GDPR Privacy Notice
This GDPR Privacy Notice describes the types and categories of personal data we collect, the business purposes for which we collect, use and share your personal information, with whom we share it, the lawful basis for processing and your rights in personal data under the GDPR.
For purposes of this GDPR Privacy Notice, we refer to personal data according to the following definition given in the GDPR: “personal data” means any information relating to an identified or identifiable natural person (“Data Subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
When we refer to “processing” in this GDPR Privacy Notice, we mean any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
By submitting personal data to us, or purchasing our products or using our online services, you consent to the collection, use, sharing and disclosure of such information as set forth in this GDPR Privacy Notice, as it may be updated from time to time.
What categories of personal information do we collect about you?
- We may collect personal information from you in various ways including:
- when you provide us with information (e.g., through your communications with us by email or telephone or through our Site and our Join Our Rewards program, Sign Up/Set An Account or Sign Up for our newsletter, or on our social media pages);
- when you communicate with us concerning our products;
- purchase one of our products; and
- through automated means when you use our website including by use of “cookies” and other similar tracking technologies.
We collect the following categories of personal information:
- Identifiers: this information may include your name and contact details (including mailing addresses, telephone numbers, email addresses, IP address, browser identifier, geolocation data and other identifying information you provide to us). For example, we may collect your name and email address when you join our mailing list to receive information on our products.
- Customer Information: this information comprises any information that identifies, relates to, describes or is reasonably capable of being associated with you or your household in our records. Examples include your payment related information that we use to charge for our products, including debit or credit card numbers. All debit or credit card transactions are processed by our third-party payment vendors. We do not collect, store or maintain any credit card or debit card information on or through our website after the transaction is processed and verified. Instead, it is transiently collected, shared with and processed through these third-party payment vendors using their platforms. We do not share your credit or debit card information with any vendors, other than our third-party payment vendors. Some personal information in this category may overlap with other categories.
Special Categories of Personal Data: This includes demographic information, such as age, race, gender or ethnicity, or medical information related to our products, that you may voluntarily provide to us. (Note, we never request or require that you provide us with any special categories of personal data. If you decide to share this information with us, we may maintain a copy of the communication for the purposes for which you provided the information to us (e.g., to resolve a complaint, make a refund).
- Commercial Information: this category includes information concerning the products you purchased and your purchasing history and tendencies.
- Geolocation data: we may determine your approximate geographic location through your IP address in order to market our products at physical locations, such as retailers, that are nearby to you. Geolocation information is provided to us for use for marketing purposes based on third party marketers and e-commerce platforms that monitor usage of our Site. If you do not want us to collect geolocation data, you may change the settings on your mobile device, which lets you choose how and whether your location is shared with us.
- Inferences drawn from information you provide to create a personal profile concerning your consumer preferences, characteristics, predispositions, behavior, and attitudes. We may accumulate the information you provide to develop a consumer profile concerning your behavior and interests, including for our marketing and advertising purposes, and to improve our products.
Our Business Reasons For Collecting And Processing Your Personal Information
We collect and process personal information for the legitimate business purposes of BFY, LLC. These purposes include to provide you with products, to fulfill the purpose for which you provided us with your personal information, to communicate with you, to perform on a contract between you and the Company, to market our products to you, to process payment and shipping and for account management, to improve the functionality and effectiveness of our websites, to protect the security of our website, to protect against fraud, and to comply with applicable law, rules or regulations.
Who we share your personal information with
We do not sell your personal information to third parties.
In some instances we may retain other companies and individuals to perform functions on our behalf, including, but not limited to, web hosting platforms, e-commerce platforms, customer service providers, and shippers. Such third parties may be provided with access to your personal information to perform the functions for which they have been retained. BFY, LLC requires its service providers, who provide services on our behalf (such as our e-commerce platform) to maintain the security of your personal information.
We may also disclose your personal information to third party advertisers and advertising networks.
We may disclose any information, including personal information, we deem necessary, in our sole discretion, to comply with any applicable law, regulation, legal process or governmental request, to protect ourselves from fraudulent or illegal activity, and to defend against legal claims.
