1 OUR APPROACH
2 WHO WE ARE
2.1 We are Olly’s Olives Ltd (company number 09988592 with our registered office at 66 Hazledene Road, London, W4 3JB). For the purposes of the General Data Protection Regulation, we are the controller of your data. This policy applies to our use of all personal data collected by us in relation to your use of our website and services.
2.2 If you have any questions about this policy, please contact us at 66 Hazledene Road, London, W4 3JB or email us at firstname.lastname@example.org.
3 THE DATA WE COLLECT ABOUT YOU
3.1 Personal data means any information relating to a person who can be identified either directly or indirectly; it may include name, address, email address, phone number, credit / debit card number, IP address, location data, purchase history.
3.2 We may collect, use, store and transfer different kinds of personal data about you which we receive from our website. This comprises the following:
- Email address
- Telephone number; and
- Cedit card information
3.3 We do not collect any special categories of personal data (i.e. details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
4 PURPOSES FOR WHICH WE PROCESS PERSONAL DATA
4.1 We will only process your personal data, in accordance with applicable law, for the following purposes:
4.1.2 if you contact us, you may give us information about you by filling in forms on our site or by corresponding with us by phone, e-mail or otherwise. This includes, for example, information you provide when you register to use our site, subscribe to our services and when you report a problem with our site;
4.1.3 offering our goods and providing our services to you in a personalised way, for example, we may provide suggestions based on your previous searches to enable you to identify suitable goods and services quicker. This may also include, where legally permitted, processing data related to your location;
4.1.4 handling and fulfilling your orders, if you request goods or services from us. This may also include processing of information that we receive from third parties, for example, address data to verify your correct address;
4.1.5 obtaining payment from you, if you purchase any of our goods and/or services;
4.1.6 enabling our suppliers and service providers to carry out certain functions on our behalf, including payment processing, verification, technical, logistical or other functions, as may be required, in order to fulfil your orders;
4.1.7 resolving any returns, refunds or disputes, if you lawfully exercise your rights or if you wish to dispute any part of our offering;
4.1.8 sending you personalised marketing communications, where you have agreed that we may do so, in order to keep you informed of our and our selected third party partner’s products and services, which we consider may be of interest to you. Where legally permitted, we may also contact you by electronic means (e.g., e-mail or SMS) with information about goods and services similar to those which you previously purchased from us;
4.1.9 serving personalised advertising to your devices; delivering ads based on your interests ascertained from your past searches, visits of subpages and purchases on our websites, and other data obtained through the use of “cookies” placed on your devices. Please see our cookies policy here
4.1.10 ensuring the security of your account and our business, preventing or detecting fraud or abuses of our website, for example, by requesting verification information in order to reset your account password;
4.1.11 developing and improving our products and services, for example, by reviewing visits to our website and its various subpages, demand for specific goods and services and your comments;
4.1.12 to comply with applicable law, for example, in response to a request from a court or regulatory body, where such request is made in accordance with the law;
4.2 To process your personal data lawfully we need to rely on one or more valid legal grounds. Our primary legal ground is that we need the data to fulfil our contract with you or to take certain steps prior to entering our contract with you. However, there may be circumstances where we also rely on other valid legal grounds, such as:
4.2.1 your consent to particular processing activities. For example, where you have consented to us using your personal data for marketing purposes;
4.2.2 our legitimate interests as a business (except where your interests or fundamental rights override these). For example, it is within our legitimate interests to use your personal data to prevent or detect fraud or abuses of our website; or
4.2.3 our compliance with a legal obligation to which we are subject.
