Who We Are
Think Better Group Limited (‘we’ or ‘us’ or ‘our’), is the parent company for a number of organisations.
Think Better Group Limited is the Data Controller for all the organisations within the Group that are covered by the scope of this notice. We gather and process your personal information in accordance with this privacy notice and in compliance with the relevant Data Protection Regulation and laws. This notice provides you with the necessary information regarding your rights and our obligations, and explains how, why and when we process your personal data.
Think Better Group Limited’s registered office is at Kibo House, Stockcroft Road, Balcombe, RH17 6HP and our company is registered in England and Wales under company number 7728447.
Our designated Data Protection Manager can be contacted via email at firstname.lastname@example.org
We appreciate the trust you place in us when sharing your personal data. The security of that data is very important to us. In this Privacy Notice, we explain how we collect, use, and protect your personal data. We also explain what rights you have with regard to your personal data and how you can exercise those rights.
This Privacy Notice is based on the terms used by the United Kingdom General Data Protection Regulation (UK GDPR) but for ease of understanding the following definitions apply.
Controller: the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by the Information Commissioners Office.
Personal data: any information relating to an identified or identifiable natural person (“Data Subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
Data subject: any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing.
Processor: a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.
Recipient: a natural or legal person, public authority, agency, or another body, to which the personal data are disclosed, whether a third party or not.
Third Party: a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Restriction of processing: the marking of stored personal data with the aim of limiting their processing in the future.
Processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
Profiling: any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location, or movements.
Consent: Consent of the data subject is any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Information That We Collect
We process your personal information to meet our legal, statutory, and contractual obligations and to provide you with our products and services. You may give us information about you by corresponding with us by phone, email, social-media or otherwise by submitting an enquiry via our website, by opting in to receive a newsletter, or when you take part in a prize draw, competition, or survey. We will never collect any unnecessary personal data from you and do not process your information in any way, other than as specified in this notice.
The personal data that we may, at request, collect in full or part thereof is:
- Date of Birth
- Delivery Address
- Email Address of your choice
- Mobile Telephone Number
The technical personal data that we collect from is:
In addition, to ensure that each visitor to any of our websites can use and navigate the site effectively, we collect the following:
- Technical information, including the IP (Internet Protocol) address used to connect your device to the Internet.
- Your login information, browser type and version, time zone setting, browser plugin types and versions.
- Operating system and platform.
- Information about your visit, including the URL (Uniform Resource Locator) clickstream to, through and from our site.
- From time to time we may use technologies, such as tracking pixels (also called 1x1 pixels or pixel tags), to collect the above information from your interaction with emails we send you. This enables us to focus our marketing to your needs, leading to more relevant emails to our subscribers. It also helps us to identify subscribers that are not engaged with our marketing emails, enabling us to remove them from our send lists.
We collect information in the below ways:
- We may also collect your Personal Information if you enter a competition or promotion we run (either directly or through our marketing agents or our Partners).
- We may also collect Personal Information from you about the recipient of a third-party supplier gift cards purchased by you through our websites. This information may include the recipient’s name, email address and phone number.
- In order to help protect you from fraud and misuse of your Personal Information, we may collect information about your use and interaction with our website. For example, we may evaluate your computer, mobile phone or other access device to identify any malicious software or activity.
- We may also collect additional information from or about you in other ways, such as through contact with our customer support team, suppliers, or service providers (whether via mail, email or through telephone enquiries), your responses to a market survey, and from interactions with Ecoriginals Partners or as otherwise notified to you at the time.
