Hello lovely, as we care about your privacy we've updated our policy | Please have a read

Successfully added to your shopping basket

Quantity
Total
Continue shopping Shopping basket

Privacy Notice

SUMMARY

If you are a customer of Katie Loxton, or represent a wholesaler, we use your personal data to fulfil your orders with us, operate your online account, send marketing to you (where you have consented to that) and to gain an understanding of your interest in our products so we can provide you with a more tailored service. To do this, we gather information and insights about your interactions with us over all our channels, your age, purchase history, website usage and other information to build a profile of you so we can provide personalised service such as information about products which we think will be of more interest to you given what we know about you.

 

If you are a visitor to our website, social media or contact us through these channels or by phone or letter, we will use your personal data to respond to your enquiry, query or complaint.

About Us and About this Notice

This Privacy Notice is provided by Katie Loxton Ltd ("Katie Loxton" or "we").   We are a 'controller' for the purposes of the General Data Protection Regulation (EU) 2016/679. 

 

Overview

We take your privacy very seriously.  Please read this Privacy Notice carefully as it sets out important information about our processing and your rights:

·         when you interact with us on our website, over the phone, by letter or on social media (as a customer or a visitor),

·         as a customer

·         as one of our wholesalers.

 

This notice explains what data we process, why, how it is legal and your rights.  It applies to both retail and wholesale customers, and all interactions you have with us whether you use our website or social media, telephone us, write to us or speak to us at a trade show or in store.

 

How to Contact Us

If you have any questions about this Privacy Notice or if you would like this Privacy Notice in another format, e.g. audio, large print, please contact us at customercare@katieloxton.com or through the 'Contact Us' page on our website www.katieloxton.com ("Website"). 

 

Changes to this Privacy Notice

We may change this Privacy Notice from time to time by updating this page.  We will notify you of any significant changes by way of a banner on our Website. Changes will become effective from the next time that you interact with us or use your account.

 

What personal data do we collect?

This section sets out the categories of personal data we may hold about the different groups of people we interact with. 

 

 

General contacts through website, over the phone, by letter, email or on social media

·         Your title and name

·         Your contact details (including email address and mobile number)

·         Other information that you provide in any correspondence or communication with us including feedback, suggestions and complaints

 

Cookies on our Website collect anonymous information about your browsing or shopping activity, website use, information about your computer, such as which browser you are using, your network location, the type of connection you are using (e.g. broadband, ADSL etc) but this information is anonymous and we cannot tell who you are.

 

 

Customers

·         Your title and name

·         Your contact details (including email address and mobile number) and your password for your account on the Website

·         Your postal address (including both your billing and delivery address)

·         Age/date of birth (although this is optional)

·         Purchases and orders made by you

·         Your "wish list"

·         Your alerts

·         your payment card details

·         Your online browsing activities on our Website when you are logged in to your account

·         Your communication and marketing preferences

 

Wholesalers

 

·         Your title and name

·         Your contact details (including email address and mobile number)

·         Company name / Store name, account number and your role

·         Your postal address (including billing address, delivery address and your company address)

·         Payment card details

·         Your online browsing activities on our Website

·         Your communication and marketing preferences

·         Personal information about a second contact including name and contact details

·         Information provided by sales agents and customer services when they interact with you

 

Personal information about other individuals

If you give us information on behalf of someone else (for example as a wholesale customer the secondary contact's details or where you "refer [a product] to a friend" or if you are sending a gift to someone at a different address), you confirm that the other person has appointed you to act on his/her behalf and has agreed that you can.

 

Why do we process your personal data?

 

We use your personal data for the following reasons and we are allowed to do so on certain legal bases (please see section "How is processing you data lawful" for further details):

 

Type of data

Why we process your personal data

Legal basis for processing customer data

General contacts through website, over the phone, by letter or on social media

Your name, title, contact details, other information you provide in relation to your enquiry, query or complaint

To respond to and deal with your enquiry, query or complaint

Legitimate interests

Customers and Wholesalers

Your name, title, contact details, and password

To supply you with our products when you purchase them

To respond to your enquiries, queries, or complaints

To operate your online account

Contract

 

Legitimate interests

Age and/or date of birth

To send you relevant promotion communications based on your demographic (this is an optional field, you do not have to provide this information)

Legitimate interests

Purchases and orders made by you and your online browsing activities

For market research purposes to better understand our customers' behaviour, activities, preferences and needs and to improve and develop our existing products and services.

