Privacy Policy

TWININGS

Supplier Privacy Policy

We are Twinings. The specific Twinings entity that is the Controller of your personal information will depend on where you/your business are located and can be determined using the table below.

If you/your business are located in this country…

The Controller of your personal information will be….

And their contact details are…

United Kingdom and Ireland

R.Twining and Company Limited (company no. 525071 with registered office at Weston Centre, 10 Grosvenor Street, London, W1K 4QY)

Email: twinings.direct@twinings.com

Post: Weston Centre, 10 Grosvenor Street, London, W1K 4QY

Phone: +44 (0)1264313444.

 

Wander Switzerland

Wander AG
Fabrikstrasse 10
CH-3176 Neuenegg
Switzerland

Tel: +41 31 377 21 11   /   Fax: +41 31 377 21 10

Twinings Poland

R Twining and Company 
Sp. z o.o. ul.  Patriot w 303 04-767 Warszawa

Twining Company Sp. z o.o (Factory) R.  Twining and Company Sp. z o.o. ul. 
Rabowicka 29/31 6020 Swarzędz 

 

Twinings France

Twinings & Co.
3rd & 4th Floor, 25 Rue Anatole France
92300 Levallois-Perret
France

Tel: +33 1 3017 4949

Twining North America

Twinings North America, Inc.
Suite 705, 301 Route 17
Rutherford, New Jersey, USA

Tel: 1-973-591-0600/   Fax:1-973-591-1700

 

Distribution Center:
2812 Twining Road
Greensboro, NC 27406
USA

Tel: 1-336-275-8634   /  Fax:1-336-370-4719

 

 

This policy is provided for current, prospective and former Twinings' suppliers (and their personnel). It explains how we collect, use, store and share the personal information we collect about you (including any information collected via our supplier website and portal (the "Website")), how you can exercise your rights in respect of that information and the procedures that we have in place to safeguard your privacy. This policy supplements any other fair processing or privacy notice that may be provided to you from time to time. It does not form part of any contract for the supply of goods or services.

It applies to all of the Twinings group companies globally and this means that there may be local variations concerning how we use your personal information dependent upon where you reside. These are set out in the country specific schedules section of this policy. Specifically, if you are a Californian resident please see the California section at the end of this policy.

Twinings is committed to ensuring that your privacy is protected and that we comply with all applicable data protection rules (including applicable marketing and cookies laws, together with associated guidance) (the "Data Protection Laws"). When we refer to "processing" in this policy, we mean any activity concerning your personal information, including collecting, using, disclosing, deleting and anonymising. For the purpose of the Data Protection Laws, we are the controller of the personal information processed for the purposes set out below and we are responsible for looking after it. Please contact us using the contact details set out at the end of this policy if you have any questions, comments or concerns about this policy or how we handle your personal information, or if such information changes at any time.

Any changes to this policy in the future will be posted on our Website and, where appropriate, notified to you by email. The latest copy of this policy will always be available on our Website so please check back frequently to see any updates or changes to this policy.

By using our Website, or any other service or product that links to this policy, you agree to the collection, use and disclosure of your personal information processed for the purposes set out below and we are responsible for looking after it in accordance with this policy (as updated from time to time).

The information we collect and how we use it
Under the Data Protection Laws, we are required to explain what personal information we collect from and about you and how and why we use your personal information (the "processing activity"). We are also required to have a "lawful basis" on which to process your personal information under the data protection laws applicable in certain countries. This is summarised in the table below.

Processing activity: Why we use your information?

What information is collected?

Lawful basis of processing (where applicable)

Where is the information collected from?

How long do we keep the information for?

To enter into and administer our agreement or arrangement with you or your business/employer or when we are considering entering into an agreement or arrangement, in each case for the supply of goods or services from you or your business/employer to us.

Name, business contact information (such as phone number and email address), job title and such further information as is shared by you (or your business/employer) with us or which we collect in connection with your supply of goods or services to us (such as details of qualifications, working hours, location/office address, languages spoken, authority to bind, meeting notes, correspondence (including emails) and any transcripts of telephone conversations).

