PRIVACY POLICY

OriginalState.store is an online business which creates and publishes journals.

In order for us to provide this service to you, at times we will be processing your personal data.  Your personal data is important to us and we want to provide you with assurances that we are processing your personal data in compliance with regulation such as the GDPR and the Data Protection Act 2018 (‘Data Protection Laws’).

Definitions, for the purposes of this policy:

•  ‘We’, ‘Our’, ‘Us’ ‘Organisation’ will mean OriginalState.store.  

•  ‘You’ means any person who is accessing and using the site: www.originalstate.store , whether an individual accessing or using the site, or the company, or other legal entity on behalf of which such individual is accessing or using the site, as applicable. Under GDPR (General Data Protection Regulation), You can be referred to as the Data Subject or as the User as you are the individual using the site.

• Service refers to OriginalState.store (the Website).

• Country refers to: United Kingdom

• Service Provider means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist the Company in analysing how the Service is used.
  
  For the purpose of the GDPR, Service Providers are considered Data Processors.

​

• Personal Data is any information that relates to an identified or identifiable individual.
  
  For the purposes for GDPR, Personal Data means any information relating to You such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity.
  
  For the purposes of the CCPA, Personal Data means any information that identifies, relates to, describes or is capable of being associated with, or could reasonably be linked, directly or indirectly, with You.

• Cookies are small files that are placed on Your computer, mobile device or any other device by a website, containing the details of Your browsing history on that website among its many uses.

• Device means any device that can access the Service such as a computer, a mobile phone or a digital tablet.

• Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).

• Data Controller, for the purposes of the GDPR (General Data Protection Regulation), refers to ‘We’ and ‘Us’ as the legal person which alone or jointly with others determines the purposes and means of the processing of Personal Data.

• Do Not Track (DNT) is a concept that has been promoted by US regulatory authorities, in particular the U.S. Federal Trade Commission (FTC), for the Internet industry to develop and implement a mechanism for allowing internet users to control the tracking of their online activities across websites.

• Business, for the purpose of the CCPA (California Consumer Privacy Act), refers to the person as the legal entity that collects Consumers' personal information and determines the purposes and means of the processing of Consumers' personal information, or on behalf of which such information is collected and that alone, or jointly with others, determines the purposes and means of the processing of consumers' personal information, that does business in the State of California.

• Consumer, for the purpose of the CCPA (California Consumer Privacy Act), means a natural person who is a California resident. A resident, as defined in the law, includes (1) every individual who is in the USA for other than a temporary or transitory purpose, and (2) every individual who is domiciled in the USA who is outside the USA for a temporary or transitory purpose.

• Sale, for the purpose of the CCPA (California Consumer Privacy Act), means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a Consumer's Personal information to another business or a third party for monetary or other valuable consideration.

​​

Purpose of this Privacy Notice

This Privacy Notice is aimed at ensuring that you are aware of:

• The identity and contact details of the person(s) responsible for processing your personal data – ‘Roles & Responsibilities’

• The different categories of your personal data which we intend to process;

• The reasons why we intend to process your personal data;

• To whom we share your personal data;

• How we process your personal data in compliance with the Data Protection Laws;

• Your rights under the Data Protection Laws;

• How you can make a complaint.

Roles & Responsibilities

The controller is the person or entity that determines the means and purposes of

processing your personal data.

Julian Dench (Author of the Original State Journal) is the Controller.

If you need to contact the Controller the details are as follows:

• Customer.service@originalstate.store

Our processors are:

• Wix.com

• ShipStation UK Limited, and other third party parcel carriers used to deliver your order.

The Different Categories of Personal Data that we will process:

Personal Data
While using Our Service, We may ask You to provide Us with certain personally identifiable information that can be used to contact or identify You. Personally identifiable information may include, but is not limited to:

• Email address

• First name and last name

• Phone number

• Address, State, Province, ZIP/Postal code, City, Country

• Usage Data

Usage Data
Usage Data is collected automatically when using the Service.

