Our orders are shipped from the UK. Please be aware that you may be subject to import duties and taxes, which are levied once your order reaches Ireland.
Main Menu
MENU
Cart 0 Shopping Cart

Privacy Notice

Last Updated: 17 December 2024

1.    Who we are and what we do

Who we are

We are Hidden Disabilities Sunflower Scheme Limited and affiliate organisations (“HDSS”, “us”, “we”, “our”). We are a limited company registered in England and Wales under registration number 12285749 and we have our registered office at 167-169 Great Portland Street, 5th Floor, London, W1W 5PF. We are registered with the UK supervisory authority, Information Commissioner’s Office (“ICO”), in relation to our processing of Personal Data under registration number ZB636379.

What we do

HDSS owns and operates www.hdsunflower.com.  Together with our affiliates and related entities, we sell products and services related to the Hidden Disabilities Sunflower; simple tools that enable users to voluntarily share their disabilities or conditions which may not be immediately apparent.  We also run awareness campaigns and provide training to partner organisations.  

We are committed to protecting the privacy and security of the Personal Data we process about you.

Controller

Unless we notify you otherwise, we are the controller of the Personal Data we process about you. This means that we decide what Personal Data to collect and how to process it.

2.    Purpose of this privacy notice

The purpose of this privacy notice is to explain what Personal Data we collect about you and how we process it. This privacy notice also explains your rights, so please read it carefully.

This notice also includes sections specific to residents of Brazil, Switzerland and the US.  Irrespective of where you are located, HDSS is committed to protecting your privacy rights, as such you may make a rights request as described in section 10 of this notice.

If you have any questions, you can contact us using the information provided below under the ‘How to contact us’ section.

3.    Who this privacy notice applies to

This privacy notice applies to you if:

  1. You visit our website
  2. You purchase goods or services from us
  3. You use personalised Hidden Disabilities Sunflower Cards
  4. You enquire about our products and/or services
  5. You sign up to receive newsletters and/or other promotional communications from us

4.    What Personal Data is

‘Personal Data’ means any information from which someone can be identified either directly or indirectly. For example, you can be identified by your name or an online identifier.

‘Special Category Personal Data’ is more sensitive Personal Data and includes information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purposes of uniquely identifying someone, data concerning physical or mental health or data concerning someone’s sex life or sexual orientation.  

5.    Personal Data we collect

The type of Personal Data we collect about you will depend on our relationship with you. For the type of Personal Data we collect see the table below in the section entitled ‘Purposes, lawful bases and retention periods’.

6.    How we collect your Personal Data

We collect most of the Personal Data directly from you in person, by telephone, text or email and/or via our website. 

However, we may also collect your Personal Data from third parties such as:

  • others to whom you have provided consent

7.    Purposes, lawful bases and retention periods

We will only use your Personal Data when the law allows. Most commonly, we will use your Personal Data in the following circumstances:

8.    Sharing your Personal Data

We may share your Personal Data with our carefully selected third parties, including:

  • Fulfilment Providers – used to print and dispatch our products
  • IT System Providers, Developers and Operators – used to produce and maintain our IT systems (including our website)
  • Marketing and Mailing system providers – used to send communications to you

9.    International Transfers

For residents of the EEA

Your Personal Data may be processed outside the European Economic Area (“EEA”). This is because some organisations we use to provide our services to you are located outside of the EEA.

We have taken appropriate steps to ensure that the Personal Data processed outside the EEA has an essentially equivalent level of protection to that guaranteed in the EEA. We do this by ensuring that:

  • Your Personal Data is only processed in a country which the European Commission has confirmed has an adequate level of protection (an adequacy decision); or
  • We enter into Standard Contractual Clauses (“SCCs”) with the receiving organisations and adopt supplementary measures, where necessary. (A copy of the SCCs can be found here: Standard Contractual Clauses (SCCs)) .

For residents of the UK

Your Personal Data may be processed outside of the UK. This is because the organisations we use to provide our service to you are based outside the UK.

