BAM – Bamboo Clothing Ltd is a company registered in England and Wales, Reg Company Number: 5016435 (Collective referred to as “BAM”, “We” “Us” in this policy) For the purpose of the Data Protection Act 1998 (the Act), and Article 12 of the General Data Protection Regulations (GDPR) 2018 the data controller is BAM – Bamboo Clothing Ltd, Airport Business Centre, 10 Thornbury Road, Estover, Plymouth, Devon, PL67PP.
Maintaining the security of your data is a high priority at BAM, and we are committed to respect your privacy rights and want to be transparent about what data we collect about you and how we use it. This policy applies when you visit our website and shares information with you on how we use your data, what we collect, how we ensure privacy is maintained and your legal rights relating to your personal Data.
INFORMATION ABOUT YOU
What Personal Data Do We Collect
BAM may collect the following information about you:
- Your name
- Your contact details: postal address, billing address and despatch address (if different), telephone numbers (including mobile number) and e-mail address
- Purchases and orders made by you
- Your browsing activity while on the BAM website
- Your password if you create a registered account (not compulsory)
- Payment details (your card information is not held by us, it is collected by our third party payment processors, who specialise in the secure online capture and processing of credit/debit card transactions)
- Marketing and communication preferences
- Feedback and survey responses
- Reviews of our products or services
- Location via IP Address
- Device information when navigating our website
This list is not exhaustive and we may collect additional information under specific instances. Some of the above data is collected directly, for example if you email our customer services team or create a order. Other personal data is collected indirectly, for example through your browsing and shopping on our site. We may also collect personal data from third parties who have your permission to pass your details to us, or from publicly available sources.
How We Collect Information About You
When you visit our website we may automatically collect information about your computer, including your ip address, information about your visit, your browsing history, and how you use our website. This information is combined with other information for example, completing contact forms or when you order, we need to have your name, e-mail address, card number and card expiry date. Without this information we will not be able to process your request or notify you of acceptance of your order. A contact telephone number may also be required so that we may contact you urgently if there is a problem with your order.
How We Use Your Personal Information
We use personal information about you for the following purposes:
- When processing your order or contact query
- Providing information about our products which can be personalised based on the information we have collected about you
- To verify your Identity
- For crime and fraud prevention, detection and related purposes
- The effectiveness of the advertising we serve you and others
- Make suggestions and recommendations to you and other users of our site about the products we offer
- With your agreement, to contact you electronically or through the post with promotional offers and products we think may interest you. so that you have exclusive access to our best deals. We use the information we have about you to tailor the content and try to ensure that the offers are as relevant to you as possible. If you would not like to receive these notifications, please select the relevant tick box at the basket/checkout page. For emails You can unsubscribe from all communications by simply clicking on the unsubscribe link placed in the end of every email communication we send. If, in the past, you have chosen to be notified and you no longer wish to receive correspondence from us please call Customer Services on 01752 581458 or send an email to email@example.com or write to: Customer Services, BAM – Bamboo Clothing Ltd, Airport Business Centre, 10 Thornbury Road, Estover, Plymouth, Devon, PL6 7PP and we will update your preferences
We may analyse your information to create a profile of your interests, preferences and purchase history so that we can contact you or provide you on your visit with more relevant products and information that would be interesting for you. We may source additional information from 3rd parties to enhance this.
You rave a right to object to profiling. if you would like to do so or If you would like to know more about this process then please contact firstname.lastname@example.org
Security Of Your Data
Within Bamboo Clothing Ltd we protect your privacy in 4 ways:
We follow a tight security procedure as required under UK Data Protection Legislation (the Data Protection Act 1998) and in future Article 32(1)GDPR to protect the information that we store about you from unauthorised access. Our secure payment is via the highly respected and secure Stripe online payment system and information between you and us is 256 bit encrypted. We perform daily malware scans and restrict data access and have a internal confidentiality policy as follows:
Within Bamboo Clothing Ltd we protect your privacy in 4 ways:
1. Access to customer account information is limited to those who need access for the performance of their job
2. We use full login and password controls on our sales control system
3. All full and part-time employees are required to sign a confidentiality clause as part of their terms of employment with the company
4. Confidentiality and database access controls are reviewed periodically and updated as required to further protect your personal data
3rd Party Data Access
As with many businesses BAM relies on a number of core service providers who held fulfill our promise to you when you place an order, these may include our delivery partners such as Royal Mail and Parcelforce, our payment gateway and others within IT infrastructure and marketing services to help our business run smoothly and create a good experience for you.
