Website Privacy Notice – last updated on September 23rd, 2021
Totally Barbados and Brecal Inc. (or ‘we,’ ‘us,’ ‘our’) understand concerns about privacy and work hard to comply with relevant data protection laws.
Welcome to our website, totallybarbados.com (the “Website”).
Totally Barbados with its principal place of business and at 140 B Durants Fairways, Oistins, Christ Church, Barbados.
Collection of Information
The types of personal information that we collect will depend on the nature of your dealings with us.
Information You Provide to Us
We collect the information you provide directly to us. For example, we collect information when you make a purchase, communicate with us via third-party social media sites, sign-up to receiving marketing communication, use our website, or otherwise communicate with us.
The types of information we may collect or process include:
(1) identifiers include your full name, email address, postal address, phone number, unique personal identifier, online identifiers, and internet protocol address.
(2) commercial information, such as records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
(3) professional information such as company name, company payment information, and business contact information (e.g., business phone number, address, or email).
(4) payment card information.
(5) Any other information you choose to provide.
Information We Collect Automatically When You Use our Services
When you access or use our Services, we automatically collect information about you, including:
Log Information: We log information about your use of the website, including the type of browser you use, access times, pages viewed, your IP address, your general location, and the page you visited before navigating to our website.
Transactional Information: When you make a purchase, we collect information about the transaction, such as purchase details, purchase price, and date and location of the transaction. A designated third party may collect payment and payment card information when you subscribe to our paid Services or purchase additional services.
Device Information: We collect information about the computer or mobile device you use to access our Services, including the hardware model, operating system and version, unique device identifiers, and mobile network information.
Information Collected by Cookies and Other Tracking Technologies
Information We Derive
We may derive information or draw inferences about you based on the information we collect. For example, we may make inferences about your location based on your IP address. We may also infer information about your email and contact preferences based on how you respond to our communications with you, what information you find helpful, and what type of communication language most resonates with you.
Use of Information
We use the information we collect to provide, maintain, and improve our Services, such as administering your account and providing you with insights to help you optimize your use of our platform. We use data for analytics and measurement to understand how our services are used. The personal data you provide us with when subscribing to our services will be used only to provide you with and improve those services. Some data elements, e.g., job titles and company names, may be aggregated anonymously to improve our services for analytical and statistical purposes. For example, we analyze data about your visit to our sites to optimize product design.
We may also use the information we collect to:
• Provide and deliver the services you request, process transactions and send you transaction-related information, including confirmations and invoices.
• Respond to your comments, questions, and requests and provide customer service.
• Communicate with you about services, offers, promotions, and provide news and information we think will be of interest to you.
• Comply with our financial obligations.
• Personalise your experience on our website.
• Cooperate, evaluate and improve our business (including developing new services, enhancing and improving our services, analyzing our services, managing our communications, performing data analytics and market research, and performing accounting, auditing, and other internal functions).
• Protect against identity theft and prevent fraud and other criminal or undesirable activity.
• Market our services to you or your company.
• Comply with and enforce applicable legal requirements, relevant industry standards, and policies, including this website privacy notice.
Purposes for which we will use your data
In a table format, we have set out a description of all the ways we plan to use your data and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process your data for more than one lawful ground depending on the specific purpose of using your data. Please contact us if you need details about the specific legal ground we rely on to process your data where more than one ground has been set out in the table below.
Type of data
Lawful basis for processing including basis of legitimate interest
To register you as a new customer
Performance of a contract with you
To manage our relationship with you, which will include:
(b) Asking you to leave a review or take a survey
(d) Marketing and Communications
(a) Performance of a contract with you
(b) Necessary to comply with a legal obligation
(c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)
Purchase of products and services.
(e) Marketing and Communications
(a) Performance of a contract with you
(b) Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business)
To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting, and hosting of data)
(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganization or group restructuring exercise)
(b) Necessary to comply with a legal obligation
To deliver relevant website content to you and measure or understand the effectiveness of the advertising we serve to you
(e) Marketing and Communications
Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business, and to inform our marketing strategy)
To use data analytics to improve our website, products/services, marketing, customer relationships, and experiences
Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business, and to inform our marketing strategy)
To make suggestions and recommendations to you about goods or services that may be of interest to you
(f) Marketing and Communications
Necessary for our legitimate interests (to develop our products/services and grow our business)
Marketing and Promotional offers from us
We strive to provide you with choices regarding specific personal data uses, particularly around marketing.
