1.3 This page was last updated on 23rd May 2018
2.1 We are your data controller for the purposes of the personal data we will collect.
2.2 NetherCream is a limited liability company registered in the United States of America.
2.3 If you wish to contact us in relation to this notice, please use the details found on the “Contact Us” section of our website.
3. THE PROCESSING
3.2 The table below sets out the personal data that we will collect, why we collect it, the legal basis on which we rely and how long we will keep it.
|Type of data||Reason we process it||Legal basis our processing||How long we keep it|
|User account data, including your name, address, your email address, a hashed password, your mobile phone number, and your order history.
Some of this data may be obtained from your social media account where you use that account to register on our website.
|• To administer your user account, if you create one.
• To fulfil your orders.
• To deal with any queries you have about your order and/or to process returns.
• To group your previous orders.
• If you create an account, to save your details for future orders, to make things easier for you on your next visit.
• To confirm your identity next time you visit.
• To recall defective products.
• To bring or defend legal claims.
• To effect product recalls, in the unlikely event that they are required.
• To prevent fraud.
|• It is necessary for the performance of our contract with you for the product or service that you order.
• Failure to provide this data may mean we are unable to fulfil your order, deal with your queries or process your returns (as the case may be).
• Our legitimate interest in (a) linking your orders to better understand what products you are interested in; (b) increasing sales by reducing the amount of data you submit each time you place an order; and (c) ensuring only you are able to access your account.
• Compliance with our legal obligations not to distribute unsafe products.
• Our legitimate interest in establishing, exercising or defending legal claims.
• Our legitimate interest in preventing loss through fraud.
|• Six years from the date your account was last used.|
|The details of any query, correspondence or complaint we receive from you.||• To deal with your queries and/or complaints.
• To bring or defend legal claims.
|• Where you have already purchased the relevant product: necessary to perform our contract with you.
• Where you have not yet purchased the product: necessary preparatory steps for entering into a contract with you for the products or services that you would like to order.
• Without this personal data, we would not be able to respond to your query, correspondence or complaint. Our legitimate interest in establishing, exercising or defending legal claims.
|• Six years from the date your account was last used.|
|The contents of your virtual shopping basket.||• To allow you to purchase items on our website.
• To retrieve your basket next time you visit, if you are logged in.
|• Necessary preparatory steps for entering into a contract with you for the products or services that you would like to order.
• Without this data we would not be able to take your order.
• Our legitimate interest in increasing ordering convenience for our users.
|• Two hours from last activity on our website.
• One year from the date of your last visit (but you can delete the cookie used to retrieve your basket at any time via your browser settings).
|Data relating to items you have saved, for instance the item, size and other product attributes.||• To provide our “saved items” functionality to you when you click “save item”.||• Necessary for the performance of an implied limited contract with you to save the items you have asked us to.
• Without this data we would not be able to offer you this functionality
|• Until the end of your website visit, or if you are logged in when you save the item, for 60 days from the date on which you saved it.|
|Your name and email address.||• To email you future eBooks where you have requested it.
• To send marketing material to you.
• To carry out market research on how our website is used, our user’s views, and what we could do better.
• To send marketing material to you.
• Our legitimate interest in marketing our products and services.
• Note: we rely on the “soft opt-in” exception under the Privacy and Electronic Communication Regulations 2003.
• Our legitimate interest in improving our website, products and services.
|• Until you withdraw your consent, unless we need this for another purpose.|
|Data relating to your visits to our website, for instance which pages you visited, how long you spent on them, the dates and times you visited, the searches you have made on our website, and whether you have “abandoned” a shopping cart.
Data which you volunteer to us when creating your account on our website.
Data obtained from a social media account you have linked to your account on our website (we may obtain this data at the time of registration or at a later date).
Your purchase history.
|• To understand how our customers, or certain categories of customers, use our website.
• To understand what products and services are most likely to be of interest to you, in order to tailor the emails you send you.
|• Our legitimate interest in understanding how our website is used in order to increase user satisfaction and improve its website.
• Our legitimate interest in increasing user satisfaction and sales.
|• Twenty six months from visit.
