Privacy & Data Protection
Virtual Little Bee Ltd is committed to protecting and respecting your privacy and the safety of your personal data.
We value your trust and as such are committed to ensuring that your privacy is protected at all times. Our website features a valid SSL certificate, meaning that all information sent via our enquiry forms is private and secure.
Virtual Little Bee Ltd is a ‘data controller’ under the General Data Protection Regulation and Data Protection Act 2018 and is registered with the Information Commissioners Office, registration number
This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. This privacy statement only applies to the Virtual Little Bee Ltd website (www.virtuallittlebee.co.uk) and not to any third party sites for which links may be provided on this website.
It explains how we comply with the GDPR (General Data Protection Regulation), the DPA (Data Protection Act) [pre GDPR enforcement] and the PECR (Privacy and Electronic Communications Regulations).
We may collect and process the following categories of personal data about you:
- Identity Data may include your first name, maiden name, last name, username, marital status, title, date of birth and gender
- Contact Data may include your billing address, delivery address, email address and telephone numbers.
- Financial Data may include your bank account and payment card details.
- Transaction Data may include details about payments between us and other details of purchases made by you.
- Technical Data may include your login data, internet protocol addresses, browser type and version, browser plug-in types and versions, time zone setting and location, operating system and platform and other technology on the devices you use to access this site.
- Profile Data may include your username and password, purchases or orders, your interests, preferences, feedback and survey responses.
- Usage Data may include information about how you use our website, products and services.
- Marketing and Communications Data may include your preferences in receiving marketing communications from us and our third parties and your communication preferences.
We may also process Aggregated Data from your personal data but this data does not reveal your identity and as such in itself is not personal data. An example of this is where we review your Usage Data to work out the percentage of website users using a specific feature of our site. If we link the Aggregated Data with your personal data so that you can be identified from it, then it is treated as personal data.
Our lawful ground of processing your personal data to send you marketing communications is either your consent or our legitimate interests (namely to grow our business).
Under the Privacy and Electronic Communications Regulations, we may send you marketing communications from us if (i) you made a purchase or asked for information from us about our goods or services or (ii) you agreed to receive marketing communications and in each case you have not opted out of receiving such communications since. Under these regulations, if you are a limited company, we may send you marketing emails without your consent. However you can still opt out of receiving marketing emails from us at any time.
Before we share your personal data with any third party for their own marketing purposes we will get your express consent.
You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you.
If you opt out of receiving marketing communications this opt-out does not apply to personal data provided as a result of other transactions, such as purchases, warranty registrations etc.
We do not collect any Sensitive Data about you. Sensitive data refers to data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. We do not collect any information about criminal convictions and offences.
YOUR DATA PROTECTION RIGHTS UNDER THE GENERAL DATA PROTECTION REGULATION (GDPR)
If you are a resident of the EEA, you have the following data protection rights:
You have the following rights under GDPR:
• Request access to your personal data
• Request correction of your personal data.
• Request erasure of your personal data.
• Object to processing of your personal data
• Request restriction of processing your personal data.
• Request transfer of your personal data.
• Withdraw consent.
In addition, you can object to the processing of your personal information, ask us to restrict the processing of your personal information, or request portability of your personal information.
You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing emails we send you. To opt-out of other forms of marketing, please contact us by emailing email@example.com
Similarly, if we have collected and process your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.
If you are not happy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We should be grateful if you would contact us first if you do have a complaint so that we can try to resolve it for you.
Disclosure of your personal information
We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so. We may use your personal information to send you promotional information about third parties which we think you may find interesting if you tell us that you wish this to happen.
We do not knowingly collect personally identifiable information from children under the age of 13, nor do we knowingly distribute such information. If we become aware that we have inadvertently received personally identifiable information from someone under the age of 13, we will delete such information from our records. If we change our practices in the future, we will obtain prior, verifiable parental consent before collecting any personally identifiable information from children under the age of 13.
TRANSFERS OUT OF EEA
Countries outside of the European Economic Area (EEA) do not always offer the same levels of protection to your personal data, so European law has prohibited transfers of personal data outside of the EEA unless the transfer meets certain criteria.
We do not transfer your personal data outside the European Economic Area (EEA).
Whenever we transfer your personal data out of the EEA, we do our best to ensure a similar degree of security of data by ensuring at least one of the following safeguards is in place:
- we will only transfer your personal data to countries that the European Commission have approved as providing an adequate level of protection for personal data by; or
- where we use certain service providers, we may use specific contracts or codes of conduct or certification mechanisms approved by the European Commission which give personal data the same protection it has in Europe; or
- if we use US-based providers that are part of EU-US Privacy Shield, we may transfer data to them, as they have equivalent safeguards in place.
- If none of the above safeguards are available, we may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.
We have put in place security measures to prevent your personal data from being accidentally lost, used, altered, disclosed, or accessed without authorisation. We also allow access to your personal data only to those employees and partners who have a business need to know such data. They will only process your personal data on our instructions and they must keep it confidential.
We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach if we are legally required to.
We use computer safeguards such as firewalls and data encryption, and we enforce physical access controls to our buildings and files to keep this data safe. We only authorise access to employees who need it to carry out their job responsibilities.
We are committed to ensuring that your Data is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure Data collected online.
Our website provider Easy Internet Solutions Ltd are GPDR Complaint and our website is SSL certified, meaning that any personal data you send via any of our contact forms will be encrypted and secure.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
When deciding what the correct time is to keep the data for we look at its amount, nature and sensitivity, potential risk of harm from unauthorised use or disclosure, the processing purposes, if these can be achieved by other means and legal requirements.
For tax purposes the law requires us to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they stop being customers.
In some circumstances we may anonymise your personal data for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
We do employ the use of third-party services for certain procedures. The providers of such services do have access to certain personal Data provided by Users of this Web Site. All Data used by such parties is used only to the extent required by them to perform the services that Virtual Little Bee Ltd requests. Any use for other purposes is strictly prohibited. Furthermore, any Data that is processed by third parties must be processed within the terms of this Policy and in accordance with the EU General Data Protection Regulation (GDPR).
A full list of these can be found below:
QuickBooks - payment handling
Wave - payment handling
Dropbox - client file storage
One Drive - client file storage
Google - client file storage/password storage/analytics/email management
Asana - to aid delivery of purchased services
Canva - marketing
Apple Mail - email management
Easy Internet Solutions Ltd - website management
MailChimp - email management
Facebook - marketing
Instagram - marketing
Twitter - marketing
If the information we hold about you is inaccurate, please let us know and we will make the necessary amendments and confirm that these have been made. If any of your information changes, it is your responsibility to notify us about the change as soon as possible.
In addition, if you wish to access, correct, update, or request deletion of your personal info, please contact us by sending an email to the Data Protection Officer:-
Our Data Protection Officer’s contact details are: firstname.lastname@example.org telephone 07843 425406