We take our commitment to your privacy seriously, and we treat any information you provide to us with care. This policy describes what Planted Terraria Exotics (“we“, “our” or “us“) do with your information and what we do to keep it secure. It also explains where and how we collect your personal information, as well as your rights over any personal information we hold about you.
This policy applies to you if you use our products or services in store, over the phone, online, through any of our websites (including https://www.plantedterraria.co.uk/) or when interacting with us on social media (our “Services“).
WHO WE ARE
- We are Planted Terraria Exotics Ltd, a company registered in England & Wales.
- Trading as Planted Terraria Exotics Ltd
- Company Registration No: 12964087
- VAT number:
- Registered address: The Bungalow, South Road, Tetford, LN9 6QB
WHAT INFORMATION WE COLLECT
- When you place an order with us or interact with our website we may ask you for certain information and you may submit personal data to us (for example your name, phone number, postal address, email address, contact and bank/credit card details). We may also record which products you are interested in and which products you purchase as well as customer traffic patterns and site use.
- Some examples of how information may be collected by us:
- The Information You Provide Us: We receive and store information that you submit when using our websites or that you provide us in any other way (for example by email or telephone). This information may be provided when ordering from us (via our websites or by telephone); entering competitions; registering an account on our websites; accessing your account; querying order status, or by submitting support requests or queries via our contact form.
- Information We Collect When You Use Our Services: We receive, process and store certain information whenever you interact with our websites. Like many websites, we use “cookies” and other tracking technologies which obtain certain information automatically when your web browser accesses our websites. Information automatically received by us may include internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, landing page, and referring URL; clickstream/path analysis of your journey through our website; and products you searched for. We may also use software tools to measure and collect session information, length of visits to certain pages, repeat visits and page interaction information (such as clicks).
- Email Communications: To help us make our email newsletters more useful and interesting for our customers and subscribers we attempt to receive a confirmation when you open and click on email newsletters from us (if your email software/service supports this option). If you no longer wish to receive email newsletters, you can unsubscribe in the foot of our email newsletters or from your account area (By using the “My Account” link in the header of our websites after you’ve logged in) at any time.
- Information from Third Parties: We may receive information about you from other sources and add this to our account information. For example, we may update address information using data from third parties (such as the Royal Mail “Change of Address” File), which we may use to correct our records and ensure any orders you place with us are delivered to your correct address. We also receive some information from our payment gateway providers after a successful or attempted transaction so that we can continue to process your order and help prevent fraud. No card or bank details are collected from our payment gateway providers.
- Commenting on Our Blog: When you leave comments on our blog we collect the data shown in the comments form, and also your IP address.
HOW WE USE YOUR INFORMATION
- We only collect, keep, use or share your information for genuine business purposes, when you’ve approved us to do so, or when we’re obliged to legally.
- Your information is kept securely and may be used in various ways, including:
- Process your orders;
- Make available our Services to you, like our customer support services;
- Provide you with an up to date, efficient, and reliable service;
- Help find and prevent fraud (e.g. we may check payment card details with our credit agency, who may keep a record of that information, and reserve the right to refuse orders on that basis. Your credit rating can be checked for a nominal fee with the main UK agencies Equifax and Experian);
- Develop new products, services, features, and functionality;
- With your consent, we may send you promotional material via text messages, push notifications, email communications and post (You can manage your “Marketing Preferences” in your “My Account” area);
- Administer prize draws;
- To build a better profile of you as a customer and personalise your shopping experience across our websites; or
- For compliance purposes, including enforcing our Terms and Conditions, or other legal rights, or as may be required by applicable laws and regulations or requested by any judicial process or governmental agency.
HOW WE SHARE INFORMATION
- We may share the information we collect in various ways, including the following:
- Service Providers:
- We may share information with third-party service providers that provide services on our behalf, such as helping to provide our Services, for promotional and/or marketing purposes, and to complete your order we may need to disclose some of your information to our delivery partners including Royal Mail, Parcel Force and Yodel.
