Your personal information and how we (don't) collect and store it

TL;DR We don't surreptitiously collect any personal information about you or your browsing habits. Full stop. End of story. If we have any personal information about you it's because you have consciously chosen to it send us. But you can always ask us to delete it afterwards.


For all pages on this website with the exception of our shop...
Notice how you didn't get one of those cookie messages? That's because we don't use them. Nor do we use any form of analytics. In fact, we hand coded the entire site in-house (which took ages) specifically to avoid these forms of intrusion. We don't know or care who you are, why you are here, where you came from, what you look at on this site or where you go next. Sounds brutal but here's our philosophy.

At some places on the site you might see some radio buttons polling your opinion on our designs which trigger options to submit some comments. If you choose to use these your responses and anything you choose to type in the comments boxes go into a SQL database held securely on our web server. The database entry also records the date and time of submission. But we don't know anything about who submitted the information (unless for some reason you choose to put some personal information in the comments). We keep these responses in the database for as long as we think they might be useful. We look at them occasionally because your comments sometimes make us laugh and, more importantly, because you sometimes have some useful things to say about our stuff which helps us improve it. If we find you've put any personal information in your comments we remove it. We might use the aggregated results of these polls to try and persuade third parties such as retailers that our stuff is worth them stocking.

On our contacts page you have a number of options of ways to communicate with us. If you choose to use these and put any personal information in your communications then we'll keep that personal information about you for as long as we think we need it to deal with your enquiry. This might be from seconds (e.g. for an email response to a question) to years (e.g. for a legal threat). We decide how long we think we might need your information for. Then we permanently delete it. The UK Information Commissioners Office recommends that we tell you where we securely store your information while we keep it. If we told you (and everyone else) exactly where we keep it, it wouldn't be very secure would it? So let's just suffice it to say that your electronic communications are stored on password protected hard drives on our sites (and not on any third party cloud type services) and your physical letters are in a paper file on our sites or scanned and put on the same hard drives. I know, who'd have thunk it? The ICO also recommend we tell you how we delete it: that'll be Shift + Right click/Delete for the ones & zeroes and a wastepaper bin for the letters. Our legal basis for keeping this information is that you have consented to it by putting it in your communication to us. There may also be contractual or legal obligations on us to keep it, depending on what you have contacted us about. As a matter of principle, we don't share, publically disclose or sell (eek!) any information about you that you provide us with. There would only ever be two exceptions to this rule that we can envisage: one is where you are legally threatening us, in which case we might have to share your details with the solicitors dealing with the case for our side; the other is if you are physically threatening or abusing us in which case we might share your details with the police or some big ugly guys with baseball bats.

Our online shop...
Now that's a whole different matter. It's in the nature of e-commerce that you're going to have to provide us with a lot of personal information about yourself to buy something and we're going to have to keep that information for a while. Our online shop is provided for us by a cloud based third party Software As A Service provider called Ecwid.

One of the reasons we chose Ecwid is that they have a clear and intelligible privacy policy setting out what they collect about you when you are buying stuff from our shop (if you want to read it then the relevant bits in this case are the ones about the 'user' (you) and the 'merchant' (us)). Ecwid store your information on their servers and we have access to some of that information (such as your name and address, what you bought and when so we can send the goods to you). We may copy some of that information from Ecwid's servers to our own computer hardware, particularly things like your name and address so we can print your shipping labels. Your payments are processed by a company called Stripe who act as a third party provider to Ecwid. We don't see, store or have any knowledge of your payment details: they are all handled between Ecwid and Stripe. Stripe also have a privacy policy which makes it clear that it is Ecwid's privacy policy that is in control of your personal data when payments are being processing through our shop.

We'll keep the information you provide us with while making a purchase for as long as we need to. Generally this will be for the guarantee period of what you have bought, 12 months in most cases. Another reason we chose Ecwid is that it makes it easy for you to find what personal information we and Ecwid are storing about you and to delete it. If you want to know what information we and Ecwid are holding about you after a purchase get in touch telling us your name and email address. We'll send back the information that we and Ecwid have about you by email. You can then ask for that to be deleted if you wish and as long as we don't need it (for example to keep guarantee entitlement information) we and Ecwid will comply.

Please be aware that although we don't set cookies both Ecwid and their partners like Stripe are likely to when you are using our shop. Cookies are small text files that are stored on your computer that are used to store information such as what you have put in your shopping basket. All online purchase sites do this. Some of the cookies get deleted when you close your web browser. Some won't automatically get deleted. Cookies are a bit like recreational drugs: widely used and mostly harmless but some individuals abuse them badly. Unfortunately we have no control over what persistent cookies Ecwid and their 3rd party partners set. You can set up your web browser to delete these persistent cookies when you close it as well. (But bear in mind that might delete cookie information you want to keep such as logins for other sites that you regularly use.) The best option is usually to clear site data from the current session or the last hour. If you'd like to know how, there are lots of online guides that tell you how for your particular web browser. But bear in mind that Googling 'how to clear cookies' will result in Google setting loads of them. You can't win Darth.

Who 'we' are in this statement

We are Elephant Stone Limited, a UK based private limited company with a registered office at 272 Bath Street, Glasgow, G2 4JR. We are your personal data controller in this statement. If you use our shop then Ecwid and their partners are a personal data processor.

Your data privacy rights under this statement

You have a range of legal rights about the personal information about you held by us. The full bifta can be found here. The main ones you are likely to want to exercise with us though are the right of access (to find out what information, if any, we hold about you) and the right to erasure (to ask us to delete it or to listen to Vince Clarke and Andy Bell on Spotify depending on the context).

How to exercise your rights

Contact us giving us, as a minimum, your name and either email or postal address. Tell us which right you wish to exercise. If we hold any personal information about you, you'll hear back from us within thirty-one days. Otherwise you won't.

Complaints

If you have any complaints (about our use of personal data, we don't want to know about your bunions) Contact us. Or The Information Commissioners Office.

This is version 1.0 of our privacy statement, dated Ocotber 2021.

Mark Zuckerberg mocked up as a Big Brother meme