 

We process this information either (i) where you are a sole trader or an unincorporated partnership, because it is necessary for the performance of our contract with you; or (ii) in all other cases, because it is necessary for our legitimate interests of performing and managing our relationships with suppliers and potential suppliers.

Directly from you or another person within your business or organisation or collected by us during the course of our relationship with you or your business/employer.

We keep such information regarding you for up to seven years (or longer, if required by applicable laws) following the termination or expiry of our agreement or arrangement with you or your business/employer.

 

Where you are a sole trader or unincorporated partnership, to make payment to you for the goods/services you provide to us and as necessary to comply with our accounting and taxation obligations.

Name, business contact information (such as phone number and email address), bank account details, address, VAT number and details of all payments made to you.

We process this information because it is necessary for the performance of our contract with you.

Directly from you or another person within your business or organisation.

We keep such information regarding you for up to seven years (or longer, if required by applicable laws) following the termination or expiry of our agreement or arrangements with you.

Where you are a sole trader or unincorporated partnership, to carry out credit and similar checks in relation to you/your business.

Name, business contact information (such as phone number and email address), bank account details, address and details of credit history.

We process this information because it is necessary for our legitimate interests of ensuring the financial stability of all our suppliers and to minimise the risk of disruption to our supply chain.

Directly from you or another person within your business or organisation and, where relevant, from our credit reference agency partners.

We keep such information regarding you for up to 12 months (or longer, if required by applicable laws) following the termination or expiry of our agreement or arrangements with you.

To assess your viability as a potential supplier to Twinings (including as part of a tender process).

Name, business contact information (such as phone number and email address), job title, qualifications and experience and references.

We process this information because it is necessary for our legitimate interests of ensuring the suitability of all our suppliers and minimising the risk of disruption to our supply chain.

Directly from you or another person within your business or organisation or, from any referee whose details were supplied by you or your business/employer.

We keep such information regarding you for up to 12 months (or longer, if required by applicable laws) following the termination or expiry of our agreement or arrangements with you or your business/employer.

To comply with our legal obligations, including health and safety if you visit our premises.

Name, job title, business contact information (such as phone number and email address), details of any visits to our premises and any verification checks (such as DBS checks) we or your business/employer has carried out in respect of you.

We may also process limited categories of special category personal data relating to you as necessary in connection with any visit to our premises, including dietary requirements and accessibility requirements.

We process this information to comply with our legal obligations.

 

Directly from you or another person within your business or organisation or, if we carry out verification checks ourselves, from our partners who carry out such checks on our behalf.

We keep such information regarding you for up to 24 months (or longer, if required by applicable laws or for the establishment, exercise or defence of legal claims)  following initial collection.

To comply with our legal obligations, including import and export regulations, sanctions lists, anti-money laundering, modern slavery and human trafficking laws, trade restrictions and retention obligations).

Name, job title, business contact information (such as phone number and email address), any verification checks (such as DBS checks) we or your business/employer has carried out in respect of you and information available from publicly available sources regarding your business activities.

 

We process this information to comply with our legal obligations.

Directly from you or another person within your business or organisation, if we carry out verification checks ourselves, or from our partners who carry out such checks on our behalf, and from publicly available sources (such as Companies House and government websites).

We keep such information regarding you for up to 6 years (or longer, if required by applicable laws) following the termination or expiry of our agreement or arrangements with you or your business/employer.

To ensure compliance with our policies, procedures, contractual terms and codes of practice.

Name, job title, business contact information (such as phone number and email address), details of your activities in relation to our contract with you or your business/employer insofar as they relate to compliance with our policies, procedures, contractual terms and codes of practice.

We process this information because it is necessary for our legitimate interests of ensuring compliance with our policies, procedures, contractual terms and codes of practice.

Directly from you or another person within your business or organisation, from third party publicly available sources or from audits undertaken by us or our appointed representatives.

We keep such information regarding you for up to 24 months (or longer, if required by applicable laws) following the termination or expiry of our agreement or arrangements with you or your business/employer.

To keep in touch with you regarding future business opportunities.

Name, job title, business contact information (such as phone number and email address) and contact preferences.

