Our Customer Promise – Our Privacy Policy

Who we are

Flybox International Limited is a registered company (Registration Number SC325665).

The aim of the organisation is to develop and retail high quality, innovative fly tying materials.

What data we collect

Like most organisations, we collect data in the natural course of running our business.

This privacy policy explains how we comply with the GDPR (General Data Protection Regulation) and the PECR (Privacy and Electronic Communications Regulations).

We do not give, sell, exchange or rent users’ names, email addresses, postal addresses, telephone numbers, or any other personal or company information, to any other party or organisation for commercial purposes.

Flybox does not disclose buyers’ information to third parties other than when order details are processed as part of the order fulfilment. In this case, the third party will not disclose any of the details to any other third party.

All of Flybox International Ltd’s data is shared with our appointed marketing contractor Volpa Ltd, who are responsible for managing the business’s marketing communications.

We like to keep things simple so here’s an overview of what data we collect, when and what we do with it:

Our Customer Data

Online Customers

Online purchases are made via our dedicated website on a HTTPS (secure) link at www.flyboxdirect.co.uk which operates on a WordPress platform, hosted in the United Kingdom by Flywheel and uses a Woocommerce plugin to manage sales.

All data is backed up every 24 hours and Flywheel deploys server wide security and encryption to ensure our customers’ data is kept safe.

When our customer make a purchase, in order to fulfil their order, we collect and store the following data under grounds of legitimate interest:

  • First and Second Name
  • Company Name (if appropriate)
  • Postal Address (for sending out the order)
  • Phone Number (in case there are any problems with their order)
  • Email Address
  • Order Details (e.g products purchased)

All payment processing is handled off site by one of two third party payment processing providers, specifically:

Under current UK financial accounting regulations, this transactional data is kept for a period of 7 years and then is deleted.

Flybox International Ltd has access to these payment portals in order to reconcile transactions for accounting purposes. Flybox International Ltd complies fully with all PCI DSS compliance requirements put in place by these payment providers.

PCI DSS is the worldwide Payment Card Industry Data Security Standard that was set up to help businesses process card payments securely and reduce card fraud. The achieves through enforcing tight controls surrounding the storage, transmission and processing of cardholder data that businesses handle. PCI DSS is intended to protect sensitive cardholder data.

When you place an order with Flybox International Ltd, you will also be asked if you wish to opt in to our regular e-newsletter. This is managed using a third party provider called Mailchimp. Before you are fully subscribed to this newsletter you will have to confirm your subscription by email which will be automatically generated when you select the opt-in option on the website.

Online Wishlist Users

Website users are able to create accounts without purchasing, within which they can store and retrieve wishlist items at a later date.

The information is stored in our website database and kept for a period of 2 years, after which it is deleted.

The information stored is:

  • First and Last Name
  • Email Address
  • Wishlist Products

Telephone Customers

Telephone purchases are made via our dedicated telephone line 0800 862 0117 which is operated by OneCom.

When our customers make a purchase by phone, in order to fulfil their order, we collect on paper the order details under grounds of legitimate interest:

  • First and Second Name
  • Company Name (if appropriate)
  • Postal Address (for sending out the order)
  • Phone Number (in case there are any problems with their order)
  • Email Address
  • Order Details (e.g products purchased)

This order form is then sent, with the order, to the customer. No copies are stored by Flybox International Ltd.

All payment processing is handled by our payment processing provider Pay 360 with card data being inputted directly by a trained member of the Flybox team.

Financial transaction is anonymised and held under current UK financial accounting regulations for a period of 7 years and then is deleted.

Flybox International Ltd has access to these payment portals in order to reconcile transactions for accounting purposes. Flybox International Ltd complies fully with all PCI DSS compliance requirements put in place by these payment providers.

PCI DSS is the worldwide Payment Card Industry Data Security Standard that was set up to help businesses process card payments securely and reduce card fraud. The achieves through enforcing tight controls surrounding the storage, transmission and processing of cardholder data that businesses handle. PCI DSS is intended to protect sensitive cardholder data.

Trade Customers

Trade purchases are made by phone, email or fax and we follow the same process outlined above for our Phone Customers.

When our customers make a purchase, in order to fulfil their order, we collect and store the following data in our accounting software Xero under grounds of legitimate interest:

  • First and Second Name
  • Company Name (if appropriate)
  • Postal Address (for sending out the order)
  • Phone Number (in case there are any problems with their order)
  • Email Address
  • Order Details (e.g products purchased)

Under current UK financial accounting regulations, this transactional data is kept for a period of 7 years and then is deleted.

