Privacy Policy

The Little Red Berry Co ("We") are committed to protecting and respecting your privacy.  We do not, and will not, sell any of your personal data to any third party; we wish to earn and retain your trust and believe this is unquestionably imperative in achieving that.

This policy (together with our terms of use and any other documents referred to therein) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data, how we will treat it, your privacy rights and how the law protects you.

For the purpose of the Data Protection Act 1998 (the Act) and GDPR, the data controller is The Little Red Berry Company Ltd of Unit 3C & 3D, Sycamore Business Park, Dishforth Road, Copt Hewick, Ripon, HG4 5DF.

Policy key definitions:

  • "I", "our", "us", or "we" refer to the business, [The Little Red Berry Co].
  • "you", "the user" refer to the person(s) using this website.
  • GDPR means General Data Protection Act.
  • PECR means Privacy & Electronic Communications Regulation.
  • ICO means Information Commissioner's Office.
  • Cookies mean small files stored on a user’s computer or device.

Our Privacy Policy is broken down into 16 Sections:

  • Section 1 - Information we may collect from you
  • Section 2 – Children’s Privacy Protection
  • Section 3 – Consent
  • Section 4 – How is your data collected
  • Section 5 - Where we store your personal data
  • Section 6 – Processing of your personal data
  • Section 7 - Uses made of the information
  • Section 8 – Third party services/Disclosure of your information
  • Section 9 - Email marketing messages & subscription
  • Section 10 – Security
  • Section 11 – Data Retention
  • Section 12 – Cookie Policy
  • Section 13 – Your Individual rights
  • Section 14 - PayPal transactions
  • Section 15 - Changes to our privacy policy
  • Section 16 - Contact

Section 1 - Information we may collect from you

Personal data, or personal information, is any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We collect personal information from you and any devices (including mobile devices) you use when you; use our Services, register for an account with us, provide us information on a web form, update or add information to your account, submit a product review, or when you otherwise correspond with us.

We collect this information either because it is necessary in the performance of a contract with you, or in our legitimate interests to do so or to meet our legal obligations. The information below details the personal data we may collect, use, store and transfer:

Identity Data this includes your first name and last name.

Communication Data the data we use to contact you including your billing address, delivery address, email address and telephone number.

Transaction Data details about transactions you have made on our website including the details of the products you have purchased from us and payments to and from you.

Financial Data the data we use to process your payments for your orders including your payment card details. We do not store or process your card details ourselves, they are processed and stored via one of our contracted third party service providers. We encrypt your payment card details in your browser and securely transfer this data to our relevant third party payment provider to process a payment.

Customer Account Data includes your username (email address) and password, your login data, purchases or orders made by you, and your preferences.

Marketing and Contact preference Data includes your preferences in receiving marketing from us and your preferred method of communication.

Usage Patterns Data includes information about how you use our website, products and services. This includes your browsing patterns and information such as the pages you interact with, duration of visit to the site and its page, the click stream to and from our website, page interaction information such as scrolling, clicks and mouseovers and page response times.

Technological Data details about the device(s) you use to access our website including your internet protocol (IP) address, browser type and version, browser plug-in types and versions, operating system and platform, location, and other technology on the devices you use to access this website.

Aggregated and/or anonymised data (“Aggregated Data”), that which may be derived from your personal data but is not considered personal data in law (as this data does not directly or indirectly reveal your identity), may be collected, used and shared, such as statistical or demographic data, this can be for any purpose. If we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, the combined data would be classed as personal data which will be used in accordance with this Privacy Policy.

You don’t have to give us any of this personal information but if you don’t, you may not be able to buy from the site, and you are unlikely to receive our optimal overall customer experience. But that is your choice and we respect that.

Where we need to collect personal data under the terms of a contract we have with you or by law, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, where you do not provide suitable delivery instructions to provide you with goods or services). In this case, we may have to cancel a product order you have with us but we will notify you if this is the case at the time.