Usage Data may include information such as Your Device's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

When You access the Service by or through a mobile device, We may collect certain information automatically, including, but not limited to, the type of mobile device You use, Your mobile device unique ID, the IP address of Your mobile device, Your mobile operating system, the type of mobile Internet browser You use, unique device identifiers and other diagnostic data.

We may also collect information that Your browser sends whenever You visit our Service or when You access the Service by or through a mobile device.

Tracking Technologies and Cookies
We use Cookies and similar tracking technologies to track the activity on Our Service and store certain information. Tracking technologies used are beacons, tags, and scripts to collect and track information and to improve and analyse Our Service.

You can instruct Your browser to refuse all Cookies or to indicate when a Cookie is being sent. However, if You do not accept Cookies, You may not be able to use some parts of our Service.

Cookies can be "Persistent" or "Session" Cookies. Persistent Cookies remain on your personal computer or mobile device when You go offline, while Session Cookies are deleted as soon as You close your web browser.

We use both session and persistent Cookies for the purposes set out below:

Necessary / Essential Cookies
Type: Session Cookies
Administered by: Us

Purpose: These Cookies are essential to provide You with services available through the Website and to enable You to use some of its features. They help to authenticate users and prevent fraudulent use of user accounts. Without these Cookies, the services that You have asked for cannot be provided, and We only use these Cookies to provide You with those services.

Cookies Policy / Notice Acceptance Cookies
Type: Persistent Cookies
Administered by: Us

Purpose: These Cookies identify if users have accepted the use of cookies on the Website.

Functionality Cookies
Type: Persistent Cookies
Administered by: Us

Purpose: These Cookies allow us to remember choices You make when You use the Website, such as remembering your login details or language preference (if relevant). The purpose of these Cookies is to provide You with a more personal experience and to avoid You having to re-enter your preferences every time You use the Website.

Tracking and Performance Cookies
Type: Persistent Cookies
Administered by: Third-Parties

Purpose: These Cookies are used to track information about traffic to the Website and how users use the Website. The information gathered via these Cookies may directly or indirectly identify you as an individual visitor. This is because the information collected is typically linked to a pseudonymous identifier associated with the device you use to access the Website. We may also use these Cookies to test new advertisements, pages, features or new functionality of the Website to see how our users react to them.

Targeting and Advertising Cookies
Type: Persistent Cookies
Administered by: Third-Parties

Purpose: These Cookies track your browsing habits to enable Us to show advertising which is more likely to be of interest to You. These Cookies use information about your browsing history to group You with other users who have similar interests. Based on that information, and with Our permission, third party advertisers can place Cookies to enable them to show adverts which We think will be relevant to your interests while You are on third party websites.

For more information about the cookies we use and your choices regarding cookies, please see our Cookies Policy below.

Your Choices Regarding Cookies
If You prefer to avoid the use of Cookies on the Website, first You must disable the use of Cookies in your browser and then delete the Cookies saved in your browser associated with this website. You may use this option for preventing the use of Cookies at any time.

If You do not accept Our Cookies, You may experience some inconvenience in your use of the Website and some features may not function properly.

If You'd like to delete Cookies or instruct your web browser to delete or refuse Cookies, please visit the help pages of your web browser.

• For the Chrome web browser, please visit this page from Google: https://support.google.com/accounts/answer/32050

• For the Internet Explorer web browser, please visit this page from Microsoft: http://support.microsoft.com/kb/278835

• For the Firefox web browser, please visit this page from Mozilla: https://support.mozilla.org/en-US/kb/delete-cookies-remove-info-websites-stored

• For the Safari web browser, please visit this page from Apple: https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471/mac

For any other web browser, please visit your web browser's official web pages.

Reasons for Processing your Personal Data

Whether we process your personal data or special categories of personal data we will ensure that such personal data is processed in accordance with the key principles of the Data Protection Laws which are listed below.

