Baby Brands Direct has always viewed the management of personal data belonging to its customers to be a valuable privilege and is dedicated to ensuring that this information is well protected and is also committed to respecting your privacy.
In order for us to provide you with the products and services you have requested from us, we need to collect and process certain personal data about you. This collective information also helps us to ensure we continue to provide an award winning service to the nursery wholesale sector.
We acknowledge the importance of our transparency in your desire to understand how your information will be handled and used. This Privacy Notice explains in detail the types of personal data we may collect about you when you interact with us, how we store and handle that data, keep it safe and your rights.
We may need to update this Privacy Notice from time to time and request you refer to it as necessary.
Who Are We?
Baby Brands Direct Ltd is registered company number 3910525 with registered address Unit 20 Belvue Business Centre, Belvue Road, Northolt, Middlesex, UB5 5QQ. You can find out more about us here
. When you are using the Baby Brands Direct website, Baby Brands Direct Ltd is the data controller.
Legal Bases We Rely On
Data protection law allows us to use your personal data provided we have acceptable reasons for doing so. The law sets out a number of different reasons for which a company may collect and process your personal data, including:
Consent - In specific situations, we can collect and process your data with your consent. For example, when you tick a box to receive marketing e-mails or notifications.
Contractual obligations - In certain circumstances, we need your personal data to comply with our contractual obligations. For example, if you order from us well collect your address details to deliver the order and pass them to our courier.
Legal compliance - If the law requires us to, we may need to collect and process your data. F or example, we can pass on details of people involved in fraud or other criminal activity to law enforcement.
Legitimate interest – This is where we have a business or commercial reason to use your information. Your data may be used to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests. For example we will use your purchase history to send you or make available personalised offers and important information. We also combine the shopping history of many customers to identify trends and ensure we can keep up with demand and or source new products or brands.
When do we collect personal data?
When you create an application and submit a profile for an account with us
When you use our website
When you fill in any online forms with us e.g. account application, faulty product log, contact us form, competitions
When you make an online purchase and check out
When you contact us by any means with enquiries, queries, order, feedback etc.
When you ask us to email you information about a product, brand, service or order
When you choose to complete any surveys we send you
When you comment on or review any of our services. Any individual may access personal data related to them, including opinions. So if your comment or review includes information about an outsourced service, it may be passed on to them if requested.
When you’ve given a third party permission to share with us the information they hold about you.
Suppliers or similar industry participants that introduce you to us
We collect data from publicly available sources such as Companies House, Google maps or where the information is made public as a matter of law (to verify trade)
When you engage with us on social media
When you use our car park which has CCTV systems operated for the security of the Company and visitors. These systems may record your image during your visit.
Information about other individuals
If you provide us with personal information about someone else, you are responsible for ensuring that you comply with any obligation and consent obligations under applicable data protection laws in relation to such disclosure. In so far as required by applicable data protection laws, you must ensure that you have provided the required notices and have obtained the individual’s explicit consent to provide us with the information and that you explain to them how we collect, use, disclose and retain their personal information or direct them to read our Privacy Notice. If you give us information about others (such as in the case of drop shipping) you confirm that the other third party person has appointed you to act on his/her behalf. This is also relevant where others are concerned if you indeed ask another person to act on your behalf as a third party.
Under the third party authorisation, the other person can:
Such authorisation will remain in place until this has been revoked through written communication.
What sort of personal data do we collect?
Your Company name, account holder title, name, e-mail address, billing and delivery address, telephone number, company registration number, company VAT number, up to 3 contact names with job position and contact number, registration date with us, type of store, trading history and activities, websites owned, operated or traded on by the company including social media user names. For your security, all of this information as well as your login password are kept encrypted.
Copies of documents you provide to prove your business and legitimate interest in the baby and nursery trade, such as company registration certificate, evidence of correct VAT number, supplier invoice, picture of your store or storage facilities, personal identification.
Details of your interactions with us through contact centres and online. For example, we may record notes from our conversations with you both verbal and through e-mail, details of purchases you made, items viewed or added to your basket, voucher redemptions, brands you show interest in and how and when you contact us. We may also record your calls which will be automatically deleted within 4weeks.
Details of your orders and payment receipts
Your image recorded on CCTV if you visit any of our premises
Any permissions, consents or preferences that you give us. For example order processing preferences, packing requirements, documentation or labelling requirements, your notification preferences on how you want us to contact you.
How and why do we use your personal data?
We want to give you the best possible customer experience and one way to achieve that is to get the richest picture we can of our retailers by combining the data we have about you. We then use this to offer you promotions, products and services that are most likely to interest you. The data privacy law allows this as part of our legitimate interest in understanding our customers and providing the highest levels of service. However, if you wish to change how we use your data, you can refer to the details in the ‘What are my rights?’ section below.
Please note that if you choose not to share your personal data with us, or refuse certain contact permissions through the contact preference centre, we might not be able to provide some services you’ve asked for such as informing you of when a product is back in stock, updates on product price changes, stock due dates on your backorders.
