Last Updated November 2022
Here at Who Gives A Crap Limited (Company Number 10334484) (although you may know us as Who Gives A Crap or Good Time) (also referred to as “we”, “our”, “us” or “Good Goods”), we know how much you value your privacy while using our products on the loo, the W.C., the crapper, the lavatory, the restroom, the potty, the throne room, the toilet (whatever you call it, you get the idea!). We want you to know that we give the same level of importance to protecting the personal information that you provide to us when purchasing our products and using our website or mobile site (https://uk.whogivesacrap.org/).
Let’s be real here - we know that reading a privacy policy is not going to keep you on the edge of your (toilet) seat, but it is a very important document, and we have tried our best to keep you entertained. So, bear with us while we let you know how we collect, use, share and manage your personal information.
Consent
By providing personal information directly to us and by using our website or our mobile site, you consent to the collection of your personal information by Good Goods and its use and disclosure in accordance with this Privacy Policy.
You warrant that the personal information you provide to us is your own or if you provide us with the personal information of another individual, for example where you advise us to deliver to an address that is not your own or where you refer a friend, you must ensure you obtain the individual’s consent to provide their personal information to us. You agree to take reasonable steps to ensure, where you share the personal information of another individual to us, that they are made aware of the matters set out in this Privacy Policy.
You have rights in relation to how we use your personal information, which you can read more about below.
Age
By using our website or mobile site, you represent that you are at least 16 years of age. We do not knowingly advertise to, or collect personal information from, any individual under the age of 16. If we become aware that we have collected personal information from you and you are under the age of 16, we will suspend any services we are providing to you and delete your personal information immediately.
Data Controller and Data Processor
For the purposes of General Data Protection Regulations (“GDPR”), Good Goods is a “Data Controller”. The third parties whom we share your personal information with are “Data Processors” and in some cases joint “Data Controllers”. We rely on the following legal bases to process your personal information:
Personal Information We Collect
The following are the kinds of personal information we may collect from you:
How We Do It
We collect this personal information from you when you:
Why We Do It
We collect this personal information from you in order to provide you with our products (which are good for the world, good for people and good for your bum!) and also to:
Sell
We do not sell your personal information to third parties.
Direct Marketing
Where we collect your personal information for marketing purposes, we will always give you the opportunity to opt-in or opt-out to receiving such communications via email or SMS.
At Good Goods we want to communicate with you only if you want to hear from us (we don’t want to be annoying!) so if you change your mind and no longer wish to receive communications from us, you can:
If you opt out of receiving marketing communications from us, your personal information will not be used for marketing, but may still be used for the other purposes described in this Privacy Policy (such as fulfillment of orders).
Now you have made it this far, we think you deserve a joke. Why did the toilet paper roll down the hill? …
To get to the bottom!
Targeted Marketing
We also conduct targeted advertising or marketing communications which we believe may be of interest to you through Facebook, Instagram, Google, Bing and/or YouTube. This allows us to tailor our marketing to better suit your needs and to only display advertisements that are relevant to you.
You can opt out of targeted advertising by visiting the following websites:
Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at: http://optout.aboutads.info/.
We share your personal information with our offices around the globe and to third parties, where required, to ensure we are providing the best products and services to you. We consider that the collection and such processing of this information is necessary to pursue our legitimate interests in a way that might reasonably be expected (eg, to analyse our customers’ buying habits, develop our products and grow our business) and which does not materially impact your rights, freedom or interests.
These third parties include:
We may also share your information with our related companies overseas, including our US company, Who Gives A Crap Inc, State File Number 4904789, and our AU company, Goods Goods Pty Ltd, ABN 67 154 870 452.
We may also share or publish aggregate information that does not specifically identify you, such as statistical information about how our customers use our products or their demographic characteristics.
We reserve the right to transfer your personal information to and from any country, including Australia, Europe, United Kingdom, United States and the Philippines (where some of our Customer Happiness Team are located). We do this in order to provide our products and services to you, and also to process data and prepare it for processing in accordance with this Privacy Policy. You agree to your personal information being transferred to other countries when you share your data with us. If you later wish to withdraw your consent to this transfer, you can delete your data by contacting us via the details below.
Where we transfer your personal information to a third party in another country not covered by GDPR protections, we only transfer or disclose your personal information where that country is considered to have an adequate level of protection, we have a European Commission-approved standard contractual clauses (we call this a Data Processing Agreement or “DPA” for short) in place with the third party, the third party has approved codes of conduct (or certification) or binding corporate rules. To date, the European Commission has not adopted an adequacy decision in respect of Australia or the United Arab Emirates. Instead, we rely on other legal grounds to lawfully transfer personal data around the world (including transfers to countries where an adequacy decision has not been adopted). These grounds include your consent and the DPA, which require certain privacy and security protections. You may obtain a copy of the European Commission approved standard contractual clauses included in our DPA by contacting us on the details below.
