Privacy policy
Privacy Policy
Welcome to Earths Basket and our website at www.earthsbasket.co.uk. In this Privacy Policy you will find all the information about which personal data we collect and process and for what purpose. You will also find out what rights you have and how you can assert them.
Please read this Privacy Policy along with our Cookie Policy which provides additional details about the Cookies we use. This Policy sits in line with the UK`s Data Protection Act (“DPA”) and the General Data Protection Act (“GDPR”).
What is Personal Data?
Personal Data is any information relating to personal or material circumstances that relates to an identified or identifiable individual. This includes, for example, your name, date of birth, e-mail address, postal address, or telephone number as well as online identifiers such as your IP address. In contrast, information of a general nature that cannot be used to determine your identity is not Personal Data. This includes, for example, the number of users of a website.
What is processing?
"Processing" means any operation or set of operations which is performed upon personal data, whether or not by automatic means. The term is broad and covers virtually any handling of data.
The Data Controller
The person that is responsible for your information under this Privacy Policy (the “data controller”) is:
Earths Basket Ltd
146 Orchard Park Avenue
Thornliebank
G46 7BN, UK
If you have any questions about the processing of your Personal Data by us or about data protection in general, you can reach us at hello@earthsbasket.co.uk.
The Supervisory Authority
The competent data protection authority in the UK is:
The Information Commissioner`s Office (ICO)
Wycliffe House, Water Ln,
Wilmslow SK9 5AF, UK
Relevant legal basis
In the following, we inform you about the legal basis on which we process Personal Data. If more specific legal bases apply in individual cases, we will inform you of these separately.
- Consent - The data subject has given his/her consent to the processing of Personal Data relating to him/her for a specific purpose or purposes.
- Performance of a contract and pre-contractual enquiries - Processing is necessary for the performance of a contract to which the data subject is a party or for the performance of pre-contractual measures carried out at the data subject's request.
- Legitimate interests - Processing is necessary for the purposes of the legitimate interests of the controller or a third party unless such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of Personal Data.
Your rights
When we process your Personal Data, you have following rights:
- Right to information;
- Right of access;
- Right to rectification;
- Right to erasure;
- Right to restriction of processing;
- Right to data portability;
- Right to object;
- Rights in relation to automated case-by-case decisions, including profiling; and the
- Right to Complaint:
If you wish to exercise any of the rights listed above, you can contact us by email at [Insert E-Mail]. For your protection and the protection of all our users, we may need to request certain information from you to help us confirm your identity before we can respond to the above requests.
Processing of Personal Data
a) access data and hosting
You can visit our website without providing any personal information. Each time you access a website, the web server automatically saves a so-called server log file, which contains, for example, the name of the requested file, your IP address, the date and time of the access, the amount of data transferred and the requesting provider (access data and log files) and documents the access.
This access data is evaluated solely for the purpose of ensuring trouble-free operation of the site and improving our services. In accordance with the DPA and GDPR, this serves to protect our legitimate interests in the correct presentation of our website, which outweigh our interests in the context of a balancing of interests. All access data is deleted at the latest seven days after the end of your visit to the site.
b) hosting
As part of processing on our behalf, Shopify International Ltd provides hosting and website presentation services for us. This serves to protect our legitimate interests in the correct presentation of our website, which are outweighed by a balance of interests. All data collected in the course of using our website or in forms provided for this purpose in the online shop are processed on Shopify`s servers.
c) Contacting us
If you contact us via e-mail contact form or social media, we store and process the following data from you: e-mail address, Name and telephone number, if provided, as well as other personal data that you provide when contacting us.
This data is collected and processed exclusively for the purpose of contacting you and processing your request and then deleted, provided there is no legal obligation to retain it. The legal bases for processing are contract and our legitimate interest.
d) data collection and use for contract processing
We collect personal data if you voluntarily provide it to us in the context of your order (your name, e-mail address and shipping address). Mandatory fields are marked as such, as we need the data in these cases to process the contract or to process your contact and you cannot send the order or contact without providing it. We use the data you provide in accordance with Art. 6 Para. 1 S. 1 lit. b GDPR to process the contract.
If you have given your consent by deciding to open a customer account, we will use your data (your name, e-mail address, chosen password) for the purpose of opening a customer account. After complete processing of the contract or deletion of your customer account, your data will be restricted for further processing and deleted after expiry of the retention periods under tax and commercial law, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration.
The deletion of your customer account is possible at any time and can be done either by sending a message to the contact option described below or via a function provided for this purpose in the customer account.
e) newsletter
If you register for our newsletter, we will use the data required for this purpose or separately provided by you to send you our e-mail newsletter on a regular basis based on your consent.
Unsubscribing from the newsletter is possible at any time and can be done either by sending a message to the contact option described below or via a link provided for this purpose in the newsletter. After unsubscribing, we will delete your email address unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law.
