3.HOW WE COLLECT YOUR PERSONAL DATA We may collect data about you by you voluntarily providing the data directly to us (for example by filling in forms on our site, filling in a survey, or by sending us emails). We may automatically collect certain data from you as you use our website by using cookies and similar technologies. We may receive data from third parties such as analytics providers such as Google based outside the EU, advertising networks such as Facebook based outside the EU, such as search information providers such as Google based outside the EU, providers of technical, payment and delivery services, such as data brokers or aggregators. We may also receive data from publicly available sources such as Companies House and the Electoral Register based inside the EU.
4.MARKETING COMMUNICATIONS Our lawful ground of processing your personal data to send you marketing communications is either your consent or our legitimate interests (namely to grow our business). Under the Privacy and Electronic Communications Regulations, we may send you marketing communications from us if (i) you made a purchase or asked for information from us about our goods or services or (ii) you agreed to receive marketing communications and in each case you have not opted out of receiving such communications since. Under these regulations, if you are a limited company, we may send you marketing emails without your consent. However you can still opt out of receiving marketing emails from us at any time.
5.DISCLOSURES OF YOUR PERSONAL DATA We may have to share your personal data with the parties set out below: • Other companies in our group who provide services to us. • Service providers who provide IT and system administration services. • Government bodies that require us to report processing activities.
6.INTERNATIONAL TRANSFERS We share your personal data within our group of companies which involves transferring your data outside the European Economic Area (EEA). Countries outside of the European Economic Area (EEA) do not always offer the same levels of protection to your personal data, so European law has prohibited transfers of personal data outside of the EEA unless the transfer meets certain criteria. Many of our third parties service providers are based outside the European Economic Area (EEA) so their processing of your personal data will involve a transfer of data outside the EEA. Whenever we transfer your personal data out of the EEA, we do our best to ensure a similar degree of security of data by ensuring at least one of the following safeguards is in place: • We will only transfer your personal data to countries that the European Commission have approved as providing an adequate level of protection for personal data by; or • Where we use certain service providers, we may use specific contracts or codes of conduct or certification mechanisms approved by the European Commission which give personal data the same protection it has in Europe; or • If we use US-based providers that are part of EU-US Privacy Shield, we may transfer data to them, as they have equivalent safeguards in place. If none of the above safeguards is available, we may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.
7.DATA SECURITY We take commercially reasonable steps to protect the Information from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. Please understand, however, that no security system is impenetrable. We cannot guarantee the security of our databases, nor can we guarantee that the Information that you supply will not be intercepted while being transmitted to and from us over the Internet. In particular, e-mail sent to or from the Website may not be secure, and you should therefore take special care in deciding what information you send to us via email.
8.DATA RETENTION We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. When deciding what the correct time is to keep the data for we look at its amount, nature and sensitivity, potential risk of harm from unauthorized use or disclosure, the processing purposes, if these can be achieved by other means and legal requirements. For tax purposes the law requires us to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they stop being customers. In some circumstances we may anonymize your personal data for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
9.YOUR LEGAL RIGHTS Under data protection laws you have rights in relation to your personal data that include the right to request access, correction, erasure, restriction, transfer, to object to processing, to portability of data and (where the lawful ground of processing is consent) to withdraw consent. You can see more about these rights at: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/ If you wish to exercise any of the rights set out above, please email us at email@example.com. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive or refuse to comply with your request in these circumstances. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you. For EU customers, if you are not happy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We should be grateful if you would contact us first if you do have a complaint so that we can try to resolve it for you. If you have registered for the Website, you may access, review, and make changes to your Personal Information, Billing Information, and certain Other Information by following the instructions found on the Website. In addition, you may manage your receipt of marketing and non-transactional communications by clicking on the “unsubscribe” link located on the bottom of any of our marketing emails. Customers cannot opt out of receiving transactional emails related to their account or their Orders. We will use commercially reasonable efforts to process such requests in a timely manner. 10.THIRD-PARTY LINKS This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit. Please keep in mind that whenever you voluntarily make your Personal Information available to third parties — for example on message boards or web logs; through email; during webinars, classes, telephone conferences, or coaching calls; or in comment or chat areas — that information can be seen, collected, heard, and/or used by others besides us. We cannot be responsible for any unauthorized third-party use of such information.
12. CALIFORNIA RESIDENTS We do not not monitor, recognize, or honor any behavioral advertising opt-out or do not track mechanisms, including general web browser “Do Not Track” settings and/or signals.
14. HOW WE USE AND SHARE THE INFORMATION We use the Customer Data, User Data, Technical Data, Marketing Data and Other Data (collectively, the “Information”) to provide our services; to process Orders; to administer our promotional programs; to maintain and improve our Website and services to you; to solicit your feedback; and to inform you about our products and services and those of our third-party marketing partners.We may also use and/or share Information as described below. We will access, use, and share the Information as required to process your Orders and provide support to you. In order to provide our services and administer our rewards and promotional programs, we may share the Information (excluding the Billing Information) with our third-party promotional and marketing partners, including, without limitation, businesses participating in our various programs. With your permission, third-party applications or services may access your Personal Information. We may employ other companies and individuals to perform functions on our behalf. Examples may include providing technical assistance, Order fulfillment, customer service, and marketing assistance. These other companies will have access to the Information only as necessary to perform their functions and to the extent permitted by law. In an ongoing effort to better understand our Visitors, customers, and our products and services, we may analyze the Order Information and Other Information in aggregate form in order to operate, maintain, manage, and improve the Website and/or our products and services. This aggregate information does not identify you personally. We may share this aggregate data with our affiliates, agents, and business partners. We may also disclose aggregated user statistics in order to describe our products and services to current and prospective business partners and to other third parties for other lawful purposes. We may share some or all of your Information with any of our parent companies, subsidiaries, joint ventures, or other companies under common control with us. As we develop our business, we might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, sale of assets, dissolution, or similar event, the Information may be part of the transferred assets. To the extent permitted by law, we may also disclose the Information: (i) when required by law, court order, or other government or law enforcement authority or regulatory agency; or (ii) whenever we believe that disclosing such Information is necessary or advisable, for example, to protect the rights, property, or safety of Wild Ember or others.