Blueair EU and UK Privacy Notice
Last Updated Date: 2023
· Users of our services and products
· Our account holders
· Our website users
· Our app users
· Applicants for vacancies at Blueair
This Notice describes how Blueair (“Blueair”, “we”, “us” or “our”) collects, uses, discloses and otherwise processes your personal data, either online or offline, within the scope of the GDPR or UK GDPR, as applicable.
We are the controller of the personal data collected. This means we determine how and why to process your personal data.
When we use the term “personal data” in this Notice, we mean data that directly or indirectly identifies a specific individual.
For the purposes of this Notice, personal data does not include information that has been anonymized.
Recipients of Personal Data and Types of Personal Data we collect
Third Party Disclosures
For purposes of this Notice, when we use the term “third party” we mean entities that are not service providers or contractors providing services on behalf of Unilever and that are not entities with whom you interact with directly.
We may share your personal data with the following third parties. This is to enable us to perform the contract entered into between you and us, where you are purchasing our Products or Services, or for the purposes of our legitimate business interests, as specified below.
· Third party service providers that provide services for us that involve data processing, in order to fulfil our legitimate business interests, including:
o to enable us to respond to an enquiry or other request you make, including processing returns and complaints or communicating via the automated chat bot on the website in order to answer general customer questions.
o for accounting management and finance.
o to maintain the endpoints for our internal web tools.
o to improve the design and implementation of our Services.
o to calculate sales tax and tax exemptions for business to consumer sales.
o to power the reviews function on our website.
o for legal compliance.
We will only provide your personal data to third party service providers for marketing purposes where you have expressly given your consent. You may withdraw this consent at any time.
· Payment providers. We share your personal data with payment providers, such as Google Pay, PayPal and Klarna, to fulfil your orders for our Products or Services.
Processing Legal Bases
Sources of Personal Data
Purposes for Collecting Personal Data
Retention of Personal Data
The period for which we retain your personal information varies, depending on the type of personal data and the purpose for which it was collected. The duration is limited to time necessary to fulfill the purposes for which the information was collected, in light of any restrictions or deletions you might request, as well as our need to address our legal and regulatory obligations or rights. If we collect your personal data for marketing purposes, we will retain this until you unsubscribe to receiving such marketing communications.
We will actively review the personal data we hold and delete it securely, or in some cases anonymise it, when there is no longer a legal, business, or consumer need for it to be retained. For example, for personal data processed by one of our payment providers, Adyen, the transaction data (including amount paid and payment method) is retained for seven years and is then automatically deleted. We will dispose of your personal data in a secure manner upon your request.
International Data Transfers
Your personal data will be stored on servers located in the EU. Your personal data may be transferred to countries outside of the UK and EU, including Japan, India and the US, for the purposes described in this Policy, for example in order to provide support services. Where we do transfer personal data internationally, we have implemented appropriate safeguards to protect your personal data when it is transferred, for example the standard contractual clauses of the European Commission (EU) and Information Commissioner’s Office (UK). Please contact us using the details below if you would like more information about these safeguards.
Blueair takes the security of your personal data very seriously. We take every effort to protect your personal data from misuse, interference, loss, unauthorised access, modification or disclosure.
Our measures include implementing appropriate access controls, investing in the latest information security capabilities to protect the IT environments we leverage, and ensuring we encrypt, pseudonymise and anonymise personal data wherever possible.
Access to your personal data is only permitted among our employees and agents on a need-to-know basis and subject to strict contractual confidentiality obligations when processed by third-parties.
YOUR PRIVACY RIGHTS
Where we process your personal data, you may be able to exercise the following rights in relation to the personal data about you that we have collected (subject to certain limitations at law):
HOW TO EXERCISE YOUR PRIVACY RIGHTS
To exercise any of your rights in connection with your personal data, please submit a request by filling out our EU privacy rights request form. We request that you provide us with additional information so that we can to verify your identity. We will only use the personal information provided in connection with a Privacy Rights Request to review and comply with the request. If you do not provide this information, we may not be able to verify or complete your request in all circumstances
In certain circumstances, we may decline a request to exercise the rights described above, in accordance with applicable law.
To Exercise Your Right to Object to Using Personal Data for Marketing Purposes
Where you have expressly consented, we may provide you with marketing-related information (such as newsletters). We may also use your personal data to send you marketing-related information where it is linked to the service we are providing to you or the service or product that you have made enquiries about.
You may unsubscribe from receiving such information at any time by clicking on the “unsubscribe” link at the bottom of each marketing communication, or by contacting us using the contact details below.
Personal Data of Children Under Age 18
We understand the need to provide particular protection where we are collecting and processing the personal data of consumers we know to be less than 18 years of age.
Where we rely on consent as the legal basis for processing the personal data, only children aged 13 or over in the UK, or 16 or over in the EU, are able to provide their own consent. For children under 16, we will not process the personal data unless we receive the consent of the child’s parent or guardian. The parent or guardian can withdraw this consent at any time by contacting us using the contact details below.
We put age appropriate safeguards in place where required, for example we may verify your age in order to determine your eligibility for some of our products, services and promotions.
From time to time, we may offer you certain financial incentives permitted by law (such as coupons, samples, and loyalty programs) in exchange for the collection, retention, or use of certain personal information about you. Each financial incentive related to the collection and use of personal information is based upon our reasonable, good-faith determination of the estimated value of such information to our business, taking into consideration the value of the offer itself and the anticipated revenue generation that may be realized by rewarding brand loyalty and repeat purchases. When you opt into a financial incentive, we will provide information about the specific terms of the financial incentive, such as the categories of personal information required to be disclosed, retained or shared, in exchange for the benefit you may receive. You can opt out of a financial incentive at any time by contacting us at blueair.com. When necessary, we will provide information about the specific terms of the financial incentive, such as the type of personal information required to be disclosed, retained or sold in exchange for the benefit you may receive, and instructions on how to opt in or opt out, on the webpage or form where the financial incentive is made available.
HOW TO CONTACT US
If you have any questions, comments or concerns with respect to our privacy practices or this Notice, or wish to update your information, please feel free to contact us at email@example.com. You may also write to us at the following address:
Attn: Blueair Data Privacy and Compliance
115 26 Stockholm
CHANGES IN NOTICE
From time to time, we may change our Notice. We will notify you of any material changes to our Notice as required by law. We will also post an updated copy of this Notice on our Platform. Please check our Platform periodically for updates. Without prejudice to your rights under applicable law, we reserve the right to update and amend this Privacy Notice without prior notice to reflect technological advancements, legal and regulatory changes and good business practices to the extent that it does not change the privacy practices as set out in this Privacy Notice. If you do not agree to the changes to this Privacy Notice, please contact us using the contact details above.