1.0 Data Collection
We do not sell products or provide services to children, nor do we market to children. If you are under the age of 18 you are not permitted to use our website, or access our products or services through any other available channel.
We may collect and process the following data about you:
1.1 Information you give us
Information that you provide by filling in forms on our site https://www.elfbar.co.uk/, (our site(s)) or information provided to us by you via phone, e-mail or otherwise. This includes information provided at the time of registering to use our site, subscribing to our service, surveys, placing an order with us when you report a problem with our site and any details of transactions you carry out through our site and of the fulfilment of your orders. This will typically include name, email, address, comments, date of birth, gender, feedback, marketing opinions, competition entries. We do not store payment card information.
If you have apply for a role to work at Flavour Warehouse or any of our group companies, information you provide and information that we gather through the interview and assessment process will be used to assess your suitability for opportunities with our Company. You may be asked to provide equal opportunities information. This is not mandatory information – and it will not affect your application if you do not provide this. This information will be used to produce and monitor equal opportunities statistics. If you are unsuccessful following assessment for the position you have applied for, we may retain your details in our talent pool for a period of up to two years so we can contact you should any suitable opportunities arise and for recruitment monitoring.
1.2 Information we collect about you
We collect information when you interact with us, including when you visit our website, visit our store or in correspondence with us. In particular, we collect the following data:
Details of your visits to our site including the full Uniform Resource Locators (URL), but not limited to, traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise and the resources that you access.
Internet protocol (IP) address used to connect your computer to the Internet. Including where available your IP address, operating system and browser type and time zone setting. IP addresses are not linked to personally identifiable information.
CCTV. We use CCTV in our premises for the prevention and detection of crime and for safety and security reasons.
If there is an incident, we log information about it
If you post information online about us or provide feedback, we keep a record of this.
1.3 Information from 3rd Parties
We use information available from certain 3rd parties as detailed in this policy.
2.0 Data Use.
We use information held about you in the following ways:
2.1 To fulfil a contract we have with you
When you buy or request something from us, we will use your information to fulfil our contract with you.
This will include, tools to determine whether or not to grant you access to the site or to allow you to purchase products from the site by undertaking searches with 3rd party age verification service for the purposes of verifying your identity and age. To do so other 3rd party age verification service may check the details you supply against any particulars on any database (public or otherwise to which they have access). They may also use your details in the future to assist other companies for verification purposes. A record of the search will be retained.
2.2 To pursue our legitimate interest
Our legitimate interests include keeping our records up to date, fulfilling our legal, compliance and contractual duties, working out which of our products and services may interest you, improving our site and apps, and services, developing new products and services, and telling you about them and conducting market research or general marketing activities. To run and promote our business, we use your information
To provide and improve our products and services and to respond to you if you contact us.
To record communications including incoming and outgoing calls and emails, for staff training, quality improvement and establishing facts to deal with complaints or issues that you may raise.
To notify you about changes to our products or service, changes to our site or others changes which might otherwise affect you.
To provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about.
To identify visitors to our sites including any social media platforms or online services including capturing information where you post any comments in order to contact you and to use it to improve our products or services.
To understand you better as a customer by analysing your transactions and other information you provide to us or which we learn through your interactions with us.
To provide you, or permit selected third parties to provide you, with information about goods or services we feel may interest you. If you are an existing customer, we will only contact you by electronic means (e-mail or SMS) with information about goods and services similar to those which were the subject of a previous sale or negotiations of a sale to you.
To administer our site and for internal operations, including troubleshooting, data analysis, testing, market research, statistical and survey purposes.
To allow you to participate in interactive features of our service, when you choose to do so.
To prevent, investigate and/or report fraud, terrorism, misrepresentation, security incidents or crime, including where we are required to do so by law, we:
Monitor transactions, review CCTV, record communications including incoming and outgoing calls and emails
Use other organisations to review information such as validity of card/payment information and/or age verification
To comply with law, assess and uphold legal or contractual rights and claims, and for monitoring, auditing and training on compliance matters:
We may pass information to our insurers
We monitor transactions, review CCTV, record communications including incoming and outgoing calls and emails
We verify identity including age.
We keep records to comply with health and safety legislation, logging incidents.
2.3 When you consent to it
If you are a new customer, and where we permit selected third parties to use your data, we (or they) will contact you by electronic means if you have consented to this.
Use data for other purposes where we explain that purpose when we ask for your consent.
When you give consent, you are able to withdraw consent at any time by sending an email to email@example.com. If you do so we can only continue to use your data if another legal basis applies, such as when we’re required to do something by law.
2.4 To comply with the law
When the law requires us to process your data, we will do so. This can include:
Legal, compliance, regulatory and investigative purposes, including for government agencies and law enforcement.
When you exercise your rights under data protection legislation, including when you ask to unsubscribe from our marketing communications.
3.0 Data Transfer
We hold your data within the EU, but we may need to transfer your personal information outside of the country in which we collected or obtained it, including outside the European Economic Area or to an international organisation. It may be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff maybe engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing.
Where we transfer your personal information outside the European Economic Area, the country to which it is transferred will either be subject to an adequacy decision by the European Commission, or if not (or if we transfer your personal information to an international organisation), we will ensure that the transfer takes place on the basis of one or more of the following:
Standard data protection clauses adopted by the European Commission or adopted by the Information Commissioner’s Office and approved by the European Commission in accordance with relevant law;
Where you have given explicit consent to the proposed transfer, after having been informed of the possible risks of such transfers for the data subject due to the absence of an adequacy decision and appropriate safeguards;
Where the transfer is necessary for the conclusion or performance of a contract concluded in the interest of the data subject between the controller and another natural or legal person;
4.0 Data Security and Retention
All information you provide to us is stored on our secure servers. We use reasonable efforts to ensure that data is accurate, complete, current, and reliable for its intended use. We use appropriate technical and organisational measures and safeguards to help protect your personal data from unauthorised access, misuse, alteration, or loss, which will include but is not limited to: Physical measures such as locking away of confidential material and IT equipment, secure offices, key card access etc., and I.T. measures such as password access to hardware and systems. Our internal policies and procedures are designed to help ensure we safeguard the privacy and accuracy of all data we collect or process. To the extent that we disclose personal data to clients or third parties, we request that they properly protect the security and confidentiality of such information and otherwise process such data in accordance with applicable law.
Any payment transactions will be made using Sagepay or Paypal.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
We will generally keep your personal data for no longer than ten years, after which it will be destroyed if it is no longer required for the purpose(s) for which it was obtained. CCTV data is typically stored for a period of up to 30 days unless required for longer due to an incident.
5.0 Your Rights
This policy provides you with information about how we use your data. You have the right to obtain access to your personal data (including for the purpose of portability and transfer to another entity); to have it updated or corrected if it is inaccurate or incomplete; to request that we restrict its processing; to withdraw consent that has previously been provided or remove your data entirely from our system. When asked to remove a record from our database, we will retain minimal information to ensure we do not contact you or collect such information again. Whilst every effort will be made to not contact you under these circumstances, where your information is available from a third party, we cannot guarantee this.
If you don’t wish us to hold any data on you or would prefer that we do not contact you for any reason, please contact us at firstname.lastname@example.org
We do not charge a fee for the processing of a subject access request, however reserve the right to charge a fee if you request further copies following a request. We will normally respond to requests within 30 days of receipt.
If you have any questions, comments or requests please contact us at email@example.com
6.0 Statement Updates
We may occasionally update this statement and any updates we make to our privacy statement in the future will be posted on this page. This policy was last updated on 20 February 2020.