A. Introduction

We are Noah's Box Limited (company number 11389600) registered in England with our registered office at 17-21 Wenlock Road, Unit C, London N1 7GT. (and we refer to ourselves as “Noah's Box”, “we” or “us” or “our” in this document).

We are committed to protecting your privacy. We ask that you please read the following carefully to understand our views and practices regarding your personal data and how we, as data controller of your personal data, will treat it. When we refer to the terms “data controller” and “personal data” in this Privacy Policy, they have meanings given to them in Data Protection Act 1998 (the “Act”).

Your “information” that we collect and process (as described in this Privacy Policy) may include your personal data and we will treat that information accordingly.

We will only use the information that we collect about you lawfully (in accordance with the Act and other applicable data protection laws in the UK). We are registered with the Information Commissioner’s Office (registration number ZA448759).

This privacy notice aims to give you information on how we collect and process your personal data through your use of this website, including any data you may provide through this website when you sign up to our newsletter, purchase a product or service or take part in a competition.

It is important that you read this privacy notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy notice supplements the other notices and is not intended to override them.

Controller. Noah's Box Limited is the controller and responsible for your personal data (collectively referred to as "we", "us" or "our" in this privacy notice.

If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact us on info@noahsbox.com.

B. The Information We Collect

Data we collect from you directly.

When you register on www.noahsbox.com (the “Site”) or the Beyond The Box mobile app (referred to as the “Site”), or you buy anything from us we will ask for some or all of the following information: your name, email address, phone number and full and shipping and billing addresses, including postcode. We also have a record of your password and IP address.

If you buy from us, you will also be asked to provide payment information; this is to be collected by a third party payment gateway and we do not see this. Please see the section on “Payment Information”, below, for more information on payment data.

We may also ask you sometimes to provide your age and possibly certain other personal details such as gender or where you heard about us.

Data we collect from your activity on the Site

As you use the Site, we collect data about your activity on the Site. This includes things like:

  • Information on what you buy and how you use the Site.
  • Information about your use of various Site services.
  • Your communications with Noah's Box.
  • Other information related to your activity, such as which website referred you to us.

Data we collect from other sources. We may receive information about you from third party sources, such as data aggregators and from third parties to whom you have given permission to share your information or from whom you have given us permission to request your information. For instance, by registering for the Site using Facebook or another social network, you grant permission to that network to share your details. Depending on the network rules and your settings on it, this may include data such as your date of birth, your marital status, the number of people in your household and other information.

Sensitive Personal Data. Sensitive personal data is defined by the Data Protection Act and includes details such as information related to your health, sexual orientation, religion, race or ethnic origin. For the most part, we will not need any Sensitive Personal Data in order to provide our services and we will not request it.

C. How We Use the Information We Collect

We use the personal data we collect to provide the Site, the goods on the Site and services related to them, to customise and improve your experience with Noah's Box, to make your experience as enjoyable and efficient as possible and for commercial purposes.

Use of Information to Provide the Services. Certain information is required in order for the Site to operate.

Here are some specific examples of information used:

  • Your email address and password allows us to recognise you when you return so that we can provide you with a faster service and a personal user account.
  • Your address allows us to verify we can deliver to you – and also to tell us where to deliver!
  • We use your IP address to prevent any spam, fraud or abuse of our site.
  • We use your login data to allow you to place an order.
  • To facilitate your using the Site, we may (or your browser may) pre-populate certain fields in the registration forms. If we do so, it will be for fields for which we already hold your information, such as your name and email address. You always have the opportunity to delete any fields that we pre-populate.
  • When you place an order on the Site we will ask you for your full name, your telephone number and shipping and billing addresses (among other things). On subsequent purchases, we may pre-populate these fields for you with the information previously provided. You always have the opportunity to amend any fields that we pre-populate at the point of purchase.
  • We use information collected by us on transactions you have completed order to monitor service quality levels and to provide service and support to Noah's Box users in general and for individual sales.
  • With your consent, we use your information to send you marketing e-mails about upcoming promotions, and other news, including information about products and services offered by us and our affiliates.
  • We may also use your information as we believe necessary or appropriate to: (a) comply with applicable laws; (b) comply with lawful requests and legal process, including to respond to requests from public and government authorities; (c) enforce this Privacy Policy; and (d) protect our rights, privacy, safety or property, and/or that of you or others

Use of information to customise and improve the Noah's Box experience. We want your shopping experience with us to be as enjoyable as possible. We will collect the data about your shopping activities and preferences to customise your account (in addition to how you customise it yourself) and to enable us to provide an efficient and user-friendly service. We will also use it to improve the quality of the Site.

