We are DenimOnly® (referred to as ‘we’ throughout this policy).
This Policy explains the types of person data we may collect about you when you interact with us. It also explains how we’ll store and handle that date and keep it safe. It sets out how we intend to use your information, who we may share it with, what rights you have about use of your information and how you can control what personal information we collect from you.
This notice is applicable when you order from us, contact us by email or phone, browse our website, complete a survey, create an online account, enter a competition, subscribe to any marketing or engage with us on social media.
If you have any questions about the information stated then please email: firstname.lastname@example.org
We may collect the below information about you:
- Your name, gender and age / date of birth
- Your contact details, including your billing and delivery addresses, telephone numbers and email addresses.
- Purchases and orders made by you and how you paid for them
- A limited amount of payment card information
- Which device and internet browser or application you used to place an order with us or browse our website, including your IP address
- Your marketing preferences
- Your survey responses, comments, interests and feedback
- Your location
- Your communications and correspondence with us
- Any data you make publicly available, such as your social media handle or other information you may share on public social media platforms and any other public platforms
In many instances you are providing data and information you knowingly provide to us, for example when you place an order, you provide us your shipping and billing address, phone number and email address. Another example being when you contact us, we have records of what you wrote to us, and we also have the contact details you provide that enable us to reply to you.
In some cases we may collect additional data that is available publicly, to help with market research and to improve our business.
In rare cases, we may request additional data from you such as forms of ID, to prevent fraud and suspected illegal activities.
General uses of your data
- To process any orders that you make by using our website, a third party app (such as facebook shopping) or in store. If we don’t collect your personal data during checkout, we won’t be able to process your order and comply with our legal obligations
The most common example is the delivery courier, who needs to know your address and some other details to deliver your order to you. For example, your details may need to be passed to a third party to deliver the product or service that you ordered, and we may keep your details for a reasonable period afterwards in order to fulfil any contractual and legal obligations we have.
- To respond to your queries, refund requests and complaints. We may keep a record of past correspondence / communication and any future correspondence / communication. We do this on the basis of our contractual obligations to you, our legal obligations and our legitimate interests in providing you with the best service possible.
- To verify your identity for crime and fraud prevention and fraud detection
Your data may be passed to your bank from one of our payment providers, and your bank then confirm whether or not they think it is you using your credit or debit card. We do this to prevent fraud and theft. This is called 3D secure.
- To provide goods and services to you including updates about your order
- For research and development, to improve our products and services and better understand what you want
- To comply with any legal rights or duties we have that may need us to disclose your information
For example, when a public or legal authority requests this information from us. This could be in relation to fraudulent activities or other suspected illegal activity.
- To manage any accounts you hold with us
- To administer any of our prize draws or competitions which you enter
- To send you communications required by law or which are necessary to inform you about our changes to the services we provide you Marketing and promotions
Direct promotional communications
We want to bring you offers and promotions that are most relevant to your interests at particular times. We may send you texts, emails and postal mail to update you on these offers, promotions and events.
As always, you can opt out of this form of marketing by following the below steps. However, this may not stop us communicating with you if you in ways such as order updates and returns department correspondence.
- You can opt out of text message marketing by replying ‘STOP’ to any promotional text messages
- You can opt out of email marketing by using the ‘UNSUBSCRIBE’ button that is at the bottom of every promotion email we send
- You can opt out of postal, email and text message marketing by contacting us at email@example.com
Automated marketing and other advertisements
After you have visited our website and/or browsed a number of products, you may then see online marketing banners or advertisements on some other websites that allow these adverts to be displayed.
We use trusted external advertising agencies that use pixels, cookies and other technology to provide us with advertising services including re-marketing and automated marketing.
We may also analyse your purchase history with us to serve you with the best possible product recommendations and services. For example, if you are subscribed to our email marketing, you may receive an automated email that’s relevant to you and products you might like. You can unsubscribe from these emails using the above instructions under the direct promotional communications header.
Sometimes we share your data with trusted third parties. For example, delivery couriers and applications we utilise on our website that help your overall experience with us.
Here’s the policy we apply to organisations, to keep your data safe and protect your privacy:
- We provide only the information they need to perform their specific services, such as your email address to send you a shipping update
- They may only use your data for the exact purposes we specify in our contract with them
- We work closely with them to ensure that your privacy is respected and protected at all times
- If we stop using their services, any of your data held by them will either be deleted or rendered anonymous
The main examples of the kind of third parties we work with are:
- IT companies who support our website and other business systems
- Operational companies such as delivery couriers
- Direct marketing companies who help us manage our electronic communications with you
- Google / Facebook and other websites across the internet to show you products that might interest you while you’re browsing. This is based on either your marketing consent or your acceptance of cookies on our websites.
