Shop

Privacy policy

 

This is the Privacy Policy of Restore Home Limited trading as Restore Home & Organics. This Privacy Policy covers our website, online sales and offline sales as applicable. Throughout this Privacy Policy, we refer to “we”, “us” and “our”, which means Restore Home & Organics. 

Introduction

We are committed to protecting and respecting your privacy, and to acting in compliance with current data protection legislation as applicable to our UK and European operations, including the UK Data Protection Act 2018 (UK DPA), UK GDPR (GDPR as incorporated into UK law pursuant to the European Union (Withdrawal Act) 2018) and EU GDPR (the General Data Protection Regulation (EU) 2016/ 679), together with any applicable enacting, successor, supplementing or amending legislation. 

This Privacy Policy sets out how we handle data, including how we collect, store and use personal data, our legal bases for processing your personal data, information on transfers to third parties and international transfers, as well as your rights as a data subject. This Privacy Policy covers personal data processed by us.  

All use of our website, and purchase of or subscription to our products and services, including The Blend and Nurture Notes, by or to you, the user, is conditional upon and subject to this Privacy Policy, which forms a part of our Terms and Conditions, together with any notices and policies stated on this website. If you do not agree to the terms of this Privacy Policy, you may not access the website or use any products or services and please do not submit any personal data to us.

Contents:

  1. Who we are and other important information
  2. What personal data we collect 
  3. How and when we collect personal data
  4. How and why we use personal data
  5. Who we transfer personal data to
  6. International transfers
  7. How we keep your data secure 
  8. Retention and deletion of personal data
  9. Your rights as a data subject
  10. Changes and enquiries 
  11. Governing law and status
  12. Glossary of terms

 

The headings used in this agreement are included for convenience only and will not limit or otherwise affect these Terms.   

  1. Who we are and other important information

This section explains where this Privacy Policy is applicable and who we are and other important information including on our relevant supervisory authority.

This is the Privacy Policy of Restore Home Limited trading as Restore Home & Organics.  It sets out how we collect and process personal data through use of our products and services, use of our website, and other collection of personal data related to our business.  Our products and services are designed for adults and therefore our website is not intended for children (under 16 years of age) and we do not knowingly collect data relating to children.

Restore Home Limited is registered with the UK Information Commissioner’s Office (ICO) under registration number C1226725.  Section 12 tells you how you can contact the ICO.

  1. What personal data we collect

This section explains what types of personal data we might collect from you and the classification of this data (section 2.1). It includes information on any special category data (data which you might consider particularly sensitive) that might be collected.

2.1 Whether you are a customer, supplier or other business contact, we will collect and use your personal data in the manner and for the reasons set out in this Privacy Policy.  We collect most personal data directly from you however if we collect personal data indirectly, we refer to this explicitly in this Privacy Policy.  We have listed the types of personal data we may collect from persons according to the relationship that person has with us as follows:

Customers, suppliers (including individual contractors) and other business contacts 

Data collected may include the following, where provided:

  • Identity data (including full name, username or similar identifier, title/ gender, job title, role, seniority)
  • Contact data (including billing address, delivery address, email address, telephone numbers)
  • Financial data (including bank account, payment card details)
  • Transaction data (including details about payments to and from you and/or your organisation and other details of products and services you have purchased from us)
  • Technical data (including internet protocol (IP) address, login data, browser type and version and other technology on the device used to access our website)
  • Profile data (including username, password, purchases or orders made by you, your interests, preferences, feedback and survey responses)
  • Usage data (including information about how you use our websites, products and services)
  • Marketing and communications data (including your preferences in receiving marketing from us and your communication and cookie preferences)

Data will be collected in order for customers, suppliers and other business contacts to receive or supply products and services, as applicable, to manage contractual relationships on an ongoing basis, for account administration, and to provide updates and news about our products and services, events and other information that we think may be of interest to you. We also collect data through the use of cookies.  You can find more information on cookies in section 4.3 and our cookies statement.  

We do not collect special category data from you. Please do not provide such to us.

