Scope of this Document
This document covers the data we collect and store relating to you personally as an individual.
How we fit into the General Data Protection Regulations
As part of the GDPR regulations that cover personal data for individuals across the EU we act as a data controller (storing and managing information you provide to us) and a data processor (using data provided by our partners / suppliers) to complete required business operations.
This privacy notice documents all data that you supply to us directly or has been supplied to us by GDPR complaint third parties.
Any personal data that you supply to us:
- Personal data can be shared with us in one of the following ways: Website contact form, newsletter registration form, direct email communication, posted letter or telephone conversation. These methods may include the following personal information: your full name, your home or business address, personal or business email address and telephone / mobile phone number. If a purchase is made online or via the telephone additional information may be collected such as your delivery address, payment provider and additional information to supply the goods in the correct size and specification.
- If you are share information with us on behalf of a third party please make sure you have their prior consent and that they receive a copy of this privacy notice for their personal records.
More about the data we collect
- We may record telephone conversations for training purposes and as a legal record of any conversations that take place.
- Our website will track user data (Google Analytics) to help us understand visitor patterns and preferences, no personal data will be stored during this process other than the unique IP address of the computer used to visit the website.
- Third parties may provide data to us but all information will be supplied by a GDPR compliant source.
More about the information we receive from third parties
- Social Media – If you have used a promotional advert or offer through social media networks such as Twitter, LinkedIn or
- Facebook we may receive your profile information such as your full name, address, telephone / mobile numbers. We will use this information to contact you regarding your interest in this offer / advert if you have given your consent to do so.
How we use your data
We collect the data outlined in the Privacy Notice to be able to operate our business and provide the products and services you require from us. Your data will only be used with your consent, which you can give via digital means, online, by post or verbally. The use of this data may include contacting you via email, telephone and post to fulfil the products and services we offer.
Third-Parties Who Form Part of Our Contracted Delivery Process
To fulfil the products and services we offer your data may be shared with a third party delivery service and/or website management company. The amount of data we share will be minimal to enable the complete of the product or service purchased.
Our third party suppliers may also process your data in the following ways:
- Deliver products to you chosen address.
- Backup previous orders for archive.
- Fault find issues with an on going order.
Our legal and crime prevention policy
We will share personal information with the relevant agencies and without notice, where we are requested to or suspect fraudulent activities, money laundering, terrorist related activities or where there is another legal requirement to do so.
Children under the age of thirteen
All of our products and services are not intended to be used by children under 16 years old. We will never knowingly collect data from or on children below 13 years old.
We will not store any special category personal data (anything about your body, beliefs, race or sexual preferences as this is not required for our business processes.
Storage of Personal Data
All data that you provide to us or third parties will be stored and backed up securely within the EEA/EU. Any data that is stored outside of the EEA/EU will meet the ‘Privacy Shield’ standard or binding corporate rules will be in place.
Internet and Postal Data Security
All data once received by us will be stored and backed up securely. All data supplied digitally or by post is at your own risk until it reaches us. We cannot be held responsible for data security on your own electronic devices or the postal service.
How long do we keep your data for?
The amount of time that we store your data depends on the following:
- The reason we are using your data, memberships or product warranties may require us to store your data for unto 24 months to allow for customer communications such as renewals or product recalls.
- Legal requirements and where a minimum timescale is set (E.G. Her Majesty’s Revenue and Customs (HMRC))
We will keep your data for the term you have specifically consented to, the contracted term between us or where there is a legitimate interest for us to remain in contact with you in for up to 24 months in case of any queries that you may have or for legally required reasons (E.G. HMRC), whichever is the longest period.
Your Data Protection & Privacy Rights
There are various rights that you have as a UK natural living person (individual) under the GDPR. Below are the abbreviated ICO definitions and include:
- The right to be informed – Individuals have the right to be informed about the collection and use of their personal data
- The right of access – Individuals have the right to access their personal data and supplementary information
- The right to rectification – Individuals have the right to have inaccurate personal data rectified, or completed if it is incomplete
- The right to erasure – The right for individuals to have personal data erased. This is also known as ‘the right to be forgotten.
