Your privacy is important to us and Bluefin takes this issue very seriously.
This privacy notice applies to everyone who interacts with us as a customer who has purchased any of our products or services, a user of any apps we provide, anyone who has signed up to receive marketing materials from us, anyone who enters any of our promotions/competitions, anyone who applies to attend any of our events or who interacts on social media with us, except to the extent that the reason you interact with us is already covered by another of our privacy notice(s).
WHAT ARE OUR BASES FOR PROCESSING YOUR PERSONAL INFORMATION?
We will only use your personal information when the law allows us to. This means we must have one or more legal bases to use your personal information. Most of these will be self-explanatory. The most common legal bases which will apply to our use of your personal information are set out below:
- Where we need to perform the contract, we have entered into with you which covers your relationship with us or to take steps to enter into that contract.
- Where we need to comply with a legal obligation which applies to us, for example complying with laws relating to the sale of products to consumers or complying with data protection laws.
- Where it is necessary for legitimate interests pursued by us or a third party and your interests and fundamental rights do not override those interests. We have set out in the section below how we use your personal information together with more details on our legitimate interests.
- You have given your consent. Generally, we do not rely on or need your consent for most uses we make of your personal information, but we will need your consent to directly market our products and services to you by electronic communications channels such as email or SMS/MMS. Where we are processing any sensitive special category personal information about you (for example personal information revealing racial or ethnic origin, religious or philosophical beliefs, or data concerning health) we also need to have one or more of the following legal bases for using your personal information.
- Where we have your explicit consent to do so.
- Where it is necessary for us to comply with our legal and regulatory obligations and exercising our legal rights and duties. For example, processing your health information so we can ensure our app is tailored to you and your exercise regime should be safe for you to follow or making sure it is safe for you to participate in one of our events or promotions or making any adjustments necessary for you to attend our premises.
- Where we need to protect your vital interests (or someone else’s vital interests).
- Where you have already made public the personal information.
- In establishing, exercising, or defending legal claims, whether those claims are against us or by us.
- Where it is necessary in the public interest. In some cases, more than one legal bases may apply to our use of your personal information
CHANGING MARKETING PREFERENCES
You have the right to opt out of receiving marketing communications from us at any time by:
- Updating your preferences on our website.
- Informing us that you wish to change your marketing preferences by contacting our customer support team at firstname.lastname@example.org
- Making use of the simple “unsubscribe” link in emails or any other electronic marketing materials we send to you.
WHAT PERSONAL INFORMATION DO WE COLLECT?
In connection with your relationship or interactions with us, we may collect and process a wide range of personal information about you. This includes:
- Personal contact details such as name, title, address (including billing address and delivery address), email address and telephone number(s).
- Information about your date of birth, age, gender, title and the name of any delivery recipient.
- Details regarding or connected to products or services that you have ordered from us.
- Device data where you use our apps or website which may include information about the device you use and the unique device identifier for example your device’s IMEA number, the MAC address of the device’s wireless network interface, or the mobile phone used by the device, mobile network information, your mobile operating system, the type of mobile browser you use, time zone setting, the IP address, device type, usernames and account details, location data which may include your current location disclosed by your own software. However, we do not use separate location tracking software.
- Profile data including your username, purchase history, your interests, preferences, feedback and responses and any inferences drawn from any of personal data to create a profile about you to reflect your preferences, characteristics, predispositions, behaviour, attitudes, abilities, and aptitudes.
- Content data which includes information stored on your device, including login information, videos, photographs and audio recordings or other digital content, check-ins, or your workout data that you input and upload and your social media handles, posts, and information about your followers that you tag us in.
- Payment details, payment card details, bank account details, financial transactions, and refunds.
- Any terms and conditions relating to your relationship with us.
- Any communications between ourselves and you.
- Your social media handles, social media posts, information about your social media followers, information about any product/services endorsements by you and other aspects of your social media activity.
- Publicly available personal information, including any which you have shared via a public platform, online or on social media.
- Details of your sporting or athletic achievements and activity and related plans and progress where you tell us about them.
- Personal history and information including hobbies, interests and your preferences.
- Responses and results of surveys.
- Fraud prevention related information which may include details of other transactions you have been involved in.
- Applications to enter or attend competitions, promotions or events, attendance at events and promotions and any results or other related personal information.
- Your usage of the IT systems we make available to visitors to our premises such as any visitor internet facilities at our premises.
- IP address information which allows us to track your usage of our website.
- Details of any queries, complaints, claims and cases involving both us and yourself including any related communications.
Any other personal information you provide to us. We may also in some cases collect and process more sensitive special category personal information including:
- Information about your health including any medical condition, health, and sickness records, including where you inform us about any ill-health, injury, or disability.
- In some cases equal opportunities monitoring information, including information about your ethnic origin, sexual orientation, health and religion or beliefs. This will usually only be where it is relevant to events, promotions, campaigns or other activities that may involve you. If you are providing us with details of any other individuals, for example a friend of yours that you ask us to deliver our products to where you have ordered them as a present, they have a right to know and to be aware of what personal information we hold about them, how we collect it and how we use and may share that information. Please share this privacy notice with them. They also have the same rights as set out in this privacy notice in relation to their personal information that we collect. We will only collect the data of children under 16 years with the express consent of their parents or guardians. Our websites/apps expressly require users to first confirm they are over 16 before an account can be created, data is collected or orders processed
WHERE DO WE COLLECT YOUR PERSONAL INFORMATION FROM?
