This policy has been prepared with due regard to the data protection laws applicable to the data processing activities performed by Boori in the countries in which we operate (“applicable laws”), including the General Data Protection Regulation (“GDPR”) and any subsequent amendment or legislation passed to enact GDPR into UK law. This notwithstanding, it may still be necessary to apply different standards in response to the laws in different countries and it is possible that we may issue addendums for specific countries in which we operate, and where appropriate.
We are registered in the United Kingdom to handle personal data with the Information Commissioner’s Office (ICO) and our registration number is Z20152498 for Boori (Europe) Limited, including trading names Boori (UK) Limited, Boori.co.uk and Boori.com.
Our registered business address in the UK is:
13-19 London Road
Contact us about this policy
Data Protection Officer
Boori Europe Ltd
1 Riverside House
Or email [email protected]
Information we collect and what we use it for
To access certain areas of the website, you will need to register with us. During the registration process you will be asked to submit personal information about yourself (e.g. name and email address). By entering your details in the fields requested, you enable Boori and/or our official partners to provide you with the services you select. When you provide such personal information, you accept that we may retain your personal information and that it may be held by us or any third party that processes it on our behalf for the purposes of providing the information, goods or services which you have requested. Any third parties who process personal information on our behalf are required to maintain the confidentiality and privacy of the personal information that they process for us. When we provide you with products or services we may collect and store any personal information that you provide to us. We may, for example, keep a record of your name, address, delivery address, email address, telephone number and payment card details.
When you submit your CV and/or application for a particular role to us, this will be used solely in connection with your application and will not be shared with third parties other than those engaged by us in connection with the recruitment process, such as recruitment consultants or agencies.
We will use your data for the following purposes:
- to provide products and services you request or have expressed an interest in
- for marketing to you via email, phone, mobile messaging, direct mail, or social media
- to administer any competitions, voting, quizzes, and or other offers/promotions which you enter
- to create an individual profile for you so that we can understand and respect your preferences
- to communicate with you if any products or services you have requested are being processed or are unavailable
- for fraud screening and prevention purposes
- for record keeping purposes
- to carry out market research so that we can improve the products and services we offer
- to track your activity on our digital platforms
- to personalise and improve your experience on our digital platforms
- to personalise any communications that we may send you
- to respond to your correspondence, so that we can reply to your enquiries and requests in an efficient and effective manner
Record of Warranty
The majority of Boori products come with a manufacturers warranty, we will store your purchase data and warranty registrations on our server for vaildation. You may request that we remove this data however you must ensure you retain your original proof of purchase in the event of a warranty claim.
When you sign up with us for an online account, register to receive marketing communications from us (and/or our official partners), enter one of our competitions, fill in one of our forms (whether online or offline) or otherwise expressly provide us with your personal information, we may collect and store any personal information that you provide to us and may use it to personalise and improve your experience on our digital platforms, provide products and services you request from us, and carry out market research
Product and Service Reviews
30 days after your purchase has been marked as complete on our systems, you may be contacted by our review partner, Yotpo, to obtain your feedback on products you’ve purchased and the service you’ve received. Your feedback helps us to understand how we can improve our customer experience and can help to inform future customers. Your review may be published on Boori’s websites, and you can request your feedback to be removed at any time by contacting us as detailed above. Should you wish to remain anonymous, please input “anonymous” in the necessary fields.
What are cookies?
A cookie is a small file which is placed on your computer's hard drive when you visit a website. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the site owners, such as which pages you find useful or not. A web browser normally deletes session cookies when it quits. A cookie does not give us access to your computer or any information about you, other than the data you choose to share with us. Cookies are used on this site to maintain functionality as you move between pages.
Our website uses first party cookies, which allow us to distinguish you from other users of the website. They maintain functionality as you move between pages and help us to improve our site. We also use some widely-used third-party social media plugins as marketing tools, and to provide convenience tools for our visitors, which create cookies.
|Essential||PHPSESSID||Stores the logged in user's username and a 128bit encrypted key. This information is required to allow a user to stay logged into a website without needing to submit their username and password for each page visited. Without this cookie, a user is unable to proceed to areas of the website that require authentication.|
|Essential||Appends a random, unique number and time to pages with customer content to prevent them from being cached on the server.|
Stores the key (ID) of persistent cart to make it possible to restore the cart for an anonymous shopper.
A security measure that appends a random string to all form submissions to protect the data from Cross-Site Request Forgery.
Tracks the specific store view / locale selected by the shopper.
Preserves the destination page the customer was navigating to before being directed to log in.
Tracks error messages and other notifications that are shown to the user, such as the cookie consent message, and various other error messages. The message is deleted from the cookie after it is shown to the shopper.
Local storage of visitor-specific content that enables e-commerce functions.
