Blossom Corporation Limited is a company registered in England and Wales (company number 11039819) with its registered office at 1210 Parkview, Arlington Business Park, Theale, Reading, England, RG7 4TY. We are registered with the Information Commissioner’s Office under licence number ZA291450.
The data we collect about you
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
- Identity Data: includes first name, last name, username or similar identifier, marital status, title, date of birth, gender, residential status;
- Contact Data: includes your home address or any other address you may provide, email address and telephone numbers;
- Financial Data: includes payment (credit/debit) cards and bank account details;
- Technical Data: includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types, signatures, and versions, cookie data, operating system and platform, and other technology on the devices you use to access this website, as well as other information automatically passed via HTTP by your browser;
- Profile Data: includes your username and password;
- Usage Data: includes information about how you use our website and services.
The sources from which we obtain your personal data
We obtain your personal data from the following sources:
- Directly from you via our website. This could include personal data which you provide when you:
- · purchase our services;
- · create an account on our website;
- · communicate with us
- Automated technologies – we may automatically collect Information technology data about your equipment, browsing actions and patterns by using cookies, server logs and other similar technologies.
- Third parties, such as providers of technical and payment services
- Publicly available sources, such as Companies House.
How we may use your personal data
Data protection, privacy and security are important to us, and we shall only use your personal information for specified purposes. The following are examples of such purposes.
- To help us to identify you when you contact us;
- To help us to identify accounts, services and/or products that you may have with us;
- To help us to administer any accounts, services and products we have provided you with;
- To allow us to carry out customer profiling to improve our websites and services;
- To help to prevent and detect fraud or loss;
- To enforce our Terms and Conditions.
Legal basis for processing your personal data
We process your personal data in accordance with UK Data Protection laws and the General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR). In order for you to use and access our website services, we must process your personal data. The legal basis for this processing is contained within Article 6 of the GDPR and in particular the following provisions:
- Article 6(1)(b) – processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
- Article 6(1)(c) – processing is necessary for compliance with a legal obligation to which we are subject e.g. contractual obligations or financial and auditing regulations; and
- Article 6(1)(f) – processing is necessary for the purposes of our legitimate interests e.g. in providing services including customer service, protecting the business, maintaining and providing a secure environment and training development and quality purposes.
Who we share your data with
We may share your personal data with:
- Any businesses with which we partner;
- Service providers such as credit-card payment performance services on our behalf. Access to your personal data by these service providers is limited to the information reasonably required for them to perform their function;
- Regulators and government bodies where necessary to respond to any government or regulatory request;
- Professional advisors based in the United Kingdom including lawyers, bankers, auditors and insurers;
- Other third parties in limited circumstances if we believe disclosure is necessary or appropriate to protect the rights, property or safety of our company, our customers or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and reporting suspected criminal activity; and
- Third parties which are considering or have decided to acquire some or all of our assets or shares (including in the event of a reorganisation, dissolution or liquidation).
Transfer of your personal data
Your personal data may be transferred outside of the UK depending on which of our internal systems your personal data is stored within. However, any such transfers are carried with appropriate safeguards in place. These safeguards will typically involve the recipient signing standard contractual clauses which uphold the level of protection given by data protection law.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
You have the following rights in respect of your data:
- The right to be informed about who is controlling your data, how, and for what purpose they intend to process the data, with whom they may share the data, and for how long they will keep the data.
- The right of access – you have the right to receive confirmation that your data is being processed. You also have the right to access your personal data in order to verify the lawfulness of the processing.
- The right to rectification – you can ask for inaccurate or incomplete personal data to be rectified
- The right to erasure or the right to be forgotten – you can ask for your personal data to be deleted or removed in specific circumstances.
- The right to restrict processing – you can ask us to “block” or suppress the processing of your personal data circumstances.
- The right to data portability – This allows you to obtain and re-use certain elements of your personal data for your own purposes across different services; it allows you to move copy or transfer your data easily from one IT environment to another in a safe and secure way, without hindering its usability.
- The right to object – You have the right to object to processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling); direct marketing (including profiling); and processing for purposes of scientific/historical research and statistics.
- Rights in relation to automated decision making and profiling – you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects, or which similarly significantly affects you.
What we may need from you: We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. No fee usually required: You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
If you have any complaints about how we have used your personal data please contact our Data Protection Officer at firstname.lastname@example.org or write to: The Data Protection Officer, 1210 Parkview, Arlington Business Park, Theale, Reading, England, RG7 4TY. We do recommend that you bring any issues to our attention as soon as possible. The sooner we know about the issue the sooner we can help resolve it. We will do our best to resolve your complaint but if you remain unsatisfied with any aspect relating to your personal information, you have the right to complain to the Information Commissioner’s Office. The ICO may be contacted at https://ico.org.uk/make-a-complaint/ By post at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF Telephone: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number.
We reserve the right to change this Policy at any time and any changes we may make, including details of changes in how we use your personal information, will be posted on this page.