1. Introduction and Definitions
We are honest about what happens to your personal information when you engage with us, and we will always request your permission before you share it with us. We have also made it as easy as possible for you to let us know when you decide to change your mind.
We created our website and online shop in line with our main business objective, to make information about mental health and wellbeing accessible, simple and user-friendly. Our products are carefully designed, useful and beautifully unique and we hope that you will order from us because you agree. We do not create profiles of our users to sell to third parties for targeted advertising.
Please support our mission and promote the tools we create to help you start vital conversations with young people about their mental health and wellbeing, and we will continue to work hard creating resources that make information available in a fun and engaging way. We are on this journey together and will work to earn and keep your trust in us.
Please take time to read our Privacy Policy. It’s lengthy but it contains all the information about how Colourful Conversations™ ("we," "us" or "our") collects, protects and processes your data when you engage with us through our social media accounts, our site, emails and other means described here (“Sites”). This includes the options we provide for how you can control and access your data.
New regulations, technologies or changes to how we collect and use your personal data may require us to change our Privacy Policy. We reserve the right to make these changes at our sole discretion and all revisions will appear on this page.
To explain and clarify what we mean when we use Privacy Policy terms, we would like to provide you with the following definitions:
1.1. Definitions
“User” means a Colourful Conversations™ customer.
“User Data“ means personal data, addresses, and other files, folders or documents in electronic form that a User of the Services stores within the Services.
“Personal Data” - or “personal information” in certain jurisdictions – means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household. We do not consider Personal Data to include information that has been de-identified so that it does not allow a third party to easily identify a specific individual. Your name, e-mail address, and IP address are all examples of data that may be Personal Data. Since your IP address can help us identify you, we treat “cookies” as Personal Data.
Please see Section 3 below to review detailed information about our use of cookies and similar technology.
“Public Area” means the area of the Sites that can be accessed both by Users and Visitors, without needing to log in.
“Restricted Area” means the area of the Sites that can be accessed only by Users, and where access requires logging in.
“Visitor” means an individual other than a User, who uses the public area, but has no access to the restricted areas of the Sites or Services.
2. Why We Collect Personal Data
We collect and process your personal data upon your consent, asking for it as appropriate. This occurs when you contact us, visit our Site, purchase a product from us and when you register an account with us. The legal basis for this is so that we can provide you with our products and services in accordance with our Terms of Use and to carry out our legitimate interests. Please see below for information on the personal data we collect, and the reasons why we process it.
When you use the Services, as a User or as a Visitor, you may provide, and we may collect your Personal Data. Examples of Personal Data include your name, email address, mailing address, mobile phone number, and payment card details or other billing information. Personal Data also includes other information, such as geographic area or preferences, when any such information is linked to information that identifies a specific individual.
We use the information that we collect in a variety of ways in providing the Services and operating our business, including the following:
2.1 Operations
We use the information – other than User Data - to operate, maintain, enhance and provide all features of the Services, to provide the services and information that you request, to respond to comments and questions and to provide support to Users of the Services. We process User Data solely in accordance with the directions provided by the applicable User or Visitor.
2.2 Improvements
We use the information to understand and analyze the usage trends and preferences of our Visitors and Users, to improve the Services, and to develop new products, services, features, and functionality. Should this purpose require Colourful Conversations™ to process User Data, then the data will only be used in anonymized or aggregated form.
2.3 Communications
We rely on account, service and usage data to provide you with products and services information to help meet your needs. You have the right to provide and withdraw your consent at any time (See Section 6). Please note that should you decide to withdraw consent it will restrict what we can offer that would benefit you.
We may use a Visitor’s or User’s email address or other information to contact that Visitor or User (i) for administrative purposes such as customer service, to address intellectual property infringement, right of privacy violations or defamation issues related to the User Data or Personal Data posted on the Services (ii) with a business transaction purpose; or (iii) for updates on products, services, materials, promotions and events, relating to products and services offered by us and by third parties we work with.
