Who We Are
Think Better Group (‘we’ or ‘us’ or ‘our’) are a majority shareholder in Colonna and are a group focused building sustainable consumer brands with focus on delivering environmental sustainability.
Think Better Group Limited is the Data Controller for all the organisations within the Group that are covered by the scope of this notice. We gather and process your personal information in accordance with this privacy notice and in compliance with the relevant Data Protection Regulation and laws. This notice provides you with the necessary information regarding your rights and our obligations, and explains how, why and when we process your personal data.
Think Better Group Limited’s registered office is at Kibo House, Stockcroft Road, Balcombe, RH17 6HP and our company is registered in England and Wales under company number 7728447.
Our designated Data Protection Manager can be contacted via email at firstname.lastname@example.org
We appreciate the trust you place in us when sharing your personal data. The security of that data is very important to us. In this Privacy Notice, we explain how we collect, use, and protect your personal data. We also explain what rights you have with regard to your personal data and how you can exercise those rights.
This Privacy Notice is based on the terms used by the United Kingdom General Data Protection Regulation (UK GDPR) but for ease of understanding the following definitions apply.
Controller: the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by the Information Commissioners Office.
Personal data: any information relating to an identified or identifiable natural person (“Data Subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
Data subject: any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing.
Processor: a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.
Recipient: a natural or legal person, public authority, agency, or another body, to which the personal data are disclosed, whether a third party or not.
Third Party: a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Restriction of processing: the marking of stored personal data with the aim of limiting their processing in the future.
Processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
Profiling: any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location, or movements.
Consent: Consent of the data subject is any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Information That We Collect
We process your personal information to meet our legal, statutory, and contractual obligations and to provide you with our products and services. You may give us information about you by corresponding with us by phone, email, social-media or otherwise by submitting an enquiry via our website, by opting in to receive a newsletter, or when you take part in a prize draw, competition, or survey. We will never collect any unnecessary personal data from you and do not process your information in any way, other than as specified in this notice.
The personal data that we may, at request, collect in full or part thereof is:
The technical personal data that we collect from is:
In addition, to ensure that each visitor to any of our websites can use and navigate the site effectively, we collect the following:
We collect information in the below ways:
How We Use Your Personal Data
We take your privacy very seriously and will never disclose, share, or sell your data without your consent, unless required to do so by law. We only retain your data for as long as is necessary and for the purpose(s) specified in this notice. Where you have consented to us providing you with promotional offers and marketing, you are free to withdraw this consent at any time. The purposes and reasons for processing your personal data are detailed below:
You have the right to access any personal information that we process about you and to request information about:
If you believe that we hold any incomplete or inaccurate data about you, you have the right to ask us to correct and/or complete the information and we will strive to do so as quickly as possible; unless there is a valid reason for not doing so, at which point you will be notified.
You also have the right to request erasure of your personal data or to restrict processing (where applicable) in accordance with the data protection laws; as well as to object to any direct marketing from us. Where applicable, you have the right to data portability of your information and the right to be informed about any automated decision-making we may use.
If we receive a request from you to exercise any of the above rights, we may ask you to verify your identity before acting on the request; this is to ensure that your data is protected and kept secure.
Sharing and Disclosing Your Personal Information
We do not share or disclose any of your personal information without your consent, other than for the purposes specified in this notice or where there is a legal requirement. We use third parties to provide the below services and business functions; however, all processors acting on our behalf only process your data in accordance with instructions from us and comply fully with this privacy notice, the data protection laws and any other appropriate confidentiality and security measures.
Companies within our group of companies (our “Group”) who may use and update your information to provide Think Better Group Services, administer and manage your customer experience and account, customer support, to recover debts, to prevent, detect and prosecute fraud and other crimes, and to manage our and any member of our Group’s relationship with you. The Group also has legal obligations that it must comply with (such as to report fraud).
Our Partners and the suppliers and service providers who help with our business operations including in relation to fraud prevention, payment collection, marketing, customer service, and technology services - The use of your Personal Information in this way is necessary for the purposes of our legitimate interests to operate and protect our business and to comply with legal obligations that apply to us.
