Version 1.1 (Last updated May, 22nd, 2018)
Tailored Soap cares about keeping your personal data secure, and we are transparent about how we store and use your personal information.
Any information you give to us is given voluntarily, and we do not store or use your personal data in other ways than those you have consented to.
On tailoredsoap.com, there are two ways you can consent:
- By allowing websites to place cookies in your browser in your browser settings (learn more).
- By willingly giving us additional information by signing up to our newsletter, commenting on our blog, using our website chat, creating an account or placing an order.
Read on to learn how we gather information from you and how we use and store it.
How we gather information from you
As you know, we gather information from you by a) placing cookies in your browser and b) when you provide personal information to us by filling out form fields.
What cookies do we place, and what do they do?
We use Google Analytics to monitor how you and other users who have cookie tracking enabled use our website. This means we track site visits across pages, and get an overview of how long your session lasts, what pages you’ve visited and where you clicked our link (Google, Instagram, some other website). Google Analytics uses your IP address to identify you.
Google Analytics is also connected to Google AdWords for marketing purposes. This means we record conversions and may run remarketing campaigns based on your website usage using Google Analytics and AdWords.
An example of a remarketing campaign run through AdWords could be: You visit our Galaxy Soap product page and add it to your cart but leave the website because you want to eat dinner, so Google AdWords shows you an ad for our Galaxy Soap on a different website.
We also use Facebook’s cookies that track the same things as Google Analytics does, and allow us to record conversions and run remarketing campaigns just like AdWords (but with Facebook’s marketing tools). We also use this cookie to track the results of Facebook marketing campaigns.
We have another Facebook cookie that we use to allow our site visitors to log in using Facebook instead of creating a new account. We are currently working on this site feature, so this is not possible at the moment.
Finally, we have Sumo, Tawk.to, WooCommerce and Google AJAX Search API, that extend our other site functionality. Google AJAX Search API allows us to have an awesome search engine with live search recommendations on our site.
Sumo let’s us track what elements are interesting (clicked) how far users scroll on different pages, and display social sharing buttons and newsletter popups. Sumo also stores information about the percentage of visitors who share and subscribe, and who subscribes to the newsletter through the popup.
We also use Tawk.to as a chat plugin to help any visitors in need. If you decide to chat with us, Tawk.to stores your name, email, site visits, IP address, and location (city) as well as your chat logs over time. This is to help us help you in the best way possible. If you decide not to chat with us, Tawk.to saves your visits, page visits and amount of chat requests. These data are only aggregated, and we can’t tie them to you as an individual.
If you don’t want cookies stored on your device, we recommend deleting cookies..
What happens when you voluntarily give us more personal information?
You can give us personal information by signing up for the newsletter, creating an account, leaving a comment on the blog or placing an order.
How we store and use your information depends on which of those reasons you have for giving us your personal data.
Here’s an overview of the different scenarios:
Signing up to our newsletter
When you sign up for the newsletter, you can either do that through a popup or a sign up form embedded on our website. If you choose to fill out a popup form, Sumo will collect your email address and feed it to MailChimp (our newsletter software). You will then receive emails from us (sent through MailChimp). You can unsubscribe at any time by clicking the unsubscribe link added to the bottom of every newsletter.
Commenting on our blog
When you comment on our blog, WordPress (our website CMS) stores and displays your comment on our website along with your name which links to your website if you have one and want to link to it. As the comment is going to be displayed until you ask us to remove it, the personal information you provide will remain stored in WordPress until that time.
Chatting with us
When you chat with us you provide us with your name, email, and messages, and this data along with your IP address, page visits, location (city name) and chat history will be recorded and stored by Tawk.to. In order to give you the best possible customer service, we do not delete these records before you ask us to, as these records help us help you in a better way.
Creating an account
When you create an account, you give us your email address and set a password (which should be unique and not used anywhere else). As your orders from our shop will be tied to your account, we store your account until you ask us to remove it or delete it yourself.
Placing an order
When you order from our shop, you provide us with the following information:
- First name
- Last name
- Company name
- Billing address
- Street address
- Postcode / Zip
- Town / City
- Shipping address
- Street address
- Postcode / Zip
- Town / City
- Email address
- Order notes
Once you’ve filled out that information, you can continue to filling out your payment info. Your credit card information is highly sensitive and we therefore do not store or use it. We let professionals like Stripe and PayPal take care of that, and simply get word from them when your payment goes through (usually within a split second).
We keep a record of your order in WooCommerce and Stripe / PayPal and MailChimp imports your order information and subscription preferences (for the newsletter). We also use the information you give us to send your order and for administrative purposes such as tax reporting. We also store records of what and when you purchased as well as your shipping information in WooCommerce and MailChimp. We store it in WooCommerce for your convenience and in MailChimp to send you relevant emails if you subscribe to that. If you want us to delete this information, follow the steps below.
Additional processing and storage efforts
Please note that we in addition to what’s mentioned above sometimes have to contact you regarding your order, your webshop account or other important reasons that relate to your order, account or continued relationship with Tailored Soap.
In these cases we’ll do our best to contact you using information you’ve provided to us. We also reserve the right to ask you if you’re okay with us processing and storing your personal data in different ways than those you’ve consented to (for example adding you to our customer club if we create one). We won’t do anything other than what you’ve agreed to without your explicit consent.
