At Baynhams, we take privacy seriously.
The categories of personal data that we process depends on how you use our services. We use your personal data to provide our online services in alignment with your preferences, to process your requests, to contact you regarding products and services which may be of interest to you, to provide prize draws or competitions, or to carry out relevant administrative services. All personal data is processed in accordance with applicable data protection laws.
We only disclose your personal data to third parties that assist us with providing you with our services and, if you authorise us explicitly, to our affiliated companies for the purpose of customer relationship management, analytics and marketing.
As our valued customer, we also offer you various choices to control how your personal data is used.
In addition, if you have an electronic account with us (on the website or mobile app), you can update your contact information and your Privacy Preferences under the ‘My Account’ section. Alternatively you can contact our Customer Team via our Contact Us page, and they will be able to help you.
Our Privacy Principles
At Baynhams we have 5 Privacy Promises which explain how we use and look after your information. We will:
ALWAYS use your personal data in line with data protection law.
ALWAYS tell you what information we collect, what we do with it, who we share it with and who to contact if you have any concerns.
ALWAYS provide options to say 'STOP' if you don’t want marketing communications.
ALWAYS take steps to protect your information and make sure no unauthorised person accesses it.
ALWAYS respond to questions about your personal data without delay.
Last Updated: October 2020
We are committed to safeguarding your privacy rights and ensuring that your personal data is protected.
1 Who is responsible for what happens with your data?
Baynhams Holdings Ltd ("Baynhams" or “we”) are responsible for processing your personal data on our Sites.
2 How do I contact the Data Protection Officer?
If you have a question in relation to how we process your personal data you can contact our Data Protection Officer via email: email@example.com or via post at Hops House, Lymington Road, Brockenhurst. SO42 7UF.
3 What is Personal Data?
Personal Data means information that can directly or indirectly identify you ("Personal Data"). This typically includes information such as your name, address, email address, and telephone number, but can also include other information such as IP address, shopping habits, information about your health and information about your lifestyle or preferences such as your hobbies and interests. Information about health are called “special categories of Personal Data” that require special protection because of their sensitivity.
4 What happens when you provide us with your Personal Data or when we otherwise receive your personal data?
We collect your Personal Data directly in a number of ways, for example when you provide us with your information to register as a customer for our Sites, register for prize draws or competitions, subscribe to our newsletter, receive information or mailings, use our applications, buy a product or service from us, complete a survey, make a comment or enquiry or contact our Customer Team.
We may also receive your Personal Data from other sources, including information from commercially available sources, such as public databases and data aggregators, and information from third parties. If you do not want us to receive your Personal Data from other sources, please communicate your preferences directly with the relevant sources.
If you opt to subscribe, we may infer in a transparent manner that you would like us to process your Personal Data for marketing purposes. You can always opt out of marketing communications.
Please refer to the table in Section 6.1 for details of the various types of Personal Data we may collect, the relevant purposes and the legal basis for such processing.
5 What happens if our customer is a child?
Our Sites are intended for adults, but there could be instances where some customers under the age of 13 view or purchase products on our Sites. If we know a customer is under the age of 13, we will not use such customer’s Personal Data for marketing purposes unless parental consent is provided to us.
To provide parental consent to marketing, please ask your parent or guardian to contact our Customer Team via our Contact Us page, and they will be able to help you
In some cases, we will infer from your actions that you obtained parental consent. We then reserve the right to decide whether you will receive our marketing until you reach the eligible age.
Note however that access to certain parts of our Sites and/or eligibility to receive prizes, samples or other rewards may be limited to users over a certain age. We may use your Personal Data to carry out age verification checks and enforce any such age restrictions.
6 For which purposes do we process your Personal Data?
6.1 To see which categories of Personal Data we collect for which purposes, click on the headings below:
6.1.1 Browsing on our sites
184.108.40.206 What personal information may we collect?
Information about the type of browser you use when visiting our Sites, your IP and device address, hyperlinks that you have clicked, websites you visited before arriving at our Sites and information collected by cookies or similar tracking devices. Your user name, profile picture, gender, networks and any other information you choose to share when using Third Party Sites (such as when you use the "Like" functionality on Facebook).