We process this information because it is necessary for our legitimate interests of staying in touch with our business contacts regarding future business opportunities.

Directly from you or another person within your business or organisation.

We keep such information for up to 24 months following our last contact with you.

To include within our internal documentation (including annual reports).

Name, job title, quotations/comments and photos

We process this information because it is necessary for our legitimate interests of keeping our group business updated in respect of all activities with regard to our suppliers.

Directly from you or another person within your business or organisation or from other publicly available sources such as your business/employer's website, company registers and company directories.

We keep such information for up to 24 months following our last contact with you. Information included within our internal reports may be retained indefinitely in archive form.

To take or defend legal or administrative action in relation to your supply of goods or services to us, including to enforce the terms of any contract between us (or us and your business/employer) and resolve any dispute.

Name, business contact information (such as phone number and email address), job title and such further information as is shared by you (or your business/employer) or collected by us in connection with your supply of goods or services to us.

 

We process this information because it is necessary for our legitimate interests of the establishment, exercise and defence of legal claims (or potential legal claims).

Directly from you or another person within your business or organisation or information which we collect during the course of our relationship with you.

We keep such information regarding you for up to seven years (or longer, if required by applicable laws) following the termination or expiry of our agreement or arrangement with you or your business/employer.

 

To help maintain the security of our Website, including troubleshooting, data analysis, testing, system maintenance, and support.

Technical data, including: internet protocol (IP) address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our Website.

We process this information because it is necessary for our legitimate interests of running our business, providing administration and IT services, network security and preventing fraud.

We rely on your consent where the information is collected via a cookie (save for strictly necessary cookies).

 

This information is collected automatically by us when you use our Website.

We keep such information regarding you for up to 14 months following collection.

Please refer to our Cookies Policy for further information regarding the use and duration of the cookies used.

 

To use data analytics to improve our Website.

Information about your use of our Website, including:  duration, frequency and time; and pages you have visited.

Technical data, including: internet protocol (IP) address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our Website.

Unique personal identifiers (device identifiers; cookies, beacons, pixel tags, mobile ad identifiers, or other similar technology; customer number, unique pseudonym or user alias; telephone numbers, or other forms of persistent or probabilistic identifiers that can be used to identify a particular device)

We process this information on the basis of our legitimate interest of running our business and improving our Website for the benefit of you and other suppliers.

We rely on your consent where the information is collected via a cookie (save for strictly necessary cookies).

 

This information is collected automatically by us when you use our Website.

We delete browsing data collected via Google Analytics every 14 months.

Please refer to our Cookies Policy for further information regarding the use and duration of the cookies used.

 

To notify you about changes to our terms or this policy.

Name, email address and user account details.

We process this information because it is necessary to comply with our legal obligations.

Directly from you or another person within your business or organisation.

We keep such information regarding you for up to 6 years (or longer, if required by applicable laws) following the termination or expiry of our contract with you or your business/employer.

 

 

Where required under applicable data protection laws, we have determined, acting reasonably and considering the circumstances, that we are able to rely on legitimate interests as the lawful basis on which to process your personal information in certain circumstances (we have stated this above and set out our legitimate interests). We have reached this decision by carrying out a balancing exercise to make sure our legitimate interest is not overridden by your privacy rights as an individual.

We consider that it is reasonable for us to process your information for the purposes of our legitimate interests outlined above as: (a) we process your information only so far as is necessary for such purpose; and (b) it can be reasonably expected for us to process your information in this way. 

Where we process your personal information on the legal basis of consent (as indicated in the above table), you may refuse consent to our processing and you may also withdraw your consent at any time: (i) in respect of cookies and other tracking mechanisms on our Website by using the cookie consent manager in our cookie notification banner, (ii) in respect of marketing communications, by clicking 'unsubscribe' in the footer of the relevant emails, or (iii) in respect of other matters, by using the contact details below. Withdrawing consent does neither affect any processing carried out without your consent (i.e. where we rely on another legal basis), nor the lawfulness of processing based on consent before its withdrawal.

We do not make any solely automated decisions about or relating to you using your personal information.

