SECTION 1 - WHAT DO WE DO WITH YOUR INFORMATION?

When you purchase something from our store, as part of the buying and selling process, we collect the personal information you give us such as your name, address and email address. 
When you browse our store, we also automatically receive your computer’s internet protocol (IP) address in order to provide us with information that helps us learn about your browser and operating system. 
Email marketing (if applicable): With your permission, we may send you emails about our store, new products and other updates.

SECTION 2 - CONSENT

How do you get my consent? 
When you provide us with personal information to complete a transaction, verify your credit card, place an order, arrange for a delivery or return a purchase, we imply that you consent to our collecting it and using it for that specific reason only. 
If we ask for your personal information for a secondary reason, like marketing, we will either ask you directly for your expressed consent, or provide you with an opportunity to say no.

How do I withdraw my consent? 
If after you opt-in, you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at anytime, by contacting us at hellothere@ellbie.co

SECTION 3 - DISCLOSURE

We may disclose your personal information if we are required by law to do so or if you violate our Terms of Service.

SECTION 4 - Wix

Our store is hosted on Wix. They provide us with the online e-commerce platform that allows us to sell our products and services to you. 
Your data is stored through Wix's data storage, databases and the general Wix shop application. They store your data on a secure server behind a firewall.

Payment: 
If you choose a direct payment gateway to complete your purchase, then Wix stores your credit card data. Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted. 
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. 
PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers. 
For more insight, you may also want to read Wix Terms of Use (http://www.wix.com/about/terms-of-use) or Privacy Policy (http://www.wix.com/about/privacy)

SECTION 5 - THIRD-PARTY SERVICES

In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us. 
However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions. 
For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers. 
In particular, remember that certain providers may be located in or have facilities that are located a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located. 
As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act. 
Once you leave our store’s website or are redirected to a third-party website or application, you are no longer governed by this Privacy Policy or our website’s Terms of Service.

Links 
When you click on links on our store, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.

SECTION 6 - SECURITY

To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed. 
If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.

SECTION 7 - COOKIEs, log files and web beacons etc
In order for some of these technologies to work properly, a small data file (“cookie”) must be downloaded and stored on your device. By default, we use several persistent cookies for purposes of session and user authentication, security, keeping the User’s preferences (e.g., regarding default language and settings), connection stability (e.g., for uploading media, using e-Commerce features, etc.), monitoring performance of our services and marketing campaigns, and generally providing and improving our Services.

If you want to delete or block any cookies, please refer to the help and support area on your internet browser for instructions on how to locate the file or directory that stores cookies. Information on deleting or controlling cookies is also available at www.aboutcookie.org (note that this website is not provided by Wix, and we therefore cannot ensure its accuracy, completeness or availability). Please note that deleting our cookies or disabling future cookies or tracking technologies may prevent you from accessing certain areas or features of our Services, or may otherwise adversely affect your user experience. We also use - “Log files” to track actions occurring on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps. And we use “Web beacons”, “tags”, and “pixels” which are electronic files used to record information about how you browse the Site.

SECTION 8 - AGE OF CONSENT

By using this site, you represent that you are at least the age of majority in your state or province of residence, or that you are the age of majority in your state or province of residence and you have given us your consent to allow any of your minor dependents to use this site.

SECTION 9 - CHANGES TO THIS PRIVACY POLICY

We reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it. 
If our store is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell products to you.

SECTION 10 - HOW WILL My DATA BE USED?
If you have consented then your email address will be used to send you marketing emails until you opt out. 
Any photos sent to us via email for our custom cross stitch kits will be stored on our hard drive which is password protected. Once used to make your custom pattern and once this has been generated and printed out - it will be put into your kit and sent to you. The original photograph used to make the pattern and the pattern itself will be deleted from our system within 24 hours of your cross stitch kit being manufactured which will be within 3-5 days of us recieving your photo.  

SECTION 11 - Who will my data be shared with? 
Your data will not be shared with any external third parties, without your explicit consent. And we will never use your custom photo cross stitch kit designs in our marketing material without your consent.

SECTION 12 - How can I withdraw my consent? 
At the bottom of all our marketing emails is a button with the option to unsubscribe. Once you press this button - your details will be deleted from our system and you will no longer recieve marketing contact from us. If you have sent us a photo for a craft kit and changed your mind you are also welcome to contact us via email: hellothere@ellbie.co and we will delete the photo and help you to upload an alternative.