220.127.116.11 What is the Purpose of the processing?
18.104.22.168 How long do we store your Personal Data?
Please check the Cookie Consent Tool to learn about the storage periods for each cookie.
22.214.171.124 What is our legal basis for the processing?
Your consent when you click “agree and proceed” in our Cookie Consent Tool in our Sites. In some cases, and always when permitted by law, we will infer from your actions that you agree to Cookies. Please note that we need to process certain basic surfing data in order to provide core Sites functionalities such as secure log-in or remember how far you are through an order.
You can always revisit your cookie preferences via our Cookie Consent Tool or by changing your browser settings.
6.1.2 Purchase/ Agreeing to a Service
126.96.36.199 What Personal Data may we collect?
Name, title, postal address, email address, home telephone, mobile number, passwords, order history, payment history, payment information (i.e. bank or credit card details), order history/ wishlist, age/date of birth, gender, information on the handling of your request, and other Personal Data you voluntarily provide to us.
188.8.131.52 What is the Purpose of the processing?
We process Personal Data to provide you with our products or services that you request from us, including sending you products you have purchased or samples that you have requested.
184.108.40.206 How long do we store your Personal Data?
As long as you keep shopping with us. If after three years, you have no transactions, we delete or anonymize your Personal Data, unless we are required by law to store it for a longer period.
220.127.116.11 What is our legal basis for the processing?
We need this information to process your order or any other service you request from us (performance of a contract). If we need information about you that is considered sensitive we will inform you in a transparent manner about our legal obligations to process such personal data.
18.104.22.168 What Personal Data may we collect?
Name, title, postal address, email address, home telephone, mobile number, passwords, order history, payment history, payment information (i.e. bank or credit card details), order history/ wishlist, age/date of birth, gender, information on the handling of your query, posts and other content you submit to our Sites, and further information submitted by you in relation to a purchase or service request or other query (including sensitive personal information).
22.214.171.124 What is the Purpose of the processing?
We process your Personal Data whenever you contact us and when we respond to your enquiries and comments.
126.96.36.199 How long do we store your Personal Data?
General enquiries and comments relating to service issues, store standards, stock availability etc. three years from last communication with you. Communications relating to personal injuries, accidents and other health and safety issues may need to be kept for a longer period in case of legal claims or settlements.
188.8.131.52 What is our legal basis for the processing?
To process your enquiries, comments or complaints at your request (performance of a contract or quasi-contract).
6.1.4 Suggesting products & services which may interest you
184.108.40.206 What Personal Data may we collect?
Name, title, postal address, email address, mobile number, order history/wishlist (including purchases you make on our Site, mobile app, in-store), payment history, age, date of birth, gender, products you view on our Site, brands you prefer, favourite store, actions you take on our website or when viewing our emails, answers you provide in surveys or competitions, your shopping habits and preferences and information about your lifestyle, such as your hobbies and interests.
220.127.116.11 What is the Purpose of the processing?
To suggest tailored products or services (including those of relevant third parties) that we think may be of interest to you based on your shopping history and behaviour, your preferences, and our market segmentation strategies. We may do this by sending you - via post, email, newsletter, SMS, push notifications or phone - details of products, services, special offers, promotions and other information. We may also contact you to offer the opportunity to take part in customer research surveys, promotions, prize draws or competitions. You may also receive in-store promotions (such as special coupons) from us when you have an account with us.
18.104.22.168 How long do we store your Personal Data?
As long as you keep shopping with us. If after three years, you have no transactions, we delete or anonymize your Personal Data, unless we are required by the law to store it for a longer period. If you purchase online through guest check-out, we will retain your data for one year from the date of transaction. If you have signed up to any of our newsletters, we will retain your Personal Data until you unsubscribe.
22.214.171.124 What is our legal basis for the processing?
You may authorise us to do so if you become a member of the website by accepting our Terms & Conditions (performance of a contract).