 

Legitimate interests

Your alerts

To send you communications letting you know the product is back in stock

Legitimate interests

Your payment card details

To take payment and fulfil your order, including doing anti-fraud checks

Contract and legal obligation

Your communication and marketing preferences

To send you relevant promotion communications

Consent

Profiling of our customers, in the aggregate and individually

We use the following tools to gather information about customers and potential customers: Google Analytics, Google Ad words, pixel placement technologies and cookies.  We will analyse the data gathered from these tools together with (i) data collected directly from you particularly your age and location, (ii) your browsing and purchasing activity through all our channels and (iii) your responses to marketing communications to develop profiles of our overall customer base, and of you individually.  The results of this analysis will allow us to tailor our contact with you so that we can provide you with a service that is most relevant to you including sending you information about products and offers that are best suited to you. 

Legitimate interests

 

 

How is Processing your Personal Data Lawful?

 

We are allowed to process your personal data on the following legal bases:

 

·         Legitimate interests

We are permitted to process your personal data if it is based on our ‘legitimate interests’ i.e. we have good, sensible, practical reasons for processing your personal data which is in the interests of Katie Loxton. To do so, we have considered the impact on your interests and rights, and have placed appropriate safeguards to ensure that the intrusion on your privacy is reduced as much as possible.  The section above explains the personal data processed on this basis and provides a description of our specific 'legitimate interests'.   You can object to processing on the grounds of legitimate interests. See the section headed "Your Rights" to find out how.

·         Contract

It is necessary for our performance of the contract you have agreed to enter with us (such as for the sale of our goods).  If you do not provide your personal data to us, we will not be able to carry out our obligations under the terms of your contract.

 

·         Consent

Sometimes we want to use your personal data in a way that is entirely optional for you. On these occasions, we will ask for your consent to use your information for that purpose. You can withdraw your consent at any time.  Currently we only rely on consent as a legal basis for processing to send direct marketing to you.

 

Who will have access to your personal data?

 

We share your personal data with organisations acting as our processors who will only have access to your personal data to provide a particular service.

 

Currently your information may be shared with:

·         Pretashop – our ecommerce platform

·         Formation Media – our website developers and website support

·         DPD, TNT, Royal Mail, Hermes, DHL, Hacklings – to arrange delivery of our goods to you

·         First Data  - our payment gateway provider and anti-fraud checking service

·         Quick Stock – an internal stock and customer management tool

·         Mirus  -  our IT support agency

·         Mailchimp – our marketing distribution provider

·         Katie Loxton Inc – our sister company. We share infrastructure and systems with our group companies who stores and manages data on our behalf.

·         Zendesk chat – website live chat functionality.

 

Some of these organisations such as anti-fraud checking services are also be controllers of your personal data for the service that they provide to us. For these providers, please check their websites and read their privacy notices to understand how they will use your personal data.

 

We may also need to share your personal information with a purchaser or potential purchaser of our business, with our legal and financial advisers and insurers. We will disclose personal data where required by law, a court, the police or a law enforcement agency.

Transfers of your personal data outside the EEA

To deliver our products and services to you, we need to transfer your personal data to the following countries, which are located outside the European Economic Area:

 

Country

Purpose

United States of America

Our sister company, Katie Loxton Inc, and their infrastructure and systems which we share, are based in the USA

 

United States of America

MailChimp our email distribution tool.

 

Please bear in mind that the countries to which your personal information is sent to or accessed from may have a different standard of data protection than the country in which you are situated.  We have put in place protections to ensure that any transfer of your data will be carried out in accordance with the law to safeguard your privacy rights and give you remedies in the unlikely event of a security breach or to any other similar approved mechanisms.

 

If you want to know more about how data is transferred, please contact us using the details in the 'How to contact us' section.

 

How we keep your personal data secure

We are committed to ensuring that your information is secure.

 

In order to prevent unauthorised access or disclosure we have put in place appropriate technical and organisational measures to safeguard, protect and secure your personal data against accidental or unlawful destruction, accidental loss or alteration, unauthorised disclosure or access and any other unlawful forms of processing.  We aim to ensure that the level of security and the measures adopted to protect your personal data are appropriate for the risks presented by the nature and use of your personal data.

 

We follow recognised industry practices for protecting our IT environment and physical facilities.

 

If at any point you suspect or become aware of a security incident (i.e. your password is stolen or you receive suspicious communication from someone holding themselves out to be from Katie Loxton or representing Katie Loxton), please forward the communication to us or report the incident by email or in writing to the contact details at the top of this Privacy Notice as soon as possible.

 

When will we delete your data?

We will keep personal data for the following periods:

 

Category of Data

Retention Period

All data related to customer transactions

Six (6) years from the date of each transaction for data related to a particular transaction

Email address for marketing purposes

Until you withdraw your consent

Cookies information

Twenty four (24) months

 

We will not retain your data for longer than necessary for the purposes set out in this Privacy Notice.

