Privacy & Cookie Policy
Privacy Policy
Protecting Your Privacy
We’re committed to protecting and respecting your privacy and want to ensure that you are fully aware of how we use and store your data. We’re dedicated to keeping your personal data safe and will use it to enhance your browsing and shopping experience with Aja Botanical Limited (Aja). By using our website (ajabotanicals.com), you consent to the use of the data as set out in this policy.
We will use your data for the purpose of fulfilling orders and improving your customer experience.
We will protect the personal data you provide us.
We’ll make things clear and simple so there are no surprises.
If you have any questions about how we protect your privacy or use your personal data, please get in touch at customerservice@ajabotanicals.com and we’ll be happy to help. For all our services, we (Aja) act as the data controller (the company that’s responsible for your privacy). Our registered address is: By Tilly Ltd t/a Aja Botanicals, 4 Ham Ridings, Richmond, England, TW105HJ Our Company Number is 15792681.
How we use your information
There are a number of different reasons for the use of your personal information. This may be to enable us to fulfil an order, or simply to enhance the way you shop with us. We rely on the lawful basis for processing data which is provided in UK Data Protection Laws (including the UK Data Protection Act 2018, the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 as it forms part of UK law by virtue of the European Union (Withdrawal) Act 2018, and the Privacy and Electronic Communications Regulations 2003).
We have compiled the tables below to detail the ways in which we use different kinds of personal data and why we do this – we want to make this as clear as possible so that you are fully informed about the use of your personal data.
|
How we use your name & contact details |
Why we need this |
|
To deliver the orders you place with us |
We wouldn't be fulfilling our contract if we did not get your order to you - and we need your details to ensure this happens! |
|
To provide updates about your order by text, email or phone |
So we can keep you updated about your order's progress |
|
To email you about new styles and promotions |
To keep you up-to-date with the latest news and offers - we only do this with your consent (you are free to unsubscribe at any time) |
|
To detect and prevent fraudulent transactions |
To keep payments safe and secure |
|
To show you relevant Aja adverts as you browse the web |
So you know about products and promotions that you may like |
|
How we use your payment details |
Why we need this |
|
To take payment for your order and give refunds |
To fulfil our contract with you. All of our payments and refunds are processed through a secure third-party payment gateway – we do not store your payment details. Our website has a valid SSL Security Certificate to ensure your payments are safe. |
|
We pass the information to our secure payment gateway for fraud prevention |
To keep payments safe and secure |
|
How we use your contact history |
Why we need this |
|
For customer service and support |
To provide the best possible service. We do not store correspondence longer than is necessary |
|
How we use your purchase history and wishlist items |
Why we need this |
|
For customer service and account queries |
To enable us to respond to your queries faster and more effectively. We do not store correspondence longer than is necessary |
|
To update you about items you may be interested in |
To ensure you don't miss out on items we think you'll love |
|
How we use your responses to surveys and competitions |
Why we need this |
|
To improve our products and services |
Occasionally we may ask for participation in feedback surveys – this data is anonymised (we won't know who specific answers are from!) and is invaluable for improving our website, service and products |
|
To enter you into any competitions we may run – this could be via email or on our social media channels |
To collect your entry so you have a chance to win! |
|
How we use data from & with third parties |
Why we need this |
|
To fulfil your order |
We share information like your contact details and delivery address with our carefully selected partners including our warehouse team and the couriers we use in order to deliver your order |
|
For marketing purposes |
We work with carefully selected marketing agencies and a variety of networks to utilise technologies which allow us to display adverts for products you may be interested in, or track your sale when referred by a third-party website. These technologies make use of things like pixels and cookies to ensure that the ads you see are relevant |
|
How we interact with you via social media |
Why we do this |
|
Via comments and direct messages |
We love interacting with you on social media - this will likely be limited to responding to comments and messages on Aja’s social channels. We are also happy to answer customer service queries via social media but we will never request personal information via a public feed to ensure privacy |
|
The sharing or engagement of images we are tagged in |
If you choose to tag us in your image post, we may repost your picture on our channels or website. If your image has been used by Aja and you have changed your mind about it being shared, please let us know and we will be happy to remove it |
|
How we use your profile and usage data |
Why we do this |
|
To create and store your customer accounts |
So you can create your own account and return to your account which shown helpful information such as showing your order history |
|
To improve our website analytics |
Technical data and usage data such as IP address, customer login data and how the customer uses the website helps us to continue to improve the website |
How your data is collected
We use different methods to collect data from and about you including through:
Direct interactions: you may give us your identity, contact and financial data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
- create an account on our website;
- subscribe to our publications;
- request marketing to be sent to you;
- enter a competition, promotion or survey; or
- give us feedback or contact us.
Automated technologies or interactions: as you interact with our website, we will automatically collect technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies. Please see our Cookie Policy below for further details.
Data Retention
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
Data Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
International Transfers
Our main operations are based in the UK and your personal information is generally processed, stored and used within the UK. In some instances your personal information may be processed outside the UK. We also work with suppliers and partners who may make use of Cloud and /or hosted technologies across multiple geographies. If and when this is the case we take steps to ensure there is an appropriate level of security so your personal information is protected in the same way as if it was being used within the UK.
