The Little Red Berry Co ("We") are committed to protecting and respecting your privacy. We do not, and will not, sell any of your personal data to any third party; we wish to earn and retain your trust and believe this is unquestionably imperative in achieving that.
For the purpose of the Data Protection Act 1998 (the Act) and GDPR, the data controller is The Little Red Berry Company Ltd of Unit 3C & 3D, Sycamore Business Park, Dishforth Road, Copt Hewick, Ripon, HG4 5DF.
Policy key definitions:
- "I", "our", "us", or "we" refer to the business, [The Little Red Berry Co].
- "you", "the user" refer to the person(s) using this website.
- GDPR means General Data Protection Act.
- PECR means Privacy & Electronic Communications Regulation.
- ICO means Information Commissioner's Office.
- Cookies mean small files stored on a user’s computer or device.
- Section 1 - Information we may collect from you
- Section 2 – Children’s Privacy Protection
- Section 3 – Consent
- Section 4 – How is your data collected
- Section 5 - Where we store your personal data
- Section 6 – Processing of your personal data
- Section 7 - Uses made of the information
- Section 8 – Third party services/Disclosure of your information
- Section 9 - Email marketing messages & subscription
- Section 10 – Security
- Section 11 – Data Retention
- Section 13 – Your Individual rights
- Section 14 - PayPal transactions
- Section 16 - Contact
Section 1 - Information we may collect from you
Personal data, or personal information, is any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We collect personal information from you and any devices (including mobile devices) you use when you; use our Services, register for an account with us, provide us information on a web form, update or add information to your account, submit a product review, or when you otherwise correspond with us.
We collect this information either because it is necessary in the performance of a contract with you, or in our legitimate interests to do so or to meet our legal obligations. The information below details the personal data we may collect, use, store and transfer:
Identity Data this includes your first name and last name.
Communication Data the data we use to contact you including your billing address, delivery address, email address and telephone number.
Transaction Data details about transactions you have made on our website including the details of the products you have purchased from us and payments to and from you.
Financial Data the data we use to process your payments for your orders including your payment card details. We do not store or process your card details ourselves, they are processed and stored via one of our contracted third party service providers. We encrypt your payment card details in your browser and securely transfer this data to our relevant third party payment provider to process a payment.
Customer Account Data includes your username (email address) and password, your login data, purchases or orders made by you, and your preferences.
Marketing and Contact preference Data includes your preferences in receiving marketing from us and your preferred method of communication.
Usage Patterns Data includes information about how you use our website, products and services. This includes your browsing patterns and information such as the pages you interact with, duration of visit to the site and its page, the click stream to and from our website, page interaction information such as scrolling, clicks and mouseovers and page response times.
Technological Data details about the device(s) you use to access our website including your internet protocol (IP) address, browser type and version, browser plug-in types and versions, operating system and platform, location, and other technology on the devices you use to access this website.
You don’t have to give us any of this personal information but if you don’t, you may not be able to buy from the site, and you are unlikely to receive our optimal overall customer experience. But that is your choice and we respect that.
Where we need to collect personal data under the terms of a contract we have with you or by law, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, where you do not provide suitable delivery instructions to provide you with goods or services). In this case, we may have to cancel a product order you have with us but we will notify you if this is the case at the time.
Changes to your information. It is important that the personal data we hold is current and accurate. Please inform us of any data changes which occur in the course of our interaction and please review your customer account settings regularly.
Section 2 – Children’s Privacy Protection
Our services are not designed for or targeted at children or those 17 years of age or under. We do not intentionally collect or maintain data about anyone under the age of 18.
Section 3 – Consent
When you provide us with personal information to complete a transaction, place an order, arrange for a delivery or return a purchase, we imply that you consent to our collecting it and using it for that specific reason only.
If we ask for your personal information for a secondary reason, like marketing, we will always ask you directly for your expressed consent.
If after you opt-in, you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at any time, by emailing us, email@example.com or telephone 01765 602335 or ‘unsubscribing’ to one of our newsletters via mailchimp.
Age of Consent
By using this site, you represent that you are at least the age of majority in your country, state or province of residence, or that you are the age of majority in your country, state or province of residence and you have given us your consent to allow any of your minor dependents to use this site.
Section 4 – How is your data collected
We use different methods to collect data from and about you via;
Direct interactions. You may give us your Identity Data, Communication Data, Transaction Data, Customer account Data, Financial Data and Marketing and Contact Data by using our website, filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you, create an account on our website; purchase a product through our website; join our newsletter (request marketing to be sent to you), enter a competition, or give us feedback.
Automated technologies or interactions. As you interact with our website, we may automatically collect Usage Patterns Data and Technological Data about your equipment, browsing actions and patterns. We achieve this by using cookies, server logs and other similar technologies. Please see Sections 7, 8 and 12 for further details.
Section 5 - Where we store your personal data
Our Website and Online Transactions are handled through SSL-secured servers and sensitive details such as passwords and user details are encrypted to protect your personal information which we store on secured servers in the UK.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Section 6 – Processing of your personal data
Under the GDPR (General Data Protection Regulation) we control and / or process any personal information about you electronically using the following lawful bases.
