How we use your data

Fulfiling orders

When you place an order with us over the telephone, on our website, or via the post. Bella di Notte collect your personal data to fulfil your order.

When we say ‘data’, we mean your name, address, a telephone contact number, and an email address. These details are collected so we can keep you updated about the progress of your order.

The data we collect also includes taking your payment details and processing them so you can pay for your order. We do not store your card details, we use encrypted tokenisation, which is inline with our industries best practice. 

Marketing

We may send you details of other Bella di Notte products that we think will be of interest to you. We do this by post or by email.

Bella di Notte process your personal data. We do this by profiling the data you give us and data we obtain from other sources. This is part of our standard marketing processes and helps us to keep our Marketing costs as efficient as possible. We hope our emails and catalogues will be of interest to you and that through sending you such offers, we will invite you to shop with us.

When Bella di Notte ask for your email address during a sale transaction, Bella di Notte may use your email address to send you special offers and information related to our own products.

If you do not want us to use your email address to contact you with marketing emails, please email dataprotection@belladinotte.com with the words 'Opt-out' in the subject line and your name, postcode, email address and mobile number in the body of the email. You can do this at any time.

We also encourage new customers to shop with us by sending them direct marketing through the post.

Bella di Notte process details of how you browse our websites and use this information to target advertising when you browse the internet or through emails. We are proud of our company and our products and we do this to ensure that our company grows. The companies we use are:

- Google Analytics
- Google Tag Manager
- Bing Ads
- GA Audiences
- Facebook Audiences

Website visitors who don’t want their data used by Google Analytics can install the Google Analytics opt-out browser add-on. To opt-out of Analytics for the web, visit the Google Analytics opt-out page and install the add-on for your browser. Learn more about the opt-out and how to properly install the browser add-on here.

Visitors can also opt-out of Google Analytics for Display Advertising and customize Google Display Network ads using the Ads Settings.

Further changes to this will be communicated by updating this notice. Please also see our updated Cookies policy. Back to FAQ's

Data exchange: buying data, trading data, selling data

Bella di Notte share the names and addresses of our customers who may appreciate the chance to shop with other similar, reputable mail order companies. Please note we never share email addresses.

We put customer name and address data in co-operative data pools. Occasionally we purchase databases or lists of people, including their postal addresses and phone numbers from highly regarded data broking companies so we can market our collection to potential new customers; this enables us to grow our business.

As an established mail order retailer, we are keen to continue trading within a prosperous mail order industry. Sharing our data helps us to support and grow the mail order industry.

Human resources

At Bella di Notte we also process data in our HR department. This includes managing our employees and fulfilling our legal obligations to those employees. We also process data for the purposes of recruiting interested applicants for job vacancies.

Day to day Bella di Notte business activities

As with many businesses, we need to process personal data (including CCTV images) for our day to day business purposes, including the general security of our premises and other purposes within the business. Back to FAQ's

Data we need to collect

Bella di Notte need to collect data including your name, contact details and delivery details so we can fulfil our contract with you and send you your order.

We also need to collect information about your payment method and the bank details that go with it.

For Bella di Notte’s legitimate interests in running our business, we may also collect your contact details from high reputable organisations who sell and/or rent data for marketing purposes. You can opt out of this sharing at any time by emailing dataprotection@belladinotte.com.

We also use data about your browsing on our website to help us personalise your browsing experience and to provide you with relevant offers.

For your peace of mind, we monitor calls to our customer care department to help ensure we continue to provide you with the high levels of service you expect.

The security of your data

Bella di Notte take the security of your personal data very seriously. We have put in place reasonable physical, electronic, and administrative procedures to ensure the security of personal data.

Within our company, your personal data is accessible only to those employees who require access to perform their jobs. Bella di Notte will never contact you or send emails asking you to provide personal information online. We would strongly advise you not to respond to any such emails or websites that ask you to do so.

We use encryption and pseudonymisation to help us to keep your information secure and we take steps to protect the electronic and physical security of our data assets including keeping our servers in secured buildings and limiting access to our IT systems.

All employees at Bella di Notte undergo training in Data Protection.

When we transfer data to processors or suppliers we use encryption, secure file transfer protocol (sftp) and password protection of files to ensure that data cannot be used by anyone other than the individual who it is intended for.

Data sharing 

To enable our contractors, service providers and employees to carry out their processes such as delivering your parcel, we need to pass on information about you. For example, a key partner is Royal Mail, who need your address so they can deliver your parcel.

Bella di Notte have two main ways in which we share data with other retailers in exchange for data about prospective customers. The first is through data co-operatives, where a number of reputable retailers share information on their customer. This improves our understanding of our customers and enable us to exchange details. The second means is by direct exchanges of customer lists with other highly regarded mail order retailers. The participating retailers and charities are active in the clothing, collectables, food & wine, gardening, gadgets & entertainment, health & beauty, household goods, home interiors and travel categories.