Changes to your information.  It is important that the personal data we hold is current and accurate.  Please inform us of any data changes which occur in the course of our interaction and please review your customer account settings regularly.

Section 2 – Children’s Privacy Protection

Our services are not designed for or targeted at children or those 17 years of age or under.  We do not intentionally collect or maintain data about anyone under the age of 18.

Section 3 – Consent

When you provide us with personal information to complete a transaction, place an order, arrange for a delivery or return a purchase, we imply that you consent to our collecting it and using it for that specific reason only.

If we ask for your personal information for a secondary reason, like marketing, we will always ask you directly for your expressed consent.

If after you opt-in, you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at any time, by emailing us, info@thelittleredberry.co.uk or telephone 01765 602335 or ‘unsubscribing’ to one of our newsletters via mailchimp.

Age of Consent

By using this site, you represent that you are at least the age of majority in your country, state or province of residence, or that you are the age of majority in your country, state or province of residence and you have given us your consent to allow any of your minor dependents to use this site.

Section 4 – How is your data collected

We use different methods to collect data from and about you via;

Direct interactions. You may give us your Identity Data, Communication Data, Transaction Data, Customer account Data, Financial Data and Marketing and Contact Data by using our website, filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you, create an account on our website; purchase a product through our website; join our newsletter (request marketing to be sent to you), enter a competition, or give us feedback.

Automated technologies or interactions. As you interact with our website, we may automatically collect Usage Patterns Data and Technological Data about your equipment, browsing actions and patterns. We achieve this by using cookies, server logs and other similar technologies. Please see Sections 7, 8 and 12 for further details.

Section 5 - Where we store your personal data

Our Website and Online Transactions are handled through SSL-secured servers and sensitive details such as passwords and user details are encrypted to protect your personal information which we store on secured servers in the UK.

Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

For orders placed via third party websites we adhere strictly to the third party privacy policy in that your data is not stored by us.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area ("EEA"). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers or third party providers. Such staff maybe engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably possible to ensure that your data is treated securely afforded sufficient legal safeguards and protection and treated in accordance with this privacy policy. 

Section 6 – Processing of your personal data

Under the GDPR (General Data Protection Regulation) we control and / or process any personal information about you electronically using the following lawful bases.

  • We are exempt from registration in the ICO Data Protection Register because we only process personal data for our core business purposes

We have set out below, in a table format, a description of all the ways we may use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Activity Type of Data Collected Lawful basis for processing

New customer account registration

When you elect to register as a customer of our website and create an account with us.

Identity
Communication
Customer Account

Consent – you have opted in to register as a user.

Performance of a contract with you – we have agreed at your request to provide you with a customer account to improve your customer experience.

You place an order

We process and deliver your order.

This includes;

  • processing your order details
  • the handling of payments, fees and charges
  • arranging delivery
  • notifying you of your order status
  • assisting you with any queries

Identity
Communication
Financial
Transaction
Marketing and Contact Preference

Performance of a contract with you – when you place an order we have a contract to fulfil that order.

Consent – you have chosen to place an order

We may also use some of the data related to your queries for our legitimate interests of ensuring our customer service quality standards are met- this would be an internal process and not involve any third party data transfer

You pay for an order

We receive/refund payment

We do not store or process your card details ourselves but via a third party service provider.

Identity
Communication
Financial
Transaction

Consent – you have chosen to place an order

Performance of a contract with you – when you place an order you have a contract to pay for goods supplied to you.

Necessary for our legitimate interests (to recover debts due to us).

We carry out fraud assessments

Identity
Communication
Financial
Transaction
Technological

Necessary for our legitimate interests of ensuring payments are not fraudulent

We notify you in relation to our legal obligations and documents.

Identity
Communication
Customer Account

Necessary for our legitimate interests of ensuring our customers are updated on these changes.

We administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)

Identity
Communication
Customer Account
Technical

Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise).

