In this privacy & cookies policy (“Policy”), we describe the information that we collect about you, that you provide to us, is provided to us by third parties, and will be processed by us, as you use this website (our “Website”) and the services available through this Website, our mobile website, and for registered users our Mobile Application (collectively, our “Services”). We recommend that you read this policy carefully in order to understand what BRUMBABY LTD. and its subsidiaries, including BRUMBABY LTD. (EU) Limited (“we”, “us”, “BRUMBABY LTD.”) do with your personal information. Your use of our Website and Services and any dispute over privacy, is subject to this Policy and any of our applicable Terms and Conditions for use of our Services, including their applicable limitations on damages and the resolution of disputes. Our Terms and Conditions for our Services are incorporated by reference into this Policy. By visiting www.brumbaby.com you are accepting and consenting to the practices described in this Policy. Regardless of the applicable law set forth in the BRUMBABY LTD. Terms and Conditions for use of our Services, however, please note that any disputes arising under this Policy will be interpreted in accordance with the Governing Law provision set forth below.
HOW, WHEN AND WHAT WE COLLECT?
How does BRUMBABY LTD. collect my information?
We collect information directly from you, about you from third parties such as our marketing affiliates and service providers used to verify your identity and prevent fraudulent activity, other BRUMBABY LTD. users and other BRUMBABY LTD. clients or customers for the purpose of providing the BRUMBABY LTD. Services to you, and automatically as you use our Website and the Services. At this time, use of our Services through our Mobile Application is only available to users who register for our Services.
When does BRUMBABY LTD. collect my information?
When you apply for and use our Services, you contact us with questions, and you otherwise choose to provide information to us.
We receive information about you from banking references, credit reporting agencies and affiliates. We may combine this with other information that we collect about you.
We, and our third party service providers, automatically collect the following information about your use of our Website and our online Services through cookies, web beacons, log files and other technologies: your domain name, your browser type and operating system, web pages you view, links you click, your IP address, the length of time you visit our Website or use our Services, your activities on our Website, and the referring URL or the webpage that led you to our Website.
What information does BRUMBABY LTD. collect?
The types of information we collect about you depends on your particular interaction with our Website and our Services, and might include, where permitted by applicable law:
- Your contact information (e.g., name, email address, phone number, billing or mailing address)
- Bank and credit account information
- IP address
- Details of any transactions carried out using any of the Services
- Any other information that you choose to provide to us (e.g., if you send us an email/otherwise contact us)
- Information through Cookies and other tracking technologies as listed above
HOW WE USE YOUR INFORMATION
- To provide our Services to you, to communicate with you about your use of our Services or any changes in our Terms and Conditions that apply to you.
- For the purpose for which you specifically provide the information to us, including, to respond to your inquiries, to provide any information that you request, and to provide customer support.
- To tailor the content and information that we may send or display to you, to offer location customisation (where permitted by applicable law), personalised help and instructions, and to otherwise personalise your experiences while using our Website and our Services, such as developing and offering you with new and/or additional products or new and/or additional features to existing products.
- For marketing and promotional purposes, for example, where permitted by law (other than if (where applicable) you opted out by unsubscribing from marketing emails), we may use your information, such as your email address, phone number, or mailing address to send you newsletters, special offers and promotions, or to otherwise contact you about services or information we think may interest you, or to conduct draws for campaigns and the like and deliver prizes and rewards .
- As permitted by applicable law (other than if (where applicable) you opted out), to assist us in advertising our products and services in various mediums including, without limitation, sending you promotional emails, advertising our services on third party sites and social media platforms, sending you direct mail, and by telemarketing.
- To better understand how users access and use our Website and our Services, both on an aggregated and individualised basis, to administer, monitor, and improve our Website and Services, for our internal purposes, and for other research and analytical purposes.
- To protect us, our customers, employees or property — for instance, to investigate fraud and prevent fraudulent activity, harassment or other types of unlawful activities involving us or other companies that we do business with, to enforce this Policy, as well as our Terms and Conditions.
WHEN DO WE SHARE YOUR INFORMATION?
We share your information with third parties, including service providers, regulated institutions (e.g., financial institutions), affiliated entities, and business partners as set out in the table below. In the section below, we also list the reasons why we share information.
- With our service providers and affiliates – to assist us with the provision of the Services and our everyday business purposes, such as to verify your identity, prevent fraudulent activity, conduct internal research and analytical assessments, process your transactions, maintain your account(s) and provide you with customer care services.
- With fraud prevention and detection service providers – for the purpose of detecting and preventing fraudulent activity. Such service providers may keep records of information provided and use it when providing fraud detection and prevention services to other users of their databases.
- For marketing purposes:
With our service providers and our affiliates – to market our own products and services; and
- With non-affiliated third parties for joint marketing purposes.
