PRIVACY POLICY
GENERAL —
Purchase of any goods from us requires you to share your personal information (including name, address, email and phone number and payment card details) in order for us to process and ship your order. By ordering goods from us (whether or not the contract is fulfilled), you agree to the terms of collection and storage of your data for this purpose, as outlined below.
Purchases —
This website is hosted by Webflow, Inc. and all orders placed through this website will be subject to some data handling by Webflow, Inc. This includes your name, address and telephone number, and details of items ordered. You can read their global and EU and Swiss privacy policies for more information about their handling of data.
Payments —
All payments are handled by the payment gateway Stripe, Inc. Stripe is audited by a PCI-certified auditor, and is a certified PCI Service Provider Level 1, which is the most stringent level of certification available in the payments industry.
Stripe will hold customer's personal details including name, address and telephone number, details of items ordered, and payment card details. All card numbers are encrypted at rest with AES-256. Decryption keys are stored on separate machines. None of Stripe’s internal servers and daemons can obtain plain text card numbers but can request that cards are sent to a service provider on a static allowlist. Stripe’s infrastructure for storing, decrypting, and transmitting card numbers runs in a separate hosting environment, and doesn’t share any credentials with Stripe’s primary services including their API and website.
You can read more about their privacy policy and PCI compliance at stripe.com.
European Strong Customer Authentication —
This website is compliant with the European Strong Customer Authentication (SCA) requirements which aim at reducing fraud. Any customer from EEA countries will be required to provide an additional layer of authentication to confirm payment for the purchase. By verifying your identity through the method adopted by your card-issuing bank, you are authorising the purchase. This reduces the odds of fraudulent purchases made by unauthorised parties using your card.
Removal of data —
Once a purchase is complete and goods are shipped to, and accepted by you, you may request removal of your data from our host provider and payment gateway provider systems, by emailing us at info<at>michaelcplace<dot>com using subject line ‘request of data removal’. Please use the same email address used to place your order if possible, and to help us verify your request, please confirm your name & address and order number. We are obliged to retain a record of your order for tax purposes and in the event of any future queries or claims, and for which purposes we reserve the right to store a paper copy, or digital copy of your order on our own systems. In addition, we may retain any email correspondence relating to the order, along with any request to remove data, and our response to you.