Privacy Policy

Introduction
Baby Brands Direct has always viewed the management of personal data belonging to its customers to be a valuable privilege and is dedicated to ensuring that this information is well protected and is also committed to respecting your privacy.
In order for us to provide you with the products and services you have requested from us, we need to collect and process certain personal data about you. This collective information also helps us to ensure we continue to provide an award winning service to the nursery wholesale sector.
We acknowledge the importance of our transparency in your desire to understand how your information will be handled and used. This Privacy Notice explains in detail the types of personal data we may collect about you when you interact with us, how we store and handle that data, keep it safe and your rights.
We may need to update this Privacy Notice from time to time and request you refer to it as necessary.
Who Are We?
Baby Brands Direct Ltd is registered company number 3910525 with registered address Unit 20 Belvue Business Centre, Belvue Road, Northolt, Middlesex, UB5 5QQ. You can find out more about us here. When you are using the Baby Brands Direct website, Baby Brands Direct Ltd is the data controller.
Legal Bases We Rely On
Data protection law allows us to use your personal data provided we have acceptable reasons for doing so. The law sets out a number of different reasons for which a company may collect and process your personal data, including:
  1. Consent - In specific situations, we can collect and process your data with your consent. For example, when you tick a box to receive marketing e-mails or notifications.
  2. Contractual obligations - In certain circumstances, we need your personal data to comply with our contractual obligations. For example, if you order from us well collect your address details to deliver the order and pass them to our courier.
  3. Legal compliance - If the law requires us to, we may need to collect and process your data. F or example, we can pass on details of people involved in fraud or other criminal activity to law enforcement.
  4. Legitimate interest – This is where we have a business or commercial reason to use your information. Your data may be used to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests. For example we will use your purchase history to send you or make available personalised offers and important information. We also combine the shopping history of many customers to identify trends and ensure we can keep up with demand and or source new products or brands.
When do we collect personal data?
Information about other individuals
If you provide us with personal information about someone else, you are responsible for ensuring that you comply with any obligation and consent obligations under applicable data protection laws in relation to such disclosure. In so far as required by applicable data protection laws, you must ensure that you have provided the required notices and have obtained the individual’s explicit consent to provide us with the information and that you explain to them how we collect, use, disclose and retain their personal information or direct them to read our Privacy Notice. If you give us information about others (such as in the case of drop shipping) you confirm that the other third party person has appointed you to act on his/her behalf. This is also relevant where others are concerned if you indeed ask another person to act on your behalf as a third party.
Under the third party authorisation, the other person can:
Such authorisation will remain in place until this has been revoked through written communication.
What sort of personal data do we collect?
How and why do we use your personal data?
We want to give you the best possible customer experience and one way to achieve that is to get the richest picture we can of our retailers by combining the data we have about you. We then use this to offer you promotions, products and services that are most likely to interest you. The data privacy law allows this as part of our legitimate interest in understanding our customers and providing the highest levels of service. However, if you wish to change how we use your data, you can refer to the details in the ‘What are my rights?’ section below.
Please note that if you choose not to share your personal data with us, or refuse certain contact permissions through the contact preference centre, we might not be able to provide some services you’ve asked for such as informing you of when a product is back in stock, updates on product price changes, stock due dates on your backorders.
Here’s how we’ll use your data and why:
How we protect your personal data?
Security of our website is of utmost importance to us. Our site uses software to provide high level ‘https’ encryption technology to secure access to all areas of our website.
In addition, your sensitive data including business trading details and login password are kept encrypted within our database.
Your data is housed in an IL4 and ISO-accredited, ultra-secure data centre based in the UK with guaranteed data sovereignty. Our supplier is government approved through the G-Cloud 9 framework. It provides secure hosting certified to ISO 27001 (ensuring the security of our own and your data, certifying that information security is taken seriously across the business operations). It is also certified ISO 27018 (providing secure public cloud computing environments for the protection of Personally Identifiable Information (PII), which complements much of the data processing responsibilities set out by the GDPR in its aims to protect personal data in addition to EU requirements). These independently audited processes and infrastructure give the highest levels of security to support our IT systems for data security and verifies the robust security practices employed within our data centers and operations.
We regularly monitor our system for possible vulnerabilities and attacks, and take necessary steps to identify and continue to further strengthen security.
