Privacy policy
This privacy policy sets out how the BTO Service Ltd. (‘BTO Services’) complies with its data protection obligations as a Data Controller, when you visit or make a purchase from british-trust-for-ornithology.myshopify.com (the “Site”).
If you have any queries, then you can contact us via:
Email: info@bto.org
Phone: 01842 750050
Address: The Data Controller, The Nunnery, Thetford, Norfolk, United Kingdom, IP24 2PU
BTO Services is committed to respecting the privacy of all visitors to the Site. We have structured our website so that, in general, you can visit the Site without identifying yourself or disclosing any personal information, depending on your cookie preferences. Once you choose to provide us with any information by which you can be identified, then you can be assured that it will only be used in accordance with this privacy policy.
Who we are
BTO Services is a trading subsidiary company of the charity the British Trust for Ornithology (‘The Charity’) - Registered Charity Number: 216652 (England & Wales), SC039193 (Scotland). BTO Services donates all its available profits to The Charity. This company also trades under the trading names of ‘BTO’, ‘BTO Consulting’ and ‘Porzana’.
BTO Services is a company limited by shares, registered in England and Wales No 2907282. Registered Office The Nunnery, Thetford, Norfolk IP24 2PU.
The Charity is registered under the Data Protection Act 1998 (Registration No Z547079X) and has given all appropriate notifications to the Information Commissioner. We are subject to the General Data Protection Regulation (GDPR) and the Privacy & Electronic Communications Regulations 2003 (PECR). The Privacy Officer for the BTO group is the Director of Services.
Personal information we collect
In order to support the charitable activities of The Charity in the most effective manner and to ensure that we communicate with you in the way that you prefer, we may collect and hold personal information about you in the following ways:
When you visit the Site, depending on Cookie preferences, we may collect certain information about your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device. Additionally, as you browse the Site, we collect information about the individual web pages or products that you view, what websites or search terms referred you to the Site, and information about how you interact with the Site. We refer to this automatically-collected information as “Device Information”.
We collect Device Information using the following technologies:
- “Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier. More information about the Cookies used by the Site.
- “Log files” track actions occurring on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
- “Web beacons”, “tags”, and “pixels” are electronic files used to record information about how you browse the Site.
Additionally when you make a purchase or attempt to make a purchase through the Site, we collect certain information from you, including your name, billing address, shipping address, email address, phone number and payment information (including credit card numbers, or identifying credentials to facilitate the use of Google Pay or other payment services, depending on the payment type used). We refer to this information as “Order Information”.
When we talk about “Personal Information” in this Privacy Policy, we are talking both about Device Information and Order Information.
How we use your personal information
We use the Order Information that we collect generally to fulfil any orders placed through the Site (including processing your payment information, arranging for shipping, and providing you with invoices and/or order confirmations). Additionally, we use this Order Information to:
- Communicate with you;
- Screen our orders for potential risk or fraud; and
- When in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services.
We use the Device Information that we collect to help us screen for potential risk and fraud (in particular, your IP address), and more generally to improve and optimize our Site (for example, by generating analytics about how our customers browse and interact with the Site, and to assess the success of our marketing and advertising campaigns).
Through research and analysis of information generated through your interactions with The Site, we may build a profile of your current or likely interests, skills and preferences which helps us decide which of our communications are likely to be of particular interest to you in future (although you will always be able to opt out of such communications if you would prefer).
Sharing your personal information
Personal information collected via The Site by BTO Services is shared with The Charity and resides in the Customer Relational Database of The Charity for the purposes of fulfilling orders, financial accounting and to keep a record of interactions with our customers.
We share your Personal Information with third parties to help us use your Personal Information, as described above. For example, we use Shopify to power our online store--you can read more about how Shopify uses your Personal Information. We also use Google Analytics to help us understand how our customers use the Site -- you can read more about how Google uses your Personal Information. You can control the use of Google Analytics tracking cookies by setting your cookie preferences when prompted by The Site. You can also globally opt-out of Google Analytics. Read more about our Cookie policy.
Finally, we may also share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, a search warrant or other lawful request for information we receive, or to otherwise protect our rights.
BTO Services will never sell your personal data, and will only ever share it with other individuals or organisations where necessary and where guarantees as to its privacy and security have been provided.