We use data analytics to improve our website, products/services, marketing, customer relationships and experiences

Technological
Usage

Necessary for our legitimate interests –  this allows us to keep our website updated and relevant, to develop our business and marketing strategy. Please note that where cookies are used for this purpose, this is covered by our cookie policy..

You help us improve our service to our customers, by leaving a review or taking a survey, or provide customer insights

Identity
Communication
Customer Account
Marketing and Contact Preference

Lawful basis Consent – We will not contact you directly to complete a survey or ask for a review.  The option exists for you to volunteer to do so either via our website or by contacting us directly.  Should you elect to do so we consider this consent to process and utilise the information provided and to contact you.  We would not publicise your personal information

You to partake in a prize draw or competition

Identity
Communication
Customer Account
Usage Patterns
Marketing and Contact Preference

Performance of a contract with you – in order to fulfil the promotion and run the competition/prize draw.

You contact us

Identity
Communication
Customer Account
Usage
Marketing and Contact Preference
Technological

Lawful basis Consent – In contacting us we assume you consent to our utilising your data in order to reply/fulfil your request and that you have contacted us via your preferred means of contact unless otherwise stated.  We would only further process your data with your explicit consent.

We deliver relevant website content, advertisements and other marketing material recommending our goods to you and measure or understand the effectiveness of the advertising we serve to you

Identity
Communication
Customer Account
Usage
Marketing and Contact Preference
Technological

Lawful basis Consent – We will only contact you directly with marketing if you have opted in to receive it.  We do this to improve our customer relationship and inform you of our new products and services in order to grow our business to develop our marketing strategy and to improve our service to you). 

Please note that where cookies are used for this purpose, this is covered by our cookie policy.

Section 7 - Uses made of the information

We use information held about you in the following ways:

  • To ensure that content from our site is presented in the most effective manner for you and for your computer.
  • To provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes.
  • To carry out our obligations arising from any contracts entered into between you and us.
  • To allow you to participate in interactive features of our service, when you choose to do so.
  • To notify you about changes to our service.

With your explicit consent we may also use your data, or permit selected third parties to use your data, to provide you with information about our goods and services which may be of interest to you and we or they may contact you about these by Post or Email.

We do not disclose information about identifiable individuals to our advertisers, but we may provide them with aggregate information about our users (for example, we may inform them that 500 men aged under 30 have clicked on their advertisement on any given day). We may also use such aggregate information to help advertisers reach the kind of audience they want to target (for example, women in SW1). We may make use of the personal data we have collected from you to enable us to comply with our advertisers' wishes by displaying their advertisement to that target audience.

Section 8 – Third party services/Disclosure of your information

We do not, and will not, sell any of your personal data to any third party. We wish to earn and retain your trust and believe this is unquestionably imperative in achieving that.

However, we share and receive your data with the following categories of companies as an essential part of being able to provide our services to you, as set out in this statement:

  • Service Providers: Companies that do things to get your purchases to you, such as payment service providers and delivery companies. Each only receives the data they need to provide the relevant service, and strictly only for that purpose.  Sometimes, other businesses give us data about you which we may need for our legitimate interests of conducting business with you and on occasion they are necessary to perform our contract with you. It usually comprises Financial Data or Transaction Data. This also happens when we link through to third party payment providers. They tell us that you have paid for your products and, where relevant and/or necessary they will provide us with your Contact Data and Transaction Data. We also might engage third party contractors to provide us with technical or delivery services that are related to your account with us.
  • Professional service providers, such as marketing agencies, marketing system providers, advertising partners and website hosts who help us run our business.
  • Professional advisors: such as lawyers and insurers to manage risks and legal claims.  This is in our legitimate interest.

