FREE UK STANDARD DELIVERY & FREE RETURNS *

SECURITY & PRIVACY POLICY

Updated: 7th January 2024

Date of next review: January 2025

Privacy Notice

Bella di Notte Ltd, Malton Enterprise Park, 6 Cherry Farm Close, Malton YO17 6AD (trading as Bella di Notte) ("We", "the Company", “Bella di Notte,”) value your custom and are committed to protecting and respecting the confidentiality, integrity and security of the personal information we hold about each past or present customer, enquirer or visitor to our website ("you", "your"). 

This Privacy Notice sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed, stored and handled by us, and how we comply with our responsibilities under applicable data protection laws ("Data Protection Laws"). Please read this policy carefully and, if you have any questions or concerns, please contact us using the information below. 

Data Controller

For the purposes of the Data Protection Laws, the data controller of your personal information is Bella di Notte Ltd, Malton Enterprise Park, 6 Cherry Farm Close, Malton YO17 6AD. Bella di Notte is registered with the ICO’s Data Protection Register under number Z8589047. It is our responsibility to keep your data safe and to ensure your data is only used in accordance with relevant Data Protection Laws.

Personal Data Collection   

We only hold personal data about you which you have provided to us or to one of our authorised data processors or has been collected via social media platforms.

Categories of personal data we may collect and hold 

We may collect the following information from you:

  • Name; 
  • Contact details including billing and delivery addresses, email address and telephone numbers;
  • Purchasing histories;
  • Credit card details;
  • Social media metadata; and
  • Quiz responses

How we use your personal data

We will use the personal data which you provide to us for the following purposes:

  • Allowing us to process brochure requests and deliver sales orders;
  • Taking payments in relation to the purchase of products ad services;
  • Fulfilling our returns and replacements policies;
  • Sending you our postal catalogues, special offers, email newsletters and other products we think may be of interest to you;
  • Undertaking customer research;
  • De-duping against alternative and our own databases;
  • Preventing fraud and enhancing the security of our networks;
  • Understanding how our customers interact with our websites and personalising their repeat visits to provide you with special offers and an improved user experience;
  • Inter-acting with you on social media;
  • Determining the effectiveness of our promotional campaigns and advertising;
  • Profiling by comparing to pooled information held within the data co-operatives to understand customer buying habits;
  • Responding to queries and complaints; and
  • Fulfilling our legal and fiduciary responsibilities.

Legal basis for Processing – Legitimate Interest

In processing customer data Bella di Notte relies on the following legal bases:

  • Where it is necessary for the performance of our contract with you;
  • Where it is necessary for compliance with our legal obligations;
  • When you place and order with us we shall rely upon our contractual obligation to process your personal data;
  • We will rely on legitimate interests to send you the latest copy of our catalogue and special offers by post. You can ask us to stop sending you the catalogue and or special offers by post at any time by contacting our customer services department on 01439 770040 who will be happy to help you.
  • When you make an enquiry with us or place an order, we will add you to our email service using the soft opt in basis for product/service updates. You can decline or opt out at the time or any point in the future.

If you fail to provide personal data

Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel a service you have with us, but we will notify you at the time.

Disclosure of your personal data 

We will not disclose personal information we hold about you to any third party except as set out below.

We may disclose personal data to third parties who are providing services to us, in particular to the IT companies that support our order processing and ecommerce systems, to the mailing houses and postal services that distribute our catalogues and products, including Royal Mail, and to payment processors for the purposes of order payments and refunds. Please note we do not store your credit card details, we use encrypted tokenisation, in line with our industries best practice.

We regularly de-dupe our customer databases against the Mail Preference Service and register of deceased and gone always to ensure that our database is as accurate as it can be and that we are not mailing those customers who do not wish to be contacted.

Where we have obtained your consent, we may also share your data with data co-operatives to understand your buying habits and provide you with the opportunity to receive postal mailings from third parties which we think will be of interest to you (see below for more information).

We may also disclose personal data we hold to third parties:

(a) In the event that we sell any business or assets, in which case we may disclose personal data we hold to the prospective buyer of such business or assets; and/or

(b) If we are permitted by law to disclose your personal data to that third party or are under a legal obligation to disclose your personal data to that third party.

(c) Third party marketing partners, such as Google or Meta (which owns Facebook and Instagram) to deliver advertising to you if you are using Google or registered with one or more Meta social media platforms (see further information on Meta below). The companies we use are Google Analytics, Google Tag Manager, Bing Ads, GA Audiences and Facebook Audiences.

Website visitors who don’t want their data used by Google Analytics can install the Google Analytics opt-out browser add-on. To opt-out of Analytics for the web, visit the Google Analytics opt-out page and install the add-on for your browser. Learn more about the opt-out and how to properly install the browser add-on here.

