Privacy Policy

1.0 WHO WE ARE

We are Sonata London Limited, a company registered in England under number 06650251 with our registered office at 1 John Charles Way, Leeds, LS12 6QA, England (“we” or “us” or “our“). We operate the website at sonatalondon.com (“the Site“). In this Privacy Policy, references to “you” means any person submitting any data to us or the Site.

If you have any questions, comments or suggestions about the way in which we use your personal information or if any of your personal information changes, please write to us at 1 John Charles Way, Leeds, LS12 6QA, England (“Main Address“) or email us at [email protected]

Your privacy is very important to you and us. We shall therefore only use your name and other information which relates to you in the manner set out in this Privacy Policy. We will only use your personal information in a way that is fair to you. We will only collect information where it is necessary for us to do so and we will only collect information if it is relevant to our dealings with you.

We will only keep your information for as long as we are either required to by law, or as is relevant for the purposes for which it was collected.

 

2.0 RELEVANT LEGISLATION

Along with our business and internal computer systems, this website is designed to comply with the following national and international legislation with regards to data protection and user privacy:

 

3.0 PERSONAL INFORMATION THAT THIS WEBSITE COLLECTS AND WHY WE COLLECT IT

This website collects and uses personal information for the following reasons:

3.1 User Accounts

For users that register on our website we store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

3.2 Online store (prospective purchases)

We may collect various information if you seek to place an order for a product on the Site. This may include some or all of the following: your name, email address, postal address, telephone number and payment card details. We need the information in order to allow you to go ahead with your use of the Site, such as placing your order for a product.

We may use that data to process payment for the product and deliver the product to you.

We may pass your name and address on to a third party in order to make delivery of the product to you.

Depending on your location, when we deliver to you, this information may be accessible internationally including in countries outside the European Economic Area. Some places outside of the EEA may not have adequate data protection laws at all or may offer differing levels of protection of personal information which are not as high as in the UK. By submitting your data to us, you acknowledge that provided we have used your data in the ways set out in this Privacy Policy, we cannot be held responsible for any use of your data by third parties who receive and process your data.

3.3 Contact forms and email links

Should you choose to contact us using the contact form on our Contact us page or an email link like this one, none of the data that you supply will be stored by this website or passed to / be processed by any of the third party data processors defined in section 6.0. Instead the data will be collated into an email and sent to us over the Simple Mail Transfer Protocol (SMTP). Our own SMTP servers are protected by TLS (sometimes known as SSL) meaning that the email content is encrypted using SHA-2, 256-bit cryptography before being sent across the internet. The email content is then decrypted by our local computers and devices. However, not all mail servers are secured in such a way. Therefore, we would suggest that you always consider email as an insecure medium and not include personal, confidential or otherwise sensitive information within an email.

3.4 Email newsletter

If you choose to join our email newsletter, the email address that you submit to us will be forwarded to MailChimp who provide us with email marketing services. We consider MailChimp to be a third party data processor (see section 6.0 below). The email address that you submit will not be stored within this website’s own database or in any of our internal computer systems.

Your email address will remain within MailChimp’s database for as long as we continue to use MailChimp’s services for email marketing or until you specifically request removal from the list. You can do this by unsubscribing using the unsubscribe links contained in any email newsletters that we send you or by requesting removal via email. When requesting removal via email, please send your email to us using the email account that is subscribed to the mailing list.

If you are under 16 years of age you MUST obtain parental consent before joining our email newsletter.

While your email address remains within the MailChimp database, you will receive periodic (approximately one per month) newsletter-style emails from us.

3.5 Site visitation tracking

Like most websites, this site uses Google Analytics (GA) to track user interaction. We use this data to determine the number of people using our site, to better understand how they find and use our web pages and to see their journey through the website.

Although GA records data such as your geographical location, device, internet browser and operating system, none of this information personally identifies you to us. GA also records your computer’s IP address which could be used to personally identify you but Google do not grant us access to this. We consider Google to be a third party data processor (see section 6.0 below).

GA makes use of cookies, details of which can be found on Google’s developer guides.

