Privacy & Security Policy

Brora Ltd understands that your privacy is important to you and that you care about how your personal data is used and shared online. We respect and value the privacy of everyone who visits this website, Broraonline.com (“Our Site”) and will only collect and use personal data in ways that are described here, and in a manner that is consistent with our obligations and your rights under the law.

This Privacy Policy tells you about how and why we collect and use the personal data which you provide to us or which we collect about you when you interact with us when you use our website or visit our stores.

We want you to be fully informed about how we use your data, how we keep it secure and your rights. We trust this Privacy Policy will answer any questions you have but if not, please do get in touch with us directly at dataprotectionofficer@brora.co.uk.

It is likely that we will update this Privacy Policy from time to time by updating this page. We will notify you of any significant changes.

 About Us

This Privacy Policy is provided by Brora Ltd and any associated subsidiaries of Brora Ltd We are the data controller of any personal data we collect about you for any orders placed on our website and or in any of our UK free-standing stores.

Our Site is Broraonline.com operated by Brora Ltd, a Limited company registered in England under company number 04166713, whose registered address is Unit 5&6 The Orbital Centre, Cockerell Close, Gunnels Wood Road, Stevenage, SG1 2NB.

Our VAT number is 625 9113 44.

Our EORI number is GB625911344000.

Our Data Protection Officer is Mark Taylor, and can be contacted by email at dataprotectionofficer@brora.co.uk, or Alternatively, you can contact our customer service team by calling 03456 599 944 (+44 3456 599 944 from overseas), Monday to Friday: 9am-5:30pm as well as by using our online section: https://www.broraonline.com/contact-us.

What Does This Policy Cover?

This Privacy Policy applies only to your use of our Site. Our Site may contain links to other websites. Please note that we have no control over how your data is collected, stored, or used by other websites and we advise you to check the privacy policies of any such websites before providing any data to them.

When you place an order through our website or stores you are contracting with Brora Ltd. Please note that if you are purchasing Brora products through a Retail Partner (for example John Lewis), you are contracting directly with that Retail Partner and not with Brora Ltd.

 

Your Rights

We will only use your personal data where we have a lawful basis to use it. We will only use your data where it is necessary for us to perform our contract with you (e.g. fulfil an order) or in a way which might reasonably be expected as part of running our business and does not materially impact your interests, rights or freedoms. For example, we might use our purchase history to send you personalised offers or combine your shopping history to identify trends and ensure we can keep up with the demand and develop the right new products for our customers.

We may sometimes need to use data to comply with our legal obligations (for example to pass on details related to fraud). In other instances, we will ask for your consent to use your data, for example, where you sign up to receive our email newsletters.

As a data subject, you have the following rights under the GDPR, which this Policy and our use of personal data have been designed to uphold:

The right to be informed about our collection and use of personal data.

The right of access to the personal data we hold about you.

The right to rectification if any personal data we hold about you is inaccurate or incomplete.

The right to be forgotten – i.e. the right to ask us to delete any personal data we hold about you.

The right to restrict (i.e. prevent) the processing of your personal data.

The right to data portability (obtaining a copy of your personal data to re-use with another service or organisation).

The right to object to us using your personal data for purposes; and

Rights with respect to automated decision making and profiling. 

What Data Do We Collect and How Do We Collect Your Personal Information?

Depending upon your use of Our Site, we may collect some or all the following personal and non-personal data.

Title

Forename

Surname

Billing/ Delivery Address

Email

Telephone number

Transactions you make from Brora (whether in-store or via the website)

Details of your shopping preferences, such as which stores you prefer to shop in.

Details of your visits to the website.

Details of when you contact Brora by email, post, or telephone. Please note that we may keep a record of that correspondence.

Any other information from which we can identify you (or which is available on public registers).

We may collect your personal information through some of the following ways:

When you register or use Broraonline.com (the “website”).

When you are registered on the CRM system or sign up our newsletters.

When you contact us by telephone or e-mail.

When you enter any prize draws or competitions run by Brora.

When completing any for forms for transactional purposes.

When you place an order or the website of within one of our UK stores.

How Do We Use Your Data?

