Privacy & Cookie Policy

In this policy Primula Ltd can be referred to as Primula, the Company, “our”, “us” or “we”. 

This Privacy Policy sets out what personal data we, Primula, hold about you through our website and how we collect and use it when you use our website or any of our products/services. We are required by data protection law to give you the information in this Privacy Policy. It is important that you read it carefully.

This Privacy Policy applies from 1st Dec 2021 and we may update this Privacy Policy at any time.

What Is Personal Data?

Personal data means any information relating to any living individual (also known as a ‘data subject’) who can be identified (directly or indirectly) by reference to an identifier (e.g. name, IP address, employee number, email address, physical features etc.). Personal data can be both factual (e.g. contact details or date of birth), or an opinion about a person’s actions or behaviour, or information that may otherwise impact on that individual. It can be personal, or business related.

What Does ‘Processing’ Personal Data Mean? 

‘Processing’ personal data means any activity that involves the use of personal data (e.g. obtaining, recording or holding the data, amending, retrieving, using, disclosing, sharing, erasing or destroying). It also includes sending or transferring personal data to third parties.

Who Is the Controller?

Primula Ltd, registered office Kingsway, Team Valley Trading Estate, Gateshead, NE11 0ST is the “controller” for the purposes of data protection law. This means that we are responsible for deciding how we hold and use personal data about you.

What Type of Personal Data Do We Hold About You? 

We hold and use various types of personal data about you, including, for example: name, contact information (including email address), location information (such as post code), age and/or date of birth, your picture, your gender (whether specified or identifiable by name), and any other data you have provided us with.

Why Do We Hold Your Personal Data and On What Legal Grounds?

We hold and use your ordinary personal data for a number of reasons and Data Protection law specifies the legal grounds on which we can hold and use personal data. Most commonly, we rely on one or more of the following legal grounds when we process your personal data:

Where we need it to perform the contract we have entered into with you (performance of the contract) whether this is a contract for services or another type of contract. This may include, for example, fulfilling orders or purchases you have made (including processing of payment), contacting you in relation to any issues with your order, dealing with any product queries or complaints.

Where we need it to comply with a legal obligation (legal obligation). Typically, this may include legal obligations such as the obligation to meet health and safety requirements but also to comply with UK laws, regulations, court orders or any other legal obligation the Company has.

Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests (legitimate interest). This may include, for example: 

  • Communication. To communicate with you regarding any products or services, including to provide you important notices regarding changes to our Terms and also to address your requests, inquiries, and complaints. We may send strictly necessary communications, including emails, even if you have opted out of receiving other Primula emails or communications. These types of communications do not require consent. We also process your Personal Data for our legitimate interests when you communicate with us.
  • Responding to Your Requests. To respond to your feedback, whether it be a suggestion, complaint or any other communication you initiate. This could include using your address to write to you as a follow up to contact with us.
  • Compliance with Law and Public Safety. To assist in the investigation of suspected illegal or wrongful activity, including tracking and sharing information with other entities for fraud, loss, and crime prevention purposes. To protect and defend our rights and property, or the rights or safety of third parties.
  • Improvement and Development. To develop, provide, enhance, and improve our products and services and your experience. When we collect, use, or otherwise leverage cookies, device IDs, Location Data, data from the environment, and other tracking technologies. When you connect with us through social media. For internal purposes related to certain research, analytics, innovation, testing, monitoring, customer communication, risk management, and administrative purposes.
  • Enforcement. To enforce the terms covered in this Policy, our Terms & Conditions, or the Terms & Conditions of any specific competition or promotion. 

In some cases, we will also ask for your consent to process your personal data. If this is the case, it will strictly be done on an “opt-in” basis and will involve ticking a box, or some other affirmative action.

How Do We Collect Your Personal Data? 

You provide us with most of the personal data about you that we hold and use. Other personal data about you that we hold and use could also be generated by you, for example, during email correspondence or by entry on our website contact us form. In some cases, a 3rd party may provide us with your Personal Data on your behalf (e.g. if someone mentions several members of their family in one email, or “tags” you in one of our posts on social media).

If You Give Us Someone Else’s Personal Data

Sometimes, you might provide us with another person’s personal data. In such cases, we require you to inform the individual what personal data of theirs you are giving to us. You must also give them our contact details and let them know that they should contact us if they have any queries about how we will use their personal data. When applicable, any actions you take should also be in line with applicable data protection legislation, and any data protection policies or rules your organisation has.

Who Do We Share Your Personal Data With?

We will only share your personal data with third parties where we have an appropriate legal ground under data protection law which permits us to do so. This could include complying with our contractual duties, or where it is necessary in our legitimate interest (e.g. to our IT service provider to resolve IT issues, or to our Group Companies where necessary due to shared IT infrastructure or other shared resources utilized across the Kavli Group companies – our parent company (Kavli Group, Norway) has a privacy policy here if you require further information). We may also share your data with any other 3rd party when we are legally or contractually obliged to do so and to obtain professional services or advice from lawyers, accountants and other advisors where relevant and lawful. If we are undergoing a sale of our business or assets: we may disclose your personal data to third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners will take over as controller and may use your personal data in the same way as set out in this privacy policy.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

Consequences of Not Providing Personal Data

We only ask you to provide personal data when we have a good reason and there may therefore be consequences if you do not provide particular information to us. You have the right to choose not to provide us with personal data, however, if you do so, this will limit the services we can provide you.

