Pure Herba is committed to respecting and protecting your privacy. We comply with the UK GDPR as well as the Data Protection Act 2018.
In this notice, we will tell you in detail how we use and share your personal information and explain your rights regarding how we use your personal information.
Who we are
Our website address is: https://pureherba.com.
Pure Herba is a luxury cosmetics, perfumes and department store with its headquarters in Lichfield, UK. Pure Herba Limited controls the collection and processing of any personal data that you provide to us in relation to this website.
You can also contact us by email at info@pureherba.com or our contact page if you have an enquiry or question.
What personal data we collect and why we collect it
“Personal data” is any information that relates to you and that identifies you either directly from that information or indirectly, by reference to other information that we have access to. The personal data that we collect, and how we collect it, depends upon how you interact with us. Categories of personal data that we collect include:
Contact information such as name, email address and telephone number;
Marketing, communication preferences and related information such as feedback and survey responses;
Billing and financial information such as billing address, bank account and payment information; and Personal data we collect from you.
We collect personal data directly from you as follows:
When you sign up to receive news services, we will ask you provide your contact and other relevant information, as well as your communication preferences; and
When you use our website or one of our online services, we collect information about your visit and how you interact with our website.
If you provide information to us about another person, you must ensure that you comply with any legal obligations that may apply to your provision of the information to us, and to allow us, where necessary, to share that information with our service providers.
Customer Information
If you make a purchase through our store and become a customer, we will store your information including name, email address, phone number and address.
All payment information is stored by our payment processor (Stripe) so we will never see or handle this data.
Reviews
If you leave a review we will store your name and the content of your review.
Comments
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.
Media
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Contact forms
This website uses contact forms so you can contact us via email. You must give consent for us to store any information you send us before submitting the form. Our forms are protected with Google ReCaptcha. We will store the content of the submitted form until it is no longer relevant.
Cookies
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Our store also uses cookies so we can keep your products in your cart while you continue shopping.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
Analytics
This website uses Google Analytics so we can improve our website and provide better resources based on performance and user behavior on our website. This does not store any personal or identifying data as each connection is anonymous.
Information we collect from third parties
Most of the personal data that we collect about you will be information that you provide to us voluntarily. In some circumstances we may also receive information from:
regulatory bodies;
credit reference agencies; and
other companies providing services to us.
Some of these third-party sources may include publicly available sources of information.
We will also receive information about you from Google Analytics, a web analytics service provided by Google, Inc. (“Google”) whose servers are in the United States of America. Google Analytics uses cookies to help us analyse how users use our site.
Data we collect automatically
When you visit our website, we automatically collect, store and use technical information about your equipment and interaction with our website. This information is sent from your computer to us using a variety of cookies.
Read more about our use of cookies and how to disable them.
How we use your personal data
We will only use your personal data fairly and where we have a lawful reason to do so.
We are allowed to use your personal data if we have your consent or another legally permitted reason applies. These include to fulfil a contract with you, when we have a legal duty to comply with, or when it is in our legitimate business interest to use your personal data. We can only rely on our legitimate business interest, if it is fair and reasonable to do so.
Our use of your personal data depends on how and where you interact with us.
Please contact us if you have any questions about how we collect and use your personal data.
Sharing and transferring your data
We treat your personal data with respect and do not share it with third parties except as described below.
We may share personal data with our suppliers and service providers including event organisers and partners and document production and management services.
We may share personal information when necessary with law enforcement and regulatory authorities.
We may also share your personal data when you have consented to us doing so.
We will only transfer your personal data outside of the European region under the following circumstances:
where the transfer is to a country or other territory which has been assessed by the European Commission (or an equivalent UK body) as ensuring an adequate level of protection for personal data;
with your consent; or
on the basis that the transfer is compliant with the UK GDPR and other applicable laws.
Please contact us if you have any questions about how we share or transfer your personal data.
Who we share your data with
We do not share data with any third parties, any information you send us remains strictly confidential. The only time we may have to share data is if we are legally bound to by the authorities.
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
You have certain rights regarding how we use and keep your personal data. These are:
you can require us, to update or correct any inaccurate personal data, or to complete any incomplete personal data, concerning you. If you do, we will take reasonable steps to check the accuracy of, and correct the information. Please let us know if any of your information changes so that we can keep it accurate and up to date;
you can require us to stop processing your information for direct marketing purposes; if you withdraw your consent, we may not be able to provide certain products or services to you; and
you have the right to object to our use of your personal data more generally.
You may also have the right, in certain circumstances to:
be provided with a copy of any personal data that we hold about you, with certain related information. There are exceptions to this right; for example, where information is legally privileged or if providing you with the information would reveal personal data about another person ;
to require us, without undue delay, to delete your personal data;
to “restrict” our use of your information, so that it can only continue subject to restrictions; and
to require personal data which you have provided to us and which are processed by using automated means, based on your consent or the performance of a contract with you, to be provided to you in machine readable format so that they can be “ported” to a replacement service provider.
You can exercise the above rights, where applicable by contacting us. We will require you to provide satisfactory proof of your identity in order to ensure that your rights are respected and protected. This is to ensure that your personal data is disclosed only to you.
Where we send your data
Visitor comments may be checked through an automated spam detection service.
Any emails or messages you send through our web forms will be stored by our email provider.
Your contact information
Please see our contact page for full contact information.
Additional information
How we protect your data
We protect your personal data and implement appropriate technical and organisational security measures to protect it against any unauthorised or unlawful processing and against any accidental loss, destruction, or damage.
We take every precaution to ensure your data is secure. We only allow connections to this website over https not http ensuring your connection to this website is secure at all times.
We use security software on our website to protect it from being unlawfully accessed and to ensure all data is protected.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Keeping your personal data
We do not keep your personal data for any longer than is necessary to fulfil the purpose for which we collected it, or to comply with any legal, regulatory or reporting obligations or to assert or defend against legal claims.
What data breach procedures we have in place
If there is a data breach we will contact the relevant authorities and yourself within the areas time limits to do so.