Last review on 24 May 2018
For any privacy-specific requests like "Right of Access" (getting), "Right to Rectification" (updating) and "Right to Erasure" (deleting) your personal data, you are advised to send e-mail to firstname.lastname@example.org
Black Iris Handcraft takes all precautions and measures to ensure that your privacy is protected and secures the site using all known measures.
Under no circumstances will we sell or trade your information to any third party.
Our site requires that our users give us contact information in order to benefit the customer to the maximum. Details required pertain to queries, purchases, product information.
Following the customers entrance to our site users may request not to receive future mailings (see the choice/opt-out section).
Financial information that is collected is on a secure server (SSL).
Financial information (such as credit card numbers) is collected on a third party secure server in order to allow orders to be sent our customers and to update customers of new services, specials, and products.
Financial information that is collected is deleted from the secure server in a timely manner after the completion of the transaction for which it was used.
To opt out from further communication by us please send an email to the following address
Send e-mail to: email@example.com with "remove" in the subject line.
1. At the completion of all transaction, financial information is deleted from the server.
2. Orders are handled individually and manually.
3. The orders are handled by the company internally.
4. The company takes all security measures to protect the loss, misuse, and alteration of information under our control.
What is the GDPR, exactly?
The GDPR is a new law that concerns itself with the handling of personal data of European Union (EU) residents. It takes effect on May 25, 2018.
Over two years in the making, the GDPR is intended to give EU residents more visibility and control over their personal data: how websites, including eCommerce websites, collect data; who they share it with; and what tracking technologies monitor them across the Internet.
If you sell to EU residents, this law applies to you — even if you aren't in the EU. Fines for non-compliance will be substantial and can be levied on businesses both in and outside the EU.
What new privacy-related rights does the GDPR gives EU residents?
The new law requires stores to inform their customers about what information they collect, store, and share, and establishes specific rules about the kind of consent required before stores can collect personal data. That means that stores will be asking for consent more explicitly and detailing their use of personal data more specifically in their privacy policies.
In addition to clearer notices and privacy policies, the GDPR also gives EU residents powerful new rights such as the Right of Access, Right to Rectification, and Right to Erasure.
That means that EU residents will be able to:
Demand a copy of all the data you have about them.
Demand any errors in the data be corrected.
Request the removal of all personal data.
The GDPR also gives EU residents the right to find out if their personal data has been compromised. Websites will need to notify customers if their personal data is stolen in a breach and do so in a timely manner.
What's Personal Data, Exactly?
GDPR isn't about all information—the new rights for EU residents specifically apply to Personal Data.
Personal Data means anything that can identify a person, either on its own or combined with other data. Examples include a person's:
Physical address or email address
Last four credit card digits
Shipping tracking numbers (these are unique to an order, and thus to a person)
Basically, if you can use a piece of data to identify an EU resident or combine it with other data to identify them—that's personal data.