Privacy Policy

Who are you?

I am Alex Russell, a designer and graphic artist, registered in the United Kingdom as a Sole Trader. Halfdropped is one of a number of products and services that I offer as part of Alex Russell Creative Services, the trading name for my business. This website address is: https://halfdropped.com.

What is a summary of your Privacy Policy?

I will only use the information that I collect about you lawfully in accordance with the EU General Data Protection Regulation (GDPR).
In this Privacy Policy, I have aimed to provide as much detailed information as I can on when and why I collect your personal information.
If, after reading it, you have any questions about the Policy or the personal information that this site holds in your name, please get in touch via the contact details near the end. Alerts that this policy has been updated will be posted on Halfdropped.com home page. This version of the Policy was written in May 2019.

What personal data do you collect and why do you collect it?

Cookies and cookie policy

Cookies are small text files that this website transfers to your device via your browser. They enable the website system to collect data that may include your browser type, operating system, device type, IP address, location, which pages in the website you visited and when. This data may be used to help remember who you are next time you visit halfdropped.com and to perform analytics (see below).
If you leave a comment on the site you may opt in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year. If you visit the login page, a temporary cookie will be set to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser. When you log in, the site will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed. If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

You can adjust your browser settings to tell you when you get cookies, prevent them from being accepted or fully disable them. You can also delete all cookies stored on your device.

Shopping

If you use the shop on halfdropped.com, it will track:
1. Products you’ve viewed: this will be used to show you what Halfdropped stuff you’ve recently looked at.
2. Location, IP address and browser type: this will be used for purposes like estimating taxes and postage.
3. Shipping address: this is need to confirm postage costs before you place an order and to know where to send the order to.
4. Cookies will be used to keep track of basket contents while you’re browsing. See also the Cookie Policy above.

When you buy something from halfdropped.com from us, you will need to provide information including your name, billing address, shipping address, email address, phone number, credit card/payment details and optional account information like username and password. This is needed to:
1. Send you information about your account and order.
2. Respond to any your requests or questions you might have.
3. Process payments and prevent fraud.
4. Set up your account for our store (if you choose to set up an account).
5. Comply with any legal obligations Alex Russell Creative Services has, such as calculating taxes.
6. To try and improve how the Halfdropped shop works.
7. Send you marketing messages, if you choose to receive them.
If you create an account, your name, address, email and phone number will be stored and used to populate the checkout for future orders.

Information is generally stored about you for as long as is needed for the purposes for which it is collected and used or where there is a legal requirement to, such as storing order information for 5 years after the 31 January submission deadline of the relevant UK tax year for tax and accounting purposes. This includes your name, email address and billing and shipping addresses.

Comments and reviews

If you leave comments or reviews on the site, halfdropped.com will collect the data shown in the comments form, plus your IP address and browser user agent string to help spam detection. An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service Privacy Policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Uploaded media

If you upload images to the website, it is recommended that you avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Social media

halfdropped.com has links to social media sites such as Instagram, LinkedIn and Twitter. If you choose to “like” or “share” information from this website through these services, you should review the privacy policy of that service. If you are a member of a social media site, the interfaces may allow the social media site to connect your visits to this site with other Personal Information.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Analytics

halfdropped.com uses Google Analytics, a service which transmits website traffic data to Google servers in the USA. Google Analytics does not identify individual users or associate your IP address with any other data held by Google. Google has a Privacy Policy here:
https://www.google.com/policies/privacy/
In addition to disabling or removing cookies, you can use Google’s opt-out service here: https://tools.google.com/dlpage/gaoptout

halfdropped.com is hosted by 1&1 Ionos and uses their SiteAnalytics service, transmitting data to servers in Germany. This does not identify individual users or associate your IP address with any other data. 1&1 Ionos has a Privacy Policy here:
https://www.ionos.co.uk/terms-gtc/terms-privacy/

The reports provided by Google Analytics and SiteAnalytics help me understand website traffic and usage.

Who do you share your data with?

Website traffic data is shared with Google Analytics and SiteAnalytics (see Analytics above). This does not identify individual users or associate your IP address with any other data.

halfdropped.com is built with WordPress; their Privacy Policy is here:
https://en-gb.wordpress.org/about/privacy/

It uses plug-ins from WooCommerce and Jetpack, both with Privacy Policies here:
https://automattic.com/privacy/

Orders made in the shop that are paid for by credit/debit card or PayPal are processed by PayPal. When processing payments, some of your data will be passed to PayPal, including information required to process or support the payment, such as the purchase total and billing information. PayPal’s Privacy Policy is here:
https://www.paypal.com/en/webapps/mpp/ua/privacy-full

How long do you retain my data?

If you register for an account on the website (you don’t have to), the personal information you provide will be stored in your user profile. All users can see, edit, or delete their personal information at any time (except for changing their username). The website administrator (Alex Russell) can also see and edit that information.

Data relating to inactive accounts is retained for 2 years. Data relating to pending, failed or cancelled orders is retained for 14 days. Data relating to completed orders is retained for 5 years after the 31 January submission deadline of the relevant UK tax year before being anonymised.
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

What rights do I have over my data?

If you have an account with halfdropped.com, or have left comments, you can request to receive an exported file of the personal data held about you, including any data you have provided. You can also request that any personal data held about you is erased. This does not include any data that has to be kept for administrative, legal or security purposes.

Where do you send my data?

All site data is stored on servers based in the European Union by 1&1 Ionos. See above for details of payment processing data via PayPal and website analysis via Google Analytics.
Visitor comments may be checked through an automated spam detection service.

Your contact information

I can be contacted on alex(at)halfdropped(dot)com or alex(at)alexrussell(dot)com.

Additional information

How do you protect my data?

halfdropped.com is SSL certified and connects to your browser via HTTPS, so any information you enter into the site will be encrypted, secure and protected from any tampering. It is hosted on ISO 27001 certified data centres.

What data breach procedures do you have in place?

As soon as there is awareness of a data breach, the risk to individuals will be assessed using the self-assessment protocols on the Information Commissioner’s Office (ICO) website. As a result of the assessment, where appropriate, the following parties will be notified as quickly as possible:
1. Any individuals at risk.
2. 1&1 Ionos (halfdropped.com hosting organisation).
3. PayPal (halfdropped.com payment processing organisation).
4. The ICO.

Where individuals are involved, they will be provided with contact details for more information, a description of the likely consequences and a description of what will be done to deal with the data breach and mitigate against any adverse effects.

What third parties do you receive data from?

None.

What automated decision making and/or profiling do you do with user data?

None.

Do you have any industry regulatory disclosure requirements?

No.