1. Introduction

BISOUS BATH LUXURIES LTD, trading as Gardenure (“we”, “us”, “our”, or “Company”), is committed to protecting your privacy and ensuring you have a positive experience on our Website https://gardenure.com/.

This Privacy Policy explains how we collect, use, disclose, and process your personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Please read this Privacy Policy carefully. By accessing and using this Website and purchasing products from us, you consent to our collection and use of your personal data as described.

2. Who We Are

Data Controller: BISOUS BATH LUXURIES LTD (trading as Gardenure) Company Number: 15200813 Address: 19 Hornsmill Avenue, Widnes, Cheshire, United Kingdom, WA8 5DY Email: support@gardenure.com Telephone: +44 7832 650291

3. Data We Collect

We collect personal data in the following categories:

Contact Information:

  • Name, email address, postal address, and telephone number
  • This data is collected when you create an account, place an order, or contact us

Billing and Payment Information:

  • Billing name, address, and payment method details
  • Payment transactions are processed securely by third-party payment processors
  • We do not store full credit card or payment card details on our servers

Order and Transaction Data:

  • Order history, products purchased, purchase amounts, and delivery preferences
  • Transaction dates and payment status

Communication Data:

  • Emails, messages, and support tickets you send to us
  • Customer service interactions and feedback

Technical Data:

  • IP address, browser type, operating system, and device identifiers
  • Website usage patterns, pages visited, and time spent on site
  • Cookies and similar tracking technologies (see Cookie Policy)

Location Data:

  • General location information derived from IP address or postal code
  • This data is used for delivery and regional compliance purposes

Marketing Preferences:

  • Subscription status to marketing communications
  • Preferences regarding promotional content and newsletters

4. Legal Basis for Processing

We process your personal data based on the following legal grounds:

Contractual Necessity: Processing necessary to fulfill your purchase order and provide services you have requested.

Legitimate Interest: Processing necessary for our business purposes, including customer service, fraud prevention, security, marketing analytics, and improving our services.

Legal Obligation: Processing required by applicable UK law, including tax obligations and consumer protection regulations.

Consent: Processing based on your explicit consent, including for marketing communications and non-essential cookies.

5. How We Use Your Data

We use your personal data for the following purposes:

Order Fulfillment:

  • Processing and delivering your orders
  • Communicating order status, tracking, and delivery information
  • Handling customer inquiries and providing support

Payment Processing:

  • Processing payments and managing billing
  • Preventing fraudulent transactions and unauthorized access

Customer Communication:

  • Responding to inquiries and providing customer support
  • Sending order confirmations, invoices, and receipts
  • Notifying you of changes to our policies or services

Marketing and Promotions:

  • Sending promotional content, newsletters, and special offers (only with your consent)
  • Conducting surveys and gathering customer feedback
  • Analyzing customer preferences to improve our marketing

Website Improvement:

  • Analyzing usage patterns to enhance user experience
  • Testing new features and evaluating site performance
  • Gathering analytics and statistical data

Legal and Security Purposes:

  • Complying with legal obligations and resolving disputes
  • Detecting and preventing fraud, abuse, or security threats
  • Protecting our legal rights and the safety of users

Record Keeping:

  • Maintaining records for accounting, audit, and regulatory compliance purposes

6. Data Sharing and Disclosure

We may share your personal data with the following third parties:

Payment Processors:

  • Secure third-party providers who process payment transactions
  • These providers adhere to PCI DSS standards and do not retain full card details

Delivery and Logistics Partners:

  • Shipping companies require name, address, and contact information to deliver your order
  • We share only information necessary for delivery

Hosting and Website Services:

  • WooCommerce and related hosting providers who maintain our Website
  • These providers are bound by data protection agreements

Customer Service Platforms:

  • Support and communication tools used to respond to customer inquiries
  • Data is used solely for customer service purposes

Legal and Regulatory Bodies:

  • Data may be disclosed to government authorities or law enforcement when required by law or legal process

Business Transfers:

  • In the event of merger, acquisition, or sale of assets, your data may be transferred as part of the business transaction
  • You will be notified of any such change

We do not sell, rent, or lease your personal data to third parties for marketing purposes without your explicit consent.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

Account Information: Retained for the duration of your account and 6 years following closure for legal and tax purposes.