Cookies

Some of the information identified in the table above, is collected by us through the use of cookies or similar technology when you visit our Website, or other websites or social media sites where we have included a cookie. In some cases, we will need your consent in order to place such cookies on your device. More information on the specific types of cookies we collect, our lawful basis and how to manage them can be found in our Cookies Policy 

Universal opt-out mechanisms

We do not engage in “sales”, “shares”, or “targeted advertising” as those terms are defined under applicable laws and therefore our Website does not recognize the Global Privacy Control (“GPC”) signal. For more information and to download and use a browser supporting the GPC browser signal, click here: https://globalprivacycontrol.org/orgs. If you choose to use the GPC signal, you will need to turn it on for each supported browser or browser extension you use.

Some internet browsers incorporate a “Do Not Track” feature that signals to websites you visit that you do not want to have your online activity tracked. Given that there is not a uniform way that browsers communicate the “Do Not Track” signal, our Website does not currently interpret, respond to or alter its practices when it receives “Do Not Track” signals.

Provision of personal information about third parties

If you provide personal information about other people (e.g. contact information for colleagues in the company in which you are employed), you must ensure that they agree to it, and that you have permission to provide us with such personal information. Please refer them to this privacy policy when you provide us with their personal information.

Security

We have in place appropriate policies, rules and technical and organisational measures to protect your personal information from unauthorised or unlawful processing, and against accidental loss, destruction or damage.

We also have procedures in place to deal with any data security breach. We will notify you and any applicable regulator of a data security breach where we are legally required to do so.

However, in relation to any electronic communications you may send us, the internet and email are not secure. Your communications may route through a number of countries before being delivered, may be intercepted by third parties and may not always reach the intended recipient – this is the nature of the World Wide Web/Internet. We cannot accept responsibility for any such unauthorised access or loss of personal information that is beyond our control.

You are responsible for protecting any username and password you may have in relation to the Website and must not share it with, or disclose it, to anyone.

Sharing your personal information  


We will only disclose your personal information to:

  • companies within the Twinings group for internal business purposes such as management, accounting and reporting; these companies may be based within the European Economic Area or UK or outside of the EEA/UK, including in the United States, Canada, India and Australia (and we will ensure appropriate safeguards are put in place to protect your personal information where we transfer your personal information for this purpose;
  • other third-party suppliers, including business partners and sub-contractors for business administration, support, processing or services, or IT purposes;
  • analytics or search engines, that enable us to optimise and improve your experience of our Website;
  • our regulators, law enforcement or fraud prevention agencies, as well as our legal advisers, courts, the police and any other authorised bodies, for the purposes of investigating any actual or suspected criminal activity or other regulatory or legal matters;
  • our professional advisors (including without limitation tax, legal, insurance, or other corporate advisors who provide professional services to us); and
  • the UK's HMRC or other tax bodies, regulators, or agencies to comply with our legal and regulatory obligations.

To the extent authorised by applicable laws, we will disclose your personal information to third parties:

  • in the event that we consider selling or buying any business or assets, merging with another business, financing our business, granting a charge over our assets or leasing or licensing our assets, we may disclose your personal information to any prospective sellers or buyers of such business or assets;
  • in the event we are the subject of any insolvency situation (e.g., the administration or liquidation);
  • if we, or substantially all of our assets, are acquired by a third party, in which case personal information held by us about our customers will be one of the transferred assets;
  • in order to enforce or apply our contract with you or your business/employer;
  • to protect our rights, property, or safety, or that of our staff, our customers, or others. This includes exchanging information with other companies and organisations (including without limitation the UK's HMRC or any other competent tax regulator, the local police or other local law enforcement agencies) for the purposes of staff and customer safety, crime prevention, fraud protection and credit risk reduction; and
  • if we are under a duty to disclose or share your personal information in order to comply with any legal obligation or regulatory requirements, or otherwise for the prevention or detection of fraud or crime.

International transfers of your personal information

Owing to the global nature of the Twinings group we may transfer your personal information to countries other than the country in which your personal information was originally collected. These countries may not have the same data protection laws as the country in which you initially provided the information and may not provide the same level of protection. Your personal information may be subject to the laws of such foreign jurisdiction and may be accessible without notice to you by the courts, law enforcement and national security authorities of such foreign jurisdiction.