If you have an account with us we will need to send you essential customer service related emails, on a contractual or legitimate interest basis only.
2.4 Legitimate Interest
Where legitimate interest is the lawful basis of processing your personal data, the legitimate interests we pursue are as follows:
To provide you with your requested products and services;
To measure and improve our services efficacy to better engage and retain visitors and users;
To send you product and special offers information, information about services and events (where your consent is not required);
Analysing how our services are used and communications engaged with; with the aim to improve and customise our services and marketing communications;
To diagnose and fix services issues;
For the purposes of market research, such as customer satisfaction and interest surveys, marketing campaign efficacy (if we will always ask first should we need your permission to conduct such surveys;
To respond and investigate complaints and comments we receive from you;
Where disclosure of information in connection with legal processes or litigation is necessary. This includes compliance, legal claims, and regulatory and investigative purposes.
We will be unable to provide you with our products or services should you elect not to provide the necessary personal data where legal and contractual requirements are the lawful basis of processing your personal data.
3. How We Collect Data
Orders
When you choose to buy products available through our online shop, in addition to your name, address, email address, telephone number, and birth date (if applicable), we will process the following additional Personal Data in order to complete your transaction: details of order, price, payment card number or other payment information, shipping and billing address, any further details on the purchase transaction and optional account information like username and password. No card payment information is stored on our servers.
We use this information for purposes, such as, to:
Send you information about your account and order
Respond to your requests, including refunds and complaints
Process payments and prevent fraud
Set up your account for our store
Comply with any legal obligations we have, such as calculating taxes
Improve our store offerings
Site Registration
We process your login details if you choose to register for an Account so that we can communicate with you, provide the Services and provide a more personalized experience on our Site. You are not required to register for an Account, but if you choose not to do so, you may not be able to participate in some of the Services offered through the Site. In addition to this, we process all information you provide to us when logged into your Account, and also your usage data (e.g., login times, length of stay).
If you create an account, we will store your name, address, email and phone number. This information will be used to populate the checkout for future orders.We generally store information about you for as long as we need the information for the purposes for which we collect and use it, and we are not legally required to continue to keep it.
Contact Us
When you contact us by phone, email, contact form or otherwise to submit information to us, we process the information you provide to us to respond to your inquiry.
We keep contact form submissions and emails for six months strictly for customer service and analytical purposes, but we do not use the information submitted through them for marketing purposes.
Cookies
Wordpress, our chosen web publishing software installs cookies by default. If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie is a small text file that contains no personal data and is discarded when you close your browser.
Cookies allow our site to store and retrieve information to: (i) personalize our Services, such as remembering a User’s or Visitor’s information so that the User or Visitor will not have to re-enter it during a visit or on subsequent visits; (ii) provide customized advertisements, content, and information; (iii) monitor and analyze the effectiveness of Services and third-party marketing activities; (iv) monitor aggregate site usage metrics such as total number of visitors and pages viewed; and (v) track your entries, submissions, and status in any promotions or other activities on the Services.
When you log in, we will also set up several cookies to save your login information and your screen display choices.
You can remove cookies by clearing your search history and block cookies by configuring your browser. Please note that our website features may not function correctly and/or may impact your website experience if you disable cookies or withdraw consent.
For more information about cookies you can visit: www.allaboutcookies.org.
Embedded content from other websites
Our Site may contain embedded content (e.g. videos, images, articles, etc.) provided by third parties. Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website. Any information you provide on third-party sites or services is provided directly to the operators of such services and is subject to those operators’ policies, if any, governing privacy and security, even if accessed through the Services. We are not responsible for the content or privacy and security practices and policies of third-party sites or services to which links or access are provided through the Services.
Analytics
Colourful Conversations™ uses an package to collect anonymous analytics data
Essential User Updates
If you are a User, we process your email address in order to keep you informed only when necessary, about the operation of our services by sending emails and announcements that are needed for the proper functioning and administration of our Sites and Services..