The personal data we collect from you

How we use it

Lawful Basis

We will collect the personal data to identify you, such as your title, name, contact details, such as your email address, telephone number, mobile number, and billing/delivery address

To fulfil your order, for example by delivering your products to you or to contact you about your order where necessary. For example, DPD

To fulfil our contract with you

 

To allow you to create an account with us

Legitimate business purposes

 

To send you email newsletters to keep you up to date about our products and services which we think will interest you and our latest offers

Where consent is granted

 

To send you information with your Order to keep you up to date about our products and services which we think will interest you and our latest offers.

Legitimate business purposes

 

If you enter competitions, we will be able to communicate with you

Legitimate business purposes

 

To communicate with you in relation to your order or if you raise an enquiry or compliant with us

Legitimate business purposes

 

Fraud prevention and detection

Legal obligation/legitimate business purposes

Payment details and details of your transactions

To take payment of your order and if required to give refunds. We do not store any payment card numbers once the transaction has been completed. We will only share this data with credit card companies and other payment providers.

To fulfil our contract with you

 

Fraud prevention and detection

Legal obligation/legitimate business purpose

Information that you provide to us when you contact us by telephone, by email, by post or social media, via our website

Provide you with the support and customer service you have requested

Legitimate business purpose

CCTV footage in our stores

Provide you with the support and customer service you have requested

Legitimate business purpose

Technical information about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies such as web beacons or pixels on our website, emails and full details as to how we process and use cookies can be found in our Cookies Policy

To administer and to improve our Website, to ensure it is presented in the most effective manner for you and to give you the best experience and to allow you to participate in interactive features of our Website if you choose to do so.

Please refer to trusted partners for detailed explanation

Display advertisement and email provider will all use cookies to collect data

Legitimate busines purposes and where you consent

 

For data analysis, testing, research, and statistical statistics to help us to improve our products and services.

Legitimate business purposes and where you consent

 

To keep our Website safe and secure

Legitimate business purposes and where you consent

 

To make suggestions and recommendations to you and other users of our Website about products or services that may interest you or them.

Legitimate business purposes

 

To measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you on our website and on third party websites.

Legitimate business purposes

 

To identify behavioural flows from emails we send to you, so that we can monitor and analyse the effectiveness of those emails

Legitimate business purposes

Social media

Where you have provided us your social media handle to participate in a Brora program, to enable us to identify and view your social media account (s)

Legitimate business purposes

Personal data provided in audio or video recordings, such as when you call us, customer care calls or online consultation services

To improve and monitor our services and for learning and development, training, and quality purposes.

Legitimate business purposes

Sharing Your Data with TrustedPartners

We share your personal data with trusted partners to allow us to provide our services to you. When we do share your data with these trusted partners, we only provide the information they need to perform the service. We have written contracts in place with them to ensure they only use your data for the purpose we specify to them and that your privacy is secure and respected.

These trusted partners include the following:

We will only share your personal data with our trusted partners for them to use for their own direct purposes when you have given consent for us to do so.

 

 

Description

Examples (but not limited to)

Companies that help us fulfil your orders and where required get your purchases to you, such as delivery couriers and payment providers

Royal Mail, UPS, DPD, Paypal, First Data

Professional service providers such as website hosting providers, system providers, website, and social media analysis

Google Analytics, Magento

 

Direct marketing companies who help us manage our electronic communications with you

Emarsys, Yotpo

Social media or web platform to show you products that might interest you while you are browsing the internet

Facebook, Instagram, YouTube,

Companies who send segmented, personalised marketing communications on our behalf (include paper mailings)

Epsilon, Advanced Direct Mailing,

Credit reference agencies, law enforcement and fraud prevention agencies, so that we can help tackle fraud

Paypal, First Data

Please refer to the Privacy Policy for our trusted partners

Trusted Partners

Privacy Policy link

Epsilon. We work with Epsilon Abacus (registered as Epsilon International UK Ltd), a company that manages Abacus Alliance on behalf of UK retailers. The participating retailers are active in the clothing, collectables, food and wine, gardening, gadgets and entertainment, health & beauty, household goods and interiors categories. They share information on what their customers buy. Epsilon Abacus analyses this pooled information to help the retailers understand consumers’ wider buying patterns. From this information, retailers can tailor their communications, sending people suitable offers that should be of interest to them, based on what they like to buy.”

