acting as a Data Controller gather, process and protect any personal
information you give us.
We may change this policy from time to time by
updating this page. You should check this page from time to time to ensure that
you are happy with any changes. This policy is effective from 1/5/2020.
A cookie is a small text file that may be stored on the hard drive of your
computer when you access our Site. A "session cookie" expires
immediately when you end your session (i.e. close your browser). A "persistent
cookie" stores information on the hard drive so when you end your session
and return to the same website at a later date, the cookie information is still
available. When you visit our website, we may use both a session and a persistent
cookie. These cookies may contain information (such as a unique user ID) that
is used to track your usage of our website.
If you register with us, this cookie allows us to recognize you when you return
to our website and provides you with access to your account information. If you
and maintain information about your use of our website.
If you have not saved your information with or ordered from us, we may monitor
and maintain information about your use of our website in a manner that does
described above in order to 1) provide you with customized content and
advertising; 2) monitor Site usage; and 3) conduct research to improve our
content and services. You are free to decline cookies, but by doing so, you may
not be able to use certain features on the Site or take full advantage of all
our offerings. Check the “Help” menu of your browser to learn how to change
your cookie preferences.
Our website and our e-mails may contain small electronic files
known as web beacons (also referred to as clear gifs, pixel tags and
single-pixel gifs). This allows us to capture certain additional types of
information about a visitor's actions on a web site and help us analyse our
customers' online behaviour and measure the effectiveness of our website and
What sort of personal data do
other tracking technologies on our website to collect and analyse certain kinds
of technical information, including:
- IP addresses;
- the type of computer or mobile device you are using;
- your operating system version;
- your mobile device’s identifiers, like your MAC Address,
Identifier For Advertising (IDFA), and/or International Mobile Equipment
- your browser type;
- your browser language;
- referring and exit pages, and URLs;
- platform type;
- the number of clicks on a page or feature
- ;domain names;
- landing pages;
- pages viewed and the order of those pages;
- the amount of time spent on particular pages;
And if you have an online account with us we collect; your name,
billing / delivery address, email, telephone number, history of orders, wish
lists, your current basket. For your security, we’ll also keep an encrypted
record of your login password.
- Details of your interactions with us through our Customer
- Any comments and / or product reviews.
- Your social media username, if you interact with us through
those channels, to help us respond to your comments, questions or
- If you visit our Head Office then your image may be recorded
When do we collect your
When you visit our website and consent to using cookies.
When you make an online purchase and check out as a guest.
When you create an account with us.
When you engage with us on social media.
When you contact our Customer Service team with queries,
When you enter prize draws or competitions with us, or a partner
When you choose to complete any surveys we send you.
When you’ve given a third party permission to share with us the
information they hold about you.
When you visit our head office which has CCTV systems which may
record your image.
How we use your data
The GDPR (General Data Protection Regulation) sets out a number of
different reasons for which a company may collect and process your personal
In specific situations, we can collect and process your data with
your consent. For example, when you sign up to receive email newsletters.
In certain circumstances, we need your personal data to meet our
For example: We collect your address details to deliver your
purchase, and pass them to our trusted courier partners.
In certain situations, we require your personal data to pursue our
legitimate interests but only in a way which might be reasonably be expected as
part of running our business and which does not materially impact your rights
as specified under GDPR. Our legitimate interests include:
- selling and supplying goods and services to our customers;
- protecting customers, employees and other individuals and maintaining their
safety, health and welfare;
- promoting, marketing and advertising our products and services (direct
- sending promotional communications which are relevant and tailored to
- understanding our customers’ behaviour, activities, preferences, and needs;
- improving existing products
and services and developing new products and services;
- complying with our legal and
- preventing, investigating and
detecting crime, fraud or anti-social behaviour and prosecuting offenders,
including working with law enforcement agencies;
- handling customer contacts, queries, complaints or disputes;
- protecting Botanci, its employees and customers, by taking appropriate legal
action against third parties who have committed criminal acts or are in breach
of legal obligations to Botanci;
- effectively handling any legal claims or regulatory enforcement actions taken
against Botanci; and
- fulfilling our duties to our customers, staff, shareholders and other
If the law requires us to, we may need to collect and process your
For example: We may need to pass on details of people
involved in fraudulent or other criminal activities to law enforcement agencies.