Information from Other Sources. We may obtain information, including Personal Data, from third parties and sources other than the Services, such as our partners, advertisers, credit rating agencies, and Integrated Services. If we combine or associate information from other sources with Personal Data that we collect through the Services, we will treat the combined information as Personal Data in accordance with this Privacy Policy.
4. Who we share your data with
Members of our team have access to the information you provide us. We will only disclose your personal data to our employees to be processed, when necessary. For example:
Order information that includes what you purchased, when it was purchased and where it should be sent, and
Customer information like your name, email address, and billing and shipping information.
We also share site data with the following third-party providers who help us provide our orders and store services to you.
We accept payments through PayPal and Stripe. When processing payments, some of your data will be passed to PayPal and Stripe, including information required to process or support the payment, such as the purchase total and billing information.
Please see the PayPal and Stripe’s Privacy Policies for more details.
5. To Whom We Disclose Information
Except as described in this Privacy Policy, we will not intentionally disclose the Personal Data that we collect or store on the Services to third parties without the consent of the applicable Visitor or User. We may disclose information to third parties if you consent to us doing so, as well as in the following circumstances:
5.1 Unrestricted Information
Any information that you voluntarily choose to include in a Public Area of the Services, such as a public profile page, or via a chat room, forum, message board and/or other community function, will be available to any Visitor or User who has access to that content. Remember that any information you disclose in these areas becomes public information and you should exercise caution when deciding to disclose your personal, financial or other information. Your use of such Public Areas and community functions is at your own risk.
5.2 Service Providers
We may share the categories of Personal Data described above with service providers and third parties that we partner with to assist us in various functions, including providing technical support, providing you with our Services and products (including helping us to administer contests and promotions), and providing you with communications and marketing information on our behalf. These third parties may have access to, or process Personal Data as part of providing those services for us. We limit the information provided to these service providers to that which is reasonably necessary for them to perform their functions, and our contracts with them require them to maintain the confidentiality of such information.
These services providers and third parties can be classified in the following categories:
Delivery partners, to deliver our products to the right location;
Financial partners, who are involved in the processing of your banking or credit card data on our Sites;
Marketing partners, who we use (for example) to send you promotional communications;
Product partners, who we work with to fulfill your orders for supplementary materials;
IT service providers, such as our data hosting provider; and
Other service providers, who we may engage to provide services to us or on our behalf.
5.3 Law Enforcement, Legal Process and Compliance
We may disclose Personal Data or other information if required to do so by law or in the good-faith belief that such action is necessary to comply with applicable laws, in response to a facially valid court order, judicial or other government subpoena or warrant, or to otherwise cooperate with law enforcement or other governmental agencies.
We also reserve the right to disclose Personal Data or other information that we believe, in good faith, is appropriate or necessary to (i) take precautions against liability, (ii) protect ourselves or others from fraudulent, abusive, or unlawful uses or activity, (iii) investigate and defend ourselves against any third-party claims or allegations, (iv) protect the security or integrity of the Services and any facilities or equipment used to make the Services available, or (v) protect our property or other legal rights, enforce our contracts, or protect the rights, property, or safety of others.
6. How long we retain your data
For users that register on our website, we store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time. Website administrators can also see and edit that information.
We only retain Personal Data collected from a User for as long as the User’s account is active or otherwise for a limited period of time as long as we need it to fulfill the purposes for which we have initially collected it, unless otherwise required by law. We will retain and use information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements as follows:
the contents of closed accounts are deleted within 3 months of the date of closure;
backups are kept for 3 months;
billing information is retained for a period of 7 years as of its provision to Colourful Conversations™ in accordance with applicable laws.
information on legal transactions is retained for a period of 10 to 20 years as of its provision to Colourful Conversations™ in accordance with applicable laws.
7. Your Rights
We respect your right to control and access your data. If you have an account with us, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we amend, or erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Please visit the ICO for a full description of your personal data rights.
