Your security

This section talks about how we process your interactions with this website and how we use and protect any information deriving from your use of this website. The information is presented in a detailed form to engender your confidence in the transparency and necessity of how we use this information.

The security of your data and transactions is of prime importance to us. To this end, we have striven to implement the recommendations and requirements, and the spirit, of two pieces of European legislation designed to protect citizens, entities and their data:

  1. The General Data Protection Regulation (GDPR), a legal framework governing the use of personal data across all European which came into law on 25th May 2018.
  2. The Directive on privacy and electronic communications, also known as the ePrivacy Directive and commonly known as the ‘cookie law’. The original 2002 directive has been revised to bring it into line with the GDPR.

Athough the United Kingdom will be leaving the European Union on 29th March 2019, the UK government has stated its intention that both directives should remain on the UK statute.

Shopping operations

At the shopping level, this website does not collect any information which can be directly linked to an identifiable individual or entity.

We do not require you to register with us, or to log in or to give us any personal details, so you can be assured of your security and anonymity. Once we transfer you to a retailer’s site, we have no knowledge of your interactions with that site. If you have online accounts with any of the retailers, you just log on to that account and shop as normal – we have NO knowledge of any data you enter into the retailers’ sites, including logon names and passwords. All retailers represented on this site are reputable organisations and will have their own GDPR, cookie and security policies.

Our partnership agreements with some retailers mean that we transfer you directly from this site to the retailer’s site.

Other retailers employ specialist organisations to outsource their dealings with partners such as ourselves. This outsourcing arrangement, among other benefits, relieves the retailer from handling the administration of commission payments. In these cases, we pass you initially to the intermediary organisation’s website which then transfers you to the retailer’s site. We provide the intermediary organisation with ABSOLUTELY NO DATA which can link our transfer transaction to an identifiable individual or entity. The intermediary organisations appointed by our retail partners, with whom we interact,  are:

Your name and email address

You do not need to provide us with your name or email address in order to benefit from the majority of the features of this website. However, they may be requested in certain areas of the website:

  • the ‘Contact us’ form asks for your name. You may choose whether you want to also enter your email address. If you require a response from us, the email address must be provided. We will not store your name and email address in any kind of database other than our receiving email program. We will not use your name and email address to contact you in any way that is not connected with the content of your message to us and any related subsequent messages. We will not pass on your name or email address to any third party. Under GDPR, if we use your details in this way, it is within the scope of ‘explicit consent’ and the emails will be deleted within 6 months of the last communication in a related exchange of emails.
  • if you post an article in the ‘blog’ section of the website, or comment on another website visitor’s post, your name and email address is required in case the content should breach one or more laws. The name you choose to enter may be displayed to any visitor to the site and you may choose to use a pseudonym. The email address you provide will not be displayed and will be held only in a database associated with the message you post. We will not use your name and email address to contact you in any way that is not connected with the content of the post or comment. We will not pass on your name or email address to any third party. When you click the ‘SUBMIT POST’ or ‘POST COMMENT’ buttons, in terms of GDPR, you are giving ‘explicit consent’ for us to ‘process’ your name, email address and the content. Our ‘processing’ will be limited to storing the details in a database and displaying the name and the content (but not the email address) to any other visitor of the site. The name, email address and the content will be deleted after a period of 3 years following the date of the last comment to your content made by visitors to the site.
  • if you choose the option to ‘Follow us via email’, your name and email address is clearly required. When you click the ‘SUBSCRIBE ME’ button, in terms of GDPR, you are giving ‘explicit consent’ for us to ‘process’ your name and email address. Our ‘processing’ will be limited to storing the details in a ‘subscription’ database and periodically sending you an email giving details of some significant news event related to the website. We will not pass on your name or email address to any third party. The name and email address will continue to be ‘processed’ as described until such time as you inform us that you no longer wish to subscribe to this information, either by sending us a message via the ‘Contact us‘ page of this site or by clicking on the ‘Unsubscribe’ link included in each email we send you. Upon receiving your instruction, your name and email address will be deleted from the subscription database immediately.

Facebook and Twitter

If you elect to follow us on Facebook or Twitter, we will not use any information about you which may be available from those sites. We will not make any direct posts to your Facebook page, nor will we ‘tag’ you in any posts that we make to our own Facebook page.  We will not invite you to any Facebook ‘events’ nor will we message you using Facebook Messenger. You will receive only Facebook’s standard notification when we post something to our own Facebook page.

Use of cookies

The use of cookies is an essential element of this website’s operation. Cookies are pieces of information that your Internet browser, e.g. Google Chrome, Safari, Firefox, Microsoft Edge etc., stores on your computer so that we can read them every time you visit us.

This site uses some cookies to remember your preferences, your favourite stores, your recently-visited stores and your shopping lists. Other cookies are used to make your shopping experience more pleasurable. We don’t require any of your personal data, and we don’t store any of this information on our servers. Like many of today’s websites, we use Google Analytics to track the number of visitors to each of the pages on the site over periods of time. Google Analytics places 3 cookies on your computer as described in the table below. We use the information provided by Google Analytics to assess the impact and effectiveness of our promotional campaigns.