Here’s how we’ll use your data and why:
Where you apply to open an account with us, we check that your business meets the requirements of the terms of supply imposed on us by the manufacturers appointing us for the distribution of their products. This may include verification of the existence of a physical shop, website review and current trading practices.
To be able to communicate by e-mail when you have updated your account details and need help logging in (such as forgot password).
To process any orders that you make by using our website in order to fulfil them and comply with our legal obligations. For example, your details may need to be passed to a third party to supply or deliver the product or service that you ordered and we may keep your details for a reasonable period afterwards in order to fulfil any contractual and accountancy obligations.
We will use your order data to communicate by e-mail important order processing notifications that form part of our contractual terms of trade with you including order confirmation e-mails and dispatch notifications including courier tracking numbers.
We will communicate by e-mail accounting notifications such as payment requests, invoices and credit notes as part of our legitimate business interests in fulfilling each transaction with you.
To respond to your queries, faulty product submissions and refund requests. Handling the information you sent enables us to respond and keep you updated. We may also keep a record of these to inform any future communication with us and to demonstrate how we communicated with you throughout. We also record faulty product logs for identification of potential batch issues and statistical purposes for evaluation of brand performance. We do this on the basis of our contractual obligations to you, our legal obligations and our legitimate interests in providing you with the best service and understanding how we can improve our service based on your experience.
As part of our legitimate business interest we use your data to send you notifications if your loyalty credit scheme is about to lapse in order to remind you to stay in and to advice on relevant rewards gained that are available to spend.
To protect our business and your account from fraud and other illegal activities. This includes using your personal data to maintain, update and safeguard your account. We’ll do all of this as part of our legitimate interest.
To protect our assets, staff and visitors from crime, we operate CCTV systems in our offices, warehouses and property perimeters. If we discover any criminal activity or alleged criminal activity through our use of CCTV, fraud monitoring and suspicious transaction monitoring, we will process this data for the purposes of preventing or detecting unlawful acts. We also use CCTV to track order picking, packing and dispatch and will process the data in the event of an order discrepancy. We do this on the basis of our legitimate business interests.
With your consent, we will use your personal data, preferences and details of your transactions to keep you informed by email, web, text and telephone about relevant products and services including brand and product information, new launches, special offers, discounts, promotions, competitions and so on. You can amend your notification preferences at any time from your account via the ‘contact preference centre’.
To send active purchasers relevant communications, Company catalogue and free samples by post in relation to products, offers and services. We’ll do this on the basis of our legitimate business interest.
To send you communications required by law or which are necessary to inform you about our changes to the products or services we provide you. For example items that have had a public recall.
To develop, test and improve the systems, services and products we provide to you. We’ll do this on the basis of our legitimate business interests. For example, we’ll record your browser’s Session ID or feedback about your experience in order to improve our website.
To comply with our contractual or legal obligations to share data with law enforcement.
To make informed business decisions and understand our retailer types and interests better we will combine our data captured, that from third parties and data from publicly-available lists on the basis of our legitimate business interest.
We will need to share your details with a third party who is providing a service (such as delivery couriers) in order to fulfil your orders.
How we protect your personal data?
Security of our website is of utmost importance to us. Our site uses software to provide high level ‘https’ encryption technology to secure access to all areas of our website.
In addition, your sensitive data including business trading details and login password are kept encrypted within our database.
Your data is housed in an IL4 and ISO-accredited, ultra-secure data centre based in the UK with guaranteed data sovereignty. Our supplier is government approved through the G-Cloud 9 framework. It provides secure hosting certified to ISO 27001 (ensuring the security of our own and your data, certifying that information security is taken seriously across the business operations). It is also certified ISO 27018 (providing secure public cloud computing environments for the protection of Personally Identifiable Information (PII), which complements much of the data processing responsibilities set out by the GDPR in its aims to protect personal data in addition to EU requirements). These independently audited processes and infrastructure give the highest levels of security to support our IT systems for data security and verifies the robust security practices employed within our data centers and operations.
We regularly monitor our system for possible vulnerabilities and attacks, and take necessary steps to identify and continue to further strengthen security.
Access to your personal data is IP restricted as well as password-protected, and sensitive data (such as payment card information) is secured and tokenized to ensure it is further protected.
Security of your information is also your responsibility, always be wary of emails asking for personal or security details. We will never ask you to disclose or confirm sensitive personal or security information, including your password or credit card information by e-mail. Please do not send any sensitive information, such as passwords or credit card information, via email. In addition, where you have created a password to access certain parts of our website, you are responsible for keeping it confidential and safe; we further ask that you do not to share your password with anyone.
How long will we keep your personal data?
Whenever we collect or process your personal data, we’ll only keep it for as long as is reasonable and feasible for the purpose for which it was collected.
At the end of that retention period, your data will be deleted completely or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning. If you wish to use your account after this time, you will need to register for a new account.
For unsuccessful account applications, data will be kept for a period of 6months in respect of the case that there is an update to the applicant’s trading conditions and to allow time to submit this information.