Visitors to our website or outlets, including events

Data collected may include the following, where provided:

  • Identity data (including full name, username or similar identifier, job title, title/ gender)
  • Contact data (including email address, telephone numbers)
  • Technical data (including internet protocol (IP) address, login data, browser type and version and other technology on the device used to access our websites)
  • Usage data (including information about how you use our website)
  • Marketing and communications data (including your preferences in receiving marketing from us and your communication and cookie preferences)

Simply visiting our website does not require you to reveal personal data although some cookies recording session data will be collected. If however you ask us for information, register with us, sign up to attend any of our events or receive our marketing material or otherwise express an interest in our products or services or report a problem, we collect any personal data you submit to us. 

We do not provide our products or services available to children. This website is not intended for children. By using this website and our products and services, you represent that you are not a minor in your applicable jurisdiction. 

2.2 If you fail to provide personal data

Where we need to collect personal data by law or under the terms of a contractual arrangement, and you fail to provide that data when requested as being mandatory, we may not be able to fulfil the terms of the contract or relationship that we have with you. 

  1. How and when we collect your personal data

This section explains how and when we collect your personal data.

3.1 We may collect your personal data in the following direct ways:

Customers and suppliers (including individual contractors) and other business contacts

Data will be collected:

  • prior to, at commencement, and during the term of a contractual relationship when you request our products and services
  • when you complete forms on our site or for our products and services
  • including registering to use our site, subscribing to our services, posting material or using further services
  • when you enter a competition or promotion sponsored by us
  • when you contact us or report a problem to us, or provide feedback to us, or complete a survey
  • when you transact with us through our website or when you place orders with us over the phone or by email

Visitors to our website

Simply visiting our website does not require you to submit personal data (although our cookies may collect certain personal data for statistical and analytical purposes). If however you ask us for information, register with us, sign up to attend any of our events or receive our marketing material or otherwise express an interest in our products or services or report a problem, via our website, we collect any personal data submitted to us at that time.

We also collect data you share with us on blogs or chat forums at the time of submission of such data. This may be accessible to others.

Automated technologies or interactions

When you visit our websites and access resources on our website, we may automatically collect Technical Data and Usage Data.  We may collect this data via cookies including, where available, your IP address, operating system and browser type, for system administration. Our cookies statement has more information on this.  You can manage your cookies via our manage your preferences page.

  1. How and why we use your personal data

This section explains how we use your personal data (section 4.1) and how you may opt-out of marketing communications and how you can manage cookies.

It includes the legal bases on which we rely to process your data (section 4.2).

It also provides information on cookies (section 4.3).

4.1 How and why we use your personal data

Customers and suppliers (including individual contractors) and other business contacts

Personal data of customers (including Identity, Contact, Technical, Usage and Profile Data) will be used:

  • to provide you with products and services that you request from us
  • to manage our contractual relationship on an ongoing basis
  • for customer administration including carrying out our obligations arising from any contracts entered into between you and us and including retention of correspondence if you contact us
  • for us to form a view on what we think you may want or need, or what products, services or offers may be of interest to you (referred to as marketing) in order to provide you with information about our other products and services in which you may be interested, including our newsletter Nurture Notes, and The Blend subscriptions, , where you have not opted-out to be contacted for such purposes
  • to personalise our service to you, including ensuring that content from our site is presented in the most effective manner for you and your computer
  • to seek your views on products and services
  • to enable you to participate in interactive features of our service, when you choose to do so, including live chat features
  • for technical administration of our sites including notifying you about changes to our service
  • with further information on our products and services

Personal data of suppliers and other business contacts (including Identity, Contact, Technical, Usage and Profile Data) will be used:

  • to receive products and services
  • to manage our contractual relationship on an ongoing basis
  • for supplier administration including carrying out our obligations arising from any contracts entered into between you and us and including retention of correspondence if you contact us
  • to provide updates and news about our products and services as such may be relevant to the services you provide

You can manage your marketing and other contact preferences through our manage your preferences page. You will receive marketing communications from us if you have requested information from us or purchased products or services from us or if you provided us or one of our service providers and, in each case, you have not opted out of receiving marketing. Where you opt-out of receiving marketing messages, we may need to communicate with you for administrative or operational reasons and therefore whilst you use our products and services and continue to wish to do so, it is not possible to opt-out of all communications with us, and therefore an opt-out may not apply to personal data provided to us as a result of purchase of products or services or other associated activities or transactions.