Your rights

 

You have the following rights under the Data Protection Laws:

 

·         the right to object to processing of your personal data

·         the right of access to personal data relating to you (known as data subject access request)

·         the right to correct any mistakes in your information

·         the right to restrict processing of your personal data

·         the right to have your personal data ported to another controller

·         the right to withdraw your consent (including to receiving marketing)

·         the right to erasure

 

These rights are explained in more detail below. If you want to exercise any of your rights, please contact us (please see "How to contact us").

 

We will respond to any rights that you exercise within a month of receiving your request, unless the request is particularly complex, in which case we will respond within three months.

 

Please be aware that there are exceptions and exemptions that apply to some of the rights which we will apply in accordance with the Data Protection Laws.

 

Right to object to processing of your personal data

You may object to us processing your personal data where we rely on a legitimate interest as our legal grounds for processing.

 

If you object to us processing your personal data we must demonstrate compelling grounds for continuing to do so. We believe we have demonstrated compelling grounds in the section headed "How is processing your personal data lawful".

 

Right to access personal data relating to you

You may ask to see what personal data we hold about you and be provided with:

·                a copy of the personal data

·                details of the purpose for which the personal data is being or is to be processed

·                details of the recipients or classes of recipients to whom the personal data is or may be disclosed, including if they are overseas and what protections are used for those overseas transfers

·                the period for which the personal data is held (or the criteria we use to determine how long it is held)

·                any information available about the source of that data

·                whether we carry out an automated decision-making, or profiling, and where we do information about the logic involved and the envisaged outcome or consequences of that decision or profiling.

 

To help us find the information easily, please provide us as much information as possible about the type of information you would like to see.

 

Right to correct any mistakes in your information

You can require us to correct any mistakes in your information which we hold. If you would like to do this, please let us know what information is incorrect and what it should be replaced with.

 

Right to restrict processing of personal data

You may request that we stop processing your personal data temporarily if:

·                you do not think that your data is accurate. We will start processing again once we have checked whether or not it is accurate

·                the processing is unlawful but you do not want us to erase your data

·                we no longer need the personal data for our processing, but you need the data to establish, exercise or defend legal claims

·                you have objected to processing because you believe that your interests should override our legitimate interests

 

Right to data portability

You may ask for an electronic copy of your personal data which we hold electronically and which we process when we have entered into a contract with you. You can also ask us to provide this directly to another party.

 

Right to withdraw consent

You may withdraw any consent that you have given us to process your personal data at any time. This means that we will not be able to carry out any processing which required use of that personal data. If you want us to stop sending marketing, this may take a few days to implement in our systems.

 

Right to erasure

You can ask us to erase your personal data where:

·                you do not believe that we need your data in order to process it for the purposes set out in this Privacy Notice

·                if you had given us consent to process your data, you withdraw that consent and we cannot otherwise legally process your data

·                you object to our processing and we do not have any legitimate interests that mean we can continue to process your data

·                your data has been processed unlawfully or have not been erased when it should have been.

 

What will happen if your rights are breached?

You may be entitled to compensation for damage caused by contravention of the Data Protection Laws.

 

Complaints to the regulator

It is important that you ensure you have read this Privacy Notice - and if you do not think that we have processed your data in accordance with this notice - you should let us know as soon as possible. You may also complain to the ICO. Information about how to do this is available on his website at www.ico.org.uk.

 

Useful Words and Phrases

 

For the purposes of this Privacy Notice the following words have particular meanings in the Data Protection Laws and are used throughout this Privacy Notice:

 

Term

Definition

controller

This means any person who determines the purposes for which, and the manner in which, any personal data is processed.

Data Protection Laws

This means the laws which govern the handling of personal data. This includes the General Data Protection Regulation (EU) 2016/679 and any other national laws implementing that Regulation or related to data protection.

ICO

This means the UK Information Commissioner's Office which is responsible for implementing, overseeing and enforcing the Data Protection Laws.

personal data

This means any information from which a living individual can be identified. 

This will include information such as telephone numbers, names, addresses, e-mail addresses, photographs and voice recordings.  It will also include expressions of opinion and indications of intentions about individuals (and their own expressions of opinion/intentions).

It will also cover information which on its own does not identify someone but which would identify them if put together with other information which we have or are likely to have in the future.

processing

This covers virtually anything anyone can do with personal data, including:

·       obtaining, recording, retrieving, consulting or holding it;

·       organising, adapting or altering it;

·       disclosing, disseminating or otherwise making it available; and

·       aligning, blocking, erasing or destroying it.

processor

This means any person who processes the personal data on behalf of the controller.

special categories of data

This means any information relating to:

·       racial or ethnic origin;

·       political opinions;

·       religious beliefs or beliefs of a similar nature;

·       trade union membership;

·       physical or mental health or condition;

·       sexual life; or

·       genetic data or biometric data for the purpose of uniquely identifying you.