Here are the details that the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regards to the processing of personal data and on the free movement of such data, known as General Data Protection Regulation (GDPR) says we have to give you as a 'data controller':
Our site address is www.bricoflor.co.uk
Our company name is BRICOFLOR Limited
Our registered address is 130 High Street, Marlborough, Wiltshire, SN8 1LZ U.K.
Our nominated representative is Dirck Scharpenack and they can be contacted at firstname.lastname@example.org.
We may collect, store and use the following kinds of personal information:
(a) information about your computer and about your visits to and use of this website (including your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation).
(b) information relating to any transactions carried out between you and us on or in relation to this website, including information relating to any purchases you make of our goods or services.
(c) information that you provide to us for the purpose of registering with us.
(d) information that you provide to us for the purpose of subscribing to our website services, email notifications and/or newsletters and
(e) any other information that you choose to send to us.
Under GDPR we will ensure that your personal data is processed lawfully, fairly, and transparently, without adversely affecting your rights. We will only process your personal data if at least one of the following basis applies:
a) you have given consent to the processing of your personal data for one or more specific purposes;
b) processing is necessary for the performance of a contract to which you are a party or in order to take steps at the request of you prior to entering into a contract;
c) processing is necessary for compliance with a legal obligation to which we are subject; and/or
d) processing is necessary for the purposes of the legitimate interests pursued by us or by a third party such as our credit card payment processing, except where such interests are overridden by the fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server. This enables the web server to identify and track the web browser.
We may use both "session" cookies and "persistent" cookies on the website. Session cookies will be deleted from your computer when you close your browser. Persistent cookies will remain stored on your computer until deleted, or until they reach a specified expiry date.
We will use the session cookies to: keep track of you whilst you navigate the website; keep track of items in your shopping basket; prevent fraud and increase website security. We will use the persistent cookies to: enable our website to recognise you when you visit and keep track of your preferences in relation to your use of our website.
Our payment services providers may also send you cookies.
We may use your personal information to:
(a) administer the website;
(b) improve your browsing experience by personalising the website;
(c) enable your use of the services available on the website;
(d) send you goods purchased via the website;
(e) send statements and invoices to you, and collect payments from you;
(f) send you general (non-marketing) commercial communications;
(g) send you email notifications which you have specifically requested;
(h) send you our newsletter and other marketing communications relating to our business or the businesses of carefully-selected third parties which we think may be of interest to you, by post or, where you have specifically agreed to this, by email or similar technology (and you can inform us at any time if you no longer require marketing communications);
(i) provide third parties with statistical information about our users – but this information will not be used to identify any individual user;
(j) deal with enquiries and complaints made by or about you relating to the website;
(k) keep the website secure and prevent fraud; and
(l) verify compliance with the terms and conditions governing the use of the website (including monitoring private messages sent through our website private messaging service).
Where you submit personal information for publication on our website, we will publish and otherwise use that information in accordance with the licence you grant to us.
We will not, without your express consent, provide your personal information to any third parties for the purpose of direct marketing.
You can also choose to make payment by credit card or bank transfer.
We do not store credit card details nor do we share customer details with any third parties.
If you are already our customer, we will only contact you electronically about things similar to what was previously sold to you.
If you are a new customer, you will only be contacted if you agree to it.
If you don't want to be contacted for marketing purposes, please tick the relevant box that you will find on screen.
In addition, if you don’t want us to use your personal data for any of the other reasons set out in this section in 4, you can let us know at any time by contacting us at email@example.com, and we will delete your data from our systems. However, you acknowledge this will limit our ability to provide the best possible products and services to you.
In some cases, the collection of personal data may be a statutory or contractual requirement, and we will be limited in the products and services we can provide you if you don’t provide your personal data in these cases.
We may contract with third parties to supply services to you on our behalf. These may include payment processing, search engine facilities, advertising and marketing. In some cases, the third parties may require access to some or all of your data. These are the third parties that have access to your information:
If you pay via the payment method "PayPal" or "PayPal Express, your information to PayPal will be delivered. PayPal is a service of PayPal (Europe) S.à.rl & Cie. SCA, 22-24 Boulevard Royal, L-2449 Luxembourg. PayPal assumes the function of an online payment service provider as well as a trustee and offers buyer protection services.
The personal information provided to PayPal is the name and surname, gender, address, telephone number, IP address, e-mail address or other data required to complete the order, as well as any data related to the order, such as the number of items, item number, invoice amount, percent taxes and billing information. In addition, PayPal will also be provided with the name of the person through whose PayPal account payment is made.
This submission is necessary to process your order with the payment method you have selected, in particular to confirm your identity, to administer your payment and to secure against default and fraud.
Please also note that PayPal may disclose your personal information to service providers, subcontractors or other affiliates, to the extent necessary to fulfil the contractual obligations of your order, or to process personal information in the order.