Cookies
We use cookies on our website in order to improve your experience. For more information, please see our Cookie Policy below on this page.
Sharing your information
We do not and will never sell any personal data to a third party, this includes your name, address, email address, phone number or credit card information. We do need to share your data with certain carefully selected third party companies enlisted by Aja in order to be able to provide our service to you.
Third Party Apps, Websites and Services
If the customer uses any third-party apps, websites or services to access the company’s services, then the customer’s usage is subject to the relevant third party’s terms and conditions, cookies policy, and privacy policy (e.g. Meta, X (formerly Twitter)). Further, consider whether the company may be required to share the customer’s personal information, in relation to transactions and usage of the services, with the relevant third party.
Access to information
You have the right to:
Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
- If you want us to establish the data's accuracy.
- Where our use of the data is unlawful but you do not want us to erase it.
- Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
- You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
If you wish to exercise any of the rights set out above, please contact us.
No fee usually required:
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
What we may need from you:
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond:
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Changes to our Privacy Policy
Our Privacy Policy is subject to change and may be updated from time to time. If significant changes are published, we will get in touch to let you know via email, if you have consented to hearing from us this way.
Right to Complain
You have the right to complain to the supervisory authority, the Information Commissioner’s Office (ICO) if you have a problem.
ICO Contact helpline: 0303 123 1113
Or visit: ico.org.uk/make-a-complaint
Contact
We’d love to hear from you if you have any questions about our Privacy Policy. You can contact us by emailing customerservice@ajabotanicals.com
Cookie Policy
Information about our use of Cookies
Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site. By continuing to browse the site, you are agreeing to our use of cookies.
A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer’s hard drive.
Managing Cookies
You can choose to block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site.
Use of Cookies
We use the following cookies:
- Strictly Necessary Cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart or make use of e-billing services.
- Performance Cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
- Functionality Cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
- Targeting Cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.
You can find more information about the individual cookies we use and the purposes for which we use them in the table below:
|
Cookie |
Purpose |
Category |
|
PHPSESSID |
PHP session cookie associated with embedded content from this domain. |
1 |
|
_ga |
This cookie name is associated with Google Universal Analytics – which is a significant update to Google's more commonly used analytics service. This cookie is used to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in each page request in a site and used to calculate visitor, session and campaign data for the site’s analytics reports. By default it is set to expire after 2 years, although this is customisable by website owners. |
2 |
|
_ga_ZKVK0598NR |
_ga |
2 |
|
_gat_UA-nnnnnnn-nn |
This is a pattern type cookie set by Google Analytics, where the pattern element on the name contains the unique identity number of the account or website it relates to. It appears to be a variation of the _gat cookie which is used to limit the amount of data recorded by Google on high traffic volume websites. |
2 |
|
_gclxxxx |
Google conversion tracking cookie |
2 |
|
_gid |
This cookie name is associated with Google Universal Analytics. This appears to be a new cookie and as of Spring 2017 no information is available from Google. It appears to store and update a unique value for each page visited. |
2 |
|
_uetvid |
This is a cookie utilised by Microsoft Bing Ads and is a tracking cookie. It allows us to engage with a user that has previously visited our website. |
2 |
|
mage-cache-storage |
This cookie is used to facilitate content caching on the browser to make pages load faster. |
3 |
|
mage-cache-storage-section-invalidation |
This cookie is used to facilitate content caching on the browser to make pages load faster. |
3 |
|
section_data_ids |
This cookie is used to facilitate content caching on the browser to make pages load faster. |
3 |
|
_pin_unauth |
This cookie is associated with Pinterest. It is used to track the usage of services. |
3 |
|
private_content_version |
This cookie is used to facilitate content caching on the browser to make pages load faster. |
3 |
|
form_key |
This cookie is used to facilitate content caching on the browser to make pages load faster. |
3 |
|
store |
Used to remember the store view you have browsed with previously, remembering for example, which currency you have browsed in. |
3 |
|
mage-messages |
Tracks error messages and other notifications that are shown to you while browsing, such as the cookie consent message, and various error messages. The message is deleted from the cookie after it is shown so that you do not have to accept it each time. |
3 |
|
X-Magento-Vary |
A setting that improves performance and ensures you’re seeing the most up-to-date version of the website. |
3 |
|
wp_customerId |
Used to send data to Google Analytics with an anonymous ID. |
2 |
|
mage-cache-sessid |
Facilitates caching of content on the browser to make pages load faster. |
3 |
|
product_data_storage |
