Privacy Policy

1 – Introduction

We know how much privacy matters. At Bumboo Limited (“Bumboo”, “we”, “us”, “our”), we are committed to protecting your personal information and to being open about how we use it.

This Privacy Policy explains how we use and protect your personal data when you interact with us. Please read this policy carefully, as it contains important information on how we use the personal data of the visitors to our website (our “Site”). Such visitors include customers, potential customers, suppliers, social media users, wholesale clients, affiliates, press contacts, and any other individuals whose personal data is processed in the course of our business.

Bumboo will only process personal data in accordance with this Privacy Policy and in compliance with applicable data protection laws, including the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018.

2 – Who We Are

Bumboo Limited is a UK-registered company specialising in clothing and lingerie products that are colourful, comfortable, and conscious. Under applicable data protection laws, we act as the “data controller”. This means we are the organisation responsible for determining how and why your personal data is used.

3 – Personal Data we may collect

3.1 Personal Data you share with us directly

You may share your personal data with us in a few different ways, such as by:

Creating an account on our Site;
Making a purchase from our Site;
Leaving a review on our Site;
Subscribing to our newsletter;
Completing our contact form or otherwise corresponding with us via email or customer service chat;
Entering competitions, promotions, or surveys;
Interacting with us on Social Media (e.g. mention, tag, or message us).

The types of data you might provide include:

Name, postal address, email address, phone number (including mobile number)
Date of birth, gender, preferred salutation, clothing size
Payment and billing details
Purchase history and product preferences
Social media handle(s) and related public content
Reviews, comments, and feedback (including any images you submit)

3.2 Personal Data we collect automatically

When you browse our Site or contact us, we may generate, collect, retain, and use certain information about you. Some of this happens automatically, and Cookies can help with this. For more about the Cookies we use and how to manage or opt out of them, please see our Cookie Policy.

The personal information could include:

Technical details – such as your Internet Protocol (IP) address, account login information, browser type and version, time zone settings, browser plug-in types and versions, device type, operating system, the time and date you gave consent to Cookies, and any phone number you’ve used to call our customer service team
Details about your visit – such as the full web address (the Uniform Resource Locators, URLs) of the pages you visited; how you navigated to, through, and from our site (including date and time); the products you viewed or searched for; the purchasing behaviour; page response times and any download errors; how long you stayed on certain pages; how you interacted with those pages; and the ways you navigated around our site.

3.3 Personal Data received from other sources

Sometimes we might receive personal data from other sources, for example:

Social media platforms
Trusted business partners and affiliates

4 – Why and How We Use Your Personal Data

We will only use your personal data when we are legally allowed or required to do so. We’ve put some examples in the table below:

For Order fulfilment & account management – to process and deliver your orders, manage your account, and provide customer service (this is a lawful basis: contract performance)
For Marketing & promotions – to send you updates, offers, and information about our products, if you have consented or if you are an existing customer who has not opted out (this is a lawful basis: consent or legitimate interests)
Site improvement & analytics – to monitor usage, troubleshoot, and improve our Site (lawful basis: legitimate interests)
Fraud prevention & legal compliance – to detect and prevent crime and comply with legal obligations (lawful basis: legal obligation or legitimate interests)
Recruitment – to assess job applications (lawful basis: legitimate interests and legal obligation)

Purpose of processing	What we do with the personal data	Lawful basis of processing
For order fulfilment & account management	We use your details to process your order, deliver it to you, manage your account, and to help if you have any questions.	Our Contract performance – we need this to fulfil our contract with you.
Marketing & promotions	If you’ve said “yes” to marketing, or you’re already a customer, we’ll send you news, offers, and product updates we think you’ll love.	Our legitimate interests in keeping customers informed.
Site improvement & analytics	We look at how people use our site so we can troubleshoot issues – we’ll fix problems and make it even easier to shop with us.	Our legitimate interest in improving our services.
Fraud prevention & legal compliance	Detect and prevent crime or fraud, and comply with applicable legal obligations. “We work to detect and stop crime or fraud, and to comply with applicable legal obligations that we have as a business.”	Our Legal obligations, and our legitimate interest in protecting our customers and business.

5 – In the absence of personal data

If you choose not to provide certain personal data when requested, we may be unable to perform the contract we have entered into with you, such as delivering your order.

6 – Change of purpose

We will only use your personal data for the purposes for which it was collected, unless we reasonably consider that we need to use it for another compatible reason.

7 – Sharing Your Personal Data

We may share your personal data with:

Service providers such as payment processors, shipping companies / couriers, IT and hosting providers, email marketing services, and analytics providers – solely to support our operations
Marketing agencies and PR partners for campaigns, promotions, and events
Professional advisers such as lawyers, accountants, and insurers
Authorities when required by law or for fraud prevention
Potential buyers or investors in the event of a business sale or restructuring

We require all third parties to respect your data and to process it only in accordance with our instructions.

8 – Data Security

We implement physical, technical, and organisational measures to protect your personal data against unauthorised access, loss, or misuse. Access is limited to those employees and service providers who have a business need to know.

9 – Data Retention

We retain your personal data only for as long as necessary to fulfil its intended purpose, or in order to be compliant, such as with any legal, accounting, or reporting requirements.

10 – Your Rights

Ensuring that your personal information is accurate and up-to-date is very important to us. Please notify us if any of your details change so we can update our records accordingly. We cannot be held liable for any inaccuracies unless you have informed us of the relevant updates.

Under data protection laws, you have specific rights concerning your personal data, in addition to the general right to have your data safeguarded. We have summarised these rights below:

Right to be informed: You have the right to know how we collect, use, and process your personal data. This information is outlined in this privacy policy.
Right to access: You may request a copy of the personal data we hold about you to verify that we are processing it lawfully. This is often called a “data subject access request.”
Right to rectification: If any personal information we hold about you is incomplete or inaccurate, you have the right to request corrections.
Right to erasure (“right to be forgotten”): You can ask us to delete your personal data when there is no longer a valid reason for us to process it. This also applies if you have objected to the processing.
Right to object: You can object to the processing of your data if we are relying on legitimate interests or those of a third party, or if your data is being used for direct marketing purposes.
Right to restrict processing: You may request that we pause the processing of your personal data, for instance, if you want us to verify its accuracy or the purpose of processing.
Right to data portability: You have the right to request that your personal data be transferred to another organisation.
Right not to be subject to automated decision-making: We do not use automated decision-making processes that significantly affect you without human review. If such a decision were made, you would have the right to request a human review.

To exercise any of these rights, please reach out to our Data Protection Officer using the Contact Us form on this site.

11 – International Transfer

If your personal data is transferred outside the UK or the European Economic Area (“EEA”), we will ensure that appropriate safeguards (such as standard contractual clauses) are in place.

12 – Cookies

We use Cookies to distinguish you from other Site users, improve your browsing experience, and show you relevant advertising. Some cookies are essential, while others require your consent. See our separate Cookie Policy for more details.

13 – Third-Party Links

Our Site may contain links to third-party websites. We are not responsible for their privacy practices. Please review their policies before providing personal data.

14 – Changes to This Policy

We may update this policy from time to time. The latest version will be posted on our Site with the effective date.

15 – Complaints

If you have any concerns about our use of your personal data, please do contact us. You may also lodge a complaint with the UK Information Commissioner’s Office (ICO) at www.ico.org.uk.