Privacy Policy

This privacy policy explains how we collect, store and process your personal data. Personal data is any information that can be used to identify a living individual, either directly or indirectly. It can refer to obvious things like your name and address, but also to online identifiers such as IP addresses.

By making a purchase, becoming an Aufora.com member, using our website, entering an Aufora.com competition, or providing your details to us in-store or over the phone, then you acknowledge that your personal data may be used according to the practices set out in this policy.

Our Privacy Promise

In order to provide you with our services, sometimes we might need to collect some personal data from you. When it comes to privacy, why we’re different comes down to something simple; we care.

Here at Aufora we promise to be transparent with you about how we collect, process, store and share your personal data:

  • You’re always in control: your privacy will be respected at all times and we will put you in control with easy-to-use tools and clear choices
  • We operate securely: we are committed to maintaining the safety and security of all personal data from the point of collection to its deletion from our company, using appropriate security measures and controls
  • For your benefit: when we do process your personal data, we will do so to benefit you and to make your experience with Aufora.com better and to improve our products and services
  • We may also need to share your information with third parties who help us to provide our services, such as our couriers so they can deliver your items to you. We will make sure that all third parties we are engaged with treat your personal data with as much respect as we do.

Who are we?

Aufora
Unit 3, Belvedere Industrial Estate
Belvedere
Kent
DA17 6BS

Email address: info@aufora.com
Registered company number: 10068687
ICO registration number: ZA384312

How do we collect your personal data?

You provide us with data when:

  • You become an Aufora member;
  • You sign up for our newsletter and other marketing;
  • You enter our competitions;
  • You talk with us on the phone or online;
  • You make an online enquiry;
  • You send emails or letters to us.

Data we collect when you use our services:

  • Transactional details when you order from us;
  • Cookies gathered from the devices you use to connect to our website or social media platforms.

 Data from 3rd parties we work with:

  • Our social media platforms;
  • Google Analytics.

What personal data do we collect from you?

We have to collect some information from you so that we can provide you with our services, e.g., when you place an order with us.

We do our best to make sure that we do not collect excessive information from you, and we limit data collection to only what is necessary for us to provide you with our services.

We do not collect any special category personal data from any of our customers. This includes information about your race/ethnicity, religious or philosophical beliefs, sex life/sexual orientation, political opinions, trade union membership, and your health/genetic/biometric data. We do not collect any information about criminal convictions and offences

We may collect, use, store and transfer different kinds of personal data about you which is as follows:

  • Identity data – name and title;
  • Contact data – address, postcode, email address and telephone numbers;
  • Transaction data – details of products/services you have purchased from us, including date and time of purchase, and the amount you spend in relation to that purchase;
  • Technical data – internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website;
  • Profile data – purchases/orders made by you, your interests, preferences, feedback, survey responses, and preferences about the use of our services (including whether you are interested in certain services that we offer);
  • Usage data – information about how you use our website, products, and services;
  • Marketing and communications data – your preferences in receiving marketing from us and our third parties, plus your communication preferences.

How we use your personal data

We will only use personal information about you if we have a legal basis to do so, and we will tell you what that legal basis is. In some circumstances, we can use your personal information if it is in our legitimate interest to do so, provided that we have told you what that legitimate interest is. A legitimate interest is a business or commercial reason to use your information which, when balanced against your rights, is justifiable. If we are relying on our legitimate interests, we have set that out in the table below.

What we use your personal information for

What personal information we collect

Our legal grounds for processing

Our legitimate interests (if applicable)

To register you as a new member and create your Aufora account

Identity

Contact

Performance of a contract with you

To process your transactions and deliver your items

Identity

Contact

Transaction

Performance of a contract with you

To manage payments and recover any money owed to us

Identity

Contact

Transaction

Performance of a contract with you Legitimate interests

To recover any debts owed to us

To make suggestions and recommendations to you about items that may be of interest to you

Identity

Contact

Marketing and communications

Technical

Profile

Usage

Legitimate interests Consent

To better tailor our services to our customers and grow our business

To manage our relationship with you, including notifying you about changes to our terms or privacy notices

Identity

Contact

Transaction

Performance of a contract with you Necessary to comply with a legal obligation Legitimate interests

To keep our records up to date

To enable you to partake in a prize draw, competition or to complete a survey

Identity

Contact

Transaction

Performance of a contract with you Legitimate interests Consent

To study how customers use our services and to grow our business

To administer and protect our business and our website

Transaction

Technical

Usage

Legitimate interests

Running our business, provision of administration and IT services, network security

To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you

Identity

Contact

Marketing and communications

Usage

Profile

Legitimate interests

To study how customers use our services, to develop them, to grow our business and to inform our marketing strategy

To use data analytics to improve our website, products/services, marketing, customer relationships and experiences

Technical

Usage

Profile

Legitimate interests

To define types of customers for our services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy

To carry out session recordings to improve our website, products/services, marketing, customer relationships and experiences

Identity

Technical Usage

Profile

Legitimate interests Consent

To study how customers use our website, to develop and improve our website (including bug-fixing) and to inform our marketing strategy

 

Who do we share your data with?

