Important Information and Who We Are
Full name of legal entity: Safe Kids Walking Ltd (trading as Brightwayz)
Email address: firstname.lastname@example.org
Postal address:Unit 15
The Business Exchange
Telephone number: 01536 526461
If we make significant changes to this policy, we will make that clear on the Brightwayz website, or by some other means of contact such as email, so that you are able to review the changes before you continue to use our site.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
What information we collect about you and how we use it
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We collect information about you in order to process your order and to tailor your visit to our website to be as relevant to you as possible. The information will collect about you will only be shared with other parties that are involved specifically in the fulfilment of your order and only to the extent that such information is necessary to fulfil your order.
More specifically, we will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where we need to perform the contract we are about to enter into or have entered into with you.
- Where it is necessary for our legitimate interests – in managing our business to allow us to provide you with products and service in the most secure and appropriate way e.g. to transfer your data to delivery partners.
- Where we need to comply with a legal obligation.
Generally, we do not rely on consent as a legal basis for processing your personal data although we will get your consent before sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.
We have set out below a description of the different types of personal data we collect about you and the ways we would use or otherwise process your personal data, along with the legal basis for such use
Your name and contact details
Such information would include:
- Your name, Address, Phone number
- Financial data (including payment card details), Email address
- Profile Data includes your username and password, purchases or orders made by you and your feedback
|How we use your name & contact details||Why?|
|Take and fulfil customer orders||We’ve got to do this to perform our contract with you|
|Create customer accounts and issue log in details||We have a legitimate interest in efficiently dealing with the ordering process|
|Send you service messages by e-mail or phone, such as order updates||We’ve got to do this to perform our contract with you (so you know how your order is progressing)|
|Sending you information by email, SMS, or post, about our new products and services including through our Newsletter service||To keep you up to date. We only send this with your permission|
Your contact history with us
Such information would include:
- What you’ve said to us — for example, over the phone or email.
|How we use your contact history||Why?|
|Provide customer service and support||We’ve got to do this to perform our contract with you and to provide you with good and accurate customer service|
Purchase history and saved items
We collect and process information known as transaction data and such information would include:
- details about payments to and from you; and
- other details of products and services you have purchased from us
We also collect data known as usage data and such information includes information about how you use our website, products and services.
|How we use your purchase history and saved items||Why?|
|Sale of products||We’ve got to do this to perform our contract with you (to allow you to use the online shopping basket function)|
|Provide customer service and support, and handle returns||We’ve got to do this to perform our contract with you|
You don’t have to give us any of this personal information but if you don’t, you may not be able to buy from the site, and you are unlikely to receive our optimal overall customer experience.
We may also anonymise and aggregate personal information (so that it does not identify you) and use it for purposes including testing our IT systems, research, data analysis, improving our website, and developing new products and services.
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to receive an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Disclosures of your personal data
We do not, and will not, sell any of your personal data to any third party – including your name, address, email address or credit card information. However, we share your data with the following parties as an essential part of being able to provide our services to you, as set out below:
- Companies that do things to get your purchases to you, such as payment service providers (e.g. Stripe), payment card issuers (such as Visa, Mastercard and American Express), warehouses, order packers, and delivery companies and companies that manage our website for us.
- Professional service providers, such as website hosts, who help us run our business.
- Law enforcement agencies, governmental bodies and insurers where we are required to do so to comply with our legal obligations, to exercise our legal rights, for the prevention, detection and investigation of crime and for the protection of our employees and customers.
We may provide third parties with aggregated but anonymised information and analytics about our customers and, before we do so, we will make sure that it does not identify you.
We may use your contact and profile information to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing). You will receive marketing communications from us if you have requested information from us or purchased products from us and you have not opted out of receiving that marketing. We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.
Some of our external third parties (for example the company that manages our website for us) have operations outside the European Economic Area (EEA) so their processing of your personal data may involve a transfer of data outside the EEA. We can provide further information about this on request.
We have put in place security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
Our security measures include:
- password protection of our computers and devices
- internal policies setting out our data security approach
- training for employees
A third party “Zoho” manages our databases. Please get in touch if you require any further information on this.
We have put in place internal procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
How long do we keep your data?
We will not hold your data for longer than necessary for the purposes set out in this policy. Different retention periods apply for different types of data, however the longest we will normally hold any personal data is six years.
Third party links
Your legal rights
Under certain circumstances, you have rights under data protection laws in relation to your personal data. Your rights include:
- The right to be informed about how your personal information is being used
- The right to access the personal information we hold about you
- The right to request the correction of inaccurate personal information we hold about you
- The right to request that we delete your data, or stop processing it or collecting it, in some circumstances
- The right to stop direct marketing messages and to withdraw consent for other consent-based processing at any time
- The right to request that we transfer elements of your data either to you or another service provider
- The right to complain to your data protection regulator — in the UK, the Information Commissioner’s Office
If you wish to exercise any of the rights set out above, please contact us.
There is more information on these rights on the Information Commissioners website: www.ico.org.uk
No fee usually required for data access requests
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
What we may need from you to access your data
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond to data access requests
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.