Website Privacy & Cookies Notice

Contents

1. Introduction
2. The personal data we collect from you
3. How we use your personal data
4. Who we might share your personal data with
5. Marketing and exercising your right to opt-out of marketing
6. Your legal rights
7. How long we keep your personal data for
8. Your personal data and Social Networks
9. Security
10. Cookies used by this Website
11. How to contact us

1. Introduction

This privacy notice applies to the processing of data by Frugalpac in connection with the
processing of personal data on the Frugalpac website www.frugalpac.com, including any
personal data you may provide through your use of the website, (“Website”).

This Website is not intended for children and we do not knowingly collect personal data
relating to children.

References to “you” or “your” are references to individuals who use the Website. References
to “Frugalpac”, “we”, “us” or “our” are references to Frugalpac Limited, a company
incorporated in England & Wales with company registration number 07600690 and with its
registered office at Unit 19 Brightwell Barns, Waldringfield Road, Brightwell, Suffolk, IP10 0BJ,
England.

We recognise that the use and disclosure of personal data has important implications for us
and for the individuals whose personal data we process.
This notice aims to give you information about how Frugalpac collects and processes your
personal data when you use our Website.

Frugalpac is the controller of the personal data which is collected and processed when you
use our Website. A “controller” is the person or organisation who alone or jointly determines
the purposes for which , and the manner in which, any personal data is, or is likely, to be
processed.

This notice is issued on behalf of Frugalpac.

2. The personal data we collect from you

Personal data includes any information about an individual from which that person can be
identified. It does not include personal data where the identity has been removed
(anonymous data). The type of personal data that we will collect from you, and you voluntarily
provide to us on this Website, includes:

● Your full name
● Your address
● The name of your company
● Your telephone number(s)
● Your Email address
● Your IP address at the time
● The time and date of when you submitted personal data
We may, in further dealings with you, extend this personal data to include your purchases,
services used, subscriptions, contracts and payment transactions.
● We do not collect any special categories of personal data about you through our Website
(this includes details about your race or ethnicity, religious or philosophical beliefs, sex life,
sexual orientation, political opinions, trade union membership, information about your
health and genetic and biometric data). Nor do we collect information about criminal
convictions and offences.
● You are under no statutory or contractual requirement or obligation to provide us with your
personal information; however, we require at least the information above in order for us to
deal with you as a prospect or customer/member/service user or member of the public in an
efficient and effective manner.

Contact Form

The primary instance where our Website will ask you for personal data is our contact form.
The contact form is powered by a popular WordPress plugin called Contact Form 7.
Once submitted, your information will be processed [by whom? If a third party, Frugalpac
needs a contract with them] and forwarded to us within a single email sent by the website
application. Your information will not be stored within the website application’s database.

3. How we use your personal data

● To contact you, following your enquiry, reply to any questions, suggestions, issues or
complaints you have contacted us about;
● Make available our products and services to you;
● Process your orders;
● Take payment from you or give you a refund;
● Personalise your purchasing experience, for example we may provide you with details of
products that match a product which you may have purchased or enquired about previously;
● For statistical analysis and to get feedback from you about our products and services,
Website, and other services and activities. For example, occasionally we may invite you to
review a product or service you’ve bought or used from us. If we do, it’s possible that we’ll use
independent research and feedback providers to act on our behalf;
● To power our security measures and services so you can safely access our website and
mobile apps;
● Help us understand more about you as a customer and the products and services you buy so
that we can serve you better;
● Contact you about products and services from us;
● Provide you with online advertising and promotions; and
● Help answer your questions and solve any issues you have.

4. Who we might share your personal data with

We may share your personal data with other organisations in the following circumstances:

● If we are required by law to share your personal data;
● If we need to share personal data in order to establish, exercise or defend our legal rights
(this includes providing personal data to others for the purposes of preventing fraud and
reducing credit risk); or
● From time to time, employ the services of other parties for dealing with certain processes
necessary for the operation of the Website. However, all the information we share will be
collected and anonymised, so neither you nor any of your devices can be identified from it.

5. Marketing and exercising your right to opt-out of marketing

We strive to provide you with choices regarding certain personal data uses,
particularly around marketing. We will not use your personal data to send you
marketing materials if you have requested not to receive them. If you request
that we stop processing your personal data for marketing purposes, we shall stop
processing your personal data for those purposes.

