- The General Data Protection Regulation (GDPR) came into effect on 25th May 2018. It’s the biggest change in data protection law for 20 years! To get you clued up, this page explains how we collect your data and what we do with it.
- For the purposes of the personal data we collect and process about you, the data controller of your personal data is Cath Kidston Ltd (company number 02808583) with registered address Frestonia, 125-135 Freston Road, London W10 6TH.
- We collect and process your data so we can offer you the best customer experience possible and we want to make sure that you understand what we do and why we do it. We also want you to feel confidence that we will look after your data, and to know that you can ask us questions at any time (see section "How do I get in touch?" below for our contact details).
- We may need to make changes to this policy regarding how we process personal data from time to time. If we make any changes we will update this policy and so we suggest that you check it here from time to time.
Changes to this policy:
What personal data do you collect?
- Personal details, such as your name, gender and date of birth
- Contact details like your address, email address and phone number
- Payment information including payment method and billing address
- Preferred shopping channel such as instore or online
- Your purchase history where you make purchases from us online
- Your preferred store
- Information submitted to us as part of our online gift wrap service including the optional gift message you have asked us to include
- Technical information about the way you access our website including your IP address, geographical location, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, and device information (such as mobile, desktop or tablet)
- Information about your computer and about your visits to and use of our website including information the adverts you click on to lead you to our website, how you interacted with the website (search terms entered, page response times, download errors, length of visit to certain pages, page interaction information such as scrolling, click, and mouse-overs) and where you went next (including full URLs and methods used to browse away from the site).
- Information about your social media accounts including your username when you interact with us via social media
- Information about any competitions entries you have made
- CCTV images our stores are fitted with CCTV to help protect our staff and customers. As a result, your image may be captured during your visit
- Your interactions with our lovely Customer Service team this will include written comments about your queries and our response to you
- Race or ethnic origin
- Political opinions
- Religious or other similar beliefs
- Medical or health conditions (both physical and mental)
- Sexual orientation
By "personal data" we mean any information that could be used to identify you or link an action to you in some way.
The main personal data we tend to collect is:
We always want you to have the best time shopping with us, so we also collect the following data in order to improve your experience:
Other data we may collect includes:
We do not knowingly capture any sensitive Personal Data relating to:
If we ever do collect such personal data from you we will make sure that we will only do this with your explicit consent or as otherwise permitted under relevant data protection laws.
[Please note that you must be 16 years old or over to be subscribed to receive marketing communications from Cath Kidston. Anyone aged under 16 years old must have parental or guardian consent. We do not knowingly collect personal data from anyone under the age of 16.]
HOW DO YOU COLLECT MY PERSONAL DATA?
There are several touchpoints where we collect your data:
In most cases we will collect personal data directly from you. For example we collect personal data from you in the following circumstances:Marketing
- When you fill in any form or survey
- When you enter one of our competitions or prize draws
- When you make use of one of our promotions
- When you interact with one of our ads or digital marketing channels
- When you create an account online (or instore)
- When you make a purchase online
- When you engage with us on social media (including Facebook, Instagram, Twitter or Pinterest)
- When you contact our lovely Customer Services
- When you visit our stores, the CCTV systems that are in place to help protect our staff and customers may capture your image
- When you sign up to receive our marketing communications via email, post or SMS
- When you enter one of our competitions or prize draws
We also collect personal data from other sources such as:
Through friends or family: if someone wishes to purchase a gift for you or order something on your behalf online they will need to provide us with your name and delivery details so that we can ensure you receive the order.
Other publically available sources: we access and store information which is available from public sources including some personal data (for example, we may have access to information on your social media profile when you interact with us on any social media platform we use).
Through your browser or device or through our servers: certain information is collected by most browsers or automatically through your device, as we mentioned above we collect your IP address or other device identifier (this enables us to recognise your computer or device when you use the website) via our server log files.
- There are several touchpoints where we collect your data:
WHY DO YOU COLLECT MY PERSONAL DATA? WHAT DO YOU DO WITH IT? AND WHAT IS YOUR LEGAL JUSTIFICATION FOR DOING SO?
We use your personal data for a variety of purposes related to the day to day running of Cath Kidston and to ensure we provide our customers with highest standards of service. From a legal perspective, we need to apply a justification for our use of your personal data and we have set out an explanation of these below. We will only use your personal data as set out in this policy.
- 1. For internal business purposes; such as generating statistics about our customers, undertaking consumer research and developing marketing plans and managing our audits, this helps us to make sure that we are serving our customers in the best way and ensuring we continue to be interesting and relevant to our customers. Where we do this we will use the information in aggregate form (so that we cannot identify individuals). We may collect, store or accumulate certain non-personally identifiable information concerning our customers' and visitors' use of www.cathkidston.com, such as information regarding which of our pages are most popular and general website administration.
