Privacy Policy

Simply Wedding Gifts is committed to protecting your privacy. We value our visitors and endeavour to create an enjoyable and safe shopping experience when visiting our website.

 

1. INTRODUCTION

Welcome to our privacy policy. In this policy when we say “Simply“, “Simply Wedding Gifts”, “SWG”, “we“, “our" and “us“, we mean BPD Trading Limited which acts as the data controller in respect of your personal data and will therefore be responsible for it. The website at www.simplyweddinggifts.co.uk (“site“) is owned and operated by BPD Trading Limited which is the data controller for the purpose of this policy unless stated otherwise. Our registered address is 30-31 St James Place Mangotsfield, Bristol, BS16 9JB.

If you want to contact us you can email info@simplyweddinggifts.co.uk


2. WHAT IS THIS POLICY FOR?

This policy has been prepared to meet the requirements of the EU General Data Protection Regulation, the UK’s Data Protection Act 2018 and the Privacy and Electronic Communications (EC Directive) Regulations 2003. It explains why we process your personal data, what we do with your personal data, how we look after your personal data and what your rights are over your personal data.

It is important that you read this policy together with any other privacy notice or fair processing notice we may provide at the point of collecting or processing your personal data. This policy supplements those notices and is not intended to override them. Please read it in conjunction with the Terms and Conditions: https://www.simplyweddinggifts.co.uk/terms-conditions/  and any other documents referred to in it (“Terms“).

Our site, products and our services are not intended for use by children and we do not knowingly process personal data relating to children.


3. WHAT PERSONAL DATA DO WE COLLECT?

When we refer to “personal data" we mean information about an individual from which that person can be identified.  This does not include data where the individual’s identity has been removed.

We may collect, use, store and transfer the following types of data:

Contact Data

Full name, postal address, email address and contact telephone numbers.

Transaction Data

The products purchased from us.

Account Data

Your username and password and your security questions and answers (if you have an account with us).

Marketing and Communications Data

Your preferences in receiving marketing as well as your preferred form of communication.

Technical Data

Information about how you use our site (e.g. URL), your internet protocol (IP) address, operating system and platform, browser type and version, time zone setting, location data, information on how long you visit each page, cookie data and other identifying information required for your device to communicate with our site.

We will not necessarily collect all of the above data about you. For example, if you are merely visiting our site then we will usually just collect Technical data about you and your device. If you decide to sign up for newsletters and offers then we will collect Contact, Marketing and Communications data from you. Where you decide to use our service or buy a gift for someone then then we would need to collect the above as well as Transaction and Account data. 

The above data may not always be considered personal data. For example, much of the Technical data we collect is aggregated data, and it is not usually classified as personal data because it does not reveal your identity to us.  If we link aggregated data to your personal information it will be treated as personal data in line with this policy.

We do not process any “special categories" of personal data about you (i.e. information about your race, ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data).                                                                                                                                                                            

We try to be sure that the personal data we hold about you is accurate, and so please get in touch with us if your personal data changes so we can update our records.  You can contact us using the details at the beginning of this policy.


HOW WE COLLECT YOUR DATA

We collect personal data about you from a number of different sources depending on who you are and what personal data it is.  For example, we collect personal data:

  • From you directly
  • From third parties
  • From publicly available sources
  • From your device

 

Cookies

Our site uses cookies to automatically collect data, including personal data, in order to help us improve future functionality and to distinguish you from other users. For more information about the cookies we use on this site, what data they collect and how to block them, please see our Cookie Policy: https://www.simplyweddinggifts.co.uk/cookies/.


HOW WE USE YOUR PERSONAL DATA

We will only use your information where we have a lawful basis to do so.  We set out below how we plan to use your personal data and the lawful basis that we rely on.

Purpose

Types of Data Processed

Lawful Basis of Processing

To contact you

Contact and Account Data.

It is necessary for the performance of a contract, (or potential contract) with you. It is necessary for our legitimate interests. It is necessary to comply with our legal obligations.

To register you as a new customer

Contact and Account Data.

It is necessary for the performance of a contract, (or potential contract) with you. It is necessary for our legitimate interests. It is necessary to comply with our legal obligations.

To manage our relationship with you

Contact, Account, and Transaction Data.

It is necessary for the performance of a contract, (or potential contract) with you. It is necessary for our legitimate interests. It is necessary to comply with our legal obligations.

To market new products / services that we believe may be of interest to you.

Contact, Account, Transaction, Technical, Marketing and Communications data.

It is necessary for our legitimate interests (to develop and grow our business, to study how customers use our site, to inform our marketing strategy) 
With your consent (where marketing is by SMS, letter or email).

To operate our site (e.g. troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data).

Account, Technical, and Transaction Data.

It is necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud). 
It is necessary to comply with our legal obligations.

To improve the products we offer and to carry out internal training.

Technical and Transaction Data.

It is necessary for our legitimate interests (of improving our business and ensuring our staff are trained to a high standard). 
It is necessary to comply with our legal obligations.

To comply with our legal and regulatory obligations and internal corporate governance rules.

Contact, Transaction, Account, Technical, Marketing and Communications Data.

It is necessary for the performance of a contract, (or potential contract) with you. 
It is necessary to comply with our legal obligations.

