As at May 2021
1.4 You have various rights in respect of our use of your personal data as set out in section 11 below. Two particular rights to be aware of are that you may:
a) ask us to stop using your personal data for direct-marketing purposes. If you exercise this right, we will stop using your personal data for this purpose; and
b) ask us to consider any valid objections which you have to our use of your personal data where we process your personal data on the basis of our, or another person's, legitimate interest.
1.5 You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
2. Who We Are
2.2 We respect your right to privacy and will only process personal data about you in accordance with data protection legislation applicable in the UK.
3. What we may collect
3.1 Personal data means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
3.2 We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
- Identity and contact data – first name, last name, email address and billing/invoicing address;
- Financial and transaction data – payment card details, Services you have purchased from us and payment details;
- Profile data – password, feedback and survey responses;
- Usage and technical data – information about how you use the Website and Services, ‘log files’ (such as your internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions), ‘web beacons’, ‘tags’ and ‘pixels’ (information about how you browse the Website), operating system and platform and other technology on the devices you use to access the Website;
- Cookies data – please refer to the ‘Cookies’ section below for information about cookies and how we use them;
- Marketing and communications data – your preferences in receiving marketing from us. You may opt out of receiving any, or all, of these communications from us by contacting us;
- Information we receive from third parties - we may receive information about you if you use any of the other websites we operate or through the Services we provide. In this case we will have informed you when we collected that personal data that it may be shared internally and combined with personal data collected on our Website. We are also working closely with third parties (including, for example, business partners, suppliers, sub-contractors, advertising networks, analytics providers, and search information providers) and may receive information about you from them. For example we use Shopify to power our online store – you can read more about how Shopify uses your personal data here: https://www.shopify.com/legal/privacy; and
3.4 We do not collect any special category personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
3.5 Under data protection legislation, we will ensure that your personal data is processed lawfully, fairly, and transparently, without adversely affecting your rights. We will only process your personal data if at least one of the following legal bases applies:
a) you have given consent to the processing of your personal data for one or more specific purposes (noting that you may withdraw your consent at any time, as described below);
b) processing is necessary for the performance of a contract to which you are a party or in order to take steps at the request of you prior to entering into a contract (for example, when you are purchasing items from the Website);
c) processing is necessary for compliance with a legal obligation to which we are subject;
e) processing is necessary for the purposes of the legitimate interests pursued by us or by a third party such as to:
(i) run, grow and develop our business;
(ii) operate our Website;
(iii) select appropriately skilled and qualified suppliers;
(iv) carry out marketing, market research and business development;
(v) place, track and ensure fulfilment of orders with our suppliers; and
(vi) for internal group administrative purposes.
3.6 If we rely on our (or another person's) legitimate interests for using your personal data, we will undertake a balancing test to ensure that our (or the other person's) legitimate interests are not overridden by your fundamental rights and freedoms which require protection of the personal data.
3.7 Where we are relying on our legitimate interests to process your personal data, you are entitled, in certain circumstances described in section 1, to exercise your right of opposition to our use of your personal data. If you wish to exercise this right, please contact us via email at: email@example.com. If you exercise this right, it may affect our ability to provide the Website and our Services to you.
3.8 If we rely on your consent for us to use your personal data in a particular way, for example, to send you certain marketing communications, but you later change your mind, you may withdraw your consent by contacting us at firstname.lastname@example.org and we will stop doing so. However, if you withdraw your consent, this will impact the ability for us to be able to provide our Services to you.
4. How we may collect and use your data
4.1 We (or third party data processors, agents and sub-contractors acting on our behalf) will collect your personal data through direct interactions such as filling in forms via our Website or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you present Website content, use any of our Services, create an account on our Website, subscribe to our publications, request marketing to be sent to you, enter a promotion or give us some feedback.
4.2 We may collect, use and store your personal data for the following reasons:
a) to present Website content effectively to you, to personalise your Website experience and to allow us to deliver the type of content and product offerings in which you are most interested;
b) to administer a contest, promotion, survey or other Website feature;
c) to send marketing communications (including electronic marketing communications) to you if you have consented or if it is in our legitimate interests to contact you for marketing and business development purposes. We will always obtain your consent to direct marketing communications where we are required to do so by law and if we intend to disclose your personal information to any third party for such marketing. If you would no longer like to receive promotional e-mail from us, please contact us via our contact form. If you have not opted-in to receive e-mail newsletters, you will not receive these e-mails;
d) to communicate with you and to provide non-marketing information (including information about the personal data we hold about you) and services that you request;
e) carry out our contracts with you, including screening orders for potential risk of fraud where appropriate; and
f) provide the relevant Services to you, including telling you our charges, fulfilling orders placed on our Website, processing your payment information, arranging shipping of products and providing you with order confirmations.
4.3 We may also collect, use and store your personal data for the following additional reasons:
a) to deal with any enquiries or issues you have about how we collect, store and use your personal data, or any requests made by you for a copy of the information we hold about you. We may process your personal information for these purposes where it is in our legitimate interests for to maintain our standard of service;
b) for internal corporate reporting, business administration, ensuring adequate insurance coverage for our business, ensuring the security of our website, research and development, and to identify and implement business efficiencies. We may process your personal data for these purposes where it is in our legitimate interests to do so;
c) to comply with any procedures, laws and regulations which apply to us – this may include where we reasonably consider it is in our legitimate interests or the legitimate interests of others to comply, as well as where we are legally required to do so; and
d) to establish, exercise or defend our legal rights – this may include where we reasonably consider it is in our legitimate interests or the legitimate interests of others, as well as where we are legally required to do so.
