We, ecocobox (“ecocobox”, “we”, “us”, “our”) are committed to protecting and respecting the privacy of everyone who visits our website, www.ecocobox.com (the “website”). We will only collect and use personal data in ways that are described here and in a manner that is consistent with our obligations and your rights under the law.
In this Policy, when we refer to "you", we are referring to you, as the person or entity accessing, viewing and/or using the website.
Who are we and how to contact us
Where ecocobox collects and processes your personal data, it is the controller for the purposes of data protection laws including the General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”) and the Data Protection 2018 (“the Act”) and / or any applicable legislation adopted by the United Kingdom post the United Kingdom ceasing to be a Member State of the European Union (“Data Protection Legislation”).
If you need to contact us for any reason regarding this Policy, including the collection and / or use of your personal data, or as otherwise indicated in any section of this Policy, you may contact us at firstname.lastname@example.org.
If you are unhappy with how we handle your personal information, please send an email marked to the attention of the Managing Director, and we will look into your complaint as a matter of urgency.
What personal information do we collect about you?
Personal information is information that can be used to identify or contact a specific individual, such as a name, address, telephone number or email address.
We may collect and process information the following information about you when you use the website or contact us:
Information which is given by you
We collect information you give us when you register or log in to the website, complete forms on the website or searches, place orders, report problems or contact us by e-mail or otherwise. The information you give us may include your name, email address, postal address, date of birth and telephone number, username and password and credit card or other payment information.
Information we collect about you
With each of your visits to the website (regardless of whether you register or log in during your visit), we will automatically collect the following information:
- technical information (e.g. your Internet Protocol (IP) address, log in information, browser type and version, time zone and setting, browser plug in types and version, operating system and platform;
- information about your visit, including the full URL and the pages and products you viewed during your visit, any search terms entered on our website, length of time spent on each page, the city and country you accessed our website from, page response times, download errors;
- Details of goods purchased by you from the Website;
Information collected when you sign up to receive newsletters and information from us
When you sign up to receive newsletters and marketing materials from us we will collect your name and email address.
Our Legal Grounds for Processing Personal Information
Our legal grounds for processing your personal information are:
- the processing is necessary for the performance of a contract that we have with you or in order to take steps at your request prior to entering into a contract (i.e. for the subscription service or ordering goods via our online store);
- your consent, where you have agreed to us using your personal information;
- the processing is necessary for compliance with a legal obligation to which we are subject; or
- the processing is necessary for the purpose of our legitimate interests or those of a third party, such as financial interests, operational and administrative interests, ensuring security, maintaining our relationship with you, marketing, optimising and understanding the use of our site, research and statistical analysis.
What do we use your personal information for?
Any of the information we collect from you / about you may be used as follows:
- To administer your account with us and carry out our obligations arising from any contracts entered into between you and us (legal basis: performance of our contract with you and legitimate interests).
- To process your orders and provide you with the products or services which you request through our site (legal basis: performance of our contract with you). If you do not wish to provide the personal information requested you may not be able to proceed with the subscription agreement or the order.
- To keep records of purchases, sales or other transactions for the purpose of ensuring that the requisite payments and deliveries are made in respect of those transactions (legal basis: performance of contract with you).
- To understand what advertising and information is relevant to you by analysing your visit history and providing you with information about goods or services or changes to our good and services that may interest you (legal basis: consent).
- To identify visitors to our website (legal basis: consent).
- To administer and improve our website as we want our website to be the best it can be (legal basis: consent).
- To improve customer service (legal basis: consent).
- To personalise your experience (legal basis: consent).
- To audit data downloading from our website (legal basis: consent);
- To administer a contest, promotion, survey, research or other site feature (legal basis: consent);
- To display products to you that might be of interest while you are using the internet (via Google/Facebook). (This will be based on your consent to marketing or your acceptance of cookies on our websites. See our Cookies Policy.)
- To provide you with information about goods and services (legal basis: consent where we contact you be electronic means (SMS; email) and our legitimate interests for non-electronic forms of communication); and
- To send you newsletters (legal basis: consent where we contact you be electronic means (SMS; email) and our legitimate interests for non-electronic forms of communication).
