Privacy Policy

Here at Cool Baby, we respect your privacy. We have taken measures to ensure that your personal information is secure, and is not disclosed to individuals or entities that are not authorized to receive it (we absolutely DO NOT pass on our customers details to any third party, unless of course required by law). The following is our Privacy Policy and describes how your personal information is collected and used. It also explains how we comply with the GDPR (General Data Protection Regulation) which came into effect on May 25th 2018.

1. Cookies

We use Google Analytics on this website. This enables us to make sure we are offering the best service possible to our customers. Google Analytics uses cookies to track the visits we have to the website and the interactions the visitor has with the website. For more information on Google Analytics and how to opt out of this and block cookies please visit Google’s Privacy Policy.

Our shopping cart system and our checkout mechanism (PayPal) also use cookies. Some of these cookies are sessional and are required for the payment process to work and no longer have an effect once you have logged out of the site. Others remain on your internet browser once you have left the site. For information on how PayPal use cookies and on blocking, deleting or disabling cookies, please see the PayPal Privacy Policy.

2. Collection of Personal Information for Orders

When you make a purchase or attempt to make a purchase through our website, we collect certain information from you. This includes your name, billing address, shipping address, email address, and phone number, all of which is necessary to complete your order. Your payment is taken through PayPal – who have their own privacy policy as mentioned above.

How do we use this information?

Personal information collected as outlines above is used to complete orders placed on our website.

We may also use this information to:

• communicate with you (e.g. if we have a query regarding your order)
• create and manage your account;
• reply to any queries you may have;

3. Collection of information for our mailing list

You are never automatically added to our mailing list – you must voluntarily sign up for this yourself on our website. We absolutely DO NOT pass on our customers details to any third party.  If you decide to join our email list – you will only receive emails when there is new stock or special offers. You are free to unsubscribe from this mailing list at any time.

4. Retention of Data

When you place an order through our website, we will maintain your Order Information and personal details for our records for a period of seven years (for accounting purposes). You are, of course, entitled to ask us to delete this information at any stage.

5. Your rights

According to https://www.itgovernance.eu/ the GDPR provides individuals with eight rights:

1. The right to be informed: Organisations need to tell individuals what data is being collected, how it’s being used, how long it will be kept and whether it will be shared with any third parties. This information must be communicated concisely and in plain language.
   2. The right to access: Individuals can submit subject access requests, which oblige organisations to provide a copy of any personal data concerning the individual. Organisations have one month to produce this information, although there are exceptions for requests that are manifestly unfounded, repetitive or excessive.
   3. The right to rectification: If the individual discovers that the information an organisation holds on them is inaccurate or incomplete, they can request that it be updated. As with the right to access, organisations have one month to do this, and the same exceptions apply.
   4. The right to erasure (also known as ‘the right to be forgotten’): Individuals can request that organisations erase their data in certain circumstances, such as when the data is no longer necessary, the data was unlawfully processed or it no longer meets the lawful ground for which it was collected. This includes instances where the individual withdraws consent.
   5. The right to restrict processing: Individuals can request that organisations limit the way an organisation uses personal data. It’s an alternative to requesting the erasure of data, and might be used when the individual contests the accuracy of their personal data or when the individual no longer needs the information but the organisation requires it to establish, exercise or defend a legal claim.
   6. The right to data portability: Individuals are permitted to obtain and reuse their personal data for their own purposes across different services. This right only applies to personal data that an individual has provided to data controllers by way of a contract or consent.
   7. The right to object: Individuals can object to the processing of personal data that is collected on the grounds of legitimate interests or the performance of a task in the interest/exercise of official authority. Organisations must stop processing information unless they can demonstrate compelling legitimate grounds for the processing that overrides the interests, rights and freedoms of the individual or if the processing is for the establishment or exercise of defence of legal claims.
   8. Rights related to automated decision making including profiling: The GDPR includes provisions for decisions made with no human involvement, such as profiling, which uses personal data to make calculated assumptions about individuals. There are strict rules about this kind of processing, and individuals are permitted to challenge and request a review of the processing if they believe the rules aren’t being followed.
2. Updates to privacy policy

Our privacy policy may be updated from time to time to reflect changes in how we do things, or for legal/regulatory reasons.

7. Questions?

For more information about our privacy practices please contact us.