• Four years from your visit.
|Tracking technologies linked to your browsing session, e.g. cookies and tracking pixels.||• To display adverts to you on other websites, including social media networks, for products that we think you may be interested in (known as “re-targeting”).||• Our legitimate interest in increasing user satisfaction and sales.||• 90 days from the date that you visit.|
|Demographic information about you.||• In order to target you with display advertising based on your demographic information. Note: we do not have access to this information – the advertising platform, e.g. Facebook, allows us to select demographic criteria for our adverts. We will not however see who fits or is targeted by these demographic criteria.||• Our legitimate interest in marketing our products and services to persons most likely to be interested in them.||• As set by Facebook.|
|You email address.||• To create “look-a-like” audiences on advertising platforms, which share similar interests or demographics to all or a sample of our existing customers.||• Our legitimate interest in optimizing our marketing activities.||• We will only retain your email address for as long as we have a reason to, as set out above.|
|Data collected by our web servers, including your IP address, the type of device you are using and its operating system, the name of your ISP, the page you viewed and when you accessed it and the website from which you came.||• To maintain access logs for the purposes of technical troubleshooting and detecting potential security threats.||• Our legitimate interest in maintaining and securing our website and systems.||• Seven days from when you accessed our website.|
3.3 Where multiple retention periods apply to one category of data, the relevant retention period will be the longest one (although we will stop using that category of data for a purpose when the retention period for that purpose expires).
3.4 Where our legal basis for processing is:
(a) consent, you have the right to withdraw consent at any time (see the section titled “Withdrawing consent” below); or
(b) legitimate interests, you may have the right to object to our processing (see the section titled “Objecting to legitimate interests processing” below).
3.5 Other than the personal data set out above, we also collect certain non-personal data, which might derive from personal data. For instance we may keep statistical information and log data about number of visits to our website, or how visitors have navigated through our website, without keeping log information that is attributed to you. Unless it is impossible to re-identify you from this information, we will treat it as personal data.
4. WHERE WE OBTAIN YOUR PERSONAL DATA FROM
We obtain your personal data in the following ways:
4.1 directly from you, for instance where you sign up to our website, purchase something from us, communicate with us, or otherwise voluntarily providing personal data to us;
4.2 from your accounts on other website, where you give us permission to do so. For instance if you use Facebook or Twitter to log into our website, we may obtain some information from those websites;
4.3 automatically when you use our website. For instance:
(b) our web server automatically collects certain information about your use of our website, for instance some key settings on your device, what type of device you are using, the operating system on your device, the website from which you came and your IP address; and
4.4 from commercial organizations for the purposes of fraud prevention, and in some cases for the purposes of assessing whether we can provide you credit.
5. PERSONS WITH WHOM WE MAY SHARE YOUR DATA:
5.1 In general, access to your personal data will be restricted to those who have a need to access it in order to carry out their duties (for example our customer services team).
5.2 However, we will also share your personal data with the following external third parties in some circumstances:
(a) fraud prevention agencies or other third parties that assist us in preventing fraud or other forms of risk;
(b) regulators such as the ICO, and government authorities such as HMRC or the police, if we are required to do so by law or if the regulator or authority requests it and we regard that request as reasonable;
(c) our insurers, legal advisers or other third parties who need access to it in the context of managing, investigating or defending claims or complaints;
(d) in connection with re-organizations, mergers and acquisitions of all or part of our business;
(e) organizations that process your data on our behalf who are not allowed to use your data for any other purpose, for instance our web hosts and the companies we use to pick, pack and deliver your orders;
(f) other companies within our group, for instance where they provide us services; and
(g) where you have consented to do us doing so.
5.3 Where we share your personal data with our service providers, we have contracts with those service providers setting out how they must handle your personal data, including not to use your personal data other than in accordance with our instructions.
5.4 Where we have been able to full anonymize personal data, we may share that anonymized data with third parties, for instance to report to some of the brands about interest in their products.
6. TRANSFERS OUTSIDE OF THE EEA
6.1 In certain limited circumstances, we may export personal data outside of the European Economic Area for processing, and we may use third party service providers who do the same.
6.2 We only do that if there is a good reason to do it and where either:
(a) there are adequate safeguards in place (such as the appropriate contractual arrangements with suppliers, or adequacy decisions, depending on the destination country); or
(b) we are otherwise permitted by data protection law (for instance, where you consent or such transfer is necessary to provide our service to you).
7. OPTING-OUT FROM ELECTRONIC MARKETING
7.1 You can opt-out from electronic marketing sent by NetherCream by:
(a) by visiting our unsubscribe page;
(b) by following the unsubscribe link which we include at the bottom of all electronic marketing emails; or
8. OBJECTING TO/OPTING OUT OF/DISABLING FACEBOOK TARGETED ADVERTISING
8.1 You are able to opt-out of targeted adverts placed by us on the Facebook website by either changing your Facebook account settings or browser settings. Please see Facebook’s help page on the subject for more information.
