Privacy Policy

Our privacy policy details how we may collect data from you and how and why we use it.

Privacy Policy

The Data Controller is Aftersend Limited, 4 Oxford Court, Manchester M2 3WQ. UK

When using the website, We will most likely collect your Personal data directly (via the data collection forms on our Site) or indirectly via our service providers and/or technologies on our Site. Further information is contained in the Cookie Policy and as appropriate provided in online data collection forms.

Aftersend Limited (“We”) are committed to protecting and respecting your privacy. The site is {}

Your privacy is very important to us. We are committed to complying with any applicable legislation relating to Personal Data. This policy together with our terms of use set out the basis on which any personal data We collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

To find out more about us visit our website aftersend.com. The email for our local Data Protection Officer is [email protected]

Collection and Source of Personal Data

When using the website, We will most likely collect your Personal data directly (via the data collection forms on our Site) or indirectly via our service providers and/or technologies on our Site. Further information is contained in the Cookie Policy and as appropriate provided in online data collection forms.

Types of Personal Data Collected and Used by Us

We may specifically collect and process the following types of Personal data:

  • The information that you provide when filling in the forms on the Site (for example, for subscription purposes, to participate in surveys, for marketing purposes, when downloading the application)
  • The information that you provide for authentication purposes or to verify your age when you purchase age-restricted items
  • The information that you provide for order fulfilment or to provide a service
  • The data relating to your purchases such as products, quantity, price, billing, and delivery addresses including health information about you only where you volunteer and consent to this, for example, if you report any specific food allergies after placing an order.
  • The transaction data such as payment information and credit/debit card information that is transmitted directly to third parties who process your requests
  • The information provided via “posts”, comments, or other content that you post on the website
  • The information from you when you use the chat function on our Sites
  • Your preferences in receiving marketing from us and our third parties and your communication preferences
  • Information collected through Cookies as defined in our Cookie Policy
  • Information collected to onboard and manage our suppliers and their sub-contractors
  • Information is collected to provide services to our Corporate clients, customers, run our business, market, and improve our services
  • Personal data identified by an asterisk in the data collection forms are compulsory as these are necessary to fulfil any orders placed. In the absence of this compulsory information, these transactions cannot be processed

Please find details of the different data collected for the various purposes, in the chart (Annex 1).

Sensitive Personal Data

As a rule, we do not collect sensitive Personal data via our Sites. “Sensitive Personal data” refers to any information concerning a person’s racial or ethnic origins, political opinions, religious or philosophical beliefs, union membership, health data or data relating to the sexual life or the sexual orientation of a natural person. This definition also includes personal data relating to criminal convictions and offenses.

If it would be strictly necessary to collect such data to achieve the purpose for which the processing is performed, we will do so in accordance with local legal requirements for the protection of Personal data and, in particular, with your explicit prior consent, where appropriate and under the conditions described in this policy.

Personal Information and Children

Our Site is for use by adult persons who have the capacity to conclude a contract under the legislation of the country in which they are located. Children users under the age of 16 years or without legal capacity must obtain consent from their parents or legal guardians prior to submitting their Personal data to the Site.

Purposes for Use of Your Personal Data

Personal data may be collected for the following general purposes (a more precise description of the processing of your data can be found in the Annex 1 below):

  • Cookies
  • Account creation and management
  • Customer Relationship Management
  • Marketing Management
  • Service Provision
  • Running and improving our business, including bids, acquisitions, and sales.

Legal Basis for the Processing of Personal Data

We process your Personal data as part of the performance and management of our contractual relationship with you, the services we provide to clients, for our legitimate interest to run our business, market and improve the quality and operational excellence of the Services we offer or in compliance with certain regulatory obligations depending on the purpose of processing as identified in the chart in Annex 1.

Your Personal data may also be processed based on your prior consent if under certain circumstances, your consent would be requested (e.g., regarding health data or for certain types of Cookies).

Please find more information about the legal basis for each of our processing in the Annex 1 below

Transfer of Personal Data

Your Personal data may be transmitted to internal or external recipients that are authorized to perform Services on our behalf. Data protection law does not allow the transfer of Personal Data to third countries outside UK and EEA that do not ensure an adequate level of data protection. Some of the third countries operates outside UK and EEA do not provide the same level of data protection as the country in which you reside and are not recognized by the European Commission or ICO as providing an adequate level of protection for individuals’ data privacy rights.

To guarantee the security and confidentiality of Personal data thus transmitted, we will take all necessary measures to ensure that this data receives adequate protection, such as entering into data transfer agreements with the recipients of your personal data based on the applicable standard contractual clauses (“SCCs”) or other valid transfer mechanisms and we carry out, in accordance with the European Court of Justice’s decision of 16 July 2020 “Scherms II” (Case C 311-18), a risk assessment of the transferred data. If you would like to receive a copy of the safeguards in place to secure data transfers outside the UK or European Economic Area, please contact the Data Protection Officer.

Disclosure of Your Information

The security and confidentiality of your Personal data is of great importance to us. This is why we restrict access to your Personal data only to members of our staff only to the extent strictly necessary to process your orders or to provide the requested Services. We ensure that persons authorized to process the Personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.