Here are some specific examples of how we use your data:

  • We keep details of purchases from us, and we may make this information available to you via for your review and record-keeping purposes.
  • We may keep a record of certain of your preferences, so you don’t need to reset these preferences every time you start shopping.
  • We keep a record of your login details to make it faster for you to place orders in the future so that you do not continually have to re-enter such details.
  • Paying attention to how you use the Site helps us to develop improvements to the Site and the goods and service we offer.
  • If you have been referred to us by a third-party website, we may keep a record of the website that referred you so that we may work out which websites refer more or less users to our Site. We may also have referral arrangements with certain third-party websites and referrers and we may use this data to fulfil obligations that we may have to these third-party websites or referrers.
  • We collect and track individual and aggregate information about shopping habits, products and service preferences and selections which users have made and the like. We use this information for the personalisation or general improvement of the goods and service we offer, but also for the purpose of business research. You can see more about aggregate information below.
  • We collect and track individual and aggregate connection information such as browser type and version, operating system and platform; other software and hardware information and the like. We use this information to understand how and when our users access our online services, and so we can further develop our Site and goods and services to suit.

Use of Information for Commercial Purposes. We may earn revenues (which allows us to keep the Site online and our prices for our goods low!) through sources including advertising sales, including online behavioural advertising, including personalised retargeting advertising, and through the sale of business intelligence data.

Here is how your information is used for this:

  • We may share information with certain carefully selected third party partners so that they can:
    • present you with advertisements and promotional offers that are relevant to you and your interests or, alternatively;
    • to present you with advertisements on Noah's Box based on your activity on other websites. For example, you may see ads for products you viewed on another website while browsing Noah's Box.

For more information on data sharing, please see the “Data Sharing” section.

We collect and may display or use for the purposes of marketing and advertising the Site, our goods, our services or ourselves, any testimonials or reviews you provide us with about the Site, our products or our services or ourselves – and we may append to the testimonial or review your first name (but not your surname) and general geographic location (e.g. City or locale).

Use of Your Email Address. We use your email address to communicate with you. We will send you both transactional and service message emails so we can communicate with you about Site updates or your activity on the Site. For instance, we may send you emails:

  • notifying you of your registration details
  • after you have made a purchase, to confirm the order and update you on the status of the order and its delivery
  • to remind you of items you have abandoned in your cart
  • to send you information which you have asked for
  • for market research, ratings or reviews purposes, which may or may not be sent via an independent market research company on our behalf
  • to contact you about the status of ratings or reviews you have submitted.

Your acceptance of the Noah's Box T&C means that you are giving us consent to send you these emails. These emails are not marketing emails and we do not require you to explicitly opt in to receive them.

As noted above, we may use your email address to send you direct marketing communications. However, unless you explicitly opt into receiving these marketing emails, you will not receive any from us or any of our partners. You are entitled to opt out of marketing emails we may send you at any time by clicking on the "unsubscribe" link in the email footer. Please note, even if you do opt out, we may still send you non-marketing emails – non-marketing emails include emails about your Account with us (if you have one) and our business dealings with you.

Aggregate Information and Profiling. Aggregate information is data we collect about a group or category of products, services or users, from which individual user identities have been removed and from which it is not possible to work out individual customer identities. In other words, information about how you use a service may be collected and combined with information about how others use the same service, but all such information will be anonymised and no identifying information will be included in the resulting data.


Aggregate data helps us to understand trends and customer needs so that new products and services can be considered and so that existing products and services can be tailored to customer desires. We use and disclose anonymised aggregate information to provide other products and services, as well for the purposes of evaluating and improving our existing products and services. We may also sell such aggregate information through business channels.

This aggregation may include grouping customer profiles by shared characteristics such as demographic, geographic, psychographic and behavioural characteristics to better improve our ability to offer relevant products and services to you based on your demographic, geographic, psychographic and behavioural characteristics.

