GDPR AND DATA PRIVACY:
Welcome to the website of Blood Records Limited. In our capacity as controller within the meaning of the General Data Protection Regulation, we are obliged to comply with statutory provisions on data protection. As a matter of course, we greatly value the protection of your personal data along with fair and transparent data processing. We have provided you below with all the information you need to verify and exercise your data protection rights.
1. Who is responsibly for data processing
The responsible party is: Blood Records Limited
2. How can I contact the data protection officer
You can contact our data protection officer at: email@example.com (subject header ‘Data Protection’)
3. Why and on what legal basis do we process personal data?
If you are a Blood Records customer, create an account with us, participate in competitions or promotions or otherwise contact us, we will receive your personal data. We collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
Identity Data may include first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.
Contact Data may include billing address, delivery address, email address and telephone numbers.
Financial Data may include bank account and payment card details.
Transaction Data may include details about payments to and from you and other details of products and services you have purchased from us.
Technical Data may include internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
Profile Data may include your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
Usage Data may include information about how you use our website, products and services.
Marketing and Communications Data may include your preferences in receiving marketing from us and our third parties and your communication preferences.
We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences. We generally process data on the following legal bases:
6.1a GDPR, if you give us your explicit consent for data processing, e.g. if we contact you by telephone for advertising purposes or for customer satisfaction inquiries;
6.1b GDPR, if we are acting to fulfill our contractual obligations, e.g. if we use your email address to confirm the delivery date for your next box;
6.1c GDPR, if we are acting to fulfill legal obligations, e.g. if we check your age and your identity before the conclusion of a contract;
6.1f GDPR, if we process your data due to justified interest from us or third parties, e.g. if we use your email address to send you our newsletter for direct advertising purposes, or for optimizing our website’s advertising design.
3.1 Data processing on our website
3.1.1 Shipping orders
We are pleased to be able to supply you with our products. To enable you to order from us, we will create a customer account for you after your registration. In order to protect your customer account from access by third parties, we store your user name and password. In order to be able to deliver the products to you as desired, we store your contact data, order and delivery time and payment information. You can voluntarily provide your phone number so that we can alert you to new products on our site or contact you in case of delays or problems delivering your products. Please note that you may revoke your consent at any time by emailing firstname.lastname@example.org.
3.1.2 Payment handling
If you order product from our company your payment details will be sent to the appropriate payment service provider depending on the payment method you choose. The payment service provider is responsible for your payment data. Information, particularly about the authority responsible for the respective payment service provider, the contact information for the data protection officers of the payment service providers and the categories of personal data that are processed by the payment service providers, can be obtained from the following addresses:
PayPal (Europe) S.à.r.l. et Cie., Luxembourg, Data protection declaration: paypal.com/de/webapps/mpp/ua/privacy-full
3.1.3 Contacting us
You can use the contact form, our email address or phone number to ask questions and send us messages. We only process your data in this context in order to get in contact with you the way you wish and to answer your inquiry.
By creating an account with Blood Records you automatically consent to receiving information about new products on our site via email and phone (if you optionally added a mobile number). Of course, you can revoke your consent to be sent this material at any time, e.g. by clicking the unsubscribe link in the newsletter, updating the communication setting in your customer account or by sending a message to email@example.com with any changes.
3.1.5 Other advertising
Blood Records uses the email address and postal address provided by the customer to inform on similar product and service offers by email and mail. If you do not wish to receive any further advertising information by email or mail, you can object to the use of your contact data for advertising purposes at any time without incurring any costs other than for transmission according to the basic rates. You can submit your revocation by emailing firstname.lastname@example.org. If you are a new customer, and where we permit selected third parties to use your data, we (or they) will contact you by electronic means only if you have consented to this.
3.2 Will my usage data be processed for website optimisation and usage-based online advertising
We would like to explain some of the services in more detail below:
3.2.1 Google Analytics
3.2.3 Facebook custom audience pixel
4. Will my data be transmitted to third parties?
Your data will only be transmitted to third parties that are directly responsible for fulfilment of your orders. Your data will not be sold for advertising purposes, for example, but may be transmitted to our fulfilment company. This data is kept securely at all times.
4.1 Other service providers
Flying Vinyl can cooperate with other partners if it is necessary to fulfill our service offers or if we are legally obliged to release data.
5. Will my data be processed outside of the EU/EEA and how is data protection ensured?
It is important to us to process your data within the EU/EEA. However, we may use service providers who process data outside the EU/EEA. In these cases, we ensure that an appropriate level of data protection is established prior to the transfer of your personal data. This means that a level of data protection comparable to the standards within the EU is achieved using EU standard contracts or an adequacy resolution such as the EU Privacy Shield.
6. How long will my data be stored?
We delete personal data as soon as the purpose of storage no longer applies and legal retention periods do not preclude deletion. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes.
7. Data security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the Internet is never completely secure. Although we will do our best to protect your personal data, as all companies do, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
8. What rights do I have and how can I assert them?
Every customer or any other person affected by data processing has the right to information according to Art. 15 GDPR, the right to correction according to Art. 16 GDPR, the right to deletion according to Art. 17 GDPR, the right to restriction of processing according to Art.18 GDPR, the right to objection according to Art. 21 GDPR and the right to data transferability according to Art. 20 GDPR.
You can revoke your consent to the processing of personal data at any time. This also applies to the revocation of declarations of consent that were given to us prior to the validity of the General Data Protection Regulation, i.e. before May 25, 2018. Please note that revocation will only take effect for the future. Processing that took place before the revocation is not affected. You can submit your objection and/or revocation by phone by email to email@example.com
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated. You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us under firstname.lastname@example.org in the first instance.
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time. You can ask us or third parties to stop sending you marketing messages by contacting us at any time, or by adjusting your communication preferences via Account Settings on our website. If you no longer wish to receive our email communications, you can unsubscribe at any time by clicking on the unsubscribe link at the end of each newsletter.