​

Section 13- Behavioural advertising
As described above, we use your Personal Information to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.

You can opt out of targeted advertising by using the links below:
- Facebook: https://www.facebook.com/settings/?tab=ads
- Google: https://www.google.com/settings/ads/anonymous
- Bing: https://advertise.bingads.microsoft.com/en-us/resources/policies/personalized-ads

Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at: http://optout.aboutads.info/.

Further information regarding our useage of Facebook visitor action pixels:

We use the “visitor action pixels” from Facebook Inc (1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are based in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”)) on our website. This allows user behavior to be tracked after they have been redirected to the provider’s website by clicking on a Facebook ad. This enables us to measure the effectiveness of Facebook ads for statistical and market research purposes. The data collected in this way is anonymous to us, i.e. we do not see the personal data of individual users. However, this data is stored and processed by Facebook, which is why we are informing you, based on our knowledge of the situation. Facebook may link this information to your Facebook account and also use it for its own promotional purposes, in accordance with Facebook’s Data Usage Policy https://www.facebook.com/about/privacy/. You can allow Facebook and its partners to place ads on and off Facebook. A cookie may also be stored on your computer for these purposes. The legal basis for the use of this service is Art. 6 paragraph 1 sentence 1 letter f GDPR. You can object to the collection of your data by Facebook pixel, or to the use of your data for the purpose of displaying Facebook ads by contacting the following address: https://www.facebook.com/settings?tab=ads.

We guarantee the adequacy of data transfer to the third country USA through the agreement of EU standard contractual clauses.

 

Further information about our facebook page:
When you visit our Facebook Pages, which we use to represent our company or individual products or services, some of your personal data will be processed. The sole controller responsible for the processing of personal data is Facebook Ireland Ltd (4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland, “Facebook”). Further information about the processing of personal data by Facebook can be found at https://www.facebook.com/privacy/explanation.

Processing of Page Insights
Facebook provides us with anonymized statistics and insights for our Facebook page, which help us to understand the types of actions that people take on our Page (so-called “Page Insights”). These Page Insights are created based on specific information about individuals who have visited our Page. This processing of personal data is carried out by Facebook and by us as joint controllers. The processing serves our legitimate interest to evaluate the types of actions being taken on our Page and to improve our Page based on these findings. The legal basis for this processing is Article 6 paragraph 1 letter f GDPR. We are in no case able to assign the information obtained via Page Insights to a specific Facebook profile using the “Like” data for our Page. We have reached an agreement with Facebook to share joint responsibility for the processing, in which the division of data protection obligations between ourselves and Facebook is set out. Details about the processing of personal data for creating Page Insights and the agreement entered into between ourselves and Facebook can be found at https://www.facebook.com/legal/terms/information_about_page_insights_data.

Processing of data that is provided to us via our Facebook pages
We also process data that you make available to us via our Facebook Pages.  This processing will be done by us as the sole data controller. If you have communicated data to us because you are taking part in a contest, we will only process this if it is necessary to send you a prize. After delivery of the prize, or if you do not win, your data will be deleted. The legal basis for this processing is Article 6 paragraph 1 letter b GDPR. Personal data that we have collected through surveys will be processed in anonymized form, to ensure that customers are happy with our offers. This processing serves our legitimate interest of continuously improving our offers, and the legal basis therefor is Article 6 paragraph 1 letter f GDPR.

QUESTIONS AND CONTACT INFORMATION

If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information contact us at hellothere@ellbie.co or by mail at 
Ellbie Co. Ltd FAO: Data Controller
11 Cissbury Road, Burgess Hill, Mid Sussex, RH15 8PW

 

Our data controller is Mrs Rebecca Mai Nibelle
 

GDPR – General Data Protection Regulation

The EU General Data Protection Regulation (GDPR) effective from May 2018 gives all EU citizens more rights and protections for their personal data, to minimise the possibility of theft and fraud. 

 

These regulations include provisions for the following areas:

 

The right to be informed:

Companies must publish a privacy notice, in addition to explaining transparently how they use this personal data.

 

The right of access:

Individuals will have the right to demand details of any of their data that a company may hold. This information must be provided within one month of request at no charge to the individual.

