Cookies

Not biscuits but digital cookies
All websites use something called cookies to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services. To help you understand how they work we have listed below the types of cookies running what are called scripts within this site.

General cookies
Cookies are small text files that can be used by websites to make a user's experience more efficient. The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission.

This site uses different types of cookies. Some cookies are placed by third party services that appear on our pages.
You can at any time change or withdraw your consent from the Cookie Declaration on our website. 

Necessary cookies
Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

Preference cookies
Preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in.

Satistic cookies
Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

Marketing cookies 
Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

The collection and use of your data

The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR).


Everyone responsible for using personal data has to follow strict rules called ‘data protection principles’. They must make sure the information is:

  • used fairly, lawfully and transparently
  • used for specified, explicit purposes
  • used in a way that is adequate, relevant and limited to only what is necessary
  • accurate and, where necessary, kept up to date
  • kept for no longer than is necessary
  • handled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage

There is stronger legal protection for more sensitive information, such as:

  • race
  • ethnic background
  • political opinions
  • religious beliefs
  • trade union membership
  • genetics
  • biometrics (where used for identification)
  • health
  • sex life or orientation

There are separate safeguards for personal data relating to criminal convictions and offences.

Your rights

Under the Data Protection Act 2018, you have the right to find out what information the government and other organisations store about you. These include the right to:

  • be informed about how your data is being used
  • access personal data
  • have incorrect data updated
  • have data erased
  • stop or restrict the processing of your data
  • data portability (allowing you to get and reuse your data for different services)
  • object to how your data is processed in certain circumstances

You also have rights when an organisation is using your personal data for:

  • automated decision-making processes (without human involvement)
  • profiling, for example to predict your behaviour or interests

How we use the data you give us
To comply with GDPR we collect and use the data you give us in the following way.

You may wish to fill in a form on our site to register interest in our products, or subscribe to a mailing list. Your data is encrypted by our website hosts, before being forwarded to us in the form of encrypted email. Our systems are protected by a constantly updating protection system and anti virus software. 

We will then use the information you have supplied to us to deliver only your request, it will be used for no other purpose. We will not alter the information you give us and will assume the information you gave us as correct.

Once your request has been processed and acted upon and there is no further need to hold your information, it is permanently deleted from our records. If you become a future customer your address and purchase details will be stored in our offline accounting system only. We keep what information you give us in the strictest confidence. No customer or visitor information will ever be passed from our office unless we receive a request to do so under a legal requirement from the U.K. Police, HMRC or those with statutory rights to do so.

The only information we will ever ask for or hold will be the following:
Name
Address
Your preferred contact details
product of interest or purchase
Delivery address
Name of person receiving a delivered product

If you choose to order from us
To fulfil your order, you must provide us with certain information  such as your name, email address, postal address, payment information, and the details of the product that you’re ordering. You may also choose to provide us with additional personal information (for a custom order, for example), if you contact us directly.

Why we Need Your Information and How we Use It

We rely on a number of legal bases to collect, use, and share your information, including:

- as needed to provide my services, such as when we use your information to fulfil your order, to settle disputes, or to provide customer support;
- when you have provided your affirmative consent, which you may revoke at any time, such as by signing up for our mailing list;
- if necessary to comply with a legal obligation or court order or in connection with a legal claim, such as retaining information about your purchases if required by tax law; and
- as necessary for the purpose of my legitimate interests, if those legitimate interests are not overridden by your rights or interests, such as
1) providing and improving our services. We use your information to provide the services you requested and in our legitimate interest to improve ou services; and
2) Compliance with the Paypal Seller Policy and Terms of Use. We use your information as necessary to comply with our obligations under the Paypal Seller Policy and Terms of Use.

Information Sharing and Disclosure

Information about my customers is important to my business. I share your personal information for very limited reasons and in limited circumstances, as follows:

- Paypal. I share information with Paypal as necessary to provide you with our services and comply with our obligations under both the Paypal Seller Policy and Paypal Terms of Use.
- Service providers. We engage certain trusted third parties to perform functions and provide services to our shop, such as web hosting servers and delivery companies. We will share your personal information with these third parties, but only to the extent necessary to perform these services.
- Business transfers. If we sell or merge our business, we may disclose your information as part of that transaction, only to the extent permitted by law.
- Compliance with laws. We may collect, use, retain, and share your information if we have a good faith belief that it is reasonably necessary to: (a) respond to legal process or to government requests; (b) enforce my agreements, terms and policies; (c) prevent, investigate, and address fraud and other illegal activity, security, or technical issues; or (d) protect the rights, property, and safety of my customers, or others.

Data Retention

We retain your personal information only for as long as necessary to provide you with our services and as described in my Privacy Policy. However, I may also be required to retain this information to comply with my legal and regulatory obligations, taxes, to resolve disputes, and to enforce my agreements. I generally keep your data for the following time period: 10 years.

Transfers of Personal Information Outside the EU

We may store and process your information through third-party hosting services in the US and other jurisdictions. As a result, We may transfer your personal information to a jurisdiction with different data protection and government surveillance laws than your jurisdiction. If we are deemed to transfer information about you outside of the EU, we rely on Privacy Shield as the legal basis for the transfer, as Google Cloud is Privacy Shield certified, TRUSTe Privacy Certifications.

Your Rights

If you reside in certain territories, including the EU, you have a number of rights in relation to your personal information. While some of these rights apply generally, certain rights apply only in certain limited cases. I describe these rights below:

- Access. You may have the right to access and receive a copy of the personal information we hold about you by contacting us using the contact information below.
- Change, restrict, delete. You may also have rights to change, restrict our use of, or delete your personal information. Absent exceptional circumstances (like where were are required to store data for legal reasons) we will generally delete your personal information upon request.
- Object. You can object to (i) our processing of some of your information based on our legitimate interests and (ii) receiving marketing messages from us after providing your express consent to receive them. In such cases, We will delete your personal information unless we have compelling and legitimate grounds to continue using that information or if it is needed for legal reasons.
- Complain. If you reside in the EU and wish to raise a concern about our use of your information (and without prejudice to any other rights you may have), you have the right to do so with your local data protection authority.

How to Contact us

For purposes of EU data protection law, I, Richard Ayling, am the data controller of your personal information. If you have any questions or concerns, you may contact me at office@caballus.co.uk Alternately, you may mail me at:
Richard Ayling
Caballus
Units 10 & 11
Abernant Enterprise Centre.
Rhyd y Fro
Nr Pontardawe
Neath Port Talbot
SA4 4SX