- 1. GENERAL
Serena Bute Limited, operating as Serena Bute London, (“we” “us” “our”) is committed to protecting and respecting your privacy. For the purposes of data protection legislation, we are the data controller and we will process your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 and national laws which relate to the processing of personal data. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
2. VISITORS TO OUR WEBSITE
2.1 We may collect and process personal data about you in the following circumstances:
2.1.1 when you complete forms on our website (“Site”). This includes your email address, name, contact telephone number, address, which is provided at the time of purchasing a product, subscribing to our newsletters, requesting further information;
2.1.2 whenever you provide information to us when reporting a problem with our Site, making a complaint, making an enquiry or contacting us for any other reason. If you contact us, we may keep a record of that correspondence;
2.1.3 details of your visits to our Site including, but not limited to, traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise, and the resources that you access (see section 2.2.2 on Cookies below); and
2.1.4 whenever you disclose your information to us, or we collect information from you in any other way, through our Site.
2.2 We may also collect data in the following ways:
2.2.1 We may collect information about your device, including where available your Internet Protocol address, for reasons of fraud protection. We may also collect information about your device’s operating system and browser type, for system administration. This is statistical data about our users' browsing actions and patterns, and does not identify any individual. We use Google Analytics to track this data, find out more about how Google Analytics tracks data here.
2.3 We may use your personal data for the legitimate interests of Serena Bute London in order to:
2.3.1 provide you with information, or services that you requested from us;
2.3.2 ensure that content from our Site is presented in the most effective manner for you and for your device;
2.3.3 improve our Site and services;
2.3.4 process and deal with any complaints or enquiries made by you; and
2.3.5 contact you for marketing purposes where you have signed up for these (see section 4 for further details).
Our Site may, from time to time, contain links to and from the websites of third parties. Please note that if you follow a link to any of these websites, such websites will apply different terms to the collection and privacy of your personal data and we do not accept any responsibility or liability for these policies. Please check before you submit your information to these websites.
3.1 We will collect details such as your email address, name, contact telephone number, address, bank details when you order goods or services from us either via our Site, by email, facsimile, post, electronic data links, by telephone, if you complete an order/transaction form. We will use this information to process your order and comply with our contractual obligations.
3.2 In order to perform our contract with you, we may also need to share personal data with third parties such as payment providers, sub-contractors, suppliers, hauliers and postal service organisations to assist in the delivery of goods or services you have ordered;
3.3 We may also advertise your feedback on our website and marketing materials (subject to obtaining your prior consent where necessary);
3.4 We will retain your information as long as we require this to provide you with the goods or services ordered from us and for a period of 7 years afterwards. Where you have subscribed to receive marketing correspondence from us we will keep personal data 7 years from when you are provided with the opportunity to opt-out of receiving marketing correspondence from us.
4.1 In addition to the uses described in sections 1-3 above, we may use Customer personal data for our legitimate interests in order to provide you with details about our goods, services, business updates and events which we think may be of interest. We use Mailchimp to facilitate our marketing communications.
4.2 If you are not an existing Customer but you invite us to provide information about our goods/services, we may collect your email address, name, contact telephone number and address for the purposes of providing you with information about our goods and services or offers. We will retain such data for a period of 3 years from the point at which you provide us with your data, unless you place an order with us in which case 3.4 above will apply.
4.3 You have the right to opt-out of receiving the information detailed in section 4.1 at any time. To opt-out of receiving such information you can:
4.3.1 clicking the unsubscribe button contained in any such communication received; or
4.3.2 email us at firstname.lastname@example.org providing us with your name and contact details.
5. AUTOMATED PROCESSING
5.1 We may use information regarding past purchasing patterns and engagement with our marketing in order for us to tailor our marketing material to your specific behaviour and activities. We use Mailchimp to monitor the emails which we send to users. In doing this we obtain information such as but not limited to:
- Time of receipt
- Time of opening
- Device user opened with
- Location it was opened in
- Which parts of the email you interacted with.
5.2 We use systems that enable us to link your social media accounts to your account if registered with the same email address. This enables us to tailor our promotions and products as best as possible.
5.3 Where you have provided us with a mobile number and consent to do so we may market to you using SMS and Push notification interactions.
