Privacy & Security


Privacy Policy

We want to be completely open and transparent with how your data is used and give you control over what we do with it. We are compliant with the General Data Protection Regulation (GDPR) which came into effect on 25th May 2018.


Our principles:

-    Your information belongs to you, so you have control over it and you should be comfortable with everything that we do with your information

-    We will be clear and open with the information we collect, why we collect it, how it is used.

-    We will only collect, keep use and share your information for genuine business purposes which you have not objected to and where we are legally require to do so.

-    Security of data is highly important to us, we take all appropriate steps to ensure your data is safe with us and regularly review policies and practices.  

-    Suma Wholefoods is the data controller, and Spark Etail is the data processor.

On the My Preferences page you can check which services you are opted in to and change whenever you like.

 

How we contact you

Email

You will receive updates on new products and offers from Suma Store. We do not pass on your address to other organisations apart from Mailchimp for the purpose of marketing. Mailchimp are our email service provider that processes the sending of our emails. Mailchimp are one of the leading providers used by many businesses in the UK, you can read more about Mailchimp’s security practices here.

We may pass on your email to DPD, Hermes or Royal mail for delivery notification updates. These are service emails necessary for the delivery of your order and will not contain any marketing. These couriers will not pass on your email address to any third parties.

You can opt out of email marketing at any time, either through your My Preferences page , by simply clicking on the ‘Unsubscribe’ link which is at the bottom of all of our emails or by contacting our Customer Care team. (please note this might take a few days for all our systems to update). If you choose to opt out of marketing emails you will still receive order notification and delivery updates which are necessary for the delivery of your order as well as updates from DPD, Hermes or Royal mail but these emails will not contain any marketing.

Telephone

We may from time to time wish to contact a small number of customers to conduct surveys or gather feedback on our products or services. You can opt out of this at any time on the My Preferences page or by contacting our Customer Care Team.

Please note if you have opted out of this we may still contact you to assist the processing of your order, for example if there is a problem with delivery. 

Recommendations

We have a huge range of products covering many categories so it is important that we show you the products that you are more interested in. This is why we have developed a recommendations system which will show product recommendations based on a number of factors such as previous purchases, what other customers bought and what products are popular right now. The data used for this is anonymised and is not shared with any other organisations. These recommendations will appear on suma-store.coop and within our promotional emails.

Adverts can also be displayed on third party websites for Suma Store, these may show products you have viewed on our site.

To opt out of receiving product recommendations please visit the My Preferences page.

 

What information we store on you

Personal details

We store your personal details such as your name, email, phone number and postal address details. We use your emails for marketing purposes to send you our latest offers if you have opted in to do so. If you choose to opt out of either of these we will still hold your details for the purpose of processing your orders.  You can update your information and preferences at any time on the My Preferences page.

Order history and communications

We keep a record of all of your previous orders. This data must be held for accounting purposes and also to help with any queries you have on your previous purchases, deliveries etc.

Survey information

We occasionally run customer surveys to get your opinions and find out how we can provide you with a better service and better products. We keep the information collected from here for future reference and analysis. We use SurveyMonkey to conduct our surveys, SurveyMonkey will store the information you enter in the survey so we can access this to evaluate the survey responses. SurveyMonkey will not pass your information on to third parties. SurveyMonkey Privacy Policy .

Competitions

We regularly run competitions, we store details of all entrants for the purpose of administering the competition and notifying winners. 

Anonymised data

We record activity on our site so we can provide you with relevant product suggestions. If you’d rather we didn’t you can opt out of this on the My Preferences page.

IP Address

Your IP address is an identifying number for the device you are using to connect to the internet. We store IP addresses of customers and visitors. We use this information to analyse market trends, gather broad demographic information, and to prevent abuse of our services.

Cookies

Cookies are small pieces of information in the form of text files that are sent to your browser from our web server and are stored on your computer. Cookies are essential to using the Suma Store website.


There are three different categories these cookies are split into:

Essential to Site function cookies
 – these cookies allow you to browse the site, search for products and add items to the basket.
Helpful, non intrusive cookies – these help improve your experience on the site, for example by recognising your location therefore displaying appropriate delivery options in a banner, and reminding you of your recently viewed items.
Third Party Cookies – to help us record customer experience and to allow us to test new services, to help us improve the customer journey on the website.