- We rely on our legitimate interests as a business to process personal data in this way whilst always ensuring that your rights are protected.
We use your personal data:
- 2. To help us ensure our website runs effectively; we need ensure that the content on our website is presented in the best and clearest manner for you and your device, we also use personal data to administer our website for internal operations (including troubleshooting, data analysis, testing, research, statistical and survey purposes).
- We rely on our legitimate interests as a business to process personal data in this way (for example, we have a clear interest in ensuring that our website works properly and that our web services are efficient) whilst always ensuring that your rights are protected.
- 3. Where we have a contractual obligation to you; we need to process certain personal data (such as your address or your payment details) if you purchase a product from us online so that we can fulfil that order. We may also need to process personal data where you wish to return goods and/or receive a refund. This also may mean passing your name and address on to our trusted Logistics or Courier third parties (for more information about this please see the 'Do you share my personal data?' section below).
- We will process your personal data in this way because it is necessary in order to perform our agreement with you to deliver the products you have ordered.
- 4. To administer and run promotions, competitions, and prize draws; we like to run competitions and prize draws to engage with our customers and those who may be interested in our brand. We will need to process some personal data in order to run these (for example, in order to pick and contact a winner and deliver their prize).
- We process your data in this way either because we have your consent to do so or because it is in our legitimate interests to process the data in this way to run the promotion, competition or prize draws. Whenever we rely on our legitimate interests, we will always make sure that your rights are protected.
- 5. For other marketing purposes; we use personal data to help us sent direct marketing to our customers and other interested parties. For more information about the ways we use personal data for marketing and our justification for doing so please refer to the section "Using your data for marketing purposes" below.
- 6. As part of our consumer or market research; we may conduct online customer surveys by email (and we rely on our legitimate interests as a business to process personal data in this way whilst always ensuring that your rights are protected and in limited circumstances). We may also undertake detailed consumer research with particular customers and we will only ever engage in this level of consumer research with the individual's consent. Such consent may of course be revoked at any time.
- 7. Where we have a legal obligation to do so; in some circumstances we may need to pass on personal data or give access to personal data to law enforcement or another statutory authority for example, we may need to use personal data to comply with tax laws or in scenarios that involve criminal activity, such as fraud or theft. For instance, this may be CCTV imagery.
DO YOU SHARE MY PERSONAL DATA?
- If you place an order from us online, we need to process that order, which will mean passing your name and address on to our fulfilment provider or our trusted logistics or courier third parties.
- We also work with data analysis firms, consumer insight agencies and market research agencies to help us understand our customers to ensure that we continue to meet their needs and serve them most efficiently, the majority of this data is statistical/analytical and it is not possible to identify you from this information.
- We have a customer relationship management system which is provided to us by a third party. This system helps us to communicate efficiently and effectively with suppliers and consumers.
- We also work with authorisation agencies, customer support specialists, website developers and webhosting companies, and marketing fulfilment companies (e.g., companies that coordinate mailings (including by post and email)).
We will never sell your personal data or give it to anyone else for them to use for their own purposes without making that clear to you. However, we do sometimes share your personal data in various ways which we have set out in more detail below:
Sharing with organisations that provide services to us:For example:
If you would like any further information about the kinds of service providers we work with please get in touch with us using the contact details below.
Sharing with other "controllers" of personal data:For consumer insight purposes and making sure we serve the right ads:
Where you have given us your consent to do so, we may share your contact details with our favourite partners so that they can sent you freebies and other things we think you might find interesting. You can change your mind and revoke your consent for us to share this personal data with our partners at any time by contacting us using the details set out below.
As we continue to develop our business, we might sell certain of our assets or be sold. In such transactions, user information, including personal data, may be one of the transferred business assets. Similarly, if our ownership structure changes, we may need to disclose your personal data to the new owners or operators of our website as part of that process.
Sharing personal data to protect our rights or comply with our legal obligations:
We may disclose any information, including personal data, we deem necessary, to comply with any applicable law, regulation, legal process or governmental request. This might mean sharing your data with courts, lawyers, police, local authorities or other third parties where permitted or required by law.
International transfers of personal data
Your Personal Information will be stored at facilities located across the world and not necessarily within the EEA.
There will be instances where we need to transfer your personal data to countries outside the UK or the European Economic Area ("EEA"). For example, we work with some global service providers who are based outside of the UK or EEA.
Although countries outside the UK and EEA may not provide the same level of protection of personal data as the UK and countries within the EEA, we will always ensure that appropriate safeguards are implemented to protect your personal data including by agreeing appropriate contract terms with third parties or by relying on recognized certifications such as the EU-US privacy shield.
HOW DO YOU PROTECT MY PERSONAL DATA?