4.4 If you don't want us to use your personal data for any of the reasons set out in this section 4, you can let us know at any time by contacting us at email@example.com, and we will delete your personal data from our systems. However, this will limit our ability to provide our Services to you.
4.5 Where the collection of personal data is a legal or contractual requirement, we will be limited in the Services we can provide you if you don't provide your personal data in these cases.
5. Where we may transfer your personal data
a) there is an adequacy decision by the United Kingdom which means that the recipient country is deemed to provide adequate protection for such personal data; or
b) where we have in place standard model contractual arrangements with the recipient which have been approved by the European Commission (or the United Kingdom in due course). These model contractual clauses include certain safeguards to protect the personal data.
6. Risks and how we keep your personal data secure
6.1 Data security is of great importance to us, and to protect your data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure data collected through our Website. We have implemented security measures such as a firewall to protect any data and maintain a high level of security. Any payments made by you will be encrypted. By giving us your personal data, you agree to this arrangement. We will do what we reasonably can to keep your data secure. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
6.2 We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
6.3 Notwithstanding the security measures that we take, it is important to remember that the transmission of data via the internet may not be completely secure and that you are advised to take suitable precautions when transmitting to us data via the internet and you take the risk that any sending of that data turns out to be not secure despite our efforts. If we give you a password upon registration on our Website, you must keep it confidential. Please don't share it.
7. How long we store your personal data
7.1 We will keep personal data for as long as is necessary which is usually the duration of our relationship with you and for a period after our relationship has ended or, if earlier and if applicable, 5 years after the your last purchase. We may however be required to retain personal data for a longer period of time to ensure we comply with our legislative and regulatory requirements. We review our data retention obligations to ensure we are not retaining data for longer than we are legally obliged to.
8. Disclosing your information
8.1 We are allowed to share your personal data in the following cases:
8.1.1 if we sell or buy any business or assets, we may disclose your personal information to the prospective seller or buyer of such business or assets or, if substantially all of our or any of our affiliates' assets are acquired by a third party, personal data held by us will be one of the transferred assets;
8.1.2 to any company that is a member of our corporate group where it is in our legitimate interests to do so for internal administrative purposes (for example, ensuring consistent and coherent delivery of services to our care recipients, corporate strategy and auditing purposes). We may also share your personal data with our group where they provide products and services to us, such as shared information technology systems;
8.1.3 if we have a legal obligation to do so, or in order to protect other people's property, safety or rights;
8.1.4 in order to protect against fraud or credit risks, or the rights, property, or safety of us, our staff, our customers or other persons; or
8.1.5 to our third parties service providers and sub-contractors, including our payment processing providers, our suppliers of technical and support services, our insurers, our logistics providers and our cloud service providers, search engine facilities, our advertising and marketing suppliers. In some cases, the third parties may require access to some or all of your data.
10.1 You must be aged 18 or over to purchase products or services from us. Our website and services are not directed at children and we do not knowingly collect any personal data from children.
10.2 If you are a child and we learn that we have inadvertently obtained personal data from you from our websites, or from any other source, then we will delete that information as soon as possible.
11. Your rights
11.1 You have the following rights in relation to your personal data:
- Right of access. You have the right to ask us to provide you with copies of personal data that we hold about you and further details of how we use it and look after it as well as confirmation as to whether your personal data is being used by us.
- Right to update your information. You have the right to ask us to update and correct any out-of-date or incorrect personal data that we hold about you free of charge.
- Right to delete your information. In certain cases, you have the right to request us to delete or destroy any personal data we hold about you.
- Right to restrict use of your information: You have a right to ask us to restrict the way that we process your personal data in certain specific circumstances. You can ask us for further information on these specific circumstances by contacting us using the contact details in section 11.2 below.
- Right to data portability: You have a right to ask us to provide your personal data to a third party provider of services. This right only applies where we use your personal data on the basis of your consent or performance of a contract; and where our use of your information is carried out by automated means.
- Right to object. You have a right to ask us to consider any valid objections which you have to our use of your personal data where we process your personal data on the basis of our or another person's legitimate interest as described in section 1.
- Right to stop marketing. You have the right to opt out of any direct marketing communications we may send you. If you exercise this right, we will stop using your personal data for this purpose. We will always inform you (before collecting your personal data) if we intend to use your personal data for such purposes or if we intend to disclose your personal data to any third party for such purposes.
11.2 To exercise any of the foregoing rights please contact us at firstname.lastname@example.org. We may need to request additional information to confirm your identity before providing a full response to any request you make. If you exercise certain of your rights, it may affect our ability to provide the Website and our Services to you.
11.3 We will consider all such requests to exercise your rights, and provide our response, within a reasonable timeframe (and, in any event, any timeframe required by law). Please note, however, that certain personal data may be exempt from such requests in certain circumstances, as prescribed by law. If an exception applies, we will tell you this when responding to your request.
12. Contacting us
12.1 For more information or questions about our privacy practices or if you would like to make a complaint to us (noting that you may also make a complaint to the ICO, please see section 1.5 above for more detail), please contact us by email on email@example.com or click on the ‘Go To Advise Email’ on our Website.