PRIVACY


Version 5 - 31st August 2022

Introduction

The House of Bruar is committed to protecting and respecting your privacy. We want you to feel secure in the knowledge that your personal data is properly managed. This privacy policy explains how we collect, store and use your personal data.

We are committed to complying with the UK General Data Regulation (Data Protection Act 2018)and the EU General Data Protection Regulation (EU 2016/679) for the purposes of data protection and privacy. We are a data controller registered with the Information Commissioner.

GENERAL
The House of Bruar collects and uses customers’ personal data because is it necessary for:
 
  • Complying with our legal obligations.
  • The pursuit of our legitimate interests.
  • The purposes of complying with our duties and exercising our rights under a contract for the sale of goods to a customer.

Customers have the right to withdraw consent at any time. Where consent is the only legal basis for processing, we will cease to process data after consent is withdrawn.

Legitimate Interest for The House of Bruar Processing Customer Personal Data
The normal legal basis for processing customer data is that it is necessary for the legitimate interests of The House of Bruar, including:-
 
  • Selling and supplying goods to our customers;
  • Dealing with customer service issues;
  • Protecting customers, employees and other individuals and maintaining their safety, health and welfare;
  • Promoting, marketing and advertising our products
  • Sending promotional communications which are relevant and tailored to individual customers;
  • Understanding our customers’ behaviour, activities, preferences, and needs;
  • Improving existing products and developing new products;
  • Complying with our legal and regulatory obligations;
  • Preventing, investigating and detecting crime, fraud or anti-social behaviour and prosecuting offenders, including working with law enforcement agencies;
  • Handling customer contacts, queries, complaints or disputes;
  • Managing insurance claims by customers;
  • Protecting the The House of Bruar, its employees and customers, by taking appropriate legal action against third parties who have committed criminal acts or are in breach of legal obligations to The House of Bruar;
  • Effectively handling any legal claims or regulatory enforcement actions taken against The House of Bruar; and
  • Fulfilling our duties to our customers, staff and owners.

Information We May Collect From You
We use the UK Data Protection Act 2018 and EU General Data Protection Regulation definition of personal data: any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

We may collect and process the following data about you:

Order Processing:
If you buy from us, we require your name, billing address, delivery address, email address and phone number. This information is required so that we can process your order efficiently.

Website: On placement of your order your data is saved in our website and passed to our master database.

Telephone/Post: On placement of your order your data is placed in our master database.

Online registration:
If you are not ready to place an order with us but would like to register online you are free to do so. We require your name, billing address, delivery address, email address, phone number and password. When you are ready to place an order, the details you have provided at registration will appear to help make your checkout process as smooth as possible.

Payment Processing:
Website
: So that we can process payments online we require your name and the billing address for the credit card used to pay online. Our external payment provider Verifone requires your credit card details and these do not touch our systems and are encrypted using the latest version of SSL technology. House of Bruar do not store nor have access to your credit card details on our systems.

Transactions can be placed using Paypal, it is the user’s responsibility to abide by all the terms specified by Paypal in their terms of use and privacy policies, including but not limited to any age restrictions specified therein.

Telephone/Post: So that we can process payments for telephone and catalogue sales, we require your name and billing address which will be entered by our customer service representatives on to our systems. Our external payment provider Verifone requires your credit card details and these do not touch our systems but are entered via a Verifone Iframe using the latest version of SSL technology.

The House of Bruar does not store nor have access to your credit card details on our systems.

Catalogue Request
If you are not ordering, or have not ordered in the past, but wish to receive a postal copy of our catalogue, we will require your name and full postal address. We may also ask for your email address.

Email Only Registration
If you want to receive email communications from us but do not want to register online, you may sign up to our emails. In order to receive emails we require your name, email and postcode so that we can tailor your House Of Bruar experience.

Surveys and Competitions
From time to time we may invite you to take part in a survey or competition. Participation in these is completely voluntary and you have a choice whether or not to disclose your information. Any information submitted will be stored in our database and we use the contact information provided to notify winners.

TrustPilot
We may contact you via email to invite you to review our service and products, in order to collect your feedback and improve what we do. We use an external company, Trustpilot, to collect your feedback which means that we will share your name, email address and reference number with Trustpilot for the Purpose. If you want to read more about how Trustpilot process your data, you can find their Privacy Policy here.

