This Privacy Notice sets out how Coco and Vanilla LTD collects and uses (processes) information about individuals (referred to as your "personal information"). Personal information is information which by itself available to us can be used to identify you. In this privacy notice we describe:
- Who Collects Your Personal Information
- Type Of Personal Information That We Collect
- How We Use Your Personal Information
- How We Share Your Personal Information
- Other Information We Collect
- Marketing Preferences
- Your Rights
- How Long We Keep Your Information
- Other Important Information
You may be assured that we will treat all personal information as confidential and will not process it other than for a legitimate purpose. Steps will be taken to ensure that the information is accurate, kept up to date and not kept for longer than is necessary. Measures are also taken to safeguard against unauthorized or unlawful processing and accidental loss or destruction or damage to the personal information.
Since this notice contains important information, we encourage you to read it. Please use the links to access detailed information. Any questions in relation to this Privacy Notice of requests in respect of personal information should be directed to firstname.lastname@example.org in the first instance.
Who Collects Your Personal Information
Coco and Vanilla LTD is responsible for collecting and processing the personal information.
Type Of Personal Information That We Collect
We will hold and process data for day to day business process and activities including the processing of your orders for supply and sale of our products and services, to manage your account or to meet our Legal, Regulatory and Good Governance obligations and requirements (in particular in respect of anti -money laundering legislation). This list is not exhaustive and may be updated from time to time as dictated by business needs and legal and regulatory requirements.
If you do not provide the information that we request, we may not be able to provide you with the requested products or services.
Processing is as defined in the Regulations, but could include obtaining, recording or holding information or data.
Personal data is information which can identify you as a living individual.
We will collect personal information when you:
- Access our products and services
- Create an account
- Participate in a promotion, contest or attend an event
- Make a purchase on one of our online stores or return something to us
- Submit a review or participate in a survey
- Communicate or interact with us via social media
- Contact us for assistance
- Submit an application for employment
Some of this information we collect directly from you either in person or via a website, via email or telephone contact, via web-chat, via Account Application and the Due Diligence Process or via social media.
The Personal Information we may collect from you explicitly includes the following:
- Name, date of birth, gender and country of residence
- Billing and shipping address
- Personal contact information such as email address, telephone number and mobile number
- Financial information (for Business customers only)
- Account details such as user name, password and unique user ID
- Payment information such as debit or credit card details; bank account details; PayPal User ID; Amazon User ID.
- Photographic proof of age
- Your reviews about our products and services, information about your preferences and consumption habits
- Marketing communication and cookie preferences that you have given your consent
- Education and Employment history, salary expectations (for job applications)
- Details of your contact with us including recordings of any telephone calls
- Photographs and videos submitted by you or taken at one of our events
- Profile pictures and social media profile information that you have given your consent
- Computer or device IP address
We also collect personal information about you from other sources. Such information from other sources may be:
- Information from credit references, court records of debt judgement and bankruptcies or that received as part of routine card verification (fraud prevention) checks.
- Joint marketing partners, when they share information with us that you have given consent
- Publicly available databases
When we receive personal information about you from different sources, we may combine or link that information. Linking different sources of information enables us to provide better customer support when you contact us and an overall better shopping experience.
Some of the personal data may be kept in paper files, while other personal data will be included in computerized files and electronic databases that have restricted and secure access.
How We Use Your Personal Information
We use data (including personal information of individuals) for the following purposes (the below also confirming the lawful basis we are relying in each case):
Lawful Basis for Processing
We use personal information to perform and fulfill the contract we have entered into with the individual and process orders, to take payment for items purchased from us, to dispatch items purchased or to process a return or request for a refund.
We may also use personal data to protect against or identify possible fraudulent transactions. We will engage in these activities to manage our contractual relationship with the individual and/or to comply with a legal obligation.
In instances where an individual has been provided with this Privacy Notice and provided personal data thereafter, the processing may be carried out on the basis of the consent.
If you as an individual contact us, or we contact you, we will use your personal information such as your purchase information and contact history for the purpose of providing you with assistance, handling inquiries and complaints.
We will engage in these activities to manage our contractual relationship with you as an individual, for our legitimate business reasons and/or to comply with a legal obligation.
To provide you with Marketing Information and /or Information about our Products, Events or Services which may be of interest to you and manage such mailings.
Personal data to communicate with individuals on topics and events which may be of interest to them.
Where you as an individual have asked to receive marketing communications from us, we may send you information about our products, newsletters, promotions, offers or other information that we think might be of interest to you.
We use personal information to send you marketing communications via email, post, telephone and social media.
If you decide to opt-out from marketing messages, you may opt-out emailing email@example.com with the subject line ‘Opt-Out’. You can also log into your account online and opt-out.
We will seek to comply with your request(s) within 1 calendar month.
