1. Important information and who we are
2. The data we collect about you
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
- Identity Data: includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.
- Contact Data: includes billing address, delivery address, email address and telephone numbers.
- Financial Data: includes bank account and payment card details.
- Transaction Data: includes details about payments to and from you and other details of products and services you have purchased from us.
- Technical Data: includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
- Profile Data: includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
- Usage Data: includes information about how you use our website, products and services.
- Marketing and Communications Data: includes your preferences in receiving marketing from us and our third parties and your communication preferences.
If you fail to provide personal data
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
3. How is your personal data collected?
We use different methods to collect data from and about you including through: Direct interactions. You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you :
- apply for our products or services;
- create an account on our website;
- subscribe to our service or publications;
- request marketing to be sent to you;
- enter a competition, promotion or survey; or
- give us feedback or contact us.
- analytics providers;
- advertising networks; and
- search information providers.
- Contact, Financial and Transaction Data from providers of technical, payment and delivery services.
- Identity and Contact Data from data brokers or.
- Identity and Contact Data from publicly available sources such as Companies House and the Electoral Register based inside the UK.
4. How we use your personal data
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where we need to perform the contract we are about to enter into or have entered into with you.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal obligation.
Generally, we do not rely on consent as a legal basis for processing your personal data although we will get your consent before sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.
Purposes for which we will use your personal data
We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate. The lawful bases we rely on are:-
- Contract – This is where we process your information to fulfil a contractual arrangement we have made with you.
- Consent – This is where we have asked you to provide explicit permission to process your data for a particular purpose.
- Legitimate Interests – This is where we rely on our interests as a reason for processing, generally this is to provide you with the best products and service in the most secure and appropriate way.
- Legal Obligation – This is where we have a statutory or other legal obligation to process the information, such as for the investigation of crime
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.
|Purpose/Activity||Type of Data||Lawful basis for processing including basis of legitimate interest|
|To process any orders that you place with us and to facilitate any returns (Contract)||Identity Contact Transaction Financial Transaction||a) We take payment details to process payment for any credit or debit card orders you place with us. b)We share these details with our chosen payment processors (for example Stripe payments). c) We use your account information plus your chosen delivery address details to deliver your purchases and keep you informed of their status and to process any returns including (where appropriate) collecting the item from you. d) Our chosen payment processors store your payment card details at your request to speed up your checkout in the future (consent).|
|To provide you with access to an account (Contract)||Identity Contact Technical Profile||To register an account with us we capture information such as your name, date of birth, contact and delivery information and also a password to protect your account (account information). We use the same information on an ongoing basis to manage and provide secure access to your account and provide you with the services you request.|
|To provide a customer service to you (Legitimate Interest)||Identity Contact Profile Marketing and Communications||We keep correspondence (customer service records) when you contact our customer service teams or interact with us on social media. We use these customer service records to manage your queries or complaints effectively, for quality monitoring and to continually improve our services.|
|To personalise and improve your experience when you shop (Legitimate Interest)||Identity Contact Technical Profile Usage Marketing and Communications||a) We keep a record of how you interact with our website and any marketing you are exposed to, we use this data, along with purchase history, demographics, account information and third party information, to show you products and offers that we think you will be most interested in and to tailor your experience. b) We use your account information and the information on the devices you use to access our sites and your interactions with us to operate personalised features across our websites, apps and communications.|
|To inform you about products and services that may interest you (Legitimate Interest)||Identity Contact Technical Profile Usage Marketing and Communications||a) We use technologies such as cookies within digital marketing networks, ad exchanges and social media networks such as Facebook’s Custom Audience to get relevant marketing messages across to you and other customers. We share aggregated and anonymised information about the customer segments we are interested in reaching with advertising partners, so they can focus on showing adverts to those who are most likely to be interested in our products, services and offers, and to prevent them showing you irrelevant or repetitive advertisements. b) We receive information on how you interact with our adverts and content on third-party websites and social media platforms (such as Google or Facebook) which we use to tailor the information that is displayed to you.|
