Privacy and Security
Buffalo is committed to data protection and data privacy. With the General Data Protection Regulation (GDPR) becoming enforceable from 25 May 2018, we have undertaken a GDPR readiness programme to review our entire business, the way we handle data and the way in which we use it to provide our services and manage business operations. This notice details the personal data we may retain, process and share with third parties. We are committed to ensuring that your information is secure, accurate and relevant. To prevent unauthorised access or disclosure, we have implemented suitable physical, electronic, and managerial procedures to safeguard and secure personal data we hold. We respect the privacy rights of individuals and are committed to handling personal information responsibly and in accordance with applicable law. This notice sets out the personal data that we collect and process about you, the purposes of the processing and the rights that you have in connection with it. We hope the following sections will answer any questions you have but if not, please do get in touch with us at Data Protection Officer, Buffalo Private Label Limited, Units C-F, 9 Messenger Close, Loughborough, Leicestershire, LE11 5SR
2. WHO WE ARE
Buffalo Private Label Limited (t/a Urban Knit) (“Buffalo”, “we”, “us” or “our”) is a company incorporated in England and Wales with company number 4053734. Our registered office is 12 Helmet Row, London, EC1V 3QJ
- This policy sets out the basis on which any personal data we collect from you, or that you provide to us, or that we obtain from other sources will be processed by us when you: use our website: www.urbanknit.co.uk;
- use our services; and
- purchase products from us.
For the purpose of data protection laws, we are a data controller and we are registered as a data controller with the Information Commissioner’s Office under number ZA398312.
3. LEGAL BASIS FOR COLLECTING YOUR DATA
The law on data protection sets out several different reasons for which a company may collect and process your personal data, including: Consent In specific situations, we can collect and process your data with your consent e.g. if you tick a box to confirm you would like to keep in touch with us. Contractual obligations In certain circumstances, we need your personal data to comply with our contractual obligations. For example, if you order an item from us for home delivery, we’ll collect your address details to deliver your purchase, and pass them to our courier. Legal compliance If the law requires us to, we may need to collect and process your data. For example, we can pass on details of people involved in fraud or other criminal activity affecting Buffalo to law enforcement. Legitimate interest In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests. For example, we will use your purchase history to send you or make available personalised offers. We will also use your address details to send you direct marketing information by post, telling you about products and services that we think might interest you.
4. WHEN WE COLLECT YOUR DATA?
- When you visit any of our website and use your account to buy products online.
- When you make an online purchase and check out as a guest (in which case we just collect transaction-based data).
- When you create an account with us.
- When you engage with us on social media.
- When you buy our product from a third party
- When you contact us by any means with queries, complaints etc.
- When you ask one of our Partners to email you information about a product or service.
- When you comment on or review our products and services.
- When you follow us on social media.
- Any individual may access personal data related to them, including opinions. If your comment or review includes information about the Partner who provided that service, it may be passed on to them if requested.
- When you’ve given a third-party permission to share with us the information they hold about you.
- When you supply services to Buffalo
- When you enter our premises. We require all visitors to sign in
- When we ask for a testimonial or ask permission to share an image of you on social media
- When you work for us, see our employee’s privacy notice for more details.
5. WHAT DATA DO WE COLLECT?
- If you have a web account with us: your name, gender, date of birth, billing/delivery address, orders and receipts, email and telephone number. For your security, we’ll also keep an encrypted record of your login password.
- Details of your interactions with us online
- Details of your visits to our websites and which site you came from to ours.
- Your comments and product review
6. WHY DO WE CAPTURE YOUR DATA?
- To process any orders that you make by using our websites. If we don’t collect your personal data during checkout, we won’t be able to process your order and comply with our legal obligations.
- To protect our business and your account from fraud and other illegal activities. This includes using your personal data to maintain, update and safeguard your account. We’ll also monitor your browsing activity with us to quickly identify and resolve any problems and protect the integrity of our websites. We’ll do all of this as part of our legitimate interest.
- To process payments and to prevent fraudulent transactions. We do this on the basis of our legitimate business interests. This also helps to protect our customers from fraud.
- With your consent, we will use your personal data, preferences and details of your transactions to keep you informed by email, web, text, telephone and through our contact centres about relevant products and services including tailored special offers, discounts, promotions, events, competitions and so on – Of course, you are free to opt out of hearing from us by any of these channels at any time.
