Natures Aid Ltd has created this document to demonstrate its commitment to data privacy and its alignment to the requirements of the Data Protection Policy 1998, and from 25th May 2018, the General Data Protection Regulation 2018 (GDPR) in respect of handing and processing personal data.
This policy describes how we collect, use and process your personal data, and how, in doing so we comply with our legal obligations to you. Your privacy is important to us and we are committed to protecting and safeguarding your data privacy rights.
Natures Aid Ltd is registered with the UK Information Commissioners Office as a Data Controller.
Personal Information That We Hold
For retailers this is the information that you provide us with when opening an account either face-to-face, by phone or e-mail. For consumers this is the information that you provide us when purchasing our products online.
We may collect personal information about you when you provide it to us voluntarily. For example, we may collect information when you contact us with questions or provide feedback regarding our products via our Ask the Experts page.
The personal information we may collect includes contact information, such as your name, email address, mailing address and telephone number.
For purchases made via our website credit card information is never stored on Natures Aid systems and is only used to authorise the specific transaction being made through PayPal or our card payment authority (Sage Pay) and then removed. Under no circumstances will your credit card information be passed to any other third party.
Who We Share Your Information With
We will never distribute or share personal data that is held on our system with any third parties other than employees and suppliers of services where personal data is shared in order for us to meet our contractual obligations (e.g. courier services, credit reference agencies, database hosting supplier). We have carried out a review of their activities in relation to the GDPR and agreements are in place which will be reviewed annually.
Further information regarding the specific companies we use can be provided on request.
We will however disclose your information to third parties if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of business and other agreements, or to protect the rights, property or safety of Natures Aid Ltd, our customers or others. This includes exchanging information with other companies and organisations of fraud protection and credit risk reduction.
How Do We Use Your Information?
Natures Aid uses the information held about you to provide you with information about other goods and services we offer that are similar to those you have already purchased, been provided with or enquired about. We also maintain a marketing database that contains the basic details of people who have consented to Natures Aid sending information about products and events as well as general news about our company to them via email.
Each marketing email that is sent provides you with the ability to unsubscribe from receiving marketing emails at any time.
Where contact information is collected from you via the Contact Us and Ask the Export form – this information is used for responding to your query and for no other purposes.
Purposes Of The Processing Of Your Information
We use the information held about you in the following ways:
To carry out our obligations arising from any contracts we intend to enter into or have entered into between you and us to provide you with relevant products and services that you request from us.
We also have a legitimate interest in collecting and retaining your personal data to maintain, expand and develop our business by marketing our goods to increase sales.
Should we want or need to rely on consent to lawfully process your data we will request your consent by email or by an online process for the specific activity we require consent for and record your response on our system. Where consent is the lawful basis for our processing you have the right to withdraw your consent to this particular processing at any time by emailing email@example.com
Keeping Your Data Secure
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
While we will use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the internet is not entirely secure and for this reason, we cannot guarantee the security or integrity of any personal data that are transferred via the internet. If you have any concerns about your information, please contact us via email at firstname.lastname@example.org.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances, we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. Once you are no longer our customer, we will retain and securely destroy your personal information in accordance with applicable laws and regulations.
You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes and we will collect express consent from you if legally required prior to using your personal data for marketing purposes.
The GDPR provides you with the following rights:
- The right to be informed – everyone has the right to be given information about how their data is being processed and why. Natures Aid has provided this policy to show how we handle your data.
- The right of access – Natures Aid has a duty to comply with the requirements of Subject Access Requests (SAR).
- The right to rectification – the GDPR includes a right for individuals to have inaccurate personal data rectified or completed if it is incomplete.
- The right to be forgotten – you have the right to ask Natures Aid to remove your data.
- The right to restrict processing – you may restrict processing for a legitimate reason, we would still have the right to hold that information.
- The right to data portability – you may be able to obtain the information we hold about you and use for your own purposes.
Should you wish to exercise any of these rights please email email@example.com stating the following information:
Full details of information relating to your request
Reason for request and the right being exercised
You may be asked to verify your identity or provide consent for us to continue, should we require further information we will contact you. Your request will be dealt with within 30 days of us receiving it.
If you have any further questions or comments regarding this privacy notice these should be addressed to firstname.lastname@example.org
For more details about your rights under the Act, the rules we have to adhere to in collecting and storing your information, and how you can check your data records, please visit https://www.gov.uk/data-protection/the-data-protection-act or https://ico.org.uk/
Version: 15 May 2018