Nosila Crafts is a trading name of Mac Uaid Enterprises Limited (“we”, “us”, “our”), the data controller responsible for the personal data you provide when using this website or placing orders with us. We are committed to protecting your privacy and handling your data in compliance with the General Data Protection Regulation (GDPR) and the Irish Data Protection Act 2018.
By using our website or placing an order, you agree to the practices described in this Privacy Policy.
1. Personal Data We Collect
We collect the following categories of personal data:
- Order Information
- When you make or attempt to make a purchase, we collect:
- Name
- Billing and shipping address
- Email address
- Phone number
- Payment details (processed securely by our payment provider; we do not store full card details)
- Order details (items purchased, delivery preferences, notes)
Device Information
When you visit the website, we automatically collect:
- IP address
- Browser type
- Time zone
- Cookies stored on your device
- Information about the pages you view
- Information about referring websites or search terms
- How you interact with the website
Technologies Used
- “Cookies” (small data files stored on your device)
- “Log files” (track site activity, IP, browser, ISP, time stamps)
- “Web beacons”, “tags”, or “pixels” (analyse browsing behaviour)
2. How We Use Your Personal Data
We use your data to:
- Process and fulfil your orders
- Process payments and prevent fraud
- Communicate with you regarding your order
- Provide invoices, confirmations, and delivery updates
- Respond to enquiries and customer service requests
- Improve and optimise our website and services
- Screen orders for risk or fraudulent activity
- Provide information or advertising relating to our products (only where legally permitted)
The legal bases for processing your data include:
- Performance of a contract
- Compliance with legal obligations
- Our legitimate business interests
- Your consent (where required)
3. Sharing Your Personal Data
We share your data only with trusted third parties necessary to operate our business, including:
- SumUp (online store platform & payment processor)
- Delivery providers such as An Post
- Email and communication service providers
- Analytics services, such as Google Analytics
Each third party processes your data solely to perform their services for us and not for their own purposes.
We may also share data where required to comply with:
- Law enforcement requests
- Court orders
- Legal obligations
- Fraud protection measures
We do not sell or rent your personal data.
4. International Data Transfers
Some service providers may be located outside the European Economic Area (EEA). Where this occurs, transfers are made only when:
- The destination country has been deemed to offer adequate protection, or
- The provider has implemented GDPR-approved safeguards such as Standard Contractual Clauses
We ensure all transfers comply with data protection legislation.
5. Your Rights Under GDPR
You have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate data
- Request deletion (“right to be forgotten”)
- Object to processing, including profiling
- Request restriction of processing
- Request data portability
- Withdraw consent at any time (where processing is based on consent)
- Lodge a complaint with the Data Protection Commission (Ireland)
To exercise these rights, contact us via the contact form on the website.
6. Data Retention
We retain Order Information for as long as necessary to fulfil your order and comply with:
- Legal obligations
- Tax requirements
- Regulatory requirements
After this period, your data is securely deleted.
Device Information is retained for analytics and website security for a reasonable period.
7. Cookies
Cookies are used to enhance your browsing experience, enable basic site functionality, and analyse site usage.
You can disable cookies through your browser settings.
More information may be found at: www.allaboutcookies.org
8. Security
We take appropriate technical and organisational measures to protect your data from loss, misuse, unauthorised access, alteration, or disclosure.
However, no internet transmission is ever completely secure; you provide data at your own risk.
9. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect regulatory changes or operational updates. Continued use of the website after any changes constitutes acceptance of the updated policy.
10. Contact Us
If you have any questions about this Privacy Policy, or if you wish to exercise your GDPR rights, please contact us using the contact form at the bottom of the website.