Privacy Policy and Security

By continuing to browse our site, you consent to our placing cookies on your computer (unless you have chosen to disable them via your browser). 

Please visit: www.shopify.co.uk/legal/cookies for more information on Shopify's Cookie Policy.

What is a cookie?

Cookies are small encrypted text files that are stored on your computer or other device when visiting this website.

Our website requires the use of some cookies to enable you to be able to browse and add items to your shopping bag - without these cookies you would not be able to place your order. We also use cookies for some of the following reasons:-

  • Track our sales
  • Product ratings & reviews

At no point do our cookies or those of our third parties store your personal payment information.

It is possible to turn off your cookies through your website browser settings however this will affect the functionality and experience of our site. Please visit the help section of your website browser to learn how to turn your cookie settings off or please visit.

Different types of cookies?

We have classified our cookies into two different types; First and Third party cookies. First party cookies are the cookies that Grounded Body Scrub and Shopify set to offer you a fully functional experience when shopping our site.

We also use functional cookies to remember choices you’ve made or information you’ve provided, such as your username, language, or the region you are in. This allows us to tailor your website experience specifically to your preferences. For example, authentication cookies are functional cookies that are used for the duration of a session (or persistent, if you agree to the “remember me” function) to allow users to authenticate themselves on subsequent visits or to gain access to authorized content across pages. The functional cookies we use include:

  • User-centric security cookies to detect authentication abuses for a limited persistent duration, like repeated failed login attempts. These cookies are set for the specific task of increasing the security of the service.
  • Multimedia content player session cookies (flash cookies) are used for the duration of a session to store technical data needed to play back video or audio content (e.g. image quality, network link speed, and buffering parameters).
  • Load balancing session cookies are used for the duration of the session to identify the same server in the pool in order for the load balancer to redirect user requests appropriately.
  • User interface customization persistent cookies are used to store a user’s preference regarding a service across web pages.

''Shopify is dedicated to user experience and we use many tools to help us improve our website. To this end, we use performance cookies to collect information about how you use our website and how often. These cookies only gather information for statistical purposes and do not gather any information that can personally identify you. However, because these cookies are not strictly necessary for the use of our website, we require your consent to use them. The performance cookies we use include:

  • First party analytics cookies - We use these cookies to estimate the number of unique visitors, to improve our website and to detect the most searched for words in search engines that lead to a webpage. These cookies are not used to target you with online marketing. We use these cookies to learn how our website is performing and make relevant improvements to improve your browsing experience.

  • We also use Google Analytics and other third-party analytics providers to help measure how users interact with our website content. These cookies “remember” what our users have done on previous pages and how they’ve interacted with the website. For more information on Google Analytics, visit Google’s information page. For instructions on how opt out of Google Analytics, see below.

Targeting cookies are used on our website to tailor marketing to you and your interests and provide you with a more personalized service in the future. These cookies remember that you visited our website and we may share this information with third-parties, such as advertisers. Although these cookies can track your visits to our website and other sites, they typically cannot personally identify you. Without these cookies, the advertisements that you see may be less relevant and interesting to you. We do not use third-party advertising cookies.

Finally, Social plug-in tracking cookies are used by many social networks that have “social plug-in modules”. We integrate these modules into our platform to provide services than can be considered as “explicitly requested” by our users. Your consent, however, is required because some third-party social plug-in tracking cookies are used for things like behavioural advertising, analytics, and/or market research.''

Shopify (2018: https://www.shopify.co.uk/legal/cookies)

We work with carefully selected suppliers who also use cookies on our website. These cookies enable certain features that are run in conjunction with partners such as Facebook, Twitter & YouTube to function. We don't control the setting of some of these cookies so for more information about please visit the relevant third-party website. Below is a list of the main cookies that our partner suppliers use and what they use them for. We are currently auditing use of third party cookies and we will update this section.

* Facebook
* Google Analytics
* Instagram

We have tried to ensure that you our customers have full visibility of the cookies used on our website. Our website requires certain cookies to be enabled for you to be able to shop on www.groundedbodyscrub.co.uk however if you would like to restrict or block cookies from this website you can use your browser to do so. Each browser allows you to restrict or block cookies in different ways so we recommend that you visit the Help section to learn how to set your preferences.

For further information about cookies and how to manage them visit www.allaboutcookies.org.

Information we hold:

Below is a list of Information that you may have provided to us including but not limited to when you:

  • purchase products through the Website or over the phone 
  • submit rate and reviews
  • use Grounded Body Scrub applications on Facebook (Currently Not applicable as our app is not live - all app users will be notified by email when the app is live and if you're using it with a opt out link)
  • enter competitions, prize draws or promotions which we are promoting via a landing page 
  • sign up to marketing/newsletters by currently email only
  • use our customer services web-chat facility (Currently not live)
  • Information you provide our partners and when you report a problem with the website.
  • Information you provide to us when applying through the Website for registration, subscribing to any of our services or requesting further services.
  • If you contact us for any reason, we may keep a record of that correspondence via email including distributor and sales enquiries.
  • We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them and are given clear instructions and information about where the information will be stored and used, when it will be disposed of and for how long.
  • Information we collect using cookies stored on your device. Please see the section on cookies for more information and how to manage them.
    • Your IP address
    • Details of your visits to the website including, but not limited to, traffic data, location data and other communication data and the resources, advertisements and linked sites that you access.
    • Information provided to us by other companies who have obtained your permission to share information about you

Information we request and hold includes but is not limited to the following:

  • Your name, age, date of birth, sex
  • Billing and delivery postal addresses
  • Phone and fax numbers
  • Email addresses
  • Usernames and passwords
  • Browsing and shopping activities
  • Your customer queries


GDPR

How does the GDPR affect our Customers?