Visitors can also opt-out of Google Analytics for Display Advertising and customize Google Display Network ads using the Ads Settings.

Data exchange and sharing: buying data, trading data, selling data

Bella di Notte share the names and addresses of our customers who may appreciate the chance to shop with other similar, reputable mail order companies. Please note we never share email addresses. Your data is only shared where you have not opted out of receiving carefully selected postal mailings from third parties and you have not opted out of direct mail via the Mail Preference Service. If you do not wish to receive postal communications from carefully selected third parties, you should update your marketing preferences using one of the ways outlined in this Policy below.

Bella di Notte has two main ways in which we share data with other retailers in exchange for data about prospective customers. The first is through data co-operatives, where a number of reputable mail order retailers share information on their customer. This improves our understanding of our customers and allows us to target our marketing to those customers who are likely to be the most responsive.

The second means is by direct exchanges of customer lists with other highly regarded mail order retailers through highly regarded data broking companies. The participating retailers and charities are active in the clothing, collectables, food & wine, gardening, gadgets & entertainment, health & beauty, household goods, home interiors and travel categories. From this information, retailers can tailor their communications, sending customers suitable offers that should be of interest to them, based on what they like to buy. This allows us to market our collection to potential new customers and grow our business.

Before sharing any customer data or before using any customer data acquired via a data co-operative, we would ensure that the data co-operative has undertaken appropriate due diligence to ensure that any data we send or receive for the purposes of marketing is compliant under the Data Protection Laws. The data co-operatives we use to share data on customers and prospective customers are:

Abacus Alliance – this is their privacy information link: https://www.epsilon.com/abacus/get-in-touch/consumer-data-deletion-requests

iBehaviour – this is their privacy information link: https://www.conexancemd.com/ibehavior/ibehavior-privacy-policy.html

Experian – this is their privacy information link: https://www.experian.co.uk/privacy/consumer-information-portal/summary

Updating your marketing preferences

We have no desire to contact those customers or enquirers who do not wish to receive marketing correspondence from ourselves or carefully selected third parties. We rely on freely given, specific, informed and unambiguous statements which signify your agreement to the processing of your personal data for marketing purposes.

If you wish to change your marketing preferences, there are various ways in which you can do this:

  • by telephone to our customer services department on 01439 770440;
  • in writing to Customer Services, Bella di Notte Ltd, Malton Enterprise Park, 6 Cherry Farm Close, Malton YO17 6AD;
  • unsubscribe from marketing email communications by following the unsubscribe instructions in each email that we send out; or
  • by email at dataprotection@belladinotte.com with the words 'Opt-out' in the subject line and your name, postcode, email address and mobile number in the body of the email.

New Customers 

Where we obtain your information from the trusted external data agencies listed above, the only data we collect is your name and address. We only use this data once and do not pass your information on to anyone else. If you have ordered from us, then you become a Bella di Notte customer and the rest of this policy applies. Please telephone us on 01439 770040 or email dataprotection@belladinotte.com if you would like to be removed from our database.

If you would like to be removed from external data agencies, please use the links above.

When we obtain the data, we screen it against the mailing preference service. If you haven't 'opted out' via the Mailing Preference Service you will still receive marketing information from external data agencies. Please contact them directly on 020 7291 3310 to be removed.

The security of your data

Bella di Notte take the security of your personal data very seriously. We have put in place what we consider to be reasonable physical, electronic, and administrative procedures to ensure the security of personal data and prevent unlawful or unauthorised processing of the personal data we hold about you, and against the accidental loss of, or damage to, such personal data.

Within our company, your personal data is accessible only to those employees who require access to perform their jobs. Bella di Notte will never contact you or send emails asking you to provide personal information online. We would strongly advise you not to respond to any such emails or websites that ask you to do so.

We use encryption and pseudonymisation to help us to keep your information secure and we take steps to protect the electronic and physical security of our data assets including keeping our servers in secured buildings and limiting access to our IT systems.

All employees at Bella di Notte undergo training in Data Protection.

When we transfer data to processors or suppliers we use encryption, secure file transfer protocol (sftp) and password protection of files to ensure that data cannot be used by anyone other than the individual who it is intended for.

Your statutory rights

You may request to see the personal information we hold about you either digitally or on file at any point by making a request in writing to us via The Company Secretary, Bella di Notte Ltd, Malton Enterprise Park, 6 Cherry Farm Close, Malton YO17 6AD. This request will be responded to within 30 working days. You will be provided with a copy of the personal information we hold about you. If we require more time to respond fully to any request, we will notify you in writing within the 30-day period referred to. Any additional copies of any information we provide to you may be subject to a reasonable fee.

