We are YOURBIGDAY Ltd, a company registered in England and Wales (number 10259459) and registered office address at York House, 1, Seagrave Road, London, SW6 1RP ("YOURBIGDAY"). When we refer to "we", "us" or "our" in this policy we mean YOURBIGDAY, on behalf of us and our Group.
We are registered as a data controller with the Information Commissioner’s Office ("ICO"), the supervisory authority in the UK for personal data compliance, with registration number ZA258807.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Links to external sites
Our Site may contain links to external sites. When you follow a link to an external site, please note that you are leaving our Site and are subject to the privacy and security policies of the owners/sponsors of the external site. YOURBIGDAY cannot control or guarantee the accuracy, relevance, timeliness, or completeness of information contained in a linked external site. We also do not endorse the organisations or individuals maintaining sites that we link, any views they express, or any products/services they offer.
Our commitment to you
YOURBIGDAY is committed to protecting your personal data. We will at all times comply with our obligations as a data controller under the Data Protection Laws. In this policy, when we refer to the "Data Protection Laws" we mean all laws, regulations and guidance that apply in the UK regarding personal data and which include the Data Protection Act 2018 and the EU General Data Protection Regulation ("GDPR") and any laws replacing or amending these.
- collect and use only personal data that is relevant and for valid, legal purposes, and no more than the minimum necessary to fulfil those purposes;
- ensure that your personal data is used lawfully, fairly and in a transparent way; and provide you with information about how we collect and use your data;
- help you to exercise your legal rights regarding your personal data;
- ensure your personal data is accurate and up to date; and is kept securely and protected from being unlawfully disclosed or processed; and
- keep your personal data only for as long as we need to.
If you have any questions about this policy, please contact us. Our contact details are set out at the end of this policy at the Contacting Us section.
What is personal data? Personal data means any information that can be used to identify you, such as your name or address.
Personal data we collect about you
Personal data you give to us. This is information about you that you give us when you access our Site to place an order or when you correspond with us by phone, e-mail or otherwise. We may collect some or all of the following personal data:
- name, date of birth, age and sex;
- photographs and personalised messages (if you provide these as part of your order);
- billing address, e-mail address and phone numbers;
- payment details (usually debit or credit card information);
- details of payments made or requested and data around the products you order;
- correspondence and communications with and from YOURBIGDAY;
- your preferences around receiving marketing communications from us;
- IP address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our Site; and
- information about usage and browsing and online activities of visitors to, from and within our Site.
You may need to provide personal data about another person to allow us to deliver an order you purchase to the recipient, such as their name and email address for delivery. We will not use that information for anything other than to provide the product which you order. If you provide photographs for an order you wish to purchase, we assume that you have obtained the consent of each of the individuals whose images are included in the photographs.
IF YOU FAIL TO PROVIDE INFORMATION, where we need it to comply with law or to fulfil an order you have placed, we may not be able to provide you with the product(s) requested. In this case, we may have to cancel the order you have placed or are trying to place with us – where that is the case, we will notify you at the time.
Personal data we receive from other sources
We may receive information about you from third parties who have your consent to pass your details to us. We will notify you when we receive information about you from them and the purposes for which we intend to use that information.
How we will use your personal data
We will only use your personal data where we are permitted to do so by law and have a lawful basis to use it. Generally, we will use your personal data for the following lawful bases:
- to perform our contract with you. We use the personal data you provide when you place an order on our Site and agree to our Terms and Conditions to provide you and your recipient with the product you have ordered or wish to order; to process payments (through our third party payment service provider, Stripe), to contact you regarding any changes or queries concerning your order, and to provide customer services
- where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override such interests. This includes processing your personal data to enhance our customers’ experience and improve our product offering, such as by analysing personal data we collect from you and combining it with data held by third parties, in order to discern our customers’ interests, demography and other information; or
- where we need it to comply with a legal obligation. This includes where we need to disclose personal data for the prevention and investigation of fraud and other crimes, to comply with an investigation or direction from a regulator or the ICO (or other supervisory authority), or as part of a court action.
Marketing and Advertising
We strive to enable you to have choices around marketing and advertising. We will use your contact and other personal data to provide you with information about products and services which we think will be of interest to you if you have consented to receive marketing communications from us by opting in to receiving marketing through our Site. We will not send you marketing communications without your consent.
We will ask you for your express consent before we share your personal data with any third party for marketing purposes, and we do not sell, rent, exchange, or otherwise disclose your personal data to persons or organisations outside YOURBIGDAY.
You may unsubscribe at any time from email marketing communications via a link at the bottom of each email message, or by contacting us at email@example.com.
Where you opt out of receiving marketing messages, this opt-out will not apply to any personal data provided to us as a result of an existing or previous purchase or order you have requested from us.
Change of Purpose
We will only use your personal data for the purposes for which we collected it, as set out in this policy, unless we reasonably consider that we need it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for a new, unrelated, purpose, we will notify you.
Disclosure of your personal data
If you place an order with YOURBIGDAY, details of your payment will be processed by our third party service provider, Stripe, by secure means using rigorous security and authentication measures, and for the purpose only of receiving and processing your payment.
We may also share your personal data with other selected third parties including:
- our business partners, suppliers, consultants, agents, legal and professional advisers, service providers and sub-contractors where this is necessary for performance of a contract;
- advertisers and advertising networks that require the data to select and serve relevant adverts to you and others; and
- analytics and search engine providers that assist us in the improvement and optimisation of the site.
