Privacy Policy
Cranns is the entity that handles your personal information. For the purposes of UK and European data protection law, Cranns is the data controller of your personal information.
The purpose of this Privacy Policy is to tell you what kind of information we may gather about you when you visit our website, how we may use that information and whether we disclose it to anyone. Our goal is to provide you with a satisfying online experience while allowing you to purchase products online knowing that your information is secure.
Cranns provides the following websites, which are covered by this Privacy Policy (collectively the “Site”):
PRIVACY POLICY
SECTION 1 - WHAT INFORMATION DO WE COLLECT?
We collect personal information when you provide it to us directly through your use of the Site. For example:
When you purchase something from our store, as part of the buying and selling process, we will collect your name, email address and details of the transaction (including associated billing or delivery information).
If you create an account on the Site, we will collect your name, contact details and login information (username and password).
We will collect your email address if you sign-up to receive offers or discount codes on the Site.
If, having purchased one of the Cranns products, you write a review for the Site,
If you contact us to request information about Cranns products and/or contact our customer service team (e.g. via our enquiry form or by email) we may keep a record of your interaction with us to ensure we provide a good customer service.
If you engage with us on social media or use the social media integrations on our Sites then we will collect information about this engagement.
We will also collect information about how you use and interact with our Site, such as:
When you browse our store, we automatically receive information about your use of the Site, such as your computer's internet protocol (IP) address, browser type and device information. We collect this information in order to improve the operation of the Site.
We will collect information automatically using cookies and other similar technologies (e.g. which pages you viewed and which content you interacted with).
If you create an account or make a purchase, we do require to provide us with accurate personal information. If you do not want to provide us with your personal information, you should not create an account or make a purchase, or otherwise provide us with your personal information.
SECTION 2 – HOW DO WE USE YOUR INFORMATION?
Depending on how you use the Site or our services, and the permissions you give us, the purposes for which we use your personal information include:
To process and fulfil any orders for Cranns products you have made via the Site;
To provide the products, services and information you may have requested via the Sites;
To manage and respond to customer service queries, feedback, or any other messages submitted to us;
To improve and maintain the Site and to monitor its usage;
For market research, e.g. we may use your feedback to develop and improve the Cranns products;
To provide our social media pages and integrations;
With your consent, we may send you emails about our online store, new products and any offers or discounts (“email marketing”);
For security purposes, to investigate fraud and where necessary to protect ourselves and third parties.
To comply with our legal and regulatory obligations.
We may also use your personal information for purposes disclosed at the time we collect it from you, or as permitted by law.
For the purposes of UK and European data protection law, we rely on the following legal bases to use your personal information for the above purposes:
The processing is necessary to perform a contract with you, or to take steps prior to entering into a contract with you: for example, where you have ordered a Cranns product from our Site we will use your personal information to process and fulfil your order.
Your consent: for example, we rely on your consent where you add optional information to your account, or if you consent to receive email marketing from us.
Where it is in our legitimate interests to maintain and promote our services and products: for example, we will rely on legitimate interests where we use the information collected from the Sites to improve and develop the Cranns products.
Compliance with a legal obligation: there may be certain situations in which we are required to process your personal information in order to comply with a legal obligation we are subject to.
How do I withdraw my consent?
If after you consent to receive email marketing, you change your mind, you may withdraw your consent by clicking on the ‘unsubscribe’ link in any of the emails we send. If you unsubscribe from email marketing, please note we may still contact you with service messages from time to time, e.g. if you have placed an order or if there is a service issue affecting your account. Alternatively you can withdraw your consent by contact us at info@cranns.com
Please also note that where you unsubscribe or opt out from a marketing communication, we need to keep a record of your email address to ensure we do not send you marketing emails in the future.
SECTION 3 - HOW LONG DO WE STORE YOUR INFORMATION?
Wdddddddddddddddddddddddf `rm e use service providers located around the world. Your personal information may, therefore, be processed in countries outside the jurisdiction in which you access or use our Site. If you are based in the United Kingdom and Europe, this means that your information may be transferred to countries where you may have fewer legal rights in respect of your personal information than you do under local law. If we transfer personal information outside the UK or European Economic Area we will, as required by applicable law, take appropriate steps to ensure that your privacy rights are adequately protected. [Please contact us if you would like more information about these safeguards.]
