Here at Bella di Notte we value your custom and we take the security of your personal data very seriously.
This Privacy Notice explains in detail the types of personal data we may collect about you when you interact with us. It also explains how we’ll store and handle that data, and keep it safe.
Bella di Notte is the data controller. It is our responsibility to keep your data safe and we must ensure your data is only used in accordance with relevant data protection and privay laws including GDPR.
We know that there’s a lot of information here, but we want you to be fully informed about your rights, and how and why Bella di Notte uses your data; for example we’ll tell you who we share your information with, why, and on what legal basis.
We hope the following sections will answer any questions you have but if not, please do get in touch with us via email at email@example.com, or write to us at our head office, Bella di Notte, Malton Enterprise Park, 6 Cherry Farm Close, Malton YO17 6AD
Within this policy is a section called ‘How to object or complain’, If you are unhappy about the way we manage your data, it is your right as an individual to complain to the Information Commissioner, who is the privacy regulator for the UK. Contact details for the Information Commissioner (ICO) are detailed under this section, along with all our contact details.
Bella di Notte is registered with the ICO’s Data Protection Register under number Z8589047.
Version 2. 21st May 2020
How we use your data
When you place an order with us over the telephone, on our website, or via the post. Bella di Notte collect your personal data to fulfil your order.
When we say ‘data’, we mean your name, address, a telephone contact number, and an email address. These details are collected so we can keep you updated about the progress of your order.
The data we collect also includes taking your payment details and processing them so you can pay for your order. We do not store your card details, we use encrypted tokenisation, which is inline with our industries best practice.
We may send you details of other Bella di Notte products that we think will be of interest to you. We do this by post or by email.
Bella di Notte process your personal data. We do this by profiling the data you give us and data we obtain from other sources. This is part of our standard marketing processes and helps us to keep our Marketing costs as efficient as possible. We hope our emails and catalogues will be of interest to you and that through sending you such offers, we will invite you to shop with us.
When Bella di Notte ask for your email address during a sale transaction, Bella di Notte may use your email address to send you special offers and information related to our own products.
If you do not want us to use your email address to contact you with marketing emails, please email firstname.lastname@example.org with the words 'Opt-out' in the subject line and your name, postcode, email address and mobile number in the body of the email. You can do this at any time.
We also encourage new customers to shop with us by sending them direct marketing through the post.
Bella di Notte process details of how you browse our websites and use this information to target advertising when you browse the internet or through emails. We are proud of our company and our products and we do this to ensure that our company grows. The companies we use are:
- Google Analytics
- Google Tag Manager
- Bing Ads
- GA Audiences
- Facebook Audiences
Website visitors who don’t want their data used by Google Analytics can install the Google Analytics opt-out browser add-on. To opt-out of Analytics for the web, visit the Google Analytics opt-out page and install the add-on for your browser. Learn more about the opt-out and how to properly install the browser add-on here.
Visitors can also opt-out of Google Analytics for Display Advertising and customize Google Display Network ads using the Ads Settings.
Further changes to this will be communicated by updating this notice. Please also see our updated Cookies policy. Back to FAQ's
Data exchange: buying data, trading data, selling data
Bella di Notte share the names and addresses of our customers who may appreciate the chance to shop with other similar, reputable mail order companies. Please note we never share email addresses.
We put customer name and address data in co-operative data pools. Occasionally we purchase databases or lists of people, including their postal addresses and phone numbers from highly regarded data broking companies so we can market our collection to potential new customers; this enables us to grow our business.
As an established mail order retailer, we are keen to continue trading within a prosperous mail order industry. Sharing our data helps us to support and grow the mail order industry.
At Bella di Notte we also process data in our HR department. This includes managing our employees and fulfilling our legal obligations to those employees. We also process data for the purposes of recruiting interested applicants for job vacancies.
Day to day Bella di Notte business activities
As with many businesses, we need to process personal data (including CCTV images) for our day to day business purposes, including the general security of our premises and other purposes within the business. Back to FAQ's
Data we need to collect
Bella di Notte need to collect data including your name, contact details and delivery details so we can fulfil our contract with you and send you your order.
We also need to collect information about your payment method and the bank details that go with it.
For Bella di Notte’s legitimate interests in running our business, we may also collect your contact details from high reputable organisations who sell and/or rent data for marketing purposes. You can opt out of this sharing at any time by emailing email@example.com.
We also use data about your browsing on our website to help us personalise your browsing experience and to provide you with relevant offers.
