Privacy policy

This updated privacy policy refers to https://thegurlband.com (“gürl”, “thegurlband.com”) which is the website and online store of Watermelon Entertainment Ltd, trading as gürl.  We are committed to protecting the privacy and security of our customers and site visitors in accordance with the new General Data Protection Regulation update in 2018.

THIS POLICY WILL EXPLAIN:

  • What information we collect when you are browsing our website and communicating with us;
  • why we collect that information;
  • how we use that information;
  • how we share that information;
  • how long we keep that information and how we protect it;
  • what we won’t do with your information;
  • how you can control your information, including data removal. 

EVERYTHING WE DO RELATING TO YOUR INFORMATION IS COVERED BY THE FOLLOWING PRINCIPLES:

  • Your information belongs to you - we want you to be comfortable with everything we use it for and you are able to control it.
  • We will only collect you information and use it for genuine business purposes that have been explained to you. The only time it will be shared is it we are legally required to, and then when the purpose has been fully achieved it will be deleted.
  • We aim to be as transparent as possible in regards to what information we collect, why we collect it and how we use it. This way you are informed and able to make decisions to control your information with us in a way you are comfortable with.
  • As long as we have your information, we will keep it up to date and protect it using appropriate security measures.

thegurlband.com is a Shopify e-commerce store. Shopify's privacy policy can be viewed here:

https://www.shopify.com/legal/privacy

HOW WE COLLECT YOUR INFORMATION

  1. “Directly Provided Data” - When you create an account on our website, visit the website, purchase our products or communicate with us, you are able to voluntarily give us certain information, ie: filling in text boxes, checking boxes and clicking action buttons. This all requires a direct action from you for us to acquire it.
  2. “System Collected Data” - Whenever you use a website, app or other internet service, there’s certain information that gets created and recorded automatically by the IT systems necessary to operate that site, app or service. This is true for when you use our website. For example:
  • When you are accessing this website, we use “cookies” (a small text file sent by your computer each time you visit our website, unique to your account or browser) to make it easier for you to use our website, to improve your shopping experience with us, or so we can record data relating to the pages you viewed and activity you carried out during your visit. One example is, we may use cookies to store your language preferences so you don’t have to set them up every time you visit the website. These “cookies” may be “session cookies” (that last until you close your browser) or “persistent cookies” (which last until you or your browser deletes them). Some of the “cookies” we use are directly related to your account and other “cookies” are not.
  • In addition, the type of device you are using to access our website and the settings on that device may provide us with information about your device, including what type of device it is, what browser you are using and what operating system you’re using. What information we can be provided with depends on what type of device you are using and it’s settings. For example, different types of information are available depending on whether you’re using a Mac or PC, or an iPhone or Android phone. Your device manufacturer or operating system provider will have more details about the information that your device makes available to us.

WHAT INFORMATION WE COLLECT ABOUT YOU, WHY WE COLLECT IT AND WHAT WE DO WITH IT

In brief, we collect two types of information:

1. “Personally identifiable” information (meaning it can specifically be used to identify you); or

2. “Non-personally identifiable” information (meaning it relates to you, but can’t be used to specifically identify you). Your anonymous, unique customer number is an example of this.

When explaining the specifics of this information we collect about you, we will confirm which of the above types of data it is. We will do this for all the information we collect at different points in your user journey with us. The interaction points include:

Browsing our website https://thegurlband.com

Regardless of whether you are logged into our website, we use cookies and code which is embedded in our systems to gather and record certain “System Collected Data” regarding the visitors to the site such as:

  1. IP address of the computer or proxy server that you use to access our website - personally identifiable information.
  2. The type of device use to access our site, your operating system details and settings, your web browser and your settings for that browser, the name of your ISP (if you’re accessing our website using a mobile device) location data (if switched on) and other general device and systems information - non-personally identifiable information.
  3. Statistical information and log data about number of visits to certain pages on the site, the pages you viewed and activities you carried out during your visit; the date and time your visit; the duration of an individual page view and paths taken by visitors through the site - non-personally identifiable information.

If you are logged in to your account when on our website, a cookie on your device will also identify you, and record and associate all of this non-personally identifiable usage information and log data with your account.

SAVING TO YOUR WISHLIST

Regardless of whether you are currently logged into your account or not, we use cookies and code to record certain directly provided data every time you click the “Add to Wishlist” button. The data relates to the identity, size and other product attributes of the item you’ve saved, so that item can then be displayed in your ‘Wishlist’ during that visit. This is non-personally identifiable information. If you are logged into your account on that same visit, that non-personally identifiable information will be associated with your account, so it remains in your wishlist.