These are the circumstances in which we may share some of your data with others:

  • We may disclose your personal information to any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
  • In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
  • If The Little Red Berry Co or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
  • If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use or terms and conditions of supply and other agreements; or to protect the rights, property, or safety of The Little Red Berry Co our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
  • In the unlikely event that our business assets are ever sold to or purchased by another company (our data records are part of our business). You will receive notice of any such event and we will use our reasonable endeavours to ensure that the new combined entity will follow the practices disclosed in this Privacy Policy.
  • If we are requested by the police or a regulatory or government authority investigating illegal activities to provide information concerning your activities whilst using the network we shall do so.
  • We may provide third parties with aggregated but anonymised information and analytics about our customers for purposes including testing, research or analytics. Before we do so, we will make sure that that the information passed does not personally identify you.

We do not share your details with third parties for any other purpose.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law and they may only use your data for the purposes we specify.  We will always work with them to protect your privacy In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.

However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.

For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.

In particular, remember that certain providers may be located in or have facilities that are located a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.

We work with the following third party providers

Marketing platform MailChimp MailChimps Privacy Policy

Sales platform Not On The High Street Privacy Policy

Sales platform Yumbles Privacy Policy

Payment Provider PayPal PayPal Privacy Policy

Email, cloud storage, website analysis Service Provider Google Google Privacy Policy

Website Services - Cloudflare Privacy & Security Policy

We use:‚Äč

  • Google analytics – Purpose: to analyse website performance etc.
  • Server logs – Purpose: To help prevent DoS (Denial of Service) attacks; for website security and diagnostics
  • Cloudflare – Purpose: The website uses Cloudflare DNS to provide website optimisation and security services

Once you leave our store’s website or are redirected to a third-party website or application, you are no longer governed by this Privacy Policy or our website’s Terms of Service.

Links

Our site may, from time to time, also contain links to and from the websites of our partner networks, advertisers and affiliates such as social media.. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

Section 9 - Email marketing messages & subscription

Under the GDPR we use the consent lawful basis for anyone subscribing to our newsletter or marketing mailing list. We only collect certain data about you, as detailed in the "Processing of your personal data" above. Any email marketing messages we send are done so through an EMS, email marketing service provider. An EMS is a third party service provider of software / applications that allows marketers to send out email marketing campaigns to a list of users.

Email marketing messages that we send may contain tracking beacons / tracked clickable links or similar server technologies in order to track subscriber activity within email marketing messages. Where used, such marketing messages may record a range of data such as; times, dates, I.P addresses, opens, clicks, forwards, geographic and demographic data. Such data, within its limitations will show the activity each subscriber made for that email campaign.

Any email marketing messages we send are in accordance with the GDPR and the PECR. We provide you with an easy method to withdraw your consent (unsubscribe) or manage your preferences / the information we hold about you at any time. See any marketing messages for instructions on how to unsubscribe or manage your preferences, you can also unsubscribe from all MailChimp lists, by following this link, otherwise contact the EMS provider.

Our EMS provider is; MailChimp. We hold the following information about you within our EMS system;

  • Email address
  • I.P address
  • Subscription time & date
  • Name

Section 10 – Security

To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.  We ensure the security of any personal information we hold by using secure data storage technologies and precise procedures in how we store, access and manage that information. Our methods meet the GDPR compliance requirement.

Section  11 – Data Retention

We will only retain your personal data for as long as necessary to meet the purposes we collected it for.  This includes for the purposes of satisfying any legal, accounting, or reporting requirements.  When considering the retention we examine the nature and sensitivity, risk of potential harm from unauthorised use, amount, the purpose for which that data was granted to us and if we can achieve that purpose in another manner as well as the applicable legal requirements.  For example, your order details will be retained post fulfilment to comply with legal requirements this is usually seven years unless prescribed longer by law.

Section 12 – Cookie Policy

Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site.  We do this by placing a small text file on your device / computer hard drive to track how you use the website, to record or log whether you have seen particular messages that we display, to keep you logged into the website where applicable, to display relevant adverts or content, referred to you by third party website.