|To keep in touch with you (Legitimate Interest)||Identity Contact Technical Profile Usage Marketing and Communications||a) When you register for an account and shop with us we’ll keep you up to date with news of products and services including offers, promotions and sale information, unless you tell us you don’t want us to through your account or using the link in every email that we send to you. b) When we send you communications we use records of how you interact with our website and any other marketing we’ve sent to you, along with purchase history, to tailor the messages to include information you are most likely to be interested in. c) We use your account information to notify you about important service messages, such as material changes to this policy, product and service updates or information about your account. Note: If at any point you have made amendments to your contact preferences in the ‘my account’ section of our website, selecting to receive communications from us, we are operating under consent instead of legitimate interest.|
|To develop and improve our products, range and services (Legitimate Interest)||Technical Profile Marketing and Communications||a) We may contact you to take part in customer satisfaction surveys, if you respond we collect your feedback and contributions (customer feedback). We use this information to develop the services we offer. b) We use information about how you browse and engage with our website to improve our website. c)We use all information, including third party data in the development of new products, services and systems to ensure they work as expected and will be useful to our customers.|
|To prevent and detect crime (Legitimate interest/Legal obligation)||Identity Transaction Financial||We use your account information, order history and payment history to assist in monitoring for fraudulent transactions or suspected money laundering.|
|To fulfil our legal obligations (Legal obligation)||Identity Contact Transaction Financial Profile||a) We use your data to ensure we comply with any requirements imposed on us by law or court order, including disclosure to law or tax enforcement agencies and authorities or pursuant to legal proceedings. b) We will share data with regulatory and other official bodies if they make formal requests. c) We will maintain records to meet regulatory and tax requirements. d) We will use your account information to contact you in connection with product recalls or other similar product quality issues and to comply with our legal obligations in connection with the sale of age restricted products.|
We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising.
Promotional offers from us
We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing). You will receive marketing communications from us if you have requested/opted in to receive information from us or purchased goods or services from us and you have not opted out of or unsubscribed from receiving that marketing.
We will not share your personal data with any third party for marketing and promotional purposes.
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
5. Data security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
6. Data retention
How long will you use my personal data for?
We will only retain your personal data for as long as you are a customer of ours. By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for seven years after they cease being customers to comply with legal requirements. We consider you a customer:
- as long as you hold an open subscription account;
- for 2 years from the point you last made a purchase from our website; or
- during any time we are managing a customer service request from you.
7. Your legal rights
You have a number of ‘Data Subject Rights’ below is some information on what they are and how you can exercise them. There is more information on the Information Commissioners website ico.org.uk
- Right of access – You have the right to request a free copy of the personal information that we hold about you.
- Right to rectification – If you think any of your personal information that we hold is inaccurate, you have the right to request it is updated. We may ask you for evidence to show it is inaccurate.
- Right to erasure (also known as the Right to be Forgotten) and the Right to restriction of processing – You have the right to request that we stop processing, or delete, all of your personal information that we hold. If you exercise this right we will keep a note of your name linked to your request and it won’t prevent us from processing any new information you provide to us subsequently.
- Right to data portability – You have the right to ask us to electronically move, copy or transfer your personal information in a machine readable format.
- Rights with regards to automated decision making, including profiling – We sometimes use your personal information to make decisions by automated means. This involves us analysing your account activity including orders, subscriptions, payments etc. We do this to confirm your identity, prevent and detect crime. This automated decision making is necessary if you would like to continue to shop with us online. You have a right to reject automated decisions but it may mean that you cannot shop with us.
- Right to withdraw Consent – Where we are relying on your consent for processing you can withdraw or change your consent at any time.