How We Use Your Personal Data
We take your privacy very seriously and will never disclose, share, or sell your data without your consent, unless required to do so by law. We only retain your data for as long as is necessary and for the purpose(s) specified in this notice. Where you have consented to us providing you with promotional offers and marketing, you are free to withdraw this consent at any time. The purposes and reasons for processing your personal data are detailed below: -
- To process transactions for the delivery of third-party goods or services available through our website – the use of your Personal Information in this way is necessary for the performance of the third-party goods or services that you request from us or a third-party request from us for you to receive the benefit of the third-party goods or services
- For customer support - The use of your Personal Information in this way is necessary for the performance of the services that you request from us
- To process transactions and send notices about your transactions - The use of your Personal Information in this way is necessary for the performance of the services that you request from us
- To resolve disputes, collect fees, and troubleshoot problems - The use of your Personal Information in this way is necessary for the performance of the services that you request from us
- To investigate and prevent potentially prohibited or illegal activities - The use of your Personal Information in this way is necessary for the purposes of our legitimate interests in establishing any risks in providing services to you and to prevent, detect and prosecute fraud and other crimes
- To enforce our rights against you - The use of your Personal Information in this way is necessary for the purposes of our legitimate interests in our recovering any debt owed to us
- To learn more about your level of satisfaction, your expectations of us and our Partners, and how we can meet them
- The use of your Personal Information in this way is necessary for our legitimate interests in understanding the customer journey and experience so that we can understand your needs and provide a better service to you, and to help us develop and improve our products and services
- To customise, measure, and improve our services and the content, layout, and operation of our Websites - The use of your Personal Information in this way is necessary for our legitimate interests in understanding the customer journey and experience so that we can understand your needs and provide a better service to you, and to help us develop and improve our products and services
- To communicate with you and administer your participation in our services. The use of your Personal Information in this way is necessary for the performance of our services that you request from us and our legitimate interests in managing administrative, operational and customer service requirements
- To send you marketing and promotional communications about our Services, updates, announcements, and offers. The use of your Personal Information in this way is based on your consent. Please see the section below entitled “Marketing and privacy.”
- When you have consented to receive marketing, through email, text, or push notifications, we may also process your Personal Information to determine, measure, and provide personalised marketing messages that may be of interest or relevance to you. The use of your Personal Information in this way is necessary for our legitimate interests to provide targeted and more personalised services. You have the right to object to us processing your Personal Information for this purpose at any time. Please see the section below entitled “Marketing and Privacy”
- For purposes necessary to make on our app or site work as you would expect it to. This includes, secure identity verification and login, fraud prevention, and remembering your cookies choices. The use of your Personal Information in this way is necessary for our legitimate interests. Details on our collection of Personal Information using cookies and analytical services is set out in our Cookies Policy at https://www.thinkbettergroup/en-GB/cookies
- For other purposes to which you have specifically consented; and
- As required or permitted by relevant laws and regulations.
You have the right to access any personal information that we process about you and to request information about: -
- What personal data we hold about you
- The purposes of the processing
- The categories of personal data concerned
- The recipients to whom the personal data has/will be disclosed
- How long do we intend to store your personal data for
- If we did not collect the data directly from you, information about the source
If you believe that we hold any incomplete or inaccurate data about you, you have the right to ask us to correct and/or complete the information and we will strive to do so as quickly as possible; unless there is a valid reason for not doing so, at which point you will be notified.
You also have the right to request erasure of your personal data or to restrict processing (where applicable) in accordance with the data protection laws; as well as to object to any direct marketing from us. Where applicable, you have the right to data portability of your information and the right to be informed about any automated decision-making we may use.
If we receive a request from you to exercise any of the above rights, we may ask you to verify your identity before acting on the request; this is to ensure that your data is protected and kept secure.
Sharing and Disclosing Your Personal Information
- In the event that we sell any of think better groups of businesses or assets we may disclose your personal data to the prospective buyer or such business or assets.
- If Think Better Group or substantially all of his assets are required by thought third-party in which case personal data held by Think better group about its customers will be the transferred assets.
We do not share or disclose any of your personal information without your consent, other than for the purposes specified in this notice or where there is a legal requirement. We use third parties to provide the below services and business functions; however, all processors acting on our behalf only process your data in accordance with instructions from us and comply fully with this privacy notice, the data protection laws and any other appropriate confidentiality and security measures.
Companies within our group of companies (our “Group”) who may use and update your information to provide Think Better Group Services, administer and manage your customer experience and account, customer support, to recover debts, to prevent, detect and prosecute fraud and other crimes, and to manage our and any member of our Group’s relationship with you. The Group also has legal obligations that it must comply with (such as to report fraud).
Our Partners and the suppliers and service providers who help with our business operations including in relation to fraud prevention, payment collection, marketing, customer service, and technology services - The use of your Personal Information in this way is necessary for the purposes of our legitimate interests to operate and protect our business and to comply with legal obligations that apply to us.
Our retailers and third party suppliers in the United Kingdom and in other countries (including Australia, New Zealand, and the United States), so that they can provide goods or services to you (or the recipient of third party goods or services) or respond to a complaint by you, or to help them improve the quality and standard of service they provide to you - The use of your Personal Information in this way is necessary for the purposes of our legitimate interests for the administration of our agreement with you; to protect our business and to improve service standards.