If we transfer personal information to countries outside of your usual place of residence, we will ensure an adequate degree of protection is afforded to your personal information in accordance with applicable data protection laws.

Please also see the country specific schedules below for more information.

Your rights in respect of your personal information

Depending on the jurisdiction in which you reside, you may have certain privacy rights regarding the personal information we hold about you, as set out in the country specific schedules below. We will always comply with any privacy rights you have under the data protection laws applicable to you so even if we have not specifically set out in this policy any privacy rights applicable to the country in which you reside, you have the right to contact us (using the details below) to exercise your available rights and we will assess such requests on a case by case basis.

If you would like to exercise any of your available data protection rights, please contact us using the contact details set out at the start of this policy. Please ensure you contact the correct Twinings entity based on where you/your business are located.

Contact details and comments

We welcome your views about this policy. If you would like to contact us with any queries or comments, request further information or exercise any of your available data protection rights, please contact us using the contact details set out at the start of this policy. Please ensure you contact the correct Twinings entity based on where you/your business are located.

If you would like this notice in another format (for example audio, large print, braille) please contact us using the details above

Last updated: July 5th, 2024.

Country Specific Schedules

EU, EEA AND SWITZERLAND

This section of the Privacy Policy is intended solely for, and is applicable only as to residents of the EU and Switzerland. If you are not a resident of the EU or Switzerland, this section does not apply to you and you should not rely on it.

Data Protection Officer

We are required by law to appoint a data protection officer in Germany. You can contact them by clicking on the link below:

datenschutz@wander-gmbh.de.

Their address is

WANDER GmbH
Westendstraße 28
60325 Frankfurt am Main
Germany
Website: www.wander-gmbh.de

International transfers of your personal information

If we transfer personal information to countries outside of the EU/EEA or outside of Switzerland we will ensure (in accordance with applicable laws) an adequate degree of protection is afforded to your personal information by ensuring at least one of the following safeguards is implemented:

  • we may transfer your personal data to countries that have been deemed by the European Commission or, in the case of Switzerland, the Federal Council, to provide an adequate level of protection for personal information;
  • for transfers from the EU to the US, any transfers may be under the EU-US Data Privacy Framework or the EU-US Data Privacy Framework (as applicable). Further information about the EU-US Data Privacy Framework can be found here;
  • if you are resident in the EU and EEA we may use specific contracts approved for use in the EU/EEA which give personal information the same protection (regardless of where it is being processed) it has in the EU/EEA;
  • if you are a resident in Switzerland we may use specific contracts approved for use in Switzerland which give the personal information the same protection (regardless of where it is being processed) it has in Switzerland.

Your rights

You have the following rights in respect of the personal information we hold about you:

 

Right

 

Description

 

To be informed

A right to be informed about the personal information we hold about you.

Of access

A right to access the personal information we hold about you.

To rectification

A right to require us to rectify any inaccurate personal information we hold about you.

To erasure

 

A right in certain circumstances to ask us to delete the personal information we hold about you. This right will only apply where (for example):

·         we no longer need to use the personal information to achieve the purpose we collected it for;

·         where you withdraw your consent if we are using your personal information based on your consent; or

·         where you object to the way we process your data (in line with the right to object below).

To restrict processing

 

In certain circumstances, a right to restrict our processing of the personal information we hold about you. This right will only apply where (for example):

·         you dispute the accuracy of the personal information held by us;

·         you would have the right to ask us to delete the personal information but would prefer that our processing is restricted instead; or

·         we no longer need to use the personal information to achieve the purpose we collected it for, but you need the data for the purposes of establishing, exercising or defending legal claims. 

To data portability

 

In certain circumstances, a right to receive the personal information you have given us, in a structured, commonly used and machine readable format. You also have the right in certain circumstances to require us to transfer this personal information to another organisation, at your request.

