Looking after your personal information is very important to us. We want you to be confident that your personal data is held securely and that it is used solely for the purpose of providing an excellent shopping experience.
This policy has been written to help you understand how and why Big Orbit Cards collects personal information from you, who we share this information with and why; also what your rights are with regard to your personal data.
- What information we collect
- How we use your information
- Who we share your information with and why
- How we protect your information
- How long we keep your information
- What are your rights
- Why we ask for confirmation of age
- Integration of the Trusted Shops Trustbadge
- Third party links
What information we collect
When you buy from us you are entering in to a contract. You will need to set up a Big Orbit Cards account before ordering, and so that we can set this up we ask you to provide the following personal information:
- Full name
- Email address
- Confirmation that you are 16 or over
We collect the minimum amount of information to allow us to practically and legally process your order.
How we use your information
The General Data Protection Regulation (GDPR) states that we are only permitted to use and share your personal data where we have a proper reason to do so. The law says we must have one or more of the following reasons:
Contract fulfilment - your personal information is processed in order to complete a sale / order.
Legitimate interests - Big Orbit Cards' interest in managing our business to allow us to provide you with excellent service in a secure and responsible way.
Consent – you agree to us using your information in a certain way e.g. sending our newsletter.
Legal obligation – where there is statutory or other legal requirement to share the information e.g. when we have to share your information for law enforcement purposes.
The following list details various ways in which we may use your personal information, attributing the reason described above we rely on to do so in each case. Where legitimate interest is listed as a reason, we follow this with a description of what we believe these legitimate interests to be.
- Account set-up - Legitimate interest: Necessary for account set-up, as requested by customer.
- Process your orders - Contract fulfilment.
- Order status update notification - Legitimate interest: Required to provide quality customer service.
- Account management - Legal obligation/Legitimate interest: Enable us to keep our records up to date.
- Customer service - Legal obligation/Legitimate interest: Allowing efficient handling of customer contact.
- Website personalisation and administration - Legitimate interest: Improving customer interaction with our site.
- Marketing communication - Legitimate interests: Informing customers of products and promotions that attract and retain customers. Improving customer interaction with our site.
- Customer satisfaction surveys/market research - Legitimate interest: Allows us to understand our customers and to develop the business in such a way that meets customer needs.
- Demand forecasting, management information and research - Legitimate interest: We use aggregated data regarding shopping habits, products bought and sales volumes, to help us to respond to demand and to help us plan our range.
- Aiding law enforcement agencies - Legal obligation/Legitimate interest: Providing information to law enforcement agencies on request.
Who we share your information with and why
We work with a number of trusted businesses in order to provide you the excellent service you expect from us. These include delivery companies, payment processing companies and marketing companies, details below:
Delivery Partners (Royal Mail and DPD)
In order for you to receive your order, we work with Royal Mail and DPD. We only pass information required for them to deliver your items and when appropriate to allow you to track your delivery.
Payment processing (Worldpay)
We pass your name and address information to our trusted third party payment processing provider, Worldpay, in order to securely take payments.
Marketing Companies (MailChimp & Trusted Shops)
We work with marketing companies who help us manage our electronic communications with you and to carry out surveys and reviews on our behalf.
How long we keep your information
When we collect your personal information, the length of time we retain it for is determined by a number of factors, including the purpose for which we use that information and our obligations under the law.
We require your personal information for accountancy purposes and to allow us to support you as a customer. For these purposes, we retain personal information for at least 7 years. Exceptions to this are listed below:
- We are required by law to hold your personal information for a longer or shorter period.
- You exercise your right to have the information erased (where applicable) and we do not need to retain it for any permitted reason or where by law we are required to continue to hold it.
What are your rights
You are entitled to make the following requests of Big Orbit Cards; these are your Data Subject Rights. To exercise these rights please email firstname.lastname@example.org or call 01386 513015 and ask to speak to the Data Officer.
- Right of access: you may request access to the personal information we hold and information about how we process it
- Right to rectification: your right to have your personal information corrected if it is inaccurate and to have incomplete personal information completed
- Right to erasure (also known as the Right to be Forgotten): your right to have your personal information erased
- Right to restriction of processing: your right to restrict processing of your personal information
- Right to data portability: your right to electronically move, copy or transfer your personal information in a standard form
- Right to object: your right to object to processing of your personal information
You have the right to complain to a data protection regulator in Europe, generally in the country you work or live or where your legal rights have been infringed. In the United Kingdom this is the Information Commissioner’s Office (ICO) and their contact details are available on their website: www.ico.org.uk. We would ask that you contact us in the first instance and we will work to actively resolve any issues or concerns you might have.
Why we ask for confirmation of age
Under the General Data Protection Regulation (GDPR) - in the European Union a person may only provide consent for their data to be processed if they are aged sixteen years or older.
How do we protect your information?
We implement a variety of security measures to maintain the safety of your personal information when you place an order or enter, submit, or access your personal information.
We offer the use of a secure server. All supplied sensitive information is transmitted via Secure Socket Layer (SSL) technology and then encrypted into our payment gateway providers' database, only to be accessible by those authorized with special access rights to such systems, and are required to keep the information confidential.
Yes. Cookies are small files that a site or its service provider transfers to your computers' hard drive through your Web browser (if you allow) that enables the sites or service providers systems to recognize your browser and capture and remember certain information.
Integration of the Trusted Shops Trustbadge
We have integrated the Trusted Shops Trustbadge on this website in order to display our Trusted Shops Trustmark and offer the Trusted Shops membership to customers after placing an order.
This serves the protection of our legitimate interests in the optimal marketing of our offer according to art. 6 (1) 1 lit f GDPR that are overriding in the process of balancing of interests. The Trustbadge and the advertised trust badge services are offered by Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne, Germany.
With every use of the Trustbadge, the web server automatically saves a so-called server log file which contains e.g. your IP address, the date and time of the request, the volume of data transferred and the requesting provider (access data), and documents the request. Those access data are not analysed and are automatically overwritten no later than seven days after the end of your website visit.
Other personal data are transferred to Trusted Shops only if you decide to use or have already registered to use Trusted Shops products after placing an order. In such a case, the contract concluded between you and Trusted Shops applies.
Third party links
Occasionally, at our discretion, we may include or offer third party products or services on our website. These third party sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.
This policy was last modified on 22.05.2018