We understand that privacy and the security of your personal information is -
extremely important. This policy sets out what we do with your information and what
we do to keep it secure. It also explains where and how we collect your personal
information, as well as your rights over any personal information we hold about you.
This policy applies to you if you use our products or services over the phone, online,
or through our mobile application. This policy gives effect to our commitment to
protect your personal information.
Who are we?
When we say ‘we’ or ‘us’ or “White Witch” in this policy, we are referring to White
Witch, 1 Church Street, Waltham Abbey, Essex, EN9 1DX. It also includes any other
businesses we add to this group in the future.
What sorts of information do we hold?
We collect information about you when you place an order for products or services.
Website usage information is collected using cookies.
Information that you provide to us such as your name, address, telephone number,
email address, bank account and payment card details and any feedback you give to
us, including by phone, email or post.
Information about the Services that we provide to you (including for example, the
things we have provided to you, when and where, what you paid, the way you use
our products and Services, and so on);
Information about any device you have used to access our Services (such as your
device’s make and model, browser or IP address) and how you use our Services;
Your contact details and details of the emails and other electronic communications
you receive from us, including whether that communication has been opened and if
you have clicked on any links within that communication.
How do we use your information?
Under the General Data Protection Regulations (GDPR) we have a number of lawful
reasons that we can use (or ‘process’) your personal information. One of the lawful
reasons is called ‘legitimate interests’. Broadly speaking Legitimate Interests means
that we can process your personal information if we have a genuine and legitimate
reason and we are not harming any of your rights and interests.
When you provide your personal details to us we use your information for our
legitimate business interests to carry out our work of providing you with products and
services. Before doing this, though, we will also carefully consider and balance any
potential impact on you and your rights.
Some typical examples of when we might use the approach are for preventing fraud,
maintaining the security of our systems, data analytics, enhancing, modifying or
improving our services, identifying usage trends and determining the effectiveness of
We will process the personal information you have supplied to us to conduct and
manage our business to enable us to give you the products and services you have
ordered. These are what we consider to be our ‘Legitimate Interests’.
The following are some examples of when and why we would use this approach in
In order for us to process an order, payment has to be taken and contact
information collected, such as name, delivery address and telephone number,
provided. Both the buyer and seller would need to record the transaction, help
answer your questions and solve any issues you have.
Communication: We will make best effort to ensure our communication is tailored
and relevant for you wherever we deem you to be in the sales cycle.
Your best interest: Processing your information to protect you against fraud when
transacting on our website, and to ensure our websites and systems are secure.
Personalisation: Where the processing enables us to enhance, modify,
personalise or otherwise improve our services for the benefit of our customers
Analytics: To process your personal information for the purposes of customer
analysis, assessment, on a personalised or aggregated basis, to help us with our
activities, if this does not harm any of your rights and interests.
Research: To determine the effectiveness of and develop our products, services,
systems and relationships with you.
Due Diligence: We may need to conduct investigations on supporters, potential
customers and business partners to determine if those companies and individuals
have been involved or convicted of offences such as fraud, bribery and
When we process your personal information for our legitimate interests, we will
consider and balance any potential impact on you and your rights under data
protection and any other relevant law. Our legitimate business interests do not
automatically override your interests – we will not use your personal data for
activities where our interests are overridden by the impact on you (unless we have
your consent or are otherwise required or permitted to by law).
You will never receive unsolicited emails, telephone calls or mail from us. We will
only contact you to acknowledge your order, if goods are unavailable, or in response
to your request.
Remember, you can change the way you hear from us or withdraw your permission
for us to process your personal details at any time by using our contact details
Who we might share your information with?
We will only share information about you within White Witch to allow us to process
your order. We will not disclose your information to third parties, other than when
order details are processed as part of the order fulfilment, for goods delivery
Access and correction of your personal information
You have the right to access the personal information that we hold about you in
many circumstances. This is sometimes called a ‘Subject Access Request’. If we
agree that we are obliged to provide personal information to you, (or someone else
on your behalf), we will provide it to you, or them, free of charge.
Before providing personal information to you or another person on your behalf, we
may ask for proof of identity and sufficient information about your interactions with us
so that we can locate your personal information.
If any of the personal information we hold about you is inaccurate or out of date, you
may ask us to correct it.
Right to stop or limit our processing of your data.
You have the right to object to us processing your personal information if we are not
entitled to use it any more, to have your information deleted if we are keeping it too
long or have its processing restricted in certain circumstances.
If you would like to exercise these rights, please contact us via one of the
mechanisms set out below.
How long do we keep your information for?
We will retain your personal information for the period necessary to fulfil the
or permitted by law.
Cookies are text files placed on your computer to collect standard internet log
information and visitor behaviour information. This information is used to track visitor
use of the website and to compile statistical reports on website activity, aid
navigation and to keep track of the contents of your shopping basket.
You can set your browser not to accept cookies. However, in a few cases some of
our website features may not function as a result.
Links to other websites
We sometimes provide you with links to other websites, but these websites are not
under our control. Therefore, we will not be liable to you for any issues arising in
connection with their use of your information, the website content or the services
terms and conditions on each website to see how each supplier may process your
We take security measures to protect against unauthorised access, improper use,
alteration, destruction or accidental loss of your personal information including:
implementing access controls to our information technology, such as firewalls, ID
verification and logical segmentation and/or physical separation of our systems
accepting payment on our website only via PayPal.
If you would like to exercise one of your rights as set out above, or you have a
question or a complaint about this policy or the way your personal information is
processed, please contact us by one of the following means:
By email: email@example.com
By post: The Proprietor, White Witch, 1 Church Street, Waltham Abbey, Essex, EN9
You also have the right to lodge a complaint with the UK regulator, the Information
Commissioner. Please go to www.ico.org.uk/concerns to find out more.