To object

 

A right to object to our processing of the personal information we hold about you where our lawful basis is that the processing is necessary for the purpose of our legitimate interests, unless we are able to demonstrate, on balance, legitimate grounds for continuing to process the personal information which override your rights or which are for the establishment, exercise or defence of legal claims. You also have a right to object if we are using your personal information for marketing purposes.

In relation to automated decision making and profiling

A right for you not to be subject to a decision based solely on an automated process, including profiling, which produces legal effects concerning you or similarly significantly affect you. We do not carry out any automated processing or profiling.

To withdraw

A right to withdraw your consent, where we are relying on it to use your personal information (for example, to provide you with brochures or newsletters).

To complain

A right to lodge a complaint with a supervisory authority, in particular in your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal information relating to you infringes applicable data protection laws. Please see below for further details.

Complaints

We encourage you to contact us first if you have any queries, comments, complaints or concerns about the way we handle your personal information. We will take any privacy complaint seriously and any complaint will be assessed with the aim of resolving any issue in a timely and efficient manner.  We request that you cooperate with us during this process and provide us with any relevant information that we may need.

If you are not satisfied with how we deal with your complaint you may lodge a complaint with your local supervisory authority (which will vary depending upon where you reside). You can find details of your local supervisory authority and how to contact them here.

If you reside in Switzerland you should lodge your complaint with The Federal Data Protection and Information Commissioner (FDPIC).  Their address is Feldeggweg 1, CH - 3003 Berne Switzerland.  They can also be contacted by telephone on  +41 (0)58 462 43 95 and by fax on +41 (0)58 465 99 96.

UK

This section of the Privacy Policy is intended solely for, and is applicable only as to, UK residents. If you are not a UK resident, this section does not apply to you and you should not rely on it.

International transfers of your personal information

If we transfer personal information to countries outside of the UK, we will ensure (in accordance with applicable laws) an adequate degree of protection is afforded to your personal information by ensuring at least one of the following safeguards is implemented:

  • we may transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal information;
  • for transfers to the US, any transfers may be under the UK Extension to the EU-US Data Privacy Framework or the EU-US Data Privacy Framework (as applicable). Further information about the UK Extension to the EU-US Data Privacy Framework can be found here;
  • we may use specific contracts approved for use in the UK which give personal information the same protection (regardless of where it is being processed) it has in the UK. Further information regarding such contracts are available on the ICO's website here.

Your rights

You have the following rights in respect of the personal information we hold about you:

 

Right

 

Description

 

To be informed

A right to be informed about the personal information we hold about you.

Of access

A right to access the personal information we hold about you.

To rectification

A right to require us to rectify any inaccurate personal information we hold about you.

To erasure

 

A right in certain circumstances to ask us to delete the personal information we hold about you. This right will only apply where (for example):

·         we no longer need to use the personal information to achieve the purpose we collected it for;

·         where you withdraw your consent if we are using your personal information based on your consent; or

·         where you object to the way we process your data (in line with the right to object below).

To restrict processing

 

In certain circumstances, a right to restrict our processing of the personal information we hold about you. This right will only apply where (for example):

·         you dispute the accuracy of the personal information held by us;

·         you would have the right to ask us to delete the personal information but would prefer that our processing is restricted instead; or

·         we no longer need to use the personal information to achieve the purpose we collected it for, but you need the data for the purposes of establishing, exercising or defending legal claims. 

To data portability

 

In certain circumstances, a right to receive the personal information you have given us, in a structured, commonly used and machine readable format. You also have the right in certain circumstances to require us to transfer this personal information to another organisation, at your request.

To object

 

A right to object to our processing of the personal information we hold about you where our lawful basis is that the processing is necessary for the purpose of our legitimate interests, unless we are able to demonstrate, on balance, legitimate grounds for continuing to process the personal information which override your rights or which are for the establishment, exercise or defence of legal claims. You also have a right to object if we are using your personal information for marketing purposes.

In relation to automated decision making and profiling

A right for you not to be subject to a decision based solely on an automated process, including profiling, which produces legal effects concerning you or similarly significantly affect you. We do not carry out any automated processing or profiling.

To withdraw

A right to withdraw your consent, where we are relying on it to use your personal information (for example, to provide you with brochures or newsletters).