The newsletter is sent as part of processing on our behalf by Mailchimp (Intuit Inc) to whom we pass on your e-mail address for this purpose.
f) marketing
Insofar as you have also given us your separate consent to process your data for marketing and advertising purposes, we are entitled to contact you for these purposes via the communication channels you have given your consent to.
You may give us your consent in a number of ways including by selecting a box on a form where we seek your permission to send you marketing information, or sometimes your consent is implied from your interactions or contractual relationship with us. Where your consent is implied, it is on the basis that you would have a reasonable expectation of receiving a marketing communication based on your interactions or contractual relationship with us.
Direct Marketing generally takes the form of e-mail but may also include other less traditional or emerging channels. These forms of contact will be managed by us, or by our contracted service providers. Every directly addressed marketing sent or made by us or on our behalf will include a means by which you may unsubscribe or opt out.
Updating your information
If you believe that the information, we hold about you is inaccurate or that we are no longer entitled to use it and want to request its rectification, deletion, or object to its processing, please do so by contacting us.
For your protection and the protection of all of our users, we may ask you to provide proof of identity before we can answer the above requests. Please keep in mind, we may reject requests for certain reasons, including if the request is unlawful or if it may infringe on trade secrets or intellectual property or the privacy of another person.
Also, we may not be able to accommodate certain requests to object to the processing of Personal Data, notably where such requests would not allow us to provide our service to you anymore.
Withdraw your consent
You may withdraw your consent and request us to stop using and/or disclosing your Personal Data for any or all of the Purposes by submitting your request to us. Should you withdraw your consent to the collection, use or disclosure of your Personal Data, it may impact our ability to proceed with your transactions, agreements, or interactions with us. Please note that your withdrawal of consent will not prevent us from exercising our legal rights (including any remedies) or undertaking any steps as we may be entitled to at law.
Data transfer
In order to fulfil the contract, we pass on your data to the shipping company commissioned with the delivery (DPD and Royal Mail), insofar as this is necessary for the delivery of ordered goods.
If you have given us your express consent during or after your order, we will pass on your e-mail address and telephone number to the selected shipping or fulfilment service provider so that they can deliver your order and contact you before delivery for the purpose of delivery notification or coordination.
Depending on which payment service provider you select in the ordering process, you pass on your payment data to the payment processor commissioned with the payment (Shop Pay, PayPal, Apple Pay, g pay. In some cases, the selected payment service providers also collect this data themselves if you create an account with them. In this respect, we do not collect or process any of your financial data and the Privacy Policy of the respective payment service provider applies.
We may also disclose Personal Data to third parties if we are legally obliged to do so e.g., by court order or if this is necessary to support criminal or legal investigations or proceedings at home or abroad or to fulfil our legitimate interests.
Data Security
Our data processing is subject to the principle that we only process the Personal Data that is necessary for the use of our services. In doing so, we take great care to ensure that your privacy and the confidentiality of all Personal Data are always guaranteed.
All transmitted data is protected by TLS encryption. Transport Layer Security (TLS) is a protocol used to ensure secure data transmission on the Internet. The public-private key procedure is used here. This means that data encrypted with a publicly accessible key can only be decrypted again with a separate private key.
We also use technical and organisational security measures (TOMs) throughout the company to protect the data we manage from you against accidental or intentional manipulation, loss, destruction or against access by unauthorised persons.
Duration of data storage
We store personal data on our secure server and only for as long as it is necessary for the purposes for which it is processed or for as long as any consent you have given us has been revoked by you. Insofar as statutory retention obligations must be observed, the storage period for certain data may be up to 6 years, irrespective of the processing purposes.
Automated decision-making
Automated decision-making including profiling does not take place.
Social Media
We are present on social media on the basis of our legitimate interest currently Facebook, Twitter, TikTok and LinkedIn. If you contact us via those social media platforms, you should note that the chat history can neither be deleted by us nor by you. And that, in accordance with the DPA and the GDPR, the relevant social media platform and we are jointly responsible for the processing of your data and enter into a so-called joint controller agreement. A Joint Controller Agreement itself if very legalistic and lengthy, but in a nutshell, it clarifies how the jointly responsible parties will fulfil the obligations arising from data protection laws that are applicable to them. The legal basis for the use of the relevant social media platform is our legitimate interest, your consent or, in the case of a (pre) contractual relationship with us, the initiation of a contractual service.
Personal information and children
Our services are aimed at people aged 18 and over. We will not knowingly collect, use or disclose personal information from minors under the age of 18 without first obtaining consent from a legal guardian through direct offline contact.
Changes and updates
We kindly ask you to regularly inform yourself about the content of our Privacy Policy. We will amend the Privacy Policy as soon as changes to the information processing activities we carry out make this necessary.
Concerns and Contact
If you have any concerns about a possible compromise of your privacy or misuse of your personal information on our part, or any other questions or comments, or wish to exercise your rights under applicable laws, please contact us.
This Privacy Policy was last updated on Thursday, 08 December 2022.