Privacy Policy: Basil Bloom

At Basil Bloom, we are committed to protecting your privacy and handling your personal data in a transparent and secure manner. This Privacy Policy describes how we collect, use, process, and disclose your information when you interact with our technology motivation platforms, purchase our herbs and spices, attend our workshops, or otherwise engage with our services.

Our Identity and Contact Details

Basil Bloom operates from its registered address: 75 Bloomsbury Street, Floor 3, London, Greater London, WC1B 3DG, UK.

We are the data controller responsible for the personal data collected through our operations. For any privacy-related concerns or inquiries, please contact us via our general inquiry channels.

Information We Collect About You

We collect various types of information to provide and improve our services. This includes:

• Information you provide directly to us: This includes personal identifiers (such as name, email address, postal address, phone number), professional information (like company name, job title) when you sign up for our motivation platforms, place an order for our herbs and spices, register for a workshop, or communicate with us directly. Financial information, such as payment details, is processed by secure third-party payment processors, and we do not store sensitive payment card details on our systems.
• Information collected automatically: When you use our online platforms, we may collect information automatically from your device, including your IP address, browser type, operating system, referring URLs, pages viewed, and the dates/times of access. This data helps us understand how our services are used and to improve your experience.
• Information from other sources: We may obtain information about you from other sources, such as public databases, joint marketing partners, social media platforms, and other third parties, in compliance with applicable law.
• Data from motivation platforms: For users of our engagement platforms, we collect data related to your participation, achievements, progress, and interactions within the platform to provide gamified challenges, track performance, and facilitate reward systems tailored to the platform's objectives.

How We Use Your Information

We use the information we collect for the following purposes:

• To provide and manage our services: This includes operating and maintaining our motivation platforms, processing orders for herbs and spices, managing workshop registrations, and fulfilling our contractual obligations.
• To improve and personalise our services: We use data to understand user preferences, develop new features, enhance the functionality of our platforms, and tailor content and product recommendations.
• For communication: To send you essential service updates, order confirmations, workshop details, and, if you have opted in, marketing communications about our products and services.
• For security and fraud prevention: To protect our legitimate business interests and legal rights, including preventing fraud and ensuring the security of our services.
• For compliance with legal obligations: To comply with applicable laws, regulations, legal processes, or governmental requests.

Legal Basis for Processing Personal Data (GDPR)

We process your personal data under the following legal bases:

• Performance of a contract: When processing is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract (e.g., providing access to a motivation platform, fulfilling an order).
• Legitimate interests: Where processing is necessary for our legitimate interests or those of a third party, and your interests and fundamental rights do not override those interests (e.g., improving our services, preventing fraud, direct marketing where legally permitted).
• Consent: Where you have given explicit consent for us to process your personal data for one or more specific purposes (e.g., for sending marketing communications). You have the right to withdraw your consent at any time.
• Legal obligation: Where processing is necessary for compliance with a legal obligation to which we are subject.

Sharing Your Information

We may share your information with:

• Service providers: Third-party vendors and service providers who perform services on our behalf, such as payment processing, data analysis, hosting services, customer service, and marketing assistance. These parties are obligated to protect your data.
• Business partners: In the context of our motivation platforms, we may share anonymised or aggregated data with client organisations to report on engagement and performance trends. Personal data is shared only when explicitly agreed upon within the contractual terms of service for the platform.
• Legal and regulatory authorities: When required by law or to respond to valid legal processes, such as subpoenas, government requests, or to protect our rights and property.
• Affiliates and business transfers: With our affiliates or in connection with a merger, acquisition, or sale of assets, subject to appropriate privacy and confidentiality obligations.

International Data Transfers

Your personal data may be transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different from the laws of your country. We take appropriate safeguards to ensure that your privacy rights are protected, such as using Standard Contractual Clauses approved by the European Commission, or ensuring the recipient is certified under an approved certification mechanism.

Data Security

We implement robust technical and organisational measures to protect your personal data from unauthorised access, use, disclosure, alteration, or destruction. These measures include encryption, access controls, secure servers, and regular security assessments. While we strive to protect your personal data, no method of transmission over the Internet or method of electronic storage is 100% secure.

Data Retention

We retain your personal data for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure, the purposes for which we process your personal data, and applicable legal requirements.

Your Data Protection Rights (GDPR and UK GDPR)

Under applicable data protection laws, including the GDPR and UK GDPR, you have the following rights concerning your personal data:

• The right to access: You have the right to request copies of your personal data.
• The right to rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
• The right to erasure: You have the right to request that we erase your personal data, under certain conditions.
• The right to restrict processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
• The right to object to processing: You have the right to object to our processing of your personal data, under certain conditions.
• The right to data portability: You have the right to request that we transfer the data that we have collected to another organisation, or directly to you, under certain conditions.
• The right to withdraw consent: Where we rely on your consent to process your personal data, you have the right to withdraw that consent at any time.

To exercise any of these rights, please contact us using the address provided above.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any significant changes by posting the new Privacy Policy on our website and updating the "last updated" date.

Complaints

If you have concerns about our approach to privacy, you have the right to lodge a complaint with your local data protection authority. In the UK, this is the Information Commissioner's Office (ICO). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.