For your peace of mind, we monitor calls to our customer care department to help ensure we continue to provide you with the high levels of service you expect.
The security of your data
Bella di Notte take the security of your personal data very seriously. We have put in place reasonable physical, electronic, and administrative procedures to ensure the security of personal data.
Within our company, your personal data is accessible only to those employees who require access to perform their jobs.
Bella di Notte will never contact you or send emails asking you to provide personal information online. We would strongly advise you not to respond to any such emails or websites that ask you to do so.
We use encryption and pseudonymisation to help us to keep your information secure and we take steps to protect the electronic and physical security of our data assets including keeping our servers in secured buildings and limiting access to our IT systems.
All employees at Bella di Notte undergo training in Data Protection.
When we transfer data to processors or suppliers we use encryption, secure file transfer protocol (sftp) and password protection of files to ensure that data cannot be used by anyone other than the individual who it is intended for.
To enable our contractors, service providers and employees to carry out their processes such as delivering your parcel, we need to pass on information about you. For example, a key partner is Royal Mail, who need your address so they can deliver your parcel.
Bella di Notte have two main ways in which we share data with other retailers in exchange for data about prospective customers. The first is through data co-operatives, where a number of reputable retailers share information on their customer. This improves our understanding of our customers and enable us to exchange details. The second means is by direct exchanges of customer lists with other highly regarded mail order retailers. The participating retailers are active in the clothing, collectables, food & wine, gardening, gadgets & entertainment, health & beauty, household goods, and home interiors categories.
The data co-operatives we use to share data on customers and prospective customers are:
Abacus Alliance – this is their opt-out: https://www.epsilon.com/abacus/get-in-touch/consumer-data-deletion-requests
iBehaviour – this is their opt-out: https://www.kbmg.com/about-us/ccpa-privacy-policy/#optout
Experian – this is their opt-out: https://www.experianmarketingservices.digital/OptOut
In the event of our business being sold, your data will be transferred to the purchaser of the business.
We obtain your information from trusted external data agencies, such as Ibehaviour, Experian and Abacus. The data we collect is your name and address.
We only use this data once and do not pass your information on to anyone else. Please phone or email if you would like to be removed from our database.
If you would like to be removed from external data agencies, please click the links above.
When we obtain the data, we screen it against the mailing prefence service. If you haven't 'opted out' via the mailing prefence service you will still recieve marketing information from external data agencies.
Please contact them directly to be removed.
Your statutory rights
Under the new GDPR laws effective 25 May 2018, you are entitled to:
- request to see a copy of the information we hold about you;
- ask us to correct any information we hold that is incorrect;
- ask us to delete some of your data;
- have certain data given to you in a portable (electronic) format;
- object to how we process your data;
- ask us to not to process your data in certain circumstances.
To exercise any of these rights please contact us via email at firstname.lastname@example.org.
The Right to Access allows you to get confirmation of whether we have any information about you. You can request a copy of this information, and you are entitled to understand why we have it, what we use it for and where we got it from.
The Right to Portability gives you the right to get some of your information in an easily machine readable format. This right is only applicable where the data is used for the performance of a contract or relies on your consent and is data that you provided to us. For Bella di Notte that means we will give you a machine readable copy of your transaction data (ie the items you ordered and payments you made) and any device fingerprinting data we have that we collected based on your consent.
The Right to Rectification – this means that Bella di Notte are responsible for correcting any inaccurate data we hold on you. If we should disagree that the data is inaccurate you can ask to have an explanation attached to the data.
The Right to be Erasure (Right to be forgotten) means that we must delete data on you if the reason we collected it is no longer valid, if we asked for your consent and you chose to withdraw it, if we do not have a sufficiently strong legitimate interest to use it and you object, if we have used it unlawfully or if we are required to forget you by law.
This information is processed as part of our contract with you and we are required to keep this data for seven years. Please note if you request this, Bella di Notte will also keep a record of your request for erasure, and if you ask us not to contact you for marketing purposes we keep a copy of your details to make sure we do not send you marketing in future. This is known as a suppression list.
The Right to Restriction means that we won't process your data at all (apart from storing it) while we verify its accuracy, establish whether our processing is lawful or where we don't need the data but you want us to keep it for establishing legal claims. If you ask us to assess whether our processing is within our legitimate interests, necessary and does not override your legitimate interests we have to restrict processing of your data. Bella di Notte will tell you before we start to use it again.