At Grounded Body Scrub we treat your privacy, security and data with the upmost respect and care. The privacy and security of your personal information is very important to us. We want to assure you that your information will be properly managed and protected whilst in our hands

The General Data Protection Regulation (GDPR) affects us as a Shopify merchant being based in Europe and by serving European customers in the process. It takes into account Data Protection and enhances your digital security in all aspects. We will continue to make sure your data is safe in every aspect of our Business and will frequently update our policies to ensure privacy.

    Collecting personal data

    Personal data can be a name, address, email address, social media account, or even a digital identifier such as an IP address or a cookie ID. The GDPR protects the fundamental rights of individuals within the European Union in relation to the processing of personal data. Think about the following questions:

    • Are you collecting personal data from customers in Europe?
    • If your store uses third-party apps or themes, then do they collect and process data in accordance with the GDPR?

    Privacy notice

    The GDPR (and particularly Articles 12 to 14 of the GDPR) include specific information that must be provided to individuals whose data you are processing, generally in the form of a privacy notice or privacy policy. You should make sure that you have a privacy policy that includes all of the information that you are required to provide under the regulation.

    Appointing a Data Protection Officer

    We will be appointing a Data Protection Officer (DPO) who will oversee how our organisation collects and processes personal data come the 25th of May inline with the new procedures to ensure we are meeting all the new requirements. A seperate email will be created for all enquiries, erasure requests, complaints and queries.

    Customer Consent


    Under the GDPR, you might need to obtain consent to process the personal data of your customers or change how you currently obtain that consent. For example, you might need to obtain consent from your customers if you are sending your customers marketing messages, or if you are using online advertising or retargeting apps. Where you need to obtain consent, the GDPR says that it must be "freely given, specific, informed and unambiguous." This means that the consumer needs to be given detailed information about the particular use case, and some affirmative action needs to be taken by the consumer to show consent.

    Consider the following questions:

    • Do you need to get affirmative, opt-in consent from your customers because of the personal information that you or a third-party app processes?
    • Are you providing your customers enough details around your processing activities and data usage to obtain effective consent?
    • Does the customer need to take an affirmative act to show consent?
    • Is the customer’s consent recorded and stored somewhere?

    The GDPR includes specific parental-consent requirements for processing the personal data of users under the age of 16 (this age can be lower in certain countries). Consider whether you need to change how you process customer data to either stop processing the data of those users under the age of 16 or get parental consent?

    Processing GDPR data requests

    The GDPR expands on an individual's right to access and control their personal data. You might need to update how you process customer data to respond to personal data requests protected under the GDPR.

    Subject access requests and portability

    The GDPR gives individuals the right, in certain circumstances, to request a copy of their personal data that is being processed by a company. The GDPR requires that you provide your customers with a copy of their personal data in a common, easily readable, and portable format, so that they can use that data with a different service provider. If you need to obtain this information to respond to a request, then Shopify can provide you with the information that it stores. In addition to the information that Shopify stores about your customers, you will also need to think about other service providers that you might use who may have access to your customers’ personal data, such as third-party apps.

    Consider the following questions:

    • What data would you need to provide in response to a subject access or portability request?
    • Which third parties would you need to contact in order to respond to a subject access or portability request?
    • In what format would you provide this data?
    • Do you need to change how you process customer information to provide this data?

    Erasure requests

    The GDPR gives individuals the right, in certain circumstances, to ask that their personal data be erased, or that a company restrict the processing of their personal data. You should consider whether you might be obligated to erase or restrict the processing of your customers' data in response to such a request. As with subject access requests, Shopify can help you delete personal data that it stores on your behalf, but you should also consider what third parties you may need to work with in order to fulfill an erasure request.

    Data breach notification

    If you experience a data breach and the GDPR applies to you, then you might be required to notify affected users or specific regulatory bodies. Where applicable, you're required to provide notice as quickly as 72 hours after you become aware of the breach. You should think about putting together a data breach response plan for your business so that you are prepared for such an incident.

    Subprocessing

    The GDPR imposes certain requirements on a company that uses third-party vendors and service providers to process the personal data of its users. Consider reviewing the privacy practices of the vendors and service providers that you use, including Shopify, to try to make sure that they adequately protect your customers’ personal data.

    Third-party apps

    The GDPR requires that you take a number of affirmative steps relating to your and your third-party service providers’ collection and use of personal data. This includes Shopify, but also any third-party apps that you might use in connection with your Shopify store. While Shopify is happy to help you to the extent it can with regards to its data practices, it is up to you to ensure that you are using third-party apps in a way that complies with the GDPR. Compliance needs will vary depending on where you are located, where your customers are located, where the app developer is located, and how you have implemented and installed the app. Shopify wants to make sure that you are well-positioned to be able to assess your compliance needs, and we are working with our app developers to make sure that they provide you more information about their data collection and processing practices.