Privacy Policy

HomePrivacy Policy
About This Policy

1.1. Introduction: Bathroomic (a trading name of Ebla-UK Ltd, Registered Company Number: 10554629, Registered VAT Number: 259053201) of 6 Wedgwood Gate, Stevenage, SG1 4SU, is dedicated to protecting your personal data. This Privacy Policy outlines how we handle the personal data we hold, including information collected through our website (www.bathroomic.co.uk), product purchases, newsletter subscriptions, store visits, and phone calls.

1.2. Compliance: This policy details our compliance with the General Data Protection Regulation (GDPR) and other relevant data protection laws.

1.3. Updates: We may update this policy periodically by amending this page.

1.4. Additional Information: This Privacy Policy should be read in conjunction with any specific fair processing notices provided on our website where personal data is collected. It supplements, and does not override, those other notices. Our separate Cookies Policy provides further information on the use of cookies on our website.

1.5. Third-Party Links: Our website may contain links to third-party websites, plug-ins, and applications. We do not control these sites and are not responsible for their privacy policies. You should review their policies carefully.

How to Contact Us

2.1. Data Controller: Ebla-UK Ltd, trading as Bathroomic, is the data controller responsible for your personal data.

2.2. Contact Details: For any questions about this policy or to exercise your legal rights, please contact our Data Protection Officer at Ebla-UK LTD, trading as Bathroomic.

2.3. Complaints: You have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to address your concerns first, so please contact us before approaching the ICO.

Your Duty to Inform Us

3.1. Accuracy: It is important that the personal data we hold about you is accurate and up to date. Please inform us of any changes to your data during our relationship.

3.2. Third-Party Information: If you provide us with personal data about another person (e.g., for delivery or collection purposes), you must ensure you have their consent or a legal basis to do so, and that they are aware of this policy.

Third-Party Service Providers

4.1. Payment & Financing: We use the following third-party service providers for payment and financing arrangements. Any personal data you provide will be collected and handled by the respective party. You should refer to their individual privacy policies.

  • PayPal: For payments made via PayPal.
  • Sage Pay: For processing card payments.
  • V12 Retail Finance: For financing options.
The Data We Collect About You

5.1. Definition: Personal data is any information from which an individual can be identified. This does not include anonymised data.

5.2. Categories of Data: We may collect, use, store, and transfer the following categories of personal data:

  • Identity and Contact Data: Names, titles, addresses, email addresses, phone numbers, and payment information.
  • Technical Data: IP address, login data, browser information, time zone, operating system, and information on how you use our website.
  • Employment Data: CVs, employment references, and career history (for job applicants).
  • Profile Data: Usernames and passwords.
  • Marketing and Communications Data: Your preferences for receiving marketing from us.
How Your Personal Data is Collected

6.1. Sources: We collect personal data in various ways, including through our website (e.g., via contact forms), email, phone calls, and in-store interactions.

6.2. Provision of Data: The data is usually provided directly by you, but it may also be provided by someone else on your behalf (e.g., for an order).

6.3. Automatic Collection: Some technical data is collected automatically as you interact with our website, such as through cookies.

Purposes for Which We Use Your Personal Data

7.1. General Principle: We only use your personal data when the law allows us to, based on a specific legal basis. We may use your data for more than one purpose.

7.2. Purposes and Legal Bases:

  • Operating our website: We process Identity and Contact Data, Technical Data, and Profile Data to administer and improve our website and e-commerce functions.
  • Legal Basis: Necessary for our legitimate interests in managing and improving our website.
  • Providing products to consumer customers: We process your Identity and Contact Data to provide and deliver our products, process payments, and handle customer service.
  • Legal Basis: Necessary for the performance of the contract with you.
  • Opening trade accounts and providing products to trade customers: We process your Identity and Contact Data to manage accounts, handle invoicing, and for record-keeping.
  • Legal Basis: Necessary for our legitimate interests in supplying products to your business.
  • Responding to enquiries and applications: We use your Identity and Contact Data to respond to your queries. For job applications, we use Identity and Contact Data and Employment Data to assess your suitability.
  • Legal Basis: Necessary for our legitimate interests in the operation of our business and customer service.
  • Providing our 3D bathroom design service: We process your Identity and Contact Data to arrange and attend appointments. We may also use publicly available information to assist us.
  • Legal Basis: Necessary for our legitimate interests in following up on your request and providing our service.
  • Disclosing data to third parties: We may disclose your Identity and Contact Data and Technical Data to third-party providers (e.g., couriers) to fulfil our obligations.
  • Legal Basis: Necessary for our legitimate interests in delivering goods and ensuring proper website function.
  • Engaging with service providers and suppliers: We process Identity and Contact Data and Technical Data to contact and manage relationships with our suppliers and contractors.
  • Legal Basis: Necessary for our legitimate interests in sourcing services and supplies.
  • Marketing updates and our newsletter: We use your Identity and Contact Data, Technical Data, Profile Data, and Marketing and Communications Data to send you promotional communications.
  • Legal Basis: Necessary for our legitimate interests in marketing our products, or based on your consent.
  • Legal Rights: We may disclose your data where required by law, for legal proceedings, fraud prevention, or to establish, exercise, or defend our legal rights.
    3. No Consent Reliance: Generally, we do not rely on consent as a legal basis, except for sending you marketing communications via email. You can withdraw your consent at any time.
Marketing and Promotions

8.1. Receiving Communications: You will receive marketing from us if you have subscribed to our marketing database or, in some cases, if you have purchased products and not unsubscribed.

8.2. Opt-Out: You can stop receiving marketing messages at any time by following the opt-out links in the messages or by contacting us.

Disclosures of Your Personal Data

9.1. Third-Party Service Providers: We require all third-party service providers to respect the security of your data and only process it for specified purposes according to our instructions.

9.2. No International Transfers: We do not transfer your personal data outside the European Union.

Data Security

10.1. Security Measures: We implement reasonable technical and organisational security measures to protect your personal data from unauthorised access, loss, or disclosure.

10.2. Breach Notification: We have procedures in place to handle suspected data breaches and will notify you and any applicable regulator where legally required.

Data Retention

11.1. Retention Period: We only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for legal, accounting, or reporting requirements.

11.2. Anonymisation: We may anonymise your personal data for research or statistical purposes, in which case we may use it indefinitely without further notice to you.

Your Legal Rights

12.1. Summary of Rights: Under data protection laws, you have the following rights concerning your personal data:

  • Request access to your personal data.
  • Request correction of your personal data.
  • Request erasure of your personal data.
  • Object to the processing of your personal data.
  • Request restriction of processing.
  • Request a data transfer to you or a third party.
  • Withdraw consent at any time where we rely on it.
Exercising Your Rights

13.1. No Fee: You do not have to pay a fee to access your personal data or exercise any of your other rights. However, we may charge a reasonable fee or refuse to comply if your request is clearly unfounded, repetitive, or excessive.

13.2. Verification: We may need to request specific information from you to confirm your identity and ensure the security of your personal data.

13.3. Response Time: We aim to respond to all legitimate requests within one month. If your request is complex, it may take longer, and we will keep you informed.