Privacy Statement
Introduction
This Privacy Statement (the ‘Statement’) explains the personal information we collect from you, and how we use it. Personal information is any information that can be used to identify you or that we can link to you. The Statement also explains the choices you can make about the data we collect, and how you can control these choices. It applies to the order process, and any subscriptions to email information, placed either online on or in person at an event, directly with Bombus. Orders placed via a third party marketplace are website are governed by the privacy policy of that marketplace. Please read this statement carefully to understand how Bombus may collect, use and share your personal information. The terms ‘we’, ‘us’ or ‘Bombus’ are each intended as reference to Bombus Ltd.
The Types of Personal Information We Collect
Buying Bombus products
When you place an order directly with us online, over the telephone or in person, you may be asked to provide the following so that we can complete your purchase, and deliver your gift to you.
We collect: Your title, name and delivery and/or delivery addresses, along with a telephone number and email address when you place an order with us. Additional information, such as your date of birth and sex, is optional. A password is required should you wish to set up an account.
Why: This information is vital in order for us to fulfil our contract with you, in the administration, making and delivery of your order. We may contact you via telephone or email if required to aid us in processing your order promptly. This information will be stored by the website to help us process future orders, and optional additional information also enables us to conduct internal reporting, in order to review our product range.
Important: When placing your order you may provide the personal details of a third party, such as their name or date of birth, as part of your personalisation request. If you have any concerns that they may object to this data being shared, we advise you to seek their consent before placing your order. Once your order is placed, we deem that consent has been sought and granted.
You will not be able to opt out of emails directly relating to your order, such as to update the status, or querying a request, as these are essential to the processing of your order.
Subscribing to email communications
You may subscribe to our marketing emails via our website subscription page, opting in to mailings when placing an order, over the telephone or in person at an event. Your subscription will be deemed consent to receiving future mailings from us. You may withdraw this consent at any time, and mailings will clearly show how to do this. You may also unsubscribe at any time by contacting us on [email protected] .
We collect: Your email address, the date and time you opted in, and the event or promotion which led to your subscription (if applicable). Your name may be provided optionally.
Why: We use this information to share news about new products, events, discounts and sales and personalise these mailings to you. We may contact you regarding competitions and promotions. The rules will be clearly explained for each individual competition.
Browsing our website
While browsing our products online, we may collect information about you online via cookies or similar technologies when you visit our website. A cookie is a file which is sent to your computer when you visit a website, allowing the website to respond to you as an individual. We use traffic log cookies to identify which pages are being used. We only use this information for statistical analysis purposes.
Cookies we collect
The table below lists the cookies we collect and what information they store.
Cookie Name | Cookie Description |
---|---|
FORM_KEY | Stores randomly generated key used to prevent forged requests. |
PHPSESSID | Your session ID on the server. |
GUEST-VIEW | Allows guests to view and edit their orders. |
PERSISTENT_SHOPPING_CART | A link to information about your cart and viewing history, if you have asked for this. |
STF | Information on products you have emailed to friends. |
STORE | The store view or language you have selected. |
USER_ALLOWED_SAVE_COOKIE | Indicates whether a customer allowed to use cookies. |
MAGE-CACHE-SESSID | Facilitates caching of content on the browser to make pages load faster. |
MAGE-CACHE-STORAGE | Facilitates caching of content on the browser to make pages load faster. |
MAGE-CACHE-STORAGE-SECTION-INVALIDATION | Facilitates caching of content on the browser to make pages load faster. |
MAGE-CACHE-TIMEOUT | Facilitates caching of content on the browser to make pages load faster. |
SECTION-DATA-IDS | Facilitates caching of content on the browser to make pages load faster. |
PRIVATE_CONTENT_VERSION | Facilitates caching of content on the browser to make pages load faster. |
X-MAGENTO-VARY | Facilitates caching of content on the server to make pages load faster. |
MAGE-TRANSLATION-FILE-VERSION | Facilitates translation of content to other languages. |
MAGE-TRANSLATION-STORAGE | Facilitates translation of content to other languages. |
_ga | Google Analytics - Used to distinguish users. |
_gid | Google Analytics - Used to distinguish users. |
_gat | Google Analytics - Used to throttle request rate. |
AMP_TOKEN | Google Analytics - Contains a token that can be used to retrieve a Client ID from AMP Client ID service. Other possible values indicate opt-out, inflight request or an error retrieving a Client ID from AMP Client ID service. |
_gac_(property-id) | Google Analytics - Contains campaign related information for the user. If you have linked your Google Analytics and AdWords accounts, AdWords website conversion tags will read this cookie unless you opt-out. |
Your cookie settings
Most web browsers allow you to control cookies using their preferences settings. However, if you limit the ability of a website to set cookies, the user experience of our website may be impaired, as it will no longer be personalised to you. Regardless of your cookie settings, we will only use your personal data in accordance with this Statement. You can learn how to control cookie settings here for popular browsers:
Google Chrome: https://support.google.com/chrome/answer/95647?hl=en
Internet Explorer: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies
Safari: https://support.apple.com/kb/ph17191?locale=en_US
Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
Data Security, Storage and Retention
Security
Bombus is committed to protecting the security of your personal information. While the internet is not a secure platform, we will protect your data with our systems and process to ensure that your data is secure. We store the personal data you provide on digital systems which have limited access. Your data is protected with encryption during transition over the Internet. Please note, your password is encrypted, which means that it cannot be recovered by anyone, including Bombus staff, it can only be reset.