You also have other rights under Data Protection Laws in relation to your personal data. In particular, you may have (i) the right to request that we rectify or erase information we hold about you in certain circumstances, (ii) the right to ask us to limit our processing of your information, (iii) the right (if we are processing information based on your consent, such as for marketing purposes) to withdraw your consent, (iv) the right to object to certain processing of your information (including the right to object to processing of your personal data for direct marketing purposes at any time), (v) the right to ask us to move, copy or transfer your personal information to another organisation.

If you wish to exercise any of these rights, please contact us via the Company Secretary at Bella di Notte Ltd Malton Enterprise Park, 6 Cherry Farm Close, Malton YO17 6AD or contact us via email at dataprotection@belladinotte.com.

How long we keep your data

We are committed to ensuring that we do not retain personal data for any longer than is necessary for the purposes for which it was obtained. We retain your data to store your marketing preferences in the event that your account is re-activated if you respond to an marketing piece or to ensure that we don’t include your account as part of any recruitment mailing. Credit card tokens are held until expiry of the credit card.

We will retain enough information to show that someone worked for us, or the reasons for their dismissal.

You can update your marketing preferences at any time by using one of the methods outlined above.

Consent

Bella di Notte, as data controller, has made a policy decision not to rely on previous consent for our processing activities and not to use it in preference to other lawful bases that we feel are more appropriate.

Where Bella di Notte do ask for your consent this will be clear and will request an affirmative action from you such as completing a document or ticking a box.

If you choose to give Bella di Notte your consent, we will provide you with an easy means of opt out at all times.

Bella di Notte follow the guidance issued by the Information Commissioner's Office on the subject of consent. This means that where we use an opt out mechanism, this is our way of allowing you to object to processing that we perform because we believe it is in our legitimate interests. The opt out mechanism is a means of giving you control but we understand that it does not indicate consent.

Bella di Notte will always respect any opt out that you choose to exercise and will never seek to over-ride it using our legitimate interests.

Transferring personal data outside the EEA

Except if appropriate safeguards are in place that are in accordance with applicable law (including Articles 44 to 50 of the EU General Data Protection Regulation 2016/679), we will not transfer any personal data to a country outside of the European Economic Area ("EEA") or to a person based outside the EEA. Such safeguards may include us or one of our data processors entering into EU Standard Contractual Clauses (or their equivalent in the UK) with a third party outside the EEA to whom personal information is being transferred. Further information about the safeguards we may apply can be obtained by contacting the Company Secretary at Bella di Notte Ltd, Malton Enterprise Park, 6 Cherry Farm Close, Malton YO17 6AD or contact us via email at dataprotection@belladinotte.com.

Those customers living overseas should note that postal address information will be shared with the postal services to allow catalogues and parcels to be delivered.

Third Party Links

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

Automated decision making

We use automated decision making and profiling when deciding what offers you receive through our direct Marketing. We do not believe this has a significant and serious enough impact on you to require us to reconsider the results of this profiling. If you do object to any profiling of you for direct marketing purposes please email dataprotection@belladinotte.com.

What happens when this Privacy Notice changes

Whenever our privacy policy changes, we will put the date it changed at the top of this page. If we make a very significant change to our privacy policy we will highlight it to our customers who are affected either by letter, by email or some other direct means. If we make moderate changes, we may highlight them on the front page of our website or in some other manner. Minor changes are made from time to time and we will simply update the privacy policy and change the effective date. Please refer to this page regularly to see any changes or updates to this policy.

How to complain or object

Please call our customer care line on 01439 770040, email us at dataprotection@belladinotte.com or write to us at Data Protection Team,
Bella di Notte Ltd, Malton Enterprise Park,  6 Cherry Farm Close, Malton, YO17 6AD.

Your complaint or query may initially be dealt with by a member of our customer care team but you have the right to have your issue looked at by our Data Protection team if you are still dissatisfied. In the event of any query still not being resolved to your satisfaction it would initially be escalated to our Company Secretary Pam Murray.

If after complaining to us you are dissatisfied with how we have handled your data you can also complain to the Information Commissioner who is the independent regulator of your privacy rights. Their details can be found atwww.ico.org.uk

Human resources

At Bella di Notte we also process data in our HR department. This includes managing our employees and fulfilling our legal obligations to those employees. We also process data for the purposes of recruiting interested applicants for job vacancies. If you send us your CV either by email or through our website or one of the job platforms, we will retain it for a period of 6 months to consider you for all positions.

If you only wish to be considered for one specific vacancy and to then have your CV deleted please let us know when you apply.

Day to day Bella di Notte business activities

As with many businesses, we need to process personal data (including CCTV images) for our day-to-day business purposes, including the general security of our premises and other purposes within the business.