1 OUR APPROACH
1.2 This Policy should be read in conjunction with the Terms and Conditions of use for the Website of which it forms part (the “Terms”).
1.3 By using this Website or submitting information to us through or in connection with this Website, you acknowledge having been informed that we collect, use and disclose your personal information in accordance with this Policy.
1.4 If you have any questions about this Policy, please contact us on firstname.lastname@example.org
2 WHAT IS PERSONAL DATA?
2.1 Personal data means any information relating to a person who can be identified either directly or indirectly; it may include name, address, email address, phone number, credit / debit card number, IP address, location data, purchase history (“Personal Data”).
3 THE INFORMATION WE COLLECT AND HOW WE USE IT
3.1 We will use, store or otherwise process any of your Personal Data in accordance with the terms of this Policy, including but not limited to, your name, postal address (for billing and delivery), e-mail address, telephone number, IP address, location data and any other Personal Data collected on registration with the Website, on placing an order and through surveys to the extent reasonably necessary to provide the products and services that are available through our Website to you by us. Credit or debit card details are held via the Sagepay ‘token’ system and are not visible to us.
3.2 When we collect Personal Data through forms, including but not limited to electronic forms, we will indicate the mandatory fields via asterisks. Failure to provide the data marked with an asterisk could prevent you from accessing a service of ours.
3.3 We will take reasonable steps to ensure the Personal Data that we store is accurate, complete and up-to-date.
3.4 We will only process your Personal Data, in accordance with applicable law, for the following purposes:
3.4.1 creating and maintaining your customer account, if you become our registered customer;
3.4.2 to carry out our contract with you, if you are a customer;
3.4.3 offering our goods and services to you in a personalised way, for example, we may provide suggestions based on your previous searches to enable you to identify suitable goods or services quicker. This may also include, where legally permitted, processing data related to your location;
3.4.4 handling and fulfilling your orders and dealing with your inquiries, if you request goods or services from us;
3.4.5 processing your payment, if you purchase any of our goods or services;
3.4.6 enabling our suppliers and service providers to carry out certain functions on our behalf, including payment processing, verification, technical, logistical or other functions, as may be required, in order to fulfil your orders;
3.4.7 resolving any returns, refunds or disputes, if you lawfully exercise your rights or if you wish to dispute any part of our offering;
3.4.8 carrying out market research campaigns and sending you personalised marketing communications, where you have agreed that we may do so, in order to keep you informed of our products, which we consider may be of interest to you;
3.4.10 ensuring the security of your account and our business, preventing or detecting fraud or abuses of our website, for example, by requesting verification information in order to reset your account password;
3.4.11 developing and improving our products and services, for example, by reviewing visits to our Website and its various subpages and demand for specific goods or services;
3.4.12 for our own administrative purposes, including training our staff, conducting internal audits or transferring assets as part of a sale, purchase or investment in the business; and
3.4.13 to comply with applicable law, for example, in response to a request from a court or regulatory body, where such request is made in accordance with the law.
3.5 To process your Personal Data lawfully we need to rely on one or more valid legal grounds. The grounds we may rely upon include:
3.5.1 your consent to particular processing activities. For example, where you have consented to us using your information for marketing purposes;
3.5.2 our legitimate interests as a business (except where your interests or fundamental rights override these). For example, it is within our legitimate interests to use your Personal Data to prevent or detect fraud or abuses of our Website;
3.5.3 our compliance with a legal obligation to which we are subject. For example, we have a duty to investigate and respond to complaints made against us and may need to process your Personal Data as part of such investigation; or
3.5.4 if you are a customer, because processing your Personal Data is necessary for the performance of a contract.
4 INFORMATION SECURITY
4.1 The Internet is not a secure medium. However, we have put in place various security procedures as set out in this Policy. All your card details are passed from your browser to Sage Pay using secure server software (ssl) encryption. Sage Pay use secure server software (ssl) encryption systems. Your user account area is protected by your user name and password, which you should never divulge to anyone else.
