Privacy Policy
CBYD Limited (company number 12743709)  (referred to as “we”, “us” or “our” in this Privacy Policy) is the data controller of any personal data we collect about you when you interact with us, for example, when you use this website (“our website”) or place an order with us.
This Privacy Policy tells you about how and why we collect and use the personal data which you provide to us or which we collect about you. We are committed to protecting your personal information and respecting your privacy in accordance with applicable laws.
We want you to be fully informed about how we use your data, how we keep it secure and your rights.
We trust this Privacy Policy will answer any questions you have, but if not, please get in touch with us using the contact details provided at the end of this Privacy Policy.  
We may need to update this Privacy Policy from time to time and will do so by updating this page. We will notify you of any significant changes, but would encourage you to come back and review it from time to time.  
ENSURING THE LAWFUL USE OF YOUR DATA
We will only use your personal data where we have a lawful basis to use it. We will usually only use your data where it is necessary for us to perform our contract with you (for example, to fulfil an order you have placed with us), or in a way which might reasonably be expected as part of running our business and which does not materially impact your interests, rights or freedoms. For example, we might use your personal data to allow us to improve our website or to ask you for feedback in relation to our products. Please contact us using the details below if you would like further information about this.
We may sometimes need to use data to comply with our legal obligations (for example, to pass on details of people who are involved in fraud). 
In some cases, we will ask for your consent to use your data, for example, where you agree to receive marketing from us.
Further details of how we will use your personal information are provided below.
WHAT INFORMATION WE COLLECT FROM YOU AND HOW WE USE IT
The information we collect about you and how we will use it, depends on how you interact with us. The table below provides some examples of the information we collect about you and how we will use it. 

The personal data we collect from you

How we use it

Lawful basis

We will collect the personal data needed to identify you such as your name, username, password and date of birth. We will also collect your contact details, such as your email address, telephone number, address, postal code and marketing preferences. 

Where you order products from us, to fulfil your orders and to contact you about them where necessary.

To enter into and fulfil our contract with you/legitimate business purposes.

To allow you to create an account with us.

Legitimate business purposes.

To send you marketing communications about our products, special offers or other information which we think you may find interesting.

Where you consent.

To ask you to participate in market research and provide feedback or complete questionnaires and/or participate in forums about our products and business.

For legitimate business purposes.

To allow you to participate in competitions, events or prize draws run by us.

Legitimate business purposes.

Internal record keeping. 

Legal obligation/legitimate business purposes.

If you raise an enquiry or complaint with us. 

For legitimate business purposes.

Fraud prevention and detection.

Legal obligation/legitimate business purposes.

Payment details and details of your transactions.

Fraud prevention and detection.

Legal obligation/legitimate business purposes.

To assist you with any queries you have about current and previous orders/payments.

To fulfil our contract with you/legitimate business purposes.

Information you provide to us when you contact us by telephone, email, post or social media.

To provide you with the information, support and/or customer service you have requested.

For legitimate business purposes.

Calls may be recorded to train our employees and be utilised for market research purposes.

For legitimate business purposes.

Technical information about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies such as web beacons or pixels on our website, apps and emails and full details as to how we process and use cookies can be found on our Cookies Policy.

To administer and to improve our website, to ensure it is presented in the most effective manner for you and to give you the best website experience and to allow you to participate in interactive features of our website, if you choose to do so.

Legitimate business purposes.

For data analysis, testing, research and statistical statistics to help us to improve our products and services.

Legitimate business purposes and where you consent.

To keep our website safe and secure.

Legitimate business purposes.

To make suggestions and recommendations to you and other users of our website about products or services that may interest you or them.

Legitimate business purposes.

To measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you on our website and on third party websites.

Legitimate business purposes and where you consent.

To identify behavioural flows from emails we send to you, so that we are able to monitor and analyse the effectiveness of those emails.

Legitimate business purposes.

We also use “cookies”. For information on the way in which we use cookies, please see our Cookie Policy, which can be found here: [LINK].
You do not have to give us any of the personal data set out above but, if you do not provide us with certain information, we may not be able to provide you with the products you have requested from us, deal with your query or process your job application. 
SHARING YOUR DATA
We share your personal data with trusted third parties to allow us to achieve the purposes set out above. When we do share your data with these third parties, we have written contracts in place with them which require them to only use your data for the purpose we specify to them and that your privacy is secure and respected. 
These trusted third parties include the following:
  • the service providers who manages our marketing campaigns on our behalf, such as our email marketing providers Hubspot and Hootsuite;
  • IT service providers, such as our CRM system provider; and
  • our website optimisation providers such as Shopify, Optomizely and Zendesk.
We may also share your personal data:
  • in connection with a business transition (such as a merger, acquisition by another company, or a sale of all of or portion of our assets). In these circumstances, we may need to share your personal data with a prospective buyer and external professional advisors such as accountants, insurers, lawyers or financial institutions.