 

The right to rectification:

If a person’s data is incorrect or incomplete, he or she has the right to have it corrected. If the company that holds the information has passed any of that information to third parties.  The company must inform the third party of the correction and inform the person which third parties have their personal data.

 

The right to be forgotten:

A person may request the removal of his or her personal data in specific circumstances.

 

The right to restrict processing:

Under certain circumstances, an individual can block the processing of his or her personal data.

 

The right to data portability:

A person can access their data for their own use anywhere they prefer. 

 

The right to object:

A person can object to the use of their personal data for most purposes.

​

 

Ellbie Co. Ltd GDPR Policy

 

1.0 Our core principles regarding user privacy and data protection

 

• User privacy and data protection are inviolable human rights

• We have a duty of care to people contained within our data

• Data is a liability: it should only be collected and processed when absolutely necessary

• We despise spam in all its forms

• We will never sell, rent or otherwise distribute or make public any personal information

 

2.0 Relevant legislation

 

Alongside our business and internal computer systems, the Ellbie Co. website is designed to comply with the following national and international legislation with regards to data protection and user privacy:

​

• UK Data Protection Act 1988 (DPA)

• EU Data Protection Directive 1995 (DPD)

• EU General Data Protection Regulation 2018 (GDPR)

• Australian Privacy Act 1988 (APA)

 

This site’s compliance with the above legislation, all elements of which are stringent in nature, means that this site is likely compliant with the data protection and user privacy legislation set out by many other countries and territories as well. If you are unsure about whether this site is compliant with your own country of residences’ specific data protection and user privacy legislation you should contact our data protection officer (details of whom can be found in section 8.0 below) for clarification.

 

3.0 Personal information that this website collects and why we collect it

 

This website collects and uses personal information for the following reasons:

 

3.1 Site visitation tracking

 

Like most websites, this site uses Google Analytics (GA) to track user interaction.

 

We use this data to determine the number of people using our site, to better understand how they find and use our web pages and to track their journey through the website.

 

Although GA records data such as your approximate geographical location, device, internet browser and operating system, none of this information personally identifies you to us.

​

GA also records your computer’s IP address which could be used to personally identify you but Google do not grant us access to this. We consider Google to be a third party data processor (see section 6.0 below).

​

GA makes use of cookies, details of which can be found on Google’s developer guides.

​

For your information our website uses the Wix implementation of GA.

​

Disabling cookies on your internet browser will stop GA from tracking any part of your visit to pages within this website.

​

​

3.2 Contact forms and email links

 

Should you choose to contact us using the contact form via our Contact us page, none of the data that you supply will be stored by this website or passed to/be processed only by any of the third party data processors defined in section 6.0 below.

 

Instead the data will be collated into an email and sent to us over the Simple Mail Transfer Protocol (SMTP). Our SMTP servers are protected by TLS (sometimes known as SSL) meaning that the email content is encrypted using SHA-2, 256-bit cryptography before being sent across the internet. The email content is then decrypted by our local computers and devices.

 

3.3 Email newsletter

 

If you choose to join our regular newsletter mailings (which is sent via email), the email address that you submit to us will be stored in our Wix website platform in the 'Shout Out' database, which we use for our email marketing. We consider Wix to be a third party data processor (see section 6.0 below). The email address that you submit will be stored within this website’s own database but not in any of our internal computer systems.

 

Your email address will remain within the Wix 'Shout Out' database on our website for as long as we continue to use the Wix platform for email marketing or until you specifically request removal from the list.

 

You can do this by unsubscribing using the unsubscribe links contained in any email newsletters that we send you or by requesting removal via email. When requesting removal via email, please send your email to us using the email account that is subscribed to the mailing list.

 

If you are under 16 years of age you MUST obtain parental consent before joining our email newsletter.

 

While your email address remains within the Wix 'Shout Out' database, you will receive occasional emails for internal promotion from us.

 

4.0 How we store your personal information

 

If you have made a purchase from this website, then your details (not including any financial details) are stored in our Wix 'Engage' database in order that we can fulfil your order(s) and also to refer back to your email and/or postal details in order that we may track any orders you have queries on. Any financial information is not stored or used by us as all our transactions are made within the PayPal or stripe platform which does not retain any financial information once the transaction has been processed.