Visitors to our website and events

Personal data (including Identity, Contact, Technical and Usage) will be used to form a view on what we think you may want or need, or what products, services or offers may be of interest to you (referred to as marketing) in order to provide you with further information on our products and services. You can manage your marketing and other contact preferences through our manage your preferences page. You will receive marketing communications from us if you have requested information from us or if you provided us or one of our service providers and, in each case, you have not opted-out of receiving marketing. Where you opt-out of receiving marketing messages, this will not apply to personal data provided subsequently if you then choose to purchase products or services and in relation to other subsequent associated activities or transactions.

Analytics

We also perform analytics, such as trends, sales intelligence, marketing effectiveness (such as click and open rates), uptake and progress, with providers such as Google Analytics.  You can manage your cookie preferences through our manage your preferences page. 

4.2 Legal basis for processing data

The purposes for which we use your data are set out below - these are commonly referred to as the legal bases which we rely on to process your data.  We may process your personal data for more than one legal basis depending on the specific purpose for which we are using each element of data. Further information can be provided on request. Where legitimate interest is the legal basis, we identify what our legitimate interests are below.

Generally, we do not rely on consent as a legal basis for processing your personal data other than in relation to sending marketing communications to certain potential customers and where special category data is collected from respondents. Where consent is used as the legal basis for processing, you may withdraw consent at any time and section 9 has more information.

Consent:

Purpose

Lawful basis for processing
(including basis of legitimate interest)

Customers

  • registration of customer and management of relationship
  • providing updates on our terms
  • providing information on our products and services
  • seeking feedback on our products and services
  • deliver relevant website content and advertisements to customers and measure or understand the effectiveness of the advertising we provide

 

Legitimate interest:

  • to provide products and services to our customers
  • to monitor emails, call and other communications and activities related to your account to study how customers use our products and services
  • to keep our records updated
  • for good governance, accounting, and managing and auditing our business operations
  • to send you marketing communications
  • to grow our business and to inform our marketing strategy
  • to conduct research and product development to improve our products and services for the benefit of our customers and others

Customers

  • invoicing, managing payments, fees and charges
  • collecting and recovering money owed to us

 

Performance of a contract with customers
Performance of a contract with customers

Potential customers

  • contacting potential customers to ascertain interest in our products and services

Legitimate interest:

  • to send you marketing communications to ascertain your interest in provision of our products and services to corporate customers

Consent:

  • to send you marketing communications to ascertain your interest in provision of our products and services to consumer customers (including individual practitioners and sole traders)


Suppliers and other third parties

  • registration of supplier and management of relationship

Legitimate interest:

  • to receive services in order to conduct our business and provide products and services to customers
  • to grow our business and to inform our marketing strategy
  • for good governance, accounting, and managing and auditing our business operations
  • to monitor emails, call and other communications and activities related to your account
  • to keep our records updated

 

Suppliers and other third parties

  • managing payments, fees and charges

Performance of a contract with suppliers and other third parties

Generally:

  • to administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)

 

Legitimate interest:

  • to enable the running of our business, provision of administration and IT services and network security

Generally:

  • to use data analytics to improve our website, products/services, marketing, customer relationships and experiences

Legitimate interest:

  • to define types of customers for our products and services
  • to keep our website updated and relevant, to develop our business and to inform our marketing strategy

 

4.3 Cookies

We may use personal data collected by cookies for functional and analytical purposes, as set out in section 4.1. Please see our separate cookies statement for more information, including relating to those cookies which are strictly necessary for the provision of products and services to you.

We use first party cookies set by ourselves only. Please note however that our website may include links to third party websites, plug-ins and applications. These websites, plug-ins and applications may use cookies over which we have no control. You may however restrict or block third party cookies through your browser settings and such blocking of cookies of third parties should not affect the functionality and use by you of our website. You can manage any cookies that we use via our manage your cookies page

  1. Who we transfer your personal data to

This section explains who we might share your data with including where we transfer data to third parties for processing purposes.