We may wish to pass your details (NOT e-mail though-never) to trusted retail third-parties that we believe may be of interest to you for their own marketing purposes. If you would prefer not to enjoy this service then please tick the box during the online purchasing process. For example we work with Epsilon Abacus (registered as Epsilon International UK Ltd), a company that manages the Abacus Alliance on behalf of UK retailers. The participating retailers are active in the clothing, collectables, food & wine, gardening, gadgets & entertainment, health & beauty, household goods, and home interiors categories. They share information on what their customers buy. Epsilon Abacus analyses this pooled information to understand consumer’s wider buying patterns. From this information, retailers can tailor their communications, sending people suitable offers that should be of interest to them, based on what they like to buy.
Direct App Integration
This app may allow third party companies to provide services and/or collect certain information when you visit our mobile app. Third party companies may use information such as mobile advertising identifiers, app usage, time and date, subject of advertisements clicked, and/or precise location data through this mobile app in order to provide advertisements about goods and services that are likely to be of greater interest to you. To learn more about Cross-App Advertising, please visit www.networkadvertising.org or http://www.aboutads.info/. You can find instructions on how to use consumer choice mechanisms provided by major mobile operating systems here: http://www.networkadvertising.org/mobile-choices.
First Party Cookie Integration
We may also use technologies, such as our own cookies, to provide you with relevant online display advertising tailored to your interests. Our marketing partner, Conversant, assists us in managing these technologies. To opt out of our cookies used for this online advertising or to submit a data subject request specific to these technologies, click here
Where data is shared with third parties we aim to ensure that this transfer is as secure as possible, we will conduct a audit of this process and potential impact on you plus we require all 3rd parties we work with to have a contract which outlines their compliance with appropriate data protection laws and that the use of the data is only used in relation to the purpose it is meant. Such as:
Voucher offers of Sovendus GmbH: In order to select a currently interesting voucher offer for you, we will transmit your pseudonymised hash value of your e-mail address and your IP-address in encrypted form to Sovendus GmbH, Moltkestrasse 11, D-76133 Karlsruhe (Sovendus) (Art. 6 par. 1 f GDPR). The pseudonymised hash value of your e-mail address is used to consider a possibly existing objection to receive offers from Sovendus (Art. 21 par.3, Art. 6 par. 1 c GDPR). The IP-address will be exclusively used for data security purposes and as a rule the same will be anonymised after seven days (Art. 6 Abs.1 f DSGVO). Furthermore, we will transmit order number, order value with currency, session ID, coupon code, and time stamp in pseudonymised form to Sovendus for billing purposes (Art. 6 Abs.1 f DSGVO). If you are interested in a voucher offer of Sovendus, while there is no objection existing to receive such offers, and if you click on the voucher banner, we will transmit your form of address, your name and your e-mail address in encrypted form to Sovendus to prepare a voucher (Art. 6 par. 1 b, f GDPR).You will find further information about the processing of your data by Sovendus in their Online Data Protection Notice
Go Direct Marketing & The Tapestry Agency: Are market analysis agencies that helps us to better understand our customer information such as buying habits and the success of our marketing communications.
If, for any reason, you are unsure about the personal and account information we are holding in your name, please contact our customer service team. They will happily review your file and update the records if required whether this is simply updating incorrect or out-of-date information or opting out of communications. You can contact our customer service team by email or phone.
Right of Access – in accordance with Article 15 GDPR, you are entitled to obtain information, free of charge, about your saved data, where applicable, has a right to the correction, blocking, deleting of data (Article 5 (1 d), e) Article 12 and 17-19 GDPR). On Request BAM shall inform the user in line with Valid Law in Writing of the User’s personal data (after appropriate security check to prove identity) we have saved. To request information that we may hold on you please email email@example.com with the subject line “Right of Access Request”. We will have one month (unless complex this can then be extended for 2 months) to respond to your request and will provide it in a common electronic format (CSV)
Right to lodge a complaint – In accordance to Article 77 GDPR. You have the right to complain to a supervisory body if you feel your data is being misused. Contact the ICO (Information Commissioners Office) for more information. We would hope that you would discuss with us any concerns so that we could look to rectify before it gets this far.
