At BuyABrickForUs, we are committed to keeping your information secure and manage it in accordance with our legal responsibilities under privacy and data protection laws where we operate.
By visiting our Website or using any of our services, you agree to your personal information being used and disclosed in the manner set out in this Policy. In certain countries, we will not collect personal information from you unless you have specifically agreed to us doing so (for example through your acceptance of this Policy or via an electronic tick-box or other similar measures as required by local privacy and data protection laws).
You do not have to provide your personal information to us, but if you do not provide certain information we will only be able to provide limited services to you.
The personal information that we collect
When you use the Website, as is the case with most websites, certain limited information (such as your browser type and IP address) will be collected by us automatically.
We will also will collect and store certain personal and private information as follows:
Creating a BuyABrickForUs account
We will collect basic contact and account information about you to set up your BuyABrickForUs account; and enable you to easily create a payment account so that you can receive funds directly. This will include your name, address, email address, phone and date of birth (these latter are requirements in the UK for creating an authorised payment account). We will also ask you to create a username and generate a secure password for you so you can gain secure access to your account in the future.
Making purchases via the Website
To enable us to process payments, we will collect basic required payment information, including your billing address. This is to ensure that we are compliant with PCI standards and to help reduce incidences of fraud.
Raising money through the Website
We will use the details you provided when you set up your account to create your Gift List page (herein known as the “Gift List”). When you create a payment account, we will also store appropriate account IDs and API keys to create charges and pass funds to your account on your behalf. Although your personal bank account details are required to create a payment account, we do not store this information in any way, shape or form; it is instead passed directly & securely to the payment provider, who provide us with a encrypted single-use token to authorise your information.
Information about others
You may provide us with information about others (or authorise us to collect this information on your behalf from your social networks or your email contacts list) for example, so we can help you tell your friends & family about your Gift List.
You must ensure that they are happy and have agreed to you providing us with their information. Where required by local laws, we would advise you to keep a record of their agreement and provide them with a copy of, or link to, this Policy.
You should also only contact individuals via the Website who you know would be happy to hear from you and must not use our services to send unsolicited ‘spam’ messages.
How we use personal information
We use the personal information collected from users for a number of purposes:
- Administering payments (and notifications thereof) for purchases made via a Gift List;
- Personalising the look and feel of the Website (as well as our communications with users) to fit personal preferences which you have told us about or which we have inferred from your usage of our website (such as purchase history or Gift List activity; and, where you have given us permission, via social networks (see also the Cookies and Analytics sections for more information)) or derived from market research;
- Providing users with information on how others are using our website, including: (i) their friends (or people they are connected with) on social networks; and/or (ii) other people which we have noticed the user is connected with via service usage;
- To help us prevent fraud associated with online payments;
- Where a user sets up a Gift List, to carry out bank account verification and identity checking;
- Providing information to Gift List Owners to let them know about contributions made to their Gift List;
- Allowing Gift List Owners who are registered and authorised to use our services to have visibility of the purchases made via their Gift List so they can track the total purchases and the basic details provided of the people who made said purchases (name, email & message, if added);
- Providing service update emails regarding the BuyABrickForUs service and your specific account; and
- Improving the service we offer – for example you may be asked to complete one of our online user satisfaction surveys.
We understand that some people prefer to buy gifts privately. We respect this and offer the opportunity make a purchase without including a public note on purchases you have made on our site. However, the owner of a Gift List from which you have made your purchase will be provided with your name and the total of your donation.
We do not provide any personal information other than your name and email address; or where we are required to do so by applicable law.
You may receive further correspondence from Gift List Owners, including emails to thank you for your donation. This is entirely at the discretion of the Gift List Owners, and made through their own means (personal email, social media account or otherwise). Any further correspondence you receive from them will not be governed by this Policy; it will be governed by the respective privacy policies of the services they use (if applicable).
We will only use your information where we have obtained appropriate permissions from you (e.g. with tick boxes) and will only use the information in accordance with this Policy, or where it is required and authorised by law.
Communications from us
Where you have indicated you would like to receive updates we may send marketing in the form of email alerts and bulletins to tell you about developments in the services available through our website, together with tips, news stories and competitions.
Where you have indicated that you would like to receive direct marketing communications from us, we will use your personal preferences which you have told us about, which we have derived from Cookies (see our Cookies Policy) and/or which we have inferred from your service usage (see Analytics below) or market research.
You can also unsubscribe from receiving certain electronic messages by following the “unsubscribe” instructions included in our communications.
Providing information to others
We work closely with a number of trusted partners with whom we need to share personal information to help us operate the BuyABrickForUs service. These include:
- Payment providers, to authorise and complete payment transactions; who may in turn use your information for purposes including:
- Third-party identity checking or credit reference agencies – for the purposes of identity checking and bank account verification;
- Organisations within the payment card industry to help prevent online fraud;
- Law enforcement bodies in order to comply with any legal obligation or court order and, where we are otherwise requested to provide information, we may provide it but only in accordance with applicable privacy and data protection laws;
We may also provide information to third party service providers who process information on our behalf to help run some of our internal business operations including email distribution, IT services and customer services (see Working with service providers).
We will only share information with such organisations where we have your permission to do so in accordance with this Policy, or where we believe it is necessary for a legitimate reason connected with the services we offer.
You agree that we may disclose or share your personal information with such partners in order that we may operate the BuyABrickForUs service.
Working with service providers
For operational reasons, we transfer personal information to service providers and our group companies who help us manage our systems and processes (such as card payment providers), and to deliver our services to users.