- Your trust is very important to us, so we have strict policies in place to make sure your data is protected and secure.
- We implement various technical and organisational security measures to protect the security of your personal data both on line and off line and we comply with all required legal and industry security best practices to ensure the integrity, confidentiality and availability of customer data.
- If you have any questions about the ways which we protect personal data you can contact us using the contact details provided below.
HOW LONG DO YOU KEEP MY PERSONAL DATA?
- We only retain your personal data for as long as is necessary for the purposes described in this policy. This means that retention periods will vary according to the type of the personal data and the reason that we have the data in the first place. For example:
- if you have provided us with your consent to receive marketing communications we will keep this personal data until such consent is revoked or we no longer undertake marketing activities;
- if you have registered with us online, we will keep certain information such as your address so that you can continue to make online purchases as seamlessly as possible, until you remove these details from your registration;
- if you have registered with us, we will also keep information about the products you have bought from us in the past to help us know what you are likely to be interested in.
USING YOUR DATA FOR MARKETING PURPOSES
- Where we have your consent to do so; you can proactively subscribe to receive marketing communications from us instore or online (for example, you can opt in whilst in store to join our Email Club). We will ensure that any marketing we send is limited to the types of marketing that you have told us that you are happy to receive. You can change your mind and revoke your consent at any time. For more information about how to do this please refer to the section 'How do I unsubscribe from marketing communications?' below.
- Where we rely on our legitimate interests; if you are a customer of Cath Kidston i.e. if we have gathered your contact details in the context of a transaction or registration, we want to be able to tell you about any exciting new products or offers we think you will be interested in based on items you have previously bought from us. We will always ensure you have the opportunity to opt-out of receiving further marketing. For more information about how to do this please refer to the section 'How do I unsubscribe from marketing communications?' below.
Depending on our relationship with you and how we have collected your personal data we will use your personal data to send you marketing by email, web or post about new products, special offers, discounts, new partnerships, events and competitions. We do this in the following circumstances:
HOW DO I UNSUBSCRIBE FROM MARKETING COMMUNICATIONS?
If you would like us to stop sending marketing communications to you, you can let us know in the following ways:
- via any emails you receive from us by clicking "UNSUBSCRIBE" at the bottom of the email;
- by visiting any of our stores and asking one of our team to amend your preferences;
- by contacting us using the details in the "How do I get in touch?" section below; or
- through your account settings by visiting the "my account" page once you have logged in.
We will action these requests within 30 days.
Stopping marketing messages will not stop you from receiving non-marketing communications (for example, if you have purchased a product from us online, we will still send you updates so that you know when your purchase is being delivered).
TELL ME MORE ABOUT COOKIES
- Cookie purposes:
- We use the following types of cookies which are used for the following broad purposes:
- Essential cookies: These are cookies that are required for the operation of our website. They are essential in order to ensure the website works property.
- Performance cookies: These cookies allow us recognise and count the number of visitors to our website and see how these users move around our website. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
- Functional cookies: These are used to recognise you when you return to our website and improve your shopping experience. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
- Targeting cookies: These cookies record your visit to a website, the pages you have visited and the links you have followed and use this information to make sure any advertising you see (both on our website and elsewhere on the internet) is more relevant to your interests. This information is sometimes shared with third parties for this purpose.
- In order to be as transparent as possible about the cookies we use; we have listed below the cookies that are currently active on CathKidston.com, and we have also provided information on what these cookies do.
Which cookies are used on CathKidston.com?
Cookie Name Type What does this cookie do? ASP.NET_SessionId Session This cookie is a session ID - A piece of data used in network communications to identify a unique session. ASPDNSFGUID Session This cookie is a session ID - A piece of data used in network communications to identify a unique session. SectionFilterID Persistent Created when there is a requirement for the website to only show products that are categorised a certain product section throughout the site. LastViewedEntityInstanceName Persistent Name of the last type of category page viewed on the site, i.e. 'Clothing'. This information is used to determine the breadcrumb when navigating from a type of category page to a product page. LastViewedEntityInstanceID Persistent Unique Identifier for the name of the last type of category page viewed on the site. This information is used to determine the breadcrumb when navigating from a type of category page to a product page. LastViewedEntityName Persistent Name of the last type of category page viewed on the site, i.e. Category, Genre, Manufacturer. This information is used to determine the breadcrumb when navigating from a type of category page to a product page. SkinID Persistent The unique identifier for the presentation layer being shown to the customer. This information is used to deliver different presentation layers of the site based on configuration, such as a mobile or facebook store specific presentation layer. SectionFilterID Persistent Created when there is a requirement for the website to only show products that are categorised a certain product section throughout the site. AffiliateID Persistent The unique identifier for the affiliate that forwarded the customer to the site. This is used to determine the presentation layer for the visitor and will associate the value of a completed basket with the affiliate. utma; utmb; utmc; utmx; utmx_k_243743964; utmxx; utmz; _ga, _dc_gtm_UA-5434626-1, _gali Persistent These cookies are used for Google Analytics tracking. It does not use any customer information. peerius_rid, peerius_ct; peerius_sess; peerius_user Session & Persistent These cookies are used to show you products you might like, based on the products you have looked at. ARPTH; BIGipServerprod-c5a-prr-http(s); Persistent These cookies are used to manage our Review and Ratings content. Provider Tag Name Purpose SaleCycle s.salecycle.com used to track use of the website in order to understand which products and services are of interest to you and to collect certain personal information such as name, email address, phone number, and a unique identifier associated with your device. This information is then used to assist you in the buying process including by contacting you from time to time (either by email or SMS) or to personalise advertising displayed to you online. please see the SaleCycle Service Privacy Notice for more details regarding the cookies used by SaleCycle on our behalf.
