In this Privacy Charter we set out how we collect, manage and protect your personal information. We also set out the rights you have to control and manage the personal information that we hold about you.
As you read this Privacy Charter, please keep in mind that it applies to Pukka Herbs business activities across the EEA. Pukka Herbs includes any company directly or indirectly owned or controlled by us together with any parent or holding company.
We have tried to keep this Privacy Charter as simple as possible. If you have any questions after reading this document, please email firstname.lastname@example.org.
What is Personal information and what do we collect?
Personal information is information that does or may identify you.
You do not have to share your personal information with us, but if you choose not to, we may not be able to provide you with our products and services, or answer any questions you may have asked us.
We may collect your personal information from a variety of sources. These include:
Personal information you provide to us directly
This will include:
- The information you provide when you place an order
- When you subscribe to receive one of our newsletters or information about our products, offers and promotions
- When you complete a survey or to enter one of our competitions
- Personal information contained within any enquiry
- Personal information shared in the Dosha quiz
Some of the personal information we collect may be sensitive information. This might include information about your race or health. We will only collect this information with your explicit consent. See more about sensitive information below.
Information collected automatically
We also use profiling techniques to collect information about how you use our sites and what pages you have visited. This helps us ensure that we deliver relevant content to you and to better understand what is of genuine interest to you. See more about profiling below.
Personal information from other sources
We collect personal data from other sources including trusted brand partners and where we operate an account on third-party platforms such as Twitter, Facebook and Instagram.
Additionally, we receive information about you and other visitors’ interactions with our advertising to measure whether our advertising is relevant and successful. We also collect information about you and your activities from a third party when we jointly offer services or products.
When we collect use Sensitive Information
Sensitive information falls into a special category of personal information. This includes information relating to your health, race, sexuality or ethnicity.
We only collect sensitive information in limited circumstances which include:
- When you join the Pukka Collective we ask you to tell us what areas of wellbeing you are interested in - this might include pregnancy, the menopause or sleep improvement for example
- When completing the Dosha quiz or other online wellbeing surveys;
- When you raise a specific enquiry through our customer services team
We may also collect sensitive data implicitly through your browsing or purchasing habits, or through you contacting us directly. For example, we may gain an indirect insight into wellbeing matters that are of clear interest to you.
At Pukka, we do not directly market to children. Our websites are designed and intended for use by adults.
Where any of our websites are intended for use by younger people, we will obtain explicit consent from the person with parental responsibility before any personal information is requested. We acknowledge that the age at which the consent of the parent will need to be obtained varies from country to country.
If you are a child under the age where parental consent is required in your country, you should review the terms of this Privacy Charter with your parent or guardian to make sure you understand and accept it. If we discover that we have collected personal data from a child without consent from a parent or guardian, we will delete that personal data as soon as practical.
How we use your personal information
We only collect, process and disclose your personal information for specific and limited purposes. These include:
- To administer any order you have placed with us;
- To manage your membership of the Pukka Collective (if relevant);
- To administer any competition that you may have entered;
- To send you the Pukka newsletter;
- To provide you with information about Pukka products and offers that we believe will be of genuine interest to you;
- To direct you to content within our site that we think is relevant to you;
- To provide tailored product recommendations and targeted advertising based on what you have shared with us;
- To allow you to participate in any interactive features, survey or quizzes on our site;
- To share with brand partners where they offer services or products we think may be of interest to you, provided you have given us your consent;
- To answer any inquiry you may send to us;
- To authenticate that we are talking to the right person should we need to get in touch with you;
- To help us to understand and react to the changing interests and needs of our consumers so that we can improve our websites and our products.
Where required, we will obtain your consent to process your personal information. Where you have given consent, you may withdraw your consent at any time. Please see withdrawing consent.
In some cases, we rely on legitimate interest for processing your personal information. A legitimate interest could exist, for example, where you have joined the Pukka Collective and we use the personal data collected to conduct data analytics to improve our products or services. Alternatively, we may rely on legitimate interest to assist us in fulfilling a contractual obligation. We will only rely on legitimate interest where there is no less intrusive way to process your personal data.
Profiling is an automated process that enables us to use your personal data to build a profile about you. This is one of the tools we use to analyse your online activities including surfing, searching and buying behavior. We may also analyse your participation in surveys, email preferences and activity on social medial channels.
We use profiling to help us assess your likely preferences and interests. If you are a member of the Pukka Collective, we may use profiling to select certain members so that we can send them a reward or a sample of a new product.