Epsilon Abacus may transfer data outside of the EEA. The transfer will take place in the presences of appropriate safeguards, including standard data protection clauses adopted by the EU Commission. Any communications from Epsilon Abacus is designed to tell you about the benefits we can offer so that you have exclusive access to our best deals. We use the information we have about you to tailor the content and try to ensure that the offers are as relevant to you as possible.

 

Services Privacy Policy - Epsilon Abacus

Emarsys. We work with Emarsys to send our email campaigns and email newsletters, and personalization, analytics, automation. Emarsys works through cookies and tracking pixels which help us to create newsletters and monitor the performance of them. If you have given your consent for receiving our emails we will process the following data: if you have opened our newsletter, what you have clicked on, what products and categories have you been looking at, what have you purchased on our web shop and when, from what category at what cost and have you completed the check-out process.

This data processing (evaluation of the newsletter and the measurement of success) is based on our legitimate interests - subject to your given consent - to ensure the secure and user-friendly operation of our newsletter system and thus serves both our business interests and your expectations to improve our website, products and services.

https://emarsys.com/privacy-policy/

Magento

Magento Privacy | Magento

First Data

 

First Data Privacy & Legal (fiserv.com)

Thoughtmix

We share data to fulfil obligations in fulfil your order  

https://thoughtmix.com/privacy-policy/

Advanced Direct Mailing

Privacy Policy - Advanced Direct Mail

Yotpo

We share personal data who purchase products from us to enable you to be able to submit reviews

Yotpo Privacy Guide | Yotpo

We have also embedded cookies and similar tracking technology from our affiliate (network) partners into our websites. With these tools our affiliate (network) partners can recognize whether you came from one of our affiliate publishers (i.e. third party websites that advertise Brora products) and then track if you perform a certain predefined “conversion” action (e.g. purchase of a product) on our websites in consequence.

Advertisement for our website online

We may allow others to provide analytics services and serve ads and banners to you when you are browsing on apps and other websites. We do this by way of various ad exchanges and digital marketing networks. We use various advertising technologies for example ad tags, cookies, pixels, and web beacons. This information may be used by Brora Ltd to analyse and track data, determine the popularity of certain content , deliver advertising and content targeted to your interests on our website and other websites to better understand your activity. For more understanding, please visit our cookie policy.

The ads and banners we use are based on information that we hold about you or on your prior use of our Website, for example products you have browsed previously, content that you have engaged with in the past. We may also work with and use services offered by trusted partners to serve ads to you as part of the customised campaign on third party sites and platforms.

You have the right to withdraw your consent to us using your personal data at any time, and to request that we delete it.

How long will we keep your personal data?

We do not keep your personal data for any longer than is necessary considering the reason(s) for which it was first collected.

We may also keep hold of some of your personal data if we are required to do so for legal purposes to meet our legal requirements or to prevent fraud.

International transfer of your personal data

We are a global business and some of our trusted partners and service providers are in counties outside the UK.

As a result, it may be necessary for the personal data that we collect from you to be transferred to or accessed from outside the UK for us to provide our service. The transfer will take place in the presences of appropriate safeguards, including standard data protection clauses adopted by the EU Commission.


 What Happens If Our Business Changes Hands?

We may, from time to time, expand or reduce our business and this may involve the sale and/or the transfer of control of all or part of our business. Any personal data that you have provided will, where it is relevant to any part of our business that is being transferred, be transferred along with that part and the new owner or newly controlling party will, under the terms of this Privacy Policy, be permitted to use that data only for the same purposes for which it was originally collected by us.

If any of your data is to be transferred in such a manner, you will be contacted in advance and informed of the changes. When contacted you will be given the choice to have your data deleted or withheld from the new owner or controller.

How Can You Control Your Data?

In addition to your rights under the GDPR, when you submit personal data via our Site, you may be given options to restrict our use of your data. We aim to give you strong controls on our use of your data for direct marketing purposes (including the ability to opt-out of receiving emails and paper mailing from us).

You may also wish to sign up to one or more of the preference services operating in the UK: The Telephone Preference Service (“the TPS”), the Corporate Telephone Preference Service (“the CTPS”), and the Mailing Preference Service (“the MPS”). These may help to prevent you receiving unsolicited marketing. Please note, however, that these services will not prevent you from receiving marketing communications that you have consented to receiving.