Customer Care Queries
If you contact us by phone or email we may log the call and keep a record of the details you have provided to us and the correspondence. This is primarily to help us contact you with answers to your queries.

Web Chat: During a Web Chat we may record details you have provided to us within your customer account.

Calls to our Call Centre: Calls to our Call Centre may be recorded for training, fraud prevention, servicing your account and regulatory consent.

Cookies
Cookies are small files which are stored on your computer after you visit certain web pages to help us enhance your online experience. Our cookies do not harm your computer and they do not store any personally identifiable information.

Social Buttons
If you take the opportunity to share content from our site with your friends through our social buttons, you should be aware that these sites are likely to be collecting information about what you are doing. We suggest that you check these third party websites for more information about their policies to see exactly how they use your information and to find out how to opt out or delete this information.

External Web Services
At present the only external web service we use to display content is Youtube to display our videos. As with social buttons, we can't prevent this site from collecting information on your usage of this content. If you are not logged into Youtube then they will not know who you are, but they may still gather anonymous usage information from your views of our video on our website.

Email Tracking
We don't add any tracking into our order emails, i.e. order placed, order dispatched, refunds processed. However, we do add tracking to our customer emails, i.e. news and offers, so that we can monitor whether or not you like what we are sending you and so that we can keep improving our content.

How We Use Your Data
The House of Bruar (and trusted partners acting on our behalf) uses your personal data:
 
  • To provide goods and services to you;
  • To make a tailored website available to you;
  • To manage any registered account(s) that you hold with us;
  • To verify your identity;
  • For crime and fraud prevention, detection and related purposes;
  • With your agreement, to contact you electronically about products and promotions which we think may interest you;
  • To contact you via post about promotional offers and products which we think may interest you;
  • For market research purposes - to better understand your needs;
  • To enable The House of Bruar to manage customer service interactions with you including guarantees; and
  • Where we have a legal right or duty to use or disclose your information (for example in relation to an investigation by a public authority or in a legal dispute).

Marketing Communication
The House of Bruar uses your personal data for electronic marketing purposes (with your consent) and may send you postal mail to update you with our latest offers.

The House of Bruar aims to update you about products which are of interest and relevance to you as an individual.

You have the right to opt out of receiving Marketing Communications at any time, by:
 
  • Making use of the simple “unsubscribe” link in emails; and/or
  • Contacting The House of Bruar via the contact channels set out in this policy.

Web Advertising
We use third-party services to serve ads on our behalf across the internet (such as Google, Conversant, Sub2, Facebook, Instagram, Bing) and sometimes on this site. They may collect anonymous information about your visits to our Web site, and your interaction with our products and services. They may also use information about your visits to this and other Web sites to target advertisements for goods and services. This anonymous information is collected through the use of a pixel tag, which is an industry standard technology used by most major websites. No personally identifiable information is collected or used in this process. They do not know the name, phone number, address, email address, or any personally identifying information about the user. If you would like more information about this practice and to know your choices about not having this anonymous information used by our third party service provider, please visit our third party service provider’s websites.

Google: https://support.google.com/analytics/answer/6004245?hl=en-GB
Conversant: https://www.conversantmedia.com/legal/privacy
Sub2: https://www.sub2tech.com/privacy-policy/#
Facebook: https://www.facebook.com/about/basics
Instagram: https://help.instagram.com/196883487377501
Bing: https://privacy.microsoft.com/en-gb/privacystatement

You can read more about online marketing practices and the technologies that support them by visiting the Your Online Choices website: http://www.youronlinechoices.com/uk/

For further information on the use of cookies please see our Cookie Policy. https://www.houseofbruar.com/about-cookies/

Profiling
We use data profiling in order to make the content of our communications to you more interesting and relevant. This means that you will only receive details of our very best offers that have been tailored with you in mind. It also allows us not to waste your time by sending offers that are unlikely to be of interest.

You have the right not to be subject to a decision based solely on automated processing. This includes decisions based on profiling. If you choose to exercise this right, then you will no longer receive offers from us as we base our mailing list on our customers’ purchase history.

If you object to such automated decisions being made based on your personal data, then please inform the Data Controller and we will ensure that is not done by either us or any organisation that processes your information on our behalf.

