1. WHO WE ARE AND IMPORTANT INFORMATION
Boundless Beads, Unit 3, The Craftyard, The Bridge, Aiskew, N.Yorks, DL8 1BZ, UK
i[email protected] Telephone: +44 (0)1677 425544
2. THE PERSONAL DATA WE COLLECT ABOUT YOU
To process orders, we collect, names, addresses and phone numbers, for the purpose of fulfilling customer orders. We do not collect any financial data. We store transaction data, between Boundless Beads and its clients, alongside details of products that clients have purchased from Boundless Beads.
We store customer IP addresses, login data and the device type used to perform the transaction.
We store customer user names and passwords, customer purchase history and customer feedback.
We store Marketing and Communications, in the form of your preferences in receiving marketing newsletters from Boundless Beads.
3. HOW WE COLLECT YOUR PERSONAL DATA
As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies.
Three cookies are used PHPSESSID, experience identifier and ppc_protection. The PHPSESSID is a standard cookie to help provide the website experience, but it isn’t used to track users on the website. The experience identifier is a unique random identifier given to each visitor to allow us to monitor which pages are visited. Lastly, the ppc_protection cookie is used to prevent click fraud.
The following cookies are also generated by Google Analytics: _ga; _gid; _gat_UA; and gwcc.
If you do not wish to see ads from Boundless Beads you can opt out in several ways:
4. HOW WE USE YOUR PERSONAL DATA
To register you as a new customer
Performance of a contract with you
To process and deliver your order including:
(a) Manage payments, fees and charges
To manage our relationship with you which will include:
(b) Asking you to leave a review or take a survey
(c) Marketing and Communications
(a) Performance of a contract with you
(b) Necessary to comply with a legal obligation
(c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)
To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)
(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
(b) Necessary to comply with a legal obligation
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you
(e) Marketing and Communications
Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)
To use data analytics to improve our website, products/services, marketing, customer relationships and experiences
Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)
To make suggestions and recommendations to you about goods or services that may be of interest to you
Necessary for our legitimate interests (to develop our products/services and grow our business)
5. WHO WE SHARE YOUR PERSONAL DATA WITH
We only share data with our courier (Fedex) to fulfil our contract with you:
6. INTERNATIONAL TRANSFERS
No information shared internationally
7. DATA SECURITY
The site has numerous security measures in place to prevent the loss, misuse and alteration of information under our control such as passwords and firewalls, alongside a separate hardware firewall solution.
We do take data security very seriously and will use all reasonable endeavours to protect the integrity of the information you provide.
The Boundless Beads website has an up to date SSL certificate.
8. DATA RETENTION
For customers whom register and create an account, your personal data will be stored permanently and only removed by request.
For customers whom check out as a guest, your data is deleted after 30 Days.
9. YOUR LEGAL RIGHTS
Each individual client/customer has the following rights over the data we hold on them:
The right of access;
The right to be informed;
The right to rectification;
The right to erasure;
The right to restriction of processing;
Rights related to automated decision making (including profiling);
The right to object to processing; and
Right to data portability.
10. CHANGES TO THIS NOTICE AND YOUR DUTY TO INFORM US OF CHANGES
You should inform us of personal data changes, that would affect our ability to perform our contract with you or communicate with you.
11. QUERIES, REQUESTS OR CONCERNS
For all matters relating to your personal data, please email [email protected]
You also have the right to complain to the ICO www.ico.org.uk if you feel there is a problem with the way we are handling your data.
12. EMAIL MARKETING MESSAGES & SUBSCRIPTION
Under the GDPR we use the consent lawful basis for anyone subscribing to our newsletter or marketing mailing list. We only collect certain data about you, as detailed in the "Processing of your personal date" above. Any email marketing messages we send are done so through an EMS, email marketing service provider. An EMS is a third party service provider of software / applications that allows marketers to send out email marketing campaigns to a list of users.
Email marketing messages that we send may contain tracking beacons / tracked clickable links or similar server technologies in order to track subscriber activity within email marketing messages. where used, such marketing messages may record a range of data such as; times, dates, I.P addresses, opens, clicks, forwards, geographic and demographic data. Such data, within its limitations will show the activity each subscriber made for that email campaign.
Any email marketing messages we send are in accordance with the GDPR and the PECR. We provide you with an easy method to withdraw your consent (unsubscribe) or manage your preferences / the information we hold about you at any time. See any marketing messages for instructions on how to unsubscribe or manage your preferences, otherwise contact the EMS provider.
Our EMS provider is; MAILCHIMP. We hold the following information about you within their EMS system;
(a) Email address
(b) I.P address
(c) Subscription time & date
(d) First name and last name