You will authorise us by signing up to our newsletters or creating an online account.
If you purchase online through guest check-out we will contact you with related offers based on legitimate interest and always within the limits of the law, including spamming laws.
You can always opt-out of our marketing via your "Privacy Preferences" in your profile (if you have one), by calling our Customer Team or via the unsubscribe button in any our marketing communications.
6.1.5 Competitions and prize draws
126.96.36.199 What Personal Data may we collect?
Name, title, postal address, email address, home telephone or mobile number, age, date of birth, gender, user generated content or any other Personal Data that you submit – as required for the competition or prize draw.
188.8.131.52 What is the Purpose of the processing?
To carry out prize draws or competitions which you chose to participate in and to determine the winner or to provide the prize if you win.
184.108.40.206 How long do we store your Personal Data?
Three months after the competition or game was completed, unless we are required by law to store them for a longer period.
220.127.116.11 What is our legal basis for the processing?
We may need this information for identification purposes and to provide you with the prize if applicable (performance of a contract). Where we intend to use your personal data for marketing purposes, we will clearly inform you before we collect your personal data and ask you for your consent.
6.1.6 Online Shopping
18.104.22.168 What Personal Data may we collect?
Name, title, postal address, email address, home telephone or mobile number, information about products you order, order history, details about your purchase, payment information, payment history, age.
22.214.171.124 What is the Purpose of the processing?
To process your online purchase and deliver the product to you as ordered. Your payment related Personal Data may be transferred to payment providers to process your payments.
126.96.36.199 How long do we store your Personal Data?
As long as you keep shopping with us. If after three years, you have no transactions, we delete or anonymize your Personal Data, unless we are required by law to store it for a longer period. If you check out as a guest, we will retain your Personal Data for one year from the date of transaction.
188.8.131.52 What is our legal basis for the processing?
We need this information to provide you with your online order (performance of a contract).
6.1.7 Fraud prevention and other administrative services, such as registration
184.108.40.206 What Personal Data may we collect?
Name, title, postal address, email address, home telephone or mobile number, payment information (i.e. bank details), payment history, age.
220.127.116.11 What is the Purpose of the processing?
To carry out administrative services, including processing any application you submit to us for providing the services, preventing or detecting fraud or other crimes, verifying your identity and credit/payment status, or processing payment instructions. Your payment related Personal Data may be transferred to payment providers to process your payments or the police for fraud prevention purposes.
18.104.22.168 How long do we store your Personal Data?
As long as you keep shopping with us. If after three years, you have no transactions, we delete or anonymize your Personal Data, unless we are required by the law to store them for a longer period.
22.214.171.124 What is our legal basis for the processing?
For the prevention and detection of fraud to ensure that your identity and transactions are secured (balancing of interest with our interest being to prevent fraud and protect our customers).
We perform other administrative services to provide you with the respective underlying services (performance of a contract).
When you visit our Sites you may access services which are provided on third party websites. In this instance these third parties will be responsible for your Personal Data and will act as Data Controller in respect of your Personal Data.
6.2 Cookies and Similar Technologies
We may also tailor our Sites and our products to your interests and needs, by collecting information about your device and linking this to your Personal Data so as to ensure that our Sites present the best web experience for you.
Where we use Google Analytics, we have set up the service to anonymize your IP address as soon as data is received by the Analytics Collection Network, before any storage or processing takes place. To opt out of being tracked by Google Analytics across all websites please visit http://tools.google.com/dlpage/gaoptout.
You can view more information on the Cookies we use and adjust your preferences via the Cookie Consent Tool on our Sites. Please note, however, that without cookies you may not be able to use all of the features of our Sites or online services.
7 Who do we share your Personal Data with?
7.1 Our Service Providers
We share your Personal Data with the following data processors (i.e. service providers that help us to perform the above tasks):
relevant companies of the Baynhams Group for the purposes of Customer Relationship Management and analytics, in particular with INDO Lighting Limited.
trusted third parties to help us process and analyse your Personal Data for us, to support us when suggesting products & services which may interest you in line with Section 6.1 above.
if you order a product or service from us, trusted third parties to allow payment and delivery of the products and services you have ordered. Unless you provided consent, any such trusted third parties are not authorised by us to use your Personal Data in any other way and will be required by us to implement adequate technical and organisational measures to protect your Personal Data.
