Privacy Policy

 Effective date: 15th April 2024

1. Introduction

Bathroom Passion is the trading name of NINE07 LTD.

This Privacy Policy describes how bathroompassion.co.uk (the "Site", "we", "us", or "our") collects, uses, and discloses your personal information when you visit, use our services, or make a purchase from bathroompassion.co.uk (the "Site") or otherwise communicate with us (collectively, the "Services"). For purposes of this Privacy Policy, "you" and "your" means you as the user of the Services, whether you are a customer, website visitor, or another individual whose information we have collected pursuant to this Privacy Policy.

2. Scope and Consent

This Privacy Policy applies to all personal data collected through our website and any related services. By using our website, you consent to the collection, processing, and transfer of your data as described in this document. Please review this policy periodically as we may update it from time to time to reflect changes in our practices or relevant regulations.

3. Data Controller

The data controller responsible for your personal information under the General Data Protection Regulation (GDPR) is NINE07 LTD. Our registered office is located at 203 West Street, Fareham, Hampshire, PO16 0EN. If you have any enquiries or concerns about this privacy policy or our data handling practices, please feel free to contact us at info@bathroompassion.co.uk.

4. Personal Data Collected

We collect various types of personal data to provide and improve our services. This includes:

• Device Information: Such as your web browser, IP address, and time zone.
• Usage Data: Information on how you interact with our website, including the pages you visit and the products you view.
• Account Data: If you register an account, we collect your name, email address, and password.
• Transaction Data: Details about the products you purchase and your transaction history.
• Communication Data: Any information you provide when you contact us directly through email or other communication channels.

5. Purposes of Data Collection

Your personal data is collected for several purposes:

• To Provide Services: To fulfil your orders and manage your account.
• To Improve Services: To understand how you use our services and website, helping us to improve our offerings and website functionality.
• To Communicate: To respond to enquiries and provide customer support.
• For Marketing: To send you promotional messages and advertising, subject to your consent where required by law.
• For Legal Obligations: To comply with legal requirements and to protect the rights and safety of our company and our users.

6. Legal Basis for Processing

We process your personal data under the following legal bases:

• Consent: We may rely on your consent for processing personal data when you have explicitly provided it.
• Contract: Processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract.
• Legal Obligation: Processing is necessary for compliance with a legal obligation to which we are subject.
• Legitimate Interests: We may process data when it is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms.

7. Data Collection Methods

We collect data through various methods:

• Direct Interactions: You may give us your data by filling in forms or by corresponding with us by post, phone, email, or otherwise.
• Automated Technologies or Interactions: As you interact with our website, we may automatically collect technical data about your equipment, browsing actions, and patterns. We collect this personal data by using cookies, server logs, and other similar technologies.
• Third Parties or Publicly Available Sources: We may receive personal data about you from various third parties and public sources as set out below.

8. Cookies and Tracking Technologies

We employ cookies and similar tracking technologies to track activities on our services and store certain information. Cookies are files with small amounts of data which may include an anonymous unique identifier. We utilise both session and persistent cookies to enhance your user experience:

• Session Cookies: Essential for our service operations.
• Persistent Cookies: Help remember your preferences and various settings.
• Tracking Cookies: Track your activities and the pages you have visited on our site.

For detailed information on how we use cookies and your control options, please refer to our Cookie Policy.

9. Data Received from Third Parties

We receive information about you from other sources, which enhances our ability to serve you and optimise our services. These sources include but are not limited to:

• Business Partners and Affiliates: For instance, if you interact with any business partners or affiliates promoting our services.
• Analytics Providers: Such as Google Analytics, which helps us understand how users engage with our services. For details on how Google Analytics collects and processes data, please see their link in section 10.
• Payment and Delivery Services: Our partners like Shopify Payments and PayPal, manage transaction processing, please see their link in section 11, while delivery services handle your product shipments.

10. Analytics and Third-Party Processors

As stated above, we utilised various third-party services to understand our website usage and improve user experience:

• Google Analytics: Analyses site traffic and user interactions. Privacy Policy
• Tidio: Provides real-time customer support chat. Privacy Policy
• Klaviyo: Manages and sends marketing emails. Privacy Policy
• Judge.me: Collects and displays customer reviews. Privacy Policy
• Shopify: Hosts our e-commerce platform. Privacy Policy

11. Payment Processors

We work with trusted payment processors to handle your payment information securely:

• Shopify Privacy Policy
• PayPal Privacy Policy 

These services may collect and store sensitive financial data, such as credit card numbers, which are crucial for processing transactions securely.

12. Use of Personal Data

Your personal data is utilised for various operational and business purposes:

• Order Fulfillment: Processing purchases, transactions, and managing deliveries.
• Customer Support: Responding to your enquiries and resolving issues.
• Account Management: Managing registrations, logins, and customer accounts.
• Marketing Activities: Conducting advertising campaigns and promotional communications based on user preferences.
• Legal Compliance: Meeting legal, regulatory, and compliance obligations.