We will keep your personal information for as long as we need it for our legitimate business purposes (as set out above under Section 2, ‘How do we use your information?’) including as required under applicable laws, and so this period will vary depending on your interactions with us. For example, we may keep a record of our correspondence with you (for example if you have made a complaint about a product or order) for as long as is necessary to protect us from a legal claim.
SECTION 4 - WHO DO WE SHARE YOUR INFORMATION WITH?
We may share personal information with third parties in the following circumstances:
Where we are using a third party service provider to provide services that involve data processing (for example, we use Shopify to host the Site and process payments, as explained in Sections 5 and 6 below);
If you violate our Terms of Service;
Where we work with online advertisers, social media platforms and advertising networks to deliver, tailor and measure advertising to you and others both on our Site and elsewhere on the internet;
We may share personal information with other companies in our group of companies;
here we are under a legal or regulatory obligation to disclose your personal information, or to protect the rights, property or safety of our company, or customers or others;
If we are required to seek legal advice to defend our rights, property or interests then we may share information with our legal and other external advisers;
If our company, or substantially all of our company's assets, are merged or acquired by a third party, your personal information may form part of the transferred or merged assets; and
As required or permitted by law.
SECTION 5 - SHOPIFY
Our store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you. Your data is stored through Shopify's data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall.
PAYMENT
If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your credit card data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your credit card data is deleted.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.
PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
For more insight, you may also want to read Shopify's Terms of Service or Privacy Statement.
We do not store or have access to your credit card details. Cranns websites are powered by Shopify who are certified Level 1 PCI DSS compliant. More information can be found here.
SECTION 6 - THIRD-PARTY SERVICES
In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.
However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.
For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.
In particular, remember that certain providers may be located in or have facilities that are located in a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located. As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.
Once you leave our store's website or are redirected to a third-party website or application, you are no longer governed by this Privacy Policy or our website's Terms of Service.
LINKS
When you click on links on our store, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
We want to be as open and transparent with our users as possible, so at Section 12 below is a list of third party platforms we use with a short explanation of why we use them and their associated Privacy Policies.
SECTION 7 - SECURITY
To protect your personal information, we take reasonable precautions and follow industry practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
If you have an account with us, we encourage you to regularly update your password.
SECTION 8 - COOKIES
We use cookies and similar technologies to provide certain functionality to the Site (e.g., to remember your log-in details, what is in your shopping cart) and to understand and measure the Site’s performance (e.g. to make certain parts of the Sites easier to use). You can remove your cookie history anytime by visiting your browser's settings.
We also use cookies to provide us insight into website traffic through Google Analytics and determine overall performance and effectiveness of marketing campaigns from such platforms as Facebook and Google Adwords. This is used as quantitative data to create a better user experience and at no point do we obtain your personal information from such platforms.
We use cookies to help keep track of items you put into your shopping cart including when you have abandoned your cart and this information is used to determine when to send cart reminder messages via SMS. We will only send messages via SMS if you have provided your express consent to receive SMS messages from us.
Please see our Cookie Policy for further information.
SECTION 9 - AGE OF CONSENT
The Site is not intended for anyone under the age of 13. By using this Site, you represent that you are at least the age of majority in your state or province of residence, or that you are the age of majority in your state or province of residence and you have given us your consent to allow any of your minor dependents to use this Site.
SECTION 10 - YOUR RIGHTS
Depending on the country in which you are based, you may have certain rights in respect of your personal information, including the right to access, correct, and request the erasure of your information. You may also have the right to object to your personal information being used for certain purposes, including to send you email marketing. We will comply with any requests to exercise your rights in accordance with applicable law. Please be aware, however, that there are a number of limitations to these rights, and there may be circumstances where we are not able to comply with your request.
To make any requests regarding your personal information, or if you have any questions or concerns, you should contact us using the details below. Depending on the country in which you are based, you may also be entitled to contact your local supervisory or regulatory authority for privacy and/or data protection.
SECTION 11 - CHANGES TO THIS PRIVACY POLICY
We reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it.