5 DISCLOSURE OF CUSTOMER INFORMATION
5.1 There are circumstances where we wish to disclose or are compelled to disclose your personal data to third parties. This will only take place in accordance with the applicable law and for the purposes listed above. These scenarios include disclosure:
5.1.1 to our outsourced service providers or suppliers to facilitate the provision of our services or goods to you, for example, the disclosure to our data centre provider for the safe keeping of your personal data, webhosting provider through which your personal data may be collected, identity verification partners in order to verify your identity against public databases;
5.1.2 [to our advertising partners who enable us to deliver personalised ads to your devices or similar advertising;
5.1.3 subject to your consent, to our marketing partners, who may contact you by post, email, telephone, SMS or by other means. If you do not wish to be contacted, you may unsubscribe by clicking here];
5.1.4 to third party service providers and consultants in order to protect the security or integrity of our business, including our databases and systems and for business continuity reasons;
5.1.5 to another legal entity, on a temporary or permanent basis, for the purposes of a joint venture, collaboration, financing, sale, merger, reorganisation, change of legal form, dissolution or similar event. In the case of a merger or sale, your personal data will be permanently transferred to a successor company;
5.1.6 to public authorities where we are required by law to do so; and
5.1.7 to any other third party where you have provided your consent.
6 DIRECT MARKETING
6.1 If you are a customer of Olly’s and we have obtained your contact details in the course of a sale, or you have entered into negotiations for the sale of our products, then we may rely on our legitimate interests to use your personal data and send you marketing correspondence in respect of similar Olly’s products or services based on your previous purchase(s), unless you have opted out. You have the right to opt out of this marketing by [clicking on the unsubscribe link in any of our emails. You would have also been given the opportunity to opt out of our marketing when your personal data was first collected]. In all other cases, we will ask for your consent to send you electronic marketing communications.
6.2 If at any time you want us to stop using your personal data for marketing purposes, please email us at email@example.com.
7 INTERNATIONAL TRANSFER OF PERSONAL DATA
We may transfer your personal data to third parties in countries outside of the EEA for further processing in accordance with the purposes set out in this policy. In these circumstances we will, as required by applicable law, ensure that your privacy rights are adequately protected by appropriate technical, organisational, contractual or other lawful means (for example, by signing the EU Standard Contractual Clauses).
8 RETENTION OF PERSONAL DATA
8.1 We will only retain your personal data for as long as necessary to fulfil the purpose we collect it for as well as for as long as required in connection with our legal obligations or where we have a legitimate and lawful purpose to do so. When we no longer require your personal data we will securely destroy and dispose of it.
8.2 [We may keep an anonymised form of your personal data, which will no longer refer to you, for statistical purposes without time limits, to the extent that we have a legitimate and lawful interest in doing so].
9 DATA SUBJECT RIGHTS
9.1 Data protection law provides you with numerous rights, including the right to: access, rectify, erase, restrict, transport, and object to the processing of your personal data. You also have the right to lodge a complaint with the relevant data protection authority if they believe that their personal data is not being processed in accordance with applicable data protection law.
9.2 Right to make subject access request. You may, where permitted by applicable law, request copies of your personal data. If you would like to request for copies of the personal data we hold about you, you may do so by writing to Olly’s or emailing firstname.lastname@example.org.
9.3 Right to rectification. You may request that we rectify any inaccurate and/or complete any incomplete personal data.
9.4 Right to withdraw consent. You may, as permitted by applicable law, withdraw your consent to the processing of your personal data at any time. Such withdrawal will not affect the lawfulness of processing based on your previous consent. Please note that if you withdraw your consent, you may not be able to benefit certain service features for which the processing of your personal data is essential.
9.5 Right to object to processing. You may, as permitted by applicable law, request that we stop processing your personal data.
9.6 Right to restriction of processing. If the conditions of art 18 GDPR are met, you have the right to have the processing of your personal data restricted.
9.7 Right to erasure. You may request that we erase your personal data and we will comply, unless there is a lawful reason for not doing so. For example, there may be an overriding legitimate ground for keeping your personal data, such as, a legal obligation that we have to comply with, or if retention is necessary for us to comply with our legal obligations.
9.8 Right to data portability. You have the right to receive your personal data in a machine-readable format In order to forward it or have it forwarded to another controller.
9.9 Your right to lodge a complaint with the supervisory authority. We suggest that you contact us about any questions or if you have a complaint in relation to how we process your personal data. However, you do have the right to contact the relevant supervisory authority directly. To contact the Information Commissioner’s Office in the United Kingdom, please visit the ICO website for instructions.
10 LINKED WEBSITES
11 CHANGES TO THIS POLICY