To protect the security of personal information, you must not disclose your password to anyone else. Please notify us if you believe your password has been misused. Please note, Bombus will never ask you to disclose your password.
Storage
The servers which are used to store our online customer data are located within IOMART data centres certified to ISO9001 Quality Management System, ISO 27001 Information Security Management System standards & ISO 20000: The International Standard for Service Management. Each UK data centre is built using Tier 1 infrastructure, is N+ in design and is safe, secure and staffed 24 x 7. 24 hour Manned Security, Biometric Access & Intruder Alarms.
We will not process your data outside the EEA but our suppliers may do so. We require them to comply with the General Data Protection Regulation, and we are committed to protecting your data no matter where it is.
Data Retention
We will retain your personal information as long as we deem it necessary to enable us to allow you access to your online account, to comply with applicable laws regarding document retention, resolve disputes with any parties and as necessary to allow us to conduct our business. Personal data held will be subject to this Privacy Statement. Your data will held for up to two years after you have closed your account with us. Accounts can be closed in writing to [email protected].
Your Rights
You have a right to control how we use your personal data. You may:
- Ask us for a copy of the personal data we hold about you. When submitting your request please confirm whether this is to port to another system, or to view the data). This includes your order history.
- Inform us of any changes or corrections to your personal data
- Ask us to erase your personal data, except where this prevents us from fulfilling a contract already in place with you (for example you cannot opt out of email communications relating to a current order you have placed).
There is no processing of your data in an automated way, which has a legal effect on you.
If requested by law or enforcement agencies, we will disclose your information to the requesting enforcement authority.
We may share your personal information in the event of a merger, acquisition or sale. In this event, information passed will be bound by this privacy statement.
Your online account allows you to update your personal information at any time. Should you wish to make any other request regarding your personal data, this can be done by email to [email protected]. We will respond to your request as soon as possible, and within 30 days.
Where we use your information on the basis of your consent to receive mailings, you are entitled to withdraw that consent at any time, either by unsubscribing online or by email to [email protected].
We may use your personal information for our legitimate interests. For example, we rely on our legitimate interest to analyse and improve our website and product offering, to send you notifications about special offers, new products or to use your personal information for administrative, fraud detection or legal purposes. Where we process your personal information based on our legitimate interest and no opt-out mechanism is available to you, you may exercise your right to object by emailing [email protected] .
Third Party Services
We work with third party suppliers to enable us to provide our services with you. The list below outlines the agreements between us with regard to your data.
PayPal
Paypal is one of two available payment methods; it offers payment using PayPal balance or credit or debit card. We provide your name, email address, order items and total, and billing/delivery addresses to Paypal during the checkout process so that you can complete your payment. You will provide your payment details directly to PayPal via their website while completing your transaction. View Paypal’s privacy policy here: https://www.paypal.com/uk/webapps/mpp/home
Realex Payments
Realex Payments is one of two available payment methods, using a credit or debit card. We provide your name, order items and total, along with your billing address to Realex Payments during the checkout process so that you can complete your payment. When ordering online, you will provide your payment details directly to Realex Payments via their website while complete your transaction.
When ordering over the phone, we will enter the payment details you provide directly into the Realex Payments website to process your transaction. We do not store your payment details. View Realex Payments’ privacy policy here: https://www.realexpayments.com/privacy-statement/
Royal Mail
We use Royal Mail as our primary delivery agent. We provide them, via their secure online system, the name and delivery address of the person receiving your gift (this may be you or your recipient). The delivery email address and telephone number may also be provided in order to help with delivery services. View Royal Mail’s privacy policy here: https://www.royalmail.com/privacy-policy/
Courier Services
For certain orders we may use the services of couriers to deliver your order. We use the courier broker Interparcel to book and track your delivery. We provide them with the delivery name, delivery address and telephone number (this may be you or your recipient). View Interparcel’s privacy policy here: https://uk.interparcel.com/privacy.php
Mailchimp
We use Mailchimp to create and sent our marketing emails, and to manage our email subscriptions. If you opt in to our mailings, we provide them with your email address, the date and time you opted in, and the event or promotion which led to your subscription (if applicable). Your name may be provided optionally.
Orders Placed Through Other Marketplaces
We process customer data on behalf of several other online marketplaces and shops. Please contact the organisation directly with whom you made the original purchase for details of their privacy policy. Any data provided to us by third parties will also be dealt with in line with this statement.
About Bombus
If you wish to contact us about the use of your personal data, please email [email protected].
If you wish to raise a complaint about our use of your personal data, please write to us at the address below. We will respond in writing to your complaint within 30 days. If you are not satisfied that the problem has been resolved you can refer your complaint to the Information Commissioner’s Office: www.ico.org.uk
Bombus Ltd. Is a data controller for personal data we collect through the means listed above, subject to this Privacy Statement. Our address is Well Oast, Brenley Farm, Brenley Lane, Boughton Under Blean ME13 9LY, UK.
Updates to this policy
We update this privacy policy from time to time, in accordance with legislation and as technology changes. We suggest you check back from time to time to view updates.