Identification

sakala.co.uk and sakalajewels.co.uk are websites owned and operated by ‘Sakala’ which is owned and operated by Helen Hitchcock and based at:
50 High Street, Steyning, West Sussex BN44 3RD
Phone: +44 (0) 1903 879032 and +44 (0) 7973 224220
Email: helen@sakala.co.uk and helen@sakalajewels.co.uk
If you need to contact us, please use the details above.

The Policy

The purpose of this policy is to explain to you how we control, process, handle and protect your personal information through the business and while you browse or use our websites. If you do not agree to the following policy you may wish to cease viewing / using these websites, and or refrain from submitting your personal data to us.

Policy Key Definitions

  • “I”, “our”, “us”, or “we” refer to the business, Sakala, that includes Sakala Jewels.
  • “you”, “the user” refer to the person(s) using these websites.
  • GDPR means General Data Protection Act.
  • PECR means Privacy & Electronic Communications Regulation.
  • ICO means Information Commissioner’s Office.
  • Cookies mean small text files stored on a users computer or device.

Key Principles of GDPR

Our Privacy Policy embodies the following key principles; (a) Lawfulness, fairness and transparency, (b) Purpose limitation, (c) Data minimisation, (d) Accuracy, (e) Storage limitation, (f) Integrity and confidence, (g) Accountability.

Processing of your Personal Data

We are exempt from registration in the ICO Data Protection Register because we are a ‘micro’ business and we are only processing personal data for core business purposes.

Under the GDPR (General Data Protection Regulation) we control and / or process personal information about you electronically using the following lawful basis.

Lawful Basis: Contract

  • Where our purpose for processing is: To fulfil a contractual obligation to you.
  • Which is necessary because: We need to collect payment from you for the items you ordered and we need to send you those goods once you have paid.
  • We process your information in the following ways: We collect information that you have filled in on our websites when creating an account and / or placing an order. This information is stored securely in the administration area of our websites.
  • Data retention period: We will continue to process your information under this basis until you withdraw consent or it is determined your consent no longer exists.
  • Sharing your information: We do share your personal information with certain third parties which include:
    • The Royal Mail and / or other legitimate courier companies
    • Our payment processor which is currently PayPal

If, as determined by us, the lawful basis upon which we process your personal information changes, we will notify you about the change and any new lawful basis to be used if required. We shall stop processing your personal information if the lawful basis used is no longer relevant.

Your Individual Rights

Under the GDPR your rights are as follows. You can read more about your rights in detail here;

  • the right to be informed;
  • the right of access;
  • the right to rectification;
  • the right to erasure;
  • the right to restrict processing;
  • the right to data portability;
  • the right to object;
  • the right not to be subject to automated decision-making including profiling.

You also have the right to complain to the ICO [www.ico.org.uk] if you feel there is a problem with the way we are handling your data.

We handle subject access requests in accordance with the GDPR.

We use cookies on these websites to provide you with a better user experience. We do this by placing a tiny text file on your device to track how you use our websites, to record or log whether you have seen particular messages that we display and to keep you logged into the websites where applicable.

Some cookies are required to enjoy and use the full functionality of these websites. Some cookies will be saved for specific time periods, where others may last indefinitely. Your web browser should provide you with the controls to manage and delete cookies from your device, please see your web browser options.

Our websites are based on a WordPress framework which sets the following cookies:

  • If you set-up and utilise an account on one of our websites… on login, wordpress uses the wordpress_[hash] cookie to store your authentication details. Its use is limited to how you interact with the admin area of the websites.
  • After login, wordpress sets the wordpress_logged_in_[hash] cookie, which indicates when you’re logged in, and who you are, for most interactions on the websites.
  • WordPress also sets a few wp-settings-{time}-[UID] cookies. The number on the end is your individual user ID from the database. This is used to customize your view of the admin area.
  • PHPSESSID and SESS set up and track a unique ID so that as you navigate between pages, information is not lost.

The actual cookies contain hashed (encrypted) data, so you don’t have to worry about someone gleaning your username and password by reading the cookie data. A hash is the result of a complicated mathematical formula applied to the given data. It is practical impossible with today’s computers to decode this hash to retrieve the original input data.

The shopping cart facility on our websites uses an eCommerce module called WooCommerce. WooCommerce sets the following cookies, and none contain any user identifiable data:

  • When you start adding items to your shopping cart, WooCommerce sets two cookies, woocommerce_cart_hash and woocommerce_items_in_cart. They contain information about the cart as a whole and help WooCommerce know when the cart data changes
  • The final cookie (wp_woocommerce_session_) contains a unique code for each customer so that it knows where to find the cart data in the database for each customer.

You can see a list of all cookies currently set by going to sakala.co.uk/cookies/ or sakalajewels.co.uk/cookies/ as applicable.

Data Security and Protection

We ensure the security of any personal information we hold by using secure data storage technologies and precise procedures in how we store, access and manage that information. Our methods meet the GDPR compliance requirement.

Data Security and Protection

We ensure the security of any personal information we hold by using secure data storage technologies and precise procedures in how we store, access and manage that information. Our methods meet the GDPR compliance requirement.

Email Newsletter Subscriptions

Under the GDPR we use the ‘Consent’ lawful basis for anyone subscribing to our email newsletters. We only collect certain data about you, as detailed in the Processing of your personal date section. Any email newsletters we send are either generated and sent by our own program or through an email marketing service (EMS) provider. An EMS is a third party service provider of software / applications that allows us to send out email newsletters to a list of subscribers.

Email newsletters that we send may contain tracking beacons / tracked clickable links or similar server technologies. Where used, such facilities are restricted to informing us whether our newsletters are actually being opened and read. No personally identifiable information is sought or tracked.

Any email newsletters we send are in accordance with the GDPR and the PECR guidelines and regulations. We provide you with an easy method to withdraw your consent (unsubscribe) at any time. Please see each newsletter for instructions on how to unsubscribe – you can also contact the EMS provider, if used, as well.

We retain, and store offline, the following information about you solely for sending newsletters:

  • Email address
  • Name
  • Subscription time & date