Our retailers and third party suppliers in the United Kingdom and in other countries (including Australia, New Zealand, and the United States), so that they can provide goods or services to you (or the recipient of third party goods or services) or respond to a complaint by you, or to help them improve the quality and standard of service they provide to you - The use of your Personal Information in this way is necessary for the purposes of our legitimate interests for the administration of our agreement with you; to protect our business and to improve service standards.
Our service provider which provides our outbound text messaging services, and which may need to intercept messages between us and you from time to time; retain Personal Information contained in those messages or disclose your Personal Information to a government body or to a telecommunications network provider - The use of your Personal Information in this way is necessary to comply with legal obligations that apply to us or to our service provider.
Financial institutions that we may partner with to jointly create and offer a product - The use of your Personal Information in this way is necessary for the purpose of our legitimate interests in maintaining our funding lines so that our business remains commercially viable.
Companies that we plan to merge with or be acquired by or who may invest in us - The use of your Personal Information in this way is necessary for the purposes of our legitimate interests to ensure that we or our business remains commercially viable.
Law enforcement, government agencies or officials, or other third parties to detect, investigate and prevent crime - The use of your Personal Information in this way is necessary for the purposes of our legitimate interest in preventing fraud and money laundering. Fraud prevention agencies may also disclose your Personal Information for the same purposes.
We take your privacy seriously and take every reasonable measure and precaution to protect and secure your personal data. We work hard to protect you and your information from unauthorised access, alteration, disclosure, or destruction and have several layers of security measures in place, including: SSL, TLS, encryptions, Microsoft secure sharing services, restricted access, IT authentication, firewalls, anti-virus/malware etc.
Transfers Outside the UK
The information that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It will also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff will be engaged in, among other things, the processing and fulfillment of your orders and the provision of support services. Further, if you transact with our sites in another country (including Australia, New Zealand, and United States), we will disclose personal information to such locations. Where adequate protections for your information do not exist under the applicable laws of that third country, we (or the party transferring your information) will take necessary steps to ensure that appropriate safeguards are put in place to maintain the same levels of protection as are needed under UK data protection legislation. Safeguards include imposing contractual obligations on the recipient of your information or subscription to ‘international frameworks’ that ensure adequate protection (for example, the European Commission Standard Contractual Clauses).
To facilitate our global operations, we may share personal information with related companies, including those based in Australia, United States, and the United Kingdom.
When we transfer personal data, we utilise the safeguarding measures and mechanisms below to ensure that your personal data is always safe and secure:
Consequences of Not Providing Your Data
You are not obligated to provide your personal information to us, however, as this information is required for us to provide you with our services/deliver your products, we will not be able to offer some/all our services without it.
As noted in the ‘How We Use Your Personal Data’ section of this notice, we occasionally process your personal information under the legitimate interests’ legal basis. Where this is the case, we have carried out a thorough Legitimate Interests’ Assessment (LIA) to ensure that we have weighed your interests and any risk posed to you against our own interests; ensuring that they are proportionate and appropriate.
How Long We Keep Your Data
We only ever retain personal information for as long as is necessary and we have strict review and retention policies in place to meet these obligations. We are required under UK tax law to keep your basic personal data (name, address, contact details) for a minimum of 6 years after which time it will be destroyed.
Where you have consented to us using your details for direct marketing, we will keep such data until you notify us otherwise and/or withdraw your consent.
Special Categories Data
Owing to the products, services or treatments that we offer, we do not hold any sensitive data (known as special category data) about you.
Occasionally, we would like to contact you with products/services/promotions that we provide. If you consent to us using your contact details for this purpose, you have the right to modify or withdraw your consent at any time by using the opt-out/unsubscribe options or by contacting email@example.com directly.
We will occasionally send you details on products/services/promotions by email/SMS that have been identified as being beneficial to our customers and in our interests. Such information will be relevant to you as a customer and is non-intrusive and you will always have the option to opt-out/unsubscribe at any time.
Lodging A Complaint
We only process your personal information in compliance with this privacy notice and in accordance with the relevant data protection laws. If, however, you wish to raise a complaint regarding the processing of your personal data or are unsatisfied with how we have handled your information, you have the right to lodge a complaint with the Information Commissioner’s Office. In every instance we would prefer to resolve any issues as we pride ourselves on our exceptional customer service.
Think Better Group Limited
Data Protection Manager
Information Commissioner’s Office