collected on the Site is hosted and secured with the GoDaddy web hosting company, and may be shared with the Site administrator(s) via automated email for the purposes of action and reply.

The GoDaddy service privacy policy is available here: https://au.godaddy.com/agreements/showdoc.aspx?pageid=PRIVACY

Mailing list data may be shared with the MailChimp marketing automation platform: https://mailchimp.com/legal/privacy/

Hash data may be shared with the Gravatar service: https://automattic.com/privacy/

Location, IP address and browser data may be shared with the StatCounter analytics service: https://statcounter.com/about/legal/

Comments, location, IP address and browser data may be shared with the Akismet anti-spam service: https://automattic.com/privacy/

Who on our team has access to your data

Access to personal data is restricted to Site administrators and the Data Protection Officer.

 

How long we retain your data

If a user leaves a comment, review or forum reply/topic, the content and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

Mailing list data is retained on MailChimp indefinitely or until such time the user chooses to update preferences or unsubscribe from the mailing list.

User account data is retained indefinitely or until such time as the user chooses to delete their account.

User purchase history is retained for a period of seven years to satisfy Australian taxation laws.

Server and browser data are retained for a period of between 1-3 months.

 

What rights you have over your data

If a user has an account on this Site, or has left comments, the said user can request to receive an exported file of the personal data we hold about them, including any data provided to us. The user can also request that we erase any personal data we hold about them. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Request Export of Data
Request Deletion of Data

 

Data protection

How we protect your data

Data collected on the Site is hosted with the GoDaddy web hosting company. GoDaddy offers 24/7 security monitoring and DDoS protection. Back-ups (full installation) are completed on a frequent basis (usually weekly) and remain intact for two months.

What data breach procedures we have in place

In the event of a data breach or malware/viral attack, immediate steps will be taken in collaboration with the data host (GoDaddy) to address and resolve the breach and identify perpetrators (if any).

What automated decision making and/or profiling we do with user data

Personal information is not used for user profiling or decision making.

 

Contact information

Please contact our Data Protection Officer if you have any queries:

Jonathon Barratt
Krolyn Studios (Envy)
Data Protection Officer & Proprietor
13/9 Dix Avenue, Marden SA
5070 Australia
Phone +61 403 045 132
Email dpo(at)krolyn(dot)com

 

Last update: 5 June 2018