You may have a legal right to ask us to delete or destroy your information. Please contact us on email@example.com.
Do we share your personal information?
We contract with third party service providers and suppliers to provide certain services.
We may share your personal data with the following parties, for the purposes noted below:
- our email mailing list provider, currently Mailchimp;
- the parties that provide delivery services, which are currently Royal Mail;
- the party who provides our subscription payment services, which is currently Bold;
- our ecommerce platform provider, which are currently Shopify;
- when we believe it is appropriate to comply with the law, we may disclose information about you to law enforcement officials in the investigation of any alleged unlawful activities by you. We may also be required to disclose information to a court or regulatory body when required to do so by law.
- regulators, government departments, law enforcement authorities, and tax authorities;
- any relevant dispute resolution body or the courts; and
- persons in connection with any sale, merger, acquisition, disposal, reorganisation or similar change in our business;
Except as provided above, we will not share personal information with any other third parties without informing you beforehand, unless required by, or in connection with, law and / or regulatory requirements.
We will not sell, trade or lease your personal information to others.
Where do we store your personal data?
The information which we collect about you will usually be stored inside the UK or the European Economic Area (EEA). However, we may transfer data outside the UK or EEA where our service providers host, process or store data outside the UK or EEA. Where we do this, we will ensure that the transfer is to a country covered by the decision of the European Commission or is otherwise made in circumstances where we have put appropriate safeguards in place to protect your date in accordance with the Data Protection Legislation.
How do we protect your information?
We implement a variety of security measures to maintain the safety of your personal information. Our security is reviewed and enhanced as necessary. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Unfortunately, the transmission of information via the internet is not completely secure and although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to the Website; any transmission is at your own risk.
Your account is password-protected for your security and we accordingly advise that you maintain the privacy of your password. Furthermore it is recommended that you occasionally change your password to maintain this level of security.
Third Party Links
Your rights under the data protection legislation.
You have the following rights in respect of the information we process about you:
- the right to access information held about you by making a subject access request in accordance with the Data Protection Legislation. We may charge a reasonable fee when a request is manifestly unfounded or excessive;
- the right to request us to rectify personal information concerning you which is inaccurate or incomplete;
- the right to request us to erase personal information concerning you (in certain conditions as set out in the Data Protection Legislation);
- the right to object to the processing of your information by us as well as the right to request us to restrict the extent to which we process your personal information (both in certain conditions as set out in the Data Protection Legislation);
- the right to data portability (in certain conditions out in the Data Protection Legislation);
- the right to ask us not to process your personal information for marketing purposes. We will usually inform you (at the time of collecting information) if we intend to use your information for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your information or at any time by contacting us;
- right to know about any automated decision-making or profiling;
- where you have provided your consent to us for us to process your personal information, you have the right to withdraw your consent by informing us; and
- the right to lodge a complaint with the Information Commissioner’s Office in the UK.
The above rights may be exercised in accordance with data protection law.
Access to information
You have the right to request a copy of personal information that we hold about you under the Data Protection Legislation. To do this, simply contact us at firstname.lastname@example.org. Should we be prevented from disclosing your personal information, reasons will be given for the refusal. We may also request that you provide further information and identification to enable your request to be processed.
If you believe that any information we hold about you is incorrect or incomplete, please contact us at email@example.com. We will thereafter correct any information found to be incorrect. You can find detailed information about your rights under the Data Protection legislation on the UK Information Commissioner's website: http://www.ico.org.uk/.
We will not hold your personal information for longer than is necessary for the “uses” outlined above unless we are required to keep your personal data to comply with the law and any regulatory requirement.
For example, when you place an order with us we will retain your personal data for a period of 2 years to allow us to comply with our legal and contractual obligations.
We keep this Policy under regular review and in the event we make any changes we will place an updated version on our Website and, where appropriate, notify you by e-mail, seek your consent or place a notification on the Website. Please review this page regularly to ensure that you are always aware of what personal information we collect, how we use it and under what circumstances we will share it with other parties.
This policy was last amended on 24 April 2019.
If you need to contact us for any reason regarding this policy, including the collection and / or use of your personal data, or as otherwise indicated in any section of this Policy, our contact details are as follows - firstname.lastname@example.org