PRIVACY POLICY

This policy was last modified on 28th Oct 2021.

At Pistol Instruments, we are committed to maintaining the trust and confidence of visitors to our website, and users of our products and services. In particular, we want you to know that Pistol Instruments is not in the business of buying, selling, renting or trading email lists with other companies and businesses for marketing purposes.

In this Privacy Policy, we’ve provided lots of detailed information on when and why we collect your personal information, how we use it, the limited conditions under which we may disclose it to others and how we keep it secure.

You can contact us with data information requests by emailing Patrik Pistol on patrik.pistol@pistolinstruments.com  or alternatively get in touch via our support page, who can pass on your request to the right person.

WHAT ARE COOKIES?

Like most websites, pistolinstruments.com uses cookies to collect information. Cookies are small data files which are placed on your computer or other devices (such as smartphones or tablets) as you browse this website. They are used to remember when your computer or device accesses our website, and also help us keep track of information needed as you move from page to page (for example, the contents of your shopping cart).

Cookies are essential for the effective operation of our websites and to help you shop with us online. They are also used to tailor the products and services offered and advertised to you, both on our websites and elsewhere.

INFORMATION COLLECTED

Some cookies collect information about browsing and purchasing behavior when you access this website via the same computer or device. This includes information about pages viewed, products purchased or added to your cart and your journey around a website. We do not use cookies to collect or record information on your name, address or other contact details. Pistol Instruments can use cookies to monitor your browsing and purchasing behavior.

HOW ARE COOKIES MANAGED?

The cookies stored on your computer or other device when you access our websites are designed by:

• Pistol Instruments, or on behalf of Pistol Instruments, and are necessary to enable you to a make purchases on our website.

• Third parties who collect analytical data (namely Google Analytics, Facebook Pixel and Zendesk).

WHAT ARE COOKIES USED FOR?

The main purposes for which cookies are used are:

1. For technical purposes essential to effective operation of our website, particularly in relation to online transactions and site navigation.

2. To enable Pistol Instruments to collect information about your browsing and shopping patterns, including to monitor the success of campaigns, competitions etc.

HOW DO I DISABLE COOKIES?

If you want to disable cookies you need to change your website browser settings to reject cookies. How you can do this will depend on the browser you use. Further details on how to disable cookies for the most popular browsers are set out below:

• For Microsoft Internet Explorer
• For Google Chrome
• For Safari
• For Mozilla Firefox
• For Opera
• For Safari on iPhone
• For Chrome on iPhone
• For Android Browser

WHAT HAPPENS IF I DISABLE COOKIES?

This depends on which cookies you disable, but in general the website will not operate properly if cookies are switched off. If you only disable third party cookies, you will not be prevented from making purchases on our sites. If you disable all cookies, you will be unable to complete a purchase on our site, some buttons will become inactive, and some navigation functionality will be lost.

OUR CUSTOMER DATABASE

We are a data controller as defined by the GDPR (“A controller determines the purposes and means of processing personal data”).

We have our own customer database which is stored on servers inside the EU (Spain), and is never transferred, duplicated or backed up outside of the EU. Stringent measures are in place to prevent unauthorized access to this database, including IP locking and strong “need to know basis” access policies.

WHO HAS ACCESS?

Access to the raw data is limited to a very small handful of people who legitimately need to use it within Pistol Instruments.

Our customer experience team and finance teams, via the administration section of our website, have access to all customer details including name, postal address, email address, order history, transaction and stored wish list items. Only the head of department can access the raw underlying data.

Our web development teams, both internally, and employed by our third party provider work with an anonymized copy of the live database (the same underlying data, but with all references to identifiable personal information scrambled, including names, email addresses, postal addresses, & phone numbers).

Access keys for our various third party services are stored securely external to the code to which developers have access.

MARKETING

SIGNING UP FOR OUR MAILING LIST

Our home page contains a form you can use to sign up to our mailing list (sometimes known as our newsletter).

After you’ve given us your email using this form, we’ll send you a confirmation email, and you’ll need to click the confirm button to affirm that you opt in and that the email address you used is valid.

At this point we’ll ask you for your name, but giving it to us is optional. The single piece of mandatory information we need from you in order to subscribe you is a valid email address.

• You can also opt to join our mailing list during the process of creating an account.
•  

WHERE WE KEEP OUR MAILING LIST

We use MailPoet to host our mailing list. The data is stored in the same servers in Spain as the rest of the website.

Apart from your email address and (optionally) your name, Mailpoet also tracks your interactions with our campaigns (opens, clicks) as well as detecting if the email is marked as spam or doesn’t get delivered (bounces). They also track whether or not you have unsubscribed.

Every message we send from this platform has an unsubscribe button, and the option to update your mailing preferences.

