We are committed to safeguarding your privacy and security. Any personal information that we obtain about you through your dealings with us will be processed, stored and disposed of in compliance with the General Data Protection Regulations (GDPR).
This Privacy Notice explains what personal data BRITBUS INTERNATIONAL LTD will collect about you when you interact with us, how we use and protect your data, and your rights relating to our use of your data.
The legal bases we rely on
We operate subject to the Laws of England and the non-exclusive jurisdiction of the English Courts. In particular, orders placed on our website and fulfilled by us are subject to The Consumer Contracts (Information, Cancellation and Additional Charges) Regulations 2013. GDPR allows collection of your data: (a) necessary to fulfill contractual obligations, e.g. process and deliver your order, (b) with your consent, e.g. you confirm subscription to our email newsletter, (c) legal compliance, e.g. passing on personal data required by law enforcement and (d) legitimate interest, e.g. website analytics.
When do we collect your personal data
- When you visit our website, place an order (even using guest checkout), request a return or refund, submit a contact form, create an account or place an order over the phone.
- When you communicate with us by email.
- When you engage with us on social media.
- When you review our products or services via Trusted Shops.
- When you respond to our surveys.
- When we speak with you on the telephone.
What personal data do we collect
- Your billing and delivery name, address, telephone number(s).
- Encrypted record of your account password (if you have one).
- Email addresses you use to interact with us.
- IP addresses of your devices that interact with our website or are used to email us.
- Notes of telephone calls recorded in you order notes to process returns and refunds.
- Details of your orders and items you have ordered and returned.
- Details of your visits to our website (by ip address only).
- Your reviews placed on Trusted Shops.
- Your social media username if you use social media to interact with us.
- Your payment card information is not held on our website but is captured and stored by our payment partners, PayPal and UK based, Secure Trading.
How do we collect your personal data
- Your ip address is logged when you visit our website or when you send an email.
- You submit your billing and delivery name, address and contact information when you place an order on our website or by phone.
- You submit your payment card information via our payment partners, PayPal or Secure trading or by phone.
- You submit a message via the contact form on our website.
- You subscribe to our newsletter via our website.
- You create an account and password.
- You communicate with us by phone or email
Why do we collect your personal data
- To enable you to browse and shop on our website, e.g. cookies to track items in your basket.
- To enable you to pay for your order.
- To enable us to fulfil our contractual obligations to you, e.g. send your order to you and process exchanges, returns and refunds.
- To send you order status emails.
- To answer your emails and telephone queries.
- To send you email newsletters.
- To enable our website security systems to function.
- To send you surveys.
- To improve our website and sytems.
How do we protect your personal data
We understand how important data security is – we shop online and use social media ourselves afterall. We use a wide variety of sytems to protect and secure our website and your data. For example:
- All transactional areas of the website are secured by https technology.
- Access to your personal data is password protected.
- Our website is actively monitored by McAfee Secure, Norton Secured and others to ensure that it is free of Malware, Malicious links, Phishing agents and other vulnarabilities.
- Any paper copies of orders, invoices or emails that we may make or that you may send with your returned goods are detroyed by cross-shredding before being disposed of.
Who will your persoanl data be shared with
Your personal data will be shared with other organisations only to the extent necessary to: (a) fulfil our contractual obligations to you, (b) communicate with you, (c) to protect and secure our website and systems and (d) to develop and improve our website and systems and (e) for our website to function. Sometimes it may only be an IP address that is shared, or just an email address. Here are some examples:
- PayPal and Secure Trading – your payment card information, order details, email addresses and addresses.
- Your bank or payment card provider.
- Google – your IP address for analytics and product ad conversion tracking and your email address because we use Google’s G Suite for our email system.
- Our staff, in order that they can process your orders, emails and phone calls.
- The delivery companies who deliver your orders.
- Law enforcement if necessary to combat fraud.
- Social media companies – when you share our content on their platform.
- Mailchimp – the sytem we use for email newsletters.
- Trusted Shops – your order reference and email address when you submit a review or set up their free guarantee.
How long will we keep your personal data
We will only keep your personal data for as long as we need to complete our legal and contractual obligations to you, long enough to reasonably enable you to easily access your account to place another order or request a return and long enough to satisfy HMRC VAT requirements. After that, personal data will be deleted or anonomised. We understand that order history needs to be kept for 7 years to satisfy HMRC.
