Category of personal data 

Our purposes for processing 

Lawful basis 

Identity Data includes information such as: name, date of birth, address, email address and telephone number, photo, video or audio data.   

We might receive this data when you: 

• purchase one of our  products or use our services; 

• enter competitions; or  

• interact with us including by phone, post, email or social media.   

We might process this personal data when providing our products and services to you, and administering our relationship with you including: 

• registering you as a customer,  including setting you up as a customer on our website or infrastructure; 

• processing and delivering your orders or transactions, including managing payments, fees and charges and transferring and receiving products; 

• registering your ownership of our products or your entrance in a competition and to process your purchases; 

• providing customer support services to you.  We might record and monitor any communications between you and us, including phone calls, to maintain appropriate records, check your instructions, analyse, assess and improve our services, and for training and quality control purposes.  

• Performance of a contract with you 

• Legal obligations 

• Legitimate interest (ensuring our efficiency in providing our services to you, processing payments and refunds and meeting our legal obligations).  

Financial Data includes information such as bank account and payment card details.  

We might receive this information when: 

• You purchase a product;  

• You use our infrastructure; or  

• we need to process a refund.  

We  process this data so that you can: 

• purchase a product or service that you have ordered; 

• receive any prize awarded; 

• receive products or services.  

• Performance of a contract with you; 

• Legal obligations. 

When you purchase one of our products, subscribe to our publications or social media channels or enter a competition and we collect your personal data, you will be asked to indicate your preferences for receiving direct marketing communications from us via email, push notifications, SMS or post. We call this Marketing Data.    

Note: you can ask us to stop sending you marketing information by adjusting your marketing choices (the How do you use my personal data for marketing? section below explains how to do this). 

We process your personal data:  

• to make suggestions and recommendations about our products and services; 

• to help with social interactions through our services and community, or to add extra functions in order to provide a better experience;  

• to deliver relevant website content and advertisements, inform you of our offers and promotions about charities and products;  

• to personalise your marketing messages about our products and services so they’re more relevant and interesting to you (where allowed by law). This may include analysing how you use our website, products, services and your transactions with us; 

• notify you about changes to our terms and conditions, our products or services, or this Notice; 

• update you about your account; 

• verify your identity if you contact our customer support or social media teams; 

• ask you to leave a review, take a survey, or provide feedback; 

• if you agree, provide you with information about collaborations with our partners or our partners’ promotions or offers which we think you might be interested in; 

• if you agree, allow our partners and other organisations to provide you with information about their products or services; 

• measure or understand the effectiveness of our marketing and advertising, and provide relevant advertising to you; 

• ask your opinion about our website, products or services. 

• Legitimate interests (to send direct marketing, ensure our direct marketing is relevant to your interests, develop our products and services, and to be efficient about how we meet our legal and contractual duties). 

• Consent (where we’re legally required to get your consent to send you direct marketing about our products or services, or partners’ promotions or offers, or for you to receive marketing from other organisations). 

Category of personal data

Our purposes for processing

Lawful basis

Technical Data includes information about your device, how it connects to other devices and networks, and how you connect with the device. 

This may include the internet protocol (IP) address used to connect your device to the internet, your login information, the browser type and version, the time zone setting, the operating system and platform, the type of device you use, a unique device identifier (for example, your device's IMEI number, the MAC address of the device's wireless network interface, or the mobile phone number used by the device), mobile network information, your mobile operating system and the type of mobile browser you use. 

We might collect this data when your devices interact with our website or platform or infrastructure.

We might also receive Technical Data about you if you visit other websites employing our cookies.

We use cookies, pixels, tracking technologies, analytics systems, and other similar technologies, which provide information about your behaviour and shopping preferences, and distinguish you from other users of our website. This helps us to provide you with a good experience when you

browse our website and also allows us to improve our site.

The information collected includes Identity Data, Marketing Data and Profile Data.

Please see our Cookie Notice for further details which can be accessed here.

We process this data to administer, manage and protect our business, website and infrastructure, including:

• troubleshooting;
• data analysis;
• testing;
• research;
• statistical and survey purposes;
• system maintenance;
• support;
• reporting;
• hosting of data;
• making sure that content is presented in the most effective way for you and your device;
• helping keep our website and infrastructure safe and secure;
• Strictly necessary cookies are required for the operation of our website;
• Analytical or performance cookies help us to improve the way our website works;
• Functionality cookies recognise you when you return to our website and enables us to personalise our content for you;
• Targeting cookies record your visit to our website, the pages you have visited and the links you have followed. We use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose so that they can serve you with relevant advertising on their websites;
• Social media cookies enable you to share our content with your friends and networks and may allow us to track you and build up a profile of your interests.

• Legitimate interests (provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise).
• Legal obligation.
• Consent (where required by law).
• Performance of a contract with you.
• Consent. 

