What personal information do we collect from the people that visit our blog, website or app?
When ordering or registering on our site, as appropriate, you may be asked to enter your name, email address, phone number, credit card information or other details to help you with your experience.
When do we collect information?
We collect information from you when you place an order, fill out a form or enter information on our site.
How do we use your information?
We may use the information we collect from you when you register, make a purchase, sign up for our newsletter, respond to a survey or marketing communication, surf the website, or use certain other site features in the following ways: to quickly process your transactions; to send periodic emails regarding your order or other products and services; and/or to follow up with them after correspondence (live chat, email or phone inquiries).
How do we protect your information?
We do not use vulnerability scanning and/or scanning to PCI standards. An external PCI compliant payment gateway handles all credit card transactions. We use regular Malware Scanning. Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology. We implement a variety of security measures when a user places an order to maintain the safety of your personal information. All transactions are processed through a gateway provider and are not stored or processed on our servers.
Do we use ‘cookies’?
We do not sell, trade or otherwise transfer to outside parties your Personally Identifiable Information, unless we provide users with advance notice. This does not include website hosting partners and other parties who assist us in operating our website, conducting our business, or serving our users, so long as those parties agree to keep this information confidential. We may also release information when it’s release is appropriate to comply with the law, enforce our site policies, or protect ours or other’s rights, property or safety. However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising or other uses.
Occasionally, at our discretion, we may include or offer third-party products or services on our website. These third-party sites have separate and independent privacy policies. We, therefore, have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.
Our websites are primarily hosted in the USA.
We may also use outsourced services in countries outside the European Union from time to time in other aspects of our business.
Accordingly, data obtained within the UK or any other country could be processed outside the European Union. For example, some of the software our website uses may have been developed in the United States of America or in Australia.
We use the following safeguards with respect to data transferred outside the European Union:
the processor is within the same corporate group as our business or organization and abides by the same binding corporate rules regarding data processing.
California Online Privacy Protection Act
COPPA (Children Online Privacy Protection Act)
When it comes to the collection of personal information from children under the age of 13 years old, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States’ consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online. We do not specifically market to children under the age of 13 years old.
The Standards for Privacy of Individually Identifiable Health Information (“Privacy Rule”) establishes, for the first time, a set of national standards for the protection of certain health information. The U.S. Department of Health and Human Services (“HHS”) issued the Privacy Rule to implement the requirement of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).1 The Privacy Rule standards address the use and disclosure of individuals’ health information (called “protected health information”) by organizations subject to the Privacy Rule (called “covered entities”), as well as standards for individuals’ privacy rights to understand and control how their health information is used. Within HHS, the Office for Civil Rights (OCR) has responsibility for implementing and enforcing the Privacy Rule with respect to voluntary compliance activities and civil money penalties.
A major goal of the Privacy Rule is to assure that individuals’ health information is properly protected while allowing the flow of health information needed to provide and promote high quality health care and to protect the public’s health and well-being. The Rule strikes a balance that permits important uses of information, while protecting the privacy of people who seek care and healing. Given that the health care marketplace is diverse, the Rule is designed to be flexible and comprehensive to cover the variety of uses and disclosures that need to be addressed.
This website, its operators and website developers and designers pledge to abide by HIPAA guidelines for confidentiality. The webmaster had signed a Business Associate Agreement, in part to not use or further disclose the PII, except as permitted by law. A copy of this agreement can be obtained by emailing Production@sheepinspace.com
Fair Information Practices
The Fair Information Practices Principles form the backbone of privacy law in the United States, and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information. In order to be in line with Fair Information Practices, we will take the following responsive action, should a data breach occur: we will notify you via email within 7 business days, and we will notify the users via in-site notification within 7 business days. We also agree to the Individual Redress Principle, which requires that individuals have the right to legally pursue enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or government agencies to investigate and/or prosecute non-compliance by data processors.