Data Sharing
We may share personal data with 3rd parties in order to comply with our legal or financial obligations:
 
  • Credit reference agencies where necessary for card payments;
  • Governmental bodies, regulators, law enforcement agencies, courts/tribunals and insurers where we are required to do so;
  • To comply with our legal obligations;
  • To exercise our legal rights (for example in court cases);
  • For the prevention, detection, investigation of crime or prosecution of offenders; and
  • For the protection of our employees and customers.

In addition to the information that we share in order to comply with our legal obligations, we also may share or disclose the information:
 
  • To third parties that process data on our behalf.
  • To our trusted retail partners via data pooling.
  • To our trusted retail partners for one off marketing offers.
  • To any other party with your prior consent.
  • To courier and mailing agents to enable delivery of your orders and catalogues.

Data pools are groups of retailers who share information on what their customers buy. This pooled information is analysed to understand consumer's wider buying patterns. From this information, customers are sent tailored communications containing suitable offers that should be of interest to them based on what they like to buy. We do not share email addresses for the purposes of data pooling.

By trusted retail partners, we mean companies operating in the clothing, collectables, food & wine, gardening, gadgets & entertainment, health & beauty, household goods, and home interiors categories.

The House of Bruar only allows its service providers to handle your personal data when we have confirmed that they apply appropriate data protection and security controls.

Additional Data Sources
Occasionally we receive personal data from third parties, including data brokers such as Epsilon & Experian, where they have received an individual’s name from another company who has not withdrawn consent for catalogue mailings. We also receive data from our trusted retail partners. We use this data to send a copy of our latest catalogue via post.

Experian
Specifically your personal data is shared with Experian Ltd for the purposes of managing a service called Club Canvasse, a home shopping and direct retailer data co-operative of which House of Bruar are members. By sharing information on what customers buy and pooling that with contributions from other members of the co-operative, the service allows House of Bruar to better understand our customers and to communicate with you more effectively. Please note, your personal information is not shared with any of the other members of the co-operative, and only aggregated data on the number and value of purchases is provided to members e.g. we will receive a report which states how many customers who have bought from us in the last 0-12 months, and who have also bought from other members of the co-operative in the last 0-12 months, or the last 24 months, last 36 months, etc.

To understand more please click through to Experian’s website: https://www.experian.co.uk/privacy/consumer-information-portal/data-rights/
 
Abacus

The Epsilon Abacus (registered as Epsilon International UK Ltd) is comprised of clients of Epsilon (Members) who provide their customers’ name and address details and purchasing histories (Customer Data) for processing by Epsilon in a co-operative environment. Their business is to help companies reach consumers who are interested in their products or services. One way they do so is by enabling Members to share information with each other, so they can reach new consumers who may be interested in what they have to offer. The Abacus Alliance work on behalf of UK retailers and charities. The participating retailers are active in the clothing, collectables, food & wine, gardening, gadgets & entertainment, health & beauty, household goods, home interiors and travel categories.


For further information please click here to get to Abacus’ web site: https://www.epsilon.com/abacus/services-privacy-policy
If this applies to you and you wish to be removed from our mailing list please contact us at the address given at the end of this document.

International Data Transfers
To deliver products and services to you, it is sometimes necessary for The House of Bruar to share your data outside of the European Economic Area. This will typically occur when service providers are located outside the EEA or if you are based outside the EEA.

If this happens, we will ensure that the transfer will be compliant with data protection law and all personal data will be secure.

How long do we keep your data?
We retain your information for as long as you hold an account with us. This enables us to maintain an ongoing relationship with you and allows us to service the orders that you place with us. We follow a data retention schedule; this has been put in place to ensure that we retain the minimum amount of personal data about you. If you do not wish to continue to receive any marketing from us in the future, we will retain some personal details in order to suppress your details from future data supplies from 3rd parties.

Sensitive Information
We ask that you not send or disclose any sensitive personal information to us either through our website, by post, email, text message, live chat, telephone call or by any other method. For clarity, sensitive personal information means information related to racial or ethnic origin, political opinions, religion or other beliefs, health, criminal background or trade union membership.

Breaches
In the unlikely event that information that you have supplied to us is compromised then we shall notify both the UK Information Commissioner's Office and you that this is the case. This notification will be made without due delay.

Use of Our Services by Children
We do not knowingly promote our goods and services to children and therefore take all due care to only process personal data belonging to adults.

Our website is not intended for the use of children. We ask that children do not provide personal information through our website. If we become aware that we have collected personal information from a child, then we will delete that information from our records.

