In this policy Primula Ltd can be referred to as Primula, the Company, “our”, “us” or “we”.
Personal data means any information relating to any living individual (also known as a ‘data subject’) who can be identified (directly or indirectly) by reference to an identifier (e.g. name, IP address, employee number, email address, physical features etc.). Personal data can be both factual (e.g. contact details or date of birth), or an opinion about a person’s actions or behaviour, or information that may otherwise impact on that individual. It can be personal, or business related.
‘Processing’ personal data means any activity that involves the use of personal data (e.g. obtaining, recording or holding the data, amending, retrieving, using, disclosing, sharing, erasing or destroying). It also includes sending or transferring personal data to third parties.
Primula Ltd, registered office Kingsway, Team Valley Trading Estate, Gateshead, NE11 0ST is the “controller” for the purposes of data protection law. This means that we are responsible for deciding how we hold and use personal data about you.
We hold and use various types of personal data about you, including, for example: name, contact information (including email address), location information (such as post code), age and/or date of birth, your picture, your gender (whether specified or identifiable by name), and any other data you have provided us with.
We hold and use your ordinary personal data for a number of reasons and Data Protection law specifies the legal grounds on which we can hold and use personal data. Most commonly, we rely on one or more of the following legal grounds when we process your personal data:
Where we need it to perform the contract we have entered into with you (performance of the contract) whether this is a contract for services or another type of contract. This may include, for example, fulfilling orders or purchases you have made (including processing of payment), contacting you in relation to any issues with your order, dealing with any product queries or complaints.
Where we need it to comply with a legal obligation (legal obligation). Typically, this may include legal obligations such as the obligation to meet health and safety requirements but also to comply with UK laws, regulations, court orders or any other legal obligation the Company has.
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests (legitimate interest). This may include, for example:
In some cases, we will also ask for your consent to process your personal data. If this is the case, it will strictly be done on an “opt-in” basis and will involve ticking a box, or some other affirmative action.
You provide us with most of the personal data about you that we hold and use. Other personal data about you that we hold and use could also be generated by you, for example, during email correspondence or by entry on our website contact us form. In some cases, a 3rd party may provide us with your Personal Data on your behalf (e.g. if someone mentions several members of their family in one email, or “tags” you in one of our posts on social media).
Sometimes, you might provide us with another person’s personal data. In such cases, we require you to inform the individual what personal data of theirs you are giving to us. You must also give them our contact details and let them know that they should contact us if they have any queries about how we will use their personal data. When applicable, any actions you take should also be in line with applicable data protection legislation, and any data protection policies or rules your organisation has.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
We only ask you to provide personal data when we have a good reason and there may therefore be consequences if you do not provide particular information to us. You have the right to choose not to provide us with personal data, however, if you do so, this will limit the services we can provide you.
We will not keep your personal data for longer than we need it for our legitimate purposes and only for so long as applicable data protection legislation allows. We take into account the following criteria when determining the appropriate retention period for your personal data:
In situations where we no longer need to process your personal data for any purposes described in this policy, we will delete it from our systems. We can also delete your data upon your request where permissible to do so (see Your Rights section for information)
We implement appropriate technical and organisational safeguards to protect against unauthorised or unlawful processing of Personal Data and against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data. Please be advised, however, that we cannot fully eliminate security risks associated with the storage and transmission of Personal Data.
We do not knowingly collect or process any Personal Data from any children aged under 16 years. If you think a child has provided us with personal data, please contact us immediately. If we discover a child has provide us with personal data, we will take steps to remove that data.
We share your personal data within the Kavli Group of companies. This will involve transferring your data outside the UK.
Some of our external third party service providers are also based outside the UK so their processing of your personal data will involve a transfer of data outside the UK.
Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
Please contact us if you want further information on the specific international transfers which may take place and on the mechanism used by us if and when transferring your personal data out of the UK.
What is a cookie?
Cookies are text files containing small amounts of information which are downloaded to your personal computer, mobile or other device when you visit a website. Cookies are then sent back to the originating website on each subsequent visit, or to another website that recognises that cookie. Cookies are useful because they allow a website to recognise a user’s device.
Persistent cookies – these cookies remain on a user’s device for the period of time specified in the cookie. They are activated each time that the user visits the website that created that particular cookie.
Session cookies – these cookies allow website operators to link the actions of a user during a browser session. A browser session starts when a user opens the browser window and finishes when they close the browser window. Session cookies are created temporarily. Once you close the browser, all session cookies are deleted.
Cookies do lots of different jobs, like letting you navigate between pages efficiently, remembering your preferences, and generally improve the user experience.
You can find more information about cookies at www.allaboutcookies.org.
This website uses Google Analytics to help analyse how users use the site. The tool uses “cookies,” which are text files placed on your computer, to collect standard Internet log information and visitor behaviour information in an anonymous form. The information generated by the cookie about your use of the website (including your IP address) is transmitted to Google. This information is then used to evaluate visitors’ use of the website and to compile statistical reports on website activity for Primula Ltd.
We will never (and will not allow any third party to) use the statistical analytics tool to track or to collect any Personally Identifiable Information of visitors to our site. Google will not associate your IP address with any other data held by Google. Neither we nor Google will link, or seek to link, an IP address with the identity of a computer user. We will not associate any data gathered from this site with any Personally Identifiable Information from any source, unless you explicitly submit that information via a fill-in form on our website
Cookies Set by Google Analytics: __utma, __utmb, __utmc, __utmz
For more information about Google Analytics, view their terms of service here
Using Web Browser Settings to Manage Cookies
The Help menu on the menu bar of most browsers will tell you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie and how to disable cookies altogether. You can also disable or delete similar data used by browser add-ons, such as Flash cookies, by changing the add-on’s settings or visiting the website of its manufacturer.
You have a number of legal rights relating to your personal data, which are outlined here:
The right to make a subject access request. This enables you to receive certain information about how we use your personal data, as well as to receive a copy of it and to check that we are lawfully processing it.
The right to request that we correct incomplete or inaccurate personal data that we hold about you.
The right to request that we delete or remove personal data that we hold about you where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
The right to object to our processing your personal data where we are relying on our legitimate interest (or those of a third party), where we cannot show a compelling reason to continue the processing .
The right to request that we restrict our processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
The right to request that we transfer your personal data to you or to another party, in a structured format. This right applies in respect of data that you have provided where our legal ground for using the data is that it is necessary for the performance of a contract or that you have consented to us using it (this is known as the right to “data portability”).Primula Ltd has appointed a Privacy Manager, and if you would like to exercise any of the above rights, please contact them in writing at Privacy Manager, Kavli UK Ltd, Kingsway, Team Valley Trading Estate, Gateshead, NE11 0ST. Note that these rights are not absolute, and in some circumstances, we may be entitled to refuse some or all of your request. Note too that you have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. Details of how to contact the ICO can be found on their website: https://ico.org.uk