This Privacy Notice explains in detail when and why we collect personal information on our website. It also explains how we store and process that data, the conditions under which we may disclose it, as well as how we will keep it safe and secure. It will also inform you about your rights surrounding your data.
We keep our privacy policies under regular review, so this Privacy Notice may change occasionally. This Privacy Notice was last updated in May 2018.
Who We Are
We are Blends For Friends Ltd., and our website address is https://www.blendsforfriends.com. Blends For Friends Ltd. is registered company in England and Wales.
Registration Number: 05575130
Registered Office Address: Charles and Company Accountancy Limited, The Cottage, 2 Castlefield Road, Reigate, England, RH2 0SH
If you have questions or queries surrounding this Privacy Notice or your data, or wish to make any requests based on your rights outlined in this Privacy Notice, please do not hesitate to get in touch through the following channels:
|Postal Address||Administration Department
Blends For Friends Ltd.
The Barn, Coney Shaw Farm
Kemsing Road, Kemsing
|Telephone||+44 (0)1732 760808|
What Personal Data We Collect and Why We Collect It
When Placing an Order
Information provided to us when placing an order is explicitly identified and will include your name, e-mail address, phone number and a postal address for delivery. We also ask for information in order to generate the order, such as details on the intended recipient of the order.
We collect this information in order to process the order(s) you have submitted, and for this purpose only. We will never use your information to contact you about anything unrelated to processing your order(s), nor will we use your information for any form of marketing or profiling.
When placing an order with us, payment will be made through our third party payment processors, or we will collect your payment information. For details on our third party payment processors, please see the section below (Who We Share Your Data With).
If a card is used with us in making a payment this information will be retained and used only for the duration of the transaction, it will then be immediately destroyed/deleted in a secure manner. We cannot accept card details in an unencrypted format. We are PCI DSS compliant.
This site uses Google Analytics to collect data on how users interact with our site. This data provides us with an insight into how people are engaging with our site, by providing statistics on metrics such as visitor numbers and our most popular pages. We use this data to continue to improve the user experience on our site. All data stored by Google Analytics is completely anonymous and contains no personally identifiable information, and is only used for the purposes stated above.
Embedded Content From Other Websites
The Legal Bases We Rely On
Data protection legislation sets the lawful bases that are available for the legitimate processing of personal data. We use the following as lawful bases to process your data:
In most circumstances, we would need your personal data to comply with contractual obligations. For example, if you make a purchase through our website, we will capture your address and pass this information on to our courier to arrange delivery.
In specific circumstances, we will use your data to pursue our legitimate interests in ways which would be reasonably expected as part of our business, but in a way that protects your rights and interests. For example, we will store your name, e-mail address, and previous order details, should you wish to reorder again in the future.
We also in most circumstances ask for your consent. This is usually to check that you consent for us to have the personal data you are sharing with us, and are happy for us to process it for the specific purposes outlined in this Privacy Notice.
How Long We Retain Your Data
Whenever you give us any personal data, we will only keep it for as long as it is necessary, in line with the purpose for which it was collected.
We keep the name and e-mail address of our customers for 3 years, so that we can comply with our legal and contractual obligations. All other information will be kept for a maximum of 3 months.
Once data has reached its retention period, it will be either securely deleted and destroyed, or it would be completely anonymised and aggregated with other data so that it can be used for non-targeted and non-identifiable statistics and business planning (for example, for use in sales figures).
Who We Share Your Data With
Apart from with our third-party payment processors, we will never sell on or transmit your personal data to any other third party for any reason unless otherwise required by law.
Third-Party Payment Processors
If your purchase a product from us online, payment will be made through our third party payment processors. During the checkout process, you will be redirected to these third-party processors:
- Mal’s eCommerce (Privacy Notice: https://www.mals-e.com/privacy.php)
- PayPal (Privacy Notice: https://www.paypal.com/uk/webapps/mpp/ua/privacy-prev)
Where We Send Your Data
All the personal data that you provide to us and which is processed by us, is done so inside the European Union (“EU”). We will not transfer, store or process any of this data outside of the EU for any reason unless otherwise required by law.
The personal data that you provide to our third-party payment processors may be stored or processed outside of the European Union, please see their privacy policies for more details (see Who We Share Your Data With).
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data.
- The right to request a copy of your personal data which Blends For Friends holds about you.
- The right to request that Blends For Friends corrects any personal data if it is found to be inaccurate, incomplete or out of date.
- The right to request your personal data is erased where it is no longer necessary for Blends For Friends to retain such data.
- The right to withdraw your consent to the processing of your data at any time.
- The right to receive personal data you have provided to us in a structured, commonly used and machine readable format, and where possible, the right to request that we transmit this data directly to another data controller.
- The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing.
- The right to lodge a complaint with a supervisory authority (for the UK, this is the Information Commissioners Office).
You can contact us to request to exercise these rights at any time by contacting us through the channels outlined above (Who We Are). We will respond to all requests within one month, and we will not charge a fee to deal with the request. If we choose not to action your request we will explain to you the reasons for our refusal.
Lodging a Complaint with the Supervisory Authority
If you are unhappy with our response to any requests made to us based on the rights outlined above, or you feel your personal data has been handled incorrectly, you have the right to lodge a complaint with the Information Commissioner’s Office.
Telephone: 0303 123 1113
How We Protect Your Data
When you provide us with any personal information, we will take all appropriate steps to protect it, making sure it is as secure as possible, both in transit, and when we store it on-going.
Through our third-party payment providers, all transactional areas of the website are secured using ‘https’ technology, and any sensitive information is encrypted during transit (using 128 bit AES encryption). When you are on a secure page, a padlock icon will appear to the left of the URL in the address bar.
We are continually looking to find new ways to further strengthen the security of our site, and are constantly monitoring and updating our website to ensure that it is fully protected against possible vulnerabilities and threats. We are also continually reviewing and updating our own internal personal data handling polices, to make sure your personal data is processed and stored as securely as possible.
Users Aged 16 or Under
If you are aged 16 or under please request your parent/guardian’s permission beforehand whenever you provide us with personal information.