We require all our sub-contractors, service providers and other third parties with whom we share personal data to respect the security of your personal data and to treat it in accordance with the Data Protection Laws. We do not allow our third party service providers and suppliers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
We will not share your personal data with any other parties without your consent except in the following circumstances:
- in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;
- if YOURBIGDAY or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets; or
- if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Terms and Conditions; or to protect the rights, property, or safety of YOURBIGDAY, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
Keeping your personal data secure
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, or from being unlawfully altered or disclosed.
We limit access to your personal data only to those of our partners, advisers, consultants, service providers and sub-contractors and other third parties (as described above) who have a business need to know. They will only process personal data on our instructions, and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and the supervisory authority of a breach where we are required to do so under the Data Protection Laws.
International transfers of personal data
We use a cloud service for storage of data which means that your personal data may be transferred to, and stored at, a destination outside the European Economic Area ("EEA").
Your personal data may also, where required, be processed by third parties operating outside the EEA who work for one of our sub-contractors, consultants or service providers. This is in order to support with the fulfilment of your order, the processing of your payment details and the provision of support services for the day to day running of the site. We require all our support providers to ensure equal protection for your personal data.
If we need to transfer your personal data outside the EEA, we will implement safeguards to ensure that your personal data will have the same level of protection.
We will hold your data for only as long as is necessary for the purpose for which it is collected and for no longer than the period permitted by law and to meet all legal requirements. Once we no longer require to store your personal data, it will be deleted in accordance with law.
To determine the appropriate retention period we consider the amount, nature and sensitivity of the personal data, the possible risk of harm, the purposes for which we are processing your data and whether we can achieve those purposes through other means, and all other requirements, such as tax, accounting and prevention of fraud, with which we must comply by law or regulation or other order. We also retain certain records for a period after your relationship with us ends in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect of our relationship with you. Please contact us if you have a query about storage of your personal data.
In some circumstances you can ask us to delete your data – as described in the Your personal data rights section below.
Your personal data rights
Under the Data Protection Laws, you have rights in relation to your personal data. The law allows you to:
- request access and to receive a copy of your personal data (known as a "data subject access request") and receive information about processing of your data;
- request correction of personal data we hold about you if it is inaccurate, out of date or incomplete;
- request erasure of your personal data if you have reason to believe it is being processed unlawfully or we have no good reason for continuing to hold it;
- object to processing of your personal data where we are relying on a legitimate interest and you feel that the processing is harmful to your fundamental rights and freedoms;
- request restriction of processing if you want to ask us to suspend processing your personal data, for example where you wish to check the accuracy of our records or to verify whether we have lawful grounds to process it where we rely on legitimate interests;
- request a transfer of your personal data to you or a third party; or
- withdraw consent to processing of your personal data, which applies only where we have asked for your consent to your personal data being used for marketing communications.
We strive to meet all requests free of charge and aim to provide a written response within one month of receiving your request. Occasionally it may take longer if your request is complex or where we need further information from you – we will notify you if this is the case. We reserve the right to charge for requests that are unfounded, excessive or repetitive. Alternatively, we may refuse an unreasonable request.
If you contact us with a request, we may need to request information from you to verify your identity and your right to access personal data (or exercise other legal rights). We are obliged to do this to ensure that personal data is not disclosed to anyone who is not authorised to receive it. We may also need to ask you for further information relating to your request.
Please note that we may not be able to comply with certain requests where specific legal reasons apply, which we will notify to you in our written response.
To make a request or to discuss any of your personal data rights, please contact us by email at firstname.lastname@example.org.
You have a right to complain about your personal data to the ICO (www.ico.org.uk).
Alternatively, you can write to us by post to YOURBIGDAY Limited, York House, 1 Seagrove Road, London SW6 1RP.
Cookies on our site
What is a 'cookie'?
A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer or mobile device if you agree. Cookies contain information that is transferred to your computer's hard drive.
Strictly necessary cookies: these are cookies that are required for the operation of our Site. They include, for example, cookies that enable you to log into secure areas of our site, make an online purchases or make use of e-billing services.
Analytical/performance cookies: which allow us to recognise and count the number of visitors and to see how visitors move around our Site. This helps us to improve the way our Site works, for example, by ensuring that users are finding what they are looking for easily.
Functionality cookies: these are used to recognise you when you return to our Site, and enable us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
Targeting cookies: these cookies record your visit to our Site, the pages you have visited and the links you have followed. We will use this information to make our Site and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.
Third Party Cookies:
- cookies from integrations with Stripe (https://stripe.com/cookies-policy/legal) for processing payments.
- cookies used by Google Analytics (https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage?hl=en-GB) for performing site analysis and
- cookies used by Facebook (https://en-gb.facebook.com/policies/cookies/) for signing in and retargeting visitors with marketing.
You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site.
Except for essential cookies, all YOURBIGDAY cookies will expire after you end your session or close your browser. Please see third party cookie policies for details on third party cookie expiry periods.
Where you are signed up as an email subscriber, messages sent from YOURBIGDAY to you may include a tracking pixel which is used to provide basic aggregate analytics such as the percentage of recipients who opened an email or clicked on a link in an email, and the number of times an email was forwarded or printed. Our email analytics providers also offer the capability to view some data, such as whether a mass email was opened, at an individual level for 30 days after an email was sent; as a matter of policy and practice this data is only viewed on an aggregate basis.
YOURBIGDAY uses cross-device remarketing from Google Display Network and DoubleClick Bid Manager to help us reach our web visitors across devices, apps, and sites.