You can find the valid data protection regulations of PayPal here:
If you pay by Credit/Debit card, your data will be transmitted to BarclayCard - a trading name of Barclays Bank UK PLC. Barclays Bank UK PLC is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority (Financial Services Register number: 759676). Registered in England No. 9740322. Registered office: 1 Churchill Place, London E14 5HP
If you decide for a payment method offered by BarclayCard, payment will be processed via the payment service provider BarclayCard, to whom we will inform you about your order (name, address, account number, bank code, possibly credit card number, invoice amount, currency) and transaction number).
The processing of personal data for users is required for the completion of a contract where the user is a contractual party or as a step in completing pre-contractual requirements which take place according to the express consent of the user. The legal grounds for this is Article 6 Section 1 b) of the GDPR
If a user completes a contact form or makes contact with the responsible entity in any other way – including email, telephone, fax or post – the personally identifiable data will only be used to complete their enquiry. The legal grounds for this use of data is the consent provided by the user in accordance with article 6, section 1a of the GDPR.
In any other cases where personally identifiable data is processed, it is used in accordance to the authorized interests of the responsible entity – such as the analysis of use of their website by Google Analytics, to integrate external fonts using Google Fonts or by using Cloudflare to detect, limit or prevent any cyber-attacks or errors on their website. The legal grounds for this processing is Article 6, Section 1f of the GDPR. The responsible entity will make the user aware of their right to object to use of their data. As part of these affiliate marketing activities, cookies are stored on users' devices to document transactions (orders). These cookies are for the sole purpose of correctly assigning the success of an advertising medium and the corresponding billing within the Belboon network. Personal data are not collected, processed or used.
We have integrated the Trusted Shops Trustbadge on this website in order to display the reviews collected using the Trusted Shops system.
This serves the protection of our legitimate interests in the optimal marketing of our offer according to art. 6 (1) 1 lit f GDPR that are overriding in the process of balancing of interests. The Trustbadge and the advertised trust badge services are offered by Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne, Germany.
With every use of the Trustbadge, the web server automatically saves a so-called server log file which contains e.g. your IP address, the date and time of the request, the volume of data transferred and the requesting provider (access data), and documents the request. Those access data are not analysed and are automatically overwritten no later than seven days after the end of your website visit.
Other personal data are transferred to Trusted Shops only if you decide to use or have already registered to use Trusted Shops products after placing an order. In such a case, the contract concluded between you and Trusted Shops applies.
This website uses Google Analytics, a web analytics service provided by Google, Inc. ("Google"). Google Analytics uses "cookies", which are text files placed on your computer to help the website analyse how visitors use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States, 600 Amphitheater Parkway, Mountain View, CA 94043.
Google is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European data protection law. Further information on the Privacy Shield Agreement can be found here:
In addition, we may disclose your personal information:
(a) to the extent that we are required to do so by law;
(b) in connection with any ongoing or prospective legal proceedings;
(c) in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk);
(d) to the purchaser (or prospective purchaser) of any business or asset that we are (or are contemplating) selling; and
(e) to any person who we reasonably believe may apply to a court or other competent authority for disclosure of that personal information where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that personal information
Where any of your data is required for such a purpose, we will take all reasonable steps to ensure that your data will be handled safely, securely, and in accordance with your rights, our obligations, and the obligations of the third party under GDPR and the law.
We may transfer your collected data to storage outside the European Economic Area (EEA). It may be processed outside the EEA to fulfil your order and deal with payment.
By giving us your personal data, you agree to this arrangement. We will do what we reasonably can to keep your data secure.
Payment will be encrypted. If we give you a password, you must keep it confidential. Please don't share it. Although we try to provide protection, we cannot guarantee complete security for your data, and you take the risk that any sending of that data turns out to be not secure despite our efforts.
We only keep your personal data for as long as we need to in order to use it as described above in section 4, and/or for as long as we have your permission to keep it. In any event, we will conduct an annual review to ascertain whether we need to keep your personal data. Your personal data will be deleted if we no longer need it.
We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information.
We will store all the personal information you provide on our secure (password- and firewall-protected) servers.
All electronic transactions entered into via the website will be protected by encryption technology.
You acknowledge that the transmission of information over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet.
You are responsible for keeping your password and other login details confidential. We will not ask you for your password (except when you log in to the website).
You can ask us not to use your data for marketing. You can do this by ticking the relevant boxes on our forms, or by contacting us at any time at firstname.lastname@example.org.
Under the GDPR, you have the right to:
request access to, deletion of or correction of, your personal data held by us at no cost to you;
request that your personal data be transferred to another person (data portability);
be informed of what data processing is taking place;
to object to processing of your personal data; and
complain to a supervisory authority.
The website contains links to other websites. We are not responsible for the privacy policies or practices of third party websites. We have no control over how your data is collected, stored or used by other websites and we advise you to check the privacy policies of any such websites before providing any data to them.
Please let us know if the personal information which we hold about you needs to be corrected or updated.
The data controller responsible in respect of the information collected on this website is BRICOFLOR Limited.
21 May 2018