Privacy Policy

SilverbySwan  is based in UK . They sells mainly to buyers in the UK, USA, France, Germany, and Italy, but offers his items for sale world-wide. In the past six years, SilverbySwan’s business has started to take off, and They recently started using a third-party delivery provider to help fulfill his orders. They uses Google Cloud to host some of his buyers’ personal information.

The GDPR requires that SilverbySwan provide certain information to his buyers in his privacy policy, including:

  • the personal information They collects;
  • the legal bases They relies on to collect, use, and share personal information;
  • the third parties with whom They shares personal information;
  • the length of time They keeps personal information;
  • if They’s transferring personal information outside of Europe (for example, if They moves his business to the United States and continues to sell to buyers in Europe, or uses a third party provider located outside of Europe, or uses Google Cloud to host some of his buyers’ information), how the transfer will be handled;
  • his buyers’ rights regarding his use of their personal information; and
  • how his buyers can contact him with privacy-related requests.

Visit this EU GDPR help site and read Articles 13 and 14 for more details on the information that must be included in your privacy policy to comply with the GDPR.

Based on GDPR requirements, here’s how SilverbySwan might introduce his privacy policy to his buyers:

This Privacy Policy describes how and when I collect, use, and share information when you purchase an item from me, contact me, or otherwise use my services through Silverbyswa.co.uk.com or its related sites and services.

This Privacy Policy does not apply to the practices of third parties that I do not own or control, including Silverbyswa.co.uk or any third party services you access through Silverbyswa.co.uk. You can reference the Silverbyswa.co.uk Privacy Policy to learn more about its privacy practices. SilverbySwan should then go on to include information on the following:

  1. Personal information They collects

SilverbySwan should go on to explain what information They collects from buyers, why They needs the information, how They uses it to fulfil orders, the third parties with whom They shares the information, and the length of time They keeps the information. Here's an example:

Information I Collect

To fulfil your order, you must provide me with certain information (which you authorised Silverbyswa.co.uk to provide to me), such as your name, email address, postal address, payment information, and the details of the product that you’re ordering. You may also choose to provide me with additional personal information (for a custom order of jewellery, for example), if you contact me directly.

  1. The legal bases They relies on to collect, use, and share personal information

The GDPR requires that you explain the legal bases you rely on to collect, use, and share personal information. The legal bases may include a buyer’s affirmative consent to receive marketing messages, compliance with legal obligations, and a seller’s use of the personal information in their legitimate interests (improving their services, for example). Throughout his privacy policy, SilverbySwan should be as clear as possible about where and why They's relying on these different legal bases. For example:

Why I Need Your Information and How I Use It

I rely on a number of legal bases to collect, use, and share your information, including:

  • as needed to provide my services, such as when I use your information to fulfil your order, to settle disputes, or to provide customer support;
  • when you have provided your affirmative consent, which you may revoke at any time, such as by signing up for my mailing list;
  • if necessary to comply with a legal obligation or court order or in connection with a legal claim, such as retaining information about your purchases if required by tax law; and
  • as necessary for the purpose of my legitimate interests, if those legitimate interests are not overridden by your rights or interests, such as 1) providing and improving my services. I use your information to provide the services you requested and in my legitimate interest to improve my services; and 2) Compliance with the Silverbyswa.co.uk Seller Policy and Terms of Use. I use your information as necessary to comply with my obligations under the Silverbyswa.co.uk Seller Policy and Terms of Use.
  1. The third parties with whom They shares personal information

The GDPR requires that you disclose the details of any personal information you share with third parties. SilverbySwan should explain to his buyers why, when, and with whom They may share buyers’ personal information. For example:

Information Sharing and Disclosure

Information about my customers is important to my business. I share your personal information for very limited reasons and in limited circumstances, as follows:

  • Silverbyswa.co.uk. I share information with Silverbyswa.co.uk as necessary to provide you my services and comply with my obligations under both the Silverbyswa.co.uk Seller Policy and Silverbyswa.co.uk Terms of Use.
  • Service providers. I engage certain trusted third parties to perform functions and provide services to my shop, such as delivery companies. I will share your personal information with these third parties, but only to the extent necessary to perform these services.
  • Business transfers. If I sell or merge my business, I may disclose your information as part of that transaction, only to the extent permitted by law.
  • Compliance with laws. I may collect, use, retain, and share your information if I have a good faith belief that it is reasonably necessary to: (a) respond to legal process or to government requests; (b) enforce my agreements, terms and policies; (c) prevent, investigate, and address fraud and other illegal activity, security, or technical issues; or (d) protect the rights, property, and safety of my customers, or others.
  1. The length of time They keeps personal information

The GDPR requires you to disclose the period of time during which you will store personal information. SilverbySwan should consider how long They needs to retain information for business purposes and to comply with any legal or tax obligations, and keep in mind that data shouldn't be kept for any longer than necessary. For example:

Data Retention

I retain your personal information only for as long as necessary to provide you with my services and as described in my Privacy Policy. However, I may also be required to retain this information to comply with my legal and regulatory obligations, to resolve disputes, and to enforce my agreements. I generally keep your data for the following time period: 4 years.

  1. If transferring personal information outside of Europe, how the transfer will be handled

GDPR requires you to disclose if you transfer personal information outside of the EU and the legal bases you rely on to do so, such as consent and contractual necessity. SilverbySwan uses Google Cloud, which is Privacy Shield certified, so They should explain to his buyers that They relies on Privacy Shield as the legal basis for the transfer of his buyers’ personal information outside of the EU. For example:

Transfers of Personal Information Outside the EU

I may store and process your information through third-party hosting services in the US and other jurisdictions. As a result, I may transfer your personal information to a jurisdiction with different data protection and government surveillance laws than your jurisdiction. If I am deemed to transfer information about you outside of the EU, I rely on Privacy Shield as the legal basis for the transfer, as Google Cloud is Privacy Shield certified.

  1. His buyers’ rights regarding his use of their personal information and his contact details

Based on GDPR requirements, SilverbySwan should finish by explaining to his buyers their rights regarding the information they provide to him on Silverbyswa.co.uk. SilverbySwan should also provide his contact details and explain to his buyers that They is the data controller of their personal information. For example:

Your Rights

If you reside in certain territories, including the EU, you have a number of rights in relation to your personal information. While some of these rights apply generally, certain rights apply only in certain limited cases. I describe these rights below:

  • Access. You may have the right to access and receive a copy of the personal information I hold about you by contacting me using the contact information below.
  • Change, restrict, delete. You may also have rights to change, restrict my use of, or delete your personal information. Absent exceptional circumstances (like where I am required to store data for legal reasons) I will generally delete your personal information upon request.
  • Object. You can object to (i) my processing of some of your information based on my legitimate interests and (ii) receiving marketing messages from me after providing your express consent to receive them. In such cases, I will delete your personal information unless I have compelling and legitimate grounds to continue using that information or if it is needed for legal reasons.
  • Complain. If you reside in the EU and wish to raise a concern about my use of your information (and without prejudice to any other rights you may have), you have the right to do so with your local data protection authority.

How to Contact Me

For purposes of EU data protection law, I, SilverbySwan , am the data controller of your personal information. If you have any questions or concerns, you may contact me at n@mail.com. Alternately, you may mail me at:

SilverbySwan’s privacy policy is intended to be a guide to the information that should be included in a privacy policy. If you use this policy as a template for your own, you should customise it so it makes sense for your shop. You can replace the details in his policy with yours, including your name, business name, email address, and newsletter settings (if you have an email newsletter). The sections entitled “Why I Need Your Information and How I Use It” and “Transfers of Personal Information Outside the EU” must be customised based on how you operate your shop. Adjust the wording to reflect the voice of your brand and add or remove information to reflect specific facets of your business. For example, if you’re a business owner, you can change the pronouns from “I” and “me” to “we” and “us” to more accurately represent your Silverbyswa.co.uk shop.

Sticking to these best practices for marketing messages and creating a privacy policy for your business will help you to comply with your obligations under the GDPR, and will signal to buyers that you take privacy seriously and have your customers’ best interests at heart.