Royale Maps privacy policy

WHO WE ARE AND HOW YOU CAN CONTACT US

If you have any questions about our privacy policy, you can contact us: guide@royalemaps.com

Our full address is:

Royale Maps
Highgarden
Bradda Glen Close
IM9 6PG Port Erin
Isle of Man

Please note that Royale Maps is creating and selling original maps & home decor accessories. As an e-commerce company that sells directly to consumers via this website, we are processing your data to understand user behaviour better and offer you a better experience (with tools like Google Analytics). We also need your data to fulfil your orders and for this we need to submit your data to our fulfilment partners and shipping companies like USPS.

Changes to this Policy and Acceptance

We may update this Policy from time to time. If we do, we will inform you about any major changes, either by notifying you on the site or by sending you an email. If you purchase from our website, that means you accept this policy.

How this Policy Applies

This policy describes the information we collect from you, how we use that information and what our legal basis is for this. We will also explain how we might share this information and your rights regarding any information that you give to us.

Please also refer to our Terms & Conditions.

We will specifically ask you for your consent whenever this privacy policy applies.
An exception of this rule is if a consent isn’t possible for technical reasons and the processing of your data is allowed or legally required.
Our website may occasionally include links to other websites or services whose privacy practices may differ from ours. When you use a link to an external site or service, the privacy policy and data processing disclosures for that site or service governs.

If you do not understand this policy please email us at guide@royalemaps.com. If you agree to this policy and don’t contact us with any questions, you’re acknowledging that you have read and understood this privacy policy.

Why we’re collecting data

We are collecting data in accordance with GDPR Article 6, and in particular for the following reasons:

Performing the contract we have with you: we need your personal data to comply with our contractual obligation to deliver our products to you. Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

Consent: in some cases, we process personal data based on the consent you expressly grant to us at the time we collect such data. When we process personal data based on your consent, it will be expressly indicated to you at the point and time of collection.

Legal compliance: sometimes we have to collect and use your data required by law. Tax laws for example require us to retain records of purchases and payments.

Legitimate interests: this is a technical term in data protection law which basically means we have a good and fair reason to use your data and we do so in ways which do not hurt your interests and rights. We sometimes require your data to pursue our legitimate interests in a way that might reasonably be expected as part of running our business and that does not materially impact your rights, freedom or interests. For example, we use identity, device, and location information to prevent fraud and abuse and to keep our services secure. We also analyse how users interact with our website to better understand what elements of the design are working well and which are not working so well. This allows us to improve and develop the quality of the online experience we offer you.

What informations do we collect?

 

Log files.

In order for you to interact with us (like contacting us, purchasing from us etc) we need to collect and process information.
Depending on the specific type of interaction with us, the data we collect may include:

Information about your device
Information about your web browser
IP address
Time zone
Some of the cookies that are installed on your device
Information about the individual web pages or products that you view
What websites or search terms referred you to the site
Information about how you interact with the site

With this we create log files. The data from these can be attributed to a user. For example a web link that leads you to our website could include data that could be used to identify you. These data will be saved in our system in the log files.

The lawful basis for data processing is Art. 1 – 1 GDPR.

Cookies.

A cookie is a small file made of letters and numbers that we store via your browser.
Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site.

We use the following categories of cookies:

Strictly necessary cookies. These are cookies which are needed to make the website work properly. They include, for example, cookies that enable you to log in, use a shopping cart or make secure payments.

Analytical/performance cookies. These allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.

Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region). These also allow us to tell if you’ve left any products in your basket without checking out.

Targeting cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website relevant to your interests and for advertising and retargeting purposes. We may also share this information with third parties for this purpose (such as Google).

We use tools from the following third parties. Please note that these tools also may use cookies, over which we have no control. These cookies are likely to be analytical/performance cookies or targeting cookies. We only work with third parties who value your privacy that are compliant with GDPR.

Google Tools (https://policies.google.com/privacy):
Google Analytics: to understand from where users are visiting us and how they navigate our site.

Other information that we store

When you buy a product from us.
We store your full name, address, e-mail address and maybe phone number if you choose to provide it – the more details you provide the more ways we have to contact you regarding your order in case there are problems. We will also send you emails relating to your transactions on our website (order confirmation, tracking number).
We will share your information with our fulfilment company/companies so they can pack your order and label the packages properly
We will share your data with our shipping partners depending on the shipping option you choose this may be DHL, Royal Mail or USPS who then in turn will share the data with sub-companies they work with in your locality. They may use the data you provide to send you updates regarding your order status or contact you in case of any problems.
We will also share the data necessary (Name, Address, Goods purchased and amount) with tax authorities.

Payment

Paypal stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.

All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.

PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.

For more insight, you may also want to read Paypal’s Terms of Service or Privacy Statement.

How your information might shared

Your information is not shared publicly.

Information that’s shared with trusted third-party services:

In order to deliver your goods, improve our website and promote our services we have to share your information with third-party services. Examples are payment processors, our shipping partners, our fulfilment company, tools like Google Analytics and more. We may also share information that’s aggregated and anonymised in a way that it doesn’t directly identify you.

Information that’s shared to protect Royale Maps and comply with the law:

We do reserve the right to disclose personal information when we believe that doing so is reasonably necessary to comply with the law or law enforcement, to prevent fraud or abuse, or to protect Royale Map’s legal rights, property, or the safety of Royale Maps, its employees, customers, or others.