- To send you relevant, personalised communications by post in relation to updates, offers, services and products. We’ll do this on the basis of our legitimate business interest – You are free to opt out of hearing from us by post at any time.
- To send you communications required by law or which are necessary to inform you about our changes to the services we provide you. For example, updates to this Privacy Notice, product recall notices, and legally required information relating to your orders. These service messages will not include any promotional content and do not require prior consent when sent by email or text message. If we do not use your personal data for these purposes, we would be unable to comply with our legal obligations.
- To display the most interesting content to you on our websites or apps, we’ll use data we hold about your favourite products and so on. We do so on the basis of your consent to receive app notifications and/or for our website to place cookies or similar technology on your device.
- To administer any of our prize draws or competitions which you enter, based on your consent given at the time of entering.
- To develop, test and improve the systems, services and products we provide to you. We’ll do this on the basis of our legitimate business interests.
- To comply with our contractual or legal obligations to share data with law enforcement.
- To send you survey and feedback requests to help improve our services. These messages will not include any promotional content and do not require prior consent when sent by email or text message. We have a legitimate interest to do so as this helps make our products or services more relevant to you. Of course, you are free to opt out of receiving these requests from us at any time by updating your preferences in your online account.
- To enable you to supply a service to Buffalo.
- To enable you to engage with us on social media
- To respond to a query or complaint. Handling the information, you sent enables us to respond. We may also keep a record of these to inform any future communication with us and to demonstrate how we communicated with you throughout. We do this on the basis of our contractual obligations to you, our legal obligations and our legitimate interests in providing you with the best service and understanding how we can improve our service based on your experience.
- To enable us to complete a fire drill in the event of a fire
- When you give us a testimonial or permission to share an image of you on social media
7. HOW DO WE PROTECT YOUR PERSONAL DATA?
We know how much data security matters to us all. With this in mind we will treat your data with the utmost care and take all appropriate steps to protect it. All online payments are processed through PayPal to ensure the transactional areas of our website are secure. Access to your personal data is password-protected. We have robust systems, and processes in place and we regularly monitor our system for possible vulnerabilities and attacks
8. HOW LONG WILL WE RETAIN YOUR DATA?
Personal data will be stored in accordance with applicable laws and kept for as long as needed to carry out the purposes described in this notice or as otherwise required by law. At the end of that retention period, your data will either be deleted completely or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.
- When you place an order, we’ll keep the personal data you give us for five years so we can comply with our legal and contractual obligations. In the case of certain products, such as electrical and nursery items, we’ll keep the data for 10 years.
- The visitor register records are kept for the life of the book.
9. WHO DO WE SHARE YOUR DATA WITH?
We take care to allow access to personal data only to those who require such access to perform their tasks and duties, and to third parties who have a legitimate purpose for accessing it. Whenever we permit a third party to access personal information, we will implement appropriate measures to ensure the data is used in a manner consistent with this notice and that the security and confidentiality of the data is maintained. To conduct our contractual obligations, we may share your data with a Third party, such as operational companies such as a courier. Generally, we restrict what we share to your name and address. In addition, we make certain personal data available to third parties who provide services to us. We do so on a “need to know basis” and in accordance with applicable data protection and data privacy laws. For example:
- IT companies who support our website and other business systems.
- Direct marketing companies who help us manage our electronic communications with you.
- Google/Facebook to show you products that might interest you while you’re browsing the internet. This is based on either your marketing consent or your acceptance of cookies on our websites. See our Cookies Notice for details.
We may also disclose personal data to third parties on other lawful grounds, including:
- To comply with our legal obligations, including where necessary to abide by law, regulation or contract, or to respond to a court order, administrative or judicial process
- In response to lawful requests by public authorities (including for national security or law enforcement purposes)
- As necessary to establish, exercise or defend against potential, threatened or actual litigation
- Where necessary to protect the vital interests of our employees or another person
- In connection with the sale, assignment or other transfer of all or part of our business; or
- With your freely given and explicit consent
When you submit a rating and review on our Website and/or Facebook we request you provide the following information:
- Your nickname
- Your location (optional)
- Email address (optional – if you do submit your email address we do not publish it, but request it to inform you whether your review has been published or rejected)
We may publish the following details on our Website and on Facebook:
- Your nickname
- Your location if provided
- Your product rating and review
- In addition, on the Facebook application you may have the opportunity to post various questions, reviews or other content.
