Privacy Policy

This Privacy Policy was written to help you better understand how we collect, use and store your information. Since technology and privacy laws are always changing, we may occasionally update this policy. The date of the last revision can be found in the footer. If you continue to use GPL Vault after these changes are posted, you agree to the revised policy.

By signing up for any of the products or services offered by GPL Vault (together, the “Services”) you are agreeing to the terms of this Privacy Policy and, as applicable, the GPL Vault Terms of Service. This policy is a legally binding agreement between you (and your client, employer or another entity if you are acting on their behalf) as the user of the Services (referred to as “you” or “your”) and GPL Vault and its affiliates. If we add any new features or tools to our Services, they will also be subject to this policy.

We will keep your Personal Information accurate, complete and up-to-date with the information that you provide to us. If you request access to your Personal Information, we will inform you of the existence, use and disclosure of your Personal Information as allowed by law, and provide you access to that information.

Information gathered by GPL Vault:

We collect certain personal information about visitors and users of GPL Vault.

The most common types of information we collect are things like: user names, email addresses, other contact details, payment information such as payment agent details, transaction details, support queries and web analytics data.

If you choose to subscribe to our free electronic newsletter we collect your email address, and, if you choose to provide it, a zip or postal code.

We use this information to service your account, verify your identity, process transactions, enhance our Services, manage our legal and operational affairs and answer any questions you may have.

When do we collect this information?

We collect this information when you visit our website or engage with us either by email, web form, instant message, phone, or post content on our website (including forums & blogs). We also collect any additional information that you might provide to us.

When you provide personal information to us via GPL Vault you’re consenting to us collecting and using that information in line with this policy and the terms of service. You are likely to provide personal information when you complete membership registration and buy a subscription, subscribe to a newsletter, email list, submit feedback, enter a contest, fill out a survey, or send us a communication.

Information from cookies

What is a cookie? A cookie is a small amount of data, which may include a unique identifier. Cookies are sent to your browser from a website and stored on your device. Every device that accesses our website is assigned a different cookie by us. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

Why and when does GPL Vault use cookies?

We use cookies to recognize your device and provide you with a personalized experience. We do this so that we can remember your settings such as your username for the members area and to keep you logged into your account. We do not use cookies to track you. The cookies we use are “session” cookies, which are used to customize the look and feel of the site for your own custom preference.

While you visit our site, we’ll track:

Location, IP address and browser type: we’ll use this for purposes like estimating taxes.

We’ll also use cookies to keep track of cart contents while you’re browsing our site.

When you purchase from us, we’ll ask you to provide information including your name, email address, credit card/payment details and optional account information like username and password. We’ll use this information for purposes, such as, to:

  • Send you information about your account and order
  • Respond to your requests, including refunds and complaints
  • Process payments and prevent fraud
  • Set up your account for our store
  • Comply with any legal obligations we have, such as calculating taxes
  • Improve our store offerings
  • Send you marketing messages, if you choose to opt in receive them

If you create an account, we will store your name and email address which will be used to populate the checkout for future orders. We do NOT store your credit or debit card information nor do we have sight of this information since the transaction is entirely between you and the gateway provider and this transaction is concluded on the site of the gateway provider.

We accept payments through PayPal. When processing payments, some of your data will be passed to PayPal, including information required to process or support the payment, such as the purchase total and billing information.

Please see the PayPal Privacy Policy for more details.

We also accept payments through Stripe. When processing payments, some of your data will be passed to Stripe, including information required to process or support the payment, such as the purchase total and billing information.

Please see the Stripe Privacy Policy for more details.

We generally store information about you for as long as we need the information for the purposes for which we collect and use it, and we are not legally required to continue to keep it. For example, we will store order information for six (6) years for tax and accounting purposes. This includes your name and email address.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

Our website also uses Google Analytics, a service which transmits website traffic data to Google servers in the United States. Google Analytics does not identify individual users or associate your IP address with any other data held by Google. We use reports provided by Google Analytics to help us understand website traffic and webpage usage.

By using this website, you consent to the processing of data about you by Google in the manner described in Google’s Privacy Policy and for the purposes set out above. You can opt out of Google Analytics if you disable or refuse the cookie, disable JavaScript, or use the opt-out service provided by Google

Who on our team has access

Members of our team have access to the information you provide us. For example, Administrators and Shop Managers can access:

  • Order information like what was purchased, when it was purchased and;
  • Customer information like your name, email address, and billing information.

Our team members have access to this information to help fulfill orders, process refunds and support you.

When and why do we share Personal Information with third parties?