Used to improve user experience to remember interactions with products. |
3 |
|
recently_compared_product |
Stores product IDs of recently compared products. |
3 |
|
recently_viewed_product_previous |
Used to improve user experience to remember interactions with products. |
3 |
|
recently_compared_product_previous |
Used to improve user experience to remember interactions with products. |
3 |
|
recently_viewed_product |
Used to improve user experience to remember interactions with products. |
3 |
|
wp_customerGroup |
Used to send data to Google Analytics to determine which group customers belong to. |
2 |
|
section_data_clean |
Used in context with the shopping cart functionality to improve experience. |
3 |
Third Party Cookies
Please note that third parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies, over which we have no control. These cookies are likely to be analytical/performance cookies or targeting cookies. Alternatively, most web browsers allow some control of most cookies through the browser settings. To find out more about how to manage cookies, including how to delete cookies, visit http://www.allaboutcookies.org
Below is a list of some of the third party partners who may set cookies on your device:
|
Third Party |
Cookie |
Purpose |
Category |
|
OneTrust |
_OptanonConsent |
This cookie is set by the cookie compliance solution from OneTrust. It stores information about the categories of cookies the site uses and whether visitors have given or withdrawn consent for the use of each category. This enables site owners to prevent cookies in each category from being set in the user’s browser, when consent is not given. The cookie has a normal lifespan of one year, so that returning visitors to the site will have their preferences remembered. It contains no information that can identify the site visitor. |
1 |
|
vimeo.com |
__cf_bm |
This is a CloudFoundry cookie. |
3 |
|
vimeo.com |
vuid |
This domain is owned by Vimeo. The main business activity is: Video Hosting/Sharing. |
3 |
|
doubleclick.net |
IDE |
This domain is owned by Doubleclick (Google). The main business activity is: Doubleclick is Google's real time bidding advertising exchange. |
4 |
|
doubleclick.net |
test_cookie |
This domain is owned by Doubleclick (Google). The main business activity is: Doubleclick is Google's real time bidding advertising exchange. |
4 |
|
www.facebook.com |
|
This domain is owned by Facebook, which is the world's largest social networking service. As a third-party host provider, it mostly collects data on the interests of users via widgets such as the 'Like' button found on many websites. This is used to serve targeted advertising to its users when logged into its services. In 2014 it also started serving up behaviourally targeted advertising on other websites, similar to most dedicated online marketing companies. |
4 |
|
mention-me.com |
mm_allocation |
Used as part of our Refer-a-Friend scheme to keep track of which offers you are participating in order to give you a more consistent experience. |
3 |
|
ct.pinterest.com |
_pinterest_ct_ua |
This is owned by Pinterest, an image sharing platform. The cookie is used for targeting, to group actions for users who cannot be identified by Pinterest. |
4 |
|
studentbeans.com |
_sp_xxxxxxxxxx |
simplybusiness.co.uk |
3 |
|
t.studentbeans.com |
sp |
Used as part of our Student Discount scheme to identify that a user has come from their site. The cookies collect information at the point of transaction to identify that a student order has been placed. |
3 |
|
nr-data.net |
JSESSIONID |
This domain is controlled by New Relic, which provides a platform for monitoring the performance of web and mobile applications. |
2 |
|
|
_fbp |
Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers. |
4 |
|
Bing |
_uetsid |
This cookie is used by Bing to determine what ads should be shown that may be relevant to the end user perusing the site. |
4 |
|
static-tracking.klaviyo.com |
__kla_id |
This cookie can track and identify site visitors through an auto-generated ID. This cookie can temporarily hold personally identifiable information. Once a visitor is identified, the cookie can pass their data into Klaviyo. A visitor can be identified when they fill out a Klaviyo signup form or click a link from a Klaviyo email. |
4 |
|
c.bing.com |
SRM_B |
This domain is owned by Microsoft - it is the site for the search engine Bing. |
4 |
|
static.klaviyo.com |
__kla_id |
This cookie can track and identify site visitors through an auto-generated ID. This cookie can temporarily hold personally identifiable information. Once a visitor is identified, the cookie can pass their data into Klaviyo. A visitor can be identified when they fill out a Klaviyo signup form or click a link from a Klaviyo email. |
4 |
|
c.clarity.ms |
ANONCHK |
Indicates whether MUID is transferred to ANID, a cookie used for advertising. Clarity doesn't use ANID and so this is always set to 0. |
4 |
|
www.clarity.ms |
CLID |
Identifies the first-time Clarity saw this user on any site using Clarity. |
4 |
|
clarity.ms |
MUID |
Identifies unique web browsers visiting Microsoft sites. These cookies are used for advertising, site analytics, and other operational purposes. |
4 |
|
c.clarity.ms |
SM |
Used in synchronizing the MUID across Microsoft domains. |
4 |
|
Microsoft Clarity |
_clsk |
Used by Microsoft Clarity to store and combine pageviews by a user into a single session recording. |
4 |
|
Microsoft Clarity |
_clck |
Used to store a unique user ID. |
4 |
|
tiktok.com |
_ttp |
Used by TikTok to track website activity for the purposes of serving targeted advertisements. |
4 |
|
chat.system.gnatta.com |
GnattaWebChatApiKey |
Enables live chat functionality. |
3 |
|
chat.system.gnatta.com |
GnattaApiHost |
Enables live chat functionality. |
3 |
|
chat.system.gnatta.com |
GnattaWebChatOriginator |
Enables live chat functionality. |
3 |