This policy was last modified on 28th Oct 2021.
At Pistol Instruments, we are committed to maintaining the trust and confidence of visitors to our website, and users of our products and services. In particular, we want you to know that Pistol Instruments is not in the business of buying, selling, renting or trading email lists with other companies and businesses for marketing purposes.
You can contact us with data information requests by emailing Patrik Pistol on firstname.lastname@example.org or alternatively get in touch via our support page, who can pass on your request to the right person.
WHAT ARE COOKIES?
Cookies are essential for the effective operation of our websites and to help you shop with us online. They are also used to tailor the products and services offered and advertised to you, both on our websites and elsewhere.
HOW ARE COOKIES MANAGED?
The cookies stored on your computer or other device when you access our websites are designed by:
- Pistol Instruments, or on behalf of Pistol Instruments, and are necessary to enable you to a make purchases on our website.
- Third parties who collect analytical data (namely Google Analytics, Facebook Pixel and Zendesk).
WHAT ARE COOKIES USED FOR?
The main purposes for which cookies are used are:
- For technical purposes essential to effective operation of our website, particularly in relation to online transactions and site navigation.
- To enable Pistol Instruments to collect information about your browsing and shopping patterns, including to monitor the success of campaigns, competitions etc.
HOW DO I DISABLE COOKIES?
If you want to disable cookies you need to change your website browser settings to reject cookies. How you can do this will depend on the browser you use. Further details on how to disable cookies for the most popular browsers are set out below:
- For Microsoft Internet Explorer
- For Google Chrome
- For Safari
- For Mozilla Firefox
- For Opera
- For Safari on iPhone
- For Chrome on iPhone
- For Android Browser
WHAT HAPPENS IF I DISABLE COOKIES?
This depends on which cookies you disable, but in general the website will not operate properly if cookies are switched off. If you only disable third party cookies, you will not be prevented from making purchases on our sites. If you disable all cookies, you will be unable to complete a purchase on our site, some buttons will become inactive, and some navigation functionality will be lost.
OUR CUSTOMER DATABASE
We are a data controller as defined by the GDPR (“A controller determines the purposes and means of processing personal data”).
We have our own customer database which is stored on servers inside the EU (Spain), and is never transferred, duplicated or backed up outside of the EU. Stringent measures are in place to prevent unauthorized access to this database, including IP locking and strong “need to know basis” access policies.
WHO HAS ACCESS?
Access to the raw data is limited to a very small handful of people who legitimately need to use it within Pistol Instruments.
Our customer experience team and finance teams, via the administration section of our website, have access to all customer details including name, postal address, email address, order history, transaction and stored wish list items. Only the head of department can access the raw underlying data.
Our web development teams, both internally, and employed by our third party provider work with an anonymized copy of the live database (the same underlying data, but with all references to identifiable personal information scrambled, including names, email addresses, postal addresses, & phone numbers).
Access keys for our various third party services are stored securely external to the code to which developers have access.
SIGNING UP FOR OUR MAILING LIST
Our home page contains a form you can use to sign up to our mailing list (sometimes known as our newsletter).
After you’ve given us your email using this form, we’ll send you a confirmation email, and you’ll need to click the confirm button to affirm that you opt in and that the email address you used is valid.
At this point we’ll ask you for your name, but giving it to us is optional. The single piece of mandatory information we need from you in order to subscribe you is a valid email address.
- You can also opt to join our mailing list during the process of creating an account.
WHERE WE KEEP OUR MAILING LIST
We use MailPoet to host our mailing list. The data is stored in the same servers in Spain as the rest of the website.
Apart from your email address and (optionally) your name, Mailpoet also tracks your interactions with our campaigns (opens, clicks) as well as detecting if the email is marked as spam or doesn’t get delivered (bounces). They also track whether or not you have unsubscribed.
Every message we send from this platform has an unsubscribe button, and the option to update your mailing preferences.
Additionally, we send some promotional email campaigns via our own website, usually where the message relies on us knowing more information about you. Examples of this include our wish list campaign emails (for which we need to know which products are in your wish list) or “affiliation” messages (e.g. to let Pistol JD-990 Warm Pad owners know that we have released an Expansion Pack).
We maintain synchronicity between your preferences in our own database, and your preferences on Mailpoet (whichever way round you choose to edit them).
One caveat you should note is that if you change your email address directly using Mailpoets supplied form, and don’t make the same adjustment on your Pistol account, we will be unable to maintain sync between both sets of preferences, and you may receive emails you don’t expect.