Our service provider which provides our outbound text messaging services, and which may need to intercept messages between us and you from time to time; retain Personal Information contained in those messages or disclose your Personal Information to a government body or to a telecommunications network provider - The use of your Personal Information in this way is necessary to comply with legal obligations that apply to us or to our service provider.
Financial institutions that we may partner with to jointly create and offer a product - The use of your Personal Information in this way is necessary for the purpose of our legitimate interests in maintaining our funding lines so that our business remains commercially viable.
Companies that we plan to merge with or be acquired by or who may invest in us - The use of your Personal Information in this way is necessary for the purposes of our legitimate interests to ensure that we or our business remains commercially viable.
Law enforcement, government agencies or officials, or other third parties to detect, investigate and prevent crime - The use of your Personal Information in this way is necessary for the purposes of our legitimate interest in preventing fraud and money laundering. Fraud prevention agencies may also disclose your Personal Information for the same purposes.
We take your privacy seriously and take every reasonable measure and precaution to protect and secure your personal data. We work hard to protect you and your information from unauthorised access, alteration, disclosure, or destruction and have several layers of security measures in place, including: SSL, TLS, encryptions, Microsoft secure sharing services, restricted access, IT authentication, firewalls, anti-virus/malware etc.
Transfers Outside the UK (if applicable)
The information that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It will also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff will be engaged in, among other things, the processing and fulfilment of your orders and the provision of support services. Further, if you transact with our sites in another country (including Australia, New Zealand, and United States), we will disclose personal information to such locations. Where adequate protections for your information do not exist under the applicable laws of that third country, we (or the party transferring your information) will take necessary steps to ensure that appropriate safeguards are put in place to maintain the same levels of protection as are needed under UK data protection legislation. Safeguards include imposing contractual obligations on the recipient of your information or subscription to ‘international frameworks’ that ensure adequate protection (for example, the European Commission Standard Contractual Clauses).
To facilitate our global operations, we may share personal information with related companies, including those based in Australia, United States, and the United Kingdom.
When we transfer personal data, we utilise the safeguarding measures and mechanisms below to ensure that your personal data is always safe and secure:
- Axcrypt.net for secure encryption of data for storage or transfer
- Tresorit.com for secure data transfer, GDPR compliant
- Microsoft secure sharing services
Consequences of Not Providing Your Data [if relying on statutory/contractual requirement basis]
You are not obligated to provide your personal information to us, however, as this information is required for us to provide you with our services/deliver your products, we will not be able to offer some/all our services without it.
Legitimate Interests [if applicable]
As noted in the ‘How We Use Your Personal Data’ section of this notice, we occasionally process your personal information under the legitimate interests’ legal basis. Where this is the case, we have carried out a thorough Legitimate Interests’ Assessment (LIA) to ensure that we have weighed your interests and any risk posed to you against our own interests; ensuring that they are proportionate and appropriate.
How Long We Keep Your Data
We only ever retain personal information for as long as is necessary and we have strict review and retention policies in place to meet these obligations. We are required under UK tax law to keep your basic personal data (name, address, contact details) for a minimum of 6 years after which time it will be destroyed.
Where you have consented to us using your details for direct marketing, we will keep such data until you notify us otherwise and/or withdraw your consent.
Special Categories Data
Owing to the products, services or treatments that we offer, we do not hold any sensitive data (known as special category data) about you.
Occasionally, we would like to contact you with products/services/promotions that we provide. If you consent to us using your contact details for this purpose, you have the right to modify or withdraw your consent at any time by using the opt-out/unsubscribe options or by contacting email@example.com directly.
We will occasionally send you details on products/services/promotions by email/SMS that have been identified as being beneficial to our customers and in our interests. Such information will be relevant to you as a customer and is non-intrusive and you will always have the option to opt-out/unsubscribe at any time.
Lodging A Complaint
We only process your personal information in compliance with this privacy notice and in accordance with the relevant data protection laws. If, however, you wish to raise a complaint regarding the processing of your personal data or are unsatisfied with how we have handled your information, you have the right to lodge a complaint with the Information Commissioner’s Office. In every instance we would prefer to resolve any issues as we pride ourselves on our exceptional customer service.
Think Better Group Limited
Data Protection Manager
Information Commissioner’s Office