Privacy Policy

Koko Privacy Notice

This privacy notice will change from time to time – particularly if we change the way we collect or use your personal information, so do check back here every now and then.

Introduction

At Koko, we fully understand how important privacy is to every one of our visitors and customers. We collect, use, store and retain your personal data in line with data protection legislation. This privacy notice aims to provide as much information as possible to help you understand how we look after your data, what your legal rights are in relation to that information – and how you can contact us if you have any questions or queries about how we look after your personal information.

How is your Personal Information Used – The Basics

There are a number of ways that your personal information will be collected when you make contact with Koko – mostly though it is so that we can respond to queries you send, or to process orders you have made.
You can contact us through:

  • Koko website (contact page)
  • Our Facebook Page/Facebook Messenger
  • Instagram
  • ETSY
  • Email
  • Letter



If you purchase from us, your order will be posted to you via Royal Mail. We don’t have a contract with Royal Mail – we use their standard mail service. The following sections explain in a bit more detail about what data is collected and how. We cannot control exactly how each site processes your data – but we have made checks to ensure that those sites are GDPR compliant – and at the end of the policy you will find links to the privacy policy for each organisation if you want to know more.

Koko and Marketing Materials

If you purchase through our website, you will NOT be added to any external mailing lists to do with Koko . If you wish to subscribe to my own emailing list please email sophie@kokogifts.co.uk

Koko occasionally sends out marketing materials. We will only send that information to those who have specifically asked to receive it. Information sent to us via the website contact form – or any of the methods mentioned above – are currently used only to answer the specific query or process order as applicable.

How your Personal Information is Used – The more technical bits

In this section, we try to explain they type of information we will collect or process, why we do that and how it is done. We can only process your information if we have a “legal basis” for doing that. There are 6 of those listed in the General Data Protection Regulation (GDPR). In this notice, we explain which of these apply in each case.

Here we go:
Usage Data
If you visit our website, we may process data about your use of the site (this is technically called “usage” data”). This would include information like what pages you visit, how long you spend on the site, if you got to our website through a link somewhere else (such as link from our Etsy shop) – or how often you visit our website. Our website platform is Word Press. This type of information is gathered to help to continuously improve the website and services. We currently have woocommerce google analytics integration analytic software or plug-ins attached to the website. This gathers non personally identifying information (usage data).

Legal Basis – Legitimate Interest: administration of our website and services. Some usage information is also collected by Facebook and Etsy – to allow us to see where visitors are based and how they found those pages. We do not have access to the personal information gathered by these though – only the statistics.

Contact and Enquiry Information

We may process information about you to answer your query or process an order. This may include your name, address, email address, postal address and telephone number – depending on what information you provide to us. We will receive this either directly from you for example in an email, FB message, Etsy conversation or through the contact form on our website. In all cases we receive only the information you choose to provide – and it will be used to correspond with you until your query is resolved. (If correspondence leads to a purchase we will require and process further information – please see the section please see the section “Ordering and Purchasing Information”.

Legal Basis – Consent OR the performance of a contract between you and us, and/or taking steps, at your request to enter into a contract OR legitimate interests, in particular, managing relationships with our customers.
Feedback and Other Information That You Send to Us
We may process information you send to us for publication on our website – for example, if you email feedback on an order you have received, we may share this on our website and/or social media platforms. We will always ask you if it is OK to use you personal information in this way.

Legal basis – Consent: if you have sent this information by private communication channels (such as email) then we will ask for your consent to publish this. (NOTE – if you have posted the information on any of our public sites (social media channels) we do not require consent as you have chosen to make this public – and it is therefore exempt from data protection provisions. However, we will endeavour to contact you to check if it may be shared on other social media channels)

Ordering and Purchasing Information
You can order from us in a few ways – by contacting us directly through one of our social media channels or our email address – or by making a purchase through our Etsy shop or website. If you wish to order through our social media channels you will be asked to send payment via bank transfer/ Paypal or secure I Zettle payment link. Depends on what you prefer. This will be via private message. Paypal will ask you for further contact details – such as your address, and for payment information (credit card or account details). If you order through Etsy or our website, you do this directly through that site – and will be asked for the same type of information.

Koko does not receive any of your payment account details. We only receive the information we need to complete your order – the most important being your address, so that we can send your purchases to you.

Legal Basis – This processing is necessary for the performance of a contract between you and us, and/or taking steps, at your request to enter into a contract and our legitimate interests, in particular, managing our business appropriately.

Legal Requirements
We may process any of the personal information mentioned in this policy – where necessary – for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out of court procedure. We may process personal information for the purposes of obtaining or maintaining insurance coverage, or obtaining professional advice in relation to business risk – however, this is unlikely.

Legal Basis – Legitimate Interest: The protection and assertion of our legal rights, your legal rights and the rights of others; the protection of our business against business risk.
We may also process personal information where we are required to do so to comply with any legal obligations to which we are subject – or where it is necessary to protect our vital interests or the vital interests of anyone else. (As specified in relevant legislation).

How long do we keep data

All data from orders placed through Etsy are protected within GDPR rules by Etsy themselves.

We are required to keep details of sales etc – which might include your name and address, and sometimes your email address. This is a requirement – should we need to submit information to HMRC. But like everything else we do – that information is kept safe and secure and accessed only by Koko staff.

Your Rights
Data Protection legislation is in place to help protect your personal information – and give you control over how it is used. It gives you rights associated with your data, the main ones are listed below. They won’t always apply in every circumstance – but we will explain it to you if you choose to exercise any of your rights.
• Right to access – you can request copies of any information we hold about you
• Right to rectification – If you believe we have any of you details wrong, you can ask us to correct them
• Right to Erasure – You can ask us to delete any information we hold about you. This will apply only when we do not have a legal basis to retain that information.
• Right to Restrict or Object to Processing – this is controlling exactly what data we hold – you can ask us to stop using certain data or stop carrying out certain processes with your data.
• The right to complain to a “Supervisory Authority” – an organisation that oversees Data Protection. This could be the Authority where you live, where you work – or the one for the UK, where we are based, which is the Information Commissioners Office.


LINKS TO EXTERNAL PRIVACY INFORMATION
We will try to keep list updated – but if the page link doesn’t work, you should be able to use a search engine – search for the platform name, followed by “Privacy Policy”
Google Gmail
Facebook – https://www.facebook.com/about/privacy/update and more on https://www.facebook.com/about/privacy/update
Instagram is owned by Facebook, so you can find information on those same links
Twitter – https://gdpr.twitter.com/en.html and https://gdpr.twitter.com/en/dpa.html
Etsy – https://www.etsy.com/uk/legal/privacy/
PayPal – https://www.paypal.com/en/webapps/mpp/ua/privacy-full