Hot Potato | Privacy Policy

In the following policy, LITA Trading LTD refers to the service offered by LITA Trading LTD (the "Company" or "We") through the hot-potato.co.uk website (the "Service"). This Privacy Policy explains (i) what information we collect through your access and use of our Service (ii) the use we make of such information; and (iii) the security level we provide for protecting such information.

 

By visiting hot-potato.co.uk and using the Services provided here, you agree to the terms outlined in this privacy policy.

 

 

Updates To Our Privacy Policy

 

This page entails the latest version of our privacy policy, which was last updated and published on 10/03/2021. To request earlier versions of this privacy policy, please contact us at the following email address info@hot-potato.co.uk or via the contact form on our website.

 

 

(i) The Data We Collect, (ii) How We Collect It, (iii) How We Use It, (iv) Who We Share It With & Why

 

Full name: We collect full names from incoming email correspondence, from our contact form on our Wix website and from telephone communications. We use this information for confidential customer correspondence, addressing traded goods to customers when they order from us, and for writing invoices to customers who have ordered from us. We may share full names with the following third parties:

  • Parcel2Go and other third party carrier services who help us deliver our products to our customers.

  • Sage if we need to issue an invoice to a customer.

  • Stripe for processing card payments.

 

Telephone number: We collect telephone numbers provided to us when (i) a customer makes a purchase on our Wix website, (ii) when this information is provided in email correspondence, (iii) if someone contacts us by telephone. When a customer makes a purchase on our Wix website, Wix collects the telephone number provided by the customer and sends this information to us via email, as well as sending this information to third party Stripe for processing card payments. Through our use of Stripe we can view the customer’s provided telephone number. We use telephone numbers for direct correspondence. We may share telephones numbers with the following third parties:

  • Parcel2Go, and other third party carrier services who help us deliver our products to our customers, so that customers can be contacted about their deliveries.

  • Sage if we need to issue an invoice to a customer.

 

Email address: We collect email addresses from incoming email correspondence, from our contact form on our Wix website and from telephone communications. We use this information for correspondence with customers and stockists. We may share email addresses with the following third parties:

  • Parcel2Go and other third party carrier services who help us deliver our products to our customers.

  • Sage if we need to issue an invoice to a customer.

  • Stripe for processing card payments.

 

Email correspondence: We keep digital copies of all email correspondence with third party service GetMyMail. We also collect correspondence provided to us from our contact form on our Wix website. We use email correspondence for the purpose of fulfilling the enquiry as stated in the correspondence. When correspondence is submitted in the contact form on our Wix website, Wix sends us this correspondence via email.

 

Billing address: When a customer checks out on our Wix website, or contacts us via telephone and provides a billing address manually, or if a billing address is included in email correspondence, we collect the billing address provided by the customer. When a customer checks out on our Wix website, Wix shares the billing address with Stripe to process card payments and Wix sends us the billing address via email. We may use billing addresses to write customer invoices. We may share billing addresses with the following third parties:

  • Sage if we need to issue an invoice to a customer.

 

Delivery address: When a customer checks out on our Wix website, or contacts us via telephone and provides a delivery address manually, or if a delivery address is included in email correspondence, we collect the delivery address provided by the customer. When a customer checks out on our Wix website, Wix shares the delivery address with Stripe to process card payments and Wix sends us the delivery address via email. We use delivery addresses to process deliveries we make to customers. We may share delivery addresses with the following third parties:

  • Parcel2Go, and other third party delivery services where necessary, to process deliveries to customers.

  • Sage if we need to issue an invoice to a customer.

 

Card details: When a customer checks out on our Wix website, Wix shares the provided card details with third party service Stripe to process card payments. When a customer makes a purchase via telephone call and provides their card details over the telephone, we use this information to process the payment through third party Sage and the data is shared with third party Stripe.

We may have access to some payment card details from Stripe, such as:

  • The last 4 digits of the payment card number.

  • The expiry month and year of the payment card.

  • The type of payment card.

  • The issuer of the payment card.

  • The name on the payment card.

  • The address associated with the payment card.

  • The country of origin of the payment card.

  • Whether the payment card passed a CVC check during the transaction.

  • Whether the payment card passed a street check during the transaction.

  • Whether the payment card passed a Zip check during the transaction.

 

IP address: When a customer checks out on our Wix website, Wix sends the IP address of the session to third party service Stripe to process card payments. We can view the IP address associated with each transaction made on our website through our use of Stripe.