For a maximum of three years from date of registration, if you have never placed an order or request within that time the account be closed the data retention will end - unless you are in contact during that time to keep it open.
After you place your first order, we’ll keep the personal data you give us for a period of ten years from the date of your last order so that we can comply with our legal and contractual obligations, accommodate technical reasons and respond to any enquiries.
Who do we share your personal data with?
We do not sell your personal data to third parties. We sometimes share your personal data with trusted third parties such as delivery couriers, manufacturers we work with, necessary bodies for fraud management and companies you ask us to share your data with.
Here’s the policy we apply to those organisations to keep your data safe and protect your privacy:
We provide only the information they need to perform their specific services.
They may only use your data for the exact purposes we specify in our contract with them.
We work closely with them to ensure that your privacy is respected and protected at all times.
Examples of the kind of third parties we work with are:
Operational companies such as delivery couriers
IT companies who support our website and other business systems
Suppliers for the purpose of due diligence in the distribution of their product and product aftercare
Direct marketing companies who help us manage our electronic communications with you.
Sharing your data with third parties for their own purposes:
For fraud management, we may share information about fraudulent or potentially fraudulent activity in our premises or systems. This may include sharing data about individuals with law enforcement bodies.
We may also be required to disclose your personal data to the police or other enforcement, regulatory or Government body, in your country of origin or elsewhere, upon a valid request to do so. These requests are assessed on a case-by-case basis and take the privacy of our customers into consideration.
We may, from time to time, expand, reduce or sell the Company and this may involve the transfer of divisions or the whole business to new owners. If this happens, your personal data will, where relevant, be transferred to the new owner or controlling party, under the terms of this Privacy Notice.
If you live outside the UK
By using our services or providing your personal data to us, you expressly consent to the processing of your personal data by us or on our behalf. Sometimes we’ll need to transfer your personal data between countries to enable us to supply the goods or services you’ve requested. In the ordinary course of business, we may transfer your personal data from your country of residence to ourselves and to third parties located in the UK.
By dealing with us, you are giving your consent to this overseas use, transfer and disclosure of your personal data outside your country of residence for our ordinary business purposes. This may occur because our information technology storage facilities and servers are located outside your country of residence, and could include storage of your personal data on servers in the UK.
We’ll ensure that reasonable steps are taken to prevent third parties outside your country of residence using your personal data in any way that’s not set out in this Privacy Notice. We’ll also make sure we adequately protect the confidentiality and privacy of your personal data.
We’ll ensure that any third parties process your personal data only in accordance with their legitimate interests. These third parties may be subject to different laws from those which apply in your country of residence. Please note that we do not take active steps to ensure that any overseas recipient of your personal data complies with the laws which apply in your country.
Where your personal data may be processed
Sometimes we will need to share your personal data with third parties and suppliers outside the European Economic Area (EEA). For example, in the case of international orders, in order to fulfil delivery of your order we may need to pass your details to transport companies operating outside the EEA.
What are your rights over your personal data?
Overview of rights including request to:
Access to the personal data we hold about you, free of charge in most cases. Most of this information is already visible to you when you log into your account.
The correction of your personal data when incorrect, out of date or incomplete. Most of this information can be updated by you when you log into your account.
That we stop using your personal data for direct marketing (either through specific channels, or all channels). You can manage this through the contact preference centre when logged into your account.
That we stop any consent-based processing of your personal data after you withdraw that consent.
You can contact us to request to exercise these rights at any time as follows:
The Data Protection Officer, Baby Brands Direct Ltd, Unit 20, Belvue Business Centre, Belvue Road, Northolt, Middlesex, UB5 5QQ, or e-mail email@example.com
FAO Data Protection Officer. To ask for your information to be amended please update your online account or contact our customer services team.
Your right to withdraw consent
Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent. A full withdrawal will involve closing your account and not being able to place any future orders. Please note there may be official requirements such as accounting compliance reasons why we cannot delete all data from your account immediately.
Where we rely on our legitimate interest
In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.
You have the right to stop the use of your personal data for direct marketing activity through all channels, or selected channels. There are several ways you can stop direct marketing communications from us:
Click the ‘unsubscribe’ link in any email communication that we send you. We will then stop any further emails.
Log in to your account, visit the ‘My Account’ area and click on the e-mail preference link to update the ‘marketing e-mails’ by selecting or deselecting the relevant options for each type of e-mail.
Please note that you may continue to receive communications for a short period after changing your preferences while our systems update.
Checking your identity
To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Notice.
If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.
Third party links
If you follow a link from our website, application or service to another site or service, this Privacy Notice will no longer apply. We are not responsible for the information handling practices of third party sites or services and we encourage you to read the privacy notices appearing on those sites or services.
Our website, blog, applications or services may enable you to share information with social media sites, or use social media sites to create your account or to connect your social media account. Those social media sites may automatically provide us with access to certain personal information retained by them about you (for example any content you have viewed). You should be able to manage your privacy settings from within your own third party social media account(s) to manage what personal information you enable us to access from that account.