Our commitment to safeguarding your privacy.
Our commitment to safeguarding your privacy.
Kineta Tea Limited (“we/our/us”). We are a company incorporated in England and Wales with registered company number 10672541. Our registered office address is The Quadrangle, Seale Hayne, Howton Road, Newton Abbot, Devon, TQ12 6NQ.
For the purpose of the Data Protection Act 1998, the General Data Protection Regulation (Regulation (EU) 2016/679) and any amended, updated or subsequently implemented legislation in the UK and/or EU relating to the controlling and processing personal data (“Data Protection Legislation”) we are a data controller of personal data provided by you to us through use of our Services and/or Websites (as defined below). Where we consider it appropriate (and as further described in this policy) we may also provide third party data processors with such personal data for the purposes set out in this policy.
This policy sets out how, when and why we may collect, control, store, process and transfer personal data that you provide to us, or that we collect from you, when you use the www.ilovematchatea.co.uk website (“Website”) and/or correspond with us directly or purchase our goods and/or services through our Website.
This policy also sets out your rights and our obligations in relation to collecting, controlling and processing such personal data.
Our main objective is for you to have absolute trust and confidence in us when we collect, control and process your personal data. The Data Protection Legislation is not intended to prevent processing of personal data, however, but to ensure that such processing is done fairly and without adverse impact on your fundamental rights and freedoms.
Any third party data processors are obliged to comply with this policy when processing personal data on our behalf. Any breach of this policy by that third party may result in disciplinary action being taken against them.
This policy is drafted in English. If there is a conflict between a translated version and the English version of these terms then, to the extent permitted under applicable law, the English version shall prevail.
Personal data is information relating to an “identified” or “identifiable” living individual. An “identifiable” individual is one who can be identified, directly or indirectly, in particular reference to an identifier such as a name, an email address, a postal address, date of birth, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.
Sensitive personal data includes, but is not limited to, personal data which reveals racial or ethnic origin, and data concerning health or sex life and sexual orientation.
Further detail as to the specific types of personal data and sensitive personal data we may control and process is set out at paragraph 6, below.
For personal data to be processed lawfully by us, they must be processed on the basis of one or more of the lawful processing bases set out in the Data Protection Legislation. The lawful bases include, among other things:
As such, we do not always require consent from you in order to lawfully process your personal data. If we collect sensitive personal data, however, we will generally ask for explicit consent from you in order to process such sensitive personal data.
Taking into account the state of the art, the cost of implementation and the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for rights and freedoms of natural persons posed by the processing, we must, both at the time of the determination of the means for processing and at the time of the processing itself, implement appropriate technical and organisational measures, which are designed to implement data-protection principles in an effective manner and to integrate the necessary safeguards into the processing in order to meet the requirements of the Data Protection Legislation and to protect your rights as a data subject.
In order to ensure data protection by design and by default, we will:
Links to external sources and other websites
Our website may contain links to external sources and enable you to visit other websites of interest easily. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information that you provide whilst visiting such sites and this privacy statement does not govern such sites. You should exercise caution and look at the privacy statement applicable to the website in question.
We may collect and process various types of personal data and other information from you when you correspondence with us, when you use our Services and when you access our Websites, and when you correspond with us by phone, email or otherwise. The type of data collected, and the manner in which such data is collected, will vary depending on how you correspond with us, which Services you use and how you use our Websites, and whether or not we have a lawful basis for processing data in that way. Further details of the type of data we collect and the manner in which such data may be processed is set out below in paragraph 6 under the heading “How we collect and use Personal Data”.
Personal data may be collected by us actively and passively. The specific types of personal data we may collect from you, and the manner in which such personal data may be collected, include:
This is data we must collect from you at the time of you completing the relevant data forms on our Websites when placing an order for products, or creating an account to use our Websites. Such data will include your name, email address, telephone number, postal address, postcode, place of residence, a password (if you choose to create an account), and credit card information.
We will use Necessary Data for the purpose of identifying you from other users of our Website, processing and fulfilling your order for products. Such use may include corresponding with you in respect of an order you have placed through the Website, the status of such order, whether we require any additional information from you in order to complete that order, as well as corresponding with you regarding other queries and questions you may have raised with us.
We may also use Necessary Data for the purpose of providing you with information about similar products and services we provide via direct marketing emails. You may unsubscribe from receiving such direct marketing emails at any time by following the “unsubscribe” link in such marketing emails.
Why we may lawfully process Necessary Data for these purposes
We may lawfully process Necessary Data for the purpose of identifying you from other users of our Website, and processing and fulfilling your order for products, on the lawful basis that such use is necessary in order for us to perform a contract to which you are a party, and necessary in order for us to take steps at your request prior to entering into a contract, particularly given that we could not achieve the same purpose without using Necessary Data in this way.
We may also use Necessary Data for the purpose of sending direct marketing emails to you on the basis that we have a legitimate interest in doing so. We consider ourselves to have a legitimate interest as:
How Necessary Data is stored:
Necessary Data will be stored on secure servers located at our trading address. Such servers are located in a locked room and in encrypted, and will be stored on such servers from time of collection and throughout the duration of its storage.