Failure to provide personal information. Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

D. Purposes for which we will use your personal data

Purposes for which we will use your personal data. We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact info@noahsbox.com if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.

Purpose/Activity  

Type of data  

Lawful basis for processing including basis of legitimate interest  

To register you as a new customer

(a) Identity

(b) Contact  

Performance of a contract with you

 

To process and deliver your order including:

(a) Manage payments, fees and charges

(b) Collect and recover money owed to us

(a) Identity

(b) Contact

(c) Financial

(d) Transaction

(e) Marketing and Communications

(a) Performance of a contract with you

(b) Necessary for our legitimate interests (to recover debts due to us)

 

To manage our relationship with you which will include:

(a) Notifying you about changes to our terms or privacy policy

(b) Asking you to leave a review or

take a survey  

(a) Identity

(b) Contact

(c) Profile

(d) Marketing and Communications

 

(a) Performance of a contract with you

(b) Necessary to comply with a legal obligation

(c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)


To enable you to partake in a prize draw, competition or complete a survey

 

(a) Identity

(b) Contact

(c) Profile

(d) Usage

(e) Marketing and Communications

(a) Performance of a contract with you

(b) Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business)

To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)

(a) Identity

(b) Contact

(c) Technical

(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)

(b) Necessary to comply with a legal obligation

To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you  

(a) Identity

(b) Contact

(c) Profile

(d) Usage

(e) Marketing and Communications

(f) Technical

 

Necessary for our legitimate

interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)  

To use data analytics to improve our website, products/services, marketing, customer relationships and experiences including customer profiling

(a) Technical

(b) Usage

Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)  

To make suggestions and recommendations to you about goods or services that may be of interest to you


 (a) Identity

 (b) Contact

 (c) Technical

 (d) Usage

 (e) Profile

 

Necessary for our legitimate

interests (to develop our products/services and grow our business)

E. Payment Information

Anyone wishing to complete a purchase via payment card on the Site must provide the information for that payment card (eg, debit or credit card). We receive secure payment card acceptance and vaulting services from third party payment processers. We neither receive nor store any payment card details ourselves. Your payment details are received only by the third-party payment processor and are not shared with any third parties. The third-party payment processers will store your payment card details for use by you in future transactions.

Currently, Noah's Box receives payment card acceptance and vaulting services from Shopify. For more information, please see Shopifys terms and conditions.

 

Klarna. In order to be able to offer you Klarna’s payment options, we will pass to Klarna certain aspects of your personal information, such as contact and order details, in order for Klarna to assess whether you qualify for their payment options and to tailor the payment options for you.


General information on Klarna can be found here. Your personal data is handled in accordance with applicable data protection law and in accordance with the information in Klarna’s privacy policy.


F. Security Measures

All of the information we collect about you is stored on our secure servers and will be held securely in accordance with our internal security policy and the law. For example, we use secure encryption to hold passwords (e.g. the password allocated as part of the registration process – which may later be changed).

With your consent, we may send your information internationally including to countries outside the European Economic Area (EEA). While we will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy, some places outside of the EEA may not have adequate data protection laws at all or may offer differing levels of protection of personal data which are not as high as in the UK. By submitting your data to us, you acknowledge that provided we have used your data in the ways set out in this Privacy Policy, we cannot be held responsible for any use of your data by third parties who receive and process your data.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

G. Technology

Noah's Box and its partners and service providers use cookies on the Site, to customise and improve your experience and for commercial purposes. You can find more information on the cookies used by Noah's Box, our partners, service providers and other third parties as well as how to manage your cookie choices in our Cookies Policy.

H. Data Sharing

There are a number of instances in which Noah's Box may share your personal data. This may be in order to allow us to operate the Site, for corporate or statutory purposes or as part of a partnership with a third party. All recipients of your personal data are required to treat it in accordance with the Data Protection Act 1998 and other applicable data protection laws in the UK and this Privacy Policy.

Your acceptance of the Noah's Box Terms and Conditions (in accordance with the provisions thereof) means that you are giving us consent to share your personal data with our carefully selected third party partners. However, you can easily opt out of this sharing of your personal data by emailing info@noahsbox.com. Even if you opt out, we will still share your personal data as needed to operate the Site or as is needed for corporate or statutory purposes.