If you have any concerns, you can delete the cookies associated with this website at any time by selecting the menu option ‘etc>preferences’ and checking the box ‘Delete cookies’. The next time you visit the site, new cookies will be created which you can of course delete when you’ve finished shopping.

Your ‘explicit consent’ to our use of cookies is given when you click the OK button of the ‘Cookies, ePrivacy and GDPR’ panel displayed when you visit the site for the first time, or subsequently if you choose the option to delete cookies (the ‘consent received’ cookie is also one of those deleted).

Some other, third-party cookies are also stored as described below.

Cookie name Source Purpose
ia_ptnr this site The core code of this website is designed to be shared by multiple fundraising partners who promote the site using their own entry point URL. This cookie informs the software of the current fundraising partner. This cookie is not deleted because it is required should the visitor have bookmarked a ‘common’ page of the site, rather than its entry point URL. This ensures that going directly to the bookmarked page will not cause the site to ‘forget’ which was the last, or only, fundraising partner the visitor used, thus avoiding the site having to choose a ‘default’ fundraising partner. The cookie self-deletes 5 years after its last access.
ia_consent_<ptnr> this site Created when the visitor clicks the ‘Cookies, ePrivacy and GDPR’ panel button to consent to use of cookies and data. It holds the data when consent was given. The cookie self-deletes 5 years after its last access if not explicitly deleted by the visitor.
ia_delete_<ptnr> this site This cookie has a very short life span and is created only when the visitor selects to delete all cookies. It has a synchronising role in deleting other cookies and is set to self-delete 20 seconds after its creation.
ia_history_<ptnr> this site Holds the names of recently-visited stores in order of descending visit dates. It provides the visitor with easy access to their commonly-visited stores. The data held for each store are

  • name
  • lower rate of commission
  • upper rate of commission
  • additional description.

The last three items are maintained in the cookie for performnce reasons to avoid time-expensive server database look-ups. The cookie self-deletes 5 years after its last access if not explicitly deleted by the visitor.

ia_list_<list id>_<ptnr> this site This holds the text of an individual shopping list. The cookie is set to expire and self delete as per its entry in ia_lists_<ptnr>. Its expiry date/time is updated on each access. The cookie will be explicitly deleted if the visitor selects to delete the shopping list.
ia_lists_<ptnr> this site This stores a list of the current shopping lists. It is created when the first shopping list is created and is removed when the last shopping list is deleted. Its fields are:

  • list name
  • type of list (currently 1 – others reserved for future)
  • external location (not currently used – reserved for future use)
  • number of weeks to live after last access
  • expiry date and time (updated on each access).

The cookie self-deletes 5 years after its last access if not deleted as described above.

ia_menu_<ptnr> this site The site has the ability to dynamically change the choices in the ‘shop’ menu to present additional choices or areas of interest. It is currently set to ‘main’ and is reserved for future use. The cookie self-deletes 5 years after its last access if not explicitly deleted by the visitor.
ia_pfaves_<ptnr> this site This is similar in purpose and format to ia_history_<ptnr> except the stores are those explicitly chosen by the visitor as thir personal favourites rather than the site-maintained recent visit history. This cookie is created when the visitor adds their first store as a favourite and is deleted when the last store is deleted from personal favourites. The cookie self-deletes 5 years after its last access if not explicitly deleted as described above.
ia_prefs_<ptnr> this site Holds default or visitor-defined preferences for the appearance of the site. Fields are:

  • version number
  • research fund
  • stores displayed per page
  • number of page navigation slots
  • maximum number of recently-visited stores to remember
  • partner revenue share.

The cookie self-deletes 5 years after its last access if not explicitly deleted by the visitor.

ia_visited_<ptnr> this site Created when the visitor first visits the site (possibly after having previously deleted cookies). It holds the date of that first visit. It enables the software to present the ‘About’ page on the first visit or the ‘personal favourites’/’recently-visited’ page on subsequent visits to enable ‘single click’ access to stores. The cookie self-deletes 5 years after its last access if not explicitly deleted by the visitor.
DYNSRV TSOHost The website is hosted on a server farm operated by the UK organisation TSOHost. This cookie assists TSOHost in load balancing requests so that the server farm is able to provide the fastest possible response to web requests.
_ga,
_gat_gtag_UA_nnnnnnnnn_1,
_gid
Google Analytics Like many of today’s websites, we use Google Analytics to track the number of visitors to each of the pages on the site over periods of time. We use the information provided to assess the impact and effectiveness of any promotional campaigns. Part of the information collected by Google includes the IP address of the computer you are using, the type and version of the browser and the operating system running on the computer.

Retailers’ and intermediaries’ cookies

When we transfer you to a retailer’s website, the retailer itself will place cookies on your computer for its own internal use. These cookies are beyond the scope of our responsibility and would be placed on your computer if you visited its site directly.

As stated above in the ‘Shopping operations’ section, some of our retail partners require us, for commission accounting purposes, to transfer our visitors to their own websites via one of the intermediaries listed in that section. You momentarily and imperceptively visit the intermediaries’ sites and your computer may receive cookies from those sites to assist in their task of allocating commission payments. These intermediaries should be seen as part of the retailers’ overall systems and the onus is on each retailer to ensure that its appointed intermediary adheres to an appropriate level of privacy and security.