 

Website visitor metadata: When a customer checks out on our Wix website, Wix sends some metadata of the session to third party service Stripe to process card payments. Through our use of Stripe, for every transaction made on our website, we may be able to view the transaction’s invoice ID number, the Wix transaction ID, the time and date the transaction occurred, and the time and date when Stripe took payment from the customer’s payment card. We use third party trackers, cookies and services on our website to aid the functionality of our website and to provide us with aggregated analytics of visitor usage. Such third party services include Google Analytics trackers, POWR map tools, other trackers and cookies provided by Wix and payment services from Stripe. Visitors to our Wix website are initially prompted whether they wish to accept cookies, along with a direct link to our privacy policy page. Our website contains no pop-ups or advertisements.

 

Public stockist information: Our website contains a map tool provided by third party service POWR. We collect publicly available information about our stockists from their websites, such as telephone number, address, and website URL, to use with our map tool on our website. Please see POWR’s privacy policy for more information about how POWR use this information.

Customer Communication

 

We will only contact you using methods of communication you provide us with. If you would like to change your preferred contact method, please contact us via telephone, email address or via our contact form on our website. We will only use the personal information you provide to us to contact you under the following circumstances:

  • Confirmation of customer orders.

  • Updates to customer orders, such as delivery tracking information.

  • Any correspondence relating to an enquiry we’ve received.

  • Invoicing customers.

  • Notifying customers and creditors of their outstanding balances.

  • Business liaison with stockists and prospective stockists.

 

 

Redress and Security Information

 

Our access to records of customer card details is limited to our use of third party service Stripe, which may only provide us with partial card details which we may use for transaction verification purposes. We do not retain a complete record of customer card details.

 

All personal information is stored on paper and/or through an online third party provider, and is hence subject to the third party’s security measures beyond our credentials which we use to access to our accounts with these third party services. An example being third party service GetMyMail, which stores all digital records of our email correspondence.

 

For each service we use, we utilise password manager KeyPassXC to generate a unique, strong and random password of maximum character length. We also use two factor authentication methods where available as an extra security measure.

 

All locally saved digital copies of information are deleted after a period of time, and our systems are cleared on a regular basis to ensure that deleted files are not recoverable.

 

Any information we retain on paper is shredded and recycled after a period of time. We keep financial records for the minimum length of time required by UK law, and for a finite period of time afterwards. All digital financial records are processed with Sage and all paper financial records are stored on site.

 

All email correspondence, and incoming correspondence via our contact form on our website, is hosted via third party email provider GetMyMail. We do not store email correspondence outside of this service. Correspondence sent to us via our contact form on our website is managed by Wix before reaching us. Any responses we make to contact form enquiries are managed through GetMyMail and no other service unless requested by the enquirer, such as responding to the enquirer via telephone communication. All email correspondence is deleted after a finite period of time.

 

Our company is hosted on the Wix platform. Wix provides us with the online platform that allows us to sell our products and services to you. Your data may be stored through Wix’s data storage, databases and the general Wix applications. They store your data on secure servers behind a firewall. All direct payment gateways offered by Wix and used by our company adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.

 

 

Third Parties

 

We use the following third parties to help us operate:

 

  • Wix to host our website.

  • POWR Maps to host our map tool on our website.

  • EasySpace (GetMyMail) to provide all email correspondence utilities.

  • Google to (i) provide analytics trackers on our website, supplying us with an aggregated view of visitors’ usage of our website and (ii) to run AdWords in Google search results and provide us with aggregated analytics of how visitors use AdWords to be directed to our website.

  • Stripe to process customer card payments and card details.

  • Sage to record financial transactions.

  • Parcel2Go to handle deliveries to customers. This usually involves selecting Hermes as a carrier but under some circumstances we may choose other third parties as the carrier for customer orders.

 

We do not actively share your personal information with third parties for advertisement profiling or marketing research. We encourage website visitors and customers to read the privacy policies of all our third party service providers.

 

 

Your Personal Data Rights

 

You have the following rights concerning your personal data that we hold and process that you can exercise at any time:

 

  • Right of access: You have the right to request a copy of the information that we hold about you.

  • Right of rectification: You have a right to correct personal data that we hold about you that is inaccurate or incomplete.

  • Right to be forgotten: In certain circumstances you can ask for the personal data we hold about you to be erased from our records.

  • Right to judicial review: In the event that we refuse your request under rights of access, we will provide you with a reason as to why. You have the right to complain as outlined in the process below.

 

All of the above requests will be forwarded on to other parties holding and processing your personal data where appropriate.

To exercise your rights or suggest an improvement to our privacy practices, or if you feel that your privacy has been violated, please contact us at this address info@hot-potato.co.uk or use our contact form on our website. If you are not satisfied with our response you can complain to the data protection authority in the country in which you reside.

 

 

 

 

Future Changes

 

All changes to our privacy policy will be made publicly available on our website. Upon publication, privacy policy changes will come into effect. We have the right to update our privacy policy at any time. Customers have a right to be informed about revisions to our data privacy policy.

 

 

Contact Information