Additionally, we send some promotional email campaigns via our own website, usually where the message relies on us knowing more information about you. Examples of this include our wish list campaign emails (for which we need to know which products are in your wish list) or “affiliation” messages (e.g. to let Pistol JD-990 Warm Pad owners know that we have released an Expansion Pack).

We maintain synchronicity between your preferences in our own database, and your preferences on Mailpoet (whichever way round you choose to edit them).

One caveat you should note is that if you change your email address directly using Mailpoets supplied form, and don’t make the same adjustment on your Pistol account, we will be unable to maintain sync between both sets of preferences, and you may receive emails you don’t expect.

HOW LONG WE’LL KEEP YOU ON OUR MAILING LIST

We’ll keep you on our mailing list until you unsubscribe so long as you occasionally open our messages.

Once a year we’ll remove people from our list who have not opened any of our emails in the previous 12 months.

THE LEGAL BASIS WE USE FOR MARKETING MESSAGES WE SEND

Where we have not obtained explicit consent from our customers for sending of marketing messages, we may still use the legitimate interests legal basis to send direct messages.

CREATING A PISTOL INSTRUMENTS ACCOUNT

Certain activities you might perform on our website require you to have a Pistol Instruments account. These include:

• Buying products
• Downloading and installing products
• Storing a personal “wish list” of products you are interested in
•  

When you create an account, we ask for your first and last names, your email address and a password, and also ask whether you’d like to opt in to our mailing list (MORE ABOVE).

Your password is stored encrypted using an industry standard password hashing mechanism which isn’t reversible, so nobody, including us, can find out what your password is in plain text. We encourage our customers to use difficult to guess passwords or passphrases, and to use a password manager to discourage password sharing between websites.

HOW YOU CAN FIND OUT WHAT DATA WE HOLD

Known under the GDPR as a “Subject Data Access Request,” you can request that we supply you with all the data we hold on you at any time. To make this easy for you, we have created a page in your account area here: https://www.pistolinstruments.com/my-account/.

HOW LONG DO WE KEEP YOUR DATA

We will retain your Pistol Instruments account indefinitely unless you ask us to delete it (which you can do by contacting us.).

If you have ever bought anything from us we are required by law to retain financial records for at least 6 years, so we will not be able to completely remove you if you have made any orders more recently than this (see our shop section below).

OUR SHOP

If you buy something from us, we will ask for some additional information from you in order to process your payment, deliver you your purchases and continue to support them in future. This is to enable us to fulfill our contractual obligation to you which begins at the point of sale.

WHAT DATA DO WE COLLECT

We ask for your name, email address, company name (if applicable), your registered card billing address,, your credit card number (unless you use Paypal), expiry date and CVS code (“the last 3 digits on the back of the card”).

WHO DEALS WITH OUR PAYMENTS

Our Payment Service Provider is PayPal.

PayPal provides a secure payment gateway (Level 1 PCI DSS), processing payments for thousands of online businesses, including ours. It is PayPal Pay’s utmost priority to ensure that transaction data is handled in a safe and secure way.

PayPal uses a range of secure methods such as fraud screening, IP address blocking and 3D secure. Once on the Sage Pay systems, all sensitive data is secured using the same internationally recognised 256-bit encryption standards.

PayPal is PCI DSS (Payment Card Industry Data Security Standard) compliant to the highest level and maintains regular security audits. They are also regularly audited by the banks and banking authorities to ensure that their systems are impenetrable.

All data transfer between our server and PayPal is over HTTPS which means it is encrypted in transit, and can only be unencrypted by the intended recipient.

PayPal retain your card information in order that we can refund all or part of your transaction in future, but we only have access to the last 4 digits, card name and CVS code.

We don’t make use of any kind of token which would enable us to take another payment in future on the same card (even if you asked us to).

After a payment is successful, PayPal provide us with an automated fraud score which combined with other measures of our own, we use to make an automated decision to either process the order immediately or hold for investigation by one of our customer experience team.

You can read Paypals GDPR compliant privacy policy here

After a successful transaction, we have access to the billing address, name and email address of the Paypal account which was used to make the transaction, which we recognize may not be the same as the Pistol Instruments account holder. We don’t make use of this information for anything. We use the transaction references for accounting purposes.

WHO HAS ACCESS TO FINANCIAL DATA?

Access to our Paypal data is restricted to our customer experience and finance teams (both of whom legitimately need it to be able to carry out their jobs). The heads of our web and operations teams (including at our external partners Switchplane) also have access in order to be able to manage the integration with our site, and act as tier 3 level support in case of unusually problematic transactions. The Customer Experience team has access to Paypal principally so that they can request and confirm manual payments.

TRANSACTIONAL EMAILS