Necessary Data shall be retained by us for the entirety of the period for which we continue to use it for the purpose for which it was originally collected. This means that Necessary Data shall be stored for the period necessary in order for us to fulfil an order for products, for a period necessary to enable to access your Website account quickly and easily, for the length of time that you continue to remain subscribed to receive direct marketing emails from us, as well as for any period necessary in order for us to comply with any legal obligation.
Website Data includes, but is not limited to, your device’s location at the time of using the Websites, as well as information relating to when, where and how the Website is used by you, and how many times the Website is accessed by you. Website Data also includes similar information we collect at the time of you using our social media pages.
Website Data may also include your device’s Internet Protocol (IP) address, cookies, device type and version, the areas of the Website you visit, the amount of time spent within particular areas of our Website, time zone settings, the time and date of your use of the Website and the operating system and version you use to access the Website, information about your use of the Website including (if applicable) the full Uniform Resource Locators (URL), clickstream to, through and from our Website (including date and time), any products or Services you have viewed or searched for, the Website response times, download errors, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.
Where is Website Data stored?
Website Data is passively collected and stored on secure servers operated by Kineta Tea Limited a third-party processor who will collect Website Data as and when it arises through your use of the Website. This processor may subsequently provide the Website Data to us once they have collated and processed the Website Data.
Google, Inc. may also passively collect and stored (on secure servers) Website Data in connection with our use of its ‘Google Analytics’ service.
How we will use Website Data
We will use Website Data for the purpose of tracking and analysing the popularity and performance of the Website and the way in which our consumers engage with us and our marketing strategies. This allows us to tailor, develop and improve the Website, performance of the Website, our social media pages and marketing campaigns for the benefit of Website users, our customers and potential customers.
Why we may lawfully process Website Data for these purposes
We will lawfully process Website Data for such purposes on the basis that we consider ourselves to have a legitimate interest in doing so as:
How Website Data is stored:
Website Data will be stored on secure servers located at our trading address. Such servers are located in a locked room and in encrypted, and will be stored on such servers from time of collection and throughout the duration of its storage.
Website Data shall be retained by us for the entirety of the period for which we continue to use it for the purpose for which it was originally collected. This means that Website Data shall be stored for the period necessary in order for us to review and analyse your activities on our Website or social media pages, the effectiveness of how our Website and social media pages operate, as well as for any period necessary in order for us to comply with any legal obligation.
In some circumstances, we may require explicit consent from you in order to process your personal data for a particular purpose or purposes. We will generally only obtain consent from you if we do not have another lawful basis for doing so, for example if we do not have a legitimate interest in doing so or such processing is not contractually necessary.
We do not require consent in order to obtain and process your personal data for the purposes set out in section 6 above (“How We Collect and Use Personal Data”)
However, if we are controlling and processing your personal data on the sole basis of consent, we will ensure that such consent:
You may exercise your right to withdraw consent to processing at any time by contacting us via [email protected] ilovematchatea.co.uk. However, such withdrawal of consent will not retrospectively render processing prior to withdrawal of consent as unlawful.
The Right to Erasure (also known as the “Right to be Forgotten”)
You also benefit from the right to erasure. This means that you have the right to request us to erase personal data we hold about you, and that we should erase such data without undue delay, provided that you are able to demonstrate one of the following to us:
You also benefit from the right to rectify inaccurate personal data we hold which relates to you (also known as the “right to rectification”). This means that, taking into account the subject of the processing, you shall have the right to have incomplete personal data completed. You can exercise your right to rectification by contacting us via [email protected] ilovematchatea.co.uk.
You also have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format. You have the right to transmit such data to other data controllers without hindrance from us where we are processing that data on the basis of having your consent to do so, or where it is necessary for the performance of a contract, and the processing is carried out by automated means.
Subject Access Requests
You as a data subject are entitled to make a formal request for information we hold about you. We must provide you with a copy of this information, the reasons it is being processed and whether it will be given to any other organisations or people provided that you make this request in writing.
The Services we provide, and our Websites, are not marketed to (and should not be used by) anybody under the age of 16.
We do not knowingly collect personal data from children under the age of 16. In the event that we discover that a child under the age of 16 has provided us with personal data, we will delete such data from our servers unless consent is given or authorised by the holder of parental responsibility over the child.
We use industry-standard encryption for transmission of data to our systems. Although we cannot guarantee the absolute safety of transmission of data via the internet, we adhere to industry standards to give your data the most appropriate protection possible.
Other sharing of Personal Data
We may share personal data we hold with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries.
We may also disclose personal data we hold to third parties, with your consent, or on the basis of us an otherwise lawful basis under the Data Protection Legislation. For example, we may do so:
Transfers outside the EEA
We may also transfer any personal data we hold to a country outside the European Economic Area (EEA), provided that one of the following conditions applies:
If you have any concerns or complaints relating to this policy, its subject matter, or the manner in which we collect, control and/or process your personal data, please do let us know by sending an email to [email protected] ilovematchatea.co.uk.
You also have the right to lodge a complaint with a supervisory authority if you consider that the processing of your personal data has infringed the Data Protection Legislation. In the UK, the relevant supervisory authority is the Information Commissioner’s Office.