SIGNING UP FOR AN ACCOUNT

You can register for an account on our website to check out, join our mailing list and use our Wishlist features. When creating the account you will need to provide us with the following directly provided data, all of which is personally identifiable information.

  1. First and Last Name
  2. Email Address
  3. Password

You will at this point be sent an email with a link for you to confirm that you want an account created.

You can also register for an account whilst completing the check out process. This will store additional information from you including:

4. Address
5. Telephone Number

    You also have the option to opt in or out of our mailing list at this stage.
    Your account does not store any payment information.

    LOGGING INTO AN ACCOUNT

    Once registered for an account, if you wish to log in you will need to input your email address and password, this is directly provided data and personally identifiable information. This will confirm your identity and enable you to access your saved wishlist or complete a transaction with your stored information. 

    MAKING A PURCHASE FROM OUR WEBSITE (ADDING TO BAG, CHECKING OUT AND COMPLETING)

    Our store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you. 

    Your data is stored through Shopify’s data storage, databases and the general Shopify application. Shopify store your data on a secure server behind a firewall.

    Your data is stored through Shopify’s data storage, databases and the general Shopify application. Shopify store your data on a secure server behind a firewall.
    To purchase items from our website you will need to do the following:

    1. Click on the relevant button on the site to add the product(s) to the cart - at which point our systems collect this directly provided data relating to your item so this can be displayed in your ‘Cart’ until the end of your visit. This is non-personally identifiable information.
    2. Click the “Checkout” button and complete the payment stages. You will first be given the option to check out via Paypal or complete the purchase with a card payment on our site or to log in your account. You will need to input your Name, Email Address, Billing Address, Shipping Address, Telephone Number (optional) and Card details.

    PAYMENT

    If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.

    The only information stored is the last 4 digits of your card number, this is not saved within your account, just in our system attached to your order if we need to contact you for any anti-fraud checks.

    All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. 

    PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.

    For more insight, you may also want to read Shopify’s Terms of Service here or Privacy Statement here: https://www.shopify.com/legal/privacy.

    SIGNING UP TO OUR NEWSLETTER

    By signing up to our newsletter you will either need to opt in by click a check box during the checkout process when placing an order or input your details via our mailing list sign up box.

    You will need to provide your email address and the day and month of your date of birth, this is directly provided data that is personally identifiable information. We will only use your date of birth to send you exclusive discounts and promotions relating to your birthday. After registering you will receive a second email with a link you will click to confirm you wish to be part of the mailing list.

    By inputting your email address into our mailing list sign up form you are agreeing to receive newsletters from us which include the latest news, products and promotions. We will never share your information with any third parties.

    CONTACTING OUR CUSTOMER SERVICE

    If you contact our customer service for any reason, by using a contact form on our website or by directly emailing us or replying to any automated emails, we will record all data relating to the communication. These details will be directly provided data and personally identifiable information. We use this data to help us categorise your problem, respond to you, investigate with a third party if necessary (for example tracking with a postal service), deal and resolve with any issue or query you may have. This data will be stored so we have a history of all our communications, so we can ensure we have full knowledge for any potential further contact you have with us. 

    INTERACTING WITH US ON SOCIAL MEDIA CHANNELS

    By interacting with any of the gürl social channels or the separate gürl Facebook, Instagram, and Pinterest accounts, we may collect certain System Collected Data and User Authorised Data regarding your activities on those channels. Eg; if you choose to use the Facebook ‘like’ button on the gürl page on a gürl related post we may use this information to target further gürl content towards  you in future.

    CLICKING ON ANY BANNERS, HYPERLINKS OR PLUGINS.

    If you view or click on emails that we have sent you, or on banners, hyperlinks or plugins we have placed on our website or other websites, both the fact you have done so, as well as the address of the site you were on when you did so, will be directly provided data that we will record. This is all non-personally identifiable information. We use this information to track and analyse how successful those emails, banners, hyperlinks or plug are in engaging with you. We are constantly innovating to improve our website which may mean we create new ways to collect information from you. Any updates or improvements we do, we will tell you about via updates to this notice.

    COOKIE POLICY

    We use cookies when you visit our site. There are 4 main types of cookies - here’s how and why we use them.