- We use the following types of cookies which are used for the following broad purposes:
What are cookies and how do we use them?
Cookies (and other similar technologies that you may hear about such as tags, pixels, beacons etc.) are small files of data that are stored on your internet browser, computer, handheld device or mobile as you browse various web pages. Cookies give us certain information about your online activity.
There are different types of cookies which help us achieve different things. We have grouped our cookies in two ways: (i) all cookies are either session cookies or persistent cookies, and (ii) all cookies serve one of four purposes.Session and persistent cookies:
When we use these terms we mean how long the cookie sits on your device. Session cookies only exist for a small amount of time (a session cookie will only exist on your device when you use the website) whereas persistent cookies will remain on your device for longer. We use persistent cookies to enable the website to determine whether you have been here and signed in previously.
How can I control cookies?
You may choose whether or not to accept cookies and can control cookies through your web browser. In most cases, your computer will automatically enable cookies but you can amend these settings either within the browser options for the provider itself, [or] through a third party cookie management website.
We want to make sure managing cookies is as easy as possible for our customers so we are currently working with a number of technology providers to find particular ways to make cookie control on our website easier.
Please follow the links before for the browser options for the following providers:
For more information about cookies and how you can control them we recommend you visit: http://www.youronlinechoices.com/uk/
Please note that if you reject all cookies entirely it could result in our website no longer working properly for example if you want to buy products on our website you will need to have cookies enabled within your internet browser.
WHAT ARE MY RIGHTS AND HOW DO I EXERCISE THEM?
The law gives you a number of rights over your personal data and our use of it. These rights are:
- a. to withdraw your consent to any processing of personal data where we rely on that consent;
- b. to ask to see what personal data we hold about you and to find out about the way that we process the data (and in some circumstances, you can ask us to provide a copy to a third party);
- c. to ask us to correct or update any personal data which is inaccurate;
- d. to ask for personal data to be deleted in some (but not all) circumstances where there is no good reason for us to continue to process it;
- e. to object to our processing of personal data in some (but not all) circumstances, including objecting to direct marketing;
- f. to ask us to temporarily stop using your data if you don't believe that we have a right to use it, or to stop us from using your personal data where there is no good reason for us to continue to use it; and
- g. not to be subject to decisions made solely on the basis of 'automated processing' (i.e. the right not to be subject to decisions made solely by algorithms or computers without input from a human) in certain circumstances.
You can access any personal data that you have submitted via the Website please visit "my account" page or, alternatively, you can contact our customer services team who will be able to help using the contact details set out in the section "How do I get in touch" below.
Ensuring your personal data is accurate:
We will take reasonable steps to create an accurate record of any personal information about you, however, we do not take responsibility for confirming the ongoing accuracy of your personal data. For example, we need to you inform us if you move house and wish to have deliveries sent to your new address.
If your details change (perhaps you’ve moved home), you can simply update your preferences by clicking on "UPDATE YOUR PREFERENCES" at the bottom of every email or in the "MY ACCOUNT" section when you are logged in to your account on our website.
I NEED MORE INFORMATION, HOW DO I GET IN TOUCH?
We hope that you have found all you need on this page but if you have any further queries or need to get in touch with us regarding anything set out above you can contact us in the following ways:
- you can call us on 03333 202663 Monday- Friday between 9am & 6pm; or
- you can email us at firstname.lastname@example.org us anytime.
We’ll aim to get back to you within 24 hours, but usually sooner.
We hope that you feel you can contact us first in any instances where you are unhappy about how your personal data is being treated and we will try our very best to help. However, should you need to; you also have the right to complain about our use of your personal data. You can contact the Information Commissioner's Office via their website: https://ico.org.uk/concerns/ or by calling 0303 123 1113.