- Please note this right is not absolute and only applies in certain circumstances
- The right to restrict processing – The right to request the restriction or suppression of their personal data. Please note this is not an absolute right and only applies in certain circumstances
- The right to data portability – The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services
- The right to object – Individuals have the right to object to processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling), direct marketing (including profiling) and processing for purposes of scientific/historical research and statistics
The full ICO rights under GDPR can be seen at the Internet link below or calling them on 0303 123 1113:
You can exercise your rights by contacting us using the details set out in the “Contact us” section below.
You have a right to see what information that we hold about you and you can get in contact with our Data Protection Officer using the following details:
Bullet & Bone Ltd,
50 Eastcastle Street,
Under the GDPR you have the right to request a copy of the personal information that we hold about you and to have any inaccuracies corrected or information deleted. You will need to prove your identity with 2 pieces of approved identification which can be a: passport, driving licence, birth certificate, utility bill (from last 3 months), current vehicle registration document, bank statement (from last 3 months) or a rent book (from last 3 months). We will verify your identity, noting how and when we verified it, then we will immediately delete that data.
If you can advise of the specific information that you require, we can process your request more quickly. We will respond to your request within one month of you providing information that confirms your identity.
We will then give you a copy of your data, why we have it, who it could be disclosed to and it will be in a format that you can access easily. You have the right to clarify and correct the information as necessary. It can be deleted providing that it is not required for legal or public interest reasons.
To Make a Data Subject Access Request
To make a Data Subject Access Request please following this link – https://www.bulletandbone.com/contacts/
To make a Data Removal Request
To make a Data Removal Request please follow this link – https://www.bulletandbone.com/contacts/
Data Protection Officer Contact Details
If you have any questions about this Privacy Notice or any other data protection queries, our Protection Officer can be contacted at: firstname.lastname@example.org
We are registered in the UK and our registered address isBullet & Bone Ltd, Suite 345, 50 Eastcastle Street, London, W1W 8EA
By post at our office address: Bullet & Bone Ltd, Suite 345, 50 Eastcastle Street, London, W1W 8EA
Or by e-mail: email@example.com
Cookies are small files stored by your web browser when you visit our website, some cookies simply remember the links you have clicked on and change the colour of visited links when you return. Some more complicated copies store more detailed information such as your login information if you are visiting a website with an online store or membership area. Cookies will never store personnel information about you, just your preferences since your last visit / login.
Cookies and can deleted by clearing your web browser history / cache. Please note disabling cookies in your browser will stop most modern websites such as online stores and membership areas from functioning correctly.
This cookie is used to remember a user’s choice about cookies on bulletandbone.com. Where users have previously indicated a preference, that user’s preference will be stored in this cookie.
Google Analytics (Universal)
These cookies are used to collect information about how visitors use our website and WordPress blog. We use the information to compile reports and to help us improve the website. The cookies collect information in an anonymous form, including the number of visitors to the website and blog, where visitors have come to the website from and the pages they visited.
Read Google’s overview of privacy and safeguarding data here: https://support.google.com/analytics/answer/6004245
The PHPSESSID cookie is used by the WordPress website platform to identify individual visitors (without collecting unique or personal information). This cookie is deleted once the visitor leaves the website. The ‘wordpress_test_cookie’ checks to see if a users browser has cookies enabled as the WordPress admin login area will not function without cookies being enabled. This cookie is only created to test for cookies and is deleted as soon as a visitor leaves the WordPress login page.
Woocommerce (online shopping facility).
The first two cookies contain information about the cart as a whole and helps WooCommerce know when the cart data changes. The final cookie (wp_woocommerce_session_) contains a unique code for each customer so that it knows where to find the cart data in the database for each customer. No personal information is stored within these cookies.