We may use your Identity, Contact, Technical, Usage to form a view on what we think you may want or need or what may be of interest to you. This is how we decide which products, services, and offers may be relevant for you (we call this marketing).
You will receive marketing communications from us if you have requested information from us or purchased services from us and you have not opted out of receiving that marketing.
Protection of your Personal Information
We take all reasonable care and apply necessary technical and organizational measures to protect your data. We employ data processors to process your data on our behalf; we ensure that the required contractual protections are in place.
We will not sell your data under any circumstances. We will not transfer your data to any third parties unless you have expressly consented to this under our marketing terms, other than to our data processors, who will be contractually bound to process your data only by our instructions and to keep your data secure.
We will only share or transfer personal data to entities outside the country where the information was initially collected by the law to ensure your rights are appropriately protected.
• To countries that have been deemed to provide an adequate level of protection for personal data by the UK and EU Commission
• To entities in countries based outside the UK and EEA, by entering into the European Commission-approved Standard Contractual Clauses and the UK equivalent
Sharing of Information
We often need to engage other companies and individuals to help us operate and provide the Services. We do not disclose personal information we obtain about you, except as described in this website privacy notice.
We may share your personal information with service providers who perform services on our behalfs – such as hosting our website, relationship management, or data analytics. This is only done for the purposes described in this website privacy notice. We do not authorize our service providers to use or disclose the information we collect except as necessary to perform services on our behalf or comply with legal requirements.
We also may disclose information about you:
• if we are required to do so by law or legal process (such as a court order),
• in response to requests by government agencies, such as law enforcement authorities,
• to establish, exercise or defend our legal rights,
• when we believe disclosure is necessary or appropriate to prevent physical or other harm or financial loss,
• in connection with an investigation of suspected or actual illegal activity,
• in the event we sell or transfer all or a portion of our business or assets (including in the event of a reorganization, dissolution, or liquidation),
• where we have a legitimate interest in doing so, and your rights as a data subject are not adversely impacted, or
• otherwise with your consent.
We will not share information about you, except in the following circumstances, or as otherwise described in this Privacy Notice:
• You have provided your consent to share your data with third parties, for instance, our sponsors, for electronic marketing.
• With related bodies corporate, vendors, consultants, and service providers who need access to such information to carry out work on our behalfs, such as companies that assist us with web hosting, payment processing, fraud detection, and prevention, and customer service support providers;
• With our lawyers and other professional advisors where necessary to obtain advice or otherwise protect and manage our business interests;
How We Protect Personal Information
We maintain administrative, technical, and physical safeguards designed to protect the personal information we obtain through our website against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure, or use.
Safeguarding Your Information
We do not collect payment information from you except that we forward your payment request directly to our merchant services provider, Fygaro (https://fygaro.com/), with neither the ability nor the intent to intercept or collect any such payment data.
The Merchant Services Provider only receives information necessary to verify that any payments between yourself and us are authorized. The Merchant Services Provider will use encrypted tools to communicate with your designated payee institution or whatever other account you use to pay for orders to us. We do not retain your credit card information or additional payment information except as provided below. We do not maintain records of your credit card number or other payment information.
Retention of Personal Information
To the extent permitted by applicable law, we retain personal information as long as necessary. We will only retain your data for as long as reasonably necessary to fulfill the purposes we collected it for, including to satisfy any legal, regulatory, tax, accounting, or reporting requirements. We may retain your data for a more extended period in the event of a complaint or if we reasonably believe there is a prospect of litigation regarding our relationship with you. Insofar as the processing of personal data is based on your consent, we will delete this data if you withdraw your consent.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your data, the purposes for which we process your data, and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
Our aim is always to comply with the GDPR, which means that we only hold the personal data we need and for so long as we either need or can reasonably justify keeping it.
By the principle of minimizing data retention, we will retain your data only for so long as is necessary for the purposes for which it was acquired, subject to legal and other relevant requirements, by our data retention policy, as follows:
- Data obtained for contractual purposes: 7 years
- Data obtained through marketing activities: 2 years
- At the expiry of the relevant data protection period, personal data will be deleted.
Children’s Personal Information
Our website is designed for a general audience – and primarily a business audience. It is not directed to children. We do not knowingly collect or solicit personal information from children – i.e., individuals under the age of 16 – through our website. If we learn that we have collected personal information from a child, we will promptly delete that information from our records. If you believe that a child may have provided us with personal information, please contact us as specified in the How to Contact Us section of this website privacy notice.
