When we refer to 'we' in this policy, we are referring to Just Aromatherapy 45 Thorpe Road, Melton Mowbray, Leicestershire, LE13 1SE. For the purposes of this policy, Just Aromatherapy is the Data Controller. The Data Controller is the person(s) who determine how your personal data is controlled within the company.
Just Aromatherapy is committed to complying with the General Data Protection Regulation (GDPR) 2018. This policy provides information as to how we collect and use personal data, and what your rights are.
What information do we collect and hold
When placing an order with us or registering for an account we collect the following information.
- Name, Address, Postcode, Country, Telephone Number, Mobile No, and E-Mail Address.
- We may gather information including the device type, browser, IP address, and how you use our web site.
When you make a payment for an order, we use third party payment processors. We do not store or collect your payment details. This information is provided directly to our third party payment processors. The payment processors we use are Paypal and Nochex.
When you contact us through our customer support for an enquiry or a problem with a product or an order, we will collect certain personal information to order to fulfil the support.
We do NOT collect sensitive information such as race, ethnicity, religious beliefs, or any lifestyle information.
How do we use the information
We will only use your personal information for legitimate purposes
- To fulfil the contract between yourselves and the company - To comply with our legal and regulatory obligations
We use the information to process the orders you place with us through any of our portals.
We use the information to register you as a new customer.
We process your payments and refunds if applicable.
To analyse how you use our web site so that we may improve our services to you. These statistics helps us review our business, but in no way identifies you personally.
To administer and protect our business.
To contact you about our products and services, if you have provided consent.
We may use the information to provide customer support where you have requested such by telephone or by e-mail, or to investigate and resolve a problem you have raised.
For security purposes, we may use the information provided to verify accounts and to prevent fraudulent activity.
We may use your personal information to recover money owed to us, where applicable.
Who do we share the information with.
We may share your personal information with the following third parties. We will only share sufficient information to enable them to provide the service and complete the task.
Service suppliers which enable us to fulfil our contractual obligations with you. This will include our carriers such as Royal Mail, and other carriers we may use.
If you have opted in for a newsletter, we share limited information with our e-mail marketing providers such as Mailchimp, so that we can send the newsletters.
We may share information with other service providers who provide us with IT support.
Professional bodies who support our business including bankers, accountants, and insurers.
Government authorities, including HM Revenue & Customs, to comply with regulatory requirements.
Credit reference agencies, whereby the customer has applied for credit, and has provided us with consent.
Keeping you informed about our products and services.
Where you have explicitly provided consent, we may frequently send you e-mails about our products and services.
At any time you may withdraw consent by e-mailing us via our contact form.
How long we keep the information for.
We only retain your personal data for as long as is necessary for us to comply with our legal obligations.
We are required by law to keep certain information, such as contact and transaction information for a minimum of six years for accounting and tax purposes.
Data used for web site tracking is held for a much shorter period of time, and does NOT hold any information which can personally identify you.
Lawful basis for processing data.
We are required by law to define our legal grounds for processing your personal data. We may process your personal data for more than one lawful basis, and these are explained below.
Processing Information to Fulfil a Contract.
When you create an account with us, or buy a product from us, you enter into a contract with us. In order for us to fulfill that contract we need to process the information you provide us. We process your information on the basis there is a contract between us. We will continue to process this information until the contract between us comes to a satisfactory end.
Processing Information with Your Consent.
When you access our web site or send us an enquiry via e-mail, you implicitly provide consent for us to use your personal information in one way or another.
When you request information about our products and services, by telephone or e-mail, you implicitly provide consent for us to contact you with a response.
We will always seek explicit consent whenever sending you marketing materials by e-mail.
Processing Information for Legitimate Interests.
We may process your personal information for the legitimate interest of
Record-Keeping and administration of the business To help analyse how customers use of services, and help us improve our web site To help form a more effective marketing strategy To recover debts where applicable Protecting the legal rights of all parties Protecting your interests where we have a duty to do so
Processing Information for Legal Obligations.
We have certain legal obligations for processing your information. This will include the maintenance of records for tax purposes.
We may also be required by law to provide information to the authorities if we are legally requested.
You have the right, under certain circumstances, under the data protection laws. These include
Access to your own information Correction of your own personal data Removal of your information Restrict the processing of your personal data Right to withdraw consent
If you wish to exercise your rights, you can contact us via our online contact form. We are required to action your request within one month. However, if the work is unduly complex or there are multiple requests we may extend the period. If this is the case we will explain our reasons why.
We will not charge you a fee unless the requests are excessive or unfounded. If we have to charge you a fee, we will inform you and the reasons why.
If you find you are not satisfied with our actions, you can contact us via our online contact form. Beyond this you have the right to make a complaint to the Information Commissioner.
Further information about your rights can be found at https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/.
Transfer of your Information.
The information we collect may be transferred, or stored, at a destination outside the European Economic Area (EEA). It may be processed by one of our service suppliers in order to fulfil an order or provide support services. Under these circumstances, we will ensure that we only work with responsible service suppliers.
Links to other web sites.
Our web site may contain links to external web sites which are not operated by us. We would advise you to review the privacy policies of those web sites. We cannot be held responsible for any policies of these third party web sites.
We use Google Analytics to analyse the use of our web site. This is a service offered by Google that tracks and reports website traffic. The data contained in these cookies used is anonymous, and does not identify who you are.
You can opt-out of this by installing the Google Analytics opt-out browser add-on at https://tools.google.com/dlpage/gaoptout.
Cookies are small pieces of data sent from a web site and stored on the user's computer by the user's web browser while the user is browsing.
The types are cookies we use are.
Session Cookies These cookies allow you to navigate our site and add items to the basket.
Analytical Cookies These cookies allow us analyse how you, the customer, uses the site, so that we can improve the experience.
Security Cookies These cookies assist in the security of your browsing.
By using our web site, you agree to the use of these cookies. However, you may, if you wish, disable or delete these cookies, by changing the settings in your browser. This will vary amongst browser's, but a simple google search "disable cookies" will show you how.
We are committed to protecting your personal data. We use various up to date security features in house, and follow stringent procedures in order to protect your information.
Access to your information is limited to employees and service providers on a need to know basis, and strictly follow our instructions.
Browsing on our web site, and entering personal data, is protected by 256-bit SSL encryption.
Our payment providers are also PCI-DSS complaint.
We have put procedures in place to deal with suspected data breaches. We will rapidly notify you and the Information Commissioner of any data breach.
Right to Complain.
If you are still unhappy with the way we process your information, you have the right to complain to the Information Commissioner at https://ico.org.uk/concerns/.
If you have any questions about your privacy on this site or our treatment of your personal data, you can write to us by email. Please click here to contact us by email, or use the "contact us" link located on the top of the every page on this site, or by post to Just Aromatherapy, 45 Thorpe Road, Melton Mowbray, Leicestershire, LE13 1SE, UK.
If you no longer wish us to contact you by e-mail for special offers from Just Aromatherapy and to no longer receive potential sale offers, please email us, or use the "contact us" link located at the home page, or the top of every page on this site, stating the e-mail address you would like us to remove.
Please remember, if you opt out we won't send you promotional and sale offers and you will need to visit the web site to know how you can save on products throughout the year.