If at any point you no longer wish us to hold your personal information or you do not wish to receive information from us, then there are several ways you can unsubscribe. These are as follows:

You can click onto “unsubscribe” link in any communication that we send to you by email which will automatically unsubscribe you from that type of communication. Each “unsubscribe” link only relates to that specific type of communication (e.g. marketing communications or survey communications). This means that unsubscribing from marketing communications will not automatically unsubscribe you from our survey communications (or visa versa).

Alternatively, you can contact our customer service team by calling 03456 599 944 (+44 3456 599 944 from overseas), Monday to Friday: 9am-5,30pm as well as by using our online section: https://www.broraonline.com/contact-us.

Please allow up to 30 days from the day that you unsubscribe for your details to be removed from our various paper mailings and emails.

 Your Right to Withhold Information

You may restrict our use of Cookies.

How Can You Access Your Data?

You have the right to ask for a copy of any of your personal data held by us (where such data is held). Under the General Data Protection Regulation, no fee is payable, and we will provide all information in response to your request free of charge.

Our Use of Cookies

Cookies are tiny text files which are placed on your computer when you visit our website or/and open one of our marketing emails. Cookies enable us to keep track of what you are ordering to remember you when you return to our website to allow you to respond to you as an individual and to provide a more personalised experience. A cookie does not give any access to your computer. The cookies are also used to provide us with statistical data to ensure we can provide a better experience for the user.

If you give consent to receive our email newsletters you will be giving permission for cookies to be used placed on your device.

Why do we set cookies?

Our Site may place and access certain first party Cookies on your computer or device. First party Cookies are those placed directly by us and are used only by us. We use Cookies to facilitate and improve your experience of our Site and to provide and improve our products and services. We have carefully chosen these Cookies and have taken steps to ensure that your privacy and personal data is always protected and respected.

We categorise the cookies used on our website as follows:

  • Necessary – required for the operation of the website, including protecting the website from attack and allowing you to place orders.
  • Marketing – these cookies allow us to provide you with targeted advertising based on your online activity and to track and measure the success of a marketing campaign.
  • Preferences – these cookies allow a website to remember choices you have made in the past, like what language you prefer, and what region you are in
  • Statistics – these cookies collect information about how you use a website and analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical purposes.

How can I manage my cookies?

If cookies are not enabled on your computer, it will mean that your shopping experience on our website will be limited to browsing and researching. You will not be able to add products to your basket and buy them, nor take advantage of certain services.

Most web browsers are set to automatically accept cookies but you can use your browser settings to decline cookies if you prefer.  Consult the help files for your specific browser.

By using our site, you may also receive certain third-party Cookies on your computer or device. Third party Cookies are those placed by websites, services, and/or parties other than us. Third party Cookies are used on our Site for personalised advertising. For more details, These Cookies are not integral to the functioning of our Site and your use and experience of our Site will not be impaired by refusing consent to them.

All Cookies used by and on our Site are used in accordance with current Cookie Law.

Before Cookies are placed on your computer or device, you will be shown a pop up requesting your consent to set those Cookies. By giving your consent to the placing of Cookies you are enabling us to provide the best possible experience and service to you. You may, if you wish, deny consent to the placing of Cookies; however certain features of our Site may not function fully or as intended.

The following first party Cookies may be placed on your computer or device:

Necessary Cookies:

Cookie Name

Category

Purpose Description

checkForPermission

Necessary

Determines whether the user has accepted the cookie consent box.

__cfduid

Necessary

Used by the content network

AWSALB

Necessary

Registers which server-cluster is serving the visitor. This is used in context with load balancing

AWSALBCORS

Necessary

Registers which server-cluster is serving the visitor. This is used in context with load balancing

CookieConsent

Necessary

Stores the user's cookie consent state for the current domain

form_key

Necessary

Ensures visitor browsing-security by preventing cross-site request forgery. This cookie is essential for the security of the website and visitor.  