5.1 We may have to share your personal data with third parties for processing or sub-processing purposes.  We undertake a selection process and periodic review in relation to processors and sub-processors. We may also share your personal data with controllers.  We enter into data processing agreements with both processors and controllers, as applicable.

5.2 We share your personal data with third parties and for the purposes as set out below:

5.2.1 Third parties (acting as processors):

  • suppliers based in the US and EU who provide IT, database and system administration services as well as suppliers providing web, logistics, event organisation, and other technologies or services to you connected to the service we provide
  • professional advisers including lawyers, bankers, auditors, debt collection agencies and insurers based in the UK who provide banking, legal, insurance and accounting services
  • HM Revenue & Customs, regulators and other authorities based in the UK who require reporting of processing activities in certain circumstances 
  • suppliers based in the UK who provide analytics services
  • law enforcement agencies or regulators where we believe, in good faith, that it is necessary to comply with the law or regulatory obligation or to protect the safety of us, our customers, or the public or to enforce or apply our terms of business or other contracts

5.3 We require all third party suppliers to respect the security of your personal data and to treat it in accordance with the law. We do not allow our suppliers to use your data for their own purposes, and we require that processing is in accordance with our instructions.  We enter into written data processing agreements with suppliers that receive personal data from us. 

5.4  Specifically, our store is hosted on Shopify Inc., the online ecommerce platform that enables us to sell products and services to you. Personal data is stored in the Shopify application and through Shopify’s data storage and databases. Shopify store personal data on a secure server behind a firewall. For European data, including UK data, Shopify’s services are provided through its affiliate, Shopify International Ltd, in Ireland, who act as controller on behalf of Shopify. Data is then sent to other Shopify locations and to service providers who may be located in other regions, including Canada (where Shopify is based) and the US. Where Shopify send data outside Europe, they do so in accordance with EU GDPR. European data sent to Canada is protected under Canadian laws which the European Commission has found “adequate” in data protection terms. If Shopify send European data outside Canada, for example to sub-processors, they do so under contractual commitments equivalent to standard contractual clauses. 

Shopify stores your payment card data and it is encrypted through Payment Card Industry Data Security Standard (PCI-DSS). Purchase transaction data is stored for as long as is necessary to complete your purchase transaction. After that, purchase transaction information is deleted. PCI-DSS is a set of standards that all direct payment gateways (including Visa, Mastercard, American Express and others) adhere to, managed by the PCI Security Standards Council. 

For more information on PCI-DSS requirement, see Shopify’s Terms of Service (https://www.shopify.com/legal/terms) or Privacy Statement (https://www.shopify.com/legal/privacy). 

Our website and online store also use Google Analytics to help us learn about store visits and how customers browse and shop. 

  1. International transfers of personal data

This section explains where we transfer data internationally, including outside the European Economic Area (EEA) and what safeguards are in place for those transfers.

  1. We do not generally transfer your data internationally however certain providers of services to us may be located internationally and we may share your personal data with some providers who may be located internationally, including outside the EEA, including suppliers who provide IT, database and system administration services, based in the US and elsewhere. We do not provide products and services to Europe and therefore we do not intend to transfer EU personal data internationally. 

 

  1. When you click on links in our website and online store, the links might direct you away from our site to third party sites, some of which may be located internationally. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements. 
  1. How we keep your data secure

This section explains how we keep your data secure (section 7.1).

It also explains how you can help keep your own data secure by not sharing your username and passwords with others (section 7.3).

It also explains that third party sites linked to via our website are not covered by this Privacy Policy (section 7.4).

7.1 We are committed to ensuring the security of processing and the ongoing confidentiality, integrity, availability and resilience of systems and services as such relate to personal data that we hold, in order to prevent accidental or unlawful destruction, loss, alteration or unauthorised disclosure or access.

In our roles as both controller and processor, we implement appropriate technical and organisational measures to ensure a level of information security appropriate to the risk. 