All credit or debit card payment processing is handled by one of two third party payment processing providers, specifically:

Flybox International Ltd has access to these payment portals in order to reconcile transactions for accounting purposes. Flybox International Ltd complies fully with all PCI DSS compliance requirements put in place by these payment providers.

PCI DSS is the worldwide Payment Card Industry Data Security Standard that was set up to help businesses process card payments securely and reduce card fraud. The achieves through enforcing tight controls surrounding the storage, transmission and processing of cardholder data that businesses handle. PCI DSS is intended to protect sensitive cardholder data.

Other payment options are available to trade customers including BACS transfer, wire transfer, cash and cheque payment.

Our E-Newsletter Subscribers

Flybox International Ltd sends no more than 110 e-newsletters to our database over the course of a year (on average two emails per week). These e-newsletters include:

  • New Product Announcements
  • Special Offers
  • Fly-tying Patterns and Instructions

The only personal data we collect and store in this database, which is managed on a secure platform provided by Mailchimp is:

  • Your First Name
  • Your Second Name
  • Your Email Address

You can unsubscribe from this database at any time by simply choosing the “Unsubscribe” option on the footer of every email or by emailing us at team@flybox.co.uk

Email marketing messages may contain tracking beacons / tracked clickable links or similar server technologies in order to track subscriber activity within email marketing messages. Where used, such marketing messages may record a range of subscriber data relating to engagement, geographic, demographics and already stored subscriber data.

Periodically, at least every 3 years, you will be asked to re-verify your subscription to this mailing list to ensure you still wish to receive communications from us.

Our use of Website Cookies

This website uses cookies to better the users experience while visiting the website. As required by legislation, where applicable this website uses a cookie control system, allowing the user to give explicit permission or to deny the use of /saving of cookies on their computer / device.

What are cookies? Cookies are small files saved to the user’s computer’s hard drive that track, save and store information about the user’s interactions and usage of the website. This allows the website, through its server to provide the users with a tailored experience within this website.

Users are advised that if they wish to deny the use and saving of cookies from this website on to their computers hard drive they should take necessary steps within their web browsers security settings to block all cookies from this website and its external serving vendors or use the cookie control system if available upon their first visit.

Website Visitor Tracking

This website uses tracking software to monitor its visitors to better understand how they use it. The software will save a cookie to your computer’s hard drive in order to track and monitor your engagement and usage of the website, but will not store, save or collect personal information.

Specifically we use:

  • Google Analytics (which helps us understand what pages you visit, how long you spend on those pages and where in the world you are from. It does not enable us to identify you personally)
  • Facebook Pixel (which helps us serve digital advertising to you via the Facebook platform if you have already visited our website.)

Downloads & Media Files

Any downloadable documents, files or media made available on this website are provided to users at their own risk. While all precautions have been undertaken to ensure only genuine downloads are available users are advised to verify their authenticity using third party anti virus software or similar applications.
We accept no responsibility for third party downloads and downloads provided by external third party websites and advise users to verify their authenticity using third party anti virus software or similar applications.

External Website Links & Third Parties

Although we only look to include quality, safe and relevant external links, users are advised to adopt a policy of caution before clicking any external web links mentioned throughout this website. (External links are clickable text / banner / image links to other websites)

Shortened URL’s; URL shortening is a technique used on the web to shorten URL’s (Uniform Resource Locators) to something substantially shorter. This technique is especially used in social media and looks similar to this (example: http://bit.ly/zyVUBo). Users should take care before clicking on shortened URL links and verify their authenticity before proceeding.

We cannot guarantee or verify the contents of any externally linked website despite our best efforts. Users should therefore note they click on external links at their own risk and we cannot be held liable for any damages or implications caused by visiting any external links mentioned.

Social Media Policy & Usage

We adopt a Social Media Policy to ensure our business and our staff conduct themselves appropriately online. While we may have official profiles on social media platforms users are advised to verify authenticity of such profiles before engaging with or sharing information with such profiles. We will never ask for user passwords or personal details on social media platforms. Users are advised to conduct themselves appropriately when engaging with us on social media.

There may be instances where our website features social sharing buttons, which help share web content directly from web pages to the respective social media platforms. You use social sharing buttons at your own discretion and accept that doing so may publish content to your social media profile feed or page.

If you have concerns about how your data is being handled:

We have taken every reasonable step to ensure that your data is handled securely and appropriately to enable us to deliver on our promises to you, however if you feel this is not the case, we want to know.

If you believe you have grounds for complaint about the way your data is being handled by Flybox International Ltd, please contact:

Ian Christie at Flybox, email ian@flybox.co.uk

You may also wish to contact the Information Commissioner’s Office who are responsible for upholding data protection in the United Kingdom. Details of your rights and how to contact them are online at: https://ico.org.uk/

Policy Version: 12/05/2018