Automated Collection of Data
When you use our website, certain personal information may be obtained by automated means, such as browser cookies, web beacons, device identifiers, server logs, and other technologies.
For more details on the cookies we use, please see our Cookies Policy.
Third-Party Web Analytics Services
We may obtain personal information about your online activities over time and across third-party websites, devices, and other online services. In addition, our website may use third-party online analytics services, such as those of Google Analytics. The service providers that administer these analytics services use automated technologies to collect data (such as email addresses, IP addresses, cookies, and other device identifiers) to evaluate, for example, the use of our website and to diagnose technical issues. To learn more about Google Analytics, please visit http://www.google.com/analytics/learn/privacy.html.
You may opt out of Google Analytics by visiting https://tools.google.com/dlpage/gaoptout.
Through our website, both certain third parties and we may collect information about your online activities to provide you with advertising about products and services tailored to your interests. Where required by applicable law, we will obtain your consent to process your personal information for such direct marketing purposes. Occasionally, you may see advertisements for us on other websites or mobile apps – this would be when we participate in advertising networks. Advertising networks allow us to broadcast advertising to internet user groups selected based on demographic data, users’ inferred interests, location, and browsing context. These networks track users’ online activities over time by collecting information through automated means, including through the use of browser cookies, web beacons, device identifiers, server logs, web beacons, and other similar technologies. The advertising networks use this information to show advertisements tailored to individuals’ interests, track users’ browsers or devices across multiple websites and apps, and build a profile of users’ online browsing and app usage activities. Our advertising networks may collect data about users’ visits to websites and apps that participate in the relevant advertising networks, such as the pages or advertisements viewed and the actions taken on the websites or apps. This data collection takes place on third-party websites and apps that participate in the advertising networks.
To learn how to opt-out of advertising network interest-based advertising in the European Union, please visit www.youronlinechoices.eu.
Legal rights: Your Rights and Choices
We offer you confident choices in connection with the personal information we obtain about you. To update your preferences, update or correct your information, limit the communications you receive from us, or submit a request, please get in touch with us directly – see the How to Contact Us section. You can also unsubscribe from our marketing mailing lists by following the “Unsubscribe” link in our emails.
Under EU law and UK law, all data subjects to whom the UK DPA 2018 and EU General Data Protection Regulation (GDPR) applies have certain rights, including to:
Your rights include the following:
• The right at any time to withdraw your consent to the processing of your data for marketing purposes.
• The right to be informed of what personal data we hold, how we obtained it, who we may have shared it with and why and how long we intend to keep it.
• The right to have your data rectified if it is inaccurate or incomplete.
• The right to request the erasure of your data (also called the right to be forgotten), subject to our retention policy.
• The right to restrict the processing of your data.
• The right to data portability (i.e., transfer your data at your request to another organization).
• The right to be informed of any automated profiling (We currently do not process your data in this manner).
Your rights above can be exercised free of charge by contacting us as described below. You will not have to pay a fee to access your data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is unfounded, repetitive, or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your data (or exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to anyone who has no right to receive it. We may also contact you to further information about your request to speed up our response. We will usually require proof of identity, such as a passport or driver’s license. You can exercise any of your rights as a data subject under the GDPR by contacting us directly –see How to Contact Us.
If you feel that any of your rights have been infringed, you have the right to complain with the Information Commissioner’s Office (www.ico.org.uk).
Time limit to respond.
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made several requests. In this case, we will notify you and keep you updated.
Other Online Services and Third-Party Features
Our website may provide links to other online services and websites for your convenience and information and include third-party features such as apps, tools, widgets, and plug-ins. These services, websites, and third-party features may operate independently from us. The privacy practices of these third parties, including details on the information they may collect about you, are subject to the privacy statements of these parties, which we strongly suggest you review. To the extent any linked online services or third-party features are not owned or controlled by us, we are not responsible for these third parties’ information practices.
Your data protection rights
Under data protection law, you have rights including:
Your right of access – You have the right to ask us for copies of your personal information.
Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.
Your right to object to processing – You have the right to object to processing your personal information in certain circumstances.
Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organization, or you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
Please get in touch with us if you wish to make a request.
How to Contact Us
You can contact us about any privacy matter, including our use of your data, or exercise your rights by using the following contact details and providing details of your request.
For data protection queries regarding data processing, please get in touch with us at [email protected].