If you are a customer of Katie Loxton, or represent a wholesaler, we use