    1. Site functionality cookies - these cookies allow you to navigate the site and use our features, such as “Add to Wishlist” and “Add to Cart”.
    2. Site analytics cookies - these cookies allow us to measure and analyse how our customer use the site, to improve both it’s functionality and your shopping experience.
    3. Customer preference cookies - when you are browsing or shopping on our website these cookies will remember your preferences (like your browsing currency), so we can make your shopping experience as seamless and personal as possible.
    4. Marketing, targeting or advertising cookies - these may be used to deliver ads relevant to you. They also limit the number of times that you see an ad and help us measure the effectiveness of our marketing campaigns.

    By accepting cookies on our site, you agree to us placing these sorts of cookies on your device and accessing them when you visit the site in future. If you want to delete any cookies that are already on your computer, the ‘help’ section in your browser should provide instructions  on how to locate the directory that stores cookies.

    Please note that by deleting or disabling future cookies, your user experience may be affected and you might not be able to browse our site to the best of its ability.

    For more information on the Cookies we use on our website and how to disable them, please read this page: https://thegurlband.com/pages/extended-cookie-policy

    Please note that we are not responsible for the content of external websites.

    HOW MAY WE USE YOUR INFORMATION?

    We collect all of this information from you for a number of different purposes, which we want you to understand - all of these purposes apply wherever gürl do business, including countries outside your own. A number of specific uses for specific data is already detailed above. But we often need to use lots of different types of information or data collectively in order for our website to work and provide the Services to you. These more fundamental purposes include the collective use of your information:

    • To ensure that our site’s content is presented to you as effectively as possible for you, and to enable you to participate in interactive features of our site, when you choose to do so - for example by providing you with a more customised experience of our website like translating our pages into your chosen language.
    • To set up and manage your account, so you can place orders, so we can provide our products and services to you, so we can make sure that the items you order get to you on time, so we can communicate with you about your orders and your account, so we can track potential problems and customise our customer service responses as best to serve you. This is basically everything that makes our website work, to deliver you the best customer experience possible and high quality merchandise.
    • To ensure all our users are genuine and to ensure that we are paid for goods that we despatch, for example, by using personal information and asking you to confirm your identity for any appropriate anti-fraud checks. We do not conduct credit checks, and nothing will affect your credit rating.
    • To update you on our latest products, news and offers. If you have registered with us and opted in for marketing communications we will send you our weekly newsletter update and any information about new products and promotions. You will also receive push notifications from gürl on your web browser if you have opted in to that service on our website. Please keep these settings up to date, you can email our customer service to notify us of any changes, request information and unsubscribe from any marketing notifications.
    • Occasionally we may have to contact you via email about the functioning of our website, security or any other important updates, you cannot opt out of these messages as they could be important and relate to your account.
    • To target gürl ads to you when you’re on certain other websites (Digital Marketing Re-Targeting), we do this using a variety of digital marketing networks and web technologies like pixels, cookies and mobile identifiers, for example your gürl search history and any other gürl ads you have previously interacted with.

    TRANSFERS OF YOUR INFORMATION

    In order to process credit/debit card transactions, the bank or card processing agency may require to verify your personal details for authorisation outside the EEA (European Economic Area). Your information will not be transferred outside the EEA for any other purpose.

    We use strict procedures and security features to provide any unauthorised access of your data on our website.

    HOW DO WE SHARE THE INFORMATION WE COLLECT

    We share your information externally with our core service providers when required for our business to function: We understand that you are sharing your personal information with gürl and not another company. But, to be able to carry out our business we do need to work with a few third parties, who help us fulfil and despatch your orders, manage our customer service support, IT support, and assist our digital marketing.

    Each of the companies that work with us have been selected by us for their ability to provide their services to our required specification, including their ability to handle any sensitive data ( like your personal information) securely and appropriately. We hold these companies fully responsible for meeting our requirements and expectations. On that basis, and only that basis, we may therefore disclose your personal information to such third parties who need to be given specific tailored access to your information to facilitate our Services by performing key tasks on our behalf, and who are obligated to only use it in line with out instructions, and not to disclose it or use it for other purposes. We are confident we can trust those third parties with that information.

    We share your information when we’re required to comply with a legal request.