13. Data Retention

We retain personal data only as long as necessary to fulfil the purposes it was collected for, including satisfying legal, accounting, or reporting requirements. The retention period is determined by considering the amount, nature, and sensitivity of the data, the potential risk from unauthorised use or disclosure, the processing purposes, and whether those purposes can be achieved through other means, along with legal requirements.

14. Data Security

We implement robust security measures to ensure the safety of your personal information when you interact with our services. These measures include advanced data encryption, secure server configurations, and stringent access controls. We regularly update our security practices to prevent unauthorised access or destruction of data, ensuring your information remains safe and secure.

15. International Data Transfers

To provide you with the best possible service, your personal data may be transferred to and stored at destinations outside the United Kingdom. We ensure that such transfers are carried out in compliance with applicable data protection laws. For transfers outside the UK, we implement standard contractual clauses approved by the European Commission, ensuring adequate levels of data protection.

16. Sharing of Personal Data

We only share your personal data with third parties when necessary for the purposes outlined in this policy, including:

• Service Providers: We engage various service providers who perform functions on our behalf.
• Legal Requirements: We may disclose your data if required by law or to protect the rights, property, or safety of NINE07 LTD., our customers, or others.
• Business Transfers: In the event of a merger, acquisition, or asset sale, personal data may be transferred as part of the business assets.

17. Selling of Personal Data

We may sell, rent, or share personal data with third parties for direct marketing purposes, subject to your prior consent where required by law. If you do not wish your data to be shared in this way, you can opt out at any time by contacting us directly.

18. Your Rights Under GDPR

Under the GDPR, you have several rights regarding your personal data, including:

• Right to Access: You can request access to the personal data we hold about you.
• Right to Correction: You can request correction of inaccurate personal data.
• Right to Erasure: You can ask us to delete or remove personal data when there is no good reason for us to continue processing it.
• Right to Restrict Processing: You have the right to block or suppress processing of your personal data under certain circumstances.
• Right to Data Portability: You can request the transfer of your personal data to another party.

19. Right to Withdraw Consent

At any time, you have the right to withdraw your consent to the processing of your personal data. Withdrawal will not affect the lawfulness of processing based on consent before its withdrawal. To withdraw your consent, please contact us directly.

20. Accessing and Updating Your Data

You have the right to access information we hold about you. You can request access, correction, or deletion of your personal data via our designated contact points. We strive to respond to legitimate requests within one month.

21. Complaints to Authorities

If you believe that our processing of your personal data infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You can do so in the EU member state of your usual residence, your place of work, or the place of the alleged infringement.

22. Children’s Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that a child under 18 has provided us with personal data, we will take steps to delete such information from our files as quickly as possible.

23. Links to Other Websites

Our website may contain links to other websites not operated or controlled by us. We are not responsible for the content, privacy policies, or practices of any third party sites. The inclusion of a link does not imply endorsement of the linked site by Bathroom Passion. We encourage you to review the privacy policies of any third-party sites you interact with.

24. Changes to the Privacy Policy

We may update this Privacy Policy from time to time in response to changing legal, technical, or business developments. When we update our Privacy Policy, we will take appropriate measures to inform you, consistent with the significance of the changes we make. You can see when this Privacy Policy was last updated by checking the “last updated” date displayed at the top of this Privacy Policy.

25. Contact Information

If you have any questions or concerns about our use of your personal information, please contact us at the following:

Write to us:

NINE07 LTD. t/a Bathroom Passion 203 West Street, Fareham, Hampshire, PO16 0EN.

Email us:

 info@bathroompassion.co.uk

26. Data Protection Officer

Our Data Protection Officer is responsible for overseeing what we do with your data and ensuring we comply with data protection laws. If you have any questions or concerns about our data practices, you can contact us at:

Write to us:

NINE07 LTD. t/a Bathroom Passion 203 West Street, Fareham, Hampshire, PO16 0EN.

Email us:

 info@bathroompassion.co.uk

27. Automated Decision Making and Profiling

We may use automated decision-making and/or profiling in regard to your personal data for some services and products. If we use these technologies, we will provide clear information about any automated decision-making that significantly affects you, and we will provide you with the opportunity to request human intervention or challenge a decision made this way.

28. Legal Disclosure Requirements

We will disclose your personal information where required by law or subpoena, or if we reasonably believe that such action is necessary to comply with the law and the reasonable requests of law enforcement or to protect the security or integrity of our service.

29. Supervisory Authority

If you are unsatisfied with our response to your data protection concerns, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK’s supervisory authority for data protection issues.

More details can be found on their website at https://ico.org.uk, or you can contact them directly at +44 303 123 1113.