How and why do we use your
To process any orders that you make by using our website, it is a
contractual necessity to collect your personal data during checkout, otherwise
we wouldn’t be able to process your order and comply with our legal
We will keep your details for a reasonable period afterwards in
order to fulfil any contractual obligations such as refunds, warranties, etc.
and to comply with HMRC record keeping requirements.
We want to give you the best possible customer experience. One way
to achieve that is to get the fullest picture we can of who you are by
combining the data we have about you. We then use this to offer you promotions,
products and services that are most likely to interest you. The GDPR allows
this as part of our legitimate interest in understanding our customers and
providing the highest levels of service.
To respond to your queries, refund requests and complaints, we may
also keep a record of these to inform any future communication with us and to
demonstrate how we communicated with you throughout. We do this on the basis of
our contractual obligations to you, our legal obligations and our legitimate
interests in providing you with the best service and understanding how we can
improve our service based on your experience.
To protect our business and your account from fraud and other
illegal activities. This includes using your personal data to maintain, update
and safeguard your account. We’ll also monitor your browsing activity with us
to quickly identify and resolve any problems and protect the integrity of our
websites. We’ll do all of this as part of our legitimate interest.
To protect our, premises, assets and employees from crime, we
operate CCTV systems at our Head office. We do this on the basis of our
legitimate business interests.
To process payments and to prevent fraudulent transactions. We do
this on the basis of our legitimate business interests. This also helps to
protect our customers from fraud.
With your consent, we will use your personal data, preferences and
details of your transactions to keep you informed by email and web about
relevant products and services including tailored special offers, discounts,
promotions, events, competitions and so on. You are free to opt out of hearing
from us by any of these channels at any time by clicking unsubscribe in an
email or requesting to be removed by contacting us on firstname.lastname@example.org
To send you relevant, personalised communications by post in
relation to updates, offers, services and products. We’ll do this on the basis
of our legitimate business interest. You are free to opt out of hearing from us
by post at any time by contacting us on email@example.com or opting
out of all direct mail from all companies, please visit https://www.mpsonline.org.uk.
To develop, test and improve the systems, services and products we
provide to you. We’ll do this on the basis of our legitimate business interests.
To comply with our contractual or legal obligations to share data
with law enforcement and other governmental bodies.
To send you survey and feedback requests to help improve our
services. These messages do not require prior consent when sent by email. We
have a legitimate interest to do so as this helps make our products or services
more relevant to you.
We work with Epsilon Abacus (registered as Epsilon International
UK Ltd) a company that manages the Abacus Alliance on behalf of numerous top
brand UK retailers. The participating retailers share information on what their
customers buy. Epsilon Abacus analyses this pooled information to help the
retailers understand consumers’ wider buying patterns. From this information,
we can tailor communications, sending people suitable offers that should be of
interest to them, based on what they like to buy. Your data is not
shared with the other retailers in the scheme unless we obtain your consent.
We may display interest-based ads to you when you are using Facebook
through tools offered by Facebook based on cookies and other tracking
technologies. This tool allows us to personalise our ads based on your shopping
experience with us. We do not share any of your personal information, including
your shopping history, with Facebook. If you would like to opt out of
re-targeted Facebook ads click here http://www.aboutads.info/choices/
We may display interest-based ads to you when you are using Google
and other websites signed up to Google’s Ad programmes based on cookies and
other tracking technologies. We do not share any of your personal information
with Google. If you would like to opt out of re-targeted Google Ads click
How we protect your personal
We know how much data security matters to all our customers. With
this in mind we will treat your data with the utmost care and take all
appropriate steps to protect it including;
- Physical security for all servers
State of the art web based anti-virus,
Primary physical and secondary virtual firewalls,
Email firewalls & spam filters
Internet browsing protection via the renowned Cisco Umbrella service
Intrusion detection systems
Web Application Firewalls (WAFs)
Anti DDoS (Distributed Denial of Service) protection
We secure access to all transactional areas of our websites and
apps using ‘https’ technology.