Principle 1 – Lawful Purpose

Personal Data

We will be processing your personal data in order to ensure that

we can:

• fulfil our obligations with you under our contract of services with you

• for legal obligations

• Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

• To protect your vital interests or to protect the vital interests of another third party

• For public task reasons

• If you have provided us with ‘consent’

Principle 2 – Specific Purpose & Limited

We will always process your personal data for a specific and limited purpose in order that we fully comply with this principle.

​

Principle 3 – Adequate, Relevant & Limited

We only want to process your personal data which is adequate, relevant & limited for the purposes it is used by us.

Principle 4 – Accuracy of your Personal Data and keeping it up to date

We want to ensure that your personal data is kept up to date and therefore if any of

your personal data changes please kindly update us.

We will take reasonable steps to ensure that your personal data is kept accurate and up-to-date.

Principle 5 – Retention Periods

We will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use Your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

We will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of Our Service, or We are legally obligated to retain this data for longer time periods.

Our aim is to ensure that we limit the retention periods and retain only personal data for legitimate purposes.

Principe 6 – Ensuring Security

We have implemented appropriate security measures to prevent your personal data from being accidentally lost, used, accessed in an unauthorized way, altered or disclosed.

In particular where we process sensitive data we have implemented measures such as encryption.

In addition, we limit access to your personal data to those individuals on a need to know basis. They also will only process your personal data upon our instructions and they are subject to a duty of confidentiality.

We are in the process of putting in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so. If you think that any part of our process is not secure please contact us.

The security of Your Personal Data is important to Us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While We strive to use commercially acceptable means to protect Your Personal Data, We cannot guarantee its absolute security.

If you decline to provide us with your Personal Data

In the event that we need to process your personal data by law, or under the terms of a contract we have with you and you fail to provide us with such personal data; this may lead us to terminating our contract with you.  If this is the case, we will notify you in writing of our reasons for termination.

How we collect your Personal Data

We collect personal data via the following means:

• directly from you; or 

• from third parties

If we do obtain some personal data from third parties, we will inform you of the source.

Third parties to whom we share your Personal Data  - Recipients

In order for us to carry out our services on your behalf we may need to transfer your personal and sensitive data to the following third parties:

• Wix.com

• Shipstation UK Limited and parcel carriers to deliver your order

• Our Accountants

We only transfer personal data to third parties that comply with the Data Protection Laws.

We require all third parties to respect the security of your personal data and to treat it in accordance with the data protection laws.  We do not allow third party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with the data protection laws.

Transfer of Your Personal Data to the EU, Third Countries or International organisations

International transfers

Some of our third party service providers are based outside the European Economic Area (“EEA”) so their processing of your personal data will involve a transfer of data outside the EEA.

Your consent to this Privacy Policy followed by Your submission of such information represents Your agreement to that transfer.

Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.

​

Your Rights

While we keep your personal data you have the following rights:

• Right to be informed

• Right to all of your personal data, know as a ‘Subject Access Request’ (SAR)

• Right to the restriction of personal data

• Right to rectification of your personal data

• Right to object to the processing of your personal data

• Right to erasure of your personal data

• [Right to data portability] – if applicable

• Right not to be subjected to automated decision making processing (including profiling)

• Right to be notified

• Right to seek judicial review

• Right to make a complaint to the supervisory authority [ICO]

Subject Access Request (SAR) requirements

If you require your personal data, you can request this verbally, however as we need to first verify your ID you will need to carry out the following:

1. Complete a SAR Form; and

2. complete and return the SAR Form with the respective ID documents.

We will not be under any obligation to provide you with any personal data unless we receive your SAR Form and we have verified your ID.  

• Julian Dench

• Customer.service@originalstate.store

Subject Access Requests – Time-scale

We aim to process the SAR within 1 month from the point we receive verification of your ID, however it may take us longer to deal with your personal data.  If this is the case we will notify you of the reasons and the length of time we require to process your personal data.

