Who we are

We are committed to maintaining the trust and confidence of our visitors to our web site. In particular, we want you to know that we are not in the business of selling, renting or trading email lists with other companies and businesses for marketing purposes.
In this Privacy Policy, we’ve provided detailed information on when and why we collect your personal information, how we use it and how we keep it secure.

Our Core Beliefs Regarding User Privacy & Data Protection

  • User privacy and data protection are human rights
  • We have a duty of care to the people within our data
  • Data is a liability, it should only be collected and processed when absolutely necessary
  • We loathe spam as much as you do!
  • We will never sell, rent or otherwise distribute or make public your personal information

What personal data we collect and why we collect it

Comments & Reviews

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Contact forms

When a user sends us a message using one of the contact forms on the site this is then sent on to the relevant mailbox. This email is retained within the websites contact form system as an entry for no longer than 24 hours before being automatically deleted. The message is sent from the mailbox to a separate Gmail account for review and replying to the message. The message is not retained on the website mailbox server. However, it is retained in the Gmail account for the sake of further correspondence with the potential client. A copy of your emails retained on the system can be requested if necessary, please find details for this in the “Access your personal information section”.

As detailed above, if you submit an email via the contact forms on this website some personal information will be stored within this website’s database. This is currently the only occasion where personal data will be stored on this website. This data is currently stored in an identifiable fashion; a limitation of the content management system that this website is build on (WordPress). However, as stated above this is only retained with the database for 24 hours before being purged. In the near future we aim to change the storage of this data to a pseudonymous fashion meaning that the data would require additional processing using a separately stored ‘key’ before it could be used to identify an individual.

Pseudonymisation is a recent requirement of the GDPR which many web application developers are currently working to fully implement. We are committed to keeping it as a high priority and will implement it on this website as soon as we are able to.

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service.

Your contact information

If you’d like to make a request to view or have any data collected via this site please get in touch by emailing geoff@thescottishbothybible.com and we’ll try to facilitate this at the earliest convenience.

Additional information

How we protect your data

We use an HTTPS connection on our website (Hypertext Transfer Protocol Secure, the communication protocol is encrypted by Transport Layer Security (TLS), or formerly, its predecessor, Secure Sockets Layer SSL). To ensure all data that is input using forms or collected through analytics is done in a strictly encrypted fashion. This is authenticated using an SSL certificate issued through Cloudflare by COMODO ECC Domain Validation Secure Server CA 2O. This certificate can be viewed when accessing the site in your browser, please visit the link below for details on how to go about this:
https://www.globalsign.com/en/blog/how-to-view-ssl-certificate-details/

Should you choose to contact us using the contact forms on this site, none of the data that you supply will be stored by this website for more than 24 hours. None of this data will be passed to / be processed by any of third party data processors. Instead the data will be collated into an email and sent to us over the Simple Mail Transfer Protocol (SMTP). Our own SMTP servers are protected by TLS (sometimes known as SSL) meaning that the email content is encrypted using SHA-2, 256-bit cryptography before being sent across the internet. The email content is then decrypted by our local computers and devices. However, we would suggest that you always consider email as an insecure medium and not include personal, confidential or otherwise sensitive information within an email.

Our Website Server
Our website is currently hosted by TSO Host, a UK based Webhosting company. More information on their server security policies and systems can be found at this link: TSO Host

What data breach procedures we have in place

We will report any unlawful data breach of this website’s database to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.

Events Manager
We use Google services to generate maps and provide autocompletion when searching for events by location, which may collect data via your browser in accordance to Google’s privacy policy.

We collect and store information you submit to us when making a booking, for the purpose of reserving your requested spaces at our event and maintaining a record of attendance.

We collect and store information you submit to us about events (and corresponding locations) you would like to publish on our site.

We may use cookies to temporarily store information about a booking in progress as well as any error/confirmation messages whilst submitting or managing your events and locations.

WooCommerce

We do collect information about you during the checkout process on our store. This is purely to facilitate your purchase and not for any additional marketing or other purpose.

What we collect and store
While you visit our site, we’ll track:

Products you’ve viewed: we’ll use this to, for example, show you products you’ve recently viewed
Location, IP address and browser type: we’ll use this for purposes like estimating taxes and shipping
Shipping address: we’ll ask you to enter this so we can, for instance, estimate shipping before you place an order, and send you the order!
We’ll also use cookies to keep track of cart contents while you’re browsing our site.

Note: you may want to further detail your cookie policy, and link to that section from here.

When you purchase from us, we’ll ask you to provide information including your name, billing address, shipping address, email address, phone number, credit card/payment details and optional account information like username and password. We’ll use this information for purposes, such as, to:

  • Send you information about your account and order
  • Respond to your requests, including refunds and complaints
  • Process payments and prevent fraud
  • Set up your account for our store
  • Comply with any legal obligations we have, such as calculating taxes
  • Improve our store offerings
  • Send you marketing messages, if you choose to receive them
  • If you create an account, we will store your name, address, email and phone number, which will be used to populate the checkout for future orders.

We generally store information about you for as long as we need the information for the purposes for which we collect and use it, and we are not legally required to continue to keep it. For example, we will store order information for XXX years for tax and accounting purposes. This includes your name, email address and billing and shipping addresses.

We will also store comments or reviews, if you choose to leave them.

Who on our team has access
Members of our team have access to the information you provide us. For example, both Administrators and Shop Managers can access:

  • Order information like what was purchased, when it was purchased and where it should be sent, and
  • Customer information like your name, email address, and billing and shipping information.
  • Our team members have access to this information to help fulfill orders, process refunds and support you.

What we share with others
In this section you should list who you’re sharing data with, and for what purpose. This could include, but may not be limited to, analytics, marketing, payment gateways, shipping providers, and third party embeds.

We share information with third parties who help us provide our orders and store services to you; for example —

Payments
In this subsection you should list which third party payment processors you’re using to take payments on your store since these may handle customer data. We’ve included PayPal as an example, but you should remove this if you’re not using PayPal.

We accept payments through PayPal. When processing payments, some of your data will be passed to PayPal, including information required to process or support the payment, such as the purchase total and billing information.

Please see the PayPal Privacy Policy for more details.

Stripe
By using this method paymeny, you may be storing personal data or sharing data with an external service. Learn more about how this works, including what you may want to include in Stripes privacy policy.

X