What personal information do we collect?
We collect personal data from you whenever you interact with our Websites, including when you make purchases, when you browse our Websites, when you use our services or when you sign up to receive any of our services. When providing personal data to us through a form, we indicate which personal data is optional. Please note that, when collection of personal data is required or necessary either as needed for us to fulfil your order or based on legal obligation and you elect not to provide the personal data, we may not be able to accept or fulfil your order.
Personal data you provide when you purchase from us
• Your contact details you provide when placing your order
• Details associated with the products you order
• Details of the services you purchase or subscribe to
• When you make a purchase, your payment card details (in accordance with payment card industry standards)
• Your communication and marketing preferences including delivery updates and notifications
Additional Personal Data obtained when you use our Websites
• Details of your online browsing activities on our Websites such as the pages visited and the parts of the Websites used
• Details of the type of device used to access our Websites, your device IP address, and your device location
Additional Personal Data obtained through contact with us
• Details of your interaction with emails that we send you including links that you click and emails that you open
• If contact occurs between us, we will keep a record of that correspondence, including your name and contact data, and details of your customer care issues or other concerns and our response.
How we use the personal data we collect from you?
We will use your personal data for the following purposes:
To fulfil your order:
• To process your order
• To process payment including payment authorisation via payment card, cheque or other third party payment processor
• To carry out identity verification and fraud prevention checks when purchasing with a payment card and validating personal data you provide via a third party payment processor
• To provide data to any third party supplier or vendor who may fulfil your order on our behalf
• To provide order confirmation, delivery status notifications on any order placed with us
For customer care purposes:
• To address any customer care issues that occur either with respect to a product or service, delivery, or a complaint or enquiry that you or your recipient raise with us
• To contact you with any changes, cancellation or other issues with your order
• To manage any registered accounts you have through the Websites
• To obtain customer feedback with respect to an order either from you or your recipient (to the extent permitted under the applicable law)
NOTE: Please note that you will receive communications with respect to fulfilling your order or for customer care purposes even if you opt out of receiving marketing communications.
For marketing purposes:
• To keep you up-to-date with new products and services that we think will be of interest to you
• To provide you with promotional offers
• Notify you of competitions and prize draw offers to enable you to enter and to notify you of any wins
When may you opt out of marketing communications?
You have the right to opt out of receiving direct marketing communications at any time. We will address your opt out request as soon as possible. You may opt out of marketing communications or change your preferences with respect to marketing communications by:
• Unsubscribing from emails using the unsubscribe link which can be found in all marketing emails
How do we protect your personal data?
We are committed to protecting and respecting your privacy rights, and to ensuring that your personal data is safe and secure.
We use administrative, organisational, technical and physical safeguards to protect personal data. Our security controls are designed to protect your personal data from unauthorised alteration, access, disclosure, and use. We regularly test our Websites, data centres, systems, and other assets for security vulnerabilities.
Toucan handles payment card data in a manner consistent with the Payment Card Industry Data Security Standard (PCI-DSS).
What can you do to protect your personal data?
We will never ask you to confirm any bank account or credit card details in writing or via email. If you receive an email or any other written communication claiming to be from us, asking you to provide this data, please ignore it and do not respond.
If you are using a computing device in a public location, you should always log out and close the website browser when you have finished your online session.
Our lawful basis for processing personal data
In some cases, more than one lawful basis may apply with respect to the same personal data.
Contract: We collect and process personal data in order to fulfil the order you place with us, and in accordance with our contract with you to fulfil your order.
Legitimate Interest: We collect and process personal data for our legitimate interests in fulfilling and processing your order, any customer care issues, to conduct research, to send email and direct marketing to you, handling legal claims, and for fraud identification and prevention checks.
Legal Obligations: Toucan is required to comply with applicable laws, rules and regulations as well as industry standards and orders by courts with jurisdiction over Toucan. In doing so, we may collect and retain personal data. For example, Toucan creates and maintains records of your orders to maintain the tax and accounting records required by applicable laws, and to share such records with the tax authorities as and when required.
When might we share your personal data with third parties
We will share your personal data with certain third parties in order to fulfil and process your order, enable us to perform our contract to provide your purchase to you, provide our Websites and to provide you with marketing. The following is a list of types of third parties that may receive your personal data. Our third party providers are required to handle your personal data in accordance with appropriate data protection and security controls.
• Financial/Payment Service Providers: In order to process customer orders placed with us, Toucan contracts with payment service companies who process payment, ensure security of your transactions, and prevent or detect fraudulent transactions.
• Marketing Service Providers:
◦ provide email marketing, SMS (text) marketing, direct marketing campaigns
◦ provide online advertising campaigns
◦ provide to us reporting of our marketing campaigns
• Website Improvement: In order to improve our online customer experience, Toucan contracts with third parties who help us identify and make improvements to our website, provide website traffic data and website performance analysis information, and provide analysis on website performance focused on customer experience.
In addition to the reasons identified above, we may provide your personal data to third parties in the following circumstances:
• Law Enforcement/Government Requests: We may be required by law to provide personal data to law enforcement, a government agency or in response to a search warrant, subpoena or other legally valid enquiry or order, or to an investigative body or civil litigant including emergency situations. We may also disclose personal data when we believe in good faith that disclosure is necessary to comply with relevant laws, for the establishment, exercise or defence of legal claims, to prevent and address fraud and other illegal activity, to prevent death or imminent bodily harm, or to protect or defend the rights, property or safety of our users, others and ourselves.
How long do we keep your personal data?
We will only retain your personal data for the purposes set out in this policy and for as long as we have a legal or business requirement to do so. Different retention periods apply for different types of personal data, however, the longest we will normally hold any personal data is 7 years after the last contact with such person or purchase by such person. The time period for retention will depend on applicable laws, rules or regulations that we are required to follow, whether there is an ongoing request or query or other type of legal claim or dispute, the type of information we are holding and whether we are asked by you or a regulatory authority to keep the personal data.
Your additional rights with respect to your personal data
You may have the following additional rights, detailed below:
• Right to Erasure (also known as “the Right to be Forgotten”): For a limited list of reasons, you may request that your personal data is removed from our systems.
• Right to Restrict: For a limited list of reasons, you may request that we cease using or that we suppress your personal data.
• Right to Object: You may object to our use of your personal data.
• Right to Data Portability: Where we use your personal data based on your consent or to enter or perform a contract with you, and our processing is carried out by automated means, you may request that any personal data you have provided to us be transmitted electronically to you or to another supplier (to the extent feasible).
Please note that if we erase all information about you and you make a future purchase or otherwise become a future customer, then we will not be aware of your prior requests or objections.
Right to Lodge a Complaint: You have the right to lodge a complaint with the owner of the business or governing body.
Updates to this policy
We may use technology to track the patterns of behaviour of registered and non-registered visitors to our site. This can include using a "cookie" which is a small file stored on your browser. The information collected in this way can be used to identify you unless you modify your browser to prevent this happening - guidance for which is set out below. We also aggregate this data to perform statistical analyses of the characteristics and behaviour of visitors to our Websites. Cookies are also used as a further means of ensuring private and secure purchase sessions are operated within the Websites.
We may use third party advertising companies to serve advertisements on our behalf. These companies may employ cookies and action tags (also known as single pixel gifs or web beacons) to measure advertising effectiveness. Any information that these third parties collect via cookies and action tags is completely anonymous. Your browser can be modified to not accept cookies - guidance for which is provided in the paragraph below.
You have the ability to accept or decline cookies by modifying the settings in your browser.