  1. Marketing
    We use Sendinblue to help manage our marketing database and to send information to you, so your data, including your name, email address and phone number, will be stored within the Sendinblue system. Sendinblue may process some of your personal data outside of the EEA, and we have ensured that there are appropriate safeguards in place for doing so. Sendinblue is Privacy Shield certified and also uses Standard Contractual Clauses to ensure the security of processing outside of the EEA.

  2. Deliveries
    We will share your name, address, email address, and phone number with our couriers, so that they can deliver your items to you and contact you with delivery updates. We use different couriers depending on the size of the item(s) you have ordered, how quickly you have requested your delivery, and where you live, but we will always tell you which service will be delivering your order.

  3. Transactions
    We use third-party payment providers, FirstData (Mastercard Payment Gateway service) and PayPal to securely process our transactions, so information relating to your transactions, including your card details, will be shared with these providers.

    First Data Payment and PayPal may all process your personal data outside of the EEA.

    First Data Payment has Binding Corporate Rules in place to ensure the security of processing outside of the EEA. You can download these and also read their Privacy Policy here. You can also view PayPal’s Binding Corporate Rules here. Read PayPal’s Privacy Policy for more information about how they keep your personal data secure.

How long do we keep your data?

We work hard to ensure that we do not keep your personal data for longer than is necessary to fulfil the purpose for which it was collected. Generally, we will not keep your personal details for longer than 6 years (the statutory retention period for HMRC records).

How do we look after your data?

We will protect the data you entrust to us with appropriate measures and controls, and we ensure that the companies we work with are just as careful with your data.

  • We will always use appropriate technical and organisational measures to prevent the loss, misuse, destruction, or alteration of your personal data;
  • We will continually test, audit and monitor our compliance with Information Security standards and relevant Data Protection regulations;
  • We ensure that the third parties we work with who process your personal data operate under a Data Sharing Agreement.

Your rights

You have the following rights with regards to your personal data:

  • The right to be informed – this privacy notice explains to you how your personal data is processed by us;
  • The right to access – you can request that we provide you with all of the personal data that we hold about you. We will provide this to you free of charge within one month of your request;
  • The right to rectification – we like to make sure that the information we have about you is correct. You can manage your personal details within your Aufora account to ensure that they are up to date, or you can contact us to let us know if we have any incorrect information about you by emailing info@dandx.co.uk
  • The right to erasure – you have the right to have your data ‘erased’ in the following situations:
  1. Where the personal data is no longer necessary in relation to the purpose for which it was originally collected or processed;
  2. When you withdraw consent;
  3. When you object to the processing and there is no overriding legitimate interest for continuing the processing;
  4. When the personal data was unlawfully processed;
  5. When the personal data has to be erased in order to comply with a legal obligation.
  • The right to restrict processing – you have the right to restrict processing in certain situations where/when:
  1. You contest the accuracy of your personal data. We will restrict the processing until you have verified the accuracy of your personal data;
  2. You have objected to processing and we are considering whether our legitimate grounds override your legitimate grounds;
  3. Processing is unlawful, and you oppose erasure and request restriction instead;
  4. We no longer need the personal data, but you require the data to establish, exercise or defend a legal claim.
  • The right to object – you have the right to object to the processing of your personal data in the following circumstances:
  1. Direct marketing – remember, you can opt out at any time from our marketing communications using the preference centre in your Aufora account, by using the “unsubscribe” function in our marketing emails, or by contacting us at info@dandx.co.uk;
  2. Where the processing is based on legitimate interests;
  3. Processing for purposes of scientific/historical research and statistics.

You also have the right to not to be subjected to a decision that is based solely on automated processing. Aufora does not conduct any automated decision making, including profiling, on our customers.

Updates to our Privacy Policy

We will continually review this Privacy Policy and may make changes where necessary. The Privacy Policy published on our website will always be the most up-to date-version; to ensure you always have the most information, please keep checking this page.

How to contact us

If you want to talk to us about anything in this privacy policy, to find out more about your rights, or to enforce your rights, please contact us using the information provided in the “Who are we?” section, and our team will be happy to help.

Not happy?

If you feel that we have not processed your data according to the law, please let us know using the contact details in the “Who are we?” section, so we work with you toward a resolution.

If you are still not satisfied, you have the right to make a complaint with the ICO here.