    We share you information where we believe it’s reasonably necessary to protect our website: In the rare occasion our website is the subject of attempted fraudulent activities, we could be required to take certain steps to protect our business. We therefore may have to disclose some of your information if we have a good belief that disclosure is reasonably necessary to (1) detect, investigate, prevent, take action regarding or otherwise address suspected or actual illegal activities, fraud, security or technical issues or to assist government enforcement agencies; (2) encore or apply our terms and conditions of usage (3) investigate and defend ourselves against any third party claims or allegations; (4) protect the security or integrity of our Service; (5) to exercise or protect the rights, property or safety of gürl, our customers or others.

    We share your information externally with other partners when we have your consent to do so: gürl work with a handful of other partners who, whilst not essential for our business to operate, do enhance your experience with gürl, in our opinion. This includes our marketing partners and social media partners (like Facebook, Twitter or Pinterest). We will only partner with companies we believe are right for gürl and our customers, and that will enhance your experience. On that basis we might disclose your personal information (including some personally identifiable information) to such third parties who are obligated to gürl to only use it in line with our instructions, and not to disclose or use it for other purposes. We are confident that we can trust those companies, but we know people can feel strongly about their information being shared with companies when it is not essential to do, so we will only do that when you have given us your consent to do so. If you change your mind at any time, we will stop sharing as soon as we can, just email us.

    WE WILL NOT sell your information.

    This includes your name, address, contact information and payment details to any third party.

    HOW LONG DO WE KEEP YOUR INFORMATION FOR?

    In general, we retain the information you provide whilst your account with us is in existence or as needed to be able to provide the Services to you, or in the case of speaking to our customer service, indefinitely to resolve any disputes and refer to previous conversations and complaints you have had with gürl.

    Your options and choices:

    • You can verify the details you have submitted to gürl by contacting us via the methods below. Our security procedures mean that we may request proof of identity before we reveal information.
    • You can also contact us via the methods below to change, update or delete your personal information controlled by gürl regarding your account at any time.
    • You can unsubscribe to our mailing list to stop receiving any further communications from us, this can be done by emailing our customer service.
    • At any time you may request a copy of the information we have on our systems for you, please contact our customer service. There is no charge for this, we will just need you to confirm your identity.

    You may also have choices through you device or software you use to access our website. For example, the browser you use may provide you with the ability to control cookies or other types of local data storage, or your mobile deice might provide you with choices around how and whether location or other data its shared with us. If online adverts are not to your liking, we would encourage you to find out more about the Do Not Track browser setting. To learn more about these choices, please refer to your device or software provider.

    PROTECTING YOUR SECURITY

    Our website is a Shopify Store, and their privacy policy can also be viewed here: https://www.shopify.com/legal/privacy.

    Shopify offers a secure connection (https://) on any pages that you are providing data.

    Access to your data on our website is password-protected, and sensitive data (payment information) is protected by Shopify. Shopify perform annual audits to ensure their handling of your credit card information aligns with industry guidelines. Shopify are certified as a PCI DSS Level 1 compliant service provider, which is the highest level of compliance available, and our platform is audited annually by a third-party qualified security assessor.

    No method of transmission over the internet or method of electronic storage is 100% secure. Therefore, we cannot guarantee the absolute security of your personal information. 

      YOUR RIGHTS 

      GDPR

      If you are a resident of the EEA, you have the right to access the Personal Information we hold about you, to port it to a new service, and to ask that your Personal Information be corrected, updated, or erased. If you would like to exercise these rights, you may update your data, download the data we store on you, request a report containing all the data we store on you, or request personal data deletion at this link: https://thegurlband.com/pages/gdpr-compliance. Alternatively, you can contact us using the information listed below.

      CCPA

      If you are a resident of California, you have the right to access the Personal Information we hold about you (also known as the ‘Right to Know’), to port it to a new service, and to ask that your Personal Information be corrected, updated, or erased. you may update your data, download the data we store on you, request a report containing all the data we store on you, or request personal data deletion at this link: https://thegurlband.com/pages/gdpr-compliance. Alternatively, you can contact us using the information listed below.

      If you would like to designate an authorized agent to submit these requests on your behalf, please contact us at the address below.

      CONTACTING US

      For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e-mail at [email address] or by mail using the details provided below:

      Email: mustbegurl@gmail.com

      Business address: 

      Watermelon Entertainment Ltd
      49 Spencer Drive
      Midsomer Norton
      Radstock
      BA3 2DN

      Company number 13540093

      Last updated: 26/02/2022

      If you are not satisfied with our response to your complaint, you have the right to lodge your complaint with the relevant data protection authority.