PRIVACY POLICY

Introduction

This Privacy Notice explains in detail the types of personal data we may collect about you when you interact with us. It also explains how we’ll store and handle that data, and keep it safe.

Who is collecting the data?

Island Refillery Ltd. For simplicity throughout this notice, 'the business', ‘we’ and ‘us’ means Island Refillery Ltd.

When do we collect your personal data?

- When you visit our website, and use your account to buy products online or on the phone.
- When you make an online purchase and check out as a guest (in which case we just collect transaction-based data).
- When you create an account with us.
- When you purchase a product by phone but don’t have (or don’t use) an account.
- When you engage with us on social media.
- When you sign up to our newsletter.
- When you contact us by any means with queries, complaints etc.
- When you enter prize draws or competitions.

What sort of personal data do we collect?

- If you have an account with us: Your name, billing/delivery address, orders and receipts, email and telephone number. We keep no record of your password.
- If you make an order: Your name, email, phone number, delivery and billing address, payment card information, IP address and your order details.
- Details of your interactions with us online, email, over the phone or at our offices.
For example: we collect notes from our conversations with you, details of any complaints or comments you make, details of purchases you made, items viewed or added to your basket and how and when you contact us.
- If you have consented to be on our mailing list, details of which emails have been sent to you, whether they have been opened and click through data.
- Information gathered by the use of cookies in your web browser.
- Your social media username, if you interact with us through those channels, to help us respond to your comments, questions or feedback.

What is the legal basis for processing the data?

The law on data protection sets out a number of different reasons for which a company may collect and process your personal data, including:

Consent

In specific situations, we can collect and process your data with your consent. For example: When you tick a box to receive our newsletter. When collecting your personal data, we’ll always make clear to you which data is necessary in connection with a particular service.

Contractual obligations

In certain circumstances, we need your personal data to comply with our contractual obligations. For example: When you make an order we will collect your address details to deliver your edition, and pass them to our courier.

Legal compliance

If the law requires us to, we may need to collect and process your data. For example: we can pass on details of people involved in fraud or other criminal activity affecting the business to law enforcement.

Legitimate interest

In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests. For example: we may use your purchase history to send you or make available personalised offers.

How will we use your personal data and why

To process any orders that you make online or over the phone. If we don’t collect your personal data during checkout, we won’t be able to process your order and comply with our legal obligations.

We keep your details in order to fulfil any contractual obligations such as refunds.

To respond to your queries, refund requests and complaints. Handling the information you sent enables us to respond. We may also keep a record of these to inform any future communication with us and to demonstrate how we communicated with you throughout. We do this on the basis of our contractual obligations to you, our legal obligations and our legitimate interests in providing you with the best service and understanding how we can improve our service based on your experience.

To protect our business and your account from fraud and other illegal activities. This includes using your personal data to maintain, update and safeguard your account.

Will the data be shared with any third parties?

 Website platform (Wix)

Wix holds account and order information in order to provide the online ecommerce service.

Payment Processors:

We use a third party payment processor to handle your payment information securely for orders online and over the phone.

Direct marketing companies (Wix):

Who help us manage our electronic communications with you, we share your name and email address. We provide only the information they need to perform their specific services. They may only use your data for the exact purposes we specify in our contract with them.
If we stop using their services, any of your data held by them will either be deleted or rendered anonymous.

We do not pass on your personal data to any third parties for their own purposes.

We may also use your information for:
- For fraud management, we may share information about fraudulent or potentially fraudulent activity in our premises or systems. This may include sharing data about individuals with law enforcement bodies.
- We may also be required to disclose your personal data to the police or other enforcement, regulatory or Government body, in your country of origin or elsewhere, upon a valid request to do so. These requests are assessed on a case-by-case basis and take the privacy of our customers into consideration.
- We may, from time to time, expand, reduce or sell the business and this may involve the transfer of divisions or the whole business to new owners. If this happens, your personal data will, where relevant, be transferred to the new owner or controlling party, under the terms of this Privacy Notice.

How long will the data be stored for?

We keep your personal data for the duration of the purposes outlined in this Privacy Policy, or for the duration required by any legal, regulatory, accounting or reporting requirements, whichever is the longer. Any customer can ask to be anonymised on request after this retention period.
When you consent to receive marketing communications, we will keep your data until you unsubscribe.

How we protect your personal data

We treat your data with the utmost care and take all appropriate steps to protect it.
We secure access our websites using ‘https’ technology.
Access to your personal data is password-protected, and sensitive data such as payment card information is secured and tokenised to ensure it is protected.
We regularly monitor our system for possible vulnerabilities and attacks, and we carry out penetration testing to identify ways to further strengthen security.

Your personal data protection rights
You have the right to request:

- Access to the personal data we hold about you, free of charge.
- The correction of your personal data when incorrect, out of date or incomplete.
- That we stop using your personal data for direct marketing.
- That we stop any consent-based processing of your personal data after you withdraw that consent.

Your right to withdraw consent:

Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent.

Where we rely on our legitimate interest:

In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.

Direct marketing:

You can opt out from direct marketing by the following means: - unsubscribing to any marketing email - by editing the settings of your account - contacting us to remove your details

Checking your identity:

To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Notice. If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.

Data portability

You have the right to request a copy of any information about you that the Business holds at any time, and also to have that information corrected if it is inaccurate. We will provide you with your personal data in a structured, commonly used and machine-readable format. You may reuse it elsewhere.
To ask for your information, please contact our Customer Services at refill@islandrefillery. To ask for your information to be amended, please update your online account, or contact our Customer Services team.

Raising a complaint

If you consider Island Refillery Ltd to process your personal data in an incorrect way you can contact us. You also have the right to turn in a complaint to the UK data protection authority (the Information Commissioner’s Office or ICO).

Updates to our Privacy Notice

We may need to update our Privacy Notice. The latest version of the Privacy Notice is always available on our website. If required by the applicable law, we will notify you of any material or substantive changes to this Privacy Policy.

This page was updated on 16 November 2020.