Who we are?
Blade and Rose Ltd,
Company registration number is 08424400
Unit 7 Fell Business Park, Underbarrow Road, Kendal Cumbria, UK.
This is a small family business and we design and sell a range of children’s clothing and accessories online direct to consumers and through specialist retail outlets. We currently export to over 20 countries around the world and this is growing.
Blade and Rose Ltd is the data controller. This means that we are responsible for how we use personal information about you in accordance with data protection laws and regulations from the EU and UK.
Contact use on 01539 730880 or email email@example.com
We have written and designed our Privacy Notice to comply with the need to explain our data processing activities in clear and plain English. If there is anything you don’t understand, or would prefer to speak to us directly, then please get in touch Jonathan/ Amanda Peffer at firstname.lastname@example.org
This notice provides the following information
- What personal information do we collect
- Where do we collect it from?
- Why do need that information
- How do we use it.
- How do we keep it safe and secure both online and offline.
- Legal basis for processing this information
- How we meet the data protection principles
- Your Data Protection Rights explained.
What Type of personal information do we collect and use?
- Contact information – name, address, phone number, email address
- Payment data – such as payment method, payment details and other information relating to payment. Note Blade and Rose does not store credit or debit card information. This is done via banking systems.
- Record of products bought and sales information
- Email addresses, sales information, preferences
- Social media addresses and information
How do we use your information?
We collect information for a variety of purposes:
- To fulfil an order for products
- To answer any queries and provide information about your order
- To provide you with offers and marketing information
- To help us develop new products
- To monitor and improve our website and understand our customers engage with our website. This helps us tailor relevant content.
- To engage with customers on social media
- To help us to sell into new areas geographically
- To meet any legal obligations such as tax, health and safety.
- To prevent fraud or other illegal activity
- For use in market research
- For legitimate direct marketing communications
- To answer product and sales queries,
We use your personal information to send you offers and news about our products which may be of interest to you. This includes our e newsletter and offers and vouchers about product which may be relevant to you or on specific requests for further information about our products. .
We may use your information to connect engage with you on social media platforms such as Facebook, Instagram, Pinterest or LinkedIn etc.
We may use information provided by you to enter competitions and prize draws.
We never send direct marketing where you have asked us not to do so. You can stop receiving our direct marketing communications at any time. Just contact us at the email above or via our sales team.
Where and how do we collect information?
We collect most information directly from our customers when placing an order, or when requesting product information such as our newsletter, product and delivery enquiries.
We may also collect data from referrals or from tradeshows and events
We may collect personal information from social media posts and other publicly available sources.
If you enter into any competitions that we may hold/run or take part in any surveys.
We may use credit reference agencies to protect you and us from fraud and criminal activity.
We do not buy in any personal data from third party sources.
Complying with Data Protection Law
In order for us to process your personal information we need to do so according the 6 data processing principles.
- We use it in a legal, fair and transparent way.
- We only collect that data that is necessary for valid purposes,
Such as when you place an order.
- We only collect sufficient information necessary to meet that purpose
- Accuracy – we aim to keep your data up to date.
Please let us know if we have got any details incorrect and we will update them immediately
- We only keep your information for as long as is necessary to complete the purpose for which it was obtained and fulfil our legitimate interests
After which it will be securely deleted or encrypted and archived.
- We aim to keep your data secure and confidential. See section on security
How long do we keep your information?
We keep personal data for as long as necessary to fulfil the purposes for which it was collected and to fulfil our normal legitimate interests as a business.
We may keep personal data in order to meet our legal obligations.
For those purposes where you gave us your consent to receive direct marketing, then we only keep it for as long as you stay subscribe to receiving the information. You can unsubscribe at any time.
We have keep a suppression file for those who have withdrawn their consent to direct marketing . This is a legal requirement under the Data Protection Act 2018. This is required so that we do not inadvertently contact you were you have asked us not to do so.
After a period of X Time we anonymise personal data or delete it. Once anonymised the data cannot identify any ‘natural person’ and as such falls out of the scope of data protection laws and regulations.
What is our legal basis for processing the data
In accordance with data protection laws, we need a ‘lawful basis’ for collecting and using your personal information.
The lawful basis on which we rely in order to use your information for the purposes outlined in this policy are:
These include contact details, payment details, delivery information, product safety
For example, when you order an item from us, we collect your delivery information and contact details.
In certain circumstances we need to collect and process your data to comply with a legal obligation.
For example, tax, accountancy reporting, product safety, reporting fraud or other criminal activity.
We use our legitimate interest as a commercial organisation so long as it is not outweighed by the potential impact on your rights. These interests are those that you would expect a company to undertake as part of running a commercial operation.
For example, maintain and report on sales activities, or to send our customers information on new products and offers by post or by email. To analyse trends in order to develop new products and services. To carry out market research.
In specific situations, we collect and process your data with your consent.
For examples, requesting our newsletter from our sign-up form on this website, or requesting more information at a trade show or other event.
Remember – you can stop receiving any direct marketing from us at any time regardless of which legal basis it is being processed under.
