Privacy Policy

Privacy Policy for

As of 25th May, 2018, the EU has introduced a new law named the General Data Protection Regulation (GDPR). The GDPR changes how personal data can be collected and used. It explicitly allows any data processing that is ‘strictly necessary’ for the service but using the data additionally for advertisement or to sell it on needs the users' free opt-in consent. So, whatever is really necessary for an application, website or other device, is legal without consent, the rest needs a free 'yes' or 'no' option.

We, at CHERRIBOX GROUP LIMITED, treat the privacy of our visitors with the utmost importance. The only data we gather is that which is deemed 'strictly necessary' to use our website and services. No data is ever sold on to a third party.

The purpose of this policy is to clearly lay out how we control, process, handle and protect your personal information while browsing or using this website, including your rights under current laws and regulations.

Should you ever wish to be removed from our system then you can either delete your account with us or contact us requesting system removal of your personal data. This will be acted upon promptly within hours of receiving your request.

1. Policy key definitions

•    "I", "our", "us", or "we" refer to the business, CherriBox Group Limited.
•    "you", "the user" refer to the person(s) using this website.
•    GDPR means General Data Protection Act.
•    PECR means Privacy & Electronic Communications Regulation.
•    ICO means Information Commissioner's Office.
•    Cookies mean small files stored on a users computer or device.

2. Your Individual Rights

Under the GDPR your rights are as follows:
•    the right to be informed;
•    the right of access;
•    the right to rectification;
•    the right to erasure;
•    the right to restrict processing;
•    the right to data portability;
•    the right to object;
•    the right not to be subject to automated decision-making including profiling.

You also have the right to complain to the ICO ( if you feel there is a problem with the way we are handling your data. We handle subject access requests in accordance with the GDPR.

3. Information Collection

Operation of this site requires collection and processing of the following data:
3.1 Visit details to our site or any resources used on our site.
3.2 Information given to us when you contact us for any reason.
3.3 Data offered by filled out forms on our site, like a registration or purchase.

4. Cookies

We use cookies on this website for essential functionality only and to provide you with a better user experience. They track how the website is used and to keep you logged into a website. These are required to enjoy and use the full functionality of this website. Your web browser should provide you with the controls to manage and delete cookies from your device, please see your web browser options.

Our cookies are used for:
•    Tracking - used by our affiliate system
•    Currency - used to define the currency in which product prices will be shown
•    Language - used to define the language to load
•    Session ID - this holds the ID of the customer session

5. Your Information and how it is Used

We collect and store minimal personal data to help us provide better service and products to you. The following are purposes we may use your information for:
5.1 To notify you of changes to our website, products or services that could affect our service to you.
5.2 Information on products or services similar to those of an existing consumer purchase may be communicated to you. The information sent to you in a communication will be similar to the subject of a recent sale.
5.3 New consumers can be contacted by our website only if consent has been granted, and only for those communications you have granted.
5.4 An opportunity for declining your consent is provided on our site. Use this opportunity to withhold your details from us or third parties, regarding data we may collect.

6. Storage of Personal Data

6.1 We ensure the security of any personal information we hold by using the best secure and encrypted data storage technologies and precise procedures in how we store, access and manage that information. Our methods meet the GDPR compliance requirement.

6.2 The European Economic Area is large, but we may have to transfer data outside of this area. If data is transferred outside the European Economic Area it will be for storing and processing. A processing staff operating outside this area may belong to our website or a supplier, in which they can process or store your information. An example: to process and complete your sale or offer support services we may have to go outside the European Economic Area for the transfer. When you click submit of your payment details, personal information or other electronic communication you agree to the transfer for storage and processing. We take all necessary steps for security known to be in agreement with the Privacy Policy found here.

6.3 Information submitted by you is stored on secure servers we have. Any payment or transaction details will be encrypted for full safety measures to be in use.

6.4 As you know, transmission of data on the internet is never guaranteed regarding safety. It is impossible to guarantee your safety with electronic data and transmission. You are therefore at your own risk if you elect to transmit any data. When offered you may create a password, but you are responsible for keeping it confidential.

7. Information Sharing

7.1 A sale of our business or its assets, in full or part, to a third party may require personal data sharing.
7.2 Legally, we may be asked to share and disclose data details.
7.3 To assist in reducing credit risk and fraud protection.

8. Email marketing messages and subscription

Under the GDPR we use the consent lawful basis for anyone subscribing to our newsletter or marketing mailing list. You are required to read, understand and agree to the terms of this privacy policy. Only newsletter subscribed email addresses are collected. Any email marketing messages we send are sent either by us directly or occasionally done so through our secure and verified email marketing service provider (EMS). An EMS is a third party service provider of software/applications that allows marketers to send out email marketing campaigns to a list of users.

Email marketing messages that we send may contain tracking beacons/tracked clickable links or similar server technologies in order to track subscriber activity within email marketing messages. Where used, such marketing messages may record a range of data such as times, dates, IP addresses, opens, clicks, forwards, geographic and demographic data. Such data, within its limitations will show the activity each subscriber made for that email campaign.

Any email marketing messages we send are in accordance with the GDPR and the PECR. We provide you with an easy method to withdraw your consent (unsubscribe) or manage your preferences and the information we hold about you at any time. See any marketing messages for instructions on how to unsubscribe or manage your preferences.

Our EMS provider is Mailchimp. We hold the following information about you within our EMS system;

•    Email address
•    IP address
•    Subscription time & date

9. Third Party Links

Links on our site that belong to third parties may be found. These websites have their own Privacy Policy, which you agree to when you link to the site. You should read this third party policy. We do not accept claims of liability or responsibility in any way for these policies or links, as we have no way to control the third party sites.

10. Resources and Further Information

•    Overview of the GDPR - General Data Protection Regulation
•    Data Protection Act 1998
•    Privacy and Electronic Communications Regulations 2003
•    The Guide to the PECR 2003
•    Mailchimp Privacy Policy

11. Contacting Us

We welcome any queries, comments or requests you may have regarding this Privacy Policy. Please feel free to contact us at