The Right to Object applies whenever we process data in our legitimate interests. You have the right to ask us to consider any objection you have to the way we process your data and if we cannot show a compelling reason to continue we have to stop. This right also gives you the ability to tell us not to send you any direct marketing at any time by emailing email@example.com. This is an absolute right that Bella di Notte are committed to respecting.
How long we keep your data for
Bella di Notte will retain data on your purchase history with us for five years. If you have not purchased from us in five years we will delete your personal data.
We store the data that we collect about your browsing habits for four years, although we may store anonymised data for longer to analyse trends.
We will retain enough information to show that someone worked for us, or the reasons for their dismissal.
Our lawful bases for using your data
We collect your personal data to fulfil the orders you make with us for products and services.
Data exchange: buying data, trading data, selling data
As an employer of staff we process personal data for the fulfilment of a contract with our employees or with the recruitment or employment agency that we commission to provide us with staff. For prospective employees we process personal data to enable us take steps preparatory to entering into a contract.
Our general business activities are largely performed by relying on our legitimate interest to trade and to undertake commercial activity.
For marketing we send to you by email we rely on our legitimate interests using the soft opt in provisions of the Privacy and Electronic Communications Regulations.
Bella di Notte, as data controller, has made a policy decision not to rely on previous consent for our processing activities and not to use it in preference to other lawful bases that we feel are more appropriate.
Where Bella di Notte do ask for your consent this will be clear and will request an affirmative action from you such as completing a document or ticking a box.
If you choose to give Bella di Notte your consent, we will provide you with an easy means of opt out at all times.
Bella di Notte follow the guidance issued by the Information Commissioner's Office on the subject of consent. This means that where we use an opt out mechanism, this is our way of allowing you to object to processing that we perform because we believe it is in our legitimate interests. The opt out mechanism is a means of giving you control but we understand that it does not indicate consent.
Bella di Notte will always respect any opt out that you choose to exercise and will never seek to over-ride it using our legitimate interests.
Who we get personal data from
We partner with companies who work on behalf of UK retailers who share information about their customers and what they buy. The participating retailers are active in the clothing, collectables, food & wine, gardening, gadgets & entertainment, health & beauty, household goods and home interiors. The companies below process the information as a processor on behalf of these retailers to help them understand consumers' wider buying patterns. From this information, retalers can tailor their communications, sending individuals suitable offers that should be of interest to them, based on what they like to buy.
Our communications are designed to tell you about the benefits we can offer so that you have access to our best deals. We use the information we have about you to tailor the content and try to ensure that the offers are as relevant to you as possible. Under the Data Protection Legislation, this might qualify as profiling. If you do not wish us to use your data for this purpose please email us at firstname.lastname@example.org.
Bella di Notte receive data on prospective customers from the following co-operative partners. These are currently:
Abacus Alliance – this is their opt-out: https://www.epsilonabacus.com/get-in-touch/consumer-data-deletion-requests/
iBehaviour – this is their opt-out: https://www.i-behavior.com/cooperative-marketing/opt-out-policy/
Experian – this is their opt-out: http://www.experian.co.uk/marketing-services/consumer-information-portal/data-subject-rights/
Please note that some of the above companies may transfer data outside the EEA. The transfer will take place in the prescence of appropriate safeguards, including standard data protection clasues adopted by the EU Commission. If you would like more information please email us on email@example.com.
We use automated decision making and profiling when deciding what offers you receive through our direct Marketing. We do not believe this has a significant and serious enough impact on you to require us to reconsider the results of this profiling. If you do object to any profiling of you for direct marketing purposes please email firstname.lastname@example.org.
What happens when things change
If we make moderate changes we may highlight them on the front page of our website or in some other manner.
How to complain or object
You may contact us in a number of ways.
Please email us at email@example.com or write to us at:
Data Protection Team
Bella di Notte Ltd
Malton Enterprise Park
6 Cherry Farm Close
Alternatively please call our customer care line on 01439 770040
Your complaint or query may initially be dealt with by a member of our customer care team but you have the right to have your issue looked at by our Data Protection team if you are still dissatisfied. In the event of any query still not being resolved it would be escalated to our Founder, Susan Johnson.
If after complaining to us you are dissatisfied with how we have handled your data you can also complain to the Information Commissioner who is the independent regulator of your privacy rights. Their details can be found at www.ico.org.uk.
Working at our company
If you send us your CV either by email or through our website we will retain it for a period of 6 months to consider you for all positions.
If you only wish to be considered for one specific vacancy and to then have your CV deleted please let us know when you apply.
Please visit www.belladinotte.com for our current vacancies.