Where will your personal data be processed
As we have customers all over the world, this partly depends on where you are, where your order is going, where your bank or payment card provider is based, which email system you use, which social media platforms you use, which Internet Service Provider you use, which phone providers you use, where delivery companies have their sytems based and how internet traffic is routed at any point in time.
If you live in the EU (including UK) and your order is being delivered to where you live then it becomes a little simpler. Some of your personal data (even if it’s only your IP or email address) may be processed outside of the EU. We can only assume that any personal data procesed by US based companies like Google, Mailchimp and the social media platforms may be processed outside of the EU. Similarly if you use GMail, Outlook or Yahoo for email. As a further example, mobile phones, tablets and browsers have settings to enable you to opt in or out of their customer experience improvenment programmes – some of these may capture details of your IP address, IMEI number and which website you have visited.
What are you rights over your personal data
You can get full details of your rights under GDPR from the Information Commissioners Office but here is a summary of the key points.
You have a right to:
- Be informed – hence this Privacy Notice.
- Withdraw any consent you have given for the use of your personal data, e.g. for email marketing.
- Correction of your personal data if incorrect or out of date.
- Access to the personal data we have about you and a copy of that information.
- Have your personal data erased (also known as ‘the right to be forgotten’) in certain circumstances.
- Request the restriction or suppression of your personal data.
- Data Portability.
- Object to the processing of your personal data in certain circumstances.
- Be informed about and to be able to challenge any automated decision making or profiling that affects you.
Some of these are unlikely to be relevant to your dealings with us.
You can make requests by phone or email and we have up to 1 month to reply. If there are any reasons not to grant your equest then we will let you know.
If you have any concerns that your personal data has not been treated correctly or you are not happy with our response then you can contact the Information Commissioner’s Office ( ICO). Details here.
- You are responsible for the security of your password in your possession.
- Please ensure that it can not be obtained by others and that others can not access your pc when you are logged in.
- We cannot read your password. It is stored in an encrypted form.
- If you forget your password for your account simply click on “Forgot your password?“, enter your e-mail address and follow the instructions to obtain your new password. If you would like help re-setting your password then please phone us during office hours and we can re-set it for you.
- Payments are processed securely through our UK based secure payment partners SecureTrading and via PayPal.
- Your internet browser will show you that the Checkout pages and Your Account pages are secure before you enter any personal, credit or debit card details. Look for the lock symbol, green web address bar or ‘https’ at the start of the web address to see that you are on a secure page.
- We also use McAfee Secure, Norton Secured and other systems to check every day that our website is safe and secure.
- To protect against the fraudulent use of credit and debit cards we perform additional random security checks on the information you provide and you may be asked to confirm certain information before we process your order.
Verified by Visa and MasterCard SecureCode
- Visa and Mastercard now provide enhanced security for online transactions.
- All Visa and MasterCard card holders will soon, if they haven’t already, be invited to set up additional security for online transactions.
- Customers who have not yet done this may experience an error message “3-D Security Not Valid” during online transactions.
- If this happens then you will be prompted with instructions to verify your card.
- If you need assistance then please contact us.
- For futher information please see Verified by Visa and MasterCard SecureCode
Integration of the Trusted Shops Trustbadge
- We have integrated the Trusted Shops Trustbadge on this website in order to display our Trusted Shops Trustmark and offer the Trusted Shops products to customers after placing an order.
- This serves the protection of our legitimate interests in the optimal marketing of our offer according to art. 6 (1) 1 lit f GDPR that are overriding in the process of balancing of interests. The Trustbadge and the advertised trust badge services are offered by Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne, Germany.
- With every use of the Trustbadge, the web server automatically saves a so-called server log file which contains e.g. your IP address, the date and time of the request, the volume of data transferred and the requesting provider (access data), and documents the request. Those access data are not analysed and are automatically overwritten no later than seven days after the end of your website visit.
- Other personal data are transferred to Trusted Shops only if you decide to use or have already registered to use Trusted Shops products after placing an order. In such a case, the contract concluded between you and Trusted Shops applies.