6. Your legal rights

Under certain circumstances you have rights under data protection laws in relation to your
personal data. It is Frugalpac policy to respect your rights and we will act promptly and in
accordance with any applicable law, rule or regulation relating to the processing of your
personal data.

Details of your rights are set out below:

Right to be informed about how personal data is used

You have the right to be informed about how we will use and share your personal data. This
explanation will be provided to you in a concise, transparent, intelligible and easily accessible
format and will be written in clear and plain language.

Right to access personal data

You have the right to obtain confirmation of whether we are processing your personal data,
access to the personal data and information regarding how your personal data is being used
by us..

Right to have inaccurate personal data rectified

You have the right to have any inaccurate or incomplete personal data rectified. If we have
disclosed the relevant personal data to any third parties, we will take reasonable steps to
inform those third parties of the rectification where possible.
Right to have personal data erased in certain circumstances
You have a right to request that certain personal data held by us is erased. This is also known
as the right to be forgotten. This is not a blanket right to require all personal data to be
deleted. We will consider each request carefully in accordance with the requirements of any
law relating to the processing of your personal data.

Right to restrict processing of your personal data in certain circumstances

You have the right to block the processing of your personal data in certain circumstances
.This right arises if you are disputing the accuracy of personal data, if you have raised an
objection to processing, if processing of personal data is unlawful and you oppose erasure
and request restriction instead or if the personal data is no longer required by us but you
require the personal data to be retained to establish, exercise or defend a legal claim.
Right to data portability

In certain circumstances you can request to receive a copy of your personal data in a
commonly used electronic format. This right only applies to personal data that you have
provided to us (for example by completing a form or providing information through the
Website). Information about you which has been gathered by monitoring your behaviour will
also be subject to the right to data portability. The right to data portability only applies if the
processing is based on your consent or if the personal data must be processed for the
performance of a contract and the processing is carried out by automated means (i.e.
electronically).

Right to object to processing of personal data in certain circumstances, including where
personal data is used for marketing purposes

You have a right to object to processing being carried out by us if (a) we are processing
personal data based on legitimate interests or for the performance of a task in the public
interest (including profiling), (b) if we are using personal data for direct marketing purposes
or (c) if information is being processed for scientific or historical research or statistical
purposes. You will be informed that you have a right to object at the point of data collection
and the right to object will be explicitly brought to your attention and be presented clearly
and separately from any other information.

Right not to be subject to automated decisions where the decision produces a legal effect or
a similarly significant effect.
You have a right not to be subject to a decision which is based on automated processing
where the decision will produce a legal effect or a similarly significant effect on you.

You may exercise any of your rights at any time using the contact details set out in
paragraph 11 below. You may not have to pay a fee to access your personal data (or to
exercise any of the other rights). However, we may charge a reasonable fee if your request is
clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your
request in these circumstances.

We may need to request specific information from you to help us confirm your identity and
ensure your right to access your personal data (or to exercise any of your other rights). This is
a security measure to ensure your personal data is not disclosed to any person who has no
right to receive it. We may also contact you to ask you for further information in relation to
your request to speed up our response.

We try to respond to all legitimate requests within one calendar month. Occasionally it may
take us longer than one calendar month if your request is particularly complex or you have
made a number of requests. In this case, we will notify you and keep you updated.

For more information about your privacy rights

The Information Commissioner’s Office (ICO) is the United Kingdom’s independent authority
set up to up hold and enforce data protection and privacy matters in the UK. The ICO makes
a lot of information accessible to consumers on their website.

You can make a complaint to the ICO at any time about the way we use your information.
However, we hope that you would consider raising any issue or complaint you have with us
first. Your satisfaction is extremely important to us and we will always do our very best to
solve any problems you may have.

7. How long we keep your personal data for

We retain a record of your personal data in order to provide you with a high quality and
consistent service. We will always retain your personal information in accordance with the
General Data Protection Regulation (GDPR) and never retain your information for longer
than is necessary. Unless otherwise required by law, your data will be stored for a period of 5
years after our last contact with you/some other identifiable action or period, at which point
it will be permanently deleted and therefore irretrievable.