 

Site Analytics and Tracking

Cookies

Cookies are small pieces of information in the form of text files that are sent to your browser from our web server and are stored on your computer. Some cookies are essential to using the Ethical Superstore website.

There are three different categories these cookies are split into:

Essential to site function cookies – these cookies allow you to browse the site, search for products and add items to the basket.

Helpful, non-intrusive cookies – these help improve your experience on the site, for example by recognising your location therefore displaying appropriate delivery options in a banner, and reminding you of your recently viewed items.

Third party cookies – to help us record customer experience and to allow us to test new services, to help us improve the customer journey on the website.  You can read about these below. 

Google Analytics

We analyse the performance of our website and improve customer experience using Google Analytics. You can read more about Google Analytics in their Privacy Policy

Google Ads

We advertise the products we sell through Google Ads (previously called Google Adwords). Sales through our site are recorded by Google Ads so we can track the performance of our adverts. As part of this we use remarketing to show adverts on 3rd party websites for products we think you will like based on your purchases and the products you have viewed on our site. You can opt out of this by visiting Google’s Ads Settings page.

Bing Ads

We advertise products we sell through Bing Ads. Sales through our site are recorded by Bing Ads so we can track the performance of our adverts. Bing Ads privacy policy.

 

Who we send data to

Email

Mailchimp are our Email Service Provider, this is the system we use to send our weekly newsletters. For this we must share customer email addresses with Mailchimp to process the emails. Addresses in Mailchimp remain within the Suma Store account and are not shared with any third parties. Mailchimp are one of the leading providers used by many businesses in the UK, you can read more about Mailchimp’s security practices here.

Delivery and order processing

To process your order we must pass on your details to Whistl Fulfilment (Gateshead) Ltd (our parent company) who manage our warehouse and ship orders. This will include your name, address, phone number, email and order details, you will only be contacted by Whistl Fulfilment (Gateshead) Ltd in relation to your order.

We use a number of courier services to get your order safely out to you. In order for this to be done we must supply these couriers with your name, address and telephone number and email address so they can complete the delivery and contact you if there are any problems with the delivery. These courier services do not own this data and so will not use it for any other purpose.

We currently use these courier services:

DPD - Information Security Policy

Hermes - Hermes Privacy Policy

Royal Mail - Royal Mail Privacy Policy

Some of the products on our site are sent on a ‘dropship’ basis , this means that they are sent out directly by the manufacturer rather than from our warehouse. If you order a product your delivery information will be passed on to the supplier so your order can be processed. These businesses do not own your data and will only contact you regarding your order

 

Payment Processing

When we process orders a fraud review is automatically conducted. If you chose to pay by card our payment provider Sage Pay will process the payment. For the purpose of processing the payment securely your name, address and order details are passed on to Sage Pay. When ordering with your credit or debit card we do not see or store your full card details, these are processed by Sage Pay.

If you choose to pay with PayPal we pass your name, address, email address and order details to PayPal. PayPal will confirm with us when the payment is completed through their systems. We do not see or store your bank or card details at any point in this process.

 

Verified by Visa

Suma Store is participating in Verified by Visa and MasterCard SecureCode for added online payment security. These services are offered by Visa and MasterCard, in association with the bank that has issued your credit or debit card. It is aimed at protecting your details when shopping online by ensuring your card is not being used by someone else and is becoming a standard across all shopping websites.

If the credit or debit card you're using to pay for your order qualifies for one of these services (not all cards do), you will be taken to a page hosted by your card issuer. This is a completely secure process. The information you provide is completely private, will only be visible to you and your card issuer, and would never be shared with other parties.

If you haven't registered before and your card qualifies, you will need to follow the on-screen instructions to register securely and create a password for your card. This is not the same as the PIN number you use for your regular shopping. It's an online shopping code that you'll be able to use to identify yourself and your card when shopping online on suma-store.coop or any other participating websites. It's the online equivalent of chip and pin which is used on the High Street. Once registered, you will be taken back to suma-store.coop to confirm your order. If you're unsure about this new service, you may be able to complete your order without registering but we recommend that you contact your card issuer to find out more about the service, as they will eventually require you to register to continue shopping online.