The data co-operatives we use to share data on customers and prospective customers are:

Abacus Alliance – this is their privacy information link: https://www.epsilon.com/abacus/get-in-touch/consumer-data-deletion-requests

iBehaviour – this is their privacy information link: https://www.conexancemd.com/ibehavior/ibehavior-privacy-policy.html

Experian – this is their privacy information link: https://www.experian.co.uk/privacy/consumer-information-portal/summary

In the event of our business being sold, your data will be transferred to the purchaser of the business. 

New Customers 

We obtain your information from trusted external data agencies, such as Ibehaviour, Experian and Abacus. The data we collect is your name and address. We only use this data once and do not pass your information on to anyone else. Please phone or email if you would like to be removed from our database.

If you would like to be removed from external data agencies, please use the links above.

When we obtain the data, we screen it against the mailing prefence service. If you haven't 'opted out' via the mailing prefence service you will still recieve marketing information from external data agencies.

Please contact them directly to be removed.

Your statutory rights

Under the new GDPR laws effective 25 May 2018, you are entitled to:

- request to see a copy of the information we hold about you;
- ask us to correct any information we hold that is incorrect;
- ask us to delete some of your data;
- have certain data given to you in a portable (electronic) format;
- object to how we process your data;
- ask us to not to process your data in certain circumstances.

To exercise any of these rights please contact us via email at dataprotection@belladinotte.com.

The Right to Access allows you to get confirmation of whether we have any information about you. You can request a copy of this information, and you are entitled to understand why we have it, what we use it for and where we got it from.

The Right to Portability gives you the right to get some of your information in an easily machine readable format. This right is only applicable where the data is used for the performance of a contract or relies on your consent and is data that you provided to us. For Bella di Notte that means we will give you a machine readable copy of your transaction data (ie the items you ordered and payments you made) and any device fingerprinting data we have that we collected based on your consent.

The Right to Rectification – this means that Bella di Notte are responsible for correcting any inaccurate data we hold on you. If we should disagree that the data is inaccurate you can ask to have an explanation attached to the data.

The Right to be Erasure (Right to be forgotten) means that we must delete data on you if the reason we collected it is no longer valid, if we asked for your consent and you chose to withdraw it, if we do not have a sufficiently strong legitimate interest to use it and you object, if we have used it unlawfully or if we are required to forget you by law.

This information is processed as part of our contract with you and we are required to keep this data for seven years. Please note if you request this, Bella di Notte will also keep a record of your request for erasure, and if you ask us not to contact you for marketing purposes we keep a copy of your details to make sure we do not send you marketing in future. This is known as a suppression list.

The Right to Restriction means that we won't process your data at all (apart from storing it) while we verify its accuracy, establish whether our processing is lawful or where we don't need the data but you want us to keep it for establishing legal claims. If you ask us to assess whether our processing is within our legitimate interests, necessary and does not override your legitimate interests we have to restrict processing of your data. Bella di Notte will tell you before we start to use it again.

The Right to Object applies whenever we process data in our legitimate interests. You have the right to ask us to consider any objection you have to the way we process your data and if we cannot show a compelling reason to continue we have to stop. This right also gives you the ability to tell us not to send you any direct marketing at any time by emailing dataprotection@belladinotte.com. This is an absolute right that Bella di Notte are committed to respecting.

How long we keep your data

Bella di Notte will retain data on your purchase history with us for five years. If you have not purchased from us in five years we will delete your personal data. We store the data that we collect about your browsing habits for four years, although we may store anonymised data for longer to analyse trends.

We will retain enough information to show that someone worked for us, or the reasons for their dismissal.

We collect your personal data to fulfil the orders you make with us for products and services.

2. Marketing

We rely on our legitimate interests as a retailer to market our products to you. This includes where we share data with other retailers for which we always provide you with a means to opt out. You can read more about opting out in the 'How to complain or object' section of our privacy policy.

3. Data exchange: buying data, trading data, selling data

We rely on our legitimate interests as a retailer to trade, sell or buy data. This includes where we share data with other retailers for which we always provide you with a means to opt out. You can read more about how to opt out in the 'How to complain or object' section of our privacy policy.

As an employer of staff we process personal data for the fulfilment of a contract with our employees or with the recruitment or employment agency that we commission to provide us with staff. For prospective employees we process personal data to enable us take steps preparatory to entering into a contract.

Our general business activities are largely performed by relying on our legitimate interest to trade and to undertake commercial activity. For marketing we send to you by email we rely on our legitimate interests using the soft opt in provisions of the Privacy and Electronic Communications Regulations.

This privacy policy describes our lawful bases for our major activities. Within those activities there may be specific processes where we rely on a different lawful basis.

Consent

Bella di Notte, as data controller, has made a policy decision not to rely on previous consent for our processing activities and not to use it in preference to other lawful bases that we feel are more appropriate.

