Privacy and data protection Policy
Baby Bee Of London takes the privacy of your information very seriously. Our Privacy Notice is designed to tell you, the user of our services about our practices regarding the collection, use and disclosure of personal information which may be provided to us via our websites, associated apps and other digital products we provide or collected through other means such as an online form, email, or telephone communication.
This notice applies to personal data provided by our users, whether they are a customer for our products or otherwise. In this notice “you” refers to any individual whose personal data we hold or process (other than our staff).
In this notice references to the “Website” are references to any website, app or other means by which you provide personal data to us or access our services.
This notice is governed by the EU General Data Protection Regulation (the “GDPR”) from 25 May 2018.
+ Contact Details
+ How and why we collect your information
We collect your personal information when you interact with us, such as when you use our Website to place an order so that we can process it. We also look at how visitors use our Website, to help us improve and optimise customer experience. We collect information:
- when you create an account with us or you change your account settings;
- when you place an order with us and during the order process
- when you contact us directly via email, phone, post, message or otherwise
- when you browse and use our Website
We also collect information from third party sites, such as advertising platforms and our fraud detection provider.
+ Information that we collect from you
We collect various personal information regarding you or your device. This includes the following:
- When you place an order on our Website, we need information about yourself including your name, contact details, delivery address, order details and payment information such as credit or debit card information.
- Information you provide when you sign-up to our newsletter or ask or agree to receive information relating to our goods and services such as your name, telephone number, email address, your baby’s due date or birthday and product preferences.
- Information about you from any messages you post to the Website or when you contact us or provide us with feedback.
- Information from your use of the Website. This includes: IP addresses, preferences, web pages you visited prior to coming to our or our Website, information about your browser, network or device (such as browser type and version, operating system, internet service provider, preference settings, unique device IDs and language and other regional settings), information about how you interact with our Website (such as timestamps, clicks, scrolling, browsing times, searches, transactions, referral pages, load times, and problems you may encounter, such as loading errors).
- Information we get from our partners to support our marketing initiatives and better monitor, manage and measure our ad campaigns, such as details about when our partner shows you one of our ads on or via its advertising platform.
+ Use of your information
We will only process the data we collect about you if there is a reason for doing so, and if that reason is permitted under data protection law. We will have a lawful basis for processing your information: if we need to process your information in order to provide you with the service you have requested or to enter into a contract; we have your consent; we have a justifiable reason for processing your data; or we are under a legal obligation to do so.
We use the personal information we obtain about you to:
- Create and manage your Account, process orders and payments and respond to your inquiries.
- Communicate with you, including by sending you emails about your transactions.
- Administer surveys, contests and other promotions.
- Send you tailored marketing communications about products, services, offers, programs and promotions of Baby Bee Of London and measure the success of those campaigns.
- Analyze your interactions with our Website and third parties’ online services so we can tailor our advertising to what we think will interest you.
- Manage our vendor and partner relationships.
- Protect our and others’ interests, rights and property (e.g., to protect our Users from abuse).
- Comply with applicable legal requirements, such as tax and other government regulations and industry standards, contracts and law enforcement requests.
+ How we share your personal information
We share personal information in the following ways:
- Process payments. We transmit your personal information via an encrypted connection to our payment processor.
- Service providers. We share personal information with our service providers that perform services on our behalf. For example, we may use third parties to help us provide customer support, manage our advertisements on other sites, send marketing and other communications on our behalf or assist with data storage.
- Following the law or protecting rights and interests. We disclose your personal information if we determine that such disclosure is reasonably necessary to comply with the law, protect our or others’ rights, property or interests (such as enforcing our Terms of Service) or prevent fraud or abuse.
- Advertising. We share personal information with third parties so they and we can provide you with tailored advertising and measure and monitor its effectiveness.
- Business transfers. If we're involved in a reorganization, merger, acquisition or sale of some or all of our assets, your personal information may be transferred as part of that deal.
