1.2 Capitalised terms used herein but not otherwise defined shall have the meaning given in the terms and conditions that can be found at https://www.editsuits.com/terms-conditions. Other capitalised terms specific to this Policy are defined at clause 17.
1.3 The Website is not intended for Children and we do not knowingly collect Personal Data relating to Children.
2. DATA CONTROLLER
2.2 Edit Suits Pte. Ltd. is the Data Controller in respect of Personal Data collected and processed about you and remains fully committed to the protection of your privacy at all times.
2.3 The information contained in this Policy has been published to inform you of the way in which any Personal Data you provide to us or we collect from you will be used. Please read this information carefully so that you understand how we treat such Personal Data.
2.4 We will collect, store, use and disclose Personal Data in accordance with the Data Protection Legislation.
3. THE INFORMATION WE COLLECT AND HOW WE USE IT
3.1 We collect Personal Data from you either when you are a prospective customer (e.g. filling in our “Fit Finder” or “Albert”) or once you become a customer.
3.2 Our “Fit Finder” uses an optional input for ethnicity, which is a statistically significant input that helps us determine the best sizing. You do not have to provide this information, though it materially improves our ability to choose the best sizing for you. In accordance with Article 9 of GDPR, ethnicity is “special category data”. We meet the requirement of “statistical usage” with regards to our usage of this Personal Data.
3.3 In order to fulfil your Order and any future customer service requests, we need to know certain Personal Data which we will collect at the time of Order. The Personal Data we hold will consist of but may not be limited to the following: title; name; address; mailing preference flags such as ‘do not mail’; Products purchased from us in the past (including their size and cost); telephone number, if offered to us (this will only be used for matters relating to your Order); email address; and where we believe you heard about us from.
3.4 We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your Personal Data but is not considered Personal Data in law as this data is anonymised and cannot directly or indirectly reveal your identity. For example, we may aggregate Personal Data relating to your usage of the Website to calculate the percentage of users accessing a specific Website feature. However, if we combine or connect Aggregated Data with your Personal Data so that it can directly or indirectly identify you, we treat the combined data as Personal Data which will be used in accordance with this Policy.
3.5 Credit card details are encrypted after data entry and are not stored on our systems after use.
3.6 It is our policy that your information is private and confidential. Accordingly, the Personal Data you provide to us is stored in a secure location, kept within the EEA, and is accessible only by designated staff.
3.7 We will only use your Personal Data when the law allows us to. Most commonly, we will use your Personal Data in the following circumstances:
(a) where we need to perform the contract we are about to enter into or have entered into with you;
(b) where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests; and
(c) where we need to comply with a legal obligation.
3.8 We also collect Personal Data because it is necessary for the pursuit of our legitimate interests. Our legitimate interests are set out below:
(a) direct marketing;
(b) understanding our customers’ wishes and shopping preferences; and
(c) improving our Website, Services and Products.
4. HOW WE USE YOUR PERSONAL DATA FOR DIRECT MARKETING & HOW TO MANAGE YOUR MARKETING PREFERENCES
4.1 We may collect your email address, name and Order details so that we can tailor our communications with you and send you relevant offers and news via email or, sometimes, by posting you our latest catalogue.
4.2 We gather statistics around email opening and clicks using industry standard technologies, including clear gifs to help us monitor and improve our e-newsletter.
4.3 If at any time you wish to opt out of receiving our catalogues and/or emails, click the unsubscribe button at the bottom of any marketing email, or email us at firstname.lastname@example.org.
4.4 We also advertise on digital platforms, such as Facebook, Instagram, Google and Twitter. We use these platforms to reach you and people like you with relevant, targeted offers and updates from us. To turn off targeted ads on any of these platforms, please see the individual privacy settings for each company.
5. HOW WE USE YOUR PERSONAL DATA TO UNDERSTAND OUR CUSTOMERS’ WISHES AND SHOPPING PREFERENCES
5.1 Our communications are designed to tell you about the benefits we can offer so that you have access to our best deals.