10. WHERE WE PROCESS YOUR DATA
Generally, your data will be processed in the UK. Occasionally, we may need to transfer personal data to countries outside of the United Kingdom. When we export your personal data to a different country, we will take steps to ensure that such data exports comply with applicable laws. For example, if we transfer personal data outside the European Economic Area (EEA), such as to the United States, we will implement an appropriate data export solution such as entering into contracts with the data importer that contain EU model clauses or taking other measures to provide an adequate level of data protection.
11. YOUR RIGHTS
You may exercise the rights available to you under data protection law as follows:
- The right to be informed.
- The right of access.
- The right to rectification.
- The right to erasure.
- The right to restrict processing.
- The right to data portability.
- The right to object.
- Rights in relation to automated decision making and profiling.
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. You can read more about these rights at: https://ico.org.uk/for-the-public/is-my-information-being-handled-correctly/ To exercise any of these rights, please contact the Data Protection Officer. We may require you to verify your identity before proceeding with any request – to protect your data. Remember, if you choose not to share your personal data with us, or refuse certain contact permissions, we might not be able to provide some services you’ve asked for.
12. HOW TO STOP RECEIVING DIRECT MARKETING
There are several ways you can stop direct marketing communications from us:
- Click the ‘unsubscribe’ link in any email communication that we send you. We will then stop any further emails from that particular division.
- If you have an account, log in and change your preferences.
- Write to Data Protection Officer, Buffalo Private Label Limited, Units C-F, 9 Messenger Close, Loughborough, Leicestershire, LE11 5SR
Please note that you may continue to receive communications for a short period after changing your preferences while our systems are fully updated.
13. ISSUES AND COMPLAINTS
We try to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures. This notice was drafted with clarity in mind. It does not provide exhaustive detail of all aspects of our collection and use of personal information. However, we are happy to provide any additional information or explanation needed. If you want to make a complaint about the way we have processed your personal information, you can contact the Information Commissioner’s Office in their capacity as the statutory body which oversees data protection law – www.ico.org.uk/concerns.
14. IF YOU LIVE OUTSIDE THE UK
For all non-UK customers By using our services or providing your personal data to us, you expressly consent to the processing of your personal data by us or on our behalf. Of course, you still have the right to ask us not to process your data in certain ways, and if you do so, we will respect your wishes. Sometimes we’ll need to transfer your personal data between countries to enable us to supply the goods or services you’ve requested. In the ordinary course of business, we may transfer your personal data from your country of residence to ourselves and to third parties located in the UK. By dealing with us, you are giving your consent to this overseas use, transfer and disclosure of your personal data outside your country of residence for our ordinary business purposes. This may occur because our information technology storage facilities and servers are located outside your country of residence, and could include storage of your personal data on servers in the UK. We’ll ensure that reasonable steps are taken to prevent third parties outside your country of residence using your personal data in any way that’s not set out in this Privacy Notice. We’ll also make sure we adequately protect the confidentiality and privacy of your personal data.
15. UPDATES TO THIS NOTICE
This notice may be updated periodically to reflect any necessary changes in our privacy practices. In such cases, we will inform you. We encourage you to check this notice periodically to be aware of the most recent version.
This privacy notice encompasses all data sharing, except for employees. Employees should see Buffalo’s Label Limited employee privacy notice for full details.
At www.urbanknit.co.uk we take your online security very seriously. Full details of how we protect the information you provide us are given below:
- When you place your order, you are offered the use of an advanced secure server. The secure server software encrypts all information you input before it is sent to us.
- For security reasons, we strongly recommend that you do not send credit card numbers by standard email.
- We do not receive your debit or credit card details – all payments are processed through Paypal.
2. PROTECTING YOUR SECURITY
Paypal protects your data by: Maintaining technical, physical, and administrative security measures designed to provide reasonable protection for your Personal Data against loss, misuse, unauthorised access, disclosure, and alteration. Their security measures include firewalls, data encryption, physical access controls to our data centres, and information access authorisation controls. While Paypal are dedicated to securing their systems and services, you are responsible for securing and maintaining the privacy of your password(s) and Account/profile registration information and verifying that the Personal Data Paypal maintain about you is accurate and current.