At ClimeMET, we are committed to protecting your privacy as per the General Data Protection Regulation (GDPR). We use the information we collect about you to process your orders and to provide a more personalised shopping experience. Your data will never be sold but is shared with carefully chosen third parties to enhance the service that we are able to provide. These services include processing your payment, fulfilling and delivering your order, providing a loyalty system and providing marketing messaging as detailed below.
PERSONAL INFORMATION WE COLLECT
When you visit the Site, we automatically collect certain information about your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device. Additionally, as you browse the Site, we collect information about the individual web pages or products that you view, what websites or search terms referred you to the Site, and information about how you interact with the Site. We refer to this automatically-collected information as “Device Information”.
We collect Device Information using the following technologies:
- “Log files” track actions occurring on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
- “Web beacons”, “tags”, and “pixels” are electronic files used to record information about how you browse the Site.
Additionally when you make a purchase or attempt to make a purchase through the Site, we collect certain information from you, including your name, billing address, shipping address, payment information, email address, and phone number. We refer to this information as “Order Information”. Order information may be held relating to you even if you start, but do not complete, the checkout process.
HOW DO WE USE YOUR PERSONAL INFORMATION?
We use the Order Information that we collect generally to fulfil any orders placed through the Site (including processing your payment information, arranging for shipping, and providing you with invoices and/or order confirmations). Additionally, we use this Order Information to:
- Communicate with you;
- Screen our orders for potential risk or fraud; and
- When in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services.
We use the Device Information that we collect to help us screen for potential risk and fraud (in particular, your IP address), and more generally to improve and optimise our Site (for example, by generating analytics about how our customers browse and interact with the Site, and to assess the success of our marketing and advertising campaigns).
SHARING YOUR PERSONAL INFORMATION
We share your Personal Information with third parties to help us use your Personal Information, as described above. For example, we use Shopify to power our online store - you can read more about how Shopify uses your Personal Information here. We also use Google Analytics to help us understand how our customers use the Site - you can read more about how Google uses your Personal Information here. You can also opt-out of Google Analytics here.
Credit or debit card transactions submitted through this Shopify site (either by yourself as a web order or via our staff for telephone and postal orders) are processed by Stripe, who ensure that all transactions are fully secure.
The EU-US and Swiss-US Privacy Shield is a method of ensuring that an organisation offers an adequate level of data protection, by requiring that an organisation certify and register according to the requirements of the Privacy Shield framework. Stripe has certified to the EU-US and Swiss-US Privacy Shield for this reason. Stripe’s Privacy Shield certification is here, and their Privacy Shield Policy here. For more information, please visit Stripe’s EU data transfers support page here.
More generally, Stripe has international data transfer compliance measures in place governing all of Stripe’s global entities’ processing of the personal data of EU individuals. These measures are based on the EU Standard Contractual Clauses.
Our web platform Shopify uses your personal information to block certain transactions that appear to be fraudulent through automated decision making as part of their risk and fraud screening. Shopify might automatically block a payment card number or IP address after a certain number of unsuccessful payment attempts. Shopify does not believe this has a significant legal effect on customers because the automated blocking lasts only for a short period of time.
We ask for your telephone number which enables us to contact you urgently if there is a problem with your order. Your telephone number and email address will be passed on to our chosen delivery partner to ensure they can contact you if they cannot find your address when trying to deliver your order or if there is a problem with your delivery. You may receive text messages and/or emails from our delivery partners. These are solely for the purpose of updating you on when your order will be delivered, providing you options to re-arrange your delivery or nominate a safe place and/or notifying you of any problems with your delivery. For overseas deliveries, we may also provide certain order, delivery and product information to our international carriers, and such information may be communicated by the carriers to customs authorities in order to facilitate customs clearance and comply with local laws. Our most frequently used delivery partners are Royal Mail, DPD, and TNT, and you can read their GDPR compliance statements below. Occasionally we will use different couriers in order to provide a better delivery service for your specific location. If you would like to know in advance which courier your order will be delivered with, and would like to see a copy of their GDPR compliance statement, then contact us and we will be happy to provide this for you.
Personal information is processed through a secure third party processor called Mintsoft as part of our order management system to allow us to create shipping labels for buyers’ orders and to internally manage inventory levels. The information stored includes customer name, address, phone number and email address. No irrelevant data such as credit card details is stored by this third party provider. Mintsoft is compliant with the GDPR and does not share our customer data with any third parties. Access to this order management system requires a username and password which is stored with fully secure 128 bit SSL encryption with SSL certificates supplied by Trustico. All data is stored on Microsoft's Azure secure cloud hosting platform. In the unlikely event of any security breaches with Trustico or Microsoft resulting in comprised personal data, Mintsoft will inform us so that we can take action.