Forces local storage of specific content sections that should be invalidated.
The value of this cookie triggers the cleanup of local cache storage.
Stores configuration of product data related to Recently Viewed/Compared Products.
Indicates if the shopper allows cookies to be saved.
Stores translated content when requested by the shopper.
Stores the file version of translated content.
Stores customer-specific information related to shopper-initiated actions such as display wishlist, checkout information etc.
Stores product IDs of recently viewed products for easy navigation.
Stores product IDs of recently previously viewed products for easy navigation.
Stores product IDs of previously compared products.
Stores product IDs of previously compared products for easy navigation.
|Marketing||_utma (Google Analytics)|
This expires after 2 years. It identifies which pages are being used. This helps us to count the number of visitors, which pages they visited and where they've come from, so we can improve the way our website works.
|Marketing||_utmb (Google Analytics)|
This expires after 30 minutes. It detects whether a sesseion is a unique user session.
|Marketing||_utmc (Google Analytics)|
This determines when to create a new session for a website visitor. It's a session cookie and expires when you exit the browser.
|Marketing||_utmz (Google Analytics)|
This tracks how you found us and calculates taffic and navigation within our website. It expires after 6 months.
Works in a similar way to cookies. Receives data including Http Headers, Pixel-specific Data, Button Click Data, Custom Data Events and Form Field Names.
How to manage your cookies
Cookies are sent to your browser by a website and then stored in the cookies directory of your device. To check and update your cookies settings, you will need to know what browser you are using and what version of it you have. You can usually find this out by opening the browser (just as if you were going to use the internet) and then clicking on 'Help' and then 'About'.
To find out how to allow, block, delete and manage the cookies on all standard web browsers, go to www.allaboutcookies.org and select the browser and version you are using. You'll also find information about how to delete cookies from your computer.
Updates and your rights
If you would like to update your records, you can do so by changing your profile on our website or by contacting us directly. We encourage you to promptly update your personal information if it changes.
You have the right to remove or ask for a copy of any personal information that we hold about you in our records, to correct any inaccuracies and to update any out-of-date information. Please write to us at the address listed above should you wish to do so.
We will provide a copy of your information free of charge. However, if the request is deemed manifestly unfounded or excessive then we will charge a ‘reasonable fee’ covering our administration costs.
Security is very important to us. Secure Socket Layer ("SSL") encryption technology is used for protection of information in transit for any sensitive transactions such as payments. Additional security procedures are in place to protect the confidentiality, integrity and availability of your personal information.
Some of your personal data relating to order fulfilment will be lawfully stored in Microsoft SQL format on secure VMware, firewall protected servers hosted By Ultraserve for Boori Australia Pty outside the European Economic Area. By agreeing to our terms and conditions, you are permitting us to store your data outside the European Economic Area.
To further protect your credit, debit or charge card against use without your consent, we may validate name, address and other personal information supplied by you during the order process against appropriate third-party databases. In performing these checks personal information provided by you may be disclosed to a registered Credit Reference Agency which may keep a record of that information. You can rest assured that this is done only to confirm your identity, that a credit check is not performed and that your credit rating will be unaffected.
In addition, we have security procedures in place to protect our physical records and computerised databases from loss and misuse, and only allow access to them when it is absolutely necessary to do so, and then under strict guidelines as to what use may be made of the personal information contained within them.
Given that the Internet is a global environment, using the Internet to collect and process personal information may involve the transmission of personal information on an international basis. Therefore, by using our websites and digital platforms and communicating electronically with us, you acknowledge our processing of personal information in this way. However, we will endeavour to protect all personal information collected through our websites and in accordance with strict data protection standards.
In order to be able to offer you Klarna’s payment options, we will pass to Klarna certain of your personal information, such as contact and order details, in order for Klarna to assess whether you qualify for their payment options and to tailor the payment options for you.
- Pages pass data over TLS.
- Engagement cloud supports encrypted data transfers.
- Access to the Engagement cloud platform is through a web form login with optional two-factor authentication.
- All users of the Engagement cloud platform are required to change their passwords every 90 days.
- Passwords are hashed using a NIST approved cryptographic implementation.
- Our web login page and API enforces rate limiting to protect against brute force attacks.
- Account access rights (import, export, read, write and send) are configurable to your needs and managed by your administrator user.
- All data is virus scanned when uploaded to the platform.
- Emails are sent using opportunistic TLS, employing authentication and validation systems such as DKIM and DMARC.
- Campaign links are checked against lists of high risk domains to prevent malicious use of the platform.
- Dotdigital are Cyber Essentials Plus Certified.
- They use secure data centers within the EU, US or Australia, depending on your region. All hold a broad set of industry standard accreditations such as ISO27001, ISO9001 and List X.