- With other BRUMBABY LTD. clients, customers or third parties using our services – to perform the Services, assist in carrying out your transactions with such clients, customers or third parties or for purposes of our refer-a-friend program(s).
- In response to legal process – to comply with the law, a judicial proceeding, subpoena, court order, or other legal process.
- To protect us and others – we may disclose your information when we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of our Terms and Conditions or this Policy, or as evidence in litigation in which we are involved.
- Aggregate and de-identified information – we may disclose aggregate or de-identified information about users for marketing, advertising, research, or similar purposes.
- With consumer reporting agencies, as permitted by law, with respect to users from the United States.
NOTE: If you do not want us to use your details for us to market to you, please contact us. You will also be able to unsubscribe from any marketing emails sent to you by BRUMBABY LTD. using a link provided in the email.
This Policy may change from time to time. Any changes in the future will be posted on our Website. Please check back frequently to see any updates or changes to our Policy. We will not materially reduce your rights under this Policy without taking steps to bring such changes to your attention.
Any and all content provided on this Website or the Services, including links to other websites is provided for information purposes only and does not constitute advice, recommendation or support of such content or website. BRUMBABY LTD. makes every effort to provide true and accurate content on its Website. However, BRUMBABY LTD. provides no warranty, express or implied, of the accuracy, completeness, timeliness, or applicability of such content. BRUMBABY LTD. accepts no responsibility for and excludes all liability in connection with information provided on the BRUMBABY LTD. website, including but not limited to any liability for errors, inaccuracies or omissions.
APPENDIX 1: ADDITIONAL TERMS FOR EEA CUSTOMERS
The information below is required pursuant to the EEA law regarding privacy and data protection. The terms below apply to EEA customers in addition to the terms in the rest of the Policy.
For the purposes of the General Data Protection Regulation (“GDPR”), the data controller is (PROVIDE THE NAME OF YOUR COMPANY AND THE DATA REGULATOR). If you have any questions about this Policy, please contact our Data Protection Officer (DPO) at email@example.com.
If you are unhappy about how we are processing your data or how we have responded to a request or complaint, you have the right to make a complaint to the (NAME OF THE DATA CONTROLLER) or your local supervisory authority.
WHEN DO WE SHARE YOUR INFORMATION
The table headed “How and Why We Share Your Information” in the main part of the Policy under the heading “WHEN DO WE SHARE YOUR INFORMATION” lists who we may share your information with, which include transfers for reasons of legal compliance and necessity in order to provide you with our Services.
You should be aware that when sharing your information, it may be transferred to, and stored at, a destination outside the EEA.
Please note that where data is transferred outside of the EEA, non-EEA countries may not offer the same level of protection for personal data as is available in the EEA. BRUMBABY LTD. will take various measures to ensure that your data is treated securely, which may include, but not be limited to:
- Assessing the security measures taken at any place your data is transferred to;
- Having suitable contract terms in place that oblige a data processor to only process in accordance with our instructions; and
- Having monitoring, reporting and resolution procedures in place with regard to ongoing security.
Please contact us if you require more detailed information about international transfers of your information, and the particular safeguards used.
LEGAL GROUNDS FOR PROCESSING YOUR PERSONAL DATA
We process your information based on the following legal grounds, as recognised by and in compliance with the applicable data protection laws:
the processing is necessary to perform our contract with you (i.e. the Terms and Conditions that apply as applicable with respect to BRUMBABY LTD. Services, for the provision of our Services), or to take steps requested by you before entering into said contract;
- The processing is in BRUMBABY LTD.’s or someone else’s legitimate interests, and these interests are not overridden by your interests or rights in the protection of your personal data. This may include processing your data for prevention of fraudulent activity, internal research and analytics assessments, for purposes of communication with you, and informing you about new products and services we are offering or to promote new products and services of other parties which we think may be of interest to you, etc.;
- You have given your consent to the processing of your data;
- The processing is necessary to meet a legal obligation which applies to BRUMBABY LTD..
Sometimes we process data about you which the law considers to fall within special categories (see section “What data do we process about you?” for more details), in which case, we use one of the following grounds:
- The processing is necessary for the establishment, exercise or defense of legal claims;
- You have freely given your informed, specific consent to the processing; or
- The processing is necessary for reasons of substantial public interest, based on applicable law.
If you would like more information about the legal grounds used to process your information, or about the legitimate interests referred to above, please contact us.
In cases where we have asked for, and you have given, your consent to our processing of your personal data, you have the right to withdraw such consent at any time. You can do this by contacting our company
DO YOU HAVE TO GIVE US YOUR INFORMATION?