What are BFY, LLC’s lawful basis for processing your personal data
BFY, LLC is committed to processing personal data only where there is a lawful basis:
- where you have given consent to the processing of your personal data for one or more specific purposes. Where the sole basis for our use of the personal data is your consent, you have the right to withdraw your consent at any time;
- where processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract;
- where processing is necessary for compliance with a legal obligation to which BFY, LLC is subject;
- where processing is necessary for the purposes of the legitimate interests pursued by BFY, LLC or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data. BFY, LLC’s legitimate interests are to effectively manage our business and customers, market, sell and deliver our products, including providing you with advertising content and opportunities, manage your account, improve our services and products, maintain the security of our Site, and comply with our legal obligations.
- processing of special category personal data shall only occur where you have given explicit consent to the processing of the personal data for one or more specified purposes or where permitted by applicable law. (Note, that we do not ever request or require that you provide us with special category data)
Your rights regarding your personal data
Under the GDPR, you have the following rights in personal data held by us:
- the right to access your personal data and request certain information concerning our use of your personal data, such as an explanation of the purpose of the processing, categories of personal data processed and disclosure of third parties with whom BFY, LLC shares the data;
- the right to rectify inaccuracies in your personal data or to ensure that it remains up to date;
- the right to erasure of your personal data under certain circumstances. For example, you may request erasure if the data is no longer needed in connection with the reasons it was collected or processed or if you withdraw your consent to further processing. BFY, LLC may deny your request where it is required or permitted by law to retain your personal data or when we need to retain your information in connection with the exercise or defense of legal claims;
- the right to restrict our use of your data where you contest the accuracy of the data in order to permit time to rectify the inaccuracies and in other circumstances;
- the right to data portability by requesting a copy be provided in a structured, commonly used and machine-readable format and/or requesting that BFY, LLC transmit your personal data to a third party where technically feasible;
- the right to object to our use of your personal data where you contest that the processing is necessary for the purposes of BFY, LLC legitimate interests. BFY, LLC may deny your request because it has compelling legitimate business interests or in connection with the exercise or defense of legal claims. You also have the right to advise us at any time that you no longer wish to receive direct marketing materials from BFY, LLC and we will no longer use your personal data for marketing purposes; and
- the right to bring a complaint before the applicable governmental privacy regulator.
We will take action on your requests concerning any of your rights without undue delay and in any event within one month of receipt of the request. We may extend that time period by two further months where necessary, taking into account the complexity and number of the requests. If we need more time, we will inform you of any such extension within one month of receipt of the request, together with the reasons we need more time. The information you requested shall be provided by electronic means where possible, unless you request otherwise.
In addition, regardless of where you live, you have choices available to you through the device or browser you use to access the Site. For example:
- The browser you use lets you control cookies or other types of privacy settings.
- Your mobile device lets you choose how and whether your location is shared with us.
Reasonable Safeguards To Protect Your Personal Information
We are committed to maintaining the security of your personal information in compliance with all applicable laws and our policy. We take commercially reasonable steps to protect personal information from loss, misuse, and unauthorized access, disclosure, alteration, or destruction.
Our Site is not intended for use by children under 13 years of age. No one under age 13 may provide any information to us through the Site. We do not knowingly collect or use personal information from children under 13. If you are under 13, do not access, use or provide any information on the Site or on or through any of its features. If we learn we have collected or received personal information from a child under 13 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 13, please contact us.
Do Not Track Requests
We do not presently respond to Do Not Track requests. We do not control and are not responsible for third party tracking technologies that may be used on our Site. Such third parties may serve you content based on tracking you across different websites. You consent to potentially encountering third party tracking technologies when you use our Site.
Revisions to This GDPR Privacy Notice
We may update this GDPR Privacy Notice at any time, by posting the amended version on this Site including the effective date of the updated version. By accessing the Site or purchasing products after we make any such changes to this GDPR Privacy Notice, you are deemed to have accepted such changes. Please check this GDPR Privacy Notice regularly, and before you submit additional personal information via the Site.
How Long Do We Retain Your Data
We do not retain your personal data for longer than is necessary to fulfill the business purposes for which the information is being collected or processed or in order to comply with applicable legal or regulatory requirements. Personal data will be maintained for at least their minimum time period required retention under BFY, LLC records retention schedules.
Effective Date: January 28, 2021
Last Updated: January 28, 2021