8. Your personal data and Social Networks

When using our Website, you may be able to share information through social networks like
Facebook and Twitter. For example, when you ‘like’, ‘share’ or review our services. When
doing this, your personal data may be visible to the providers of those social networks and/or
their other users. Please remember it is your responsibility to set appropriate privacy settings
on your social network accounts so you are comfortable with how your information is used
and shared on them.

9. Security

Data security is of great importance to Frugalpac and to protect your personal data we have
put in place suitable physical, electronic and managerial procedures to safeguard and secure
your collected data. We ensure that those who have permanent or regular access to
personal data, or that are involved in the processing of personal data, or in the development
of tools used to process personal data, are trained and informed of their rights and
responsibilities when processing personal data.
We take security measures to protect your information including:

Physical & Managerial Security Procedures

● Limiting access to our buildings to those that we believe are entitled to be there (by use of
passes, key card access and other related technologies);
● Implementing access controls to our information technology;
● We use appropriate procedures and technical security measures (including strict encryption,
anonymisation and archiving techniques) to safeguard your information across all our
computer systems, networks and offices;
● Never asking you to disclose your own passwords;
● Advising you never to enter your account number or password into an email or after
following a link from an email.

Website Application and Hosting Security Procedures

HTTPS – This website is secured via Hyper Text Transfer Protocol Secure (HTTPS). It means all
communications between your browser and this website are securely encrypted. This means
that even if somebody managed to intercept the connection, they would not be able to
decrypt any of the data which passes between you and the website.
Secure Payments via PayPal – All transactions taken and processed on this Website are
handled separately by PayPal.
Secure Update Process – Inline with the security processes of our Website development
partner agency, this Website application’s code-base is administered and updated via a
password and FTP free process. All code-changes are deployed via a secure process that does
not rely on the storage and visible access of passwords.
Two Factor Authentication – Where possible, the administration interface to this Website
application and any personally identifiable information herein are secured behind a two-
factor authentication login to all staff who have access to it. Additionally, our Website
development agency can only access the same interface via their secure Google GSuite
accounts and hold no password records for accessing the platform at super-admin level.
Web Application Maintenance – Frugalpac, working in collaboration with our Website
development agency, regularly monitors the security of this Website and consistently
updates the core CMS platform and supporting extensions and plugins.
PCI-DSS Compliant Server – Our website application is hosted and operations on a PCI-DSS
compliant server independently certified by Security Metrics. The Payment Card Industry
Data Security Standard (PCI DSS) applies to companies of any size that accept credit card
payments.
Cloudflare – Our website’s DNS is managed through CloudFlare who provide our content
delivery network (CDN), DDoS attack mitigation, Internet security and distributed domain
name server services.

10. How we use cookies on our Website

What are cookies?

Cookies are small pieces of data, stored in text files, which are downloaded to your computer
or other device when you visit a website. They are widely used to ‘remember’ you and your
preferences, either for a single visit (through a ’session cookie’) or for multiple repeat visits
(using a ‘persistent cookie’). They ensure a consistent and efficient experience for visitors, and
perform essential functions such as allowing users to register and remain logged in. Cookies
may be set by the site that you are visiting (known as ‘first party cookies’), or by other
websites who serve up content on that site (‘third party cookies’).

What is Cookie Control?

You may notice that our Website utilises a third-party Cookie preference tool called ‘Cookie
Control’. Cookie Control is a mechanism for controlling user consent and the use of cookies
on this website application.

When (as the user) you consent to one of the optional cookie categories, Cookie Control will
place a cookie to remember that decision. The name of the cookie will be the name of the
category specified within the Cookie Control widget itself. That cookie will be removed when
you (the user) revoke consent to that category.

What are ‘Strictly Necessary Cookies’?

These are the cookies that are essential for this Website to perform its basic functions. These
include those required to allow registered users to authenticate and perform account related
functions, as well as to save the contents of virtual ‘carts’ on sites that have an e-commerce
functionality.

