Privacy and Cookie
Amyris Plants Oil is all about you – our customers and colleagues, our suppliers and our business partners – so we truly value our relationship with you and the trust you place in us.
Respect for the Individual is at the heart of all we do, so we do take our responsibilities to each one of you, regarding your Privacy and Personal Information, very seriously.
Privacy Notice Explained
This Privacy Notice tells you all about how we collect and process your Personal Information, and why we are allowed to do so. If you want to know more about your Privacy Rights and how to make a Rights Request, simply head to the Rights request page.
Supplementary Notice Information
You may want to know more about certain types of processing, so at the bottom of the page you’ll find some supplementary notice information that provides additional detail about some of our more complex activities. For the fullest picture, we recommend that this information is read in parallel with our Privacy Notice.
Privacy Notice Updates
We regularly review our notices to ensure that they accurately reflect our processing activities. Whenever we make a significant change, you can be assured that we will notify you of this. You can see the date our notices were last updated at the bottom of each page.
What is Personal Information?
Personal Information (also known as personal data) is any information that identifies someone and any information that relates to that identified person. For example, if you have an Amyris Plants Oil online account, your name and email address are information that identifies you, and your orders are information that relate to you.
Who is the Controller of your Personal Information?
The Controller of your Personal Information is Amyris Plants Oil Ltd. (with registered address at Broadgate House, Flat – 11, 727 Barking Road, Plaistow, London E13 9ES, United Kingdom) unless we tell you otherwise. Contact Us for details on how to contact our Data Protection Officer if you have any questions or concerns about our handling of your Personal Information, or if you wish to make a complaint.
What Personal Information do we collect and how do we use it?
Where do we collect your Personal Information from?
We collect most Personal Information directly from you, for example when you register with us online, purchase products from us, enter an Amyris Plants Oil competition, get in touch with us, or help us investigate an accident or incident.
We collect some Personal Information through observation, for example how you have used our websites or Apps.
In some cases our partners provide us with Personal Information. For example, our commercial agents shares some Personal Information to help us deliver and promote our products to you if you have given them your permission.
We do not buy or sell your Personal Information.
Why are we allowed to collect and use your Personal Information?
a) You have specifically given us your permission. The law defines it as consent. Where we need your consent to use your Personal Information for a particular purpose, we must be able to show that the consent is:
- Specific – we have to tell you exactly what activity your consent covers.
- Informed – we have to provide you with clear details of what you are consenting to.
- Freely-given – you must have a genuine choice; for example, we will not allow you to register on our site as a customer if you chose not to consent to marketing emails. We cannot have such policy on our system.
- Unambiguous – this means that you must have clearly indicated your wishes by confirming your agreement to a statement (e.g. by ticking a box) or taking some positive action to show that you intended to give your consent. We cannot have already ticked box and expecting you to make choice by unticking the box.
We need your consent for the following activities – we will always make it clear at the time:
- Placing certain cookies on your device to find out how you use our websites so we can personalise what you see by tailoring advertisements and notifications to the things you are interested in.
- Using the location tracking function on your mobile device to enable location based services and advertising.
- Certain situations where you share sensitive (special category) information about yourself, such as your health.
You will be able to withdraw your consent at any time for these activities, or others that you may have specifically consented to, by getting in touch using the Contact Us page, or in some cases changing your account settings.
Remember if you want to stop Direct Marketing, you can also click ‘unsubscribe’ on your email, text ‘STOP’ on SMS or you can write to us at registered address.
b. We need to use your Personal Information to meet our contractual obligations to you (known as for the performance of a contract). For example:
o We collect your credit or debit card details to take payment for something you are buying from us.
o We collect your purchased product details to enable us to provide product you have chosen to buy online.
o We use your address and contact details to arrange delivery of your orders.
c. We need to use your Personal Information to enable us to run our business successfully. The law calls it legitimate interests. We can only do this where we have assessed that there is little or no risk to you or your Personal Information rights, and we do this by performing a balancing test assessment. We use legitimate interests for:
o Creating and using anonymised customer profiles to help us gain insight to understand what our customers like are in order to help us improve products, services, websites and communications. We do not do this on a one to one customer basis; instead, we gather collective information from all our customers to understand what they like as a group and then we are able to change our approach for the benefit of everyone.
o Some of our direct marketing activity, where the law allows us to communicate with our customers about our products and services. In these cases, customers are always given an opportunity to opt out of this marketing before it is sent, and can stop it at any time, by clicking, ‘unsubscribe’ on emails, texting ‘STOP’ on SMS messages or by writing to us;
o Managing queries and concerns via our Customer Service teams;
o Fraud prevention.
d. We need to use your Personal Information to comply with a law or legal obligation that applies to us. These legal obligations include using your Personal Information for:
o Data Protection Act 2018 – For Privacy Compliance;
o Privacy and Electronic Communications Regulation (PECR) – For Privacy Compliance;
o Limitation Act 1980 – For Claims Management;
Who do we share your Personal Information with and who can access it?
We have controls to limit access to your Personal Information to:
a. Individual colleagues who need it to do their job, such as processing your online orders or dealing with enquiries and complaints;
b. Select business partners and third parties, who need it to provide services to us, such as delivering your orders, maintaining our computer systems or running marketing campaigns. For example vendors such as:
o Website Host server;
o Social Media sites, such as Twitter, Facebook and Instagram, where you have written or made comments to us;
o Technology providers, such as those who host some of our technology platforms or provide software to allow us to manage your accounts;
o Courier services, in order to deliver your purchases; and
If requested, and where it is required or permitted by law, we may provide Personal Information to:
E. Official bodies, such as government agencies, local authorities, regulators and the police, who are authorised to request Personal Information where it is necessary for their lawful purposes;
F. Amyris Plant Oil Ltd’s advisers, including lawyers, insurers, accountants and auditors;
If you would like to understand more detail about which trusted third parties we may share your Personal Information with, please get in touch with us using the Contact Us page.
Where do we store and process your Personal Information?
Our computer systems, including our website, are hosted in the United Kingdom by a registered hosting service provider. This agreement requires wherever your Personal Information is held, it is protected to the same high standard as required by law in the UK. You can request a copy of a data transfer agreement from our Data Protection Officer using the Contact Us page.
How long do we keep your Personal Information?
Unless otherwise stated in one of the specific Privacy Notices at the bottom of this page, we will keep your Personal Information for three years then we will securely delete it.
We do need to keep some anonymous information for longer than this, such as customers’ shopping habits and buying patterns, so we can analyse it to identify trends and changes in activity and buying habits. We remove all names, contact details and any other information that identify individual customers, so it’s all just anonymous numbers and data.
How do we protect and secure your Personal Information?
We use security measures, including physical, administrative, and technical safeguards to protect the confidentiality of your Personal Information. These measures include encryption, security certificates, access controls, information security technologies, policies, procedures and other information security measures to help protect your Information.
When designing or implementing new computer systems and processes we look at ways to identify and mitigate potential security risks and then monitor and test our security systems to help protect your Personal Information.
Where possible, we also try to anonymise information so that individuals can’t be identified from it. An example of this is what we call Customer Insight. We analyse data about our customers’ shopping patterns and habits, and use this to help us improve our product lines, how we display them on our website and so on. However, we don’t need to know who these customers are, we just need to know information such as how many bought certain products at certain times, or how much the average customer spends each week. So, instead of just putting all of our customers’ information together and analysing it, we first remove the pieces of information that could identify them, such as names, contact details, addresses and so on.