We will not disclose your Personal data to any unauthorized third parties. We may, however, share your Personal data with entities within Aftersend and with authorized service providers (for example: technical service providers [hosting, maintenance], consultants, etc.) whom we may call upon for the purpose of providing our Services. We may disclose your personal information to any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 736 of the UK Companies Act 2006. This information is not routinely shared. It may be shared for the provision of joint services, for example IT support, Legal advice, or debt recovery. It may also be shared for statistical analysis. Where appropriate a data sharing agreement is put in place. In the unusual circumstance that personal data could be shared with a Group Company outside UK/EEA standard contractual clauses will be applied.

We ensure that every disclosure of your Personal data to an authorized service provider is framed by a data processing agreement, reflecting the commitments laid out in this policy. We do not authorize our service providers to use or disclose your data, except to the extent necessary to deliver the Services on our behalf or to comply with legal obligations.

We may also share your Personal data (i) if the law or a legal procedure requires us to do so, (ii) in response to a request by public authorities or other officials or (iii) if we are of the opinion that transferring these data is necessary or appropriate to prevent any physical harm or financial loss or in respect of an investigation concerning a suspected or proven unlawful activity (iv) providing the service/contract, (v) fraud protection and credit risk reduction, (vi) to protect rights, property and safety or enforce our agreements, (vii) buy or sell business assets.

Storage Limitation and Accuracy

Aftersend will keep Personal Data that is processed accurate and, where necessary, up to date.

We will store your Personal data only for as long as necessary to fulfil the purposes for which it was collected and processed. This period may be extended, if applicable, for any amount of time prescribed by any legal or regulatory provisions that may apply.

To determine the retention period of your Personal data, we take into consideration several criteria such as:

  • The purpose for which we hold your Personal data (e.g., when you purchase products on our Sites, we keep your Personal data for the duration of our contractual relationship)
  • Our legal and regulatory obligations in relation to that Personal data (e.g. accounting reporting obligations)
  • Whether you are an active user of our Services, you continue to receive marketing communications, or you regularly browse or purchase off our Sites or whether you do not open our emails or visit our Sites; For instance, if you have agreed to receive marketing communications, we keep your Personal data until you: (i) unsubscribe from receiving marketing communications (ii) request we delete your Personal data, or (iii) after a period of inactivity (i.e. where you have not interacted with us for a period of time). This period is defined in accordance with local regulations and guidance
  • Any specific requests from you in relation to the deletion of your Personal data or Account
  • Any statutory limitation periods allowing us to manage our own rights, for example the defence of any legal claims in case of litigation; and Any local regulations or guidance (e.g., regarding cookies)

Please find more information about the storage period of your Personal data in Annex 1 below.

Security of Your Personal Data

We implement appropriate technical and organizational measures to protect Personal Data against accidental or unlawful alteration or loss, or from unauthorized, use, disclosure or access, in accordance with our Group Information and Systems Security Policy.

We take, when appropriate, all reasonable measures based on Privacy by design and Privacy by default principles to implement the necessary safeguards and protect the Processing of Personal Data. We also carry out, depending on the level of risk raised by the processing, a Privacy impact assessment (“PIA”) to adopt appropriate safeguards and ensure the protection of the Personal Data. We also provide additional security safeguards for data considered to be Sensitive Personal Data.

Unfortunately, the transmission of information via the internet is not completely secure. Although We will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once We have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

Your Rights

Aftersend is committed to ensure protection of your rights under applicable laws. You will find a summary of your different rights below:

RIGHT OF ACCESS AND RECTIFICATION

You can request access to your Personal data. You may also request rectification of inaccurate Personal data, or to have incomplete Personal data completed.

You can request any available information as to the source of the Personal data, and You may also request a copy of your Personal data being processed by Us.

RIGHT TO BE FORGOTTEN

Your right to be forgotten entitles You to request the erasure of your Personal data in cases where:

in relation for the purposes of its collection or processing;

1. the data is no longer necessary

2 .You choose to withdraw your consent

3. You object to the processing by automated means using technical specifications

5. your Personal data has been unlawfully processed

6. there is a legal obligation to erase your Personal data; erasure is required to ensure compliance with applicable laws

RIGHT TO RESTRICTION OF PROCESSING

You may request the restriction of processing in the cases where:

1. You contest the accuracy of the Personal data

2. We no longer needs the Personal data, for the purposes of the processing

3. You have objected to processing for legitimate reasons.

RIGHT TO DATA PORTABILITY

You can request, where applicable, the portability of your Personal data that You have provided to Us, in a structured, commonly used, and machine-readable format You have the right to transmit this data to another Controller without hindrance from Us where:

1. the processing of your Personal data is based on consent or on a contract; and

2. the processing is carried out by automated means.

You can also request to transmit directly your Personal data to a third party of your choice (where technically feasible).

RIGHT TO OBJECT TO PROCESSING FOR THE PURPOSES OF DIRECT MARKETING

You may object (right to “opt-out”) to the processing of your Personal data (notably to profiling or to marketing communications). When we process your Personal data on the basis of your consent, You can withdraw your consent at any time.

RIGHT NOT TO BE SUBJECT TO AUTOMATED DECISIONS

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning You or similarly significantly affects You.

RIGHT TO LODGE A COMPLAINT TO THE COMPETENT SUPERVISORY AUTHORITY

You can choose to lodge a Complaint with the Data Protection Supervisory Authority in the country of your habitual residence, place of work or place of the alleged infringement, regardless of whether you have suffered damages. Personal Data. You have also the right to lodge your Complaint before the courts where the entity has an establishment or where you have your habitual residence. In the UK the authority is the ICO https://ico.org.uk