PRIVACY POLICY

Herbal Blue, is committed to protecting your personal information in accordance with the Data Protection Act 1998 and the EU General Data Protection Regulation (GDPR).

This policy covers how Herbal Blue uses and protects any information that you provide when using the website www.gascageshop.co.uk or any of its services.

The Data Controller

Herbal Blue is the data controller for any personal information you supply in relation to its services and when registering as a client or candidate. 

What data is held?

Herbal Blue may store your personal details, including but not limited to your name and contact details, together with your e-mail address.

How is data collected?

Your personal details will be sent to us through via our website when placing an order with us. This does not include any provided financial information.

Internet-based transfers 

Given that the Internet is a global environment, using the Internet to collect and process personal data necessarily involves the transmission of data on an international basis. Therefore, by browsing our website and communicating electronically with us, you acknowledge and agree to our processing of personal data in this way.

How your data is used?

Your data is only used to process any orders that you have placed with Herbal Blue.

How long and where do we keep your data?

Herbal Blue will only keep your personal data for as long as it is needed in order to use it as described above in providing the service and/or for as long as you have given permission to keep it. Sometimes your personal data must be kept beyond the duration of the provision of the service in order to meet statutory requirements for accountancy practice.

Your data will be stored in the UK.

Your rights to your information

You can object or withdraw your consent to the use of your personal information at any time. As a data subject, you have the following rights under the GDPR, which Herbal Blue will uphold:

  1. The right to be informed about how your personal data is used
  2. The right of access to your personal data and supplementary information.
  3. The right to have your data rectified if incorrect or incomplete
  4. The right to erasure. This is not an absolute right but specifically:
    • Where the personal data is no longer necessary in relation to the purpose for which it was originally collected/processed.
    • When the individual withdraws consent.
    • When the individual objects to the processing and there is no overriding legitimate interest for continuing the processing.
    • Where the personal data was unlawfully processed (ie otherwise in breach of the GDPR).
    • When personal data has to be erased in order to comply with a legal obligation.
    • When the personal data is processed in relation to the offer of information society services to a child.
  5. The right to restrict processing
  6. The right to data portability
  7. The right to object. Specifically but not necessarily limited to you have the right to object to:
    • processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);
    • direct marketing (including profiling); and
    • processing for purposes of scientific/historical research and statistics.
  8. Rights in relation to automated decision making and profiling.

More comprehensive information relating to your rights can be found on the Information Commissioners Office (ICO) website https://ico.org.uk/

Should you wish to exercise any of your rights or in the event of a complaint please contact The Data Protection Officer at Herbal Blue in writing.

How we use Cookies

Many websites place cookies whenever a user visits their sites, in order to track traffic flows.  Cookies are text files, which identify your computer to the server.  Herbal Blue may use cookies from time to time only to make your web experience better. 

Security

We are committed to ensuring that your information is secure.  In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect. Our services are all hosted from a datacentre within the EEA which is ISO27001 certified. We undertake regular vulnerability scans of our website and services to ensure your data is safe.

Links to other websites

This privacy notice does not cover the links within this site linking to other websites. We encourage you to read the privacy statements on the other websites you visit.