1.2 This document (the "policy") is our Data Promise to you. Please read it carefully. Among other things, it explains:
1.2.1 what personal data we may collect about you in connection with: (i) providing you with our goods and services; (ii) your online interaction with us (including via our website(s), email or social media channels); (iii) our in-person interactions with you (such as in-store); and (iv) any other channels related or ancillary to the foregoing (collectively, the "Channels");
1.2.2 how we collect, store, disclose, transfer, protect and otherwise process that information and for what purposes; and
1.2.3 other important information, such as the lawful bases by which we process your personal data, how long we might retain your personal data, and the rights you have in relation to personal data we hold about you.
1.4 In this policy, terms defined in the GDPR, including "data subject", "personal data", and "processing", have the same meaning when used in this policy. The words "include", "including", "such as" and similar words and phrases shall be construed to mean "including without limitation".
1.5 This policy is intended to be communicated to you in a concise, transparent, intelligible and easily accessible manner, but we appreciate that you may have queries or want to seek clarification as to its terms. If so, please email firstname.lastname@example.org. or write to [Data Protection Enquiries, 5 Arduthie Street, Stonehaven, United Kingdom, AB39 2HU] and we will endeavour to respond as soon as possible.
1.6 The Company reserves the right to make changes to this policy in order to reflect any changes in Data Protection Legislation and best practices from time to time.
2. The personal data we process
2.1 We collect personal data about you through the Channels when you:
2.1.1 access and use our websites;
2.1.2 subscribe on our website or for other services, contests, special events;
2.1.3 purchase a product from us;
2.1.4 request technical support or other customer care support;
2.1.5 participate in polls, surveys and questionnaires;
2.1.6 contact us (whether in writing, by email, by telephone or otherwise);
2.1.7 post content on our social media pages; or
2.1.8 otherwise interact with us through the Channels.
2.2 The type of personal data we process may include (if and as applicable):
2.2.2 your name, email address, postal address, telephone number and other information provided by you;
2.2.3 information relating to your fashion interests and purchase history
2.3 Payment (such as credit card) information you use to pay for purchases is processed only to the extent, and for the duration, necessary to enable our third party payment processors to process the relevant payment. No such payment information is retained or stored by us.
2.4 We do not process:
2.4.1 any special categories of personal data (including details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data);
2.4.2 any information about criminal convictions and offences; or
2.4.3 any information about children under the age of 13, and you should not provide us with any such information through any of the Channels.
3. The purposes for which we process your personal data
3.1 We use the personal data referred to in paragraph 2 above for the purposes of (if and as applicable):
3.1.1 personalising content on the Channels;
3.1.2 sending you promotional and marketing materials, notifications, updates and exclusive news;
3.1.3 providing you with access to our products and services and fulfilling product orders;
3.1.4 internal training and other internal uses to improve our services and customer experience (including improving our marketing and promotional efforts, analysing channel usage statistics, improving content and product offerings and customising the content and layout of our stores and online websites);
3.1.5 responding to any correspondence from you including enquiries, comments, complaints and technical problems;
3.1.6 administering any polls, services, questionnaires, contests, or special events which you may have subscribed for;
3.1.7 recording your purchase history and administering your account with us;
3.1.8 market research and demographic studies; and
3.1.9 carrying out our business activities in circumstances where you ought reasonably to have an expectation that we will process your personal data for a particular purpose.
3.2 We may process your personal data for the purposes set out in paragraph 3.1 ourselves or in conjunction with our third party service providers.
4. The lawful bases by which we process your personal data
4.1 Your consent
By accepting the terms of this policy, you give the Company your express, freely given consent to process any of your personal data in accordance with the terms of this policy. You may withdraw your consent given under this paragraph (in whole or in part) at any time by contacting email@example.com. You can also unsubscribe from different types of emails by following the unsubscribe link displayed at the bottom of each email. The withdrawal of your consent shall not affect the lawfulness of processing based on consent before withdrawal or the lawfulness of processing based on other lawful grounds as set out below.
4.2 Other lawful grounds
Without prejudice to the consent given by you under paragraph 4.1 above, the Company may process your personal data in any circumstances where such processing is necessary:
4.2.1 in order to perform any agreement between us (including pursuant to our Terms and Conditions or for us to fulfil an order placed by you);
4.2.2 to comply with any applicable law or regulation; or
4.2.3 for the purposes of the legitimate interests pursued by us or third parties. These legitimate interests include the purposes identified above in paragraph 3.1 but also include other general commercial interests and our internal administrative purposes.
6. Sharing information with affiliates and third parties
6.1 We will not share any of your personal data with third parties except as set out in paragraph 6 or otherwise notified to you or agreed between you and us from time to time.
6.2 We may share personal data with our group companies and partnered companies (together, "Affiliates") in order to provide our goods and services to you and for the other purposes outlined in this policy.
6.3 From time to time, we will also need to share personal data with the following types of third party service providers who we engage to provide services which facilitate our business and who may need to process your personal data to the extent necessary to provide those services:
6.3.1 email service providers such as Mailchimp;
6.3.2 web analytics services such as Google analytics;
6.3.3 retail management, payment processing and point of sale services such as Shopify, Klarna and Paypal;
6.3.4 credit reference and fraud prevention services (as well as law enforcement and fraud prevention agencies more generally);
6.3.5 professional service providers, such as marketing agencies, advertising partners and website hosts;
6.3.6 logistics companies;
6.3.7 address verification services;
6.3.8 integration platform providers;
6.3.9 other third parties approved by you, such as social media sites which share content via or third parties who administer any competitions or surveys on our behalf which you voluntarily partake in; and
6.3.10 any similar or replacement third parties from time to time.