  • where we have a duty or a legal obligation to do so, such as with the police, administrative authorities, other enforcement, regulatory or Government bodies, or in order to enforce or apply our terms and conditions or any other agreements which we enter into with you.
HOW LONG WILL WE KEEP YOUR PERSONAL DATA?

We will only keep your personal data for as long as we need to for the reason we collected it, as set out in this Privacy Policy. For example, for as long as needed to allow us to fulfil your orders or to provide any support you have requested. 
We may also keep hold of some of your personal data to deal with legal claims or if we are required to do so for legal purposes, for example, to meet our legal or regulatory requirements or to prevent fraud and abuse. 

We generally retain the personal data we hold about our customers for [6 years] for these purposes.

ENSURING YOUR PERSONAL DATA IS UP TO DATE AND CORRECT

It is important that the personal data we hold about you is accurate and current. If you have an account with us, please keep your details up-to-date.

SECURITY

We are committed to ensuring that your personal data is secure and we have put in place suitable physical, electronic, contractual and managerial procedures to protect your personal data. Our employees who have access to and process your personal data are obliged to respect the confidentiality and security of your personal data.

THIRD PARTY LINKS

Our website may contain links to other websites of interest. However, we do not have any control over third party websites and they will be governed by their own privacy policies, not this Privacy Policy.

INTERNATIONAL TRANSFERS

Some of our service providers are located in countries outside of the UK and EU.
As a result, it may be necessary for the personal data that we collect from you to be transferred to or accessed from outside the UK and EU.

If we do this, we have procedures in place to ensure your data receives the necessary protections. Any transfer of your personal data will follow applicable laws and we will treat the information according to the principles set out in this Privacy Policy. 

If you would like further information, please get in touch with us using the contact details provided at the end of this Privacy Policy.

HOW CAN I UNSUBSCRIBE FROM MARKETING COMMUNICATIONS?

You can unsubscribe from our marketing communications by contacting us at any time using the details provided at the end of this Privacy Policy or using the unsubscribe button at the end of the email.

YOUR RIGHTS

You have the following rights in relation to the personal information we hold about you, to request:
  • access to the personal data we hold about you (commonly known as a "data subject access request") including a copy of it;
  • the correction of the personal information that we hold about you if it is incomplete or inaccurate;
  • the deletion or removal of personal data we hold about you where there is no good reason for us continuing to process it or where you have exercised your right to object to processing (see section on “Right to Object” below);
  • for our processing of your personal information to be restricted in certain circumstances, for example if you want to establish its accuracy or the reason for processing it; 
  • to obtain a copy of the personal information you’ve provided us with and to reuse it elsewhere or to ask us to transfer it to a third party of your choice; and
  • to withdraw any consent you have provided to our use of your personal data. Where you withdraw consent, we will stop using your data for the specific purpose, unless we have an alternative legal basis to use it. 
We may ask you for proof of your identity before dealing with your request, as a security measure to protect your data.

Right to Object

Where we are processing your personal data on the basis of our legitimate interests, you can ask us to stop processing it and we must do so, unless we believe we have an overriding legitimate reason to continue processing your personal data or we need to process it for the establishment, exercise or defence of legal claims. 

If you are dissatisfied with how we have handled your personal data, you have the right to make a complaint to your data protection regulator and we will work with them to resolve it. In the UK, this is the Information Commissioner's Office (ICO). You can make a complaint to the ICO by calling their helpline on 0303 123 1113 or on their website at www.ico.org.uk/concerns. We would, however, appreciate the chance to deal with your concerns before you approach the ICO or, (if you’re based outside of the UK, your data protection regulator), so please do contact us in the first instance using the contact details at the end of this Privacy Policy.

CONTACTING US

If you have any queries, comments or requests regarding this Privacy Policy, you have a complaint or you would like to exercise any of your rights set out above, you can contact us by email at help@consciousbydesign.co.uk.

This Privacy Policy was last updated on February 4, 2021.