Privacy Notice

Introduction

This notice applies to the oxforduniversitykilns.org website, and describes what data we collect and why, what we do with it, and how you can view, control, correct and delete any data that we may hold on you.

This notice may be modified from time to time. This page will always hold the current version. You may wish to revisit the page and check for changes from time to time.

Who are we?

This website is operated by Oxford University Kilns, a part of the University of Oxford. You may email us at info@oxforduniversitykilns.org, or write to us at: Oxford University Kilns, 68 Hightown Road, Banbury, Oxford OX16 9BS, United Kingdom.

What information do we collect?

We collect the following personal data:

  • When you register on the site, or sign up for our newsletter, we collect your name and email address
  • When you make a purchase, we collect your name, full contact details, and details of you purchase. We pass your details (including payment card or PayPal details) on to Braintree, our payment processor, to process your payment, but we do not collect and store any payment details).
  • When you create any posts on a forum on the site, or fill in a questionnaire, you may give us personal data
  • We also gather information on your use of the web site, often through the use of cookies (see below)

Use of cookies and other technologies

You may include a link to further information, or describe within the policy if you intend to set and use cookies, tracking and similar technologies to store and manage user preferences on your website, advertise, enable content or otherwise analyse user and usage data. Provide information on what types of cookies and technologies you use, why you use them and how an individual can control and manage them.

Cookies are small text files downloaded to your device when browsing our web pages. 

We use the following cookies to enable and improve the use of the web site:

  • In the main site, we use Wordpress cookies to record whether you are logged in or out, and any comments you may have made on the site
  • In the gallery/shop, we use PrestaShop cookies to record whether you are logged in or out, to record items that you have added to your shopping cart, and your process through the checkout
  • In making payment, our payment provider uses cookies to enable your payment transactions to be processed
  • We use analytics cookies from Google Analytics to understand how people use our site and to help optimise the site design

If you wish, you can block, edit or delete the use of cookies, as described in the links for different web browsers below. Note that if cookies are disabled, this may be to the detriment of your experience of the web site, and may disable some functionalities. Different web browsers may offer different levels of functionality.Click on the link below to be taken to the relevant page for your web browser:

Firefox 

Chrome

Microsoft Edge

Internet Explorer

Safari on Mac

Safari on iPhone and iPad

Linking to other websites / third party content

The web site may contain links to other web sites, or content contributed by third parties (such as comments or forum posts). We do not endorse any such web sites or content, nor do we take any responsibility for their content.

How do we use personal information?

We may use your data in the following ways:

  • to ensure correct operation of the web site, e.g. to record when you are logged in to the site or what pages you have viewed
  • to improve your experience of the web site. e.g. through personalisation or through making parts available just to those who have registered
  • to enable you to set up an account on the web site
  • to allow us to provide you with goods and services, such as the sale of pots. This may include sending your payment details to Braintree, our card processing partner, to process your sale.
  • to enable us to send you emails, newsletters, and other communications about our events and activities. This may include using MailChimp to send out emails.
  • to meet any legal obligations (e.g. fraud prevention)
  • to use for internal purposes, such as audit requirements or analysing the use of the web site

What legal basis do we have for processing your personal data?

When you create an account on the web site, or sign up to a service such as receipt of our newsletter or participation in a forum, we are processing your data with your consent. You can withdraw your consent by unsubscribing from the newsletter or closing your account.

When you purchase goods or services from our web site, we are processing your personal data both with your consent and out of contractual necessity.

When do we share personal data?

Your data is kept confidential, and not normally shared. Exceptions to this are:

  • Sharing with contractors or associates to enable the provision of services or business operations
  • Sharing sales and shipping data with potters whose work you have purchased
  • Sharing your name and address, purchase details and payment information with Braintree, for processing electronic payments
  • Uploading your name and email address into the bulk emailing services offered by MailChimp

We do not sell on or otherwise make commercial use of your data with third parties.

Where do we store and process personal data?

