The purpose of this statement is to set out how we use personal information we may obtain about you. By registering as a user of the services provided by BlissHome and by using the Nadiya Hussain Shopify website generally, you agree to this use.
- DATA WE COLLECT
We only collect data which is necessary for its purpose for example the information you provide when making an order. Data we collect includes:
- Personal details when registering for an account:
- Required: email address
- Optional: name, address, phone number
- Date registered and date of last visit
- Personal details when you place an order:
- Contact details: name, email address, phone number
- Order location, delivery address, billing address (if different)
- Order device e.g. desktop/mobile/tablet
- Payment method e.g. PayPal or Credit/Debit Card - this information is required so that refunds can be processed (payment information will not be stored. See section 7 for further information on payment security);
- Contact information and preferences when you register your interest in our marketing communication;
- Information about your browser, device and the path you take through our website when you visit;
- IP address for the prevention and detection of fraud;
- Payment information when you place an order (payment information will not be stored. See section 7 for further information on payment security).
- HOW WE USE YOUR INFORMATION
We only ever use your personal information for the reason it was collected, either with your consent, to perform a contract with you, or where we have a legitimate interest (where our interests do not override yours) to do so. For example:
- To register you with an account on our website;
- To fulfil an order and to deliver your goods;
- For assessment and analysis (e.g. market, customer and product analysis) to enable us to review, develop and improve the services we offer and to provide you and other customers with relevant information through our marketing programme;
- For the prevention and detection of fraud;
- Where you allow us to do so, we will inform you by email about products and services that we consider may be of interest to you;
- To administer any prize draws or competitions you may enter.
- LEGAL BASIS FOR PROCESSING
Where we’ve collected your data in relation to an account sign up, the information we process will be based on the legitimate interest we have in administering that account to enable you to safely access your order history and the personal details you’ve provided us with.
Where data has been collected in relation to an order, it will be processed by necessity of entering into a contract whereby the payment you provide requires us to fulfil your order request, in which case we will only collect data which is necessary to fulfil and deliver your order.
Where data has been collected in relation to marketing, we rely on your consent. See section 4 for a more detailed explanation of how we process data for marketing.
If you have indicated that you’d like to be contacted for direct marketing purposes we rely solely on your consent. We review consent frequently and seek to refresh consent periodically as we see appropriate. We will never use other methods of direct marketing without your consent.
Data collected in line with your marketing preferences, like name and email address will only be used to personalise your communications. We will hold this data until you request to withdraw.
You have the right to withdraw your consent to receive direct mail communications at any time. This may be done by using the unsubscribe link provided in electronic communications, visiting your account preference centre, by sending an email to email@example.com or by contacting Customer Services on 01789 4000 77.
- WHO WE SHARE YOUR INFORMATION WITH
We will never sell your personal data. We may share information about you to the following, who may use it for the same purposes as set in section 1 of this policy:
- Employees of BlissHome to administer any accounts, products and services provided to you by BlissHome now or in the future;
- Anyone to whom we transfer or may transfer our rights and duties under our agreement with you, in particular order fulfilment, and payment service providers;
- Data processors, such as our Customer Relationship Management platforms and data analytics tools. Should you need any further information please contact us at firstname.lastname@example.org
- We may also share your information if we have a duty to do so or if the law allows us to do so.
We may use some aspects of the personal data we collect in an automated decision-making process called ‘profiling’. We use this type of processing to help us understand our customers and to provide them with a better experience within the Nadiya Hussain Shopify environment.
We analyse sets of data to determine common patterns in behaviour which allows us to provide you with a more personalised, individual experience on our website, in our digital advertising and in our electronic marketing communications. For example, if we recognise that you browse several products with a common feature over a period of time, we are able to recommend similar products that you may also be interested in.
You have a right to object to this kind of processing. Further details of your rights can be found in section 9 of this policy.
We do not use automated decision-making techniques that produce a significant or legal effect on you, unless we have a lawful basis for doing so. If this changes in the future, we will not carry out this kind of profiling without first obtaining your consent.
Data security is very important to us and is at the centre of our business culture and practices. We take all reasonable steps to protect your personal details against abuse both in the setup of our technology systems and in our staff procedures.
We process and store data digitally within secured databases. Staff who are handling personal must abide by a strict code of conduct for data-management.