These service providers and group companies may be located in the UK, other countries in the European Economic Area or elsewhere in the world. Different privacy laws may apply in these countries and you understand and unambiguously consent to the transfer of personal information to these countries, group companies and service providers.
We only make these arrangements or transfers where we are satisfied that adequate levels of protection are in place to protect any information held in that country or that the service provider acts at all times in compliance with applicable privacy laws. Where required under applicable laws we will take measures to ensure that personal information handled in other countries will receive at least the same level of protection as it is given in your home country.
In the event your personal information is transferred to a foreign jurisdiction, it may be subject to the laws of that jurisdiction and we may be required to disclose it to the courts, law enforcement or governmental authorities in those jurisdictions but we will only do so where required by applicable laws.
Keeping information secure
We invest significant resources to protect your personal information, from loss, misuse, unauthorised access, modification or disclosure. However, no internet-based site can be 100% secure and we cannot be held responsible for unauthorised or unintended access that is beyond our control.
All secure transaction and credit & debit card information used for any and all purchases on the Website is encrypted using 128-bit SSL certificates from LetsEncrypt. No cardholder information is ever passed unencrypted in a web browser to BuyABrickForUs; and no credit or debit card information is ever passed directly to BuyABrickForUs, period. You can be completely secure in the knowledge that nothing you enter as part of a secure BuyABrickForUs transaction can be examined, used or modified by any third parties attempting to gain access to sensitive information.
BuyABrickForUs has no knowledge of, or access to, your credit/debit card long number, nor the 3-digit Card Security Code (CSC), sometimes called Card Verification Value or Code (CVV or CVC).
BuyABrickForUs authorises credit & debit card transactions via Stripe. Any cardholder information sent to the banks and any authorisation message coming back is secure and cannot be tampered with.
Our systems only allow access to authorised staff. Your transaction information and customer card information is secure even from our own employees; neither our own systems nor those of Stripe ever display the full card numbers or CSC numbers, even on administration screens.
Updating your account and preferences
Keeping your records
We keep records for as long as required to operate the service in accordance with legal, tax and accounting requirements. Where your information is no longer required, we will ensure it is disposed of in a secure manner and, where required by applicable law (e.g. in the UAE) we will notify you when such information has been disposed of.
Analytics and social media plugins
We use analytics tools on our website to provide the service you request, identify service issues to us, improve our services and to provide content tailored to users’ personal preferences and profiles.
These tools may be provided by third-party service providers and may include the collection and tracking of certain data and information regarding the characteristics and activities of visitors to our website. We may disclose data, including personal information, to certain such third-party services providers in order to obtain such services.
If you use buttons on our website linked to social media or similar sites (for example Like/Tweet/Share buttons), content from our website may be sent back to that other website and, depending on your privacy settings, may be privately or publicly visible (for example to friends, followers or anyone who has access to your profile page).
- User authentication (to keep track if you’re logged in);
- Keep track of your shopping basket;
- Social media platforms (if you are currently logged in to any);
- and Analytics functionality.
A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server. This enables BuyABrickForUs to identify and track the browsing of our website. None of the cookies we use provide any functionality outside the remit of the Website, nor track your behaviour across other websites. For more information, you can read the EU Internet Handbook section on cookies.
If you wish to refuse to accept cookies or to delete cookies stored on your computer you can do so by altering the settings on your web browser. Most browsers allow you to reject all cookies, but some will only allow you to block third party cookies. For more information, see All About Cookies on BBC WebWise.
Please note that refusing to accept cookies may have a negative impact on the usability of our website. If you delete or block cookies, we will not be able to recognise the contents of your basket, the details of which Gift List you are purchasing for, or you details when creating an account with BuyABrickForUs.
We may use both ‘session’ cookies and ‘persistent’ cookies on the website. Session cookies will be deleted from your computer when you close your browser. Persistent cookies will remain stored on your computer until deleted, or until they reach a specified expiry date.
We use session cookies to keep track of your browsing whilst you navigate the website; keep track of items in your shopping basket and/or details of your sign-up process; and prevent fraud and increase website security. We use persistent cookies to enable our website to recognise you when you visit; and keep track of your preferences in relation to your use of our website.
Our payment services providers may also send you cookies. Please note that our cookies policy does not apply to, and we are not responsible for, the privacy practices of third party websites which may be linked to this website.
You have the right to request copies of certain of your personal information within our custody and control and details of how we use that information. If you think any of the personal information we hold about you is inaccurate, you may also request it is corrected. You also have a right, in certain circumstances, to require us to stop processing your personal information.
In relation to all of these rights, please contact support. Please note that we may, where permitted under applicable law, charge a small administrative fee and / or request proof of identity. We will respond to your requests within all applicable timeframes.
In certain circumstances (for example where required or permitted by law) we might not be able to provide you with access to some of your personal information, but where appropriate we will notify you of the reasons for this.
If you have a complaint about how we have handled your personal information you may contact support and we will investigate your complaint.
Third party sites
This Policy only applies to the Website. If you land on our site from other websites (or move to other sites from our website) you should read their separate privacy policies.
We keep this Policy under regular review and place updates on the Website from time to time. Please review this policy periodically for changes.
However, we will always attempt to notify you of material changes we make to this Policy and, where required under applicable privacy and data protection legislation, we will appropriately notify or give you the option to consent to changes to the Policy.
If you do not accept the amended Policy, please stop using the Website.
If you have any questions about this Policy, or would like to exercise your rights with respect to your personal information, please contact support.