5.4 Our systems are set up to enable us to record your purchasing history with us so that we can determine what offers or informational emails or mailings may be of interest to you.
6. LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA
6.1 In accordance with data protection legislation we are required to notify you of the legal basis upon which we process your personal data. We process your personal data for the following reasons:
6.1.1 for performance of a contract we enter into with you;
6.1.2 where necessary for compliance with a legal obligation we are subject to; and
6.1.3 for our legitimate interests (as described within this policy).
7. DISCLOSURE OF PERSONAL DATA to third parties
7.1 We may disclose your information to third parties for the following legitimate interests:
7.1.1 to staff members, suppliers, contractors and hauliers in order to facilitate the provision of goods, services or product information to you;
7.1.2 to our affiliated entities to support internal administration;
7.1.3 IT software providers that host our website and store data on our behalf; and
7.1.4 to a prospective buyer of some or all of our business or assets, in which case personal data including personal data will also be one of the transferred assets.
7.2 We may disclose personal data to the police, regulatory bodies, legal advisors or similar third parties where we are under a legal duty to disclose or share personal data in order to comply with any legal obligation, or in order to enforce or apply our website terms and conditions and other agreements; or to protect our rights, property, or safety of our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
7.3 We will not sell or distribute personal data to other organisations without your approval.
8. CROSS-BORDER DATA TRANSFERS
8.1 We will not transfer your personal data outside the European Economic Area.
9. DATA SECURITY
9.2 Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your information transmitted to our Site; any transmission is at your own risk.
9.3 Information you provide to us is shared on our secure servers. We have implemented appropriate physical, technical and organisational measures designed to secure your information against accidental loss and unauthorised access, use, alteration or disclosure. In addition, we limit access to personal data to those employees, agents, contractors and other third parties that have a legitimate business need for such access.
10. ACCESS TO, UPDATING, DELETING AND RESTRICTING USE OF PERSONAL DATA
10.1 It is important that the personal data we hold about you is accurate and current. Please keep us informed if the personal data we hold about you changes.
10.2 Data protection legislation gives you the right to object to the processing of your personal data in certain circumstances or withdraw your consent to the processing of your personal data where this has been provided. You also have the right to access information held about you and for this to be provided in an intelligible form. If you would like a copy of some or all of your personal information, please send an email to: email@example.com.
10.3 You can also ask us to undertake the following:
10.3.1 update or amend your personal data if you feel this is inaccurate;
10.3.2 remove your personal data from our database entirely;
10.3.3 send you copies of your personal data in a commonly used format and transfer your information to another entity where you have supplied this to us, and we process this electronically with your consent or where necessary for the performance of a contract; or
10.3.4 restrict the use of your personal data.
10.4 We may request specific information from you to help us confirm your identity and your right to access, and to provide you with the personal data that we hold about you or make your requested changes. Data protection legislation may allow or require us to refuse to provide you with access to some or all the personal data that we hold about you or to comply with any requests made in accordance with your rights referred to above. If we cannot provide you with access to your personal data, or process any other request we receive, we will inform you of the reasons why, subject to any legal or regulatory restrictions.
10.5 Please send any requests relating to the above to firstname.lastname@example.org specifying your name and the action you would like us to undertake
11. RIGHT TO WITHDRAW CONSENT
Where you have provided your consent to the collection, processing and transfer of your personal data, you have the legal right to withdraw your consent under certain circumstances. To withdraw your consent, if applicable, please contact us at email@example.com
Our store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you.
Your data is stored through Shopify’s data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall.
If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover.
PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
For more insight, you may also want to read Shopify’s Terms of Service (https://www.shopify.com/legal/terms) or Privacy Statement (https://www.shopify.com/legal/privacy).
14. CONTACT US
If you have any questions, comments or requests regarding this policy or how we use your personal data please contact us at firstname.lastname@example.org. This is in addition to your right to contact the Information Commissioners Office if you are unsatisfied with our response to any issues you raise at https://ico.org.uk/global/contact-us/
In order to be able to offer you Klarna’s payment options, we will pass to Klarna certain aspects of your personal information, such as contact and order details, in order for Klarna to assess whether you qualify for their payment options and to tailor the payment options for you.
Last updated: February 2020.