If you have already registered, you will be required to use your password on future online transactions.

If you would like to learn more about these services or have any difficulty with the process, please contact your card issuer who should be able to assist you, as suma-store.coop are unfortunately not able to help. Alternatively, you can always place your order by calling our Customer service team.

 

Reviews

To help us monitor how good our service and products are, we send data to our independent reviews partner eKomi who will request a review after you have made a purchase on our site.  If you decide to leave a review your data will be processed by eKomi for the purpose of showing this review.  For the purpose of this we will pass on your email address, name and products purchased. For any product reviews you leave, your first name and last initial will be displayed on our site. Your review will be available to view on the eKomi website, and may also be published on ours.
If you would like not to be asked to review your purchase please contact us.

After you have completed a purchase you may see a notification from Google asking if you would like Google to send an email with a survey after your order is complete. If you agree to this your email address will be passed on to Google so they can contact you to conduct the survey. If you do not want your information passed to Google select 'No' on the notification.

 

Competitions

We occasionally run competitions on our website. We use Woobox to administer and collect entries to our competitions. Your data is not used by Woobox in any way other than to record the entry to the competition. Woobox privacy policy.

 

Postcode Anywhere

We use a system called Postcode Anywhere to make it easier to enter your address details. This enables you to enter your postcode and select the address from the drop down list this provides. Data is sent to Postcode Anywhere when your postcode is entered so they can provide a list of addresses for you to choose from. Postcode Anywhere do not store or use this data for anything other than the purpose of generating the list of addresses for you to choose from. Postcode Anywhere Privacy Policy.

 

 

How long we keep your information for

For the purposes stated above we will keep your information as long as your account is active or as needed to provide our services to you.

If legally required or if it is reasonably necessary to meet regulatory requirements, resolve disputes, prevent fraud and abuse, or enforce our Terms and Conditions, we may also retain some of your information for a limited period of time as required, even after you have closed your account or it is no longer needed to provide the Services to you.

 

You have the right to see the data we hold about you

You have the right to see what personal data we hold about you.

Should you wish to obtain a copy of the personal information we hold about you, or information on how it is being used, you may do so by submitting a request in one of the following ways:

-    Write to us at Spark Etail, Follingsby Avenue, Follingsby Park, Gateshead, NE10 8HQ
-    Contact our customer services team via email enquiries@suma-store.coop or by phone on 0333 400 7890

We will respond to any request for such information in a prompt manor, without any undue delay and within one month of receipt.

Please be aware that in some circumstances it may be necessary for you to provide us with more information so we can correctly confirm your identity matches that of the subject access request.
There is no fee for submitting a subject access request. However, excessive requests will be subject to a reasonable fee for the administrative costs of complying with the request.

You also have the right to request at any time to have any inaccurate personal information we hold about you rectified.
 

Your right to be forgotten

You have the right to have some of the personal data held on you removed.  If you would like your information removed please write to us at Spark Etail, Follingsby Avenue, Follingsby Park, Gateshead, NE10 8HQ. Or contact us by email at enquiries@suma-store.coop.
Please note there are some exceptions to this where we must adhere to legal compliance, for example we have to keep financial information for at least six years. We can also retain information to comply with a legal obligation or for the prevention of fraud.

We will not sell your information

We do not sell data – at no point will sell your personally identifiable information – including your name, address, e-mail address, or credit card information - to any third party.  

 

Security

For orders through the Shop, we work to protect the security of your payment information during transmission by using Secure Sockets Layer (SSL) software, which encrypts information you input.

The Site uses reasonable security methods to protect the personal data (e.g., contact details) that resides on our servers. However, no security system is impenetrable. suma-store.coop cannot warrant or guarantee the security of its or its partners' servers, nor can it guarantee that information that Shop Users supply will not be intercepted while being transmitted to suma-store.coop or its partners over the Internet.

When you register to purchase products on the Shop, you will be asked provide your email and password. You must keep your passwords confidential and must not disclose it to or share it with anyone. You are responsible for all activities that occur under your login details for the Shop. If you know or suspect that someone else knows your password, notify us immediately at enquiries@suma-store.coop.


Privacy Policy updated: 01/09/22