Commitment to the protection and security of personal information is of paramount importance to us.
The purpose of this Policy is to inform you about our privacy practices and to ensure that you understand the purposes for which we collect and process your personal data. The following is a brief summary of our privacy practices.
This Policy does not apply to any data insofar as it is held, processed, disclosed or published in a form which cannot be linked to a living individual (such as anonymised data, aggregated data, or coded data which, in a given form, cannot effectively be used to extract your personal data) ("Anonymised and Aggregated Data"). We reserve the right to generate Anonymised and Aggregated Data extracted out of any databases containing your personal data and to make such use as we see fit of any such Anonymised and Aggregated Data.
Questions and complaints
If you have any questions or wish to make any complaint in relation to our use of your data, please contact us via customer services using the following email address email@example.com
The type of information we collect and how we collect data
Account information: Information about your account can be found on our Terms and Conditions. To place and order you can create an account. To create an account, you are asked to submit details such as name, email address and telephone number, a password you create, and details of your method of payment.
Information given by Users: this includes information that we may ask Users to provide from time to time for research processes, quality control and to improve the Service. For example, we may collect such information through direct correspondence, surveys, other activities through the website etc.
Device and Browsing Information: From time to time, we may use automatic data collection technologies to collect data for research, development and statistical purposes. This data includes but is not limited to data regarding the products that were recommended to you, products that you chose to purchase, other aspects of our website or other aspects of the Service. We may monitor browsing actions or usage patterns by Users, such as external sites you visit just before or after using our Services and information about your internet connection or device ID, such as your operating system or IP address.
How we use your data and why
We want to give you the best possible customer experience. To ensure we do this, we collect and process your personal data for the following purposes:
• to meet our obligations to you in fulfilling your order. If we don’t collect your personal data during checkout, we won’t be able to process your order and comply with our legal obligations.
• to respond to your queries, refund requests and complaints. The data we hold enables us to respond, and we may keep a record of these to inform any future communication with us. We do this on the basis of our contractual obligations to you, our legal obligations and our legitimate interest in providing you with the best service.
• to manage your account and with your consent, communicate with you including by sending you promotional offers or other marketing information or to invite you to participate in surveys, questionnaires or research projects. You can opt out of promotional communications through your account.
• to send you relevant personalised communications by post in relation to updates, offers or products. We’ll do this on the basis of our legitimate business interest.
• for research and development purposes in order to improve or personalise our website and to help us understand our customers and how our services are used;
• to aggregate data and to anonymise or depersonalise data to allow it to be used for statistical and research purposes;
• to meet our legal obligations and the regulatory requirements to which we are subject, for loss prevention purposes and to protect and enforce our rights and meet our obligations to third parties;
• for our internal business purposes such as keeping records of our communications with you, compiling statistical data, and performing analytics relating to the use of the website.
The lawful basis for processing users’ personal data
‘The law on data protection sets out a number of different reasons for which a company may collect and process your personal data. The processing of your Personal Data is lawful on the basis of the following:
• your express consent, where you consent for us to process your data for the purpose of receiving the Service; for example when you tick a box to receive our newsletter
• the fulfilment of our contractual obligations to you in accordance with our subscription terms & conditions; for example to deliver your order we’ll collect your address details to deliver your purchase and pass these on our courier
• the pursuit of our legitimate interests including, amongst others:
• selling and supplying goods to our customers
• understanding our customers’ behaviour, activities, preferences and needs, improving existing products and developing new products
• promoting, marketing and advertising our products
• protecting the security or integrity of our databases or the website,
• protecting our business or reputation, taking precautions against legal liability, protecting and defending our rights or property, or for resolving disputes, investigating and attending to inquiries or complaints with respect to your account with Buyxshop.
• For example we will use your purchase history to send you or make available personalised offers. We can also combine the shopping history of many customers to identify trends and develop new products. We will also use your address details to send you direct marketing information by post telling you about products and services that we think might interest you.
When do we disclose your personal data to third parties?
We share your personal data with our subcontractors, service providers, representatives and agents that provide services to us or act for or on our behalf (“Related Parties”). Personal data is shared with Related Parties only for the purpose of fulfilling your order, maintaining and improving the website and related purposes.
We ensure that such Related Parties do not use your personal data for any other purposes, that they do not disclose it to any other third parties and that they do not retain copies of your personal data except as necessary to provide services to us or to our Users or as may be required by law. We require Related Parties to protect personal data of our Users that is received from us from unauthorised access, corruption or loss.