Bluefin Trading LTD collects your personal information in a variety of ways and from a variety of sources as set out below:
- Most of your personal information is collected directly from you, for example through contact with you, through information you input into our website, from orders placed by you, from correspondence with you, through your applications, entries to competitions/promotions, entries to events, attendance at events or promotions, from correspondence with you or through other interactions with us, when you visit our premises or other personal information you provide to us.
- From other individuals known to you who may have given us your personal information so that we can send you any of our products as a gift.
- From websites, the internet, social media or other platforms including public sources of information.
- From third parties appointed by you, for example any financial or legal advisors.
- From government or government related bodies, regulators, the police, law enforcement authorities or the security services.
Personal Data will be adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed. Our personnel will not process Personal Data for any reason unrelated to their job duties. When Personal Data is no longer needed for specified purposes, it will be deleted or anonymised in accordance with our data retention guidelines.”
Personal Data will not be kept in an identifiable form for longer than is necessary for the purposes for which the data is processed. We will not keep Personal Data in a form which permits the identification of the Data Subject for longer than needed for the legitimate business purposes for which we originally collected it including for the purpose of satisfying any legal, accounting or reporting requirements. We will take all reasonable steps to destroy or erase from our systems all Personal Data that we no longer require. This includes requiring third parties to delete such data where applicable.”
We will ensure personnel have undergone adequate training to enable them to comply with data privacy laws. We require our personnel to commit to data protection and confidentiality obligations where necessary.”
CHANGES TO THIS PRIVACY STATEMENT
We reserve the right to change this Privacy Statement at any time so please check back regularly to obtain the latest copy of this Statement. This Privacy Statement does not override any applicable data privacy laws and regulations.”
We employ security measures which aim to protect the information provided by you from access by unauthorised persons and against unlawful processing, accidental loss, destruction or damage.
We also expect you to take reasonable steps to safeguard your own privacy when transferring information to us, such as not sending confidential information over unprotected email, ensuring email attachments are password protected or encrypted and only using secure methods of postage when original documentation is sent to us.
RIGHT TO ACCESS PERSONAL INFORMATION
You have a right to request that we provide you with a copy of your personal information that we hold and you have the right to be informed of; (a) the source of your personal information; (b) the purposes, legal basis and methods of processing; (c) the data controller’s identity; and (d) the entities or categories of entities to whom your personal information may be transferred.
RIGHT TO RECTIFY OR ERASE PERSONAL INFORMATION
You have a right to request that we rectify inaccurate personal information. We may seek to verify the accuracy of the personal information before rectifying it.
You can also request that we erase your personal information in the following limited circumstances:
- where it is no longer needed for the purposes for which it was collected; or
- where you have withdrawn your consent (where the data processing was based on consent); or
- following a successful right to object or
- where it has been processed unlawfully; or
- to comply with a legal obligation to which we are subject.
We are not required to comply with your request to erase personal information if the processing of your personal information is necessary:
- for compliance with a legal obligation; or
- for the establishment, exercise, or defence of legal claims.
RIGHT TO RESTRICT THE PROCESSING OF YOUR PERSONAL INFORMATION
You can ask us to restrict the processing of your personal information, but only where:
- its accuracy is contested, to allow us to verify its accuracy; or
- the processing is unlawful, but you do not want it erased; or
- it is no longer needed for the purposes for which it was collected, but you still need it to establish, exercise or defend legal claims; or
- you have exercised the right to object, and verification of overriding grounds is pending.
We can continue to use your personal information following a request for restriction:
- where we have your consent; or
- to establish, exercise or defend legal claims; or
- to protect the rights of another natural or legal person.
RIGHT TO TRANSFER YOUR PERSONAL INFORMATION
You can ask us to provide your personal information to you in a structured, commonly used, machine readable format, or you can ask to have it transferred directly to another data controller, but in each case only where:
- the processing is based on your consent or on the performance of a contract with you; and
- the processing is carried out by automated means.
RIGHT TO OBJECT TO THE PROCCESSING OF YOUR PERSONAL INFORMATION
You can object to any processing of your personal information which has our legitimate interests as its legal basis if you believe your fundamental rights and freedoms outweigh our legitimate interests. If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms. You can request that we do not transfer your personal information to unaffiliated third parties for the purposes of direct marketing or any other purposes.
Right to obtain a copy of personal information safeguards used for transfers outside your jurisdiction
You can ask to obtain a copy of, or reference to, the safeguards under which your personal information is transferred outside of the UK. We may redact data transfer agreements to protect commercial terms. Right to lodge a complaint with your local supervisory authority. You have a right to lodge a complaint with your local supervisory authority (the contact details for which are set out in the Complaints section of this Privacy Notice) if you have concerns about how we are processing your personal information. We ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.
We have appointed a Data Protection officer with responsibility for data protection compliance. Queries, complaints or requests for further information should be directed to the Data Protection Officer, Bluefin Trading Ltd, Keelham Farm, Hebden Bridge, West Yorkshire HX7 8TG. If you are still dissatisfied, there is the right to lodge a complaint with the Information Commissioner’s Office at https://ico.org.uk