Customer Rights
As from the 25th of May 2018, the UK General Data Protection Regulation replaces the Data Protection Act 1998. This gives new rights in relation to the privacy of your personal information.
In the case of any request involving one of these rights, The House of Bruar will respond to your request timely and at most within one month of receipt of your request. We are permitted to extend this time period by up to two months if the request is particularly complex.

The Right to Be Informed
This is covered by this Privacy statement that you have accessed through our website

The Right of Access
Subject Access Requests give you the right to obtain a copy of the information that we hold about you. You have the right to request this information free of charge. However, should we deem the request to be manifestly excessive, manifestly unfounded or repetitive, then we are permitted to charge a reasonable fee for providing the information. In such circumstances we can refuse to comply with the request. If this is the case then we shall let you know the reasons for our refusal to comply. You have the right to appeal such a decision via the UK Information Commissioner’s Office. For further information visit https://ico.org.uk/.

Subject access requests may be sent to the Data Controller.

The Right to Rectification
You are entitled to have the information that we hold rectified if it is inaccurate or incomplete.
If you believe that the information that we hold is inaccurate, incomplete or out of date then you can make a request for rectification. You should send your request to the Data Controller.

The House of Bruar will inform any relevant third parties of the rectification in order that they can update their records.

The Right to Erasure
You have the right to request that the personal information that we hold is deleted, where we have no compelling reason for its continued processing.

This right will apply:
 
  • Where retention of the data is no longer necessary for the purposes that it was originally collected or processed.
  • Where you have withdrawn consent.
  • Where you object to us processing the data and there is no overriding legitimate interest for us to continue to do so.
  • When the personal data has to be erased for us to comply with a legal obligation.
  • When the data has been unlawfully processed.
  • Where the data relates to a child.

This right shall not apply:
  • Where we are exercising the right of freedom of expression and information.
  • Where we are complying with a legal obligation.
  • Where we are archiving data in the public interest, for scientific research or for statistical purposes.
  • When we need the data to exercise or defend a legal claim.

Erasure requests may be sent to the Data Controller.

The House of Bruar will inform any relevant third parties of the rectification in order that they can update their records.

The Right to Restrict Processing
You can request that The House of Bruar restrict the processing of your personal information. This means that you may have requested one of your other rights where, until the request is concluded, that we suspend the processing of all personal data. If we have passed the data to a third party, we will inform them that they must restrict the processing of the data.

This right will apply:
 
  • Where the accuracy of the information held is contested by you and you request that we restrict processing while we investigate.
  • You object to us processing your personal data, but we believe that processing is in the public interest or the performance of our legitimate interests and that these are legitimate grounds to override the Customer interest.
  • Where you believe that processing is unlawful and request restriction instead of deletion.
  • Where we no longer need that data, but you require the data stored in order to pursue a legal claim.

Restriction requests may be sent to the Data Controller.

The Right to Data Portability
The Customer has the right to request the information that we hold be supplied in a portable format. This allows the Customer to take their information from our IT environment to another organisation's IT environment. The format in which we supply the data will be a structured and machine readable CSV file.

Portable data requests may be sent to the Data Controller.

The Right to Object
You have the right to object to your personal information being processed.

This means:
 
  • If you object to the processing of your data for marketing purposes then let us know and we and our third parties will stop sending you marketing material.

Requests for either of these options may be sent to the Data Controller.

GENERAL INFORMATION AND RESPONSIBLE BODY
Registered address:
The House of Bruar
By Blair Atholl
PITLOCHRY
PH18 5TW

Tel. 01796 483236
e-mail: [email protected]
Company Registration Number: SC145746
VAT Registration Number: 607704939

The House of Bruar as the operator of the Website https://www.houseofbruar.co.uk/ is the body responsible for the collection, processing and use of personal data of users of the website within the meaning of the UK Data Protection Act 2018. Should you have any questions or requests relating to the protection of your data, please contact our Data Controller.

Data Controller
The House of Bruar
By Blair Atholl
PITLOCHRY
PH18 5TW

e-mail: [email protected]

Supervisory Authority
We are registered as a data controller under the terms of the Data Protection Act 1998 and the EU General Data Protection Regulation with the UK Information Commissioner's Office. Details of our registration may be found at https://ico.org.uk/ESDWebPages/Entry/Z9123977.