We have taken appropriate steps to ensure that the Personal Data processed outside the UK has an essentially equivalent level of protection to that guaranteed in the UK. We do this by ensuring that:

  • Your Personal Data is only processed in a country which the Secretary of State has confirmed has an adequate level of protection (an adequacy regulation), or
  • We enter into an International Data Transfer Agreement (“IDTA”) with the receiving organisation and adopt supplementary measures, where necessary. (A copy of the IDTA can be found here international-data-transfer-agreement.pdf (ico.org.uk)).

For residents of Brazil

We may transfer your personal information outside of the Brazilian territory in the following cases:

  • when the transfer is necessary for compliance with a legal or regulatory obligation, the carrying out of a contract or preliminary procedures related to a contract, or the regular exercise of rights in judicial, administrative or arbitration procedures.
  • when the transfer is necessary for international legal cooperation between public intelligence, investigation and prosecution bodies, according to the legal means provided by the international law;
  • when the transfer is necessary to protect your life or physical security or those of a third party;

10.      Your rights and how to complain

You have certain rights in relation to the processing of your Personal Data, including to:

  • Right to be informed
    You have the right to know what personal data we collect about you, how we use it, for what purpose and in accordance with which lawful basis, who we share it with and how long we keep it. We use our privacy notice to explain this.
  • Right of access (commonly known as a “Subject Access Request”)
    You have the right to receive a copy of the Personal Data we hold about you.
  • Right to rectification
    You have the right to have any incomplete or inaccurate information we hold about you corrected.
  • Right to erasure (commonly known as the right to be forgotten)
    You have the right to ask us to delete your Personal Data.
  • Right to object to processing
    You have the right to object to us processing your Personal Data. If you object to us using your Personal Data for marketing purposes, we will stop sending you marketing material. 
  • Right to restrict processing
    You have the right to restrict our use of your Personal Data.
  • Right to portability
    You have the right to ask us to transfer your Personal Data to another party.
  • Automated decision-making. You have the right not to be subject to a decision based solely on automated processing which will significantly affect you. We do not use automated decision-making.  
  • Right to withdraw consent
    If you have provided your consent for us to process your Personal Data for a specific purpose, you have the right to withdraw your consent at any time. If you do withdraw your consent, we will no longer process your information for the purpose(s) you originally agreed to, unless we are permitted by law to do so.
  • Right to lodge a complaint
    You have the right to lodge a complaint with the relevant supervisory authority, if you are concerned about the way in which we are handling your Personal Data.

The supervisory authority in the UK is the Information Commissioner’s Office who can be contacted online at:

Contact us | ICO

Or by telephone on 0303 123 1113

For supervisory authorities in other countries within the EU see the link below:
https://edpb.europa.eu/about-edpb/about-edpb/members_en

How to exercise your rights

You will not usually need to pay a fee to exercise any of the above rights.

If you wish to exercise your rights, you may contact us using the details set out below within the section called ‘How to contact us and our Data Protection Officer’. We may need to request specific information from you to confirm your identity before we can process your request. Once in receipt of this, we will process your request without undue delay and within one month. In some cases, such as with complex requests, it may take us longer than this and, if so, we will keep you updated.  

11.    How to contact us and our Data Protection Officer

If you wish to contact us in relation to this privacy notice or if you wish to exercise any of your rights outlined above, please contact us as follows:

By Post: 167-169 Great Portland Street, 5th Floor, London, W1W 5PF

By E-Mail: [email protected]

We have also appointed a Data protection Officer (“DPO”). Our DPO can be contacted as follows:

By Post: Evalian Limited, West Lodge, Leylands Business Park, Colden Common, Southampton, Hampshire, SO21 1 TH

By E-Mail: [email protected]

Please mark your communications FAO the ‘Data Protection Officer’.

12.      Switzerland, Brazil and US specific rights

Switzerland - Swiss Federal Act on Data Protection (FADP)

For the avoidance of doubt, all rights provided by the EU GDPR will be applied consistently to all of Hidden Disabilities customers / subscribers.  As such, customer/subscribers in Switzerland (and any other jurisdiction) can submit rights requests as outlined above.  

