Privacy Policy

Blue Almonds Privacy Notice (UK)

Who we are
“Blue Almonds”, “we”, “us”, or “our” means Blue Almonds Ltd (company no. 08847186, England & Wales).
Registered office: Flat 1, 4 Gledhow Gardens, London, SW5 0BL, United Kingdom.
Trading address: 166 Walton Street, London, SW3 2JL, United Kingdom.
Contact (privacy): info@bluealmonds.co.uk (subject line: “Privacy request”).

We respect your privacy and are committed to protecting your personal data. This notice explains what we collect, why, how we use it, who we share it with, how long we keep it, and your rights.

1) Personal data we collect

  • Identity & contact data: name, email, phone, billing/delivery addresses.

  • Order & account data: purchases, returns, preferences, account IDs.

  • Payment data: we do not store full card details. Payments are processed by our provider (currently Opayo/SagePay/bank). We receive a token/last 4 digits/authorisation result only.

  • Technical & usage data: IP address, device/browser, pages viewed, interactions, via cookies and similar tech (see Cookie section).

  • Marketing preferences: newsletter and communication choices.

  • Job applicant data: CV, cover letter, interview notes.

  • Customer service data: emails, chats, call notes, complaints.

2) Purposes & lawful bases

We process your data only where we have a lawful basis:

  • To take and fulfil orders; deliver goods; process returnsContract.

  • To take payment and prevent fraudContract; Legitimate interests (fraud prevention); Legal obligation.

  • Account management and customer supportContract; Legitimate interests (service quality).

  • Service emails about your order/accountContract.

  • Direct marketing (email/SMS/app notifications)Consent (or Legitimate interests for “soft opt-in” to similar products if you bought from us and didn’t opt out; you can opt out anytime).

  • Analytics, performance and advertising cookies/remarketingConsent (PECR/GDPR).

  • Tax, accounting, regulatory complianceLegal obligation.

  • Security, network monitoring, fraud and misuse detectionLegitimate interests.

Where we rely on legitimate interests, we balance our interests against your rights and freedoms and only proceed if they are not overridden.

3) Cookies & similar technologies (PECR)

We use necessary cookies for core site functions. Analytics and advertising/remarketing cookies only run with your consent. You can manage or withdraw consent via our cookie banner at any time. See our Cookie Policy for a full list of cookies, purposes, and lifespans.

4) Sharing your data (recipients)

We share data with trusted processors who act on our instructions, such as:

  • E-commerce platform/hosting (e.g., Shopify or equivalent)

  • Payment processing (e.g., Opayo/SagePay, acquiring bank)

  • Couriers & logistics (e.g., Royal Mail, DHL, furniture carriers)

  • Email/SMS platforms & CRM (e.g., marketing automation tools)

  • IT/security, analytics and site support providers

  • Professional advisers (accountants, lawyers) and authorities where required by law.

We require processors to keep data secure, use it only for our purposes, and delete it when services end.

5) International transfers

If we transfer personal data outside the UK (for example to providers in the EEA/US), we use appropriate safeguards such as the UK International Data Transfer Agreement/Addendum or EU Standard Contractual Clauses plus UK addendum, and additional measures where needed. You can request details via info@bluealmonds.co.uk.

6) Retention: how long we keep data

We keep personal data only as long as necessary for the purposes above, then securely delete or anonymise it. Typical periods:

  • Orders & finance records: 6–7 years (tax/accounting).

  • Customer service correspondence: up to 3 years after resolution.

  • Marketing data: until you unsubscribe/withdraw consent or after 24 months of inactivity.

  • Job applications: up to 12 months if unsuccessful (unless you consent to longer); employment records: 6 years after employment ends.

  • Website logs (security/diagnostics): typically 12 months or less, unless required longer for investigations.

7) Your rights (UK GDPR)

You have the right to: access your data; rectify inaccuracies; erase (where applicable); restrict processing; object to processing (including direct marketing); data portability (where applicable); and withdraw consent at any time where processing relies on consent.
We will respond within one month. To exercise your rights, contact info@bluealmonds.co.uk. You can also complain to the ICO at https://ico.org.uk/concerns/.

8) Marketing choices

  • You can unsubscribe from marketing emails at any time via the link in our emails or by contacting us.

  • If we rely on soft opt-in for similar products, we’ll always offer an easy opt-out.

9) Security

We use appropriate technical and organisational measures to protect personal data (access controls, encryption in transit via TLS/SSL, least-privilege access, staff training). Card details are handled by our payment processor; we do not store full PAN/CVV.

10) Automated decision-making & profiling

We do not engage in automated decisions producing legal or similarly significant effects. We may segment audiences for marketing (e.g., product interests) — this is non-intrusive profiling and you can object at any time.

11) Children

We do not market to children or sell to minors. If you are under 18, please use the site only with the consent of a parent or guardian.

12) Complaints & contact

Questions, requests, or complaints: info@bluealmonds.co.uk.
You also have the right to complain to the Information Commissioner’s Office.

13) Updates to this notice

We may update this notice from time to time. The version and effective date will appear here; material changes will be highlighted where appropriate.

Effective date: 13/04/23