We may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. If you need details about the specific legal ground we are relying on to process your personal data then please contact us. If we need to process your personal data for a different purpose that is not compatible with the original purpose, then we will let you know.  Please note that we may also process your personal data for a different purpose than listed above and without your consent where it is necessary for us to comply with our legal obligations. 


HOW CAN YOU OPT OUT OF MARKETING?

We only directly market to you by SMS and email where it is legally allowed, for example where you have consented, or where you have purchased (or negotiated to purchase) a product from us and did not chose to opt out. When directly marketing to you we may use a combination of the data we hold about you to form a view on what we think you would be interested in.

We only want to market to those who actually want to hear from us. You can ask us to stop sending you marketing messages at any time by:

  • Selecting the opt-out link on any marketing message sent to you; or
  • Emailing info@simplyweddinggifts.co.uk with your request.

If you do opt-out of marketing from us, please note that we may still need to contact you for reasons other than direct marketing (for example to notify you about your gift list).


WHO IS YOUR DATA SHARED WITH?

We may share your personal data with the following third parties for the purposes set out in the table above:

  • Financial or payment processors where you are trying to arrange a payment to or from us.
  • Contractors who help us to provide you with services, such as IT, cloud, telecommunications, security, client relationship management and system administration services.
  • Marketing, communications, advertising and public relations suppliers.
  • Professional advisers, such as auditors, accountants and solicitors.
  • Our Group Companies and ultimate shareholders.
  • HM Revenue & Customs, National Crime Agency, local authorities, law enforcement agencies, regulators and other authorities (both inside the UK and outside of the UK).
  • Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them.  If a change happens to our business, the new owners may use your personal data in the same way as set out in this policy.


International transfers of your personal data

We may share your personal data with (or provide access to) third parties that are based outside of the European Economic Area (EEA).  Whilst most of our suppliers are based in the EEA, we do use suppliers located outside, including in the United States of America and India.

Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • We may transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
  • We may use specific contracts approved by the European Commission which give personal data the same protection it has in EEA.
  • Where we use providers based in the USA we may alternatively transfer your data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data as is provided in the EEA.

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.


HOW DO WE KEEP YOUR DATA SECURE?

As a trusted company, we take the security of your data very seriously.  We have implemented a number of reasonable and necessary security measures in order to try and prevent unauthorised access.  For example:

  • We use entry controls in our offices to control who can access secure areas.
  • We limit who can access our computer network, and certain parts of our computer network, to specific personnel.
  • We put agreements in place with third parties we work with to regulate the processing, security and confidentiality of data.
  • We regularly review, monitor and audit our suppliers.

If we become aware of a data breach we will notify the Information Commissioner’s Office in a timely manner. We may also notify you if we believe the breach is serious.


HOW LONG DO WE KEEP YOUR DATA FOR?

We store your personal data for different periods of time depending upon the purposes for which we collected it and we do not store your personal data for longer than is necessary to fulfil these purposes.  We retain your personal data throughout our relationship with you, and usually for up to 7 years after your list with us has finished or you have closed your account.

In order to determine how long we store your personal data for, we take into consideration why we need to continue to store your personal data, whether we can achieve the same result without having access to your data, and what the potential risk is if there is a data breach that affects your data.

Occasionally we may anonymise data which means that it is no longer associated with you.  We do this for statistical or research purposes so we can improve the services we offer to you.  We can use anonymous data indefinitely without further notice to you.


WHAT RIGHTS DO YOU HAVE?

You have the following rights over your personal data:

  • To ask us for details of the personal data we hold and process about you (this is usually called a subject access request).
  • To ask that any inaccurate information we hold about you is corrected.
  • To ask that we delete personal data we hold about you
  • To ask that we stop using your personal data for certain purposes.
  • To ask that we do not make decisions about you using completely automated means.
  • To withdraw your consent.
  • To ask that we give you the personal data we hold about you, or (where technically feasible) that we give this personal data to a third party chosen by you, in a commonly-used machine-readable format.

These rights are not available to everyone all the time.  Some are subject to exemptions, and so we may not always be able, or required, to comply with your request to exercise these rights.  Further details about your rights can be found on the Information Commissioner’s website: https://ico.org.uk/global/privacy-notice/your-data-protection-rights/

To exercise any of the above rights, please contact us using the details included at the start of this policy and provide us with as much information as you can so we can respond as soon as we can.  We may ask you to provide proof of identity (for example, your passport or driving licence) before we fully respond as we have to be sure we are giving the correct personal data to the correct individual.

We usually respond to data subject requests within one month, but it can take longer if your request is particularly complex or if you have made a number of requests.  You will not usually have to pay a fee, but we reserve the right to charge a fee if your request if clearly unfounded, repetitive or excessive; alternatively we may refuse to comply with your request.

You also have the right to complain to the Information Commissioner’s Office, the UK supervisory authority for data protection issues. Before exercising this right, we encourage you to contact us first to resolve any complaint you may have, although this is not legally required. More details can be found here: www.ico.org.uk.


WHAT ABOUT CHANGES TO THIS POLICY?

We reserve the right to update this policy to reflect any changes to the way in which we collect, process or share your personal data, or to reflect any legal requirements. When we make any changes, we will upload the new version to our site. The new version will take effect as soon as it is uploaded.

This policy was last amended on 12 September 2018 and supersedes any earlier versions.