4.2 Communications over the Internet, such as emails/webmails are not secure unless they have been encrypted. Your communications may route through a number of countries before being delivered – this is the nature of the World Wide Web/Internet. We cannot accept responsibility for any unauthorised access or loss of Personal Data that is beyond our control.
4.3 We believe that we have appropriate policies, rules and technical measures to protect the Personal Data that we have under our control (having regard to the type and amount of that Personal Data) from unauthorised access, improper use or disclosure, unauthorised modification, unlawful destruction or accidental loss.
5 TO WHOM WILL YOUR INFORMATION BE DISCLOSED?
5.1 There are circumstances where we wish to disclose or are compelled to disclose your Personal Data to third parties. This will only take place in accordance with the applicable law and for the purposes listed in clause 3 above. These scenarios include disclosure:
5.1.1 to our employees, affiliates, group companies and their employees;
5.1.2 to our outsourced service providers or suppliers who assist us in operating our Website, conducting our business, or servicing you (including but not limited to IT support service providers), so long as those parties agree to keep the Personal Data confidential;
5.1.3 to our advertising partners who enable us to deliver personalised ads to your devices or similar advertising;
5.1.4 subject to your consent, to our marketing partners, who may contact you by post, email, telephone, SMS or by other means. If at any time after you have consented to us using your Personal Data for marketing purposes and you wish us to stop using your Personal Data for these purposes, please contact us on +44 (0)1394 388 668
5.1.5 to third party service providers and consultants in order to protect the security or integrity of our business, including our databases and systems and for business continuity reasons;
5.1.6 to another legal entity, on a temporary or permanent basis, for the purposes of a joint venture, collaboration, financing, sale, merger, reorganisation, change of legal form, dissolution or similar event. In the case of a merger or sale, your Personal Data will be permanently transferred to a successor company;
5.1.7 to public authorities or other third parties where we are required by law to do so; and
5.1.8 to any other third party where you have provided your consent.
6 INTERNATIONAL TRANSFER OF PERSONAL DATA
We may transfer your Personal Data to a third party in countries outside the country in which it was originally collected for further processing in accordance with the purposes set out in clause 3 above. In particular, your Personal Data may be transferred throughout the Margaret Howell group and to our outsourced service providers located abroad. In these circumstances we will, as required by applicable law, ensure that your privacy rights are adequately protected by appropriate technical, organisation, contractual or other lawful means. Please contact the Privacy Officer for a copy of the safeguards which we have put in place to protect your Personal Data and privacy rights in these circumstances.
7 RETENTION OF PERSONAL DATA
7.1 Your Personal Data will be retained until your last use or purchase of our services or goods and normally for a period of fifteen years thereafter, unless longer retention is required by applicable local law or where we have a legitimate and lawful purpose to do so. However, we will not retain beyond this period any of your Personal Data that is no longer required for the purposes set out in this Policy. The retention of your Personal Data will be subject to periodic review.
7.2 We may keep an anonymised form of your Personal Data, which will no longer refer to you, for statistical purposes without time limits, to the extent that we have a legitimate and lawful interest in doing so.
7.3 Please see the Margaret Howell Data Retention and Destruction policy for more details of applicable retention periods.
8 YOUR RIGHTS IN RELATION TO YOUR INFORMATION
8.1 Data protection law provides you with numerous rights, including the right to: access, rectify, erase, restrict, transport, and object to the processing of, your Personal Data. You also have the right to lodge a complaint with the relevant data protection authority if you believe your Personal Data is not being processed in accordance with applicable data protection law.
8.2 Right to make subject access request (SAR). You may, where permitted by applicable law, request copies of your Personal Data. If you would like to make a SAR, i.e. a request for copies of the Personal Data we hold about you, you may do so by writing to the Privacy Officer. The request should make clear that a SAR is being made. You may also be required to submit a proof of your identity and a fee.