6.4 We seek to ensure that any third party engaged by us who processes your personal data has policies and procedures in place to ensure compliance with the Data Protection Legislation. For any third parties that are based, or process data, overseas, we only engage such third parties in accordance with paragraph 7. Unless otherwise disclosed to you from time to time, we will remain the data controller in respect of your personal data notwithstanding that third parties may be engaged as data processors.
6.5 We may share your personal information with third parties where we are required to do so by law or regulation (such as in connection with an investigation of fraud or other legal enquiry) or in connection with other legal proceedings (including where we believe that your actions violate applicable laws or any usage guidelines for specific products or services, or threaten the rights, property, or safety of our Company, our users, or others.
7.International transfers of personal data
7.1 As we operate globally, it may be necessary to transfer your information internationally. In particular your information may be transferred to and/or stored on the servers of our Affiliates or other third parties identified in paragraph 6 which are based outside of the European Economic Area (EEA).
7.2 However, we will not transfer your personal data outside of the EEA unless:
7.2.1 such transfer is to a country or jurisdiction which the EU Commission has approved as having an adequate level of protection (including to the USA where Privacy Shield compliant);
7.2.2 appropriate safeguards are in place as set out in Article 46 GDPR or equivalent provisions of subsequent Data Protection Legislation; or
7.2.3 the transfer is otherwise allowed by applicable Data Protection Legislation (such as in the form of a derogation under Article 49 GDPR).
8. Your rights as a data subject
Subject to any conditions or requirements set out in the relevant Data Protection Legislation, you may have some or all of the following rights in relation to the personal data we hold about you:
8.1 the right to request a copy of your personal data held by us;
8.2 the right to correct any inaccurate or incomplete personal data held by us. You amend any personal data which cannot be modified online, by emailing us at firstname.lastname@example.org;
8.3 the right to request that we erase the personal data we hold about you;
8.4 the right to request that we restrict the processing of your data;
8.5 the right to have your personal data transferred to another organisation;
8.6 the right to object to certain types of processing of your personal data by us; and
8.7 the right to complain.
9. Storage and retention of your personal data
9.1 As a minimum, we will store your data for as long as is reasonably necessary to provide you with the goods and services that you have requested from us, but in most cases we will retain certain of your personal data for as long as is reasonably necessary taking into consideration factors such as:
9.1.1 our need to perform any agreements between you and us (including order fulfilment);
9.1.2 our need to answer any queries or resolve any problems you may have;
9.1.3 your continued consent to receive marketing and other emails and communications from us;
9.1.4 our continued provision of our services to you; and
9.1.5 our need to comply with legal requirements (e.g. relating to record keeping).
9.2 If you tell us that you would like to delete your account, we will take steps to delete all the personal data we hold about you once it is no longer necessary for us to hold it (e.g. to fulfil any outstanding orders, resolve disputes, or as is permitted by applicable law or regulation).
9.3 For as long as we do store your data, the Company follows generally accepted industry standards and maintains reasonable safeguards to attempt to ensure the security, integrity, and privacy of the information you have provided. The Company has security measures in place designed to protect against the loss, misuse, and alteration of the information under our control. Personal data collected by the Company is stored in secure operating environments that are not available to the public. The Company maintains information behind a firewall-protected server and uses SSL encryption for purchases made through our online store.
9.4 Notwithstanding our efforts to keep your personal data secure, no system can be 100% reliable. To the fullest extent permitted by law, we cannot be held liable for any loss you may suffer if a third party procures unauthorised access to any data you provide through the Channels. In addition, you are responsible for maintaining the strength and confidentiality of your login credentials.
9.5 We will notify you as soon as reasonably practicable if we have reason to believe that there has been a personal data breach by us (or your personal data held by us) which could adversely affect your rights and freedoms.
List of Cookies we collect
The table below lists the cookies we collect and what information they store.
COOKIE NAME COOKIE DESCRIPTION
CART the association with your shopping cart.
CATEGORY_INFO stores the category info on the page, that allows to display pages more quickly.
COMPARE the items that you have in the compare products list.
CURRENCY your preferred currency
CUSTOMER an encrypted version of your customer id with the store.
CUSTOMER_AUTH an indicator if you are currently logged into the store.
CUSTOMER_INFO an encrypted version of the customer group you belong to.
CUSTOMER_SEGMENT_IDS stores the customer segment id
EXTERNAL_NO_CACHE a flag, which indicates whether caching is disabled or not.
FRONTEND you session id on the server.
GUEST-VIEW allows guests to edit their orders.
LAST_CATEGORY the last category you visited.
LAST_PRODUCT the most recent product you have viewed.
NEWMESSAGE indicates whether a new message has been received.
NO_CACHE indicates whether it is allowed to use cache.
PERSISTENT_SHOPPING_CART a link to information about your cart and viewing history if you have asked the site.
POLL the id of any polls you have recently voted in.
POLLN information on what polls you have voted on.
RECENTLYCOMPARED the items that you have recently compared.
STF information on products you have emailed to friends.
STORE the store view or language you have selected.
VIEWED_PRODUCT_IDS the products that you have recently viewed.
WISHLIST an encrypted list of products added to your wishlist.
WISHLIST_CNT the number of items in your wishlist.
A cookie is a small file which asks permission to be placed on your computer's hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us. You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.