To complain

A right to lodge a complaint with a supervisory authority, in particular in your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal information relating to you infringes applicable data protection laws. Please see below for further details.

Complaints

We encourage you to contact us first if you have any queries, comments, complaints or concerns about the way we handle your personal information. We will take any privacy complaint seriously and any complaint will be assessed with the aim of resolving any issue in a timely and efficient manner.  We request that you cooperate with us during this process and provide us with any relevant information that we may need.

However, if you are not satisfied with our handling of any request by you in relation to your rights or concerns, you  also have the right to make a complaint to the UK's Information Commissioner's Office. Their address is: First Contact Team, Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF or you can contact them by other methods as set out at https://ico.org.uk/global/contact-us/contact-us-public/.

California

Notice to California Residents

The California Consumer Privacy Act, as amended by the California Privacy Rights Act of 2020 (“CCPA”), requires that we provide California residents with a privacy policy that contains a comprehensive description of our online and offline practices regarding the collection, use, disclosure, sale, sharing, and retention of personal information and of the rights of California residents regarding their personal information. This section of the Privacy Policy is intended solely for, and is applicable only as to, California residents. If you are not a California resident, this section does not apply to you and you should not rely on it.

The CCPA defines “personal information” to mean information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household. Personal information does not include publicly available, deidentified or aggregated information or lawfully obtained, truthful information that is a matter of public concern.

Notice at Collection of Personal Information

We currently collect and in the 12 months prior to the last updated date of this policy, have collected the categories of personal information as described in the section "The information we collect and how we use it."

We collect personal information directly from California residents and (where applicable) from social media platforms.

In addition to the purposes stated above in the section “The information we collect and how we use it,” we currently collect and have collected the relevant categories of personal information for the following business or commercial purposes:

  • Helping to ensure security and integrity to the extent the use of your personal information is reasonably necessary and proportionate for these purposes;
  • Performing services, including maintaining or servicing accounts, providing customer service, processing or fulfilling order and transactions, verifying supplier information, or providing similar services; and
  • Advancing our commercial or economic interests, such as by inducing another person to sell, subscribe to, provide, or exchange products, goods, or enabling or effecting, directly or indirectly, a commercial transaction.

Retention of personal information

We retain your personal information for as long as necessary to fulfil the purposes for which we collect it and in accordance with the retention periods set forth in the “The information we collect and how we use it” section above.

Your rights

If you are a California resident, you have the following rights with respect to your personal information:

  • The right to know what personal information we have collected about you, including the categories of personal information, the categories of sources from which we collected personal information, the business or commercial purpose for collecting, selling or sharing personal information (if applicable), the categories of third parties to whom we disclose personal information (if applicable), and the specific pieces of personal information we collected about you;
  • The right to require us to delete personal information that we collected from you, subject to certain exceptions;
  • The right to correct inaccurate personal information that we maintain about you;
  • If we sell or share personal information, the right to opt out of the sale or sharing;
  • If we use or disclose sensitive personal information for purposes other than those allowed by the CCPA and its regulations, the right to limit our use or disclosure; and
  • The right not to receive discriminatory treatment by us for the exercise of privacy rights the CCPA confers.

How to submit a request to know, delete, and/or correct

You may submit a request to know, delete, and/or correct by emailing us contact us using the relevant United States contact details set out at the start of this policy.

If you are submitting a request on behalf of a California resident, please submit the request through one of the designated methods set out above. After submitting the request, we will require additional information to verify your authority to act on behalf of the California resident.

Our process for verifying a request to know, delete, and/or correct

We will comply with your request upon verification of your identity and, to the extent applicable, the identity of the California resident on whose behalf you are making such request.

We verify your identity either to a “reasonable degree of certainty” or a “reasonably high degree of certainty” depending on the sensitivity of the personal information and the risk of harm to you by unauthorized disclosure, deleting, or correction as applicable. To do so, we will ask you to verify data points based on information we have in our records concerning you.

Shine the light law

We do not disclose personal information obtained through our Website to third parties for their direct marketing purposes. Accordingly, we have no obligations under California Civil Code § 1798.82.