Website Privacy Notice

Community Products (UK) Ltd.

  1. IntroductionBoy in the woods

This Privacy Notice sets out how we, the Community Products group of companies (collectively “Community Products”, "we", "us", and "ours") collect and use information about you or from which you can be identified ("Personal Information") through our Websites, the internet, e-mail, text and other means of electronic communications.

Children Under the Age of 16: Our Websites are not intended for, nor do we knowingly collect personal data from children under 16. No one under age 16 may provide any Personal Information to our Websites. If we learn that we have collected or received Personal Information from a child under 16 without verification of parental consent, we will delete that information with immediate effect. If you believe we might have any Personal Information from or about a child under 16, please contact us at dataprivacy@communityproducts.co.uk.

  1. Our Websites

The Websites (collectively our "Websites") operated by Community Products, include:

 

  1. Sources of personal data

We use different methods to collect personal data from and about you including through:

  1. Direct interactions. You may give us your contact or identity by filling in forms or by corresponding with us by post, phone, blogs and email or otherwise.
  2. Automated technologies or interactions. As you interact with our website, we may automatically collect technical data about your equipment (such as your IP address, operating system and browser), browsing actions and patterns (such as traffic data, location data, logs, and other communication data and the resources that you access and use on our Websites). We collect this personal data by using cookies and other similar technologies. We may also receive technical data about you if you visit other websites employing our cookies. For more information, see our Cookie statement.
  3. Third party sources. We may receive personal data about you from analytics providers such as Google based outside the EU.
  4. Personal Information that we collect

We may collect, use, store and transfer different kinds of personal data about you, which we have grouped together, as follows:

  1. Identity Data,which includes your first name, last name, title, date of birth and gender.
  2. Contact Data,which includes your billing address, delivery address, email address and telephone numbers.
  3. Technical Data,which includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
  4. Profile Data,which includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses. All credit card processing is outsourced to Cybersource. No credit card information is stored by us at any time. Cybersource’s privacy policy can be accessed here.
  5. Usage Data,which includes information about how you use our website, products and services.
  6. Marketing and Communications Data, which includes your preferences in receiving marketing from us and our third parties and your communication preferences.

We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

  1. Our use of your Personal Information

Our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it.

We will normally collect personal information from you only where we have your consent to do so, where we need the personal information to perform a contract with you (for example, when providing our products), or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to process personal information about you, or may need to process personal information in order to exercise, establish or defend legal claims.

If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as the possible consequences, if any,  if you do not provide your personal information).

If you have questions about or need further information concerning the legal basis on which we collect and use your personal information (including any legitimate interests relied upon), please send an email to dataprivacy@communityproducts.co.uk

  1. Disclosures

 We may disclose your Personal Information:

  • To our subsidiaries and other entities associated with Community Products which provide us e.g. with administrative and IT resources.
  • To our business partners, such as contractors, service providers and other third parties we use to provide products to you, support our Websites or to process data on our behalf. For example, we would disclose your shipping address to the shipping company that delivers products that you order.
  • To courts, government bodies and law enforcement agencies to comply with comply with any court order, legal obligation or legal process, including to respond to any government or regulatory request.
  • To enforce or apply our Terms of Use and other agreements.
  • For any other purpose that you consent to or is obvious at the time when you provide information to us or prior to a disclosure being made.
  • If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Community Products, our visitors, or others.

Some of the recipients of these disclosures may be located outside the European Economic Area. See below under 8 (International transfers of data).

  1. Security

We employ reasonable security measures consistent with standard industry practice to protect against the loss, misuse, alteration, destruction of or unauthorized access to Personal Information. For instance, access to our databases containing Personal Information is restricted to authorized staff and access is audited for security purposes. Customer account information and activity is protected through the use of usernames and passwords. To protect your information, you should keep your username and password confidential.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

  1. Your rights

The GDPR provides you with certain rights in relation to the processing of your personal data, including to:

  1. Request access to personal data about you (commonly known as a “data subject access request”).
  2. Request rectification, correction, or updating to any of the personal data that we hold about you.
  3. Request personal data provided by you to be transferred in machine-readable format (“data portability”), to the extent applicable in the business relationship context.
  4. Request erasure of personal data.
  5. Request the restriction of processing of your personal data.
  6. Object to the processing of your personal data in certain circumstances.
  7. Withdraw your consent where we may rely on your consent to process your personal data.

 

These rights are not absolute and are subject to various conditions under:

  • applicable data protection and privacy legislation; and
  • the laws and regulations to which we are subject.

To exercise any of these rights, please email us at dataprivacy@communityproducts.co.uk

  1. International transfers of data

Many of our external third parties are based outside the European Economic Area (“EEA”) so their processing of your personal data will involve a transfer of data outside the EEA.
 
If and when transferring your personal data outside the EEA (which consists of EU member states and Iceland, Lichtenstein and Norway), we will only do so using one of the following safeguards:

  1. the transfer is to a non-EEA country which has an adequacy decision by the European Commission.
  2. the transfer is covered by a contractual agreement, which covers the GDPR requirements relating to transfers to countries outside the EEA.
  3. the transfer is to an organisation which has Binding Corporate Rules approved by an EU data protection authority.
  4. the transfer is to an organisation in the US that is EU-US Privacy Shield certified.

 

  1. Other Websites

Our Websites may contain links to other Websites which are outside our control and are not covered by this Privacy Notice. If you access other sites using the links provided, the operators of these sites may collect information from you which will be used by them in accordance with their privacy policy, which may differ from ours.

  1. Changes to this Privacy Notice

From time to time we may update this Privacy Notice. When we do we will publish the changes on our Websites. If you do not agree to these changes, please do not continue to use our Websites. If material changes are made to this Privacy Notice, we will notify you by placing a prominent notice on the Website.

  1. Contact information

If you have any questions about this privacy Notice or our approach to privacy, contact us at:

Email: dataprivacy@communityproducts.co.uk

Community Products (UK) Ltd
Brightling Road
Robertsbridge
East Sussex TN32 5DR

Telephone: 01580 883 310