This privacy statement was last changed on , last checked on , and applies to citizens and legal permanent residents of Canada.

In this privacy statement, we explain what we do with the data we obtain about you via https://12boxes.com. We recommend you carefully read this statement. In our processing we comply with the requirements of privacy legislation. That means, among other things, that:

  • we clearly state the purposes for which we process personal data. We do this by means of this privacy statement;
  • we aim to limit our collection of personal data to only the personal data required for legitimate purposes;
  • we first request your explicit consent to process your personal data in cases requiring your consent;
  • we take appropriate security measures to protect your personal data and also require this from parties that process personal data on our behalf;
  • we respect your right to access your personal data or have it corrected or deleted, at your request.

If you have any questions, or want to know exactly what data we keep of you, please contact us.

1. Purpose and categories of data

We may collect or receive personal information for a number of purposes connected with our business operations which may include the following: (click to expand)

1.1 Contact - Through phone, mail, email and/or webforms

The following categories of data are collected

  • A first and last name
  • Account name or alias
  • A home or other physical address, including street name and name of a city or town
  • An email address
  • A telephone number
  • Internet activity information, including, but not limited to, browsing history, search history, and information regarding a consumer's interaction with an Internet Web site, application, or advertisement
  • Geolocation data

Retention period

We retain this data upon termination of the service for the following number of months: 24 months

1.2 Payments

The following categories of data are collected

  • A first and last name
  • A home or other physical address, including street name and name of a city or town
  • An email address

Retention period

We determine the retention period according to fixed objective criteria: We do not retain financial data ourselves. We only need to retain this information when there are recurring payments for membership etc.

1.3 Newsletters

The following categories of data are collected

  • A first and last name
  • A home or other physical address, including street name and name of a city or town
  • An email address

Retention period

Upon termination of the service we retain this data for the following period: 24 months from last confirmation of interest.

1.4 To support services or products that a customer wants to buy or has purchased

The following categories of data are collected

  • A first and last name
  • Account name or alias
  • A home or other physical address, including street name and name of a city or town
  • An email address
  • A telephone number
  • Internet activity information, including, but not limited to, browsing history, search history, and information regarding a consumer's interaction with an Internet Web site, application, or advertisement
  • Marital status

Retention period

We retain this data upon termination of the service for the following number of months: 36

1.5 To be able to offer personalised products and services

The following categories of data are collected

  • A first and last name
  • Account name or alias
  • A home or other physical address, including street name and name of a city or town
  • An email address
  • A telephone number
  • Internet activity information, including, but not limited to, browsing history, search history, and information regarding a consumer's interaction with an Internet Web site, application, or advertisement

Retention period

We retain this data upon termination of the service for the following number of months: 36 months

1.6 To sell or share data with a third party

The following categories of data are collected

  • IP Address

Retention period

We retain this data upon termination of the service for the following number of months: 3 months

2. Sharing with other parties

We only share or disclose this data to other recipients for the following purposes:

Purpose of the data transfer: To enable us to deliver appropriate communications to people who have opted in to free or paid services on our website and indicated interest in our services.
Country or state in which this service provider is located: United States of America

3. Disclosure practices

We disclose personal information if we are required by law or by a court order, in response to a law enforcement agency, to the extent permitted under other provisions of law, to provide information, or for an investigation on a matter related to public safety.

If our website or organisation is taken over, sold, or involved in a merger or acquisition, your details may be disclosed to our advisers and any prospective purchasers and will be passed on to the new owners.

4. How we respond to Do Not Track signals & Global Privacy Control

Our website responds to and supports the Do Not Track (DNT) header request field. If you turn DNT on in your browser, those preferences are communicated to us in the HTTP request header, and we will not track your browsing behavior.

5. Cookies

Our website uses cookies. For more information about cookies, please refer to our Cookie Policy on our Cookie Policy (CA) webpage. 

6. Security

We are committed to the security of personal data. We take appropriate security measures to limit abuse of and unauthorised access to personal data. This ensures that only the necessary persons have access to your data, that access to the data is protected, and that our security measures are regularly reviewed.

7. Third party websites

This privacy statement does not apply to third party websites connected by links on our website. We cannot guarantee that these third parties handle your personal data in a reliable or secure manner. We recommend you read the privacy statements of these websites prior to making use of these websites.