Cookies are used to
- navigate and use key features on our site, such as the shopping cart
- measure how you use the website so it can be updated and improved based on your needs
- remember the notifications you’ve seen so that we don’t show them to you again
+ List of Cookies used on our Website
|Type of Cookie||Cookie Name||Duration||Purpose|
|Functional||Crumb||Session||Prevents cross-site request forgery (CSRF). CSRF is an attack vector that tricks a browserinto taking unwanted action in an application when someone’s logged in.|
|Functional||RecentRedirect||30 minutes||Prevents redirect loops if a site has custom URL redirects. Redirect loops are bad for SEO.|
|Functional||CART||2 weeks||Shows when a visitor adds a product to their cart|
|Functional||hasCart||2 weeks||Tells Squarespace that the visitor has a cart|
|Functional||Locked||Session||Prevents the password-protected screen from displaying if a visitor enters the correct site-wide password.|
|Functional||SiteUserInfo||3 years||Identifies a visitor who logs into a customer account|
|Functional||SiteUserSecureAuthToken||3 years||Authenticates a visitor who logs into a customer account|
|Functional||Commerce-checkout-state||Session||Stores state of checkout while the visitor is completing their order in PayPal|
|Functional||squarespace-popup-overlay||Persistent||Prevents the Promotional Pop-Up from displaying if a visitor dismisses it|
|Functional||squarespace-announcement-bar||Persistent||Prevents the Announcement Bar from displaying if a visitor dismisses it|
|Functional||Test||Session||Investigates if the browser supports cookies and prevents errors.|
|Analytics||ss_cid||2 years||Identifies unique visitors and tracks a visitor’s sessions on a site|
|Analytics||ss_cvr||2 years||Identifies unique visitors and tracks a visitor’s sessions on a site|
|Analytics||ss_cvisit||30 minutes||Identifies unique visitors and tracks a visitor’s sessions on a site|
|Analytics||ss_cvt||30 minutes||Identifies unique visitors and tracks a visitor’s sessions on a site|
|Analytics||ss_cpvisit||2 years||Identifies unique visitors and tracks a visitor’s sessions on a site|
|Analytics||ss_cookieAllowed||30 days||Remembers if a visitor agreed to placing Analytics cookies on their browser if a site is restricting the placement of cookies|
+ Direct Marketing
Where you have given your consent or where we have a justifiable reason for doing so (and are permitted to do so by law) we will use your information to let you know about our other products and services that may be of interest to you and we may contact you to do so by email or phone. You can elect not to receive direct marketing messages by contacting us at email@example.com with the subject “Unsubscribe”.
+ Your privacy rights
All SARs and other requests or notifications in respect of your rights detailed below must be sent to us by email at: firstname.lastname@example.org.
We will endeavour to comply with such requests as soon as possible but in any event we will comply within one month of receipt (unless a longer period of time to respond is reasonable by virtue of the complexity or number of your requests).
Under data protection law, you may have a number of rights concerning the data we hold about you. If you wish to exercise any of these rights, please contact our Data Protection Officer using the contact details set out above. For additional information on your rights please contact your data protection authority and see below.
- The right to be informed. You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we’re providing you with the information in this policy.
- The right of access. You have the right to obtain access to your information (if we’re processing it). This will enable you, for example, to check that we’re using your information in accordance with data protection law. If you wish to access the information we hold about you in this way, please get in touch (see Contact Details).
- The right to rectification. You are entitled to have your information corrected if it is inaccurate or incomplete. You can request that we rectify any errors in information that we hold by contacting us (see Contact Details).
- The right to erasure. This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of certain of the information that we hold about you by contacting us (see Contact Details).
- The right to restrict processing. You have rights to 'block' or 'suppress' further use of your information. When processing is restricted, we can still store your information, but will not use it further.
- The right to data portability. You have the right to obtain your personal information in an accessible and transferrable format so that you can re-use it for your own purposes across different service providers. This is not a general right however and there are exceptions.