Our business purposes including legal, regulatory and governance obligations
As a supplier of the products and related services to process the personal data to the extent necessary as follows:
We use the personal information we hold about you to accomplish and manage our business purposes and contractual relationships and or to comply with a legal obligation, including:
- To conduct data analysis, for example, to improve the efficiency of our services;
- To conduct audits, to verify that our internal processes function as intended and are compliant with legal, regulatory or contractual requirements;
- To monitor for fraud and security purposes, for example, to detect and prevent cyber attacks or attempts to commit identity theft;
- To meet our legal, regulatory and governance obligations including as may be necessary for compliance;
- To consider ways for enhancing, improving, or modifying our current products and customer services;
- To identify usage trends, for example, understanding which parts of our services are of most interest to users;
- To determine the effectiveness of our promotional campaigns, so that we can adapt our campaigns to the needs and interests of our users; and
Subject to applicable data protection law, we may share your personal information with your consent or as necessary to complete any transaction or provide any service you have requested. Sometimes the provision of data to one entity within our group may result in that data being accessible by all other members of our group. Reasonable endeavors are made to ensure that the data is only accessible by those with a need for access to fulfill the purposes set out above. We do not share your personal information with any third-party companies for the purpose of marketing including our affiliates unless you have explicitly provided us with consent. We do not share your personal information with any third party outside of the European Union. The following are categories of recipients with whom we may share your personal data and for the reasons mentioned.
Basis for Sharing Information
Business Transactions, Legal, Regulatory and Law Enforcement
- We have a legitimate interest in disclosing or transferring your personal information to a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings). Such third parties may include, for example, an acquiring entity and its advisors.
- We may also disclose personal information to comply with legal and contractual obligations and our corporate policies and procedures and where we believe such action is necessary to – this may include:
- Fraud prevention agencies, credit reference agencies, debt collection agencies when we open your account, other organisations who use shared data bases for income verification and credit checks,
- Government bodies and agencies in the UK e.g. HM Revenue & Customs (HMRC),
- Any Registrar of a Public Register where the data is to be included in a Public Registry,
- Courts and Tribunals to comply with legal requirements and for the administration of justice,
- To protect the security, integrity, rights and privacy of our business operations,
- To other parties connected with your account e.g. guarantors and other people named on the application
- Anyone else where we have your consent or where it is required by law
Third Party Service Providers
- We use third party service providers to process personal information on our behalf. This may include:
- Sub-contractors and other persons who help us provide our products and services,
- Companies and other persons providing services to us including those who provide customer support, web hosting (including cloud based) and data base server providers, social media platforms, customer data management and list enhancement companies, marketing agencies that host our events and promotions or other marketing initiatives, companies that fulfill product orders, warehouse management or coordinate mailings, delivery and courier companies, market research organisations, product and service reviews providers
- Payment processors, data analysis firms,
- Legal, and other professional advisors including our accountants and auditors,
- And where we enter into an engagement with a third party pursuant to which the data may be processed or shared by - with that third party, we will seek to enter into an agreement with that third party setting out the respective obligations of each party and we will endeavor to be reasonably satisfied that the third party has measures in place to protect the data against unauthorized or accidental use, access, disclosure, damage , loss or destruction.
Other information may be collected in a variety of ways, including:
- Through your browser or device
- Through your use of one of our mobile apps
Data subjects in the European Union (or any jurisdiction with equivalent legislation to the European Union General Data Protection Regulation) have certain rights in respect of their personal data. We will respond to your requests consistent with applicable law. These rights are as follows:
- The right to be informed about our processing of your personal data
- The right to have your personal data corrected if it is inaccurate and to have incomplete personal data completed
- The right to object to processing your personal data
- The right to restrict processing of your personal data
- The right to have your personal data erased (the ‘’right to be forgotten’’) -
- The right to request access to your personal data and information about how we process your data
- The right to move, copy or transfer your personal data ("data portability")
- Rights in relation to automated decision making including profiling
You have the right to complain to the Information Commissioner’s Office at www.ico.org.uk
In any case in which a data subject chooses not to provide any personal data or where any of the rights set out are exercised to limit the processing of personal data, Coco and Vanilla LTD may be unable to provide the relevant products or services, or there may be a restriction on the services which can be provided.
How Long We Keep Your Information
We retain personal information only for as long as needed or permitted in light of the purposes (as set out above) for which it was obtained and consistent with applicable law. The criteria which we use to determine data retention periods for your personal data include the following:
- Retention in case of an ongoing relationship: The length of time we have an ongoing relationship with you and provide the products and services to you (for example, for as long as you have an account with us or keep using the services);
- Retention in accordance with legal, regulatory and statutory requirements: Whether there is a legal obligation to which we are subject and where the data cannot be deleted for legal, regulatory or statutory reasons; or
- Whether retention is advisable in light of protecting our legal position: in the case of disputes and court claims (such as in the case of termination of employment)
- Others: In the absence of any statutory requirement, our retention policies will be proportionate and designed using a risk-based approach.
Any requests for further information in relation to the continued processing of specific data and requests for the destruction of data should be made to firstname.lastname@example.org
Other Important Information
If you have any questions, concerns or require further information on how we control or process your personal information then we welcome you to contact us:
Email: Data Protection Officer - email@example.com