8.3 Right to rectification. You may request that we rectify any inaccurate and/or complete any incomplete Personal Data.
8.4 Right to withdraw consent. You may, as permitted by applicable law, withdraw your consent to the processing of your Personal Data at any time when such processing is based on your consent. Such withdrawal will not affect the lawfulness of processing based on your previous consent. Please note that if you withdraw your consent, you may not be able to benefit certain service features for which the processing of your Personal Data is essential.
8.5 Right to object to processing, [including automated processing and profiling]. You may, as permitted by applicable law, request that we stop processing your Personal Data.
8.6 Right to erasure. You may request that we erase your Personal Data and we will comply, unless there is a lawful reason for not doing so. For example, there may be an overriding legitimate ground for keeping your Personal Data, such as, a legal obligation that we have to comply with, or if retention is necessary for us to comply with our legal obligations.
8.7 Right to restriction of processing. In some cases, you have the right to obtain restriction of the processing of your Personal Data.
8.8 Right to data portability. You have the right to receive the Personal Data concerning you which you provided to us, in a structured, commonly used and machine-readable format, and you have the right to transmit such data to another data controller without hindrance from us. This right only applies when the processing of your Personal Data is based on your consent or for the performance of a contract and such processing carried out by automated means.
8.9 Your right to lodge a complaint with the supervisory authority. We suggest that you contact us about any questions or if you have a complaint in relation to how we process your Personal Data. However, you do have the right to contact the relevant supervisory authority directly. To contact the Information Commissioner’s Office in the United Kingdom, please visit the ICO website for instructions.
9 COOKIE STATEMENT
What are cookies and do we use them?
9.2 A cookie is a small file that a website or its service provider transfers to your computer’s hard drive through your web browser (if you allow) that enables the websites or service providers systems to recognise your browser and capture and remember certain information.
9.3 You can set your browser to notify you when you receive a cookie. This enables you to decide if you want to accept it or not. Alternatively, you can choose to turn off all cookies via your browser settings. However, some of the services and features offered through our Website may not function properly if your cookies are disabled. However, you can still place orders over the telephone or by contacting customer service.
9.4 Cookies can be first party or third party cookies.
- First party cookies – cookies that the website you are visiting places on your computer.
- Third party cookies – cookies placed on your computer through the website but by third parties, such as, Google.
What cookies are used on our site?
9.5 We use the following cookies on our website:
- Strictly necessary / Session cookies
These cookies are essential to enable you to move around our Website and use its features, such as accessing secure areas of the website. Without these cookies, services you asked for, like shopping baskets or e-billing, cannot be provided. They are deleted when you close the browser. These are first party cookies.
- Performance cookies
These cookies collect information in an anonymous form about how visitors use our Website. They allow us to recognise and count the number of visitors and to see how visitors move around the Website when they are using it and the approximate regions that they are visiting from. These are first party cookies.
- Functionality cookies
These cookies allow the Website to remember choices you make (such as your user name, language or the region you are in) and provide enhanced, more personal features.
These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customise. The information these cookies collect may be anonymised and they cannot track your browsing activity on other websites. These are first party cookies.
- Targeting or advertising cookies
These cookies allow us and our advertisers to deliver information more relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of advertising campaigns. They remember that you have visited our Website and may help us in compiling your profile. These are persistent cookies which will be kept on your device until their expiration or earlier manual deletion.
- Social Media cookies
These cookies allow you to connect with social media networks such as Instagram, Twitter, Facebook and Pinterest. These are persistent cookies which will be kept on your device until their expiration or earlier manual deletion.
10 COOKIE CONSENT AND OPTING OUT
11 FURTHER INFORMATION
For further information from us with regard to this Policy, please write to Homespun Clothing, 70 New Street, Woodbridge IP12 1DX or email us at email@example.com
Please note that this website is not intended for children under the age of 16.
13 LINKED WEBSITES
We are not responsible for the privacy policies and practices of other websites even if you accessed the third party website using links from our Website. We recommend that you check the policy of each website you visit and contact the owner or operator of such website if you have concerns or questions.
We reserve the right to amend or modify this Policy without notice to you and if we do so we will post the changes on this page. It is your responsibility to check the Policy every time you submit information to us or place an order.