Introduction
This Privacy Notice explains in detail when and why we collect personal information on our website. It also explains how we store and process that data, the conditions under which we may disclose it, as well as how we will keep it safe and secure. It will also inform you about your rights surrounding your data.
We keep our privacy policies under regular review, so this Privacy Notice may change occasionally. This Privacy Notice was last updated in May 2018.
Who We Are
We are Blends For Friends Ltd., and our website address is https://www.blendsforfriends.com. Blends For Friends Ltd. is registered company in England and Wales.
Registration Number: 05575130
Registered Office Address: Charles and Company Accountancy Limited, The Cottage, 2 Castlefield Road, Reigate, England, RH2 0SH
If you have questions or queries surrounding this Privacy Notice or your data, or wish to make any requests based on your rights outlined in this Privacy Notice, please do not hesitate to get in touch through the following channels:
| E-Mail Address | admin@blendsforfriends.com |
| Postal Address | Administration Department Blends For Friends Ltd. The Barn, Coney Shaw Farm Kemsing Road, Kemsing Kent TN15 6NN United Kingdom |
| Telephone | +44 (0)1732 760808 |
What Personal Data We Collect and Why We Collect It
When Placing an Order
Information provided to us when placing an order is explicitly identified and will include your name, e-mail address, phone number and a postal address for delivery. We also ask for information in order to generate the order, such as details on the intended recipient of the order.
We collect this information in order to process the order(s) you have submitted, and for this purpose only. We will never use your information to contact you about anything unrelated to processing your order(s), nor will we use your information for any form of marketing or profiling.
Payments
When placing an order with us, payment will be made through our third party payment processors, or we will collect your payment information. For details on our third party payment processors, please see the section below (Who We Share Your Data With).
If a card is used with us in making a payment this information will be retained and used only for the duration of the transaction, it will then be immediately destroyed/deleted in a secure manner. We cannot accept card details in an unencrypted format. We are PCI DSS compliant.
Analytics
This site uses Google Analytics to collect data on how users interact with our site. This data provides us with an insight into how people are engaging with our site, by providing statistics on metrics such as visitor numbers and our most popular pages. We use this data to continue to improve the user experience on our site. All data stored by Google Analytics is completely anonymous and contains no personally identifiable information, and is only used for the purposes stated above.
The names of the Google Analytics cookies employed on our website, along with details on how to opt-out, can be found in our Cookie Policy.
Google’s Privacy Policy can be found here: https://policies.google.com/privacy
Embedded Content From Other Websites
This site may include embedded content (e.g. videos, images, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.
For further details, please see our Cookie Policy, where we outline the possible third-party cookies you may encounter when interacting with our website, along with details about how you can control these cookies.
The Legal Bases We Rely On
Data protection legislation sets the lawful bases that are available for the legitimate processing of personal data. We use the following as lawful bases to process your data:
Contractual Obligations
In most circumstances, we would need your personal data to comply with contractual obligations. For example, if you make a purchase through our website, we will capture your address and pass this information on to our courier to arrange delivery.
Legitimate Interest
In specific circumstances, we will use your data to pursue our legitimate interests in ways which would be reasonably expected as part of our business, but in a way that protects your rights and interests. For example, we will store your name, e-mail address, and previous order details, should you wish to reorder again in the future.
Consent
We also in most circumstances ask for your consent. This is usually to check that you consent for us to have the personal data you are sharing with us, and are happy for us to process it for the specific purposes outlined in this Privacy Notice.
How Long We Retain Your Data
Whenever you give us any personal data, we will only keep it for as long as it is necessary, in line with the purpose for which it was collected.
We keep the name and e-mail address of our customers for 3 years, so that we can comply with our legal and contractual obligations. All other information will be kept for a maximum of 3 months.
Once data has reached its retention period, it will be either securely deleted and destroyed, or it would be completely anonymised and aggregated with other data so that it can be used for non-targeted and non-identifiable statistics and business planning (for example, for use in sales figures).
Who We Share Your Data With
Apart from with our third-party payment processors, we will never sell on or transmit your personal data to any other third party for any reason unless otherwise required by law.
Third-Party Payment Processors
If your purchase a product from us online, payment will be made through our third party payment processors. During the checkout process, you will be redirected to these third-party processors:
- Mal’s eCommerce (Privacy Notice: https://www.mals-e.com/privacy.php)
- PayPal (Privacy Notice: https://www.paypal.com/uk/webapps/mpp/ua/privacy-prev)
All PayPal transactions are subject to the PayPal Privacy Policy. If you make a payment via our third party payment processors, whilst we will have access to some of the data you provide them, we do not hold the information ourselves, but it is held by these specified processors who have specialised systems and methods for secure online capture and processing of credit and debit card transactions. If you have any questions regarding the security of transactions through our site, please contact us.
Where We Send Your Data
All the personal data that you provide to us and which is processed by us, is done so inside the European Union (“EU”). We will not transfer, store or process any of this data outside of the EU for any reason unless otherwise required by law.
The personal data that you provide to our third-party payment processors may be stored or processed outside of the European Union, please see their privacy policies for more details (see Who We Share Your Data With).
Your Rights
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data.
- The right to request a copy of your personal data which Blends For Friends holds about you.
- The right to request that Blends For Friends corrects any personal data if it is found to be inaccurate, incomplete or out of date.
- The right to request your personal data is erased where it is no longer necessary for Blends For Friends to retain such data.
- The right to withdraw your consent to the processing of your data at any time.
- The right to receive personal data you have provided to us in a structured, commonly used and machine readable format, and where possible, the right to request that we transmit this data directly to another data controller.
- The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing.
- The right to lodge a complaint with a supervisory authority (for the UK, this is the Information Commissioners Office).
You can contact us to request to exercise these rights at any time by contacting us through the channels outlined above (Who We Are). We will respond to all requests within one month, and we will not charge a fee to deal with the request. If we choose not to action your request we will explain to you the reasons for our refusal.
Lodging a Complaint with the Supervisory Authority
If you are unhappy with our response to any requests made to us based on the rights outlined above, or you feel your personal data has been handled incorrectly, you have the right to lodge a complaint with the Information Commissioner’s Office.
Telephone: 0303 123 1113
Website: https://ico.org.uk/concerns/
How We Protect Your Data
When you provide us with any personal information, we will take all appropriate steps to protect it, making sure it is as secure as possible, both in transit, and when we store it on-going.
Through our third-party payment providers, all transactional areas of the website are secured using ‘https’ technology, and any sensitive information is encrypted during transit (using 128 bit AES encryption). When you are on a secure page, a padlock icon will appear to the left of the URL in the address bar.
We are continually looking to find new ways to further strengthen the security of our site, and are constantly monitoring and updating our website to ensure that it is fully protected against possible vulnerabilities and threats. We are also continually reviewing and updating our own internal personal data handling polices, to make sure your personal data is processed and stored as securely as possible.
Users Aged 16 or Under
If you are aged 16 or under please request your parent/guardian’s permission beforehand whenever you provide us with personal information.