- We are exempt from registration in the ICO Data Protection Register because we only process personal data for our core business purposes
We have set out below, in a table format, a description of all the ways we may use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
|Activity||Type of Data Collected||Lawful basis for processing|
New customer account registration
When you elect to register as a customer of our website and create an account with us.
Consent – you have opted in to register as a user.
Performance of a contract with you – we have agreed at your request to provide you with a customer account to improve your customer experience.
You place an order
We process and deliver your order.
Performance of a contract with you – when you place an order we have a contract to fulfil that order.
Consent – you have chosen to place an order
We may also use some of the data related to your queries for our legitimate interests of ensuring our customer service quality standards are met- this would be an internal process and not involve any third party data transfer
You pay for an order
We receive/refund payment
We do not store or process your card details ourselves but via a third party service provider.
Consent – you have chosen to place an order
Performance of a contract with you – when you place an order you have a contract to pay for goods supplied to you.
Necessary for our legitimate interests (to recover debts due to us).
We carry out fraud assessments
Necessary for our legitimate interests of ensuring payments are not fraudulent
We notify you in relation to our legal obligations and documents.
Necessary for our legitimate interests of ensuring our customers are updated on these changes.
We administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)
Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise).
We use data analytics to improve our website, products/services, marketing, customer relationships and experiences
You help us improve our service to our customers, by leaving a review or taking a survey, or provide customer insights
Lawful basis Consent – We will not contact you directly to complete a survey or ask for a review. The option exists for you to volunteer to do so either via our website or by contacting us directly. Should you elect to do so we consider this consent to process and utilise the information provided and to contact you. We would not publicise your personal information
You to partake in a prize draw or competition
Performance of a contract with you – in order to fulfil the promotion and run the competition/prize draw.
You contact us
Lawful basis Consent – In contacting us we assume you consent to our utilising your data in order to reply/fulfil your request and that you have contacted us via your preferred means of contact unless otherwise stated. We would only further process your data with your explicit consent.
We deliver relevant website content, advertisements and other marketing material recommending our goods to you and measure or understand the effectiveness of the advertising we serve to you
Lawful basis Consent – We will only contact you directly with marketing if you have opted in to receive it. We do this to improve our customer relationship and inform you of our new products and services in order to grow our business to develop our marketing strategy and to improve our service to you).
Section 7 - Uses made of the information
We use information held about you in the following ways:
- To ensure that content from our site is presented in the most effective manner for you and for your computer.
- To provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes.
- To carry out our obligations arising from any contracts entered into between you and us.
- To allow you to participate in interactive features of our service, when you choose to do so.
- To notify you about changes to our service.
With your explicit consent we may also use your data, or permit selected third parties to use your data, to provide you with information about our goods and services which may be of interest to you and we or they may contact you about these by Post or Email.
We do not disclose information about identifiable individuals to our advertisers, but we may provide them with aggregate information about our users (for example, we may inform them that 500 men aged under 30 have clicked on their advertisement on any given day). We may also use such aggregate information to help advertisers reach the kind of audience they want to target (for example, women in SW1). We may make use of the personal data we have collected from you to enable us to comply with our advertisers' wishes by displaying their advertisement to that target audience.
Section 8 – Third party services/Disclosure of your information
We do not, and will not, sell any of your personal data to any third party. We wish to earn and retain your trust and believe this is unquestionably imperative in achieving that.
However, we share and receive your data with the following categories of companies as an essential part of being able to provide our services to you, as set out in this statement:
- Service Providers: Companies that do things to get your purchases to you, such as payment service providers and delivery companies. Each only receives the data they need to provide the relevant service, and strictly only for that purpose. Sometimes, other businesses give us data about you which we may need for our legitimate interests of conducting business with you and on occasion they are necessary to perform our contract with you. It usually comprises Financial Data or Transaction Data. This also happens when we link through to third party payment providers. They tell us that you have paid for your products and, where relevant and/or necessary they will provide us with your Contact Data and Transaction Data. We also might engage third party contractors to provide us with technical or delivery services that are related to your account with us.
- Professional service providers, such as marketing agencies, marketing system providers, advertising partners and website hosts who help us run our business.
- Professional advisors: such as lawyers and insurers to manage risks and legal claims. This is in our legitimate interest.
These are the circumstances in which we may share some of your data with others:
- We may disclose your personal information to any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
- In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
- If The Little Red Berry Co or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
- If we are requested by the police or a regulatory or government authority investigating illegal activities to provide information concerning your activities whilst using the network we shall do so.
- We may provide third parties with aggregated but anonymised information and analytics about our customers for purposes including testing, research or analytics. Before we do so, we will make sure that that the information passed does not personally identify you.
We do not share your details with third parties for any other purpose.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law and they may only use your data for the purposes we specify. We will always work with them to protect your privacy In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.
However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.
For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.
