This Privacy Notice covers all of the ways in which your personal data is collected and managed by NHBS. It also explains how the data is used, the measures we take to keep it safe, and what your rights are as one of our customers
The following information should answer most of the questions you have, but if you would like to contact us about anything further, please do get in touch by emailing firstname.lastname@example.org.
The information in this notice may be updated occasionally, but we will always notify you if we make any significant changes.
Throughout this notice, the terms ‘we’ and ‘us’ refer to NHBS Ltd. The term ‘customer’ refers to any individual or organisation that has purchased goods or services from us at any time in the past.
We may collect data from individuals who browse www.nhbs.com, sign up to our mailing list or interact with us via phone, email, fax, social media or in person.
NHBS started life as the Natural History Book Service in London in 1985 with a paper catalogue of around 500 ornithology books. Since this time we have moved our business to www.nhbs.com where we showcase and sell our range of books, equipment, gifts and magazines.
In 2011 NHBS acquired Alana Ecology, the UK’s foremost supplier of ecology and conservation equipment. Following this, in 2016, we also took over EFE & GB Nets which specialised in the manufacture of high-quality entomology and aquatic ecology tools. These two companies are now managed entirely under the NHBS brand. NHBS also publishes the magazines British Wildlife and Conservation Land Management.
In September 2019 NHBS Ltd founded a wholly-owned subsidiary in Germany, NHBS GmbH, to serve our customers in Europe better. Customer data is held by NHBS Ltd and is accessible to both companies.
The legal basis for data collection
There are several reasons why a company such as NHBS may legally collect and process personal data. These include:
Consent: This covers all instances whereby you give your consent for data to be collected. For example, this may occur if you tick a box to indicate that you would like to receive an email newsletter.
Contractual obligations: This includes situations where we are obliged to collect personal data in order to carry out contractual obligations. For example, for us to process an order that you have placed on our website, we will need to collect your delivery and billing addresses, as well as your payment information.
Legal compliance: In rare situations we are obliged to collect data for legal reasons. An example of this is if we are subject to fraudulent activity, then data may need to be provided to the appropriate legal authority or law enforcement body.
Legitimate interest:This includes all situations whereby we collect data that is reasonably required for the running of our business. For example, we collect and analyse the shopping history and trends of our customers to make sure that our stock levels are sufficient and to identify the need for new products. We will never collect, use or sell information that could impact your rights, freedom or interests in any way.
When do we collect personal data from you?
What kinds of personal data do we collect?
Why do we need this data and how do we use it?
One of our main goals as an online retailer is to ensure that our customers have the best possible experience when using our website or interacting with us by phone, email or in person. One way that we do this is to use the data we collect to tailor our services, promotions and products effectively. This type of data collection and usage is covered by data privacy laws as a ‘legitimate interest’ as understanding our customers is vital to us operating a successful business.
Here is a breakdown of the ways in which we use your data:
How do we protect your personal data?
Protecting your personal data is extremely important to us, and we take the utmost care to ensure that it is safe at all times.
All transactional areas of our website are secured using https technology.
Access to your personal data is password-protected and internet traffic to www.nhbs.com is secured by SSL encryption.
Our system is regularly monitored for potential vulnerabilities and we carry out penetration testing as a way of determining the best methods of maximising our security.
Who do we share your personal data with?
Sometimes it is necessary for us to share your data with trusted third parties. For example, when dispatching your order we have to provide your delivery address details to a courier. In these situations we will only ever provide the minimum amount of information required for them to perform the service they are contracted for.
We will never sell your personal data or share it with third-parties who are not compliant with UK/EU data protection legislation, unless it is a legal requirement (e.g. to law enforcement bodies for fraud prevention).
Examples of organisations with which we might share your personal data are:
What are your rights?
You have the right to request the following things:
NHBS is a data controller and our contact is John Eskilsson, NHBS, 1-6 The Stables, Ford Road, Totnes, Devon, TQ9 5LE, email@example.com.
If you have concerns that your data has been handled inappropriately or you are unhappy with how we have dealt with any requests regarding your personal data, you can lodge a complaint with the Information Commissioner’s Office. Contact them by calling 0303 123 1113 or visit their website at www.ico.org.uk/concerns.
By shopping with us or otherwise providing your personal data to us, you expressly consent to us processing your personal data. You have the right to ask us not to process your data in certain ways and, if you do so, we will respect your wishes.
Sometimes we will need to transfer your personal data between countries to enable us to deliver the products that you have purchased from us. As part of our day-to-day business, we may transfer your personal data from your country of residence to ourselves and to third parties located in the UK or elsewhere.
By dealing with us, you are giving your consent to this overseas use, transfer and disclosure of your personal data outside your country of residence for our ordinary business purposes. This includes storage of your personal data on servers in the UK.
We’ll ensure that reasonable steps are taken to prevent third parties outside your country of residence using your personal data in any way that’s not set out in this Privacy Notice. We’ll also make sure we adequately protect the confidentiality and privacy of your personal data.