Before we go on…
This privacy notice has been written to explain what information we collect from you as a visitor to our website and/or a customer.
In a nutshell, please rest assured that we take data privacy very seriously. We won’t misuse your data, collect information we don’t need or pass your details to any third parties who do not need it or who you would not expect us to.
We also take additional offline security measures to protect your data. If you’re interested in learning about these, please read on.
Data subjects, processors and controllers
- Data subject – you, the visitor, the customer
- Data controller – us, we, Unique Natural Products Limited t/a Anacare
- Data processor – partners (delivery, payment processing, marketing)
What is our lawful basis for processing personal data?
Anacare processes personal data using two lawful grounds under the General Data Protection Regulation (GDPR) which came into effect on May 25th 2018:
- Contractual – in order to fulfil a contract (your order)
- Legitimate Interests – for feedback and marketing purposes
What information do we collect?
When you place an order on our website, we collect the following data from you:
- Email Address
- Telephone number
- IP Address
Who do we share this information with?
Once you have paid for your order, we are contractually obliged to fulfil the order and send you your goods. In order to do this, aspects of your information may be shared with some or all of the following:
- Delivery partners (usually Royal Mail, sometimes other courier companies)
- Payment processing partner (we use PayPal and we never have access to your card details)
- Marketing partner (we use MailChimp – please see ‘Email Marketing’ below)
We have agreements in place with all of the partners we share your information with and all are compliant with the General Data Protection Regulation (GDPR).
What do we use your email address for?
Once you place your order, you will generally receive the following:
- Order confirmation email (as soon as you place your email)
- Order complete email
- Feedback request (five days after completion)
- Marketing emails (please see ‘Email Marketing’ below)
Once you are a Anacare customer, we will process your data for marketing purposes using ‘Legitimate Interests’ as our lawful basis for doing so.
‘Legitimate Interests’ means that we can process your personal information if we have a genuine and legitimate reason and we are not harming any of your rights and interests. You will always have the right to opt out at any time and we will always honour any such requests.
We won’t pass your details to third parties, other than data processing partners (i.e. MailChimp) and only send an average of one or two marketing emails per month.
How long do we process data for?
We will consider you as a ‘customer’ of Anacare for 18 months from the date of your last order. If you do not order again within 18 months you will automatically be opted out of receiving our direct marketing emails.
If you order again from us after 18 months and have not previously opted out by unsubscribing, we have a legitimate interest to start sending you marketing communications about our products and services again.
It is illegal for us to send you marketing emails if you have previously unsubscribed. For that reason, a record of your email address will be kept in order to prevent further emails (for example, if you order with us again but have previously asked to opt out of marketing emails, we want to avoid your email being re-added to our marketing database).
You can opt out of marketing messages at any time by clicking on the ‘unsubscribe’ link in any of the emails you receive.
You also have the following rights:
- Right of access – the right to request a copy of the information that we hold about you
- Right of rectification – the right to correct data that we hold about you that is inaccurate or incomplete
- Right to be forgotten – you can ask for the data we hold about you to be erased from our records unless we’re otherwise obliged to retain it
- Right to restriction of processing – where certain conditions apply to have a right to restrict the processing
- Right of portability – the right to have the data we hold about you transferred to another organisation
- Right to object – the right to object to certain types of processing such as direct marketing (opt out)
- Right to object to automated processing, including profiling – the right to be subject to the legal effects of automated processing or profiling.
If you would like to request access, rectification or deletion of the data we hold about you, please email email@example.com.
Additional security steps
We never want your data to be compromised so, in addition to online security around our website and data processors, we take the following steps:
- We never share our own logins or passwords with other members of staff or any third parties
- All computers and devices are password protected in accordance with our password policy
- Any portable devices used for business purposes are password and fingerprint protected
- We never write down your personal information
- We do not have access to your payment card information
- All nonessential printed materials using your data (such as duplicate delivery notes or labels printed in error) are securely shredded and disposed of
- All essential printed materials (such as records for tax purposes) are in secure locked cabinets with restricted access
We have a duty to monitor and detect any potential data breach (for example if we believe email addresses or personal data has been stolen from us or any of our data processing partners). If we suspect a data breach has occurred, we will report it immediately to the ICO (Information Commissioners Office) and, if necessary to do so, the data subject(s).
What are Cookies?
- Cookies are small files which are stored on a user’s computer
- They are designed to hold a modest amount of data specific to a particular client and website, and can be accessed either by the web server or the client computer
- This allows the server to deliver a page tailored to a particular user, or the page itself can contain some script which is aware of the data in the cookie and so is able to carry information from one visit to the website (or related site) to the next
What cookies do we use?
- Google Analytics – this helps us understand our visitors and how they use our website, what directed them here, our most popular (and least popular) pages and products etc
- Facebook pixel – this allows visitors who also use Facebook to receive relevant advertising messages from us
PAYMENT CARD INFORMATION AND PROTECTION
We use secure servers and internationally-approved payment processors in order maximise the security of your payment card details.
We do not have access to share, write down or otherwise view your payment card details. In order to further protect your data, it is our policy to:
- Restrict administrative access to authorised and named personnel
- Control and regularly change the passwords used to access the site by the named personnel
- Protect our website with sufficient Security Certificates and Anti-Virus and Anti-Hacking software