- If you order a product marked “Direct Despatch” then we will need to pass your delivery information to our manufacturers or supplier as they will be shipping directly to you.
- Marketing Campaigns:
- We use email marketing to communicate with customers and potential customers from time to time. All email lists and campaigns are “double opt-in” meaning we will not send you these sorts of emails unless you indicated that you wish to receive them during signup or other interactions on our website and have confirmed your email address.
- We may send you “system” emails, such as password reset requests or payment notifications/receipts even if you have not opted-in to any email marketing lists.
- All marketing emails sent by us will include an unsubscribe link in the footer of the email. Emails sent to you may also include standard tracking, including open and click activities.
- Aggregate Information: Where legally permissible, we may use and share information about users with our partners in aggregated or de-identified form that can’t reasonably be used to identify you.
- Third-Party Partners: We may also share information about users with third-party partners in order to receive additional publicly available information about you.
Links to the privacy policies of the most common services have been included below.
- Business Transfers: Information may be disclosed and otherwise transferred to any potential acquirer, successor, or assignee as part of any proposed merger, acquisition, debt financing, sale of assets, or similar transaction, or in the event of insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets.
- Service Providers:
- We employ a variety of security technologies and measures designed to protect information from unauthorised access, use, or disclosure. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal information.
- Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential. It’s important that you also take responsibility for protecting your account information. Make sure your password is strong, don’t share it with others, and try not to use the same one for lots of online accounts. Don’t send your password by email – we’ll never ask you to do so. We won’t ask you for your password information over the phone; we’ll advise you on how to reset it.
- We only use third-party services, such as Amazon Web Services, that are fully vetted and adhere to the highest levels of privacy and security practices.
- All staff (including any contractors) undergo initial training to ensure proper understanding of all security-related processes.
- Every Planted Terraria Exotics Ltd employee and contractor goes through background checks and an onboarding process that includes a trial period where access to customer data is provided only when working directly under the supervision of another staff member.
- We retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax, or accounting requirements).
- When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
YOUR DATA PROTECTION RIGHTS UNDER THE GENERAL DATA PROTECTION REGULATION (GDPR)
- If you wish to access, correct, update, or request deletion of your personal information, you can do so at any time by contacting us.
- In addition, you can object to the processing of your personal information, ask us to restrict the processing of your personal information or request portability of your personal information. Again, you can exercise these rights by contacting us.
- You have the right to require us to erase or anonymise your personal data which we are handling in the following circumstances:
- We no longer need to use your personal data for the reasons we told you we collected it for.
- Where we needed your consent to use your personal data and you have withdrawn your consent and there is no other lawful way we can continue to use your personal data.
- You object to our use of your personal data and we have no compelling reason to carry on handling your personal data.
- Our handling of your personal data has broken the law.
- We must erase your personal data to comply with a law we are subject to.
- You have the right to receive the personal data we hold about you in a structured, standard machine-readable format and to send this to another organisation controlling your personal data.
This right only applies to your personal data that we are handling because you consented to us using it or because there is a contract in place between us.
- You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” link in the marketing emails we send you. You can also opt-out of marketing emails and other forms of marketing, via the “Marketing Preferences” page in your “My Account” area.
- Similarly, if we have collected and processed your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.
- You have the right to lodge a complaint with the Information Commissioner’s Office, the supervisory authority for data protection issues in England and Wales.
- Our websites may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. Our site connects you to different websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
WHERE WE STORE YOUR PERSONAL INFORMATION
WHAT DATA BREACH PROCEDURES DO WE HAVE IN PLACE
- Should any event occur where customer data has been lost, stolen, or potentially compromised, our policy is to alert our customers via email no later than 48 hours of our team becoming aware of the event. We will also report any such incident to any required data protection authority.
- We will work closely with any customers affected to determine next steps such as any end-user notifications, needed patches, and how to avoid any similar event in the future.