1.1 We may collect, store and process the following kinds of personal information:
(a) information about your computer and about your visits to and use of this website (including your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation;
(b) information relating to any transactions carried out between you and us on, or in relation, to this website, including information relating to any purchases you make of our goods or services;
(c) information that you provide to us for the purpose of registering with us;
(d) information that you provide to us for the purpose of subscribing to our website services, leaving a comment, product review, email notifications and/or newsletters; and
(e) any other information that you choose to send to us
2.1 We may collect information about your computer, including, where available, your IP address, operating system and browser type, for system administration purposes. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual.
2.2.1 Information you provide by filling in forms on our Site, including contact forms, signing up to the email newsletter.
2.2.2 If you leave a comment on the Site, you may opt-in to saving your name and email address in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
2.2.3 If you have an account and you log in to the Site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
2.2.4 When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
Cookies are also used to improve our services by letting us know about how our Site is used (for example, how many times a particular page is viewed).
2.3 Our Site uses Google Analytics, a web analytics service provided by Google Inc. This service monitors visitor activity on our Site, such as pages visited and banner clicked. Google evaluates this information to compile reports on website activity and internet usage.
The information generated by the cookies about your use of our Site (including your IP address) will be transmitted to and stored by Google on its servers. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf.
We use the data in Google Analytics to make educated improvements to our Site and marketing activities, to bring you a better experience and better content to our customers.
2.4 Articles on our Site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
2.5 If you wish to restrict or block any cookies that are set by our Site or any other, you can do so by adjusting your browser settings (check your ‘help’ function within your browser to find out how). Alternatively, you can visit www.aboutcookies.org which contains comprehensive information about cookies, including how to delete them. By continuing to use our Site, you consent to the setting of these cookies.
3.1 Personal information submitted to us via the website will be used in a number of different ways:
(a) to administer the website;
(b) to improve the browsing experience by personalising the website;
(c) to send you goods purchased via the website, and supply to you services offered on the website;
(d) to collect payments from you;
(e) to send you general (non-marketing) commercial communications relating to your order, or other customer service enquiries;
(f) to send you our newsletter where you have provided consent to do so. You may unsubscribe from our email newsletter at any time by using the unsubscribe link at the bottom of the emails, or by contacting us using the details at the bottom of this policy. Please note that if you unsubscribe from our mailing list, you may miss out on vital product information and updates;
(g) we may contact you using third party data, providing you have given consent to being contacted by relevant third parties;
(h) provide third parties with statistical information about our users – but this information will not be used to identify any individual user; and
(j) deal with enquiries and complaints made by or about you relating to the website.
Where you submit personal information for publication on our website, we will publish and otherwise use that information in accordance with the licence you grant to us.
3.2 Below sets out examples of what information we collect, why we collect it and how we use the information.
3.2.1 What information do we collect? Your name and contact details (and order number)
How we collect it: You provide it
(a) Why we collect it: So we can deliver your purchases to you, completing our contract with you.
How we use it: We use it so your order can be delivered to you. Your name and address information is shared with our courier service.
b) Why we collect it: So we can send you emails about your order, keeping you informed about your order status and therefore providing a service to our customers.
How we use it: We use your name and email address to personalise your email and ensure you’re provided with relevant order information.
c) Why we collect it: So we can email you the newsletter, keeping you up-to-date on new products, industry news and offers. The customers only receives this information if they opt-in to receiving the newsletters.
How we use it: Your name and email address will be automatically sent to MailChimp. MailChimp is an online marketing service that allows companies to create and distribute branded emails to a list of addresses who have consented to receiving such emails. MailChimp store the personal data provided and uses this information when despatching our email newsletters. More information about MailChimp can be found here: www.mailchimp.com. You will only receive marketing emails if you have given your explicit consent and you can unsubscribe from receiving them at any time by clicking the ‘unsubscribe’ button at the bottom of the emails.
d) Why we collect it: So we can identify you and respond to queries you may have.
How we use it: The information you provide will be held securely in accordance with an internal security policy and the law.
3.2.2 What information do we collect? Your payment details
How we collect it: You provide it
a) Why we collect it: So you can pay for the goods you have ordered with us or receive refunds.
How we use it: Payment information is sent directly to the payment merchant, Stripe (see www.stripe.com/gb) via our website. Stripe process your order and confirm to us that payment has been made. Any payment information details are encrypted before being sent to us. We do not store payment details that can be personally identifiable to you.
3.2.3 What information do we collect? Purchase history
How we collect it: Via the orders you place on the Site.
a) Why we collect it: To provide customer service and support, with both orders and returns
How we use the information: Purchase history information is stored in the Order History section of your User Profile. Website administrators have access to this information, as well as the customer. We use this to answer any questions you may have.
3.2.4 What information do we collect? Comments, IP Addresses and Browser User Agent String
How we collect it: When visitors leave comments on the Site
a) Why we collect it: To help spam detection
3.2.5 What information do we collect? User profile information
How we collect it: You register you details when you set up an account on the Site
a) Why we collect it: So all users can see, edit, or delete their personal information at any time (except their username). Website administrators can also see and edit that information in case the customer contacts us and asks us to edit it.
How we use it: To fulfil customer service enquiries, should the information need amending.
Our legal basis for collecting and using the personal data described above will depend on the personal data concerned and the specific context in which we collect it. However, we will normally collect personal data from you under the following legal bases:
a) Consent: When you have given your consent to receive our newsletter. You can opt-out of receiving marketing communications from us at any time by contacting us using the details at the end of this policy or by using the link at the bottom of each email that we send to you.
b) Legitimate business interests: We will use your information for our own legitimate business interests, for example, to provide you with the best suitable content on our website, to improve and promote our services and for our own administrative purposes including creating and maintaining business records of our relationship with you and your product orders with us.
c) Legal requirements & vital interests: In some cases, we will have a legal obligation to contact you, this could include a product announcement.