- Data insight companies to ensure your details are up to date and accurate
We may also share your data with other trusted third parties, such as:
- Business purchasers and acquisition, marketing and business advisors / agencies, investors or banks
- Solicitors and other legal advisors or crime prevention agencies
- Payment providers such as Worldpay or PayPal
- Government bodies and law enforcement agencies, insurers or courts when we are required to do so
- For the protection of our customers or employees and directors
We will never share your data with third parties for their own purpose. We only share data with trusted third parties that assist us in providing you with our goods and services or help us market and improve our business.
The law on data protection sets out a number of different reasons for which a company may collect and process your personal data, including:
- In specific situations, we can collect and process your data with your consent. You have the right to withdraw from these forms of marketing at any time.
For example, when you tick a box to receive email newsletters in the form of direct marketing.
- In certain circumstances, we need your personal data to comply with our contractual obligations for the purpose of complying with our duties and exercising our rights under a contract or the sale of goods or services to a customer.
For example, if you order an item from us for delivery, we’ll collect your address details to deliver your purchase, and pass them to our courier.
-If the law requires us to, we may need to collect and process your data.
For example, we can pass on details of people involved in fraud or other criminal activity to law enforcement or government agencies. This helps protect our customers and employees.
- In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests.
These specific situations include: Marketing and advertising our products and services, selling and supplying goods and services to our customers, understanding customers specific needs and preferences, improving existing products, protecting customers and employees while maintaining their health and welfare, preventing and investigating crime, handing customer contacts and queries, fulfilling our duties to shareholders or to customers and investors.
We know how much data security matters to all our customers. With this in mind we will treat your data with the utmost care and take all appropriate steps to protect it.
We secure access to all transactional areas of our websites and apps using ‘https’ technology.
Access to your personal data is password-protected, and sensitive data such as payment card information is not visible to anyone at Denim Only® Ltd, therefore we are unable to take orders over telephone.
We regularly monitor our system for possible vulnerabilities and attacks, and we carry out penetration testing to identify ways to further strengthen security.
Whenever we collect or process your personal data, we’ll only keep it for as long as is necessary for the purpose for which it was collected. At the end of that retention period, your data will either be deleted completely or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.
Some examples of customer data retention periods:
When you place an order, we’ll keep the personal data you give us so we can comply with our legal and contractual obligations.
Some of these require us to keep you data, such as your address, name and contact details for a certain period of time. We will not keep your data for longer than we need to or are legally obliged to.
Sometimes we will need to share your personal data with third parties and service providers outside the European Economic Area (EEA), such as Australia or the USA. This is done so under data protection laws.
If you are based outside the UK and place an order with us, we will transfer the personal data that we collect from you to us, Denim Only® Ltd, here in the UK.
Protecting your data outside the EEA
The EEA includes all EU Member countries as well as Iceland, Liechtenstein and Norway. We may transfer personal data that we collect from you to third-party data processors in countries that are outside the EEA.
For example, this might be required in order to fulfil your order, process your payment details or provide support services.
If we do this, we have procedures in place to ensure your data receives the same protection as if it were being processed inside the EEA. For example, our contracts with third parties stipulate the standards they must follow at all times.
Any transfer of your personal data will follow applicable laws and we will treat the information under the guiding principles of this Privacy Notice.
You should always be careful when sharing any personal data online. We will never ask you to confirm bank account login details or full account details. See below for information how you can further protect your data:
- Keep all passwords private to avoid anyone other than yourself accessing your accounts
- If you login or shop on a public computer, we suggest you use a private browsing window, do not save any passwords or details and always log out when you have finished
- Avoid using the same passwords for different online accounts
- Always check with us if you are unsure of anything, you can contact customer support at firstname.lastname@example.org
You have the right to request:
- Access to the personal data we hold about you, free of charge in most cases
- The correction of your personal data when incorrect, out of date or incomplete
- For example, when you withdraw consent, or object and we have no legitimate overriding interest, or once the purpose for which we hold the data has come to an end
- That we stop using your personal data for direct marketing (either through specific channels, or all channels)
- That we stop any consent-based processing of your personal data after you withdraw that consent
- Review by a Partner of any decision made based solely on automatic processing of your data (i.e. where no human has yet reviewed the outcome and criteria for the decision).
You have the right to request a copy of any information about you that we hold at any time, and also to have that information corrected if it is inaccurate. To ask for your information, please contact email@example.com
If we choose not to action your request we will explain to you the reasons for our refusal.
Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent.
Where we rely on our legitimate interest
In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.
You have the right to stop the use of your personal data for direct marketing activity through all channels, or selected channels. We must always comply with your request.
To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Notice. If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.
We hope this Privacy Notice has been helpful in setting out the way we handle your personal data and your rights to control it. We know it’s a lot of information, so if you have any questions, please contact us at firstname.lastname@example.org