We comply with the Payment Card Industry (PCI) and Data Security Standard (DSS) and will never store your card details. All credit card details relating to transactions are passed securely to our payment provider, Lloyds Cardnet.
On our website, we use the Secure Sockets Layer (SSL) protocol to encrypt the data between your browser and our servers to ensure the security of your details.
We cannot guarantee the security of any data you disclose online. You accept the inherent security risks of providing information and dealing online and will not hold us responsible for any breach of security unless this is due to our negligence or wilful default.
In line with our data security strategy, we have robust protocol in place which would be deployed in the unlikely event of a major security breach. The breach management plan primarily endeavours to minimise the impact on our customers. It encompasses notifying the relevant parties, including the Information Commissioner’s Office and the affected customers where necessary.
We store data digitally in the UK. Some of our partners (Google, Shopify, PayPal) may transfer personal data outside of the EEA where we have sufficient evidence that the data is adequately protected and is processed in a manor compliant with the European Union’s General Data Protection Regulation.
Information will be stored in accordance with the recommended time to address breach of contract claims and accounting purposes, which stands at seven years from the date your order was delivered.
Data collected for electronic marketing purposes will be stored until you request to withdraw. You have the right to withdraw your consent to receive direct mail communications at any time. This may be done by using the unsubscribe link provided in electronic communications, visiting your account preference centre, by sending an email to email@example.com or by contacting Customer Services.
We regularly review the data we hold and erase what is no longer needed for the original intended purpose or for legal obligations.
- YOUR RIGHTS
The General Data Protection Regulation set out by the European Union sets out stringent policies on how companies may use your data. These are designed to give you the utmost control of your personal data. Your rights are described below:
- The right to access all the personal data we hold on you and to receive a copy of that data without the obligation to pay a fee;
- The right to the rectification of any inaccurate personal data we are processing, and have any incomplete set of data completed;
- The right to have your data erased from our system in some circumstances such as it’s no longer necessary for the purpose for which it was collected;
- The right to restrict the processing of your personal data if it is incorrect or no longer needed;
- The right to object to the processing of your personal data for direct marketing purposes or profiling;
- The right to withdraw your consent from electronic marketing;
- The right to transmit the personal data you have provided us with to another service provider;
- The right to be forgotten.
If you wish to edit your data this may be done at any time:
- If you have an account with us you can access your data by logging into your account and changing any information stored about you within the Personal Information centre.
- Information such as your IP address and the last time you logged in is not viewable in your account but is stored in our Customer Management System. You can request to see this at any time by contacting us (see end of section on how to contact us).
- If you have used Guest Checkout you will not be able to access your data via an account on our website. If you wish to change or see your data please contact us (see end of section on how to contact us).
- Data stored within a customer’s order remains unchanged if you change personal information with your account after placing an order. This can be changed for all customers upon request by contacting us.
If you wish to be forgotten, this may be done at any time, find out more about the process here: Right To Be Forgotten.
- To access your personal data or request to be forgotten we will require one of the following forms of ID: passport, driving licence, birth certificate, utility bill (from last 3 months);
- This information will be deleted as soon as your request has been verified;
- If you exercise your rights your data will be deleted within 30 days;
- Please be aware, that your details will still remain on any orders you have placed due to VAT regulations. By law VAT records must be kept for seven years from the date your order was delivered.
If you would like to exercise your rights, or to find out more, please email firstname.lastname@example.org or contact Customer Services on 01789 4000 77.
Where you request the erasure of your data, we retain the right to continue processing it in some cases, such as for fraud detection, for statistical purposes, or to suppress the data from being used again, accounting purposes which stands at seven years from the date your order was delivered. Where one of these situations apply, we will only retain the absolute minimum amount of data and the record will be purged of any personal identifiers where possible.
We take the utmost care in handling personal data, but if you feel a high standard of security has not been met, you have the right to raise a complaint with the Information Commissioner’s Office by visiting https://ico.org.uk/concerns/.
- CHANGES TO THIS POLICY
We will regularly review this Privacy Notice, updating it when necessary to reflect changes in the law or otherwise. Future changes will be posted on this page and you will be notified of any significant amendments by email. The Privacy Notice was last updated in October 2018.
We are registered with the ICO as a Data Controller with the following details:
Arden Forest Estate
ICO registration number: ZA065450