We aim to provide your SAR, free of charge, in an electronic format, unless you require your personal data in a hard-copy format.  We may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

Subject Access Request Notice – SAR Notice

When we provide you with your personal data we will also provide you with a SAR Notice which will comprise of the following information:

1. The purposes of the processing;

2. The categories of personal data (including sensitive data);

3. The recipients to whom the personal data have been disclosed;

4. The recipients to whom the personal data has been disclosed (third countries);

5. Retention periods

6. Right to request restriction, rectification or erasure, the right of objection concerning the subject or object of such processing;

7. If the some of the personal data has been collected from a third party source, details of the third party source;

8. Compliance with the key principles which are disclosed in this privacy document

9. The existence of automated decision making processing including profiling (if applicable)

10. Your right to make a complaint to the Information Commissioner’s Office (‘ICO’)

Any information we do provide you will be provided in a:

1. Transparent

2. Intelligible

3. Easily accessible

4. Concise form.

We will use plain language.

YOUR RIGHT TO OBJECT TO THE PROCESSING OF PERSONAL DATA

Right to object to certain types of processing of personal data such as:

• legitimate interests reasons

• public interest reasons

• marketing

• automated decision making processing

• profiling

In certain circumstances if you do exercise your right to object this could give rise to the termination of  our contract of services with you.

This right to object does not apply if the personal data is required:

1. in order to fulfil contractual obligations with you

2. It is sanctioned by law (tax evasion or fraud)

3. The agreement does not have a legal or equally important impact

4. The processing is necessary for the performance of a task carried out for reasons of public interest

​

Marketing

If we do carry out any marketing, then we will require your consent to process your personal data for marketing purposes.

We will ensure that we obtain your consent lawfully by:

• ‘an opt-in’ button; which is an affirmative action that you will need to click on which confirms that you consent to receiving the marketing material

• ‘an opt-out’/’unsubscribe button’ which can click on which means that you no longer consent to receiving marketing material

We may use third-party Service providers to monitor and analyse the use of our Service:

Google Analytics

Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualise and personalise the ads of its own advertising network.

You can opt-out of having made your activity on the Service available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js and dc.js) from sharing information with Google Analytics about visits activity.

For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy?hl=en

Payments

We may provide paid products and/or services within the Service. In that case, we may use third-party services for payment processing (e.g. payment processors such as Wix Payments).

We will not store or collect Your payment card details. That information is provided directly to Our third-party payment processors whose use of Your personal information is governed by their Privacy Policy. These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information.

CCPA Privacy

Your Rights under the CCPA -
Under this Privacy Policy, and by law if You are a resident of California, You have the following rights:

• The right to notice. You must be properly notified which categories of Personal Data are being collected and the purposes for which the Personal Data is being used.

• The right to access / the right to request. The CCPA permits You to request and obtain from the Company information regarding the disclosure of Your Personal Data that has been collected in the past 12 months by the Company or its subsidiaries to a third-party for the third party's direct marketing purposes.

• The right to say no to the sale of Personal Data. You also have the right to ask the Company not to sell Your Personal Data to third parties. You can submit such a request by visiting our "Do Not Sell My Personal Information" section or web page.

• The right to know about Your Personal Data. You have the right to request and obtain from the Company information regarding the disclosure of the following:

1. The categories of Personal Data collected

2. The sources from which the Personal Data was collected

3. The business or commercial purpose for collecting the Personal Data

4. Categories of third parties with whom We share Personal Data

5. The specific pieces of Personal Data we collected about You

6. The right to delete Personal Data. You also have the right to request the deletion of Your Personal Data that have been collected in the past 12 months.