For more information on how we might share your personal data and with whom, please see below:

Third Parties Designated by You. We may share your personal data with third parties where you have provided your consent to do so.

Our Third Party Service Providers. We may share your personal data with our third party service providers who provide services such as data analysis, payment processing, information technology and related infrastructure provision, customer service, email delivery, auditing and other similar services. These third parties are only permitted to use your personal data to the extent necessary to enable them to provide their services to us. They are required to follow our express instructions and to comply with appropriate security measures to protect your personal data.

Affiliates. We may share some or all of your personal data with our affiliates, in which case we will require our affiliates to comply with this Privacy Policy. In particular, we may share your personal data with our affiliates where you opt-in to receive marketing communications from Noah's Box and its affiliates.

Operating Purposes

  • At times we work with other companies who help us to provide the Site to you or provide other support services pertaining to the operation of the Site and to the supply of products or services to you. These companies receive only the personal data required in order to provide services, and are not allowed to use that information for anything aside from providing the services.
  • We reserve the right to investigate suspected violations of our Terms and Conditions or illegal, fraudulent or inappropriate behaviour on the Site; and to engage in activities needed to protect the rights, property, or safety of ourselves, of our users, or of others. To that end, and to the extent necessary to achieve the forgoing, we may exchange information with other companies and organisations, including but not limited to our partners and law enforcement agencies.

Third Party Partnerships. We may share your personal data with other third parties with whom we have a third-party partnership. However, if we do so, we will always list here who they are, what information they have and what they do with it.

If you would like to learn more about behavioural advertising, please visit (http://www.youronlinechoices.com/uk/).

If you wish to manage your other online behavioural advertising choices, you may do so athttp://www.youronlinechoices.com/uk/your-ad-choices

Corporate Restructuring. We may share personal data when we do a business deal, or negotiate a business deal, involving the sale or transfer of all or a part of our business or assets. These deals can include any merger, financing, acquisition, or bankruptcy transaction or proceeding.

Other Disclosures. We may share personal data as we believe necessary or appropriate (a) to comply with applicable laws; (b) to comply with lawful requests and legal process, including to respond to requests from public and government authorities to meet national security or law enforcement requirements; (c) to enforce this Privacy Policy; and (d) to protect our rights, privacy, safety or property, and/or that of you or others.

I. Your Rights

Opt-out. You may contact us anytime to opt-out of: (a) direct marketing communications; (b) automated decision making and/or profiling; (c) our collection of sensitive data (if applicable); (d) any new processing or your personal data we carry out beyond the original purpose; or (e) the transfer of your personal data outside the EEA.

Please note that if you do opt out, some parts of the Site may become ineffective.

Access. You may access the information we hold about you at any time by contacting us directly at info@noahsbox.com or via your Account on the Site (if applicable).

Amend. You can also contact us to update or correct any inaccuracies in your personal data.

Move. Your personal data is portable – i.e. you to have the flexibility to move your personal data to other service providers as you wish.

Erase and forget. In certain situations, for example, when the information we hold about you is no longer relevant or is incorrect, you can request that we erase your personal data.

If you wish to exercise any of these rights, please contact us at:

info@noahsbox.com

Data Protection Request

info@noahsbox.com

In your request, please make clear:

  • what personal data is concerned; and
  • which of the above rights you would like to enforce.

For your protection, we may only implement requests with respect to the personal data associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request.

We will try to comply with your request as soon as reasonably practicable and in any event, within one month of your request. Please note that we may need to retain certain information for recordkeeping purposes and/or to complete any transactions that you began prior to requesting such change or deletion.

No fee usually required. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

What we may need from you. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Time limit to respond. We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Complaints. You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

J. Data Retention

How long will you use my personal data for.  We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

 

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Details of retention periods for different aspects of your personal data are available in our retention policy which you can request from us by  info@noahsbox.com

In some circumstances, we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

K. This Privacy Policy

Please note that this Privacy Policy forms part of the Terms and Conditions for use of the Site and forms part of that agreement between you and us. We may update this Privacy Policy from time to time – provided always that if we are going to make any material changes, we will request your consent to such revised Privacy Policy.

L. Questions or Comments?

If you have any further questions about our Privacy Policy, please contact our Customer Support via info@noahsbox.com