7.2 Other Recipients
We share your Personal Data with the following third parties that process your Personal Data for their own purposes (i.e. these third parties are not processors; they rather use your Personal Data because they have their own interest or because you had consented):
law enforcement or other agencies if we are required to do so by law, or by a warrant, subpoena or court order to disclose your Personal Data.
Please note that we never share your Personal Data with social media platforms. When we engage in audience building or customer matching activities with social media platforms like Facebook or Google, your Personal Data is always anonymized before the transfer. If there are any changes in the future and we have to share your Personal Data with a social media platform, we will ask for your consent.
7.3 Sharing your Site Usage Information
With your consent, we will share Site usage information with trusted third parties (e.g. advertisers, advertising agencies, advertising networks, data exchanges, etc.) in order to offer you tailored content which may be of interest to you based on your prior activity on our Site. These trusted third parties may set and access their own Cookies, web beacons and similar tracking technologies on your device in order to help us deliver customised content and advertising to you when you visit our relevant Sites. Please see Section 6.2 for more information about Cookies and how to opt out.
You can also visit the website www.youronlinechoices.com to choose which companies can deliver customised advertisements.
Please note that even if you opt out, you may still receive advertisements from us that are not customised based on your Site usage information.
8 To which countries do we transfer your Personal Data?
Many of our trusted third parties and Baynhams Group companies are based in countries that provide an adequate level of data protection, such as the European Economic Area.
If we need to transfer your Personal Data to a trusted third party based in a country where data protection laws are considered not to offer the same level of protection, we will ensure adequate data protection safeguards by relying on other legitimate means, such as the Privacy Shield certification and/or Standard Contractual Clauses.
More details on the transfer mechanism can be obtained from our Data Protection Officer (see contact details in Section 2).
9 How long do we process your Personal Data?
We will store your Personal Data only until the aforementioned purposes for which we have collected or received your Personal Data are fulfilled and once our statutory obligations to preserve records have expired as further described in Section 6.1.
10 What are your rights?
If certain requirements are fulfilled, you have the right to:
Obtain from us confirmation as to whether or not we process Personal Data from you and, where that is the case, access to your Personal Data;
Rectification of inaccurate Personal Data;
Erasure of Personal Data;
Objection to the processing of Personal Data;
Restriction of processing of Personal Data; and
Portability of Personal Data - receive the Personal Data you have provided to us in a structured, commonly used and machine-readable form and transmit it to another data controller.
You can learn more about these rights here: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/. To exercise your rights, please contact the Data Protection Officer (see Section 2 for contact details) or get in touch with our Customer Team on the details set out below.
Note that you do not need to contact our Data Protection Officer to exercise your rights to stop receiving marketing communications from us. You can opt out of receiving such communications by going to the Privacy Preferences section of your 'My Account' if you have an account with us, directly from the communications we send you or by contacting our Customer Team via our Contact Us page.
11 Can you withdraw your consent to the processing of personal data?
Where your consent is the legal basis for the processing of your Personal Data, you can withdraw your consent for:
Marketing communications: by logging into your account under Privacy Preferences or using the unsubscribe link in any of our marketing communications.
Other purposes: by sending us an email to firstname.lastname@example.org or by contacting our Customer Team as detailed in Section 10.
Please note that withdrawing your consent will not affect the lawfulness of the processing before the withdrawal.
12 Can you complain with the data protection authorities?
If you think that the processing of Personal Data by us violates data protection laws, you can lodge a complaint with the Information Commissioner in the UK (www.ico.org.uk) or the Data Protection Commissioner in the Republic of Ireland (www.dataprotection.ie).
13 How do we protect your Personal Data?
We maintain appropriate technical and organisational measures to protect the Personal Data you provide to us against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to your Personal Data.