We may use the following third-party service providers named below to process and store your data:

Sparkpost, which we use to send our transactional emails. A transactional email is an email we send to convey information about your account. These can be such things as a receipt for payment, a password, a notification that a subscription has been renewed, suspended or rejected etc. Sparkpost do not store the content of the email but they do track whether the email has been received. This is their privacy policy – https://www.sparkpost.com/policies/privacy/

Mailchimp (The Rocket Science Group, LLC), which we use to manage opt-in email marketing subscriber lists and to send emails to our subscribers. Read their privacy policy. And see here for further information on Mailchimp analytics.

You may remove your name from our mailing list at any time by clicking the “unsubscribe from this list” link at the bottom of any email that you receive.

Cloudflare, which is a traffic optimization and distribution service provided by CloudFlare Inc.

The way CloudFlare is integrated means that it filters all the traffic via it’s own servers, i.e., communication between this website and the User’s browser, while also allowing analytical data from this site to be collected.

European Commission – if you are a business customer in Europe with a VAT number then we use the EC customs tool to check that the number is valid. You can see the tool here: http://ec.europa.eu/taxation_customs/vies/

Xero – we use the Xero service for our accounting, bookkeeping and taxation functions. This service stores your name, email address and financial transaction which enables us to comply with our legal and taxation requirements. You can read their privacy policy here: https://www.xero.com/us/about/terms/

We also may share your details due to the following legal exceptions:

Personal information may be shared with third parties to prevent, investigate, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our Terms of Service or any other agreement related to the Services, or as otherwise required by law.

Personal information may also be shared with a company that acquires our business, whether through merger, acquisition, bankruptcy, dissolution, reorganization, or other similar transaction or proceeding. It may also be shared with our professional advisors (lawyers, accountants etc) or with regulators and government authorities.

Email Enquiries

If you have emailed or written to us then we retain that email or letter to allow sufficient time for your query to be dealt with. Once the matter has been concluded the email or letter is securely deleted. We usually do this straight away but in any event within a one hundred and eighty (180) day time frame.

We do NOT use any information submitted to us by email or letter for marketing purposes.

What do we do with your Personal Information when you terminate your relationship with us?

If an account remains inactive for one hundred and eighty (180) days then it is deleted from our system unless you contact us to request otherwise. You may also close the account you have with us at any time. To make an access, correction or closure request, please contact us using the contact details at the end of this policy.

We also keep ninety (90) day rolling backups of our systems after which time they are securely deleted and we keep log files (server logs and download logs) for one hundred and eighty (180) days after which time they are securely deleted.

We will continue to store archived copies of your previous financial transactions for legitimate business purposes only and for a period of six (6) years to comply with our legal and financial requirements.

Note that any pending, failed or cancelled orders are automatically deleted after a thirty (30) day period. Copies of these orders, because they have failed to be processed are not stored beyond this thirty (30) day period.

What we don’t do with your Personal Information

We do not and will never share, disclose, sell, rent, or otherwise provide Personal Information to other companies for the marketing of their own products or services.

We do not use the Personal Information we collect from you or your customers to contact or market to your customers or directly compete with you. However, GPL Vault may contact or market to your customers if we obtain their information from another source, such as from the customers themselves.

How do we keep your Personal Information secure?

We follow industry standards on information security management to safeguard sensitive information, such as financial information, intellectual property and any other Personal Information entrusted to us. All personal information is fully encrypted and stored in secure off site ‘zero knowledge’ locations. Our information security systems apply to people, processes and information technology systems on a risk management basis.

We do NOT store your credit or debit card information nor do we have sight of this information since the transaction is entirely between you and the gateway provider and this transaction is concluded on the site of the gateway provider.

In the event of a data breach we shall inform you the customer and the relevant authorities as soon as we become aware of it but in any event no later than 72 hours.

Access to your personal information

You retain all rights to your Personal Information and can access it anytime. In addition, GPL Vault takes reasonable steps to allow you to correct or amend personal information that is shown to be inaccurate or incomplete. If you have an account on this site you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us.

You also have the right to be forgotten. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes. We automatically delete expired accounts in line with our policies detailed above but if you wish for your account to be deleted sooner then contact us using the details below and we will expedite your request within thirty (30) days.

If you have any questions about your Personal Information or this policy, please contact us: [email protected]

Alternatively, you can also write to us by snail mail at: GPL Vault, Gower House, 23 Tir y Farchnad, SWANSEA. UNITED KINGDOM. SA4 3GS

last updated: 21 May 2018