We use a third party marketing platform called MailChimp to allow us to send email newsletters to our marketing subscribers. An unsubscribe option is automatically included in the footer of every campaign sent through MailChimp. You can also unsubscribe by contacting us and requesting you are unsubscribed for our mailing list. The GDPR contains provisions that address the transfer of personal data from EU member states to third-party countries, such as the United Stated. MailChimp participates in and has certified its compliance to the Privacy Shield framework in order to meet these provisions.
MailChimp has self-certified to both the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield regimes, and lawfully transfers EU/EEA personal data to the U.S. pursuant to their Privacy Shield Certification. They also complete a SOC II Type 2 examination on an annual basis for the Trust Principal Criteria of Security, Processing Integrity, Confidentiality, and Availability.
If you have opted-in to our rewards programme, your data will also be stored by our rewards programme provider Smile.io. Our rewards programme is optional, but if you opt in, Smile processes the following personal data: Name, Email Address, Phone Number, Address, IP Address, Date of Birth. It also processes the following non-personal data: Transactional Data (e.g. about your previous orders), Account Creation Date.
If a product is purchased and sent as a gift direct to another individual, we will comply with requests from that individual to identify who has sent them the item but only in the format of non-personally identifiable data such as a first name or initials.
Finally, we may also share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.
As described above, we use your Personal Information to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page here.
You can opt out of targeted advertising by using the links below:
Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal here.
DO NOT TRACK
Please note that we do not alter our Site’s data collection and use practices when we see a Do Not Track signal from your browser.
The lawful basis to process your personal data will depend on your interaction with our company. If you are a customer (or prospective customer who has begun the checkout process), the applicable lawful process is Contract. If you have opted in to receive our marketing communications, the applicable lawful process if Legitimate Interest.
If you are a European resident, you have the right to access personal information we hold about you and to ask that your personal information be corrected, updated, or deleted. If you would like to exercise this right, please contact us through the contact information below.
Additionally, if you are a European resident we note that we are processing your information in order to fulfil contracts we might have with you (for example if you make an order through the Site), or otherwise to pursue our legitimate business interests listed above. Additionally, please note that your information will be transferred outside of Europe, including to Canada and the United States but is done so in compliance with the GDPR.
You have the right to request to see what data we hold on you and have the right to withdraw consent to be contacted for marketing purposes at any time. To do this, please contact us via email or post with the subject line 'Subject Access Request'.
The information we hold will be accurate and as up to date as your last recorded contact with us. You can check the information that we hold about you by contacting us. If you find any inaccuracies, you have the right to rectification and we will be happy to correct any errors for you.
Our data retention period is reviewed annually and data that is no longer needed is removed. We are required by law to store customer data for a set period of time. As part of our data policy review, we have chosen to retain customer data from the inception of our online store (2016) onward. This is because of the specialist nature of the products we offer. Many of our customers purchase meteorological equipment with the intention of keeping lifetime weather records and as a result, require long term support in terms of information on the specification of the products they have purchased; information that we can only provide if we are able to identify the individual requesting the information and their corresponding orders. If you would like your records erased, please see details on your right to erasure below.
As per Article 17 of the GDPR, you have the right to have personal data erased and are free to contact us via email at or post to ask that the personal data we hold on you is erased. Invoking this right will include the erasure of data held by our rewards programme provider Smile.io and you will lose any accrued rewards points, which cannot be exchanged and have no cash value. This is also known as the ‘right to be forgotten’. Please note that this right is not absolute and only applies in certain circumstances.
As per the ICO recommendations, in the event of withdrawing your consent or invoking your right to erasure, it is appropriate for us to retain enough information about you to ensure this you are not included in future communications and/or that your details are erased. Please note, we may ask to see formal identification to verify your identity before processing your data information requests in a bid to combat identity theft and corporate espionage.
Further rights you have regarding your data can be viewed here. You are free to contact us to exercise any applicable rights regarding the data we hold.
You are also welcome to contact us at any time to request a copy of our company GDPR Compliance Statement.
When you place an order with ClimeMET, you will have to option to tick a box and be added to our newsletter distribution list. This means that you will receive our regular email newsletters direct to your inbox, and will be one of the first to know about new products and exclusive discounts. You can unsubscribe from these emails at any time by simply clicking the 'unsubscribe' link at the bottom of each newsletter, or by emailing us. You can also subscribe to our mailing list via pop ups and input forms on our website and social media channels. If you think you have received marketing emails in error then please contact us and we can rectify the situation.
For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e-mail at firstname.lastname@example.org or by post at: ClimeMET, Skyview House, 9 Churchfield Road, Chilton Industrial Estate, Sudbury, Suffolk, CO10 2YA.