5.2 We use the Personal Data we have about you to tailor the content and try to ensure that the offers are as relevant to you as possible. Under the Data Protection Legislation, this may in some circumstances qualify as “profiling”.
5.3 If you do not wish us to use your Personal Data for this purpose, please email us at dpo.
6. HOW WE USE YOUR PERSONAL DATA TO IMPROVE OUR WEBSITE, SERVICES AND PRODUCTS
6.1 We use Freshdesk as our customer service software platform, which means that, if you raise a customer service ticket with us or return any Product, we store your contact and Order details in Freshdesk. If at any time you wish this information to be removed, erased or not used in any such way, please make this clear in the feedback you provide us with, or email us at email@example.com.
6.2 We may, from time to time, send you a quick survey about your experiences with us or more broadly about your shopping behaviour using Asknicely or other providers. We store this information against your profile so we can better understand our customers and use this insight to improve our Website, Services and Products.
7. DATA PROCESSORS
7.1 We work with a number of trusted suppliers, agencies and businesses in order to provide you with the highest quality Products and Services you expect from us e.g. delivery companies, our third party logistics partner, and product technicians amongst others.
7.2 Some of the categories of third parties with whom we share your Personal Data are:
(a) business partners, suppliers and subcontractors for the performance of any contract we enter into with you;
(b) advertisers and advertising networks that require the data to select and serve relevant adverts to you; and
(c) analytics and search engine providers that assist us in the improvement and optimisation of our Website.
7.3 If we are under a duty to disclose or share your Personal Data in order to comply with any legal obligation, or in order to enforce or apply the terms of any agreement or policy to which we are a party, or to protect the rights, property, or safety of us, our customers, or others, we will do so. This may include exchanging information with other companies and organisations for the purposes of fraud prevention.
8. STORAGE AND DATA TRANSFERS
8.1 For the reasons set forth in this Policy, the Personal Data that we collect may be transferred to and stored or otherwise processed by our holding company, corporate affiliates, subsidiaries, and service providers outside of the UK and the EEA, including (but not limited to) in Singapore and the United States.
8.2 We also transfer Personal Data to service providers that process Personal Data for us in the United States and other locations (as an example, Digital Ocean and Amazon Web Services process information for us in various data center locations, including those listed at https://aws.amazon.com/about-aws/global-infrastructure/)
8.3 While in another jurisdiction for processing, your Personal Data may be accessed by the courts, law enforcement, and national security authorities of that jurisdiction. These jurisdictions may not provide the same level of data protection as your home jurisdiction and may not be considered by the European Commission to offer adequate protections for Personal Data.
8.4 By using our Services and/or the Website or otherwise providing us with Personal Data, you consent to the processing and storage of your Personal Data outside of your jurisdiction.
8.5 We ensure, with the signature of Standard Contractual Clauses adopted by the European Commission, that Personal Data transferred outside the EEA and Switzerland is maintained with at least the same level of security and protection for Personal Data that is required under applicable law.
9. HOW LONG WE KEEP YOUR PERSONAL DATA
9.1 If a customer has not visited our Website, purchased from us or opened an email from us in the last 18 months, then we will unsubscribe them from our mailing list. If the customer has not purchased for six years we will redact their transactional data. Six years has been selected as this aligns to our requirements for tax purposes.
10. YOUR RIGHTS
10.1 You have various rights under the Data Protection Legislation. These include:
(a) the right to ask us not to process your Personal Data for direct marketing purposes, even if you have given consent;
(b) if our processing is based on your consent, the right to withdraw any consent you may have given for our processing of your Personal Data – if you exercise this right, we will be required to stop such processing if consent is the sole lawful ground on which we are processing that Personal Data;
(d) the right to ask us for access to the data we hold about you and how we use it;
(e) the right to ask us to rectify any data that we hold about you that is inaccurate or incomplete;
(f) the right to ask us to delete your data in certain circumstances;
(g) the right to ask us to restrict our processing of your Personal Data in certain circumstances;
(h) the right to object to our processing of your data in certain circumstances; and
(i) the right to data portability to electronically move, copy or transfer your Personal Data in a standard form in certain circumstances.