Business Transfers

Royale Maps may sell, transfer, or otherwise share some or all of its business or assets, including your personal data, in connection with a business deal (or the evaluation of a potential business deal) such as a merger, consolidation, acquisition, reorganisation, or sale of assets or in the event of bankruptcy. You acknowledge that this may happen and that any acquirer or successor of Royale Maps or its assets may continue to use your personal data as set forth in this privacy policy. If this happens, we will notify you via email and explain the choices you may have regarding your personal data.

Data retention

Generally, your data will be deleted when the purpose of saving it in the first place has been accomplished unless we have to keep your data on file for legal reasons.
We will save your email address for newsletter purposes until you opt-out of our newsletter. We will keep your personal information for tax authorities (your name, address, products ordered).
We also collect and maintain aggregated, anonymised information which we may retain indefinitely to protect the safety and security of our website, improve our services or comply with legal obligations.

Data transfers

Some of our third party plugins (like Google or Facebook) are US based companies so a data transfer from the EU & Switzerland to the USA happens. All these third party providers are certified under the EU – U.S. and Swiss – U.S. Privacy Shield frameworks, which are a legal mechanism to enable the transfer of personal data from the EEA and Switzerland to the US, where certified organisations guarantee to provide a level of protection in line with EU data protection law.

Your rights

We give everyone who interacts with us the same rights. These include the right to request:

Deletion (erasure) of your personal data
Correction (rectification) of your data
Access to your data
An export of your data in a common (portable) format
These requests will be addressed by us within 3 weeks, unless they are exceptionally complex or numerous (in accordance with General Data Protection Regulation, Article 12(3)).

Erasure

You have the right to request that your personal data be erased in certain circumstances. If we receive a request from you to delete your personal data, we will:

Verify that you are you (or in GDPR terms that the requester is the same as the data subject, i.e, the requester is not asking to erase someone else’s personal data).

Confirm there is no legal reason to preserve this data.

If both conditions are satisfied, we will delete the data in our system. In addition to that, we will also work with any relevant third parties to make sure that they delete or anonymise the personal data.

Timing

Personal data cannot be erased from our systems while it is:

Associated with a pending order.
Associated with an order made fewer than 180 days before the request (the usual window in which a buyer can make a chargeback).
If the buyer’s personal data cannot be erased for this reason, we will re-submit the deletion request after the appropriate time has passed.

Scope

When processing a request for erasure, we will anonymise the personal data of the buyer, but keep non-personal data such as revenue information and order details. Order details that are retained include the gateway used to process payment, time of sale, amount paid, currency, subtotal, shipping cost, taxes added, shipping method, item quantity, item name, SKU, and payment method.

Data portability

If you ask for it, we will provide you with your personal data upon request. This data will be provided in a commonly used and machine-readable format.

EXCEPTIONS APPLY – we may retain certain information as required by law or as necessary for our legitimate business purposes.

Opt-out

You can opt out of the collection of data by asking us to do via email: guide@royalemaps.com 
This includes:

Cookies
Social Sharing tools
Google Tools
Other user behaviour tools

Please note that you can opt out via different methods:

Web Browser Controls

You can prevent the use of certain Tracking Tools, such as cookies using the controls in your web browser. These controls can be found here: Tools > Internet Options (or similar). Through your web browser, you may be able to:

Delete existing Tracking Tools
Disable future Tracking Tools
Set your browser to provide you with a warning each time a cookie or certain other Tracking Tools are being set

Mobile Opt Out

Your mobile devices may offer settings that enable you to make choices about the collection, use, or transfer of mobile app information for behavioral advertising. You may also opt-out of certain tracking tools on mobile devices by installing the DAA’s AppChoice app on your mobile device (for iTunes, visit https://itunes.apple.com/us/app/appchoices/id894822870?mt=8, for Android, visit https://play.google.com/store/apps/details?id=com.DAA.appchoices&hl=en). For more information, please visit http://support.apple.com/kb/HT4228, https://support.google.com/ads/answer/2662922?hl=en or http://www.applicationprivacy.org/expressing-your-behavioral-advertising-choices-on-a-mobile-device, as applicable.

Please be aware of this: some opt-outs are cookie based. This means that when opting-out you will have a cookie placed on your device that lets us know you have opted-out. If you delete your cookies, use a different browser, or use a different device, you will need to renew your opt-out choice.

Emails: We will give you the ability to opt-out of marketing-related emails via a link at the bottom of each such email. You cannot opt-out of receiving certain non-marketing emails regarding the Service. For example if we sell the company, we will also send you an order confirmation and tracking if applicable.

Please note that opting-out of behavioral Advertising does not mean that you will no longer see any online ads. It only means that such ads will no longer be tailored to your specific viewing habits or interests. You may continue to see ads from us.

Security

We work with partners who encrypt the data. For example Paypal and all online stores powered by Woocommerce are Level 1 PCI-DSS compliant. We have agreements with our partners in place who also are GDPR compliant.

However no method of transmission over the internet or electronic storage is completely secure, so we cannot guarantee its absolute security.

Data Protection Authority complaint

You have the right to file a complaint (in accordance with article 78 GDPR) with your local data protection authority if you think that this privacy policy is not in accordance with the GDPR.

Data protection officer

As a small family-run company, we don’t need one.
However you can of course contact us regarding any of this at guide@royalemaps.com.

Children protection

People under 18 (or the legal age in your jurisdiction) are not permitted to interact with us on their own. Royale Maps does not knowingly collect any personal information from children under the age of 13 and children under 13 are not permitted to interact with us or buy from us.

If you believe that a child has provided us with personal information, please contact us at guide@royalemaps.com. If we become aware that a child under age 13 has provided us with personally identifiable information, we’ll delete it.