3.6 Cookies

The Site uses session cookies. Session cookies are tiny text files which identify your computer to our server as a unique user when you visit certain pages on the Site and they are stored temporarily in the cookie file of your browser until you leave the Site.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

We only use session cookies for your convenience in using the Site (for example to remember who you are when you want to amend your shopping cart) and not for obtaining or using any other information about you (for example targeted advertising other than set out above). Your browser can be set to not accept cookies, but this would restrict your use of the Site. Please accept our assurance that our use of cookies does not contain any personal or private details and are free from viruses. If you want to find out more information about cookies, go to http://www.allaboutcookies.org.

3.10 Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.

 

4.0 HOW WE STORE YOUR PERSONAL INFORMATION

As detailed in section 3.1 & section 3.2 above, if you register or place an order on this website some personal information will be stored within this website’s database. This is currently the only time where personal data will be stored on this website.

4.1 Who we share your data with

We may pass your details to other companies in our group. We may also pass your details to our agents and subcontractors to help us with any of our uses of your data set out in our Privacy Policy. For example, we may use third parties to assist us with delivering products to you and to analyse data and to provide us with marketing or customer service assistance.

  • We may pass your name and address on to a third party in order to make delivery of the product to you.
  • We may use third parties to enable us to collect payments from you.
  • We may exchange information with third parties for the purposes of fraud protection and credit risk reduction.
  • We may transfer our databases containing your personal information if we sell our business or part of it.
  • We may also disclose your details as described elsewhere in this Privacy Policy.

Other than as set out in this Privacy Policy, we shall NOT sell or disclose your personal data to third parties without obtaining your prior consent unless this is necessary for the purposes set out in this Privacy Policy or unless we are required to do so by law.

4.2 How long we retain your data

For users that register on our website we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

4.3 What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

4.4 Where we send your data

We may pass your name and address on to a third party in order to make delivery of the product to you.

 

5.0 HOW WE PROTECT YOUR DATA

5.1 Security

We have in place appropriate technical and security measures to prevent unauthorized or unlawful access to or accidental loss of or destruction or damage to your information.

We collect your personal details on a secure server.

We use PayPal to process all payments for orders securely. We consider PayPal to be a third party data processor (see section 6.0 below). You are strongly recommended not to send full credit or debit card details in unencrypted electronic communications with us.

We maintain physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of your information. Our security procedures mean that we may occasionally request proof of identity before we disclose personal information to you.

You are responsible for protecting against unauthorized access to your computer.

5.2 About this website’s servers:

This website is hosted by SiteGround within a UK data center located in London.

Just a small part of the measures they have taken to keep their servers and our website secure:

  • By default, they have set all servers to use the latest PHP 7 version with the latest security fixes.
  • They are running Apache in a chrooted environment with suExec.
  • They have sophisticated IDS/IPS systems which block malicious bots and attackers.
  • ModSecurity is installed on all of their shared servers and they update their security rules weekly, thus protecting their customers from the most common attacks.

Full details of SiteGround’s data center can be found here.

 

6.0 OUR THIRD PARTY DATA PROCESSORS

We use a number of third parties to process personal data on our behalf. These third parties have been carefully chosen and all of them comply with the legislation set out in section 2.0. All 3 of these third parties are based in the USA and are EU-U.S Privacy Shield compliant.

 

7.0 DATA BREACHES

We will report any unlawful data breach of this website’s database or the database(s) of any of our third party data processors to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.

 

8.0 CHANGES TO OUR PRIVACY POLICY

This privacy policy may change from time to time inline with legislation or industry developments. We will not explicitly inform our clients or website users of these changes. Instead, we recommend that you check this page occasionally for any policy changes. Specific policy changes and updates are mentioned in the change log below.

Any material changes to the way in which we use your data will be described in future versions of this Privacy Policy. Each time you enter the Site, change your data, order products from or through us, obtain material from us, you agree that the Privacy Policy current at that time shall apply to all information which we hold about you.

8.1 Change log

22/05/2018 – version 1.1

01/05/2018 – version 1.0

  • Privacy policy instigated

 

9.0 CONSENT

By submitting data to us and using the Site, you consent to our use of your data in the manner set out in this Privacy Policy (as amended).