In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.
Where we make a disclosure to a third party, we require that the third party agree to comply with relevant privacy laws when processing your personal information.
Third-party service providers have their own privacy policies, which will apply when they are processing your personal information. For ease, we have set out our main providers in the below table together with a link to their privacy policies (if you would like a full list of our third-party providers to whom your personal information is provided please contact us on the details below).
For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled. In particular, certain providers may be located in or have facilities that are located a different jurisdiction than either you or us. If you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
Third Party |
Location |
Access their Privacy Policy Here |
Shopify – We use Shopify to power our online e-commerce store and provide our products and services to you. Your personal information is stored through Shopify’s data storage, databases and the general Shopify application housed on a secure server behind a firewall. If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). |
Canada |
|
Google Inc – We use Google to store and file our documents and we use analytics to understand how customers use our website and data analysis (information used in data analysis is anonymised). You can opt-out of Google analytics here: https://tools.google.com/dlpage/gaoptout |
United States |
|
Klaviyo – We use Klaviyo as a segmentation and email marketing tool. |
United States |
|
Stripe – We use Stripe for payment processing and secure storage of customer payment information (including encryption). |
United States |
|
Dear Systems – We use Dear Systems as our order and Inventory Management / Fulfillment system. |
United Arab Emirates |
|
Zendesk – We use Zendesk as our customer service/ helpdesk platform where all customer queries are received and responded to. |
United States |
https://www.zendesk.com/company/customers-partners/privacy-policy/ |
Thankful.ai – We use Thankful.ai as an answer-bot service which responds to customer queries automatically. |
United States |
|
Talkable – We use Talkable to power our friend referral program. |
United States |
|
Yotpo – We use Yotpo to enable to you to be able to review our products. |
United Kingdom United States |
|
Rise.ai – We use Rise.ai to provide you with our gift cards. |
Israel |
https://d1wr3t1or162si.cloudfront.net/website/Privacy%20Policy.pdf |
ReCharge – We use the ReCharge App through Shopify when you purchase a subscription for our products to auto-bill the credit card you provide and process your order. |
United States |
|
Repeat - We use Repeat to help you reorder your favourite products |
United States |
https://www.getrepeat.io/legal/privacy-policy |
Loqate – We use Loqate to assist you to enter your location and validate your address. |
United Kingdom |
|
Justuno – We use Justuno for website popups and to personalise your experience when using our website or mobile site. |
United States |
Once you leave our website or mobile site or are redirected to a third-party website or application, you are no longer governed by this Privacy Policy or our Terms of Service.
That was tough going there but we appreciate your persistence (kudos to you!) and know that you can make it to the very end of this Privacy Policy.
While we have set out your rights throughout this Privacy Policy, we understand that sometimes you just need quick and easy access to the relevant info (similar to when you are reaching frantically for that last emergency loo roll - don’t worry, we have all been there!)
To ensure you are fully informed and prepared for anything, here are your rights:
Disclosure of Your Personal Information
You may request that we disclose to you the personal information that we hold about you, including receiving a copy and also details of our processing activities such as what we collect, how we use it and any third parties with whom we share it.
You may request your personal information in a portable format (structured, commonly used and machine-readable format) so that you can transmit your personal information to another entity, or you may request that we transmit it to another data controller.
We may limit or reject your request in certain cases, including without limitation where the burden or expense of providing access would be disproportionate to the risks to your privacy in the case in question, where the rights of other persons would be violated or as required by law.
To make a request contact us via the contact details below.
Huh? That is Not Correct
While we take reasonable measures to ensure that your personal information is complete and up to date, please notify us if your personal information held by us is inaccurate or incomplete.
You may update or correct your personal information by logging into your account or contacting us with your request via the contact details below.
Objection & Restriction
You may object to all or part of your personal information being processed by us in certain circumstances, including processing for the purposes of direct marketing or market research, or where we do not have a lawful or contractual basis to process your personal information.
You may restrict the way we process your personal information in certain circumstances, including where you are contesting the accuracy of the personal information we hold, where we do not have a lawful or contractual basis for processing, to oppose erasure where we no longer need your personal information but you may have a claim or legal proceedings on foot, or if you are exploring your right to object.
Please Forget Me
You may request that we delete your personal information that we hold, that is, you can request that we forget you (but we will miss you “insert sad face emoji”!). If you make a request, we will delete your personal information that we hold except for information we are allowed or required to retain by law. Click here to manage your privacy.
Withdrawing Consent & Opting-Out
You may withdraw your consent or opt-out of receiving communications from us at any time. If you withdraw your consent or opt-out, we will no longer send you marketing communications however, we will still communicate with you where it is necessary to complete our contract with you, for example, to fulfil your order for our products.