This encompasses the rights provided within the FADP including but not limited to: the right of access to Personal Data; the right to object to processing of personal data; the right to portability; the right to rectification.

For information regarding the data we process, the purpose of processing, and retention periods, please see the relevant sections above.

Brazil – Lei Geral de Protecao de Dados Pessoais (LGPD)

For the avoidance of doubt, all rights outlined in section 10 will be applied consistently to all of Hidden Disabilities customers / subscribers, unless rights pursuant to LGPD apply and are more expansive.  As such, customers/subscribers in Brazil can submit rights requests as outlined in section 10 above and, where they conflict with your rights pursuant to the LGPD, the following supersedes and replaces those rights described in section 10.

Your data protection rights include:

  • The Right to be Informed
  • The Right of Access. We will provide a substantive response to your request within 15 days.
  • The Right to Rectification. 
  • The Right to Erasure.
  • The Right to Restriction of Processing / the Right to ‘Block’ personal data if it is unnecessary, excessive, or processed otherwise than in compliance with the LGPD.
  • The Right to Object / The Right to Revoke Consent.
  • The Right to Data Portability.
  • The Right not to be Subject to Automated Decision Making.  However, we do not undertake Automated Decision-Making activities.

If you wish to exercise any of these rights, please contact us using the details provided in section 11 above.  We will not charge a fee when you request to exercise any of these rights.

We will respond to your request without delay and in all cases within the timeframe required by the applicable law.

For information regarding the type of data we process, the lawful bases for processing, the retention periods, data sharing and international transfers of data, please see the relevant sections above.

California – The California Consumer Privacy Act 2018

The California Consumer Privacy Act of 2018 (“CCPA”) provides certain rights to residents of California.  The section of the Privacy Notice applies if you are a natural person who is resident of California and uses our Services.  This notice supplements the information above.  Certain terms used have the meanings given to them in State Privacy Laws.
The categories of personal information, purposes and recipients/ third parties are outlined in the relevant sections above.
California Consumers have various rights available to them, which are encompassed by the rights set out in section 10 above.  These rights include the right to know, the right to delete, and the right to opt-out.

You will not be discriminated against for accessing any of your rights.  Some rights are subject to certain restrictions.  You also have a right to designate an agent to exercise these rights on your behalf.  The following additional rights apply to California residents:

  • The right to opt out of the Sharing of your Personal Data for cross-context behavioural advertising.  We do not share your Personal Data for this purpose however you may contact us in respect of this right if you wish.
  • The right to limit our use or disclosure of your Sensitive Personal Information to only what is necessary for us to provide the product or service which you have ordered.  Sensitive

Personal Information has substantially the same meaning as Special Category Data as defined in section 4 above.  Where we process your Sensitive Personal Information, we do so only for the purpose of providing you a product as described in section 7 above (e.g. if you order a Personalised Card).  You may contact us in respect of this right if you wish.

If you are a California Consumer and wish to exercise your rights, please contact us using the contact details provided in section 11 above.  We will respond to your request without delay and in all cases within the timeframe required by the applicable law.

Other US State Laws

Some other states also provide rights to residents within their Data Privacy Laws (including but not limited to Colorado, Connecticut, Utah, Virginia, Texas, Oregon and Montana).  In all cases you may make rights requests as described in section 10 above.
In addition to those rights described in section 10 you may also have a right to:

  • Opt out of the sale of your Personal Data.  However, we do not sell your Personal Data.
  • Opt out of the processing of your Personal Data for targeted advertising or profiling.  However, we do not process your Personal Data for this purpose.
  • Withdraw your consent for the Processing of Sensitive Personal Data.  Exceptions may apply as outlined in the Californian section above.

If you wish to exercise your rights, please contact us using the contact details provided in section 11 above.  We will respond to your request without delay and in all cases within the timeframe required by the applicable law.

For information regarding the type of data we process, the lawful bases for processing, the retention periods, data sharing and international transfers of data, please see the relevant sections above.

13.    Changes to this privacy notice

We may update this notice (and any supplemental privacy notice), from time to time as shown below. We will notify of the changes where required by applicable law to do so.

Last modified date: 17 December 2024