Privacy and Security
Maintaining the security of your data is a priority at CozyMole, and we are committed to respecting your privacy rights. We pledge to handle your data fairly and legally at all times. CozyMole is also dedicated to being transparent about what data we collect about you and how we use it.
We do not pass your personal information on to third parties other than our partner businesses who are sub-contracted to fulfill parts of your order process (e.g. Royal Mail).
All transactions that you initiate with CozyMole on this web site are confidential. Your name will not be added to any third party mailing lists.
Web browser cookies
The two cookies that are used within our Site are as follows:
- PHPSESSID - Contains a PHP "session ID", expires when the browser is closed. The "PHPSESSID" cookie is required so that the site can recognise the same User clicking from page to page. Without it, every page would be treated as the first visit to the site, and anything added to the shopping basket would be instantly forgotten. Online shopping is not possible without this cookie.
- Session - Contains a PHP "session ID", can also contain an email address and encrypted password, expires after one year. The "session" cookie is intended for the User's convenience. The Site creates this with a copy of the initial session ID so that the User can be classed as "returning" and the contents of their shopping basket will still be available. If the User signs in with an email address and password, these login details are also saved so that they can remain logged in when returning (the password is encrypted). If the User signs out, their login details are removed from the cookie.
Personal and Non-Personal Identification Information
We may collect personal identification information from Users in a variety of ways, including, but not limited to, when Users visit our site, register on the site, place an order, fill out a form, respond to a survey, subscribe to the newsletter and in connection with other activities, services, features or resources we make available on our Site.
Users may, however, visit our Site anonymously and there is no requirement to register in order to browse.
We will collect personal identification information from Users only if they voluntarily submit such information to us. Users can always refuse to supply personally identification information, except that it may prevent them from engaging in certain Site related activities.
We may collect non-personal identification information about Users whenever they interact with our Site. Non-personal identification information may include the browser name, the type of computer and technical information about Users means of connection to our Site, such as the operating system and the IP address used for the connection.
When a User sign up for an account, no matter whether a purchase is made or not, the Site will store the details the User provides, which may include: email address, password (which is encrypted), the date registered, the date of last visit to the Site, the IP address, and the Host Name used at last login. If the User progresses to Checkout an order then the following further information is collected and stored on your account: name, Company (optional), VAT number (optional), billing address and telephone number. All this information can be accessed and edited by the User in the My Account area..
When a User places an order, a copy of the current account information (listed a is stored with the order, along with the following additional information:
Delivery address (if different to Billing)
IP address, its host name and its country location
type of device used, such as mobile or desktop
date and time of order
number of loyalty points they earned, if applicable
any activity on the order, such as the date and time the order was completed by our staff
whether you are a new customer, a returning one or a guest
the products you ordered
Please note that our Site cannot access, collect or store your payment information (e.g. credit card number). This is handled directly with our payment provider (SagePay) through a secure connection to their system. When you enter this information during the order process, although you appear to be on our Site, you are actually connected directly to SagePay.
How we use collected information (Legal Basis)
CozyMole collects and uses Users' personal information for the following purposes:
To process transactions
We may use the information Users provide about themselves when placing an order only to provide service to that order. We do not share this information with outside parties except to the extent necessary to provide the service (for example to address your parcel and send through Royal Mail or couriers).
To send emails
The email address Users provide for order processing, will only be used to send them information and updates pertaining to their order. It may also be used to respond to their inquiries, and/or other requests or questions. If the User decides to opt-in to our mailing list, they will receive occasional emails that may include company news, updates, related product or service information, etc. If at any time the User would like to unsubscribe from receiving such future emails, we include a simple unsubscribe link at the bottom of each email.
To improve customer service
Your information helps us to more effectively respond to your customer service requests and support needs.
To personalize user experience
We may use information in the aggregate to understand how our Users as a group use the services and resources provided on our Site.
To improve our Site
We continually strive to improve our website offerings based on the information and feedback we receive from you.
How we protect your information
We adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorized access, alteration, disclosure or destruction of your personal information, username, password, transaction information and data stored on our Site.
Sensitive and private data exchange between the Site and its Users happens over a SSL secured communication channel and is encrypted and protected with digital signatures.
Sharing your personal information
We do not sell, trade, or rent Users personal identification information to others. We may share generic aggregated demographic information not linked to any personal identification information regarding visitors and users with our business partners, trusted affiliates and advertisers for the purposes outlined above. We may use third party service providers to help us operate our business and the Site or administer activities on our behalf, such as sending out newsletters or seeking your feedback. We may share your information with these third parties for those limited purposes.
You have the following rights:
- the right to ask for a copy of personal data that we hold about you (the right of access);
- the right (in certain circumstances) to request that we delete personal data held on you where we no longer have any legal reason to retain it (the right of erasure or to be forgotten);
- the right to ask us to update and correct any out-of-date or incorrect personal data that we hold about you (the right of rectification);
- the right to opt out of any marketing communications that we may send you and to object to us using / holding your personal data if we have no legitimate reasons to do so (the right to object);
- the right (in certain circumstances) to ask us to ‘restrict processing of data’, which means that we would need to secure and retain the data for your benefit but not otherwise use it (the right to restrict processing);
- the right (in certain circumstances) to ask us to supply you with some of the personal data we hold about you in a structured machine-readable format and/or to provide a copy of the data in such a format to another organisation (the right to data portability).
If you wish to exercise any of the above rights, please contact us using the contact details set out below. In the case of objecting to marketing emails this is more simply acheived by clicking the 'UNSUBSCRIBE' link available at the end of every email.
Your acceptance of these terms
By using this Site, you signify your acceptance of this policy and terms of service. If you do not agree to this policy, please do not use our Site. Your continued use of the Site following the posting of changes to this policy will be deemed your acceptance of those changes.
PO Box 162
Tel: 01845 587950
We use the industry leading internet payment company SagePay (formerly Protx) to protect your card details and protect us from fraud. The following security systems are used.
Transaction security. All transaction information passed between merchant sites and the SagePay VSP Systems is encrypted using 128-bit SSL certificates. No cardholder information is ever passed unencrypted and any messages sent to your servers from SagePay are signed using MD5 hashing to prevent tampering. You can be completely secure in the knowledge that nothing you pass to the SagePay servers can be examined, used or modified by any third parties attempting to gain access to sensitive information. Your card data is never available or visible to any employee of CozyMole or SagePay - this information is handled entirely by computers which do not make the details visible to their users.
Encryption and Data Storage. All sensitive data is secured on SagePay using the same internationally recognised 256-bit encryption standards used by, among others, the US Government. The encryption keys are held on state-of-the-art, tamper proof systems in the same family as those used to secure VeriSign’s Global Root certificate, making them all but impossible to extract. The data held is extremely secure and we are regularly audited by the banks and banking authorities to ensure it remains so.
Links to banks. SagePay has multiple private links into the banking network that are completely separate from the Internet and which do not cross any publicly accessible networks. Any cardholder information sent to the banks and any authorisation message coming back is secure and cannot be tampered with.
Employee access. No individuals within CozyMole or SagePay are able to decrypt transaction information or cardholder data. SagePay systems only allow access to our most senior staff and only in extenuating circumstances (such as investigations of Card Fraud by the Police). Your transaction information and customer card information is secure even from our own employees because our systems never display the full card numbers, even on administration screens.
This page last revised: 24th May 2018.