7.2 Additionally, any staff, associates and consultants are bound to comply with confidentiality provisions and Privacy Statements.


7.3 You should note that where we have given you (or where you have chosen) a username and/or password which enables you to access certain parts of our websites, or use our products and services, you are responsible for keeping the username and password confidential. You should not share these details with anyone. 

7.4 This Privacy Policy applies only to information collected by Restore Home Limited trading as Restore Home & Organics. Links within our website to third party sites, plug-ins and applications are not covered by this Privacy Policy.  If you link to other websites, we encourage you to read their own privacy policies. We are not responsible or liable for those policies. 

  1. Data retention and anonymisation

This section explains how long we retain data for.

8.1 We will only retain your personal data for as long as necessary to fulfil the purposes for which we collected the data, including for the purposes of satisfying any legal, accounting or reporting requirements.

To determine the appropriate retention periods for personal data, we consider the amount, nature and sensitivity of the data, the potential risk of harm from unauthorised use or disclosure, the purposes for which we process the personal data and whether we can achieve those purposes through other means, together with applicable legal requirements, including certain statutory retention periods. 
In some circumstances, you can ask us to delete your data (see section 9 on your right to erasure).

  1. Your legal rights

This section explains your legal rights in relation to your personal data held by us, including your right to:

  • access your data
  • ask for correction of your data
  • ask for erasure of your data
  • object to our processing your data
  • request your data be transferred to a third party
  • withdraw consent where consent is the legal basis of processing.

It also explains how you can opt-out of direct communications and the consequences of this.

 

You have the right to:

  • Request access to your personal data (commonly known as a “subject access request” or “SAR”). 
  • Request correction of the personal data that we hold about you
  • Request erasure of your personal data
  • Object to processing of your personal data
  • Request restriction of processing of your personal data
  • Request the transfer of your personal data to you or to a third party.
  • Withdraw consent

Where we are a processor in respect of your personal data, we will inform the relevant controller of your request and assist and co-operate with the controller for them to fulfil the request.

  1. Changes and Enquiries 

This section explains what you should do if any of your data provided to us changes and if you have any questions or complaints

It is important that the personal data we hold about you is accurate and current.  In order for us to ensure this, please keep us informed of any changes at any time to the personal data that we hold about you.

If you wish to request access to the personal data we hold about you, you can request this by writing to or emailing us. 

If you have any questions about this Privacy Policy or data protection or privacy matters generally, please contact us on info@restorehome.com

Whilst we hope that you will not need to, if you do wish to complain about how we handle personal data, you may contact our Data Protection Officer as above.

You also have the right to complain to the relevant data protection Supervisory Authority.  The UK Information Commissioner’s Office (ICO) is our relevant Supervisory Authority We would appreciate the chance to deal with your concerns before you approach the ICO. You can however contact the ICO as follows:

Information Commissioner’s Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Email: casework@ico.org.uk
Telephone: +44 303 123 1113
Website: www.ico.org.uk

  1. Governing law and status

This section explains the governing law which applies to this Privacy Policy and any changes according to applicable local laws and when this version is effective

This Privacy Policy is governed by English law and the place of performance of obligations will be England. Certain local laws may be different to English law, the UK DPA, UK GDPR and EU GDPR. Please contact us for any local variations.

This Privacy Policy is effective from November 2022. We may change it from time to time so please check regularly to keep informed of updates.

  1. Glossary of terms

This section explains the meaning of certain terms used within this Privacy Policy.

Personal data means any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly in particular by reference to an identifier such as a name, identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. EU personal data means personal data of EU data subjects
Special category data means personal data which are, by their nature, particularly sensitive in relation to fundamental rights and freedoms, including those revealing racial or ethnic origin, political opinions or trade union membership, genetic data, biometric data, data concerning health or a person’s sex life or sexual orientation
Controller means the natural or legal person, public authority, agency of body which alone, or jointly with others, determines the purposes and means of the processing of personal data
Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction
Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law)
Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract
Comply with a legal or regulatory obligation means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to
Customer means you.