When you interact with BTO Services and have not advised us to the contrary, you are agreeing that we may use your personal information for the purposes set out in this statement. BTO Services will only process your personal data where it has a lawful basis for doing so (as specified under Article 6 of the EU General Data Protection Regulation - GDPR). In most cases, the lawful basis is that processing such data is necessary for the legitimate interests of BTO Services.
BTO Services seeks to balance the preservation of your rights under the GDPR & the Privacy and Electronic Communications Regulations (PECR) with BTO Services’ legitimate interest in promoting and managing volunteering activities associated with the recording of birds, other wildlife and their associated habitats.This activity is central to the achievement of our charitable objects and delivers scientific rigour to our survey endeavours. We reinforce your rights by offering you the option not to receive information linked to this purpose. If you feel your personal rights override our legitimate interests, you will have the opportunity to ask us not to use your information in such a way.
In other cases, the legal basis for processing your personal data may be:
- Where you have given clear consent for us to do so for a specific purpose;
- Where the processing is necessary for a contract BTO Services has with you, or because you have asked us to take specific steps before entering into a contract;
- Where the processing is necessary to protect someone’s life;
- Where the processing is necessary for BTO Services to perform a task in the public interest or for its official functions, and the task or function has a clear basis in law;
- Where the processing is necessary for BTO Services to otherwise comply with the law.
Justification of the Legal Basis for Processing Personal Information
- Trading: BTO Services processes personal information in connection with the sale of products and services, entered into by way of a contract for goods or services. We reinforce data subjects’ rights by offering data subjects the opportunity not to receive information linked to this purpose.
- General Information: BTO Services may acquire and retain personal information in order to provide general information, education and knowledge about the projects, services and resourcing of The Charity. The Charity balances this legitimate interest with the rights of data subjects under the GDPR & PECR. We reinforce data subjects’ rights by offering data subjects the opportunity not to receive information linked to these general purposes.
How we store your information
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect. We ensure that encryption is used where appropriate, including when transferring credit card information. We are certified to the relevant PCI compliance standards to ensure the security of customer credit card data, and safely handle payments made to us using PCI-compliant payment services.
The majority of our operations are based in the UK and we store the bulk of our data within the European Union. Some organisations that provide services to us may transfer personal data outside of the EEA; we will only allow them to do this where those organisations assure us that they comply with a regulatory environment that is compatible with the GDPR.
We will only store your personal information for as long as it is required for the purposes it was collected for. How long information will be stored for depends on the nature of the information collected and what it is being used for. We will undertake regular reviews of the personal information that we hold and will delete personal information that is no longer required to be held (whilst maintaining a record of any preferences expressed by you not to be contacted).
Your rights
Whilst we collect and process personal information in order to undertake our work, BTO Services very much wishes to protect your rights and here we set out a brief description of them.
You have the right to confirmation as to whether or not we have your personal information and, if we do, the right to obtain a copy of the personal information we hold (this is known as a Subject Access Request). Should you wish to make such a request, please contact us as detailed above.
You have the right to request that we remove some or all of your personal information (though this may not apply where it is necessary for us to continue to use the data for a lawful reason). If you wish to make such a request, please contact us as detailed above.
You have the right to have any inaccurate personal information corrected; and/or to specify some of the purposes for which we may contact you; and/or to specify some of the channels by which we may contact you. You can do this at any time via your 'My BTO' account page (on the website of The Charity, if you have registered an account - www.bto.org/my-bto) or, if you prefer, by contacting us directly as detailed above.
If you believe that any aspects of your data protection or privacy rights have been infringed by BTO Services or The Charity, you can make a complaint to the UK Information Commissioner’s Office, which regulates and enforces data protection law in the UK. Details of how to do this can be found at www.ico.org.uk.
Young people
In order to donate to The Charity or to purchase goods or services from BTO Services you need to be over 18 years of age.
Changes
We may update this privacy policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal or regulatory reasons.
Data Rectification
You can use the links below to update your account data if it is not accurate.
Data Portability
You can use the links below to download all the data we store and use for a better experience in our store.
Access to Personal Data
You can use the link below to request a report which will contain all personal information that we store for you.
Right to be Forgotten
Use this option if you want to remove your personal and other data from our store. Keep in mind that this process will delete your account, so you will no longer be able to access or use it anymore.