The data is stored and processed on virtual server(s) that are provided as part of the supply of the web site. These are operated by Tim Thornton Ceramics, Garden Cottage Garlogs, Nether Wallop, Stockbridge SO20 8DP, United Kingdom. The servers are provided by InMotion Hosting, 360 N. Pacific Coast Highway, Suite 1055, El Segundo, CA 90245, USA. Both organisations are GDPR compliant.

Backup copies of the data is also stored on Tim Thornton Ceramics' office computer systems.

How do we secure personal data?

We keep your data secure in the following ways:

  • Storing your data on secure server(s) behind firewalls
  • Critical data (such as passwords) is stored in an encrypted format
  • SSL encryption is used when sending data between our server(s) and your web browser
  • Taking regular backups to protect data against accidental loss
  • Taking technical and organisational measures to protect the security and confidentiality of your data against accidental loss and any unauthorised access, use, modification or disclosure

We strive to protect your Data, but cannot guarantee the absolute security of information sent to the Website. You agree that you provide your Data at your own risk. We cannot be held liable for any failure to comply with privacy settings and security measures implemented on our Websites. As such, you agree that the security of your information is equally your responsibility. For instance, you are responsible for keeping your user account password confidential.

Given the inherent characteristics of the internet, we cannot guarantee the optimal security of information exchanged over this network.

How long do we keep your personal data for?

Registration data is kept until either delete the account or ask us to, or we send you an email and find that your email address is no longer valid.

Sales information is kept for 6 financial years from the date of the sale, to meet HMRC requirements.

At the end of its retention period, your personal data is deleted.

Your rights in relation to personal data

Access to Specific Information and Data Portability Rights

You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request (see Exercising Your Rights), we will disclose to you:

  • The categories of personal information we collected about you.
  • The categories of sources for that information
  • Our purpose for collecting that information.
  • The categories of third parties with whom we share that information.
  • The specific pieces of personal information we collected about you (also called a data portability request).
  • If we disclosed your personal information for a business purpose, two separate lists disclosing:
  • sales, identifying the personal information categories that each category of recipient purchased; and
  • disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.

Rectification and Deletion Request Rights

You have the right to request that we correct, complete or delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your request (see Exercising Your Rights), we will correct, complete or delete your personal information, subject to certain exceptions.

We may deny your request if retaining the original information is necessary for us or our service provider(s) to:

  • Complete the transaction for which we collected the personal information, provide goods or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
  • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
  • Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
  • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
  • Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
  • Comply with a legal obligation.
  • Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

Processing Rights

You have the right to request that we stop or restrict processing any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see Exercising Your Rights), we will stop processing your data (and direct our service providers to do likewise), unless an exception applies.

We may deny your request if it is necessary for us or our service provider(s) to process the data in order to:

  • Complete the transaction for which we collected the personal information, provide goods or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
  • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
  • Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
  • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
  • Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
  • Comply with a legal obligation.
  • Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

Exercising your Rights

To exercise the access, data portability, and deletion rights , please send us a request by email or post. Only you may make a request about your personal information. You may also make a request on behalf of your minor child.

You may only make one request at a time. Your request must:

  • Provide sufficient information that allows us to reasonably verify that you are the person about whom we collected personal information, or an authorized representative.
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

Before responding to your request or providing you with information, we will check your identity or authority to make the request, and confirm that the personal information relates to you. We will only use information provided in your request to verify your identity or authority to make the request.

Response Timing and Format

We aim to respond to your request within 28 days of its receipt. If we need more time (up to 60 days), we will inform you of the reason and extension period. Our response will be delivered by email or post, at your option.

Any data we provide will only cover the 12 months preceding your request. We will also explain why we cannot comply with your request, if applicable. For data portability requests, we will select a file format for your data that is readily usable, e.g. .PDF, .TXT, or .DOCX format.

How to contact us?

If you have questions or concerns about our privacy practices, your personal information, or if you wish to file a complaint, you may email us at info@oxforduniversitykilns.org, or write to us at: Oxford University Kilns, 68 Hightown Road, Banbury, Oxford OX16 9BS, United Kingdom.