Access to your personal data is password-protected and restricted
to authorised personnel only. Any sensitive data such as payment card
information is tokenised to ensure it is protected.
We regularly monitor our system for possible vulnerabilities and
How long will we keep your
Whenever we collect or process your personal data, we’ll only keep
it for as long as is necessary and for the purpose for which it was collected,
after which it is deleted or anonymised. We may need to keep your
data for a certain length of time due to HRMC and other regulatory requirements.
Who do we share your personal
We only share your personal data with trusted service providers
(e.g. delivery couriers) and data processors that are GDPR
compliant. We provide only the information they need to perform
their specific services. They may only use your data for the exact
purposes we specify in our contract with them.
If we stop using their services, any of your data held by them
will either be deleted or rendered anonymous.
Examples of the kind of trusted service providers we work with
IT companies who support our website and other business systems.
Operational companies such as delivery couriers.
Direct marketing companies who help us manage our electronic
communications with you.
Google / Facebook to show you products that might interest you
while you’re browsing the internet. This is based on either your marketing
consent or your acceptance of cookies on our websites.
Data insight companies to ensure your details are up to date and
With your consent, we may pass that data to a third party for
their direct marketing purposes.
We may also be required to disclose your personal data to the
police or other enforcement, regulatory or Government body, in your country of
origin or elsewhere, upon a valid request to do so. These requests are assessed
on a case-by-case basis and take the privacy of our customers into
To help personalise your journey through our websites we currently
use the following companies, who will process your personal data as part of
their contracts with us.
AWIN (Affiliate Window)
Where your personal data may be
To provide some of our services we may transfer your personal to
trusted data processors in countries that are outside the EEA (the EEA includes
all EU Member countries as well as Iceland, Liechtenstein and Norway and are
subject to the GDPR). If we do so, then we always do so in
compliance with GDPR (e.g. any US partners we use are part of US Privacy
Shield) so your data is as safe as it is within the EEA.
What are your rights over your
The GDPR has introduced a number of rights you can exercise with
respect to your data. You have the right to request:
- Access to the personal data we hold about you, at no cost.
The correction of your personal data when incorrect, out of date or
That we stop any consent-based processing of your personal data after you
withdraw that consent.
That any automated decision we make may be reviewed by a member of staff.
If we choose not to action your request we will explain to you the reasons
for our refusal.
Your right to withdraw consent
In cases where we are processing your personal data on the basis of our
legitimate interest, you can ask us to stop for reasons connected to your
individual situation. We must then do so unless we believe we have a
legitimate overriding reason to continue processing your personal data.
You have the right to stop the use of your personal data for
direct marketing activity through all channels, or selected channels. We must
always comply with your request.
How can you withdraw the
consent of your personal data for direct marketing?
There are several ways you can stop direct marketing
communications from us:
By click the ‘unsubscribe’ link in any email communication that we
send you or by emailing us on firstname.lastname@example.org.
Please note that you may continue to receive communications for a
short period after changing your preferences while our systems are fully
Contacting the Regulator
If you feel that your data has not been handled correctly, or you
are unhappy with our response to any requests you have made to us regarding the
use of your personal data, you have the right to lodge a complaint with the
Information Commissioner’s Office.
You can contact them by calling 0303 123 1113.
Or go online to www.ico.org.uk/concerns (opens in a new window;
please note we can't be responsible for the content of external websites)
If you are based outside the UK, you have the right to lodge your
complaint with the relevant data protection regulator in your country of