We, Bloom & Nora (“Bloom & Nora”, “we”, “us”, “our”) are committed to protecting and respecting the privacy of everyone who visits our website, www.bloomandnora.com (the “website”). We will only collect and use personal data in ways that are described here and in a manner that is consistent with our obligations and your rights under the law.
In this Policy, when we refer to "you", we are referring to you, as the person or entity accessing, viewing and/or using the website.
WHO WE ARE AND HOW TO CONTACT US
Where Tots Bots collects and processes your personal data, it is the controller for the purposes of data protection laws including the General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”) and the Data Protection 2018 (“the Act”) and / or any applicable legislation adopted by the United Kingdom post the United Kingdom ceasing to be a Member State of the European Union (“Data Protection Legislation”).
If you need to contact us for any reason regarding this Policy, including the collection and / or use of your personal data, or as otherwise indicated in any section of this Policy, our contact details are:
- Tots Bots Limited, Unit 2, 259 Summerlee Street, Queenslie Industrial Estate, Glasgow G33 4DB;
- or help@bloomandnoracom
If you are unhappy with how we handle your personal information you can:
- submit a complaint in writing for the attention of the Customer Service Department, Tots Bots Limited, Unit 2, 259 Summerlee Street, Queenslie Industrial Estate, Glasgow G33 4DB or by email to firstname.lastname@example.org; and/or
- notify the Information Commissioner’s Office (ICO) by calling their helpline on: 0303 123 1113.
1)What PERSONAL Information WE collect about you?
Personal information is information that can be used to identify or contact a specific individual, such as a name, address, telephone number or email address.
We may collect and process the following information about you when you use the website or contact us via the website, or by email or phone:
Method of collection
Point of collection of information
Information which is given by you
When you register an account via the website
Name, address, telephone number, email address, password, delivery address and billing address.
When you complete forms on the website
Title, name and email address and any additional information you choose to provide us.
Please do not submit any special category personal data that is not relevant to your query.
Place orders for goods;
Name, address (billing and delivery), telephone number, email address, password, payment details.
Report problems or contact us by email with a query
Name, address, telephone number, email address, password, order reference number.
When you apply for a job vacancy via email/post. The information you give to us (in your CV and cover letter) may include: your name and contact details (e.g. telephone numbers, postal address, email address, etc.), education history and qualifications, employment
The information you give to us (in your CV and cover letter) may include: your name and contact details (e.g. telephone numbers, postal address, email address, etc.), education history and qualifications, employment history and any other information you choose to provide us.
Information we collect about you
· With each of your visits to the website (regardless of whether you register or log in during your visit), we will automatically collect the following information:
o technical information (e.g. your Internet Protocol (IP) address, log in information, browser type and version, time zone and setting, browser plug in types and version, operating system and platform;
o information about your visit, including the full URL and the pages and products you viewed during your visit, any search terms entered on our website, length of time spent on each page, the city and country you accessed our website from, page response times, download errors;
· when you purchase from our website
· If you contact us via our website or by email/telephone
· Details of goods purchased by you from the Website;
· If you contact us, we may keep a record of that correspondence or telephone call.
We may retain a record of the goods purchased by you, e.g. for warranty purposes.
we may keep a record of that correspondence or telephone call to allow us to properly handle your query or complaint.
Information collected when you sign up to our mailing list
When you sign up to receive newsletters and marketing materials from us we will collect your name and email address.
OUR LEGAL GROUNDS FOR PROCESSING PERSONAL INFORMATION
Our legal grounds for processing your personal information are:
- the processing is necessary for the performance of a contract that we have with you or in order to take steps at your request prior to entering into a contract (e.g. ordering goods via our website);
- your consent, where you have agreed to us using your personal information;
- the processing is necessary for compliance with a legal obligation to which we are subject; or
- the processing is necessary for the purpose of our legitimate interests or those of a third party, such as financial interests, operational and administrative interests, ensuring security, maintaining our relationship with you, marketing, optimising and understanding the use of our site, research and statistical analysis.
WHAT DO WE USE YOUR INFORMATION FOR?
Any of the information we collect from you / about you may be used as follows:
- To administer your account with us and carry out our obligations arising from any contracts entered into between you and us (legal basis: performance of our contract with you and legitimate interests).
- To process your orders and provide you with the products or services which you request through our site (legal basis: performance of our contract with you). If you do not wish to provide the personal information requested you may not be able to proceed with the order.
- To keep records of purchases, sales or other transactions for the purpose of ensuring that the requisite payments and deliveries are made in respect of those transactions (legal basis: performance of contract with you).
- To understand what advertising and information is relevant to you by analysing your visit history and providing you with information about goods or services or changes to our good and services that may interest you (legal basis: consent on the basis you consented to cookies).
- Where you have submitted a CV and cover letter/email to us we will process your personal data to assess your skills and experience to determine your suitability for working with us and to communicate with you about the recruitment or assessment decision process (legal basis: performance of our contract with you and legitimate interests).
- To identify visitors to our website (legal basis: consent, via your acceptance of cookies).
- To administer and improve our website as we want our website to be the best it can be (legal basis: legitimate interests).
- To improve customer service (legal basis: legitimate interests).
- To audit data downloading from our website (legal basis: legitimate interests).
- To administer a contest, promotion, survey, research or other site feature (legal basis: consent you provided at the time of entering).
- To display products to you that might be of interest while you are using the internet (via Google/Facebook) (this will be based on your consent to your acceptance of cookies on our websites. See our Cookies Policy.)