How Long Will We Keep Your Personal Data?

We will not keep your personal data for longer than we need it for our legitimate purposes and only for so long as applicable data protection legislation allows. We take into account the following criteria when determining the appropriate retention period for your personal data:

  • the amount, nature, and sensitivity of the personal data
  • the risk of harm from unauthorised use or disclosure
  • the purposes for which we process your personal data and how long we need the particular data to achieve these purposes
  • how long the personal data is likely to remain accurate and up-to-date
  • any applicable legal, accounting, reporting or regulatory requirements that specify how long certain records must be kept.

In situations where we no longer need to process your personal data for any purposes described in this policy, we will delete it from our systems. We can also delete your data upon your request where permissible to do so (see Your Rights section for information)

Security

We implement appropriate technical and organisational safeguards to protect against unauthorised or unlawful processing of Personal Data and against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data. Please be advised, however, that we cannot fully eliminate security risks associated with the storage and transmission of Personal Data.

External Links

Please note, this Privacy Policy does not apply to the practices of any companies not owned by or part of the same group of companies as Primula. If you follow a link from our website to another, we would strongly advise you to review and familiarise yourself with their Privacy Policy.

Children

We do not knowingly collect or process any Personal Data from any children aged under 16 years. If you think a child has provided us with personal data, please contact us immediately. If we discover a child has provide us with personal data, we will take steps to remove that data.

International Transfers

We share your personal data within the Kavli Group of companies. This will involve transferring your data outside the UK.

Some of our external third party service providers are also based outside the UK so their processing of your personal data will involve a transfer of data outside the UK.

Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data. 
  • Where we use certain service providers, we may use specific contracts approved for use in the UK which give personal data the same protection it has in the UK. 

Please contact us if you want further information on the specific international transfers which may take place and on the mechanism used by us if and when transferring your personal data out of the UK.

Cookies

What is a cookie?

Cookies are text files containing small amounts of information which are downloaded to your personal computer, mobile or other device when you visit a website. Cookies are then sent back to the originating website on each subsequent visit, or to another website that recognises that cookie. Cookies are useful because they allow a website to recognise a user’s device.

Persistent cookies – these cookies remain on a user’s device for the period of time specified in the cookie. They are activated each time that the user visits the website that created that particular cookie.

Session cookies – these cookies allow website operators to link the actions of a user during a browser session. A browser session starts when a user opens the browser window and finishes when they close the browser window. Session cookies are created temporarily. Once you close the browser, all session cookies are deleted.

Cookies do lots of different jobs, like letting you navigate between pages efficiently, remembering your preferences, and generally improve the user experience.

You can find more information about cookies at www.allaboutcookies.org.

Google Analytics

This website uses Google Analytics to help analyse how users use the site. The tool uses “cookies,” which are text files placed on your computer, to collect standard Internet log information and visitor behaviour information in an anonymous form. The information generated by the cookie about your use of the website (including your IP address) is transmitted to Google. This information is then used to evaluate visitors’ use of the website and to compile statistical reports on website activity for Primula Ltd.

We will never (and will not allow any third party to) use the statistical analytics tool to track or to collect any Personally Identifiable Information of visitors to our site. Google will not associate your IP address with any other data held by Google. Neither we nor Google will link, or seek to link, an IP address with the identity of a computer user. We will not associate any data gathered from this site with any Personally Identifiable Information from any source, unless you explicitly submit that information via a fill-in form on our website

Cookies Set by Google Analytics: __utma, __utmb, __utmc, __utmz

For more information about Google Analytics, view their terms of service here

Using Web Browser Settings to Manage Cookies

The Help menu on the menu bar of most browsers will tell you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie and how to disable cookies altogether. You can also disable or delete similar data used by browser add-ons, such as Flash cookies, by changing the add-on’s settings or visiting the website of its manufacturer.

However, because cookies allow you to take advantage of some of the Website’s essential features, we recommend you leave them turned on. For example, if you block or otherwise reject cookies you will not be able to add items to your Shopping Basket, proceed to Checkout, or use any of our products and services that require you to Sign in. If you leave cookies turned on, remember to sign off when you finish using a shared computer.

Your Rights 

You have a number of legal rights relating to your personal data, which are outlined here:

The right to make a subject access request. This enables you to receive certain information about how we use your personal data, as well as to receive a copy of it and to check that we are lawfully processing it.

The right to request that we correct incomplete or inaccurate personal data that we hold about you.

The right to request that we delete or remove personal data that we hold about you where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).

The right to object to our processing your personal data where we are relying on our legitimate interest (or those of a third party), where we cannot show a compelling reason to continue the processing .

The right to request that we restrict our processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.

The right to request that we transfer your personal data to you or to another party, in a structured format. This right applies in respect of data that you have provided where our legal ground for using the data is that it is necessary for the performance of a contract or that you have consented to us using it (this is known as the right to “data portability”).Primula Ltd has appointed a Privacy Manager, and if you would like to exercise any of the above rights, please contact them in writing at Privacy Manager, Kavli UK Ltd, Kingsway, Team Valley Trading Estate, Gateshead, NE11 0ST. Note that these rights are not absolute, and in some circumstances, we may be entitled to refuse some or all of your request. Note too that you have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. Details of how to contact the ICO can be found on their website: https://ico.org.uk