HOW LONG WE’LL KEEP YOU ON OUR MAILING LIST
We’ll keep you on our mailing list until you unsubscribe so long as you occasionally open our messages.
Once a year we’ll remove people from our list who have not opened any of our emails in the previous 12 months.
THE LEGAL BASIS WE USE FOR MARKETING MESSAGES WE SEND
Where we have not obtained explicit consent from our customers for sending of marketing messages, we may still use the legitimate interests legal basis to send direct messages.
CREATING A PISTOL INSTRUMENTS ACCOUNT
Certain activities you might perform on our website require you to have a Pistol Instruments account. These include:
- Buying products
- Downloading and installing products
- Storing a personal “wish list” of products you are interested in
When you create an account, we ask for your first and last names, your email address and a password, and also ask whether you’d like to opt in to our mailing list (MORE ABOVE).
Your password is stored encrypted using an industry standard password hashing mechanism which isn’t reversible, so nobody, including us, can find out what your password is in plain text. We encourage our customers to use difficult to guess passwords or passphrases, and to use a password manager to discourage password sharing between websites.
HOW YOU CAN FIND OUT WHAT DATA WE HOLD
Known under the GDPR as a “Subject Data Access Request,” you can request that we supply you with all the data we hold on you at any time. To make this easy for you, we have created a page in your account area here: https://www.pistolinstruments.com/my-account/.
HOW LONG DO WE KEEP YOUR DATA
We will retain your Pistol Instruments account indefinitely unless you ask us to delete it (which you can do by contacting us.).
If you have ever bought anything from us we are required by law to retain financial records for at least 6 years, so we will not be able to completely remove you if you have made any orders more recently than this (see our shop section below).
If you buy something from us, we will ask for some additional information from you in order to process your payment, deliver you your purchases and continue to support them in future. This is to enable us to fulfill our contractual obligation to you which begins at the point of sale.
WHAT DATA DO WE COLLECT
We ask for your name, email address, company name (if applicable), your registered card billing address,, your credit card number (unless you use Paypal), expiry date and CVS code (“the last 3 digits on the back of the card”).
WHO DEALS WITH OUR PAYMENTS
Our Payment Service Provider is PayPal.
PayPal provides a secure payment gateway (Level 1 PCI DSS), processing payments for thousands of online businesses, including ours. It is PayPal Pay’s utmost priority to ensure that transaction data is handled in a safe and secure way.
PayPal uses a range of secure methods such as fraud screening, IP address blocking and 3D secure. Once on the Sage Pay systems, all sensitive data is secured using the same internationally recognised 256-bit encryption standards.
PayPal is PCI DSS (Payment Card Industry Data Security Standard) compliant to the highest level and maintains regular security audits. They are also regularly audited by the banks and banking authorities to ensure that their systems are impenetrable.
All data transfer between our server and PayPal is over HTTPS which means it is encrypted in transit, and can only be unencrypted by the intended recipient.
PayPal retain your card information in order that we can refund all or part of your transaction in future, but we only have access to the last 4 digits, card name and CVS code.
We don’t make use of any kind of token which would enable us to take another payment in future on the same card (even if you asked us to).
After a payment is successful, PayPal provide us with an automated fraud score which combined with other measures of our own, we use to make an automated decision to either process the order immediately or hold for investigation by one of our customer experience team.
After a successful transaction, we have access to the billing address, name and email address of the Paypal account which was used to make the transaction, which we recognize may not be the same as the Pistol Instruments account holder. We don’t make use of this information for anything. We use the transaction references for accounting purposes.
WHO HAS ACCESS TO FINANCIAL DATA?
Access to our Paypal data is restricted to our customer experience and finance teams (both of whom legitimately need it to be able to carry out their jobs). The heads of our web and operations teams (including at our external partners Switchplane) also have access in order to be able to manage the integration with our site, and act as tier 3 level support in case of unusually problematic transactions. The Customer Experience team has access to Paypal principally so that they can request and confirm manual payments.
When and what?
Confirms that we have received your order and the amount you spent. Includes link to your invoice
Contractual obligation – we need to confirm your order has been successful
Purchase is ready
After fraud checking has finished and your order has been fully processed, we’ll send this message to let you know it is ready to be downloaded.
Contractual obligation – this is part of us delivering the product to you
We typically offer free updates to products during their lifetime. This message is to let you know when one is available for something you own.
Legitimate interests – we think you’ll want to know that there have been improvements to a product you own. This is part of our ongoing commitment to our customers.