Our cookies will regularly collect this information in order to stay up to date but only if you have given us permission.

You can change your preferences at the 'Cookie Settings’.

Location Data is information about your location.

Our systems might identify or be able to track your location if location services are enabled on your device or product.

We process this data to determine the location of users of our website to prevent access from locations where we are not licensed to sell our products or services.

We also provide you with location-relevant advertising, products and services.

• Legitimate interests (to prevent ineligible parties from purchasing our products or services)
• Legal obligation
• Performance of a contract with you.
• Legitimate interests (to develop and market our products and keep to regulations that apply to us).

• Consent (to track you when you have location services switched on.

Usage Data is information on how you have used our website or infrastructure, products and services, including information about your visit, such as the links you’ve clicked on, through and from our website (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling and clicks), and methods used to browse away from the page or site or platform.

We process this data to

• to create a better website and user experience;
• make suggestions and recommendations about our goods and services;
• to help with social interactions through our services, or to add extra functions in order to provide a better experience; 
• deliver relevant website content and advertisements, personalise your marketing messages about our products and services so they’re more relevant and interesting to you (where allowed by law). This may include analysing how you use our products, services and your transactions.

• Legitimate interests (to develop our products and services, and to be efficient about how we meet our legal and contractual duties).

• Consent (where we’re legally required to get your consent to send you direct marketing about our products or services, or partners’ promotions or offers, or for you to receive marketing from other organisations).

Transaction Data is information such as payments or transfers made or received, accounts interacted with, transaction dates and times, meta data and indexed data, the time taken to make the transfer/payment, currencies, exchange rates, messages sent and received, Technical Data about your device. 

For example, when you use our website, our systems might record the device you used. 

We process this data in order to:

• perform our contract with you and/or the recipient of one of our  products;
• fulfil orders for our products or services;
• comply with our regulatory obligations when administering our business.

• Performance of a contract with you.

• Our legitimate interests (ensuring the effective and efficient working of our website and systems)

Category of personal data 

Our purposes for processing 

Lawful basis 

Providers of financial or payment services. 

We might receive this information about you when you purchase our products or services, from the merchants we use to process payments.  

We need this information to receive payment from you and perform our contract with you  

• Performance of a contract with you 

• Our legitimate interests  in being paid. 

Category of personal data 

Our purposes for processing 

Lawful basis 

Social Media Data includes your social media ‘handle’ or username, your avatar, your interaction with other users and with us.  We will also see the content of any messages you send us, and any engagement on discussions.

Social media includes Telegram, Instagram, WhatsApp, Signal, Slack, Twitter or ‘X’,  Facebook, Discord, Slack, Reddit, LinkedIn and others.

We process this data to:

• interact with you for marketing purposes;

• create a profile about you;

• respond to your queries.

• Legitimate interests (to send direct marketing, ensure our direct marketing is relevant to your interests, develop our products and services, and to be efficient about how we meet our legal and contractual duties).

• Consent (where we’re legally required to get your consent to send you direct marketing about our products or services, or partners’ promotions or offers, or for you to receive marketing from other organisations).

Categories of Recipients 

Purpose of the disclosure 

Location of recipient 

We share your personal data within our group of companies where they act as processors and joint controllers, to the extent systems, resources and operations are shared.   

This is to provide you with the best service and perform contractual obligations to you, send you information about our products and services we think you’ll be interested in hearing about, or to comply with our regulatory requirements.   

Our group companies have offices in the UK, USA and the Netherlands.  

Government bodies, such as regulators, law enforcement authorities, competition authorities, and tax authorities, acting as processor or joint controller 

To check your identity, protect against fraud, keep to laws (including tax laws, anti-money laundering laws, data protection or cyber security laws or any other laws), and confirm that you’re eligible to use our products and services.   

These bodies may include HMRC (the UK Tax Authority), the FCA (the UK financial authority), the ICO (the UK data regulator)  and equivalent bodies in other jurisdictions.   

Professional advisors acting as processor or joint controller including lawyers, bankers, auditors and insurers.   

To enable us to obtain consultancy, banking, legal, insurance, payroll management and accounting services. 

The entities are located in the UK, the EEA and the USA,  

Social media channels. 

We  use social media for marketing purposes, and therefore we might share your personal data (limited to only your name, email address) to  check if you also hold an account with them; to send your our adverts, where we think that one of our new products or services might interest you; to send our adverts to people who have a similar profile to you.  

The social media entities are global. The recipients can be located in the UK, the USA, and the EEA. 

Where you ask us to share your personal data with a third party.    

For example, you might authorise third parties to act on your behalf (such as a courier or delivery service provider).    

The entity would be located wherever you had sourced them. 

Third parties to whom we might sell, transfer or merge parts of our business or our assets. 