Right to Data Portability – In accordance to article 20 GDPR. You have the right to receive the personal data concerning yourself which you have provided to BAM as the data controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.
Right to be Forgotten – In accordance with Article 17 GDPR, You have a right for your data to be forgotten and erased (anonymised personal data) from our systems. if you would like this to happen please email firstname.lastname@example.org with the Subject Line “Right to be Forgotten Request”. We will need to confirm your identity before doing this and we will be extremely sorry to see you go. Please note under some circumstances we may be able to refuse this request for example the HMRC requires companies to keep records of VAT for up to 6 years plus under terms of good of sale we may delay the erasure process until after the 14 days returns and refunds policy has expired after your last purchase.
Please note that the data cleansing process is total and we will have no records of your previous interaction. This is specific interest to rules following the Right to be Forgotten, which in turn may mean that we can legally acquire your data from opted in sources at a later date with no knowledge that you were once previous customer.
Please note, as advised by the ICO an Audit log comprising of just a name, plus the date the request came in, is kept for any access requests. A name on its own is not classed as personal identifiable information.
Our cookies can contain personal information about you and are used only to determine your browser and user preferences for our site. We believe that this can greatly assist us in providing you with the service that you desire and to enhance your browsing experience. However, if you prefer, your browser software should enable you not to accept cookies. You should still be able to use our site without cookies enabled. We may also use technologies, such as our own cookies, to provide you with personalised online display advertising tailored to your interests. To view the list of cookies and our policy please visit here To opt out of our cookies used for this online advertising, click here.
Legal Basis For BAM processing Customer Data
BAM Collects and uses customers’ personal data because it is necessary for the purposes of complying with our duties and exercising our rights under a contract for the sale of goods to a customer; or complying with our legal obligations. In general, we only rely on our legitimate interest or permission (e.g. when you tick a box to receive our Newsletters) as a legal basis for processing in relation to sending direct marketing communications to customers via post, email or text messages. Customers have the right to withdraw consent at any time. Where consent is the only legal basis for processing we will cease to process data after consent is withdrawn.
Our Legitimate Interests
It is necessary for the legitimate interests of BAM to process customer data as follows:
- Selling and supplying goods and services to our customers
- Protecting customers, employees and other individuals and maintaining there safety, health and welfare
- Promoting, marketing and advertising our products and services
- Personalising communications or content within emails and onsite
- Understanding customers behavior, activities, preferences and needs
- Improving existing or developing new products and services
- Complying with legal and regulatory obligations
- Preventing, Investigating and detecting crime, fraud, or anti-social behavior and prosecuting offenders, including working with law enforcement agencies
- Protecting BAM, its customers, suppliers and employees, by taking appropriate legal action against third parties who have committed criminal acts or are in breach of legal obligations to BAM
- Fulfilling our duties to our customers, colleagues, shareholders and other stakeholders
Transferring Your Information Outside of Europe
As part of the services offered to you through this website, the information which you provide to us may be transferred to countries outside the European Economic Area (EEA). For example International customers are redirected to a 3rd party payment system outside of the EU. These countries may not have similar data protection laws to the UK. By submitting your personal data, You’re agreeing to this transfer, storing and processing. If we transfer your information outside of the EU in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this policy
Data Retention Policy
Any information relating to your account (including order history, communications and correspondence records) is kept while you are still an active customer. If you have not bought within 6 years all data will be safely destroyed. We hold very little paper records but any relevant materials will be shredded. Electronic data sets will be deleted or anonymised from master sources and backups. An automated process to identify, alert and process these deletions is in place.
Please note that the data cleansing process is total and we will have no records of your previous interaction. This is specific interest to rules following the Right to be Forgotten, which in turn may mean that we can legally acquire your data from opted in sources at a later data with no knowledge that you were once previous customer.
Please note that within our website are a number of external links to other websites and companies, if you click on these then you will be subject to that 3rd parties privacy policies and not BAM.
This Privacy Document was last updated on the 8th February 2019