We treat your data with the utmost respect and care. We always aim to be as transparent to our customers as possible and we treat your data the way we would expect our own personal data to be treated. You can find out about what information we store, how we process your data, your rights and other privacy related information in the following privacy notice.
Who are we?
Blue Cross Gifts is a trading name of Otter House Ltd (Company Number: 2655839) who operate this website on behalf of Blue Cross Trading Company Limited (registered company number 02203092; "Enterprises"), which is a wholly owned subsidiary of the Blue Cross (registered company number 00363197; "Blue Cross"). Otter House Ltd is the Data Processor for this website and it is registered with the Information Commissioner's Office under Registration Number Z6136350. Enterprises is the Data Controller for this website and it is registered with the Information Commissioner's Office under Registration Number Z4765166.
Your data will be held and processed by Enterprises and the Blue Cross, and you can view the Blue Cross privacy policy by visiting www.bluecross.org.uk/privacy-policy or calling 0300 790 9903. You can update your communication preferences or ask us to stop contacting you altogether by calling our Supporter Care Team on 0300 790 9903 or emailing preferences@bluecross.org.uk.
What data do we hold?
We only collect personal data from you when you purchase an item from the online shop that is necessary to fulfil our contract with you on behalf of Enterprises and in order to make sure our service is the best it can be. We will need to hold your name, address, email address and telephone number on our systems; we store this data so that we can not only fulfil your order but also for fraud protection reasons and to be able to provide refunds etc.
Our website uses Google Analytics to track user interaction. We use this data to determine how many people are using our site, what they are viewing, when they are viewing it and how they are navigating through the site. We use this data as feedback to be able to improve our service and offerings to you and it helps us with making decisions on how our promotions are doing, server requirements in the future (capacity planning) etc. Google records data like your approximate location, internet browser, device and operating system however, none of this device is identifiable to us. Google Analytics does record your IP address though this is not identifiable to us. Google makes use of cookies. You can control cookies using your browser settings (Please see here for more information: https://www.allaboutcookies.org/manage-cookies/).
We do not store or hold any credit or debit card information. All payments go through our payment providers (Opayo and PayPal) securely using encryption.
We store your device type and IP address in our system logs for fraud protection reasons and to help identify any intrusions or denial of service attacks on our website. We do not use your IP address for any other reason and all logs are stored securely on our servers. These logs are deleted periodically.
Our website servers are hosted in the UK.
Who do we share your data with?
We use a variety of third-party who provide professional services to us and help us run our business. These companies help us with things like merchandising our site and internal search results of our website, marketing agencies, email service providers, advertising partners and other software partners (for example postcode lookup). For example, your order information is passed to WHISTL UK Limited (To view WHISTL UK Limited - GDPR Compliance Statement please see the following link: https://www.whistl.co.uk/news/whistl-gdpr-compliance-statement ) in order to fulfil any order you make. WHISTL UK Limited dispatch your order and then it removes the order information from its systems after is has supplied confirmation order details to Enterprises. We may use companies whose services are either based in the EEA (European Economic Area) or are located outside of the EEA but are under an equivalent and approved privacy scheme by the EU (for example the EU-US privacy shield see here for more information: https://www.privacyshield.gov/welcome).
We also share some of your data with our customer support team and other staff members at the Blue Cross as required so they can support you in case of a problem with a purchase or product or to help fulfil our contract with you (for instance a warehouse picker/packer).
We only share your data with third party companies to fulfil our services to you. We will never sell your data to any other company or third party.
We provide several ways for customers to pay for their goods; for example, if you have a PayPal account you can use that account to make a payment. We also use Opayo for standard credit/debit card payments. Whilst we believe that all payment information is processed by servers hosted in the European Economic Area (EEA), we cannot guarantee it and we strongly recommend that you read their respective privacy policies for more information regarding the way in which your data is processed. If you are not happy with the possibility of payment information being sent outside of the EEA, we recommend that you do not use our site to purchase products, services or make a donation.