Some cookies are required to enjoy and use the full functionality of this website.  These include those required to log into the website, place an item in your basket or make a transaction.  Without cookies you will be limited to browsing and unable to buy any products.

We consider that in visiting this website with your browser settings adjusted to accept cookies you consent to our using cookies as outlined below.

We use Google analytics - to identify unique clients on the website

We use OpenCart - to track logged in users.

We use Cloudflare -  to apply security settings on a per-client basis to help us optimise and protect this site they may place a cookie in your browser to help it provide its services.

Some cookies will be saved for specific time periods, where others may last indefinitely. Your web browser should provide you with the controls to manage and delete cookies from your device, please see your web browser options.

Section 13 – Your Individual rights

Under the GDPR your rights are as follows. You can read more about your rights in details here;

  • the right to be informed; this privacy policy
  • the right of access; to receive a copy of the personal data we hold about you and check we are processing it lawfully. If you hold a customer account then most of your information will be visible there.
  • the right to rectification; You can request correction of personal data we hold by contacting us or amending your customer account.
  • the right to erasure; You have the right to request we delete and cease processing your personal data where we have no justification for processing and you consider we no longer require it for the fulfilment of the purpose for which it were provided, where you now withdraw your consent or where you have exercised your right to object to processing.  There may be specific legal reasons why we are unable to comply with these requests in such circumstances you would be notified at the time of request.
  • the right to restrict processing; you can request we suspend processing your information if you wish in order to establish the accuracy of the data, where its use is unlawful but you do not want it erased or if you require us to hold it for longer than usual for legal reason, where you object to its use but we seek to verify the legitimacy of such a claim.
  • the right to data portability;  you can request we transfer your data provided to us with consent or in order to perform a contract to you or a third party we will do this in a pragmatic machine readable format. 
  • the right to object; as you feel processing impacts on your fundamental rights and freedoms or we are processing for the purpose of direct marketing and you wish to withdraw your consent

and

  • the right not to be subject to automated decision-making including profiling.

You can also exercise these rights at any time by contacting us at Unit 3C & 3D, Sycamore Business Park, Dishforth Road, Copt Hewick, Ripon, HG4 5DF or info@thelittleredberry.co.uk.  Please mark any correspondence FAO DPO.

Whilst we would endeavour to satisfy your rights or resolve any complaints internally you also have the right to complain to the ICO [www.ico.org.uk] if you feel there is a problem with the way we are handling your data.

We handle subject access requests in accordance with the GDPR.

Section 14 - PayPal transactions

In addition to the above, all PayPal transactions undertaken by The Little Red Berry Co and or their customers are also subject to the PayPal Privacy Policy current at the time of payment (full details of which can be found on the PayPal website) and include but are not limited to the following with regard to any personal data processed by PayPal and The Little Red Berry Co in connection with this Agreement. PayPal and The Little Red Berry Co will respectively each be a controller in respect of such processing. PayPal and The Little Red Berry Co agree to comply with the requirements of the Data Protection Laws applicable to controllers in respect of the provision of their respective services and otherwise in connection with this Agreement. For the avoidance of doubt, PayPal and The Little Red Berry Co each have their own, independently determined privacy policies, notices and procedures for the personal data they hold and are each a data controller (and not joint data controllers). In complying with the Data Protection Laws, PayPal and The Little Red Berry Co shall, without limitation:

  1. implement and maintain at all times all appropriate security measures in relation to the processing of personal data;
  2. maintain a record of all processing activities carried out under this Agreement; and
  3. not knowingly do anything or permit anything to be done which might lead to a breach by the other party of the Data Protection Laws.

Section 15 - Changes to our privacy policy

We reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it.

Section 16 - Contact

If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information questions, comments and requests regarding this privacy policy are welcomed and should be addressed to Unit 3C & 3D, Sycamore Business Park, Dishforth Road, Copt Hewick, Ripon, HG4 5DF or info@thelittleredberry.co.uk .