This policy sets out the basis on which personal information about you may be collected and used when you use our website (whether browsing or making a purchase), http://www.clubllondon.com or http://www.clubllondon.us (the “Site”)(regardless of where you visit it from), and on our mobile application, register an account with us, and interact with us on Club L London’s official Facebook, Instagram, Twitter, YouTube [and other social accounts] (“Social Media”). This policy also tells you about your privacy rights and how the law protects you.
By using the Site and applications, registering an Club L London Account and interacting with our Social Media you are accepting and consenting to the terms of this policy.
Club L (Retail) Ltd (company number 934204839) is the owner and operator of the site and the relevant accounts on the Social Media and shall in these terms be referred to as “we”, “us”, “our” and “Club L London”.
We reserve the right to amend these Terms from time to time. The Terms were most recently updated on 21st of August 2020.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
For all services, the data controller (the company responsible for your privacy) is Club L (Retail) Ltd.
We have appointed a data privacy manager (DPM) who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the DPM using the details set out below.
Name of Legal Entity: Club L (Retail) Ltd
Name or Title of DPM: Kirsty Duncan
Email Address: email@example.com
Postal Address: Lower Ground Floor, Carvers Warehouse, 77 Dale Street, Manchester M1 2HG
Should you have any concerns, we would appreciate the chance to deal with them in the first instance. If you would like to speak to us in relation to any concerns you have, please contact us by email at firstname.lastname@example.org
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk).
When you visit, register or order products or services on Club L London you may be asked to provide certain information about yourself including your name, contact details and credit or debit card information. We do not store credit or debit card details.
If you contact us, we may keep a record of that correspondence.
Details of your visits to our site including, but not limited to, traffic data, location data, weblogs, operating system, browser usage and other communication data, whether this is required for our own billing purposes or otherwise and the resources that you access.
Data collected in the UK is held in accordance with the Data Protection Act. All reasonable precautions are taken to prevent unauthorised access to this information. This safeguard may require you to provide additional forms of identity should you wish to obtain information about your account details.
We only use Your personal Information for the following purposes:
- Processing Your Orders and tracking safe delivery to You;
- For statistical purposes to improve this Website and its services to You;
- To administer this Website;
- Other use by Us to which You agree when asked on this Website
When you purchase something from our store, as part of the buying and selling process, we collect the personal information you give us such as your name, address and email address.
When you browse our store, we also automatically receive your computers internet protocol (IP) address in order to provide us with information that helps us learn about your browser and operating system.
Email marketing (if applicable): With your permission, we may send you emails about our store, new products and other updates.
How do you get my consent?
When you provide us with personal information to complete a transaction, verify your credit card, place an order, arrange for a delivery or return a purchase, we imply that you consent to our collecting it and using it for that specific reason only.
If we ask for your personal information for a secondary reason, like marketing, we will either ask you directly for your expressed consent, or provide you with an opportunity to say no.
How do I withdraw my consent?
If after you opt in, you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at anytime, by contacting us at email@example.com.
Your Personal Information may be disclosed to other businesses within the group of which We are a part and to reputable third party contractors engaged by Us to perform a variety of functions such as processing Your Orders, assisting with promotions or providing technical services for Our Websites. e.g. When arranging for a courier company to deliver goods that you have ordered.
We require all such third parties to treat Your Personal Information as fully confidential and to fully comply with all applicable UK Data Protection and consumer legislation.
You should be aware that if We are requested by the police or any other regulatory or government authority investigating suspected illegal activities to provide your Personal Information and/or User Information We are entitled to do so.
Our store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you.
Your data is stored through Shopify's data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall.
Payment: If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express.
PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
For more insight, you may also want to read Shopify's Terms of Service (https://www.shopify.com/legal/terms) or Privacy Statement (https://www.shopify.com/legal/privacy).
In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.
However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.
For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.
In particular, remember that certain providers may be located in or have facilities that are located a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.
Links: When you click on links on our store, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
The transmission of information via the internet is not completely secure. We will do our best to protect your personal data, we cannot guarantee the security of your data transmitted via our Site and Social Media; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We use a trusted third-party payment processing service to process your payment to us and we do not store your credit/debit card information.
We use secure socket layer software (SSL) to encrypt personal information that you provide via your registered account on our Website (including your payment details). This technology prevents you from inadvertently revealing personal information using an unsecure connection. Our Website is certified with an SSL certificate, which verifies that our Website is secure.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
SECTION 9 - CLEARPAY
You may choose to restrict the collection or use of your personal information in the following ways:
- Access to information:
You may request details of personal information which we hold about you under the data protection laws. If you would like a copy of the information held about you please email firstname.lastname@example.org. Any access request will usually be free of charge. We will endeavour to provide information in a format requested but this cannot be guaranteed, but we may charge you a reasonable fee for additional copies.
- Correction of information:
If you believe that any information we are holding on you is incorrect or incomplete, please email email@example.com. We will correct any information found to be incorrect.
- Deletion of information:
You have the right to request that your personal data be deleted; including if we no longer need it for the purpose we collected it, or you withdraw your consent.
Following such a request we will erase your personal data without undue delay unless continued retention is necessary and permitted by law. If we made the personal data public, we will take reasonable steps to inform other data controllers processing about your erasure request.
Consequences of Deletion
You may no longer be able to receive, or query historic receipt of, marketing from Club L London or its marketing partners.
Club L London may no longer be able to provide information on historical purchases, including the fulfilment of orders, processing of returned products and refunds, or the support of payment queries and fraudulent claims.
Deletion is irreversible. Please consider the above consequences before requesting the deletion of any data.
Object to Processing
You have the right to object to us processing your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Restriction on processing
You have the right to request that we suspend processing your personal data, but hold it for you, in the event the personal data we hold is inaccurate, the processing is unlawful or we no longer need the personal data. Once the processing is restricted, we will only continue to process your personal data if you consent or we have another legal basis for doing so.
You have the right to receive a copy of your personal data which you gave to us. The copy will be provided in a commonly used and machine-readable format. You can also have it transmitted directly from us to another data controller, where technically possible.
How to Exercise Your Rights
If you wish to exercise any of the rights set out above, please contact us.
No fee usually required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
Withdraw consent at any time
You may withdraw your consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so. We may use your personal information to send you promotional information about third parties which we think you may find interesting if you tell us that you wish this to happen. If requested, we will transfer all, or elements of, your data to other service providers (where applicable).
Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.