21 November 2022
1. ABOUT THIS POLICY
1.2. We treat compliance with privacy obligations seriously. This is why we have developed this Policy, which describes the standards that we apply to protect Personal Data. If you have any questions or comments, please contact us via email at firstname.lastname@example.org.
2. WHAT PERSONAL DATA DO WE COLLECT AND WHY?
2.1. The types of Personal Data that we collect about you, and the reasons why we process it, are:
2.1.1. When you create an account with us: When you create an account with us on our Site we will collect your name, email address and phone number. We do this under our legitimate interest to respond to your queries and may process this information to enter into a contract with you to provide you with any products you might purchase.
2.1.2. When you purchase from our Site: When you purchase any product(s) from our Site, in addition to the information detailed above, we will also collect your delivery address and your payment information. We do this under our legitimate interest to fulfil your order.
2.1.3. To complete your order: When you place an order on our Site we will share your payment details with our third party providers Stripe and / or Klarna who will process your order. We do this to fulfil our contractual obligations.
2.1.4. When you receive our news updates. We will handle your Personal Data (such as your name and email address) to provide you with our news updates in line with any preferences you have told us about.
When we send you our news updates because you have opted-in to receive them, we rely on your consent to contact you. If you have not opted-in and we send you our news updates emails, we do this because of our legitimate interest to promote our business.
You can unsubscribe from our updates at any time by clicking the unsubscribe link at the bottom of any of our emails, by emailing email@example.com.
2.1.5. When you apply to work for us. When you enter into the recruitment process with us we may collect your name, contact details, recruitment information (e.g. right to work documentation and references), qualifications, accreditations, test results (inc. psychometric) and any additional information we may receive from our recruitment partners.
We will use your Personal Data to assess your suitability for our available roles.
We do this to perform a contract or to take steps at your request, before entering into a contract. Where we process your right to work documentation, we will do so to comply with our legal obligations.
2.1.6. To make our Site better: When you consent, we collect information about how you use our Site including your IP address, device type, unique device identification numbers, browser-type, broad geographic location (e.g. country or city-level location) and other technical information. We use this information to improve our Site and to better understand how people use it. More detail on the information we collect and how we do this is set out in our Cookies Policy.
2.1.7. If our business is sold: We process your Personal Data for this purpose because we have a legitimate interest to ensure our business can be continued by the buyer. If you object to our use of your Personal Data in this way, the buyer of our business may not be able to provide services to you.
In some circumstances we may also need to share your Personal Data if we are under a duty to disclose or share it to comply with a legal obligation.
2.1.8. When you fill out your Style Profile: We collect information regarding your style preferences. We do this under our legitimate interest to further curate your box purchase.
3. WHO DO WE SHARE YOUR PERSONAL DATA WITH?
3.1. We may disclose your Personal Data to the following categories of recipients:
3.1.1. to our group companies for purposes consistent with this Policy, and in particular, so that they may contact you regarding products and services that may be of interest to you where you have given your consent for us to do so;
3.1.2. to our third party vendors, services providers and partners who provide data processing services to us, or who otherwise process Personal Data for purposes that are described in this Policy or notified to you when we collect your Personal Data in order to fulfil our obligations under the contract we enter with them or you;
3.1.3. to any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary in order to comply with our legal obligations;
3.1.4. to our auditors, advisors, legal representatives and similar agents in connection with the advisory services they provide to us to comply with our legal obligations;
3.1.5. to a potential buyer (and its agents and advisers) in connection with any proposed purchase, merger or acquisition of any part of our business, under our legitimate interest to ensure the purchaser can carry on our business; and
3.1.6. to any other person if you have provided your prior consent to the disclosure.
4. WHAT ARE YOUR RIGHTS UNDER DATA PROTECTION LAW?
4.1. You have various rights under data protection laws which you can exercise by contacting us. The easiest way to do this is by email at firstname.lastname@example.org.
4.2. You have various other rights under applicable data protection laws, including the right to:
4.2.1. access your personal data (also known as a “subject access request”);
4.2.2. correct incomplete or inaccurate data we hold about you;
4.2.3. ask us to erase the personal data we hold about you;
4.2.4. ask us to restrict our handling of your personal data;
4.2.5. ask us to transfer your personal data to a third party;
4.2.6. object to how we are using your personal data; and
4.2.7. withdraw your consent to us handling your personal data.
4.3. You also have the right to lodge a complaint with your relevant supervisory authority, you can find which one applies to you here.
5. DATA STORAGE, RETENTION & DELETION
5.1. We will only retain your Personal Data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or legal requirements.
5.2. In some circumstances (such as for product analysis purposes) we may anonymise your Personal Data so that it can no longer be associated with you for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
6. WHERE DO WE STORE YOUR DATA?
6.1. We will store the data we receive from you in the UK. but will share your data with third parties who support the running of our Site and manage your payments.
6.2. Whenever we transfer your Personal Data outside of the UK or EEA including to Stripe and Klarna for the purposes of managing your payment, we ensure it receives additional protection as required by law. To keep this Policy as short and easy to understand as possible, we have not set out the specific circumstances when each of these protection measures are used. You can contact us at email@example.com for the details as to how we protect specific transfer of your Personal Data.
7.1. In some instances, we may use your Personal Data in order to better understand your preferences and to provide customised products or services to you. However, we do not make any decisions based solely on automated processing of such data, which either produce legal effects that concern you or similarly significantly affect you.
8. UPDATES TO THIS POLICY
8.1. We may update this Policy from time to time. We will do so by updating our Policy on the Site but will obtain your consent to any changes if and where this is required by applicable data protection laws.
8.2. You can see when this Policy was last updated by checking the “last updated” date displayed at the top of this Policy.
9. HOW TO CONTACT US
9.1 If you have any questions or concerns about our use of your Personal Data, please contact us via email at firstname.lastname@example.org.
We value your privacy and the information you consent to share in relation to our SMS marketing service. We use this information to send you text notifications (for your order, including abandoned checkout reminders), text marketing offers, and transactional texts, including requests for reviews from us.