When you access, use or interact with our Site and Services, you are consenting to cookies and other related technologies being used; data transference outside of your resident country if not based in the EEA; and the processing, collection, sharing and use of your information as explained and described in our Privacy Policy. If you do not agree with the terms set out in this Privacy Policy, please refrain from using our service.
You have the right to withdraw consent where it applies to the legal basis of processing your data.
We respect your privacy rights and provide you with reasonable access to the Personal Data that you may have provided through your use of the Services. If you wish to access or amend any other Personal Data we hold about you, or to request that we delete or transfer any information about you please contact us at privacy@colourfulconversations.org.uk
You may update, correct, or delete your Account information and preferences at any time by accessing your Account Settings page on the Site. Please note that while any changes you make will be reflected in active user databases instantly or within a reasonable period of time, we may retain all information you submit for backups, archiving, prevention of fraud and abuse, analytics, satisfaction of legal obligations, or where we otherwise reasonably believe that we have a legitimate reason to do so.
You may decline to share certain Personal Data with us, in which case we may not be able to provide to you some of the features and functionality of the Services.
At any time, you may object to the processing of your Personal Data, on legitimate grounds, except if otherwise permitted by applicable law. If you believe your right to privacy granted by applicable data protection laws has been infringed upon, please contact us at privacy@colourfulconversations.org.uk. You also have a right to lodge a complaint with data protection authorities.
Opting out from Marketing Communications
If you receive marketing emails from us, you may unsubscribe at any time by following the instructions contained within the email, or by sending an email to help@colourfulconversations.org.uk
Please be aware that if you opt-out of receiving marketing emails from us or otherwise modify the nature or frequency of promotional communications you receive from us, it may take up to ten (10) business days for us to process your request. Additionally, even after you opt-out from receiving commercial messages from us, you will continue to receive administrative messages from us regarding the Services.
8. Where we send your data
Your personal data may be transferred to countries outside the European Economic Area ('EEA') that do not have similar protections in place regarding your data and restrictions on its use as set out in this Privacy Policy. However, transfers outside of the EEA will be protected by us imposing appropriate safeguards, namely the use of standard data protection clauses adopted or approved by the European Commission to ensure the security of your data or via, independent privacy schemes approved by regulators (like the US ‘Privacy Shield Scheme).
All the information you provide through the Site may be processed and stored, transferred or accessed by entities around the world as described in this Privacy Policy. We will take steps to ensure that Personal Data is treated securely and in accordance with this Privacy Policy.
Clients, Users and Visitors in the EU/EEA please see Section 16.
9. How to Contact Us
If you have questions, comments or requests regarding this Privacy Policy, please contact us at:
privacy@colourfulconversations.org.uk
Or via our Contact Form
10. How we protect your data
Our site uses SSL technology to encrypt data during transmission through public internet, and where reasonable to do so we also employ application-layer security features to further anonymize Personal Data.
Although we may allow you to adjust your privacy settings to limit access to certain Personal Data, please be aware that no security measures are perfect or impenetrable. We are not responsible for circumvention of any privacy settings or security measures on the Services. Additionally, we cannot control the actions of other users with whom you may choose to share your information. We cannot and do not guarantee that information you post on or transmit to our Site or the Services will not be viewed by unauthorized persons.
11. Data breach procedures
No method of transmission over the Internet, or method of electronic storage, is 100% secure. We cannot ensure or warrant the security of any information you transmit to us or store on the Services, and you do so at your own risk. We also cannot guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards. If you believe your Personal Data has been compromised, please contact us at
privacy@colourfulconversations.org.uk
If we learn of a security systems breach, we will inform you and the authorities of the occurrence of the breach in accordance with applicable law.
12. What third parties we use and receive data from
Colourful Conversations™ uses the following social media and networking platforms: Instagram, Facebook, LinkedIn and Twitter to communicate with the public, promote our business and to support children and young people’s mental health learning.