 

These are the only occasions where personal data will be stored on this website. This data is currently stored in an identifiable fashion; a limitation of the content management system that this website is built on (Wix).

 

Pseudonymisation is a recent requirement of the GDPR which many web application developers are currently working to fully implement. We are committed to keeping it as a high priority and will implement it on this website as soon as we are able to.

​

5.0 About this website’s server

 

This website is hosted in data centers in the United States and Europe. From time to time, we may transfer hosting from one location to another. Notwithstanding the above, the Wix.com platform complies with the EU-US Privacy Shield Framework and the Swiss-US privacy shield framework as set forth by the U.S. Department of Commerce, regarding the collection, use, and retention of personal information transferred from the European Union to the United States, and therefore adheres to the Privacy Shield Principles. Wix.com guarantees that the platform will be compliant with the new regulation from May 2018.

 

All traffic (transferral of files) between this website and your browser is encrypted and delivered over HTTPS.

 

6.0 Our third party data processors

 

We use three third parties to process personal data on our behalf. The third parties we use are PayPal, Stripe and Wix.

 

PayPal and Stripe process payments for any products purchase from our website. Neither us nor PayPal nor Striple retain any financial information you may submit as part of the purchasing process. PayPal and Stripe monitor every transaction, 24/7 to prevent fraud, email phishing and identity theft. Every transaction is heavily guarded behind PayPal and Stripe's advanced encryption. If something appears suspicious, their dedicated team of security specialists will identify suspicious activity and help protect you from fraudulent transactions. PayPal, Stripe, Wix or Ellvie Co. will never ask for any sensitive information.

​

Your data as mentioned below is encrypted before transmission to prevent misuse of the transmitted data by third parties. SSL (Secure Socket Layer) is a security technology which guarantees that your personal data, including credit card information, login data and payment method, are securely transferred via the Internet. The data is encrypted so that is only readable by the PayPal and Stripe payment system. 

 

Your data which is encrypted, is as follows: 

• personal data (address data, telephone number, etc.) 

• login data (username and password) 

• all methods of payment selected, credit card and bank account 

 

Wix provide the Customer Engagement platform we use to manage and fulfil your orders. No personal financial information is ever taken or stored in this system as during the process, everything is transferred out to PayPal and Stripe so that neither us nor Wix has access to your financial information. 

​

What Wix do to ensure data protection to all our customers

• Wix employ full-time security consultants, dedicated to the security of our customer information.  

• Wix is Payment Card Industry Data Security Standards (PCI DSS) compliant and is accredited as a level 1 service provider and merchant. This standard helps create a secure environment by increasing cardholder data, thus reducing credit card fraud. Wix regularly perform internal security audits to maintain our ISO/PCI security certifications, as illustrated below (please click the links to see the Certificates):

​

• ISO 27001:2013 and ISO 27018:2014 Best Practices Certificate

• ISO 27108 Certificate

• PCIDDS Compliance Certificate

​

• Wix's signup and login services are completed through a secure server (HTTPS/SSL). 

• Wix uses cryptography hash functions to protect your information. Your password is stored as a hash digest and, in the event of a security breach, your original password cannot be recovered from ours or Wix servers.  

• Wix is certified under the EU-US Privacy Shield Framework and the Swiss-US privacy Shield Framework as set forth by the U.S. Department of Commerce, regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States, and therefore adheres to the Privacy Shield Principles.

 

Four of the following third parties are based in the USA and one is based in the Republic of Ireland and all are EU-U.S Privacy Shield compliant.

​

• Wix (privacy policy)

• PayPal (privacy policy)

• Stripe (privacy policy)

• Google (privacy policy)

 

7.0 Data breaches

 

We will report any unlawful data breach of this website’s database or the database(s) of any of our third party data processors to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.

 

8.0 Data controller

 

The data controller of this website and image processor is:

Rebecca Mai Nibelle

We are registered with the ICO.

Email: hellothere@ellbie.co

​

9.0 Changes to our privacy policy

 

This privacy policy may change from time to time inline with legislation or industry developments. We will not explicitly inform our clients or website users of these changes.

 

Instead, we recommend that you check this page occasionally for any policy changes. Specific policy changes and updates are mentioned in the change log below.