mage-cache-sessid

Necessary

This cookie is used in context with load balancing; this optimizes the response rate between the visitor and the site

mage-cache-storage

Necessary

This cookie is used in context with load balancing; this optimizes the response rate between the visitor and the site

mage-cache-storage

Necessary

Used to optimize the loading speed on the website. This is done by pre-loading some procedures in the visitors' browser.

mage-cache-storage-section-invalidation

Necessary

Used to optimize the loading speed on the website. This is done by pre-loading some procedures in the visitors' browser.

mage-cache-storage-section-invalidation

Necessary

This cookie is used in context with load balancing; this optimizes the response rate between the visitor and the site

mage-cache-timeout

Necessary

This cookie is necessary for the cache function. A cache is used by the website to optimize the response time between the visitor and the website. The cache is usually stored on the visitor’s browser.

mage-messages

Necessary

Necessary for the functionality of the website's chat-box function.

pa_enabled

Necessary

Determines the device used to access the website. This allows the website to be formatted accordingly.

PHPSESSID

Necessary

Preserves user session state across page requests.

private_content_version

Necessary

This cookie is necessary for the cache function. A cache is used by the website to optimize the response time between the visitor and the website. The cache is usually stored on the visitor’s browser.

product_data_storage

Necessary

Necessary for the compare-products function on the website. 

recently_compared_product

Necessary

Necessary for the compare-products function on the website. 

rc::a

Necessary

This cookie is used to distinguish between humans and bots. This is beneficial for the website

rc::c

Necessary

This cookie is used to distinguish between humans and bots.

cu

Necessary

Used to detect if the visitor has accepted the marketing category in the cookie banner. This cookie is necessary for GDPR-compliance of the website. 

gdpr_status

Necessary

Determines whether the visitor has accepted the cookie consent box. This ensures that the cookie consent box will not be presented again upon re-entry. 

__cfduid

Necessary

Used by the content network

opt_out

Necessary

Used to detect if the visitor has accepted the marketing category in the cookie banner. This cookie is necessary for GDPR-compliance of the website. 

xp

Necessary

Control cookie used in connection to the website’s Content Delivery Network (CDN).

SESS#

Necessary

Preserves users states across page requests.

 

Marketing Cookies

Cookie Name

Category

PurposeDescription

_fbp

Marketing

Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers.

criteo_write_test

Marketing

Used to identify the visitor across visits and devices. This allows the website to present the visitor with relevant advertisement - The service is provided by third party advertisement hubs

cto_tld_test

Marketing

Used to identify the visitor across visits and devices. This allows the website to present the visitor with relevant advertisement - The service is provided by third party advertisement hubs

criteo_localstorage_check

Marketing

Used to identify the visitor across visits and devices. This allows the website to present the visitor with relevant advertisement - The service is provided by third party advertisement hubs

recently_compared_product

Marketing

This cookie is used to determine which products the visitor has viewed. This information is used to promote related products and optimize ad-efficiency.

recently_compared_product_previous

Marketing

Collects information on which products have been viewed by the visitor - This is used for optimizing the specific visitor's navigation on the website.

recently_viewed_product

Marketing

Collects information on which products have been viewed by the visitor - This is used for optimizing the specific visitor's navigation on the website.

recently_viewed_product_previous

Marketing

Collects information on which products have been viewed by the visitor - This is used for optimizing the specific visitor's navigation on the website.

scarab.mayAdd

Marketing

Determines which products the user has viewed and added to the checkout basket.

scarab.profile

Marketing

Collects data about products viewed, and performance metrics such as load times and execution times.

scarab.visitor

Marketing

Sets a unique ID for the visitor

ads/ga-audiences

Marketing

Used by Google AdWords to re-engage visitors that are likely to convert to customers based on the visitor's online behaviour across websites.

criteo

Marketing

Sets a unique ID for the visitor

cto_bundle

Marketing

Helps Criteo better manage the tracking solution.

cto_optout

Marketing

Helps Criteo identify the opted-out users.

criteo_cookie_perm

Marketing

Helps Criteo better manage the tracking solution.

cto_clc

Marketing

Helps Criteo better manage the tracking solution.

cdv

Marketing

Collects data on user behaviour and interaction to optimize the website and make advertisement on the website more relevant.

s.gif

Marketing

Registers user behaviour and navigation on the website.

fc

Marketing

Collects data used for A/B testing.