Where Bella di Notte do ask for your consent this will be clear and will request an affirmative action from you such as completing a document or ticking a box.

If you choose to give Bella di Notte your consent, we will provide you with an easy means of opt out at all times.

Bella di Notte follow the guidance issued by the Information Commissioner's Office on the subject of consent. This means that where we use an opt out mechanism, this is our way of allowing you to object to processing that we perform because we believe it is in our legitimate interests. The opt out mechanism is a means of giving you control but we understand that it does not indicate consent.

Bella di Notte will always respect any opt out that you choose to exercise and will never seek to over-ride it using our legitimate interests.

Who we get personal data from

We partner with companies who work on behalf of UK retailers and cahrities who share information about their customers and what they buy. The participating retailers are active in the clothing, collectables, food & wine, gardening, gadgets & entertainment, health & beauty, household goods, home interiors and travel. The companies below process the information as a processor on behalf of these retailers to help them understand consumers' wider buying patterns. From this information, retalers can tailor their communications, sending individuals suitable offers that should be of interest to them, based on what they like to buy.

Our communications are designed to tell you about the benefits we can offer so that you have access to our best deals. We use the information we have about you to tailor the content and try to ensure that the offers are as relevant to you as possible. Under the Data Protection Legislation, this might qualify as profiling. If you do not wish us to use your data for this purpose please email us at dataprotection@belladinotte.com. 

Bella di Notte receive data on prospective customers from the following co-operative partners. These are currently:

Abacus Alliance – this is their privacy information link: https://www.epsilonabacus.com/get-in-touch/consumer-data-deletion-requests/

Choreograph iBehavior – this is their privacy information link: https://www.conexancemd.com/ibehavior/ibehavior-privacy-policy.html

To find new customers for our business we are a member of a co-operative of UK retail brands. We work with Choreograph a company that processes customer transactional data on behalf of each member. This process highlights spending patterns and allows us to identify suitable prospects to receive an introduction from us via the post. Thus, we send offers and information only to prospective customers that are likely to be interested in buying from us. Co-op Member brands operate in numerous categories, including apparel, home and garden, collectables, food and wine, gadgets and gifts, entertainment, health and beauty, travel and leisure. If you would like to exclude certain categories or rather your information was not included in this processing at all just email data-privacy@choreograph.com and we will ensure it is not used for the purpose above.

Experian – this is their privacy information link: https://www.experian.co.uk/privacy/consumer-information-portal/summary

Your personal data is shared with Experian Ltd for the purposes of managing a service called Club Canvasse, a home shopping and direct retailer data co-operative of which Bella Di Notte are members. By sharing information on what customers buy and pooling that with contributions from other members of the cooperative, the service allows Bella Di Notte to better understand our customers and to communicate with you more effectively. Please note, your personal information is not shared with any of the other members of the co-operative, and only aggregated data on the number and value of purchases is provided to members e.g. we will receive a report which states how many customers who have bought from us in the last 0-12mths, and who have also bought from other members of the co-operative in the last 0-12mths, or the last 24mths, last 36mths etc. To understand more please click through to Experian’s website to understand more about their marketing services.

Please note that some of the above companies may transfer data outside the EEA. The transfer will take place in the prescence of appropriate safeguards, including standard data protection clasues adopted by the EU Commission. If you would like more information please email us on dataprotection@belladinotte.com.

Automated decision making

We use automated decision making and profiling when deciding what offers you receive through our direct Marketing. We do not believe this has a significant and serious enough impact on you to require us to reconsider the results of this profiling. If you do object to any profiling of you for direct marketing purposes please email dataprotection@belladinotte.com.

What happens when things change

Whenever our privacy policy changes, we will put the date it changed at the top of this page along with the updated version number. If we make a very significant change to our privacy policy we will highlight it to our customers who are affected either by letter, by email or some other direct means. If we make moderate changes we may highlight them on the front page of our website or in some other manner. Minor changes are made from time to time and we will simply update the privacy policy and change the effective date.

How to complain or object

You may contact us in a number of ways.

Please email us at dataprotection@belladinotte.com or write to us at:

Data Protection Team
Bella di Notte Ltd
Malton Enterprise Park
6 Cherry Farm Close
Malton
YO17 6AD

Alternatively please call our customer care line on 01439 770040

Your complaint or query may initially be dealt with by a member of our customer care team but you have the right to have your issue looked at by our Data Protection team if you are still dissatisfied. In the event of any query still not being resolved it would be escalated to our Founder, Susan Johnson.

If after complaining to us you are dissatisfied with how we have handled your data you can also complain to the Information Commissioner who is the independent regulator of your privacy rights. Their details can be found atwww.ico.org.uk

Working at our company

If you send us your CV either by email or through our website we will retain it for a period of 6 months to consider you for all positions.

If you only wish to be considered for one specific vacancy and to then have your CV deleted please let us know when you apply.