9. OBJECTING TO/OPTING OUT OF/DISABLING GOOGLE ANALYTICS COLLECTION
9.1 You are able to disable Google Analytics data collection by installing the Google Analytics op-out browser add-on, available from Google’s Website.
10. OBJECTING TO OUR LEGITIMATE INTERESTS PROCESSING
10.1 Where we process your personal data on the basis of our legitimate interests for direct marketing purposes, you always have the right to object to that processing. To object to direct marketing, please follow the instructions for opting-out from electronic marketing immediately above.
10.2 Where we process your personal data on the basis of our legitimate interests, and the processing isn’t direct marketing, you have the right to object to other processing on the basis of our legitimate interests, but we might not have to cease processing where you do so if either:
(a) we are able to demonstrate compelling legitimate grounds for the processing which override your interests; or
(b) where that legitimate interest is the establishment, exercise or defense of legal claims.
To object to legitimate interests processing, please contact us using the details at the top of this notice.
11. YOUR RIGHTS (WITH EFFECT FROM 25 MAY 2018)
The law gives you certain rights in respect of the personal data that we hold, which you should be aware of:
11.1 You have the right to obtain your personal data from us except in limited circumstances. Where we provide it, the first copy will be free of charge, but we reserve the right to charge a small fee for additional requests;
11.2 You have the right to require us to rectify any inaccurate personal data we hold concerning you;
11.3 Taking into account the purposes of the processing, you may also have the right to have incomplete personal data completed, by means of providing a supplementary statement or otherwise;
11.4 You have the right to require us to erase your personal data on certain limited grounds (including where they are no longer necessary for the purpose for which they were collected or where we rely on consent, which you withdraw, and there is no other legal ground for the processing);
11.5 Where we process personal data either on the basis of consent or contractual necessity, you provided the personal data to us, and we process that personal data by automated means, you have the right to require us to give you your data in a commonly used electronic format;
11.6 You have the right to object to our processing of personal data which we process on the grounds of our legitimate interests, as detailed in the paragraph titled “objecting to our legitimate interest processing” above;
11.7 You have the right to require us to restrict the processing of your personal data on certain grounds, including where:
(a) you contest the accuracy of the personal data and want us to restrict processing of your personal data while we verify its accuracy;
(b) the processing is unlawful, but you request a restriction of the processing rather than erasure;
(c) we (as controller) no longer need the data for the purposes of the processing, but you have told us you require us to retain that personal data for you to establish, exercise or defend legal claims; or
(d) you have objected to us processing your personal data on grounds of legitimate interests and want us to restrict processing of your personal data while we consider your objection.
11.8 If you would like to exercise any of these rights, please contact us using the details set out at the top of this notice.
12. IF WE CAN’T REMEDY AN ISSUE YOU HAVE
Should you have any complaints or issue with our treatment of your personal data, you may lodge a complaint with the Information Commissioner’s Office (ico.org.uk).
13.2 We may use other technologies that allow us to do similar things where more appropriate to do so. For instance we may use “tracking pixels” which are tiny image files that are used to track your movements across our website.
13.3 There are four main types of cookies – here’s how and why we use them.
(a) site functionality cookies – these cookies allow you to navigate the site and use our features, such as “Add to Bag” and “Save for Later”.
(b) site analytics cookies – these cookies allow us to measure and analyze how our customers use the site, to improve both its functionality and your shopping experience.
(c) customer preference cookies – when you are browsing or shopping on our website these cookies will remember your preferences (like your language or location), so we can make your shopping experience as seamless as possible, and more personal to you; and
(d) targeting or advertising cookies – these cookies are used to deliver ads relevant to you. They also limit the number of times that you see an ad and help us measure the effectiveness of our marketing campaigns.
13.4 By using our site, you agree to us placing these sorts of cookies on your device and accessing them when you visit the site in the future. If you want to delete any cookies that are already on your computer, the “help” section in your browser should provide instructions on how to locate the file or directory that stores cookies. Further information about cookies can be found at https://ico.org.uk/for-the-public/online/cookies/.
13.5 Please note that by deleting or disabling future cookies, your user experience may be affected and you might not be able to take advantage of certain functions of our site, and the complete NetherCream user experience that we pride ourselves on providing our customers.