What Happens When You Exercise Your Rights
When you exercise any of your rights in relation to your personal information, we will continue to provide you with, insofar as is possible, the same high standard of service as all our customers experience.
However, you acknowledge that where you do not supply certain information requested by us or request its deletion, we may be delayed or prevented from finalising your order or satisfying your request or enquiry. For example, if you do not provide us with a delivery address, we cannot deliver our product to you until we have an address to deliver to.
Complaints
If you have a complaint about the way in which we handle your personal information, please contact us via the contact details below.
Verifying it is You
We take privacy seriously here, so when you contact us to make an enquiry or to exercise your rights, we just want to make sure that we're talking to the right person and this means that we may ask you some additional questions. We are sorry if this causes any inconvenience, but it's an important step in making sure your account and personal information remains secure. Thanks in advance for your patience.
We take all reasonable security and organisational measures to make sure your personal information held by us is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
We use Secure Sockets Layer (SSL) technology (our online ordering system is the industry standard for encryption technology) to protect your online order information (well that’s fancy!). SSL encrypts all information including your credit card and all personal information passed from you to our checkout and we follow all PCI-DSS requirements. Encryption provides you with security and peace of mind when your browser and local network supports the use of encrypted data transmissions. While we will do our bit, we suggest that you also take appropriate security precautions, in particular when you access the internet via public WI-FI networks or shared computers.
We must emphasise that no method of transmission over the internet using industry standard technology is 100% secure. Therefore, we cannot guarantee the absolute security of your personal information.
If we ever experience unauthorised access, disclosure or use of your personal information, rest assured that we have processes in place and will notify you and the relevant government body in accordance with relevant laws.
RETENTION
Where you provide us with your personal information, we will retain it for our records in order to provide you with our products and services and otherwise for the purposes set out under the section titled “Why We Do It” above. Generally, we will retain your personal information until you ask us to delete it, with the exception of any information that we no longer require will be destroyed securely at the time we no longer require it.
We will only keep your data for as long as is necessary for the purpose for which it was collected, subject to satisfying any legal, accounting or reporting requirements. At the end of any retention period, your data will either be deleted completely or anonymised (for example, by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning). In some circumstances, you can ask us to delete your data.
We may make available on our website or mobile site certain opportunities for you and other users to share information online such as on message boards, social media, blogs. Please be aware that whenever you voluntarily disclose personal information online, that information becomes public and can be collected and used by others. We have no control over, and take no responsibility for, the use, storage or dissemination of such publicly disclosed personal information. By posting personal information online in public forums, you may receive unsolicited messages from third parties.
Sometimes our website or mobile site may contain a link to third party websites. We are not responsible for the content or material contained in, or obtained through, any third-party website or for the privacy practices of the third-party website. We suggest that you review the privacy policy of each website or mobile site that you visit.
We welcome the General Data Protection Regulation (“GDPR”) of the European Union (“EU”) as an important step forward in streamlining data protection globally.
GDPR rights
The requirements of the GDPR include the following rights:
If you object to the processing of your personal information, or if you have provided your consent to processing and you later choose to withdraw it, we will respect that choice in accordance with our legal obligations. However, please be aware that:
Privacy laws and our practices change over time and may result in changes to our Privacy Policy. We reserve the right to modify or vary this Privacy Policy at any time.
Any changes to this Privacy Policy will be effective upon our publication on our website and will replace any other privacy policy published by us to date. In all cases, your continued use of our services or our website or mobile site after the publication of any modified Privacy Policy indicates your acceptance of the updated Privacy Policy.
Any material changes to this Privacy Policy will be notified to you in a manner that we consider appropriate such as via email (if we have your contact information) or a pop-up when you access our website or mobile site.
If you have any enquiries or complaints about your account (including updating your personal information), you can contact our customer service team at wedo@whogivesacrap.org.
If you have any questions or complaints about how we handle your personal information, you can contact our Privacy Officer via email at privacy@whogivesacrap.org.
Or alternatively write us a love letter and send it to Who Gives A Crap Limited c/o MHA MacIntyre Hudson, 6th Floor, 2 London Wall Place, London EC2Y 5AU, UK.
We always endeavour to reply to emails as soon as we can and at a minimum, within 14 days. Replies to mail will be processed slower and subject to postal delivery times and delays. We will always endeavour to resolve any query or complaint to your satisfaction.
Our Privacy Policy is based on the requirements of the Regulation (EU) 2018/1725. If you are a European resident and would like further information regarding privacy laws relevant to you or are not satisfied with the way in which we handle your enquiry or complaint, you can locate further information via your local data protection authority’s website or can contact your local data protection authority. For general information and assistance to locate your relevant local data protection authority, visit the European Data Protection Board at https://edpb.europa.eu/edpb_en.
And that is a wrap on our Privacy Policy, thank you for reading and be sure to visit us again soon!