8. Amendments to this privacy statement

We reserve the right to make amendments to this privacy statement. It is recommended that you consult this privacy statement regularly in order to be aware of any changes. In addition, we will actively inform you wherever possible.

9. Accessing and modifying your data

If you have any questions or want to know which personal data we have about you, please contact us. Please make sure to always clearly state who you are, so that we can be certain that we do not modify or delete any data of the wrong person. We shall provide the requested information only upon receipt of a verifiable consumer request. You can contact us by using the information below.

9.1 You have the following rights with respect to your personal data

  1. You may submit a request for access to the data we process about you.
  2. You may request an overview, in a commonly used format, of the data we process about you.
  3. You may request correction or deletion of the data if it is incorrect or not or no longer relevant. Where appropriate, the amended information shall be transmitted to third parties having access to the information in question.
  4. You have the right to withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. You will be informed of the implications of such withdrawal.
  5. You have the right to address a challenge concerning non-compliance with PIPEDA to our organisation and, if the issue is not resolved, to the Office of the Privacy Commissioner of Canada.
  6. We shall give access to personal information in an alternative format to an individual with a sensory disability who has a right of access to personal information under PIPEDA and who requests that it be transmitted in the alternative format if (a) a version of the information already exists in that format; or (b) its conversion into that format is reasonable and necessary in order for the individual to be able to exercise rights.

10. Children

Our website is not designed to attract children and it is not our intent to collect personal data from children under the age of consent in their country of residence. We therefore request that children under the age of consent do not submit any personal data to us.

11. Contact details

12boxes Ltd
27 Old Gloucester Street, London, WC1N 3AX
United Kingdom
Website: https://12boxes.com
Email: privacy@12boxes.com
Toll free phone number: +1 866 282 4826
Phone number: +44 20 7100 1528

We have appointed a contact person for the organisation's policies and practices and to whom complaints or inquiries can be forwarded:
Malcolm Sleath
12boxes Limited
27 Old Gloucester Street
London WC1N 3AX
United Kingdom

Annex

Really Simple SSL

Really Simple SSL and Really Simple SSL add-ons do not process any personal identifiable information, so the GDPR does not apply to these plugins or usage of these plugins on this website. You can find our privacy policy here.

Akismet

The Akismet anti-spam service is installed on our site, but we do not currently enable comments.

BackupBuddy

What personal data we collect and why we collect it

Backups

Per the functionality of this plugin, backups of your website files and/or database are created and stored locally on your server and/or remotely on 3rd party servers based on the settings of this plugin. Archives can include, but are not limited to, file and database assets, including hashed passwords, 3rd party data, uploads and user information. These backups are stored to provide critical functionality of this plugin.

Cookies

Cookies are used to handle importing and restoring backups.

Plugin Settings

Some plugin settings ask for an email address or login credentials to 3rd party services. This is stored to provide functional features to the plugin.

Recent Activity

This plugin tracks dates, times and actions of successful and unsuccessful backups and remote data transfers. This is stored to help make the plugin better and assist with troubleshooting problems.

Logging

This plugin logs some personal information such as email addresses, usernames, database and server information. This is stored to help make the plugin better and assist with troubleshooting problems.

How long we retain your data

Backups

Backup retention is completely up to the website owner. This can vary from less than one minute to indefinitely.

Cookies

Cookies used during the restore/import process expire after 24 hours.

Plugin Settings

Settings are retained indefinitely until they are changed or removed manually.

Where we send your data

Backups

Backups are not automatically sent to remote destinations automatically, however backups can be configured to be sent to third-party servers.

How we protect your data

Backups

Backup zip files are stored with hashed file names to prevent filename guessing and directory browsing is disabled.

What third parties we receive data from

Backup Destinations

Backups can be sent to third-party destination servers, including but not limited to: Links to third party privacy policies have been included.

iThemes Sync

Where we send your data

Suggested text: This web site uses a third party service to manage administrative tasks. If you leave a comment, submit personal information via a contact form, or otherwise exchange personal details with us, it is possible that we may use this service to manage that data. Please visit the iThemes Privacy Policy for more information regarding the way they handle their data.