We take data protection and information security very seriously. The effective management of all personal data, including security and confidentiality, is the heart of our business and naturally underpins our practices and processes.
This privacy notice informs you about the type, scope and purpose of the processing of personal data we collect, use and process as a part of our website and its functions and content as well as our external online presences, such as our Social Media Profiles (the “Services”).
This notice applies to you, the User of our Services and us the provider of the Services and governs the processing of your personal data in context of our Services and business.
This Policy last updated on 10 March 2021.
Name and contact details of the responsible person:
Bramble and Blossom LTD
Church Farmhouse Chapel Lane,
Long Marston, Tring,
United Kingdom, HP23 4QT
Company number 11894125
Bramble and Blossom proceeds with all data processing procedures (e.g. collection, processing and transmission) in accordance with the statutory provisions of the UK`s Data Protection Act 2018 and in line with Regulation (EU) 2016/679 (General Data Protection Regulation). The following provides you with an overview of the type of data collected and how it is used and passed on, the security measures Bramble and Blossom takes to protect your data and how you can exercise your rights.
Data Subject Rights
You have a number of ‘Data Subject Rights’ below is some information on what they are and how you can exercise them. There is more information on each right on the Information Commissioners (ICO) website and you can simply follow the links provided to learn more.
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
Where the processing of your personal information is based on consent, you have the right to withdraw that consent without detriment at any time by contacting us.
The above rights may be limited in some circumstances, for example, if fulfilling your request would reveal personal information about another person, if you ask us to delete information which we are required to have by law, or if we have compelling legitimate interests to keep it. We will let you know if that is the case and will then only use your information for these purposes. You may also be unable to continue using our services if you want us to stop processing your personal information.
We encourage you to get in touch if you have any concerns with how we collect or use your personal information. You do however also have the right to lodge a complaint directly with the ICO, their contact details can be found on their website.
Please direct all requests for information, requests for information or objections to data processing to us.
Collection, use and storage of personal data
When you use the online offer, Bramble and Blossom collects different data from you, partly also so-called personal data. This is information that relates to an identified or identifiable natural person (hereinafter "data subject").
Visiting the Bramble and Blossom website in general
When visiting Bramble and Blossom website, you transmit data to our web server (due to technical necessity) via your internet browser. The following data is recorded during an ongoing connection for communication between your internet browser and our web server:
Date and time of the request
Name of the requested file
Page from which the file was requested
Access status (file transferred, file not found, etc.)
Web browser and operating system used
complete IP address of the requesting computer
amount of data transferred
For reasons of technical security, in particular to defend against attempted attacks on our web server, this data is stored by us for a short period of time. It is not possible for us to draw conclusions about individual persons on the basis of this data.
The legal basis for the storage is Article 6 lit. f) GDPR.
Further personal information is only collected if you provide it voluntarily, for example in the context of an enquiry or registration. Depending on the area concerned, Bramble and Blossom uses the personal data provided by you to answer your enquiries, to process your order and for the purpose of technical administration of the websites. In detail, the use in the respective areas follows as follows:
When you place an order in our online shop, we store the following information in order to fulfil the contract concluded between you and Bramble and Blossom or to carry out pre-contractual measures in accordance with Article 6 lit. b) GDPR:
- a) Order without setting up a customer account
When placing an order in the online shop, all data necessary for execution and processing are requested by means of mandatory fields: Your full name, your e-mail address, your address (billing address and, if applicable, different delivery address). Your data will only be used to process your order.
- b) Customer account / registration
It is also possible for you to register for your purchase at Bramble and Blossom. For this purpose, you can choose a password together with your e-mail address, both of which will enable you to log in more easily without having to enter your data again when you make a purchase at a later date. Bramble and Blossom stores the data you enter to set up a customer account through which your orders are recorded, executed and processed. Bramble and Blossom will hold your data for further orders as long as you maintain your registration. You have the right to access, correct or delete your registration data at any time.
- c) Retention of order data
If you submit data to Bramble and Blossom for an order, your data will be stored for as long as necessary for the processing of the purchase and mandatory according to the legal retention periods. The extended storage for the fulfillment of the storage obligations is carried out according to article 6 lit. c) GDPR.
If you contact us, the data you provide will be stored so that your message can be forwarded to the correct contact person. This is done in accordance with Article 6 lit. b) GDPR to process your request. Your data provided via a contact form will not be used for any other purposes, in particular not for advertising.
Disclosure and deletion of personal data
Visiting the Bramble and Blossom website
The data stored during the mere visit of the Bramble and Blossom website will not be passed on to third parties.
