As a successful charity, Violets in Bloom is committed to protecting the privacy of individuals and to the responsible use of email marketing.
This policy explains how and why we use personal information.
We are Violets in Bloom a charity registered in England and Wales (charity number 1155816 ) with its registered office at 26 Horner Avenue, Fradley, Lichfield WS13 8TR.
What information we collect
If you use services provided by us, communicate with us, or do business with us, this will result in us collecting personal data about you (for example, we collect the name, address, email, fax and telephone number of business contacts).
We also collect information provided if you fill in a form, complete a survey, etc., which may include contact information that we decide to use for marketing purposes (please see ‘Marketing’ below). We do sometimes have to collect sensitive personal data to enable us to provide the service to you. In the event you provide us with any sensitive personal data, we will take extra care to ensure your rights are protected.
Third party sources. We sometimes collect additional information about actual or prospective customers from third party sources. Some of this will be personal data (for example, we might need confirmation of orders made for memorials from suppliers we have to pay on your behalf)
How we use your information
We only ever use your personal data with your consent, or to the extent necessary to:
- enter into, or perform, a contract with you;
- comply with a legal duty;
- remember your preferences e.g. if you ask not to receive marketing material, we will keep a record of this, or for our own (or a third party’s) lawful interests (such as marketing, internal record keeping, market research or to improve our products) provided your rights don’t override these;
- We will only use your information for the purpose it was collected (or for similar/related purposes). For our clients, this includes using use personal data to the extent necessary to perform our contractual obligations (such as administering their accounts and providing them with services);
- We will never sell your personal data or share it with third parties who might use it for their own purposes.
We may in the future use personal information (such as email addresses) to market and promote our services.
You can choose to ‘opt out’ of Violets in Bloom marketing communications by clicking the ‘unsubscribe’ link at the bottom of our emails. If you wish to change your contact details or preferences please email us at firstname.lastname@example.org
Information for email recipients
This policy primarily covers how we use data relating to our customers, prospects, website visitors and people who interact with or do business with us. In these cases we will be the “data controller” for the purposes of data protection law.
We are required by law to hold your information for as long as is necessary to comply with our statutory and contractual obligations and in accordance with our legitimate interests as data controller.
The companies will only share data with other entities when legally obligated. Medical records/workplace pension schemes, if applicable.
Please note: We will not under any circumstances share or process your data for any marketing purposes unless you have opted-in for us to do so.
We provide a web-based contact form. Our terms and conditions prevent us from sending unsolicited ‘spam’ emails as it has a negative impact on the Internet and those who use it. It squanders resources and wastes the time and money of recipients.
If you have a received an email or other communication sent by us that you believe is spam or in violation of our acceptable use policies, please contact our abuse team at email email@example.com.
We employ a variety of technical and organizational measures to keep personal data safe and to prevent unauthorized access to, or use or disclosure of it. We take our position seriously and believe part of being a leading company involves upholding security practices.
We normally only store data within the European Economic Area (EEA). If one of our subcontractors (such as a payment processor) needs to transfer it outside of the EEA then we will take steps to make sure adequate levels of privacy protection, in line with UK data protection law, are in place. These safeguards will usually be contractual and/or the result of a European Union decision which allows the transfer (such as a US organization that is certified under the EU-US Privacy Shield Framework).
We archive most information provided to us by clients as soon as services are ceased, and data will cycle out of long-term backups up to 2 years later. We store logs of outbound emails for up to 12 months after the email is sent for the purposes handling abuse complaints and compliance monitoring.
We will continue to store limited information about the client (including transaction records) for up to 6 years for accounting, record keeping and administrative purposes. If we consider there is a need to store records for longer (for example, the client has been the subject of a dispute or claim) then we will retain the data for as long as is necessary.
We want to ensure you remain in control of your personal data. Part of this is making sure you understand your legal rights, which (for individuals) are as follows:
- the right to confirmation as to whether or not we have your personal data and, if we do, to obtain a copy of it (this is known as a subject access request);
- the right to have inaccurate data rectified; and
- the right to object to your data being used for marketing or profiling.
If you would like further information on your rights or wish to exercise them, please email: The Data Protection Officer, at firstname.lastname@example.org
Please keep in mind that there are exceptions to the rights above and, though we will always try to respond to your satisfaction, there may be situations where we are unable to do so. If you are not happy with our response, or you believe that your data protection or privacy rights have been infringed, you should contact the UK Information Commissioner’s Office, which oversees data protection compliance in the UK. Details of how to do this can be found at www.ico.org.uk.
Changes to this statement