Profiling helps us only contact you about matters that we believe will be of genuine interest to you. You may withdraw your consent to prevent your personal information being used in this way at any time by using the manage cookies section of our Cookie Notice, or by following the guidance set out at withdrawing consent below.
How we share your personal information
We do not sell your personal information to any third party.
We share your personal information internally within Pukka and with selected third parties in the following circumstances:
- To courier and logistics providers who ship products you may have ordered, or to ship samples or prizes
- With payment processors who administer secure payment options.
- With parties who host and process personal information on our behalf in accordance always with applicable laws and regulations
- To brand partners with whom we collaborate on competitions and events – if you have consented to this in the first place
- With other businesses within the Pukka family of companies (who will become a joint-controller of your personal information) for operational and legitimate business reasons
When we are legally required to disclose it. This includes:
- To comply with a legal obligation;
- When we believe in good faith that an applicable law requires it;
- At the request of governmental authorities conducting an investigation;
- To verify or enforce any other policy relating to this website;
- To detect and protect against fraud, or any technical or security vulnerabilities;
- To respond to an emergency situation.
International data transfers
We will only send personal information collected within the EEA to foreign countries:
- To follow your instructions;
- To comply with a legal duty; or
- To work with any agent or adviser who we use to help run our business and services.
If we do transfer personal information outside of the EEA, we will make sure that it is protected in the same way as if it was being used in the EEA. We will use one of the following safeguards:
- Transfer to a non-EEA country whose privacy legislation ensures an adequate level of protection of personal data to the EEA one;
- Put in place a contract with the foreign third party that means they must protect personal information to the same standards as the EEA; or
- Transfer personal data to organisations that are part of specific agreements on cross-border data transfers with the European Union (e.g., Privacy Shield, a framework that set privacy standards for data sent between the United States and the European countries).
How we protect your personal data
We take the security of your personal information very seriously. We take every effort to protect your personal information from misuse, interference, loss, unauthorized access, modification or disclosure.
Our measures include implementing appropriate access controls, investing in appropriate IT security and ensuring that we encrypt and pseudonymise or anonymise personal information wherever possible.
Access to your personal information is only permitted among our employees and agents on a need-to-know basis and subject to strict contractual confidentiality obligations when processed by third parties.
How long do we keep your personal information for?
We will keep your personal information for as long as we need it for the purpose it is being processed for. For example, where you have purchased one of our products online, we will keep your personal information related to the purchase so we can perform the specific contract you have entered. After which, we will keep the personal information for a period which enables us to handle or respond to any complaints, queries or concerns relating to the purchase.
Your personal information may also be retained so that we can continue to improve your experience with us and to ensure that you can enjoy your membership of the Pukka Collective.
We retain the identifiable data we collect directly for targeting purposes for as little time as possible, after which we employ measures to permanently delete it.
We will actively review the personal information we hold and delete it securely, or in some cases pseudonymise or anonymise it, when there is no longer a legal, business or consumer need for it to be retained.
Your rights as a data subject
This is a summary of your rights relating to the personal information we hold about you.
The right to be informed. You have the right to be provided with clear, transparent and easily understandable information about how we use your personal information and your rights. Therefore, we’re providing you with the information in this charter.
The right to access and rectification. You have the right to access, correct or update your personal information at any time. We understand the importance of this and should you want to exercise your rights, please contact us as set out below;
The right to data portability. The personal information you have provided us with is portable. This means it can be moved, copied or transmitted electronically under certain circumstances.
The right to be forgotten. Under certain circumstances, you have the right to request that we delete your personal information. If you wish to delete the personal information we hold about you, please let us know and we will take reasonable steps to respond to your request in accordance with legal requirements. If the personal data we collect is no longer needed for any purposes and we are not required by law to retain it, we will do what we can to delete, destroy or permanently de-identify it.
The right to restrict processing. Under certain circumstances, you have the right to object to certain types of processing, including processing for direct marketing (i.e. receiving emails from us notifying you or being contacted with varying potential opportunities).
The right to lodge a complaint with a supervisory authority. You have the right to lodge a complaint directly with any local Supervisory Authority about how we process our personal information;
The right to withdraw consent. If you have given your consent to anything we do with your personal information, you have the right to withdraw your consent at any time by contacting the details below.
Rights related to automated decision-making. You have the right not to be subject to any decision which is based solely on automated processing in certain circumstances.
If you wish to contact us about your personal information, including where you wish to withdraw consent or restrict certain processing activities, please email email@example.com.
We will update this privacy charter from time to time to reflect customer feedback and changes to our products or services.
3 May 2018