How We Share Your Information
We only share your information with companies acting on our behalf to provide a service; for example, fulfilling deliveries, fraud detection, credit risk reduction checks, IT systems support, web developers, digital agencies and internal audits. These are known as data processors, and only process personal data under an agreement with Blade and Rose.
We may share your personal data with the police or other companies and organisations to help prevent fraud or to investigate fraudulent activity.
In the event that we sell or buy any business or assets, your personal data will be transferred and shared with the new company or business, along with any consents that you have given Blade and Rose to use your information.
We may share your personal data with organisations and parties in order to meet our legal obligations.
We do not sell your data, nor do we share it with third parties.
Transferring Data out of the EU/EEA
For transfers to the USA, these will be made in accordance with the Privacy Shield agreement between the EU and USA. . For example, we currently use Mail Chimp as our email service provider who are based in the USA and are registered with the Privacy Shield scheme.
We have put in place appropriate security measures to ensure that your personal information is stored and processed securely. We also have put in place measure to prevent it being lost, altered or accessed without authority. We only share data with people and organisations who are authorised to do so and on our instructions. All personal data is treated with the strictest of confidentiality.
Any payment transactions are encrypted using SSL security.
In today’s world, unfortunately, cybercrime is a challenge for all of us and is growing in it’s sophistication and volume. Sending information via the Internet is not completely secure. We will do our best to protect your personal information, we cannot guarantee the security of your data transmitted to our site and you do so at your own risk.
Emails and other messaging services are not completely secure, therefore please do be careful when sending us personal and sensitive information by email or for example via email or other messaging services/apps such as Facebook Messenger or WhatsApp.
When setting up an account with Blade and Rose, we recommend that you create a strong password. This should contain 11 to 16 characters using a mix of letters, numbers and special characters.
Blade and Rose will never ask you to confirm or supply any account or credit card details by email. They will never ask for you your PIN or other security access codes. Please ring sales department if you are in any doubt or email email@example.com
If you would like more information about Cyber Security, there are updates and information about secure browsing and internet shopping on the UK government’s National Cyber Security Centre www.ncsc.gov.uk
Your rights and choices explained
Under the data protection Act 2018 and the EU’s GDPR, you have a number of Rights with regards to your data protection. These are outlined below. If would like more information on these rights, please go to the Information Commissioner’s website www.ico.org.uk
The Right to Access your information
This is known as a Subject Access Request or SAR. You can request a copy of the personal information that we hold about you.
This gives you the right to the following information
Confirmation that we are processing your personal data
A copy of that personal data
Clarification of the information contained in this privacy notice.
We may need to ask for information from you to confirm your identity.
This will be provided to you within 30 days, unless there are exceptional circumstances, and be supplied in an electronic format.
The Right to be Informed
This privacy notice is part of our obligation to you to keep you informed.
We review this policy on a regular basis or if we plan to use personal information for a new purpose or undertake an new activity.
The Right to Data Portability
This means that you can ask for a copy of your sales account details.
The Right to Rectification
You have the right for any inaccurate personal data to be rectified or completed if incomplete.
You can make this request verbally or in writing.
Right to Erasure or Right to be Forgotten
Where possible we will erase any personal data we hold on you on request .
However, we may have a legitimate reason for continuing to process that data. We will advise you at the time should this be the case.
However, even so we will need to keep a record called a suppression file to ensure that we don’t send you any direct marketing information.
The Right to Restrict Processing – especially for Direct Marketing
You have the right to request us to restrict processing or suppression of your personal data at any time.
You have the right to withdraw your consent for direct marketing purposes.
However, this is not an absolute right but dependent on the circumstances.
When you can exercise this right
- When you believe the data to be inaccurate
- It is being processed unlawfully
- We, Blade and Rose, decide that we don’t need to keep your information, but you ask us to do so in order to log a formal complaint or pursue a legal challenge.
- You have objected to the processing, and whilst awaiting the outcome of this objection you can request that we stop processing the information. See section on the Right to Object below.
The Right to Object to us processing your personal data
You have the right to object in certain circumstances.
You have the absolute right to stop us using your personal data to send you direct marketing communications.
You can make this request verbally or in writing.
We will comply with this request within 30 days.
Your Right to lodge a complaint with the local data protection authority
If you are not happy with any of our data protection activities or policies or how we are processing your personal information, you have the right to complain to the Information Commission. This is the body in the UK who has the authority to implement data protection laws.
In writing at
The Information Commission ICO
Wilmslow SK9 5AF
Or online at www.ico.org
Outside the UK & NI
If you are based outside of the UK, but within the EU, then you can refer to your local authority who will then lease with the UK Information Commissioner. A list of EU Data Protection authorities can be found at…..
Rights Relating to Profiling and Automatic Processing.
Blade and Rose does not undertake any automated processing or behavioural profiling that produces a significant or similar legal effect.
Data Protection Laws
Date of policy. September 2018
Date of Review. September 2019
If you have any questions relating to this Privacy Notice, please contact us at firstname.lastname@example.org