In particular, remember that certain providers may be located in or have facilities that are located a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
We work with the following third party providers
Website Services - Cloudflare Privacy & Security Policy
- Google analytics – Purpose: to analyse website performance etc.
- Server logs – Purpose: To help prevent DoS (Denial of Service) attacks; for website security and diagnostics
- Cloudflare – Purpose: The website uses Cloudflare DNS to provide website optimisation and security services
Our site may, from time to time, also contain links to and from the websites of our partner networks, advertisers and affiliates such as social media.. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Section 9 - Email marketing messages & subscription
Under the GDPR we use the consent lawful basis for anyone subscribing to our newsletter or marketing mailing list. We only collect certain data about you, as detailed in the "Processing of your personal data" above. Any email marketing messages we send are done so through an EMS, email marketing service provider. An EMS is a third party service provider of software / applications that allows marketers to send out email marketing campaigns to a list of users.
Email marketing messages that we send may contain tracking beacons / tracked clickable links or similar server technologies in order to track subscriber activity within email marketing messages. Where used, such marketing messages may record a range of data such as; times, dates, I.P addresses, opens, clicks, forwards, geographic and demographic data. Such data, within its limitations will show the activity each subscriber made for that email campaign.
Any email marketing messages we send are in accordance with the GDPR and the PECR. We provide you with an easy method to withdraw your consent (unsubscribe) or manage your preferences / the information we hold about you at any time. See any marketing messages for instructions on how to unsubscribe or manage your preferences, you can also unsubscribe from all MailChimp lists, by following this link, otherwise contact the EMS provider.
Our EMS provider is; MailChimp. We hold the following information about you within our EMS system;
- Email address
- I.P address
- Subscription time & date
Section 10 – Security
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed. We ensure the security of any personal information we hold by using secure data storage technologies and precise procedures in how we store, access and manage that information. Our methods meet the GDPR compliance requirement.
Section 11 – Data Retention
We will only retain your personal data for as long as necessary to meet the purposes we collected it for. This includes for the purposes of satisfying any legal, accounting, or reporting requirements. When considering the retention we examine the nature and sensitivity, risk of potential harm from unauthorised use, amount, the purpose for which that data was granted to us and if we can achieve that purpose in another manner as well as the applicable legal requirements. For example, your order details will be retained post fulfilment to comply with legal requirements this is usually seven years unless prescribed longer by law.
Some cookies are required to enjoy and use the full functionality of this website. These include those required to log into the website, place an item in your basket or make a transaction. Without cookies you will be limited to browsing and unable to buy any products.
We consider that in visiting this website with your browser settings adjusted to accept cookies you consent to our using cookies as outlined below.
We use Google analytics - to identify unique clients on the website
We use OpenCart - to track logged in users.
We use Cloudflare - to apply security settings on a per-client basis to help us optimise and protect this site they may place a cookie in your browser to help it provide its services.
Some cookies will be saved for specific time periods, where others may last indefinitely. Your web browser should provide you with the controls to manage and delete cookies from your device, please see your web browser options.
Section 13 – Your Individual rights
Under the GDPR your rights are as follows. You can read more about your rights in details here;
- the right of access; to receive a copy of the personal data we hold about you and check we are processing it lawfully. If you hold a customer account then most of your information will be visible there.
- the right to rectification; You can request correction of personal data we hold by contacting us or amending your customer account.
- the right to erasure; You have the right to request we delete and cease processing your personal data where we have no justification for processing and you consider we no longer require it for the fulfilment of the purpose for which it were provided, where you now withdraw your consent or where you have exercised your right to object to processing. There may be specific legal reasons why we are unable to comply with these requests in such circumstances you would be notified at the time of request.
- the right to restrict processing; you can request we suspend processing your information if you wish in order to establish the accuracy of the data, where its use is unlawful but you do not want it erased or if you require us to hold it for longer than usual for legal reason, where you object to its use but we seek to verify the legitimacy of such a claim.
- the right to data portability; you can request we transfer your data provided to us with consent or in order to perform a contract to you or a third party we will do this in a pragmatic machine readable format.
- the right to object; as you feel processing impacts on your fundamental rights and freedoms or we are processing for the purpose of direct marketing and you wish to withdraw your consent
- the right not to be subject to automated decision-making including profiling.
You can also exercise these rights at any time by contacting us at Unit 3C & 3D, Sycamore Business Park, Dishforth Road, Copt Hewick, Ripon, HG4 5DF or firstname.lastname@example.org. Please mark any correspondence FAO DPO.
Whilst we would endeavour to satisfy your rights or resolve any complaints internally you also have the right to complain to the ICO [www.ico.org.uk] if you feel there is a problem with the way we are handling your data.
We handle subject access requests in accordance with the GDPR.
Section 14 - PayPal transactions
- implement and maintain at all times all appropriate security measures in relation to the processing of personal data;
- maintain a record of all processing activities carried out under this Agreement; and
- not knowingly do anything or permit anything to be done which might lead to a breach by the other party of the Data Protection Laws.
Section 16 - Contact