• The right not to be discriminated against. You have the right not to be discriminated against for exercising any of Your Consumer's rights, including by:

1. Denying goods or services to You

2. Charging different prices or rates for goods or services, including the use of discounts or other benefits or imposing penalties

3. Providing a different level or quality of goods or services to You

4. Suggesting that You will receive a different price or rate for goods or services or a different level or quality of goods or services.

Exercising Your CCPA Data Protection Rights

In order to exercise any of Your rights under the CCPA, and if you are a California resident, You can email us or visit our "Do Not Sell My Personal Information" section below.

We will disclose and deliver the required information free of charge within 45 days of receiving Your verifiable request. The time period to provide the required information may be extended once by an additional 45 days when reasonably necessary and with prior notice.

Do Not Sell My Personal Information
We do not sell personal information. However, the Service Providers we partner with (for example, our advertising partners) may use technology on the Service that "sells" personal information as defined by the CCPA law.

If you wish to opt out of the use of your personal information for interest-based advertising purposes and these potential sales as defined under CCPA law, you may do so by following the instructions below.

Please note that any opt out is specific to the browser You use. You may need to opt out on every browser that you use.

Website
You can opt out of receiving ads that are personalised as served by our Service Providers by following our instructions presented on the Service:

• From Our "Cookie Consent" notice banner

The opt out will place a cookie on Your computer that is unique to the browser You use to opt out. If you change browsers or delete the cookies saved by your browser, you will need to opt out again.

Mobile Devices
Your mobile device may give you the ability to opt out of the use of information about the apps you use in order to serve you ads that are targeted to your interests:

• "Opt out of Interest-Based Ads" or "Opt out of Ads Personalisation" on Android devices

• "Limit Ad Tracking" on iOS devices

You can also stop the collection of location information from Your mobile device by changing the preferences on your mobile device.

Children's Privacy
Our Service does not address anyone under the age of 13. We do not knowingly collect personally identifiable information from anyone under the age of 13. If You are a parent or guardian and You are aware that Your child has provided Us with Personal Data, please contact Us. If We become aware that We have collected Personal Data from anyone under the age of 13 without verification of parental consent, We take steps to remove that information from Our servers.

Your California Privacy Rights (California's Shine the Light law)
Under California Civil Code Section 1798 (California's Shine the Light law), California residents with an established business relationship with us can request information once a year about sharing their Personal Data with third parties for the third parties' direct marketing purposes.

If you'd like to request more information under the California Shine the Light law, You can contact Us using the contact information provided below.

California Privacy Rights for Minor Users (California Business and Professions Code Section 22581)
California Business and Professions Code section 22581 allow California residents under the age of 18 who are registered users of online sites, services or applications to request and obtain removal of content or information they have publicly posted.

To request removal of such data, and if you are a California resident, You can contact Us using the contact information provided below, and include the email address associated with Your account.

Be aware that Your request does not guarantee complete or comprehensive removal of content or information posted online and that the law may not permit or require removal in certain circumstances.

Links to Other Websites

Our Service may contain links to other websites that are not operated by Us. If You click on a third party link, You will be directed to that third party's site. We strongly advise You to review the Privacy Policy of every site You visit.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

Changes to this Privacy Policy

We may update our Privacy Policy from time to time. We will notify You of any changes by posting the new Privacy Policy on this page.

We will let You know via email and/or a prominent notice on Our Service, prior to the change becoming effective and update the "Last updated" date at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Consent

If you do provide us with ‘consent’, this means that you are providing us with permission to process your personal data lawfully. Your consent can be obtained as above, by you clicking onto a consent button or by informing us in writing.

If you have provided your consent in writing, you can withdraw your consent by contacting the controller as follows:

• Julian Dench

• Customer.service@originalstate.store

Complaints

You have the right to lodge a compliant directly with the ICO.

The ICO’s details are: www.ico.org.uk.  

We take complaint seriously and invite you to first to make your complaint to the controller by using the details below:

Contact details for Controller

• Julian Dench

• hello@originalstate.store