The above rights may be limited in some circumstances, for example, if fulfilling your request would reveal personal information about another person, if you ask us to delete information which we are required to have by law, or if we have compelling legitimate interests to keep it. We will let you know if that is the case and will then only use your information for these purposes. You may also be unable to continue using our services if you want us to stop processing your personal information. If you have any general questions or want to exercise any of your rights please contact firstname.lastname@example.org. For security reasons we may need to request proof of identity before we disclose personal information to you in response to any request. We encourage you to get in touch if you have any concerns with how we collect or use your personal information. You do however also have the right to lodge a complaint directly with the Information Commissioners Office, the data protection regulator in the UK, their contact details can be found on their website at www.ico.org.uk If you wish to exercise any of the rights set out above, please contact us.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
8. Third Parties
We always make efforts to anonymise data and only pass over personal information that is absolutely necessary for the purposes for which it is being processed. We always do so securely. We have contracts in place with all suppliers that help us to ensure security and privacy of your personal information, these are reviewed and updated regularly and always in line with data protection laws. We may, from time to time, share data with the following third parties:
- Delivery partners – helping us to deliver the goods you order to you including our brand partners that dispatch and deliver goods to you directly.
- IT companies – supporting us in maintaining our website and other business systems including; providing phone lines, data storage facilities, and providing and supporting Cloud based infrastructure used in providing our products and services.
- Marketing companies and online advertising – helping us to manage our electronic communications to you and to help us show you the advertising that you are most likely to be interested in, companies that provide marketing and advertising assistance (including management of email marketing operations, mobile messaging services such as SMS, and services that deploy advertising on the internet or social media platforms, such as Facebook and Google) as well as analysis of the effectiveness of our advertising and communications campaigns.
- We use technologies such as cookies, pixels, and device ID’s within digital marketing networks, ad exchanges and social media networks such as Facebook’s Custom Audience to get relevant marketing messages across to you.
- Consumer profiling organisations – These organisations provide demographic or other data to help better understand customers’ demographics, lifestyles or shopping.
- Payment processors – payment card processors to process credit and debit card payments and store payment information such as Stripe payments.
If we have reason to suspect fraud or other criminal offences we will pass your personal information to fraud prevention agencies (such as CIFAS) or law enforcement agencies for the detection, investigation and prevention of crime. If we think there is a risk of fraud, we may suspend activity on your account or refuse access to your account and/or cancel an order. If we do this we will inform you by email or SMS and ask you to contact us.
- Research and analytics companies – We may share personal details to allow research companies and feedback providers to contact you directly on our behalf in order to capture your opinions on our products, services, websites and apps. We may ask these research companies to analyse the results so that we can better understand your online experience, which will help us to improve our services. We only provide them with the information they need to perform their function. This may take the form of a survey, where you may be asked to review a product or service you’ve bought or provide general feedback on our products and services. You will always have the choice about whether to take part in our market research or surveys.
We may share information with specialist companies to analyse customer information to help us better understand how you use our services and to tailor products, services and offers that may be relevant for you. We utilise companies that help us track and record the way you navigate our website, so that we can understand your online experience and use it to improve our services and offer a more personalised experience.
- General service companies – such as printers and mailing houses that assist us in providing our products and services.
- Regulators and the Police – We will share data with regulators and other official bodies (including law enforcement) if they make formal requests or pursuant to legal proceedings.
9. Third-party apps, websites and services
If you use any third-party apps, websites or services to access our services, your usage is subject to the relevant third party’s terms and conditions, cookies policy, and privacy notice. For example, if you interact with us on social media, your use is subject to the terms and conditions and privacy notices of the relevant social media platform (Facebook, Twitter etc.). The same applies if you use third-party services, like Amazon’s Alexa for example, as your use of the service is subject to their applicable terms and conditions. We may be required to share customer information relating to transactions involving third-party services with that third party.
10. Charity partnerships
When working with partner charities, we will not make unreasonable intrusions into privacy, are not unreasonably persistent and will not place undue pressure on anyone to donate to the charity we have chosen to work with.