Your personal data will only be passed on to third parties within the scope of the online shop if it is necessary for the purpose of processing the contract, for accounting purposes or for the collection of the payment and processing your payment via ShopPay, GooglePay and PayPal and our forwarder Royal Mail.
All your data collected on the Bramble and Blossom website for the purpose of market research will be used exclusively for Bramble and Blossom internal purposes and will not be passed on to third parties. They will be deleted when their knowledge is no longer necessary for market research.
Transfer to authorities and other public bodies
Your data will only be disclosed to third parties outside the Bramble and Blossom if the responsible public authority or governmental institution orders the disclosure in an individual case, in which case Bramble and Blossom is obliged to do so.
General technical organisational measures
The Bramble and Blossom website is behind a software firewall to prevent access from other networks connected to the Internet. In addition, only employees who need the information to perform a specific job are granted access to personally identifiable information. These employees are trained in security and privacy practices and treat your information confidentially.
Secure data transmission
The transmission of your personal information during an order transaction in the online shop is encrypted using industry standard Secure Socket Layer ("SSL") technology, (SSL encryption version 3).
Credit card information
Any credit card information you provide will not be stored by Bramble and Blossom, but will be encrypted and collected directly from the payment service provider (ShopPay, GooglePay and PayPal) via hypertext transfer protocol secure ("https").
You should never disclose your password for accessing our customer portal to any third party and you should change it regularly. If you want to leave your customer account in the online shop, you should press the logout and close your browser to prevent anyone from gaining unauthorised access to it.
Online presence in social media
We maintain online presences within social media on the basis of our legitimate interests as defined in Art. 6 para. 1 lit. f. GDPR, we maintain online presences within social networks and platforms in order to be able to communicate with the customers, interested parties and users active there and to inform them about our services there. When calling up the respective networks and platforms, the terms and conditions and data processing guidelines of their respective operators apply.
Unless otherwise stated in our data protection declaration, we process the data of users if they communicate with us within the social networks and platforms, e.g. write posts on our online presences or send us messages.
Automated Decision Making and profiling
Automated decision making is not used at Bramble and Blossom.
Processing of special categories of data
No special categories data is processed.
Our Service is not intended for children and we do not knowingly collect data relating to children.
The Supervisory Authority
The Information Commissioner’s Office (ICO) in the UK is the for us relevant authority in matters of data protection. You have the right to make a complaint at any time to the ICO (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
Economic Analyses and Market Research
In order to run our business economically, to identify market trends, customer and user wishes, we analyse the data available to us on business transactions, contracts, enquiries, etc. In doing so, we process inventory data, communication data, contract data, payment data, usage data, metadata, whereby the persons concerned include customers, interested parties, business partners, visitors and users of the online offer. The analyses are carried out for the purposes of business management evaluations, marketing and market research.
In doing so, we may take into account the profiles of registered users with details, for example, of their purchasing transactions. The analyses serve us to increase user-friendliness, to optimise our offer and business efficiency and are not disclosed externally, unless they are anonymous analyses with summarised values.
If these analyses or profiles are personal, they will be deleted or made anonymous upon termination by the user, otherwise after two years from conclusion of the contract. In all other respects, the macroeconomic analyses and general trend determinations are prepared anonymously wherever possible.
Subscribers of our newsletter
As a recipient of our newsletter, we store your e-mail address, as well as further information about the newsletter you have received (category, any frequency setting, time of cancellation) and about your usage behaviour on our offers. You can unsubscribe from these emails at any time by clicking on a corresponding link in the newsletter. Our Newsletter is provided by Mailite Lite and Shopify email services.
Integration Of Services And Contents Of Third Parties
We use within our online offer on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR), we use content or services offered by third-party providers in order to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as "content").
This always requires that the third-party providers of this content are aware of the IP address of the user, since without the IP address they could not send the content to their browser. The IP address is thus required for the display of this content. We endeavor to use only such content whose respective providers use the IP address only for the delivery of the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online offer, as well as be linked to such information from other sources.
The following presentation provides an overview of third-party providers and their content, along with links to their data protection policies, which contain further information on the processing of data and, in part already mentioned here.
We use social plugins of the social networks facebook, twitter, instagram When you call up a page that contains such a plugin, your browser establishes a direct connection to the relevant providers server. The plugin transmits log data to the provider. This log data may contain your IP address, the address of the visited websites that also contain specific functions, type and settings of the browser, date and time of the request, your usage of the provider as well as cookies.
For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us using the details provided.