Strictly Necessary Cookies are highlighted with a double asterisk (**) in the tables below:

Cookies set by WordPress

Cookie NameDescriptionDuration
wordpress_<hash> **On login, wordpress uses the wordpress_[hash] cookie to store your authentication details. Its use is limited to the admin console area, /wp-admin/2 years
wordpress_logged_in_<hash>  **After login, wordpress sets the wordpress_logged_in_<hash> cookie, which indicates when you’re logged in, and who you are, for most interface use.Session
wp-settings-<time>-<UID>  **WordPress also sets a few wp-settings-<time>-<UID> cookies. The number on the end is your individual user ID from the user’s database table. This is used to customize your view of admin interface, and possibly also the main site interface.Session
WordPress_google_apps_login **This cookie is set by the plugin ‘Google Apps Login for WordPress’ and may be present for users who login to WordPress via their Google or GSuite account.Session
wordpress_test_cookieUsed to check whether your web browser is set to allow or reject cookies.Session
wpe-auth

Cookies set by Woocommerce

Cookie NameDescriptionDuration
woocommerce_cart_hashA cookie that stored a unique identifier for your instance of the Woocommerce shopping cart2 years
wooc0mmerce_items_in_cartA cookie that stores information about what is currently in your Woocommerce shopping cartSession
woocommerce_recently_viewedA cookie that stored in the id’s of products you have viewed this sessionSession
wp_woocommerce_session_<hash>A cookie used as unique identifier when users browse the Woocommerce shop on this websiteSession
PYPFA cookie used by Paypal to aid in the checkout processSession
PHPSESSIDA cookie that stores your unique identifier when browsing the website.

 

Cookies set by Google Analytics

Cookie NameDescriptionDuration
_gaUsed to distinguish users.2 years
_gidUsed to distinguish users.24 hours
_gatUsed to throttle request rate. If Google Analytics is deployed via Google Tag Manager, this cookie will be named _dc_gtm_<property-id>.1 minute
AMP_TOKENContains a token that can be used to retrieve a Client ID from AMP Client ID service. Other possible values indicate opt-out, inflight request or an error retrieving a Client ID from AMP Client ID service.30 seconds to 1 year
_gac_<property-id>Contains campaign related information for the user. If you have linked your Google Analytics and AdWords accounts, AdWords website conversion tags will read this cookie unless you opt-out. Learn more.90 days
_gaexpOptimize 360 – Used to determine a user’s inclusion in an experiment and the expiry of experiments a user has been included in.90 days

 

Cookies set by CloudFlare

Cookie NameDescriptionDuration
__cfduid **The __cfduid cookie is used to identify individual clients behind a shared IP address and apply security settings on a per-client basis.1 years

 

Miscellaneous Cookies

Cookie NameDescriptionDuration
complianceCookieUsed to distinguish your acknowledgement of our website’s Cookie Banner and subsequent policy (this document).14 days

 

How to change your Cookie preferences
The most popular web browsers typically provide additional tools to users for controlling or
restricting cookies on their device. To find out more about cookies, including how to see
what cookies have been set, you can visit www.aboutcookies.org.
Find out how to manage cookies on popular browsers:
● Google Chrome
● Microsoft Edge
● Mozilla Firefox
● Microsoft Internet Explorer
● Opera
● Apple Safari

To find information relating to other browsers, visit the browser developer’s website.
To opt out of being tracked by Google Analytics across all websites, visit
http://tools.google.com/dlpage/gaoptout.

By using our Website, you agree that we can place these types of cookies on your device. If
you want to restrict or block any of the above cookies, you should do this through the web
browser settings for each web browser you use and on each device you use to access the
internet. Please be aware that some of the areas of our Website may not function if your web
browser does not accept cookies. However, you can allow cookies from specific websites by
making them “trusted websites” in your web browser. The “Help” function within your web
browser should tell you how to make these changes. Alternatively, you can visit
https://www.attacat.co.uk/resources/cookies/how-to-ban on how to manage cookies.

11. How to contact us

Our General Counsel oversees compliance with data protection within Frugalpac. If you have
any questions about this notice, including any requests to exercise your rights, please contact
our General Counsel using the contact details set out below.

General Counsel

Frugalpac Limited, Unit 19, Brightwell Barns, Waldringfield Road, Brightwell, Suffolk IP10 0BJ,.
Email: [email protected]
Telephone: +44 (0) 1473 599 070

Last updated on 25th October 2018.