PRIVACY POLICY
At Fresh Steps UK (accessible via freshstepsuk.com), we are firmly committed to safeguarding the privacy and personal data of our users, customers, and visitors. This Privacy Policy outlines the types of information we collect, the purposes and legal bases for collecting it, how it is processed and protected, and your rights in respect of your personal data. Our data handling practices are governed by the European Union’s General Data Protection Regulation (GDPR), the UK Data Protection Act 2018, and the California Consumer Privacy Act (CCPA), among other applicable privacy regulations.
1. Commitment to Data Protection
Fresh Steps UK values your trust and is dedicated to protecting your personal data. We adhere to the principles of lawfulness, transparency, fairness, purpose limitation, minimization, accuracy, and storage limitation. We implement appropriate organizational, technical, and security measures to ensure a high level of data protection for all individuals interacting with our website, services, and communications.
2. Scope and Data Controller Role
This Privacy Policy applies to all visitors, users, and customers accessing freshstepsuk.com or communicating with us through any available medium. Fresh Steps UK acts as the data controller for the data collected and processed in connection with our services. If you reside in the European Union, United Kingdom, or California, your rights are specifically protected as further outlined in this policy.
3. Categories of Personal Data We Process
We collect and process the following categories of personal data, depending on how you interact with freshstepsuk.com:
a. Usage Data:
Includes information about how you use our website such as IP address, browser type and version, platform, operating system, referral sources, length of visit, pages viewed, session information, and navigation paths.
b. Account Data:
Includes your full name, billing and shipping addresses, email address, phone number, and other details necessary for account registration or management.
c. Profile Data:
Includes demographic details, shopping preferences, prior purchases, product interests, and behavioral observations made through site interaction.
d. Communication Data:
Includes records and content of your interactions with us through contact forms, email correspondence, live chat, support tickets, and other communications.
e. Technical Data:
Details about the device and system configuration you use to access our site including device ID, browser plug-ins, timezone settings, hardware type, and mobile network information.
f. Transaction Data:
Includes payment information (such as the last four digits of a credit card when processed securely via a payment gateway), purchase records, delivery address, and order history.
g. Preference Data:
Includes information regarding your marketing and communication preferences, opt-in status, cookie choices, and any expressed interests or feedback.
4. Legal Bases for Processing
We rely on several lawful grounds for processing your personal data under Article 6 of the GDPR and equivalent CCPA-protected rights:
– Consent: When you opt in to receive newsletters, marketing communications, or non-essential cookies.
– Performance of a Contract: For processing orders, managing customer accounts and fulfilling customer-related transactions.
– Legal Obligation: Where we must comply with relevant legal requirements.
– Legitimate Interests: For improving our website, preventing fraud, securing our systems, responding to enquiries, and enhancing user experiences—where these interests are not overridden by your fundamental rights and freedoms.
5. Your Privacy Rights
As a data subject, you have the following rights under applicable laws:
– Right of Access: You may request access to the personal data we hold about you.
– Right to Rectification: You may correct any inaccurate or incomplete information we hold.
– Right to Erasure: You may request deletion of your personal data, subject to legal obligations.
– Right to Restriction: You may request that we limit the processing of your data under certain circumstances.
– Right to Data Portability: You may request to receive your data in a structured, machine-readable format and have it transferred to another controller.
– Right to Object: You may object to data processing based on legitimate interests or direct marketing purposes.
– Right to Withdraw Consent: Where processing is based on your consent, you may withdraw it at any time without affecting prior processing.
Requests may be submitted via email at [email protected]. We will respond as required under applicable data protection laws.
6. Data Security Measures
We implement a robust, multi-layered approach to data security including:
– Industry-standard SSL encryption to protect data in transit.
– Secure access management and role-based controls for employee access.
– Regular system backups and encrypted data storage.
– Cybersecurity training for staff.
– Ongoing monitoring of systems for vulnerabilities and unauthorized access.
7. International Data Transfers
Where required, we may transfer your data to countries outside the UK or EEA. Such transfers are made only:
– To countries deemed to provide adequate protection, or
– Subject to Standard Contractual Clauses approved by the European Commission, or
– Under binding corporate rules and appropriate safeguards consistent with GDPR and CCPA requirements.
8. Data Retention
Personal data is retained only for as long as necessary for the purposes described in this policy or to comply with applicable legal and regulatory obligations. Specific retention periods are as follows:
– Usage and Technical Data: retained for up to 12 months to support performance monitoring.
– Account, Profile, and Transaction Data: retained for up to 7 years for accounting and tax purposes.
– Communication Data: retained for a maximum of 24 months for customer service history.
– Marketing and Preference Data: retained until you withdraw consent or update your preferences.
Upon expiration of these periods, data is securely deleted or anonymised.
9. Use of Cookies
freshstepsuk.com uses cookies and similar technologies to enhance functionality, personalise content, and improve user experience. Cookies we employ include:
– Essential Cookies: Required for the core operation of the website (e.g., login sessions, shopping cart functionality).
– Functional Cookies: Enable enhanced personalization and remembering user settings.
– Analytics Cookies: Collect statistical data on how the website is used (e.g., Google Analytics).
– Performance Cookies: Monitor website uptime and responsiveness.
10. Cookie Management & Compliance
Consent for non-essential cookies is obtained through a compliant banner when you first visit our website. You can manage, update, or revoke your cookie preferences at any time via our Cookie Settings link provided in the website footer. You may also control cookies at the browser level. We honour “Do Not Track” signals from compatible browsers.
Under the CCPA, California residents have the right to opt out of the “sale” or “sharing” of their data. We do not sell personal information and respect CCPA directives.
11. Children’s Privacy Protections
Our services are not intended for children under the age of 13. We do not knowingly collect or solicit personal data from children under this age. If you believe we may have collected data from a child under 13, please contact us immediately at [email protected] so that we can investigate and delete the data if appropriate.
12. Policy Revisions and Updates
We reserve the right to amend this Privacy Policy to reflect changes in technology, legislation, or our data practices. Any substantial policy changes will be communicated through notice on freshstepsuk.com and/or direct communication when practical. Continued use of the site following any updates constitutes agreement to the revised policy.
13. Contact Information
If you have any questions, concerns, or requests in relation to this Privacy Policy or your personal data, please contact us at:
Email: [email protected]
We take privacy seriously and strive to uphold the highest standards of data protection in compliance with applicable UK, EU, and California laws and regulations.