The privacy and security of personal information we hold about you is extremely important to us.
Who are ‘we’?
In this policy the words ‘we’, ‘us’ and ‘our’ relate to Wild Bloom Box.
What is your personal data?
‘Personal data’ is any information about a living individual which allows them to be identified from that data (for example a name, photographs, videos, email address, or home / business address). The processing of personal data is governed by legislation, including the General Data Protection Regulation (GDPR) and other legislation, relating to personal data and rights, such as the Human Rights Act.
How do we collect information about you?
We obtain information from you if you make contact with the Wild Bloom Box website for enquiries or for business purposes. When you contact us the information you provide, which may include your name, email address, phone number or home address will be processed and stored so we can respond to your correspondence. This information will not be shared with third parties.
What are we doing with your data?
We will not share your data with any other parties
We will process some or all of the following personal data where necessary to perform our tasks:
- Contact details such as telephone numbers, addresses and email addresses.
- Where you pay for products we may process and store financial identifiers such as bank account numbers, payment card numbers, payment transaction identifiers.
How long will we hold your data?
We will keep some records permanently if we are legally required to do so. Plus where it is considered best practice, we may keep some other records for an extended period of time (.e.g. financial records for a minimum period of eight years to support HMRC audits or provide tax information). We are permitted to retain data in order to defend or pursue claims. In some cases the law imposes a time limit for such claims (for example three years for personal injury claims or six years for contract claims). We will retain some personal data for this purpose as long as we believe it is necessary to be able to defend or pursue a claim. In general, we will endeavour to keep data only for as long as we need it. This means that we will delete it when it is no longer needed.
Some personal data will only be held for as long as is necessary to complete the relevant activity or response, or for as long as is set out in any relevant contract that you hold with us.
What are the requirements for the personal data that we hold about you?
GDPR states the information must be:
- Used lawfully, fairly and in a transparent way.
- Collected only for valid purposes we have clearly explained to you and not used in any way that is incompatible with those purposes.
- Relevant to the purposes we have told you about and limited only to those purposes.
- Accurate and kept up to date.
- Kept only as long as necessary for the purposes we have told you about.
- Kept and destroyed securely including ensuring that appropriate technical and security measures are in place to protect your personal data to protect personal data from loss, misuse, unauthorised access and disclosure.
For what purposes are we using or holding your personal data?
- To understand your needs and to provide the services you request .
- To confirm your identity.
- To contact you by post, email or telephone .
- To help us to build up a picture of how we are performing.
- To maintain our own accounts and records.
- To seek your views, opinions or comments.
- To notify you of changes to our facilities and services.
- To send you communications which you have requested .
- To process relevant financial transactions.
- To allow the statistical analysis of data
What is our legal basis for processing your personal data?
We may process personal data if it is necessary for the performance of a contract with you, or to take steps to enter into a contract.
Your rights and your personal data
You have a number of rights with respect to your personal data. When exercising any of the rights listed below, in order to process your request, we may need to verify your identity for your security. In such cases we will need you to respond with proof of your identity before you can exercise these rights.
- The right to access personal data we hold on you
At any point you can contact us to request the personal data we hold on you
- The right to correct and update the personal data we hold on you
If the data we hold on you is out of date, incomplete or incorrect, you can inform us and your data will be updated.
- The right to have your personal data erased
If you feel we should no longer be using your personal data or we are unlawfully using your personal data, you can request we erase the personal data we hold.
When we receive your request, we will confirm whether the personal data has been deleted.
- The right to withdraw your consent to the processing at any time for any processing of data to which consent was obtained
You can withdraw your consent easily by telephone or email.