Healthy Koi Ltd are committed to safeguarding the privacy of its website visitors; this policy sets out how we (HKL) will treat your personal information.
(1) What Information do we Collect?
We may collect information in order to provide you with the services and products, to be able to take payment, to keep you up to date with developments, products and special offers and to provide restricted statistical information. We collect, store and use the following kinds of personal data:
- information that you provide to us for the purpose of the supply of products or the undertaking of services which includes details of name, address, land and/ or mobile telephone number and email address.
- information relating to any transactions carried out between you and us on or in relation to this website, or in the undertaking of services including information relating to any purchases or payments you make for our goods or services including card details.
- information that you provide to us for the purpose of subscribing to our website services, email notifications and/or newsletters and special offers.
- information about your IP address which helps to identify your location.
- any other information that you choose to send to us which may be retained.
Your browser should allow you to refuse to accept cookies if you wish. For example, in Internet Explorer you can refuse all cookies by clicking "Tools", "Internet Options", "Privacy", and selecting "Block all cookies" using the sliding selector. This will, however, have a negative impact upon the usability of most websites.
(3) Using your Personal Data
We may use your personal information to:
- administer the website;
- improve your browsing experience by personalising the website;
- enable your use of the services available on the website;
- send to you goods purchased via the website, and supply to you services purchased via the website;
- send statements and invoices to you, and collect payments from you;
- send you general (non-marketing) commercial communications;
- send you email notifications which you have specifically requested;
- send to you our newsletter and other marketing communications and/ or fish health information relating to our business which we think may be of interest to you by post or, where you have specifically agreed to this, by email or similar technology. You can inform us at any time if you no longer require marketing or health advisory communications.
- all our website financial transactions are handled either through our merchant bank for telephone order card payments or by our card gateway processor or orders via the 'shopping basket'. In the latter case, we will provide information only to the extent necessary for the purposes of processing the payments you make. We do not keep any payment details for transactions processed by our gateway processor to ensure security.
- provide third parties such as mandatory government returns or request for information from our trade organization (OATA) with statistical information about our users to help assess national & regional trends. However, this information will not be used to identify any individual user;
- We will not provide your personal information to any third parties for the purpose of direct marketing.
- help deal with enquiries and complaints made by or about you relating to the website or our services;
In addition, we may disclose information about you:
- to the extent that we are required to do so by law;
- in connection with any legal proceedings or prospective legal proceedings;
- in order to establish, exercise or defend our legal rights including providing information to others for the purposes of fraud prevention and reducing credit risk;
- to the purchaser (or prospective purchaser) of any business or asset which we are (or are contemplating) selling.]
(5) International Data Transfers
In addition, personal information that you submit for publication on the website will be published on the internet and may be available, via the internet, around the world. There are many overseas visitors to our website.
You expressly agree to such transfers of personal information.
(6) Security of your Personal Data
We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information.
We will store all the personal information you provide on our secure password- and firewall- protected servers. All electronic transactions you make to or receive from us will be encrypted using SSL technology.
Of course, data transmission over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet.
We wish to remind you that you are responsible for keeping your password and user details confidential. We will never ask you for your password.
(7) Policy Amendments
(8) Your Rights
You may instruct us to provide you with any personal information we hold about you. To defray administration costs, provision of such information may be subject to the payment of a fee which is currently £10.00 + VAT.
You may instruct us not to process your personal data for marketing purposes by email at any time. We will arrange for you to either expressly agree in advance to our use of your personal data for our marketing purposes, or we will provide you with an opportunity to opt-out of the use of your personal data for marketing purposes.
(9) Third Party Websites
The website contains links to other websites. We are not responsible for the privacy policies, practices, goods and services of third party websites.
(10) Updating Information
Please let us know if the personal information which we hold about you needs to be corrected or updated.
(12) Data Controller
The data controller responsible for our website is Healthy Koi Limited.
Our data protection registration number is Z1657630.
We use Sage Pay as our Payment Service Provider to ensure that all card transaction data is kept secure at all times.
All transaction information passed between our site and the Sage Pay Systems is encrypted using 128-bit SSL certificates. No cardholder information is ever passed unencrypted and any messages sent to our servers from Sage Pay are signed using MD5 hashing to prevent tampering. You can be completely secure in the knowledge that nothing passed to the Sage Pay servers can be examined, used or modified by any third parties attempting to gain access to sensitive information.
Encryption and Data Storage
Once on the Sage Pay systems, all sensitive data is secured using the same internationally recognised 256-bit encryption standards used by, among others, the US Government. The encryption keys are held on state-of-the-art, tamper proof systems in the same family as those used to secure VeriSign's Global Root certificate, making them all but impossible to extract. The data held by Sage Pay is extremely secure and Sage Pay is regularly audited by the banks and banking authorities to ensure it remains so.
Links to banks
Sage Pay have multiple private links into the banking network that are completely separate from the internet and which do not cross any publicly accessible networks. Any cardholder information sent to the banks and any authorisation message coming back is secure and cannot be tampered with.
No individuals within Sage Pay are able to decrypt transaction information or cardholder data. The systems only allow access to Sage Pay’s most senior staff and only in extenuating circumstances (such as investigations of Card Fraud by the Police). Your transaction information and customer card information is secure even from Sage Pays employees because their systems never display the full card numbers, even on administration screens.