Access to your personal data is IP restricted as well as password-protected, and sensitive data (such as payment card information) is secured and tokenized to ensure it is further protected.
Security of your information is also your responsibility, always be wary of emails asking for personal or security details. We will never ask you to disclose or confirm sensitive personal or security information, including your password or credit card information by e-mail. Please do not send any sensitive information, such as passwords or credit card information, via email. In addition, where you have created a password to access certain parts of our website, you are responsible for keeping it confidential and safe; we further ask that you do not to share your password with anyone.
How long will we keep your personal data?
Whenever we collect or process your personal data, we’ll only keep it for as long as is reasonable and feasible for the purpose for which it was collected.
At the end of that retention period, your data will be deleted completely or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning. If you wish to use your account after this time, you will need to register for a new account.
For unsuccessful account applications, data will be kept for a period of 6months in respect of the case that there is an update to the applicant’s trading conditions and to allow time to submit this information.
For a maximum of three years from date of registration, if you have never placed an order or request within that time the account be closed the data retention will end - unless you are in contact during that time to keep it open.
After you place your first order, we’ll keep the personal data you give us for a period of ten years from the date of your last order so that we can comply with our legal and contractual obligations, accommodate technical reasons and respond to any enquiries.
Who do we share your personal data with?
We do not sell your personal data to third parties. We sometimes share your personal data with trusted third parties such as delivery couriers, manufacturers we work with, necessary bodies for fraud management and companies you ask us to share your data with.
Here’s the policy we apply to those organisations to keep your data safe and protect your privacy: 
Examples of the kind of third parties we work with are:
Sharing your data with third parties for their own purposes:
If you live outside the UK
By using our services or providing your personal data to us, you expressly consent to the processing of your personal data by us or on our behalf. Sometimes we’ll need to transfer your personal data between countries to enable us to supply the goods or services you’ve requested. In the ordinary course of business, we may transfer your personal data from your country of residence to ourselves and to third parties located in the UK.
By dealing with us, you are giving your consent to this overseas use, transfer and disclosure of your personal data outside your country of residence for our ordinary business purposes. This may occur because our information technology storage facilities and servers are located outside your country of residence, and could include storage of your personal data on servers in the UK.
We’ll ensure that reasonable steps are taken to prevent third parties outside your country of residence using your personal data in any way that’s not set out in this Privacy Notice. We’ll also make sure we adequately protect the confidentiality and privacy of your personal data.
We’ll ensure that any third parties process your personal data only in accordance with their legitimate interests. These third parties may be subject to different laws from those which apply in your country of residence. Please note that we do not take active steps to ensure that any overseas recipient of your personal data complies with the laws which apply in your country.
Where your personal data may be processed
Sometimes we will need to share your personal data with third parties and suppliers outside the European Economic Area (EEA). For example, in the case of international orders, in order to fulfil delivery of your order we may need to pass your details to transport companies operating outside the EEA.
What are your rights over your personal data?
Overview of rights including request to:
You can contact us to request to exercise these rights at any time as follows: 
The Data Protection Officer, Baby Brands Direct Ltd, Unit 20, Belvue Business Centre, Belvue Road, Northolt, Middlesex, UB5 5QQ, or e-mail sales@babybrandsdirect.co.uk FAO Data Protection Officer. To ask for your information to be amended please update your online account or contact our customer services team. 
Your right to withdraw consent
Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent. A full withdrawal will involve closing your account and not being able to place any future orders. Please note there may be official requirements such as accounting compliance reasons why we cannot delete all data from your account immediately.
Where we rely on our legitimate interest
In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.
Direct marketing
You have the right to stop the use of your personal data for direct marketing activity through all channels, or selected channels. There are several ways you can stop direct marketing communications from us:
Please note that you may continue to receive communications for a short period after changing your preferences while our systems update.
Checking your identity
To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Notice. 
If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.
Third party links
If you follow a link from our website, application or service to another site or service, this Privacy Notice will no longer apply. We are not responsible for the information handling practices of third party sites or services and we encourage you to read the privacy notices appearing on those sites or services. 
Our website, blog, applications or services may enable you to share information with social media sites, or use social media sites to create your account or to connect your social media account. Those social media sites may automatically provide us with access to certain personal information retained by them about you (for example any content you have viewed). You should be able to manage your privacy settings from within your own third party social media account(s) to manage what personal information you enable us to access from that account.