5.1 We may disclose your personal information to any of our employees, officers, agents, suppliers or sub contractors insofar as reasonable necessary for the purposes as set out in this policy. Disclosure to third parties in limited circumstances, includes:
(a) in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;
(b) if Aya Natural UK Ltd or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets;
(c) if we are under a duty to disclose or share your personal data in order to comply with any legal or compliance obligation (for example to the Police or any relevant regulatory body), or in order to enforce or apply our terms of business and other agreements;
(d) where necessary, to protect the rights, property, or safety of Aya Natural UK Ltd, our customers, or others;
(e) to our auditors or other inspecting organisations from time to time (including any accrediting organisations). This also includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction; and
(f) if you are our customer, it is necessary to pass your personal data to third parties in order to carry out the services you have requested (for example, courier providers and payment processors), or to send communications to you (where permissible in accordance with applicable legislation) using our third party processors. We will always tell you if this is the case before sharing your information; and
(g) if you have provided consent to receive communications from us or we have a legitimate business interest to send communications to you (for example in relation to legal product updates) we may transfer your information to our third party processors for the purposes of sending such communications to you.
5.2 We may disclose your personal information to our affiliate companies.
5.3 Some services may allow you to share your personal data with other users of the service or with other services and their users. Please consider carefully before disclosing any personal data or other information that might be accessible to other users.
6.1 If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.
6.2 For users that register on our website, we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
6.3 When we have no ongoing legitimate business need to process your personal data we will either delete or anonymise it or, if this is not possible, then we will securely store your personal data and isolate it from any further processing until deletion is possible.
7.1 Right to object
You have the right to ask us not to process your personal data for direct marketing purposes where we are relying on consent to do so. We will ask you (before collecting your data) if you consent to us using your data for such purposes. We may use a third party processor to send communications to you. Where you do provide your consent, you can opt-out at any time by clicking the ‘unsubscribe’ link at the bottom of the newsletter email or contacting us at email@example.com. This will you’re your personal data to an unsubscribed list and prevent you receiving any further newsletters by email.
7.2 Right to access
Data Protection Legislation gives you the right to access information held about you. If you have an account on this site or have left comments, and you wish to access or correct your personal data, you can do so at any time.
7.3 Right to erasure
You can request that we erase any personal data we hold about you; this does not include any data we are obliged to keep for administrative, legal, or security purposes. Simply contact us using one of the methods at the bottom of this policy.
7.4 Right to rectification
You have the right to require us to correct any inaccuracies in your data. You may need to provide enough information to allow us to identify you and provide the corrected information.
7.5 Right to data portability
You have the right to request your data in a structured, commonly used, machine-readable and inter-operable form to be transferred to yourself or another data controller.
7.6 Request restriction of processing
You have the right to request that processing of your personal data is restricted by contacting firstname.lastname@example.org. We will then discuss with you the possible consequences of such restrictions.
7.6 Right to complain
You have the right to complain to a data protection authority about our collection and use of your personal data. For more information, please contact your local data protection authority. For the UK, this is the Information Commissioner’s Office (www.ico.gov.uk).
The internet is not a secure medium and therefore, the transmission of information via the internet is not completely secure either. We cannot guarantee the security or integrity of your data transmitted to our Site and you acknowledge that any transmission is at your own risk. Once we receive your information, we do take technical and organisational precautions to preserve the security of our data and to protect us against any accidental or unlawful destruction, accidental loss, corruption, unauthorised circulation or access to your personal information and data, as well as against any other form of unlawful processing or disclosure to unauthorised persons.
We use secure server software (SSL) to encrypt financial information you input before it is sent to us, and our database is hosted in a secure (password and firewall-protected) data centre.
Whilst we cannot ensure or guarantee that loss, misuse or alteration of data will not occur, we use our best efforts to prevent exactly this.
You are responsible for keeping your password and user details confidential. We will not ask you for your password (except when you log in to the website).
9.1 A personal data breach can happen for a number of reasons, for example:
a) Loss or theft of data or equipment and paper files
b) Hacking attack
c) Equipment failure
d) Inappropriate access controls allowing unauthorised/unnecessary access to data
e) Human error
f) Unforeseen circumstances such as a fire or flood
It is vital that as soon as a personal data breach is identified or suspected, we immediately report it to the Data Protection Team. The General Data Protection Regulation requires that all breaches are reported to the supervisory authority ‘without due delay…, not later than 72 hours after having become aware of it’.
9.2 We also investigate an incident depending on the type and severity of the incident and, where required, the Data Protection Team conduct a full breach report. This investigation will:
(a) Establish the nature of the incident, the type and volume of data involved and the identity of the data subjects
(b) Consider the extent of the breach and the sensitivity of the data involved
(c) Perform a risk assessment
(d) Identify actions the organisation needs to take to contain the breach and recover the information
(e) Assess the ongoing risk and actions required to prevent a recurrence of the incident
A log will be reviewed on a regular basis by the Data Governance Working Group (DGWG) who will determine whether any updates to Policy and Procedures are required, and co-ordinate any training and communications messages from the lessons they have learnt. From this, they may escalate a breach if required.
Our Site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
The most up to date version of this policy is available on our website.
This policy was last updated on 20th September 2018.
By Post: The Data Protection Officer, Aya Natural UK Ltd, Suite 1, Earls House, Earlsway, Team Valley Trading Estate, Gateshead, Tyne & Wear, England, NE11 0RY
Aya Natural UK Ltd,
Team Valley Trading Estate,
Tel: +44 (0)8000 699464
For quick answers to the most commonly asked questions, try our fast and easy Help & FAQs section.