 

Preferences Cookies

Cookie Name

Category

PurposeDescription

section_data_ids

Preferences

Used in context with the shopping cart functionality. Remembers any wish-list products and visitor credentials when checking out.

CookieConsentBulkSetting-#

Preferences

Enables cookie consent across multiple websites

 

 

 

Statistics Cookies

Cookie Name

Category

PurposeDescription

_ga

Statistics

Registers a unique ID that is used to generate statistical data on how the visitor uses the website.

_gat

Statistics

Used by Google Analytics to throttle request rate

_gid

Statistics

Registers a unique ID that is used to generate statistical data on how the visitor uses the website.

_vis_opt_s

Statistics

Used by Visual Website Optimizer to determine if the visitor is participating in a design experiment.

_vis_opt_test_cookie

Statistics

Used to check if the user's browser supports cookies.

_vwo_ds

Statistics

Collects data on the user's visits to the website

_vwo_sn

Statistics

Collects statistics on the visitor's visits to the website

_vwo_uuid

Statistics

Used by Visual Website Optimizer to ensure that the same user interface variant is displayed for each visit

_vwo_uuid_v2

Statistics

This cookie is set to make split-tests on the website

pa

Statistics

Registers the website's speed and performance. This function can be used in context with statistics and load-balancing.

product_data_storage

Statistics

This cookie used to determine which products the visitor has viewed - This allows the website to promote related products.

recently_compared_product_previous

Statistics

Necessary for the compare-products function on the website. 

recently_viewed_product

Statistics

This cookie used to determine which products the visitor has viewed - This allows the website to promote related products.

recently_viewed_product_previous

Statistics

Collects information on which products have been viewed by the visitor - This is used for optimizing the specific visitor's navigation on the website.

collect

Statistics

Used to send data to Google Analytics about the visitor's device and behavior. Tracks the visitor across devices and marketing channels.

visitor-id

Statistics

This cookie is used to collect information on the visitor. This information will be stored for internal analytics at the website's operator – Internal analytics is used by websites to optimize their domains.

PugT

Statistics

Used to determine the number of times the cookies have been updated in the visitor's browser. Used to optimize the website's server efficiency. 

s

Statistics

Sets a unique ID for the session. This allows the website to obtain data on visitor behaviour for statistical purposes.

v.gif

Statistics

This cookie is set to make split-tests on the website

 

 Our site uses analytics services provided by Google. Website analytics refers to a set of tools used to collect and analyse anonymous usage information, enabling us to better understand how our site is used. This, in turn, enables us to improve our Site and the products offered through it. You do not have to allow us to use these Cookies, however whilst our use of them does not pose any risk to your privacy or your safe use of our Site, it does enable us to continually improve our site, making it a better and more useful experience for you.

The analytics service(s) used by Our Site use(s) Cookies to gather the required information.

In addition to the controls that we provide, you can choose to enable or disable Cookies in your internet browser. Most internet browsers also enable you to choose whether you wish to disable all cookies or only third-party Cookies. By default, most internet browsers accept Cookies, but this can be changed. For further details, please consult the help menu in your internet browser or the documentation that came with your device.

You can choose to delete Cookies on your computer or device at any time, however you may lose any information that enables you to access our Site more quickly and efficiently including, but not limited to, login and personalisation settings.

It is recommended that you keep your internet browser and operating system up-to-date and that you consult the help and guidance provided by the developer of your internet browser and manufacturer of your computer or device if you are unsure about adjusting your privacy settings.

 Contacting Us

If you have any questions about Our Site or this Privacy Policy, please contact us by email at dataprotectionofficer@brora.co.uk, by telephone on 03456 599 944, or by post at Unit 5&6 The Orbital Centre, Cockerell Close, Gunnels Wood Road, Stevenage, SG1 2N. Please ensure that your query is clear, particularly if it is a request for information about the data, we hold about you.

 Changes to Our Privacy Policy

We may change this Privacy Policy from time to time (for example, if the law changes). If any changes are made to the Privacy Policy, we will contact you via a service email or alternative communication method to inform the data subject of the changes to be made and the impact on the data subject. No changes will be made within 30 (thirty days) of the service emails that has been sent to ensure that the data subject has adequate time to review the policy and impact on personal data.