In most cases, providing your personal data to us is optional, however, if you do not provide it, you will not be able to purchase our Products. For example, we need details such as your name, address and bank account/credit/debit card details so that we can make payments to you and receive payments from you. In other cases, you have a choice over whether we collect your personal data, for example, you can turn off cookies on your browser and we will not place any cookies on your device or computer (although in this case you may not be able to use all parts of our website).
HOW LONG DO WE KEEP YOUR INFORMATION?
BRUMBABY LTD. retains your information as required by applicable laws or regulations and/or in accordance with BRUMBABY LTD.’s internal policies and procedures for purposes of prevention of fraudulent activity, risk management and security. BRUMBABY LTD. will periodically review the necessity of retention of your data.
EEA CUSTOMERS ONLY: YOUR RIGHTS
You have several rights in relation to your personal data which are described in more detail below. You can exercise your rights at any time by contacting us at firstname.lastname@example.org
Accessing your data
You can ask us to:
Confirm whether we are processing your personal data
Give you a copy of that data
You do not have to pay a fee for a copy of your information unless your request is unfounded, respective or excessive, in which case we will charge a reasonable amount in the circumstances. We will let you know of any charges before completing your request.
We aim to respond to you within 1 (one) month of receiving your request unless it is particularly complicated or you have made several requests, in which case we aim to respond within 3 (three) months. We will let you know if we are going to take longer than 1 (one) month in dealing with your request. If we have a lot of information about you we might ask you if you can tell us what exactly you want to receive. This will help us action your request more quickly.
Correcting your data
You can ask us to correct any data which is inaccurate or incomplete. This is free of charge.
If we have shared the data with anyone else, we will tell them about the correction wherever possible. We aim to deal with requests for correction within 1 (one) month, although it might take us up to 3 (three) months if your request is particularly complicated.
If we cannot action a request to correct your data, we will let you know and explain why this is.
Erasing your data
This right is sometimes referred to as “the right to be forgotten”. This is not an absolute right but you have the right to have your data erased, free of charge, in certain circumstances.
You can ask for your data to be erased where:
- It is no longer necessary for the purpose for which it was originally collected or processed;
- We are processing your data based on your consent, and you withdraw that consent;
- You object to the processing and we do not have an overriding legitimate interest for continuing;
- Your data has been unlawfully processed;
- Your data must be erased to comply with a legal obligation;
- The data was processed to offer information society services to a child.
There are some exceptions to this right. If one of these applies, we do not have to delete the data.
If we have shared your data with third parties, we will tell them about the erasure of your data unless this is impossible or would involve disproportionate effort.
Restricting the processing of your data
You can ask us to restrict the processing of your personal data in some circumstances, free of charge. This is not an absolute right. If processing is restricted we can store the data and retain enough information to make sure the restriction is respected, but we cannot further process your data.
You can restrict the processing of your personal data in the following cases:
- If you contest the accuracy of your data, we will restrict processing until we have made sure the data is accurate;
- If you object to our processing and we are considering this objection;
- If the processing is unlawful but you do not want us to erase your data;
- If we no longer need the personal data but you require the data to establish, exercise or defend a legal claim.
If we have disclosed the data to a third party, we will inform them about the restriction unless it is impossible or would require a disproportionate effort. We will tell you if we decide to lift a restriction on processing your data.
Objecting to the processing of your data
Objecting to the processing of your data is free of charge. It is not an absolute right but you can object to our processing of your data where it is:
- Based on the legitimate interests ground; or
- For the purposes of scientific/historical research and statistics.
We will stop processing your personal data unless we have compelling legitimate grounds for the processing which override your interests and rights, or unless we are processing the data for the establishment, exercise or defense of legal claims.
You can require us to stop using your data for direct marketing purposes. We will stop as soon as we receive your request. There are no exemptions or reasons for us to refuse.
This allows you to obtain and reuse your personal data for your own purposes across different services. It applies where the following conditions are met:
- You provided the personal data to us yourself;
- We are processing the data either based on your consent or because it is necessary for the performance of a contract; and
- The processing is carried out by automated means.
We will provide your data free of charge in a structured, commonly used and machine-readable form. We aim to provide your data within 1 (one) month of receiving your request unless it is particularly complicated or you have made several requests, in which case we aim to respond within 3 (three) months. If we are going to take longer than 1 (one) month we will let you know and explain why we need more time. If we consider that we cannot provide you with your data, we will contact you and explain why this is.
Automated decision making and profiling
You have the right not to be subject to a decision which is based on automated processing and which produces a legal (or similarly significant) effect on you. We will tell you about any automated decision making that affects you. You have the right to:
- Request human intervention;
- Express your point of view;
- Ask for the decision to be explained; and
- Challenge the decision.
These rights are not absolute. They do not apply if the decision is:
- Necessary for us to enter into or perform a contract with you;
- Authorised by law (e.g. for fraud prevention); or
- Based on your explicit consent.