How to request deletion of your personal information
If you want us to delete your personal information, you can simply reach out to us, and we’ll delete your information. If you want to receive a copy off the information we’ve stored about you, we’ll give you this to if you ask for it before we delete it. There is one case where we can’t delete your information. If you place an order, we have to store a record of your order for five years due to tax rules in Norway. We therefore can’t delete the record of your order before five years have passed. If you want to delete your account or have all data in MailChimp or Sumo deleted, we’ll get that done fast. All you have to do is reach out and ask. We are working to implement solutions to simplify this process for you. The retention period for user identifiers in Google Analytics (including cookies and advertising IDs) is 26 months after the last visit you’ve made.
How to request changes changes to your personal information
If you want to change the personal information tied to your WooCommerce account, you can easily do that by logging in and visiting your account page. If you want us to change the email that’s subscribed to our newsletter, we’ll happily do this for you if you reach out. If you want us to change the website you link to when you post a comment, we’ll happily change that to if you want to.
Consent by use
What do we do to keep your personal data safe?
All our software suppliers are reputable suppliers that take the safekeeping of personal and non personal data very seriously, just like we do. To protect your personal data we protect our devices, avoid open networks, use safe storage solutions and follow good password practices. We also protect our facilities and personnel, and keep our technology stack (website and plugins) up to date.
We also perform regular risk assessments where we review available technology, needs and regulations. This is in effort to assure that we always take the necessary security steps, to avoid things like personal data getting into the wrong hands.
If something happens: 1. a safety breach or 2. deviation from procedures, we 1. alert Norwegian authorities digitally within 72 hours, and 2. immediately alert Norwegian authorities digitally. If we don’t have the full picture of the situation we’ll give authorities an overview of the deviation piece by piece. We also document this work.
If a high risk safety breach occurs, we’ll alert you as soon as possible, where we explain as simply as possible:
- What happened
- Who you can contact about it
- Possible consequences of the breach
- Description of steps towards stopping the breach and limiting the consequences
We may not alert you if:
- Steps for protection against the security breach are already taken, especially if the steps render the data legible (encryption, etc.)
- If steps making the threat non-likely are taken
- If we would have a hard time reaching all touched by the breach. In those cases we’d publish warnings, send emails, etc. hoping to reach all those affected by the breach
How do you contact us for deletion/editing requests?
If you want to request changes to your contact information or edits, reach out to firstname.lastname@example.org and we’ll get back to you and comply with your request or give you a reason why we can’t within 30 days. We’ll store records of requests until a Norwegian government representative tells us we can delete them.
Other personal data processing initiatives
Tailored Soap uses email as part of the daily work and dialoge with internal and external contacts. The Head of Marketing and IT is responsible for processing of personal data in this setting. All Tailored Soap employees go through their inbox and delete unnecessary content at least yearly starting May 25th. If an employee quits, relevant emails are transferred to colleagues. Do not send any sensitive data over email as email is not encrypted. Sometimes employees talk on the phone as well, and store contact details on their phone. They have a history of texts and phone calls available, and follow the same procedures we have set up for email for phone calls and texts (at least yearly).
Information about employees
Tailored Soap processes employee personal data to administer salary and personell. Necessary data for processing of salaries, and reporting to the government is stored. Other data is tied to job function and facilitating work. Data is collected from the employees and are only shared when the law requires it (mainly salary and tax reporting).
Deletion of said data is done based on applicable Norwegian laws. Information such as name, position and responsibilities are considered official information, and may be published on Tailored Soap’s websites.
All existing and future employees have a personell file in our archives, where job applications are stored.
Detailed cookie overview
|fr||Encrypted Facebook ID and Browser ID||90 days|
|_ga||Google Analytics||Distinguish users||2 years|
|_gid||Google Analytics||Distinguish users||24 hours|
|__smToken||Sumo||Check if logged in to Sumo||1 year|
|__smListBuilderShown||Sumo||Hide popup until provided time has passed||30 years|
|1P_JAR||Google Analytics||Analytics||30 days|
|CONSENT||Google Analytics||Analytics||20 years|
|DSID||DoubleClick (Google AdWords)||Remarketing||Session|
|IDE||DoubleClick (Google AdWords)||Remarketing||2 years|
|NID||Google Analytics||Analytics||180 days|
|__cfduid||Bufferapp (via Sumo)||Identify trusted web traffic (Cloudflare)||1 year|
|__cfduid||Tawk.to||Identify trusted web traffic (Cloudflare)||1 year|
|bcookie||LinkedIn (via Sumo)||Social sharing||2 years|
|bscookie||LinkedIn (via Sumo)||Social sharing||2 years|
|initref||Reddit (via Sumo)||Social sharing||Session|
|lidc||LinkedIn (via Sumo)||Social sharing||Session|
|loid||Reddit (via Sumo)||Social sharing||2 years|
|reddaid||Reddit (via Sumo)||Social sharing||2 years|
|session_tracker||Reddit (via Sumo)||Social sharing||Session|
|wp_woocommerce_session_4883a49dea4a6b09470235ceaac0742c||WooCommerce||Online shopping||2 days|
|01AI||abmr.net (via Sumo)||Social sharing||364 days|
|PYPF||PayPal||Online payment||28 days|
|cookieconsent_status||InSites||Cookie consent popup||1 year|
|wordpress_logged_in_4883a49dea4a6b09470235ceaac0742c||WooCommerce||Online shop user||14 days|
|wordpress_sec_4883a49dea4a6b09470235ceaac0742c||WooCommerce||Online shop user||14 days|