10.2 You can exercise any of the rights set out above by contacting dpo. In respect of certain of the rights referred to above, we may need more information from you, e.g. to provide further information in order to confirm your identity.
10.3 If you do not want to receive promotional e-mail from us, please click the Unsubscribe button in the e-mail footer.
10.4 You may also lodge a complaint with the UK data protection regulator, the Information Commissioner, should you be dissatisfied with the way we handle your Personal Data.
11.1 We will seek to act in the best interests of our customers and will not abuse our position of Data Controller.
11.2 We wish to be as clear and transparent as possible and uphold any requests for Personal Data disclosure or amendment as soon as possible.
11.3 Due to the nature of Personal Data and catalogue printing, when an amendment is made to Personal Data it may take up to six weeks for it to become effective, although we will do everything possible to ensure this time delay is kept to a minimum.
12. CREDIT CARD SECURITY
12.1 We take the security of our customers’ payment information very seriously and this includes credit card information. On our website at checkout, you are taken to a secure page and should always see a closed padlock beside the URL address or at the top/bottom of your browser window. If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS).
12.2 Your purchase transaction data is stored for as long as is necessary to complete your purchase transaction. After that is complete, only the last 4 digits of your card is kept, in order to respond to customer queries in the event of a payment / refund query.
12.3 All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
12.4 To learn more, you may also want to read Shopify’s Terms of Service or Privacy Statement.
13. CALIFORNIA CONSUMER PRIVACY ACT (“CCPA”)
13.1 Whilst we may process Personal Data (referred to as “personal information” in CCPA) about residents of the US state of California, we do not fall within the scope of CCPA because we do not process personal information about a sufficient number of residents.
14. COMPLIANCE WITH EU REPRESENTATIVE RULES
14.1 In compliance with the requirements of GDPR for a business located in a third country to have appointed an EU representative for GDPR purposes, we have appointed the following EU representative:
Name: Buckworths (Ireland) Limited
Registered address: Buckworths (Ireland) Limited, c/o Workhub 77 Lower Camden Street, Dublin, D02 XE80
16. CHANGES TO THIS POLICY
16.1 If at any time we make a change to this Policy, we will update this page to reflect such change.
16.2 We may email you to notify you of changes but recommend you check this page periodically to ensure you remain happy with the latest version.
17. DEFINED TERMS
17.1 The below capitalised terms shall have the following meanings:
Aggregated Data: means Personal Data that has been combined with other Personal Data and amended to the extent that it no longer contains any identifying information and thus, no longer constitutes Personal Data.
Children: has the meaning given to it in the Data Protection Legislation.
Data Controller: the natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any Personal Data are, or are to be, processed as outlined in the Data Protection Legislation.
Data Protection Legislation: all applicable data protection and privacy legislation in force from time to time in the UK including the General Data Protection Regulation ((EU) 2016/679); the Data Protection Act 2018; the Privacy and Electronic Communications Directive 2002/58/EC (as updated by Directive 2009/136/EC) and the Privacy and Electronic Communications Regulations 2003 (SI 2003/2426) as amended.
GDPR: the General Data Protection Regulation ((EU) 2016/679).
Personal Data: has the meaning given to it in the Data Protection Legislation.
18. QUESTIONS OR CONCERNS
18.1 If you have any concerns about material which appears on our Website, please contact us by email at: firstname.lastname@example.org.
18.2 You can also contact us in writing at: Edit Suits Co., 54 Bow Lane, 3rd Floor, London EC4M 9DJ, United Kingdom.