Examples of cases where personal data may be shared with Related Parties are set out below:
• Related Parties that we use to assist us in fulfilling your order (including administration services, technical services relating to the maintenance, servicing and upgrading of the website hosting and cloud computing services, data migration and analytical services, marketing and customer service, payment processing services, and other outsourced services);
• Related Parties that help us to test, monitor, improve and develop our service;
• Related Parties that help us compile, aggregate and analyse personal data in order to produce Anonymised and Aggregated Data that we use to enhance our service.
• Related Parties that help us perform analytical studies and research. We will not disclose the results of such analysis or research to third parties or publish it except in the form of Anonymised and Aggregated Data.
Other circumstances in which your personal data may be used or disclosed include the following:
• if we believe that such disclosure is reasonably necessary to enforce or apply our terms and conditions or to protect our rights, property, the safety or integrity of our services, software or products;
• to protect Buyxshop against abuse or unauthorised access and to protect the personal data of our Users in general;
• where necessary to satisfy a legitimate request or order of a government body, public authority, regulator or enforcement agency, in response to a third-party subpoena (if on legal advice such response is required) or otherwise as provided by law or required by any court of competent jurisdiction or any regulatory authority acting under statutory powers; or if necessary to defend us or our subscribers (for example, in a lawsuit).
We will fully co-operate with regulators, law enforcement agencies and other authorities to identify anyone who uses our products, service or software for illegal activities. We reserve the right to report to regulators and law enforcement agencies any activities that are believed to be unlawful.
How do we protect your personal data?
We use a range of technical and organisational measures to protect your personal data including the following:
• we only collect and maintain personal data insofar as is necessary for the proper functioning of the Service;
• we limit and control access to records of personal data to members of staff and Related Parties that require such access to perform their duties and services, through passwords, variable log-in rights and other technical and organisational access controls;
• we apply security measures (including as part of the cloud services we use and when using the services of Related Parties to process your data) including encryption, firewalls and physical security for our servers and information centres.
• we ensure confidentiality obligations are put in place when dealing with our Related Parties and other third parties;
• we avoid the collection or storage of personal data when it is unnecessary or for longer than reasonably needed or legally permitted or required and erase it (or anonymise it) once we no longer need it or are no longer required to keep it as personal data;
• User’s account details are held in our records for as long as the User maintains his or her account. The data is erased when the User’s account is closed down;
• data collected from monitoring Users’ use of the website is aggregated and anonymised before we share it with third parties.
We ask that you do not share your account password or log-in credentials with anyone. Please contact Customer Services immediately if you suspect unauthorised use of your account.
How to access, edit or delete your information
You can contact our Customer Services team (firstname.lastname@example.org) to request access to, edit or delete any personal information you have provided to us. We cannot guarantee we will be able to grant a request to change information, for example, if we believe granting such a request would violate the law or cause the information to be incorrect. It may not be possible to retrieve, remove or correct data from any database where the data had been de-identified and/or aggregated.
Your legal rights
Users have the following legal rights in respect of their Personal Data:
1. The right to require us to advise you of the categories of your personal data that we process, the purpose of any such processing, the identity of third parties who receive your data from us, the period for which your personal data is stored and whether any automated decision-making processes are being used in relation to your personal data. You also have the right to ask for a copy of your personal data records;
2. The right to require us to rectify inaccurate personal data records;
3. The right to request the erasure of your personal data records. You have the right to require us to erase your personal data records where:
a) the data is no longer necessary in relation to the purpose for which it was collected, such as where you choose to close your account (in which case, it is our policy to delete your data even without your request);
b) where the processing of the data is based on your consent and such consent is withdrawn (provided that the other circumstances described in the sections ‘When do we disclose your personal data to third parties?’ and ‘Lawful basis for processing users’ personal data’ above no longer apply); or
c) you object to the processing of your data and there are no overriding legitimate grounds for justifying the data processing;
4. The right to restrict the processing of your personal data in certain circumstances (for example, where an objection has been raised and is being investigated); and
5. The right to object to the processing of your data in certain circumstances.
Links to third party sites and social media services
If we make changes to the Policy, the new version will be posted on the Service. We may change, modify, add or remove portions of this Policy at any time, and any changes will become effective immediately upon being posted unless stated otherwise.