Order and Transaction Data: Retained for 6 years to comply with UK tax and accounting regulations.

Payment Information: Deleted immediately after transaction completion (full card details are not stored by us).

Communication Data: Retained for 2 years or as long as necessary to resolve outstanding issues.

Marketing Data: Retained until you unsubscribe from marketing communications or withdraw consent.

Technical and Analytics Data: Retained for 12 months or as required for security and fraud prevention purposes.

You may request deletion of your data at any time, subject to legal and contractual obligations.

8. Your Rights

Under UK GDPR and the Data Protection Act 2018, you have the following rights:

Right of Access: You may request a copy of the personal data we hold about you.

Right to Rectification: You may request correction of inaccurate or incomplete personal data.

Right to Erasure: You may request deletion of your personal data, subject to legal and contractual obligations (the “Right to be Forgotten”).

Right to Restrict Processing: You may request that we limit how we use your personal data.

Right to Data Portability: You may request your data in a structured, portable format suitable for transfer to another provider.

Right to Object: You may object to processing for marketing, profiling, or automated decision-making purposes.

Right to Withdraw Consent: You may withdraw consent for marketing communications and non-essential cookies at any time.

Rights Related to Automated Decision-Making: You have the right not to be subject to decisions based solely on automated processing that produces legal or significant effects.

To exercise any of these rights, contact us at support@gardenure.com. We will respond to your request within 30 days of receipt.

9. International Data Transfers

Your data is processed and stored within the United Kingdom. We do not transfer personal data outside the United Kingdom except where necessary for order fulfillment or service provision, and only to countries with adequate data protection safeguards as determined by the UK government.

If data is transferred outside the UK, we implement appropriate safeguards, including Standard Contractual Clauses approved by UK authorities.

10. Data Security

We employ robust security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:

  • SSL/TLS encryption for data transmitted over the Internet
  • Secure password-protected accounts
  • Access restrictions limiting employee access to personal data
  • Regular security audits and vulnerability assessments
  • Compliance with PCI DSS standards for payment data
  • Secure backup and disaster recovery procedures

However, no security system is completely secure. We cannot guarantee absolute protection against all cyber threats. You acknowledge the inherent risks of Internet communication.

11. Cookies and Tracking Technologies

Our Website uses cookies and similar tracking technologies to enhance user experience, analyze usage, and serve targeted advertising. See our separate Cookie Policy for detailed information.

You can manage cookie preferences through your browser settings or opt out of certain tracking through industry opt-out mechanisms.

12. Third-Party Links

This Website may contain links to third-party websites. We are not responsible for their privacy practices. We encourage you to review the privacy policies of third-party sites before providing personal data.

13. Children’s Privacy

This Website is not intended for use by individuals under 18 years of age. We do not knowingly collect personal data from minors. If we become aware that personal data of a minor has been collected, we will take immediate steps to delete it.

Parents or guardians who believe a minor’s data has been collected should contact us immediately.

14. Data Protection Officer

While we do not have a formally designated Data Protection Officer, we are committed to data protection compliance. For data protection inquiries, contact:

Email: support@gardenure.com Telephone: +44 7832 650291

15. Complaints and Regulatory Authority

If you believe we have mishandled your personal data or violated your privacy rights, you may lodge a complaint with the Information Commissioner’s Office (ICO):

Information Commissioner’s Office Wycliffe House, Water Lane Wilmslow, Cheshire, SK9 5AF Telephone: 0303 123 1113 Website: www.ico.org.uk

16. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or applicable law. Changes will be effective immediately upon posting. Your continued use of the Website constitutes acceptance of the updated Privacy Policy.

17. Contact Information

For privacy inquiries, data subject access requests, or to exercise your rights:

Email: support@gardenure.com Telephone: +44 7832 650291 Address: 19 Hornsmill Avenue, Widnes, Cheshire, United Kingdom, WA8 5DY Business Hours: Monday to Friday, 9:00 AM to 6:00 PM