If our store is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell products to you.
SECTION 12 – THIRD PARTY PLATFORMS
As described in section 6 above, the third party platforms that we use are as follows. While we will update this list periodically, changes may occur from time to time in between such updates.
Meta - We utilise Facebook for advertising purposes, which includes remarketing through the use of cookies (see Section 7 for more information on how we use cookies). Facebook Privacy Policy
Google Adwords - We utilise Google Adwords and other similar Google services for advertising purposes, which includes remarketing through the use of cookies (see Section 8 of this policy for more information on how we use cookies). Visit Google's Privacy Policy for a full understanding of the data shared by Google to advertisers.
Google Analytics - We use Google Analytics to better understand audience behaviour on our websites and to help us improve the user experience. Google Analytics Privacy Policy
Hotjar - We use Hotjar to understand how customers behave on our site, what they need, and how they feel, fast. This allows us to improve the user experience. Hotjar Privacy Policy
Klaviyo - We use Klaviyo to obtain email subscribers interested in updates regarding new Cranns products, sales or other information. Users can opt-out of their subscription by simply using the unsubscribe link in any email sent from Cranns. Klaviyo also hold your order details passed through from Shopify so that we can better deliver relevant content that you would most likely be interested in. Klaviyo Privacy Policy
LayerFive - We use LayerFive to understand how our marketing activity performs in a GDPR and CCPA compliant way. LayerFive Privacy Policy
PayPal - Used to process PayPal transactions when checking out on Cranns websites. PayPal has achieved PCI DSS compliance certification. PayPal Privacy Policy
Phocas - A business intelligence platform that we use to understand our global business. Some customer information is held within this platform to aggregate this data. Phocas Privacy Policy
Rebuy - A Shopify App used to offer the most relevant products to you during your online shopping experience on Cranns website. Rebuy Privacy Policy
Referral Candy - This is our peer-to-peer referral system, which customers can join post purchase in order to refer friends for a specified reward. Cranns reserves the right to remove customers who are seen to being using the platform illegitimately. Referral Candy Privacy Policy
Shipwire and Cin7 - We use these services to help us manage orders and ship purchased products. User information and order details are stored here to aid in fulfillment and customer support inquiries.
Shipwire Terms of Service
Cin7 Privacy Policy
Shopify - This is the host platform that we use for Cranns websites, which means that it is the primary source for transactions made. Shopify is a certified Level 1 PCI DSS compliant platform. Shopify's Privacy Policy
Snapchat - We utilise Snapchat for advertising purposes, which includes remarketing through the use of cookies (see Section 7 for more information on how we use cookies). Snap Inc. Privacy Policy
Stripe - The payment gateway that we use to process credit card payments when checking out on Cranns websites.. Stripe has been audited by an independent PCI Qualified Security Assessor (QSA) and is certified as a PCI Level 1 Service Provider. Stripe Privacy Policy
Tapfiliate - This is our Affiliate Program to identify purchases driven by our network of affiliate partners. Tapfiliate uses cookie tracing to identify purchases and reward affiliates accordingly. Cranns reserves the right to remove affiliates and customers who are seen to being using the platform illegitimately. Tapfiliate Privacy Policy
TikTok - We utilise TikTok for advertising purposes, which includes remarketing through the use of cookies (see Section 7 for more information on how we use cookies). TikTok Privacy Policy
Yotpo - We like to hear what our customers think of us, so we use the Yotpo Service to collect customer reviews. Depending on the level of feedback, some personally identifiable user data may be collected. Yotpo Privacy Policy
Zapier - Used to pass information from one platform to another. The Zapier platform is simply a gateway and only temporarily holds data when necessary. Zapier Privacy Policy
ZenDesk - Used as our customer support portal and information that you have provided through a support ticket is held within the platform to help us better service your customer support needs. Zendesk Privacy Policy
QUESTIONS AND CONTACT INFORMATION
If you would like to exercise your data protection or privacy rights, register a complaint, or simply want more information, contact our Privacy Compliance Officer at info@cranns.com
If you are not satisfied with our response, you may make a complaint to your local supervisory or regulatory authority for privacy and/or data protection