Our current Data Processors are:
Google analytics: Our website like many others uses Google analytics to track information about number of users, pages visited, length of browse time etc. We use this information to improve our sites and services.
Google reCAPTCHA: Our website like many others uses reCAPTCHA, a CAPTCHA system that enables the website to distinguish between human and automated access to the website on our checkout. We use ensure our site is protected from potential cyber-attacks.
WHISTL UK Limited: Clientbase Fulfilment Ltd fulfil your order and then remove the order information after supplying the order details to Enterprises. WHISTL UK Limited is a Data Processor for this website and are registered with the Data Protection register under Registration Number Z692857X.
Opayo (Formerly Sage Pay): Our website like many others use payment providers to process the payments online for your orders securely using encryption. We use this information to confirm whether payment has been made and to action refunds. For more information on Opayo and their privacy policy, please see here for more information: https://www.opayo.co.uk/policies/privacy-policy
PayPal: As above, we use this payment provider to process online payments. We use this information to confirm whether payment has been made and to action refunds. For more information on PayPal and its privacy policy, please see here for more information: https://www.paypal.com/myaccount/privacy/privacyhub
Loqate GBG: Our website like many others uses a Post Code lookup/finder service to help you save time entering your address on our checkout form. By entering your postcode on the checkout address form on our website, Loqate GBG servers then return a full address or a list of addresses from which you may choose from. We use this information to improve our sites and services. This is a vital service to our company as it ensures the integrity of the information we receive to deliver your order. We use the legitimate interest's lawful basis for processing under GDPR in order to do this.
Your Rights There are a number of rights available to you under the Data Protection Act 2018 in relation to the data we store and hold about you:
- The right to see what personal data we hold about you via a subject access request: please contact the Blue Cross Data Protection Team via email dataprotection@bluecross.co.uk or write to: The Data Protection Officer, Blue Cross, Shilton Road, Burford, Oxfordshire, OX18 4PF. You can also find more information on the Blue Cross website.
- The right to be forgotten and have your data removed from our systems. - The right to have your data rectified if it is incorrect. - The right to restrict processing. - The right to be informed about the way we process and handle your data. You can read about how we process your data and handle it in this privacy policy. - The right to data portability so you can reuse your personal data for your own purposes across different services. - The right to opt out of automated decision making including profiling. - The right to object to the processing of your personal data in certain circumstances.
Whether or not these rights are available to a data subject will depend on the circumstances. If you would like to exercise any of these rights, please contact the Blue Cross Data Protection Team via the contact details displayed above. You can read more about your rights on the Information Commissioner's office https://ico.org.uk
Marketing:
If you do not wish to receive our marketing anymore, you can stop receiving marketing messages from us through - Previous marketing emails we have sent you by clicking the unsubscribe link - By contacting our customer services team
Data Retention
We keep personal information and order details for our own records and legal reasons for a predetermined period of time and we will not keep it longer than is necessary. Please note that if you ask for your personal data to be erased, we may not be able to remove all of it as we may be bound by legal or regulatory requirements, fraud and online abuse or because it may be necessary to enable us to enforce our terms and conditions. In connection with marketing communications, we may suppress your information rather than delete it completely in order to ensure that we are still able to meet your request to discontinue this line of communication.
Changes to how we protect your privacy
Data protection and security is an ever-changing landscape. Our website will continually evolve with new service providers and mechanisms to provide our customers with a better service. Your data and privacy are of the utmost importance to us. We will always ensure your data is protected when implementing new services and will update this privacy policy as and when new things become live. If any substantive changes are made to this privacy notice, we will inform you in writing.
How to contact us
We always want to hear from our customers (especially if you feel we've let you down or could do better).
If you:
- Have any questions or feedback about this notice; - Want to exercise any of your rights as set out above;, or - You have a complaint
please don't hesitate to contact our customer care team, who will be happy to answer any questions you may have.