- To provide you with information about goods and services (legal basis: consent where we contact you be electronic means (SMS; email) and our legitimate interests for non-electronic forms of communication); and
- To send you newsletters (legal basis: consent where we contact you be electronic means (SMS; email) and our legitimate interests for non-electronic forms of communication).
DO WE SHARE YOUR PERSONAL INFORMATION?
We contract with third party service providers and suppliers to provide certain services.
We may share your personal data with the following parties, for the purposes noted below:
- our email mailing list provider, currently Mailchimp;
- the parties that provide delivery services, which are currently Royal Mail, DPD/Interlink or other courier/delivery company for overseas shipping;
- the parties who provide our payment services, which are currently Shopify Payments and Paypal;
- our ecommerce platform providers, which are currently Venture Stream and NetSuite;
- Trust Pilot, who provides online review services to us;
- Netsuite, customer database and order processing system;
- analytics and search engine providers that assist us in the improvement and optimisation of our site and our providers of web and hosting services;
- when we believe it is appropriate to comply with the law, we may disclose information about you to law enforcement officials in the investigation of any alleged unlawful activities by you. We may also be required to disclose information to a court or regulatory body when required to do so by law.
- regulators, government departments, law enforcement authorities, and tax authorities;
- any relevant dispute resolution body or the courts; and
- persons in connection with any sale, merger, acquisition, disposal, reorganisation or similar change in our business;
Except as provided above, we will not share personal information with any other third parties without informing you beforehand, unless required by, or in connection with, law and / or regulatory requirements.
We will not sell, trade or lease your personal information to others.
Where do we store your personal data?
The information which we collect about you will usually be stored inside the UK or the European Economic Area (EEA). However, we may transfer data outside the UK or EEA where our service providers host, process or store data outside the UK or EEA. Where we do this, we will ensure that the transfer is to a country covered by the decision of the European Commission or we ensure we have taken steps to put appropriate safeguards in place to protect your data in accordance with the Data Protection Legislation.
2) HOW DO WE PROTECT YOUR INFORMATION?
We implement a variety of security measures to maintain the safety of your personal information. Our security is reviewed and enhanced as necessary.
Unfortunately, the transmission of information via the internet is not completely secure and although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to the Website; any transmission is at your own risk.
Your account is password-protected for your security and we accordingly advise that you maintain the privacy of your password. Furthermore it is recommended that you occasionally change your password to maintain this level of security.
THIRD PARTY LINKS
3) Your rights UNDER THE DATA PROTECTION LEGISLATION
You have the following rights in respect of the information we process about you:
- the right to access information held about you by making a subject access request in accordance with the Data Protection Legislation. We may charge a reasonable fee when a request is manifestly unfounded or excessive;
- the right to request us to rectify personal information concerning you which is inaccurate or incomplete;
- the right to request us to erase personal information concerning you (in certain conditions as set out in the Data Protection Legislation);
- the right to object to the processing of your information by us as well as the right to request us to restrict the extent to which we process your personal information (both in certain conditions as set out in the Data Protection Legislation);
- the right to data portability (in certain conditions out in the Data Protection Legislation);
- the right to ask us not to process your personal information for marketing purposes. We will usually inform you (at the time of collecting information) if we intend to use your information for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your information or at any time by contacting us;
- right to know about any automated decision-making or profiling;
- where you have provided your consent to us for us to process your personal information, you have the right to withdraw your consent by informing us; and
- the right to lodge a complaint with the Information Commissioner’s Office in the UK.
The above rights may be exercised in accordance with data protection law.
4) Access to information
You have the right to request a copy of personal information that we hold about you under the Data Protection Legislation. To do this, simply contact us at email@example.com. Should we be prevented from disclosing your personal information, reasons will be given for the refusal. We may also request that you provide further information and identification to enable your request to be processed.
If you believe that any information we hold about you is incorrect or incomplete, please contact us at firstname.lastname@example.org. We will thereafter correct any information found to be incorrect. You can find detailed information about your rights under the Data Protection legislation on the UK Information Commissioner's website: http://www.ico.org.uk/.
5) RETENTION PERIODS
We will not hold your personal information for longer than is necessary for the “uses” outlined above unless we are required to keep your personal data to comply with the law and any regulatory requirement.
For example, when you place an order with us we will retain your personal data for a period of five years to allow us to comply with our legal and contractual obligations (e.g. financial reporting and provision of product warranties).
When you contact us with a query we will retain your information until the matter is resolved or for the purposes of entering into a contract with you.
When you apply for a job vacancy, we will retain your information for a period of  months after we have communicated to you our decision about your application. After this period, and if you are not successful in your application, we will securely destroy or anonymise your personal information. If you would like us to retain your personal information on file in case another opportunity may arise in the future so that we can consider you for that opportunity, please e-mail or write to us at email@example.com. We will continue to hold your personal information for this purpose for  months after receipt of your written confirmation.
By using our website, you (the visitor) agree to allow third parties to process your IP address, in order to determine your location for the purpose of currency conversion. You also agree to have that currency stored in a session cookie in your browser (a temporary cookie which gets automatically removed when you close your browser). We do this in order for the selected currency to remain selected and consistent when browsing our website so that the prices can convert to your (the visitor) local currency.
We keep this Policy under regular review and in the event we make any changes we will place an updated version on our Website and, where appropriate, notify you by e-mail, seek your consent or place a notification on the Website. Please review this page regularly to ensure that you are always aware of what personal information we collect, how we use it and under what circumstances we will share it with other parties.
This policy was last amended on 22 May 2018.