- The right to lodge a complaint. You have the right to lodge a complaint about the way we handle or process your information with the national data protection authority.
- The right to withdraw consent. If you have given your consent to anything we do with your information (i.e. we rely on consent as a legal basis for processing your information), you have the right to withdraw that consent at any time. You can do this by contacting us (see Contact Details). Withdrawing consent will not however make unlawful our use of your information while consent had been apparent.
- The right to object to processing. You have the right to object to certain types of processing, including processing for direct marketing and profiling. You can object by changing your marketing preferences or disabling cookies as set above.
+ Transferring your information outside of Europe
As part of the services provided to you the information you provide to us may be transferred to, processed and stored at, countries or international organisations outside of the EEA.
We have customers who are outside of the EEA and in those circumstances personal data will be transferred outside of the EEA (for instance to shipping partners).
We will not transfer the personal data of EEA customers in a systematic way outside of the EEA but there may be circumstances in which certain personal information is transferred outside of the EEA, in particular:
- If you use our Website while you are outside the EEA, your information may be transferred outside the EEA in order to provide you with our services;
- We may communicate with individuals or organisations outside of the EEA in providing goods and services, those communications may include personal information (such as contact information) for example you may be outside of the EEA when we communicate with you;
- From time to time your information may be stored in devices which are used by our staff outside of the EEA (but staff will be subject to our cyber-security policies).
- If we transfer your information outside of the EEA, and the third country or international organisation in question has not been deemed by the EU Commission to have adequate data protection laws, we will provide appropriate safeguards and we will be responsible for ensuring your privacy rights continue to be protected as outlined in this notice.
By submitting your personal information to us you agree to the transfer, storing or processing of your information outside the EEA in the manner described above.
+ Retention of your information
We will not retain your information for any longer than we think is necessary.
Information that we collect will be retained for as long as needed to fulfil the purposes outlined in the ‘Use of your information’ section above, in line with our legitimate interest or for a period specifically required by applicable regulations or laws, such as retaining the information for regulatory reporting purposes.
When determining the relevant retention periods, we will take into account factors including:
- our contractual obligations and rights in relation to the information involved;
- legal obligation(s) under applicable law to retain data for a certain period of time;
- statute of limitations under applicable law(s);
- our legitimate interests where we have carried out balancing tests (see section on 'How we use your personal information' above); (potential) disputes; and
- guidelines issued by relevant data protection authorities.
Otherwise, we securely erase your information where we no longer require your information for the purposes collected.
We adopt strict policies to ensure the personal information we hold about you is suitably protected.
We take steps to protect your information from unauthorised access and against unlawful processing, accidental loss, destruction and damage.
Where you have chosen a password that allows you to access certain parts of the Website, you are responsible for keeping this password confidential. We advise you not to share your password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will take steps to protect your information, we cannot guarantee the security of your data transmitted to the Website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
If personal data we hold about you is subject to a breach or unauthorised disclosure or access, we will report this to the Information Commissioner’s Office (ICO).
If a breach is likely to result in a risk to your data rights and freedoms, we will notify you as soon as possible.
+ Other websites
Our Site may contain links and references to other websites. Please be aware that this notice does not apply to those websites.
We cannot be responsible for the privacy policies and practices of sites that are not operated by us, even if you access them via our Website. We recommend that you check the policy of each site you visit and contact its owner or operator if you have any concerns or questions.
In addition, if you came to this Website via a third party site, we cannot be responsible for the privacy policies and practices of the owners or operators of that third party site and recommend that you check the policy of that third party site and contact its owner or operator if you have any concerns or questions.
If you’re not satisfied with our response to any complaint or believe our processing of your information does not comply with data protection law, you can make a complaint to the Information Commissioner’s Office (ICO) using the following details:
Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF Telephone number: 0303 123 1113 Website: www.ico.org.uk