 Alternatively, we might seek to acquire other businesses or merge with them.   

As part of any financial, commercial or legal due diligence investigations and implementation of any such acquisition, sale or merger 

IT service providers, acting as processors  

• email;

• cloud computing;  

• web hosting;  

• system administration; 

• hosting; 

• network services; 

• software developers; 

• source code management;  

• infrastructure management and collaboration. 

These providers are based in the UK, EEA, USA and globally.   

Software application providers, acting as processors. who provide software that we use to deliver our products and services and conduct our business, such as, operations, contract management and electronic document information storage, accounting systems, managing our marketing database, internal document storage systems.   

To fulfil contracts with you, manage our transactions, business management and record keeping and comply with legal and regulatory obligations. 

These entities are located in the USA, UK and EU.  

Mailing service providers, acting as processors who ship our products to you.  

To enable products to be delivered to you. 

These are based globally as best suits the location of the recipient. 

Third-party payment providers.

They offer services such as ‘buy now pay later’ finance. In order to offer you these payment methods, we might in the checkout pass your personal data in the form of contact and order details to them, in order to assess whether you qualify for their payment methods and to tailor those payment methods for you. 

Analytics providers, and “cookies”, acting as processors.  

They offer services such as surveys and statistical analysis. track and analyse our website users to understand how visitors interact with our site.   

These entities are located in the USA and the UK. 

Customer Right 

Description 

Right to Deletion. 

You may request deletion of applicable personal data.  Upon verification of your request, we will notify third parties to whom we shared your personal data to delete your information as well. 

Right to Correct Inaccurate personal data. 

You have the right to correct inaccurate personal data we collect.    

Right to Know/Access the  personal data we  collected during the previous 12 months. 

• Categories of personal data  

• Categories of sources  

• Business or commercial purpose(s) behind the collection 

• Specific pieces of personal data we collected 

• The categories of recipients to whom we disclosed personal data 

Right to Know the personal data we sold or shared during the previous 12 months. 

Please refer to section 2 (Disclosures of your personal data). 

• Business or commercial purpose(s) for the sale  

• Categories of recipients to whom we disclose personal data  

• Categories of personal data we have sold and categories of buyers  

• Categories of personal data we disclosed about you for a business purpose 

Right to Opt Out of Sale or Sharing 

You may opt out of the sale or sharing of any personal data we collected about you, including Interest Based/Targeted Advertising and Retargeting.  

Right to Opt Out of Automated Decision Making 

You may opt out of automated decision making, including profiling. 

Right to Limit Use and Disclosure of Sensitive personal data 

You may opt out of the disclosure of Sensitive personal data to a third party if we use that information for any purpose other than the designated purpose defined in the legislation. 

Right to No Retaliation 

We will never discriminate nor retaliate against you if you choose to exercise any of these privacy rights. 

Customer Right 

Description 

Right to Deletion 

You may request deletion of applicable personal data.  Upon verification of your request, we will notify third parties to whom we shared your personal data to delete your information as well. 

Right to Withdraw Consent (CO/CT/OR/MT/DE/NH/NJ Residents Only) 

You may withdraw your consent to processing of your personal data by using the Cookie Preference link located at the foot of our website or by sending us a “Right to Withdraw Consent” email to dpo@bradshawtaylor.com. 

Right to Correct Inaccurate personal data (CO/CT/VA/OR/TX/MT/DE/NH/NE/NJ Residents Only) 

You may correct inaccurate personal data. 

Right to Know / Access the  personal data we collected about you during the previous 12 months, including: 

• Categories of personal data  

• Categories of sources  

• Business or commercial purpose(s) for the collection  

• Specific pieces of personal data we collected 

Right to Know the personal data we Sold or Shared during the previous 12 months, including: 

• Business or commercial purpose(s) for the sale 

• Categories of third parties with whom we shared the personal data 

• Categories of personal data we disclosed about you for a business purpose 

Right to Opt Out of Sale or Sharing  

You may opt out of the sale or sharing of any personal data, including Interest Based/Targeted Advertising and Retargeting. 

Right to Opt Out of Automated Decision-Making 

We do not engage in profiling of or automated decision making related to consumers. 

Right to Appeal 
(CO/CT/VA/OR/TX/MT/IA/DE/NH/NE/NJ Residents Only) 

If we reject your Privacy request, you will receive an email with a link that will direct you to our Appeal form. 

Right to Request a List of Third Parties With Whom My Data May Have Been Disclosed (OR) 

You may request a list of specific recipients (other than natural persons) to which we disclosed your personal data. 

Right to Obtain a List of the Categories of Third Parties to Which My Data May Have Been Disclosed (DE) 

You may request a list of the categories of recipients of disclosures of your personal data. 

Right to No Retaliation 

We will never discriminate nor retaliate against you if you choose to exercise any of these privacy rights.