We treat your data with the utmost respect and care. We always aim to be as transparent to our customers as possible and we treat your data the way we would expect our own personal data to be treated. You can find out about what information we store, how we process your data, your rights and other privacy related information in the following privacy notice.
Who are we?
Blue Cross Gifts is a trading name of Otter House Ltd (Company Number: 2655839) who operate this website on behalf of Blue Cross Trading Company Limited (registered company number 02203092; "Enterprises"), which is a wholly owned subsidiary of the Blue Cross (registered company number 00363197; "Blue Cross"). Otter House Ltd is the Data Processor for this website and it is registered with the Information Commissioner's Office under Registration Number Z6136350. Enterprises is the Data Controller for this website and it is registered with the Information Commissioner's Office under Registration Number Z4765166.
We only collect personal data from you when you purchase an item from the online shop that is necessary to fulfil our contract with you on behalf of Enterprises and in order to make sure our service is the best it can be. We will need to hold your name, address, email address and telephone number on our systems; we store this data so that we can not only fulfil your order but also for fraud protection reasons and to be able to provide refunds etc.
We do not store or hold any credit or debit card information. All payments go through our payment providers (Opayo and PayPal) securely using encryption.
We store your device type and IP address in our system logs for fraud protection reasons and to help identify any intrusions or denial of service attacks on our website. We do not use your IP address for any other reason and all logs are stored securely on our servers. These logs are deleted periodically.
Our website servers are hosted in the UK.
Who do we share your data with?
We also share some of your data with our customer support team and other staff members at the Blue Cross as required so they can support you in case of a problem with a purchase or product or to help fulfil our contract with you (for instance a warehouse picker/packer).
We only share your data with third party companies to fulfil our services to you. We will never sell your data to any other company or third party.
We provide several ways for customers to pay for their goods; for example, if you have a PayPal account you can use that account to make a payment. We also use Opayo for standard credit/debit card payments. Whilst we believe that all payment information is processed by servers hosted in the European Economic Area (EEA), we cannot guarantee it and we strongly recommend that you read their respective privacy policies for more information regarding the way in which your data is processed. If you are not happy with the possibility of payment information being sent outside of the EEA, we recommend that you do not use our site to purchase products, services or make a donation.
Our current Data Processors are:
Google analytics: Our website like many others uses Google analytics to track information about number of users, pages visited, length of browse time etc. We use this information to improve our sites and services.
Google reCAPTCHA: Our website like many others uses reCAPTCHA, a CAPTCHA system that enables the website to distinguish between human and automated access to the website on our checkout. We use ensure our site is protected from potential cyber-attacks.
Clientbase Fulfilment Ltd: Clientbase Fulfilment Ltd fulfil your order and then remove the order information after supplying the order details to Enterprises. Clientbase Fulfilment Ltd is a Data Processor for this website and it is registered with the Information Commissioner's Office under registration number Z6136350.
Loqate GBG: Our website like many others uses a Post Code lookup/finder service to help you save time entering your address on our checkout form. By entering your postcode on the checkout address form on our website, Loqate GBG servers then return a full address or a list of addresses from which you may choose from. We use this information to improve our sites and services. This is a vital service to our company as it ensures the integrity of the information we receive to deliver your order. We use the legitimate interest's lawful basis for processing under GDPR in order to do this.
Your Rights There are a number of rights available to you under the Data Protection Act 2018 in relation to the data we store and hold about you:
- The right to see what personal data we hold about you via a subject access request: please contact the Blue Cross Data Protection Team via email email@example.com or write to: The Data Protection Officer, Blue Cross, Shilton Road, Burford, Oxfordshire, OX18 4PF. You can also find more information on the Blue Cross website.
Whether or not these rights are available to a data subject will depend on the circumstances. If you would like to exercise any of these rights, please contact the Blue Cross Data Protection Team via the contact details displayed above. You can read more about your rights on the Information Commissioner's office https://ico.org.uk
If you do not wish to receive our marketing anymore, you can stop receiving marketing messages from us through - Previous marketing emails we have sent you by clicking the unsubscribe link - By contacting our customer services team
We keep personal information and order details for our own records and legal reasons for a predetermined period of time and we will not keep it longer than is necessary. Please note that if you ask for your personal data to be erased, we may not be able to remove all of it as we may be bound by legal or regulatory requirements, fraud and online abuse or because it may be necessary to enable us to enforce our terms and conditions. In connection with marketing communications, we may suppress your information rather than delete it completely in order to ensure that we are still able to meet your request to discontinue this line of communication.
Changes to how we protect your privacy
How to contact us
We always want to hear from our customers (especially if you feel we've let you down or could do better).
- Have any questions or feedback about this notice; - Want to exercise any of your rights as set out above;, or - You have a complaint
please don't hesitate to contact our customer care team, who will be happy to answer any questions you may have.