We use their social plugins, e.g. “like buttons,” on our Sites. If you access a page of the Sites that contains such a plug-in, your browser establishes a direct connection to the social media provider’s servers. Via the plugins, the providers receive the information that you have visited our Sites even if you do not have a profile or are not currently logged in. This information (including your IP address) will be transferred from your browser directly to a server of the respective provider in the USA and stored there. If you are logged in to one of the social media services, the providers may allocate your visit of the Sites to your account with them. Interactions with plug-ins like the “like button” are sent directly to the providers’ servers and stored there. The information is also stored in the social network and published on your account.
Please visit the sites of these named third party service providers to access their Privacy and Data Policies.
If you choose to contact us via our social media accounts we may respond directly through that communication channel provided by the social media service provider on the legal basis of consent. We will only export your personal data from the social media site to our collection and processing system if it is necessary and on the basis of fulfilling a requested service or legitimate interest to promote and/or protect our business and followers . This includes collecting your name and/or username and other information you provide to us.
13. Intellectual Property Rights
We reserve the right to collect or use your personal information if we have reason to believe that you or an organisation you represent are infringing our IPR. Data may be collected from third parties, your website, social media profile(s) as well as other sources such as the Intellectual Property Office, Companies House, or other public or publicly listed body. The information collected or provided will be used to investigate any potential intellectual property infringement, and to communicate with you, including sending you a cease and desist notification, and notifying you of any legal action we are taking on the basis of legitimate business protection interest .
14. Children’s Privacy
Protecting children and young people’s privacy is vitally important to us. Our Services are not intended to be used directly by minors and are not intended to be used to post content to share publicly or with friends. To the extent that a minor has posted such content on the Services, the minor has the right to have this content deleted or removed using the deletion or removal options detailed in this Privacy Policy. If you have any question regarding this topic, please contact us as indicated in the “How to Contact Us” section. Please be aware that, although we offer this deletion capability, the removal of content may not ensure complete or comprehensive removal of that content or information.
GDPR. We strive to comply with the European Union’s General Data Protection Regulation (Regulation (EU) 2016/679, hereinafter “GDPR”). The Sites and Services are not intended for children and we do not knowingly collect data relating to anyone under the age of 16 in cases where GDPR is applicable. If you feel that we have unknowingly collected Personal Data from someone under the age of 16 in a country where GDPR is applicable, please contact us immediately as described in the “How to Contact Us” section below and this information will be removed.
15. Changes and Updates to this Privacy Policy
Please revisit this page periodically to stay aware of any changes to this Privacy Policy, which we may update from time to time. If we modify the Privacy Policy, we will make it available through the Services, and indicate the date of the latest revision, and will comply with applicable law. Your continued use of the Services after the revised Privacy Policy has become effective indicates that you have read, understood and agreed to the current version of the Privacy Policy.
16.Users of the Sites and Services in the European Union/European Economic Area
This section of the Privacy Policy applies only if you use the Sites or Services from a country that is a Member State of the European Union (“EU”)/European Economic Area (“EEA”) and supplements the information in this Privacy Policy.
Legal Bases for Processing Your Personal Data
Site Registration. We process the listed information to provide you with the requested services and administer your registration, so for contract performance. We also process your information in this context for IT security reasons, so for our legitimate interest to provide secure services.
Product Purchase. We process the listed information to transact and administer your purchase, so for contract performance.
Newsletters. We send you newsletters based on your consent. If you are already a User or Visitor who has purchased goods from us, we also process your email address to offer our own similar products, programs or services that may be of interest to you. Such processing is based on our legitimate interest to conduct direct marketing. You may always object to such processing.
Contact Us. We process the listed information to respond to your inquiry, so to perform a (quasi) contract with you.
Updates Concerning Us. We send you accordance updates based on our legitimate interests to provide you with working Sites and satisfying Services. If informing you about updates is required by law, we send you accordant updates to comply with our legal obligations.
Retention of Your Personal Data
Site Registration. We retain your Personal Data as long as you use our services for registered users. We will delete your Personal Data if you have not logged in for 3 years unless we are required or permitted by law to retain it for a longer period (for example for archiving purposes).
Product Purchase. We retain your Personal Data as long as you continue purchasing our products. We will delete your Personal Data if you have not purchased anything for 3 years unless we are required or permitted by law to retain it for a longer period (for example for archiving purposes).
Newsletters. We will retain your Personal Data concerning marketing and newsletters for as long as you do not withdraw consent or opt-out from such marketing, unless we are required or permitted by law to retain it for a longer period (for example for archiving purposes).
Contact Us. We retain this Personal Data for the time required to respond to your request and, where applicable, as required or permitted by statutory law (for example for financial statements or legal claims or archiving purposes).
Updates Concerning Us. We retain this Personal Data for as long as you use our Services for registered Users or purchase our goods. We will delete your Personal Data if you have not logged in or purchased anything for 3 years unless we are required or permitted by law to retain it for a longer period (for example for archiving purposes).
Automated Decision-Making
We may use automated decision-making technologies, including profiling, to support our data processing activities. Our auto-mated decision-making capabilities include logic that attempts to identify titles, communications, products or offers that we believe may interest you. By using this logic, it helps us personalize your interactions with us. For you, this means you may see online advertisements, direct marketing communications (if you have subscribed) or other advertising or marketing messages or special offers based on your activity on our Sites or interactions with us or our third-party partners.
International Transfers
Your sharing of your Personal Data, in accordance with this Privacy Policy, involves transferring your information outside the EU/EEA. Whenever we transfer your Personal Data out of the EU/EEA, we ensure a similar degree of protection is afforded to it by ensuring, where required by law, at least one of the following safeguards is implemented:
transferring Personal Data to countries that have been deemed to provide an adequate level of protection for Personal Data by the European Commission;
using specific contracts approved by the European Commission which give personal data the same protection it has in Europe; or
transferring personal data to the United States to an entity if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the United States.
You may be entitled, in accordance with applicable law, to request a copy of the safeguards by contacting us as described in the “How to Contact Us” section below.
Your Rights
In furtherance of Section 7 above and in accordance with GDPR, you may have the following rights in relation to the Personal Data we hold about you, if the accordant preconditions are fulfilled:
Right of Access. You may ask us to confirm whether we are processing your Personal Data and, if so, to provide you with a copy of that Personal Data (along with certain other details).
Right to Rectification. If the Personal Data we hold about you is inaccurate or incomplete, you are entitled to ask for rectification or completion.
Right to Erasure. You may ask us to delete or remove your Personal Data in some circumstances, e.g. if we no longer need it or you withdraw your consent (where applicable).
Right to Restrict Processing. You may ask us to restrict the processing of your Personal Data in certain circumstances, e.g. if you object to us processing it.
Right to Data Portability. You have the right to obtain Personal Data you have provided to us in a structured, commonly used and machine-readable format for reuse under certain circumstances.
Right to Object. You may ask us at any time to stop processing your Personal Data and we will do so, if we (i) rely on legitimate interests to process your Personal Data except if we can demonstrate compelling legal grounds for the processing, or (ii) process your Personal Data for direct marketing.
Rights in Relation to Automated Decision-Making and Profiling. You have the right not to be subject to a decision when it is based solely on automated processing, including profiling, and it produces a legal effect or similarly significantly affects you unless such profiling is necessary for entering into, or the performance of, a contract between you and us.
Right to Withdraw Consent. If we rely on your consent as legal basis for processing your Personal Data, you have the right to withdraw that consent at any time. This includes, but is not limited to, cases where we use your Personal Data for direct marketing purposes.
You may also be entitled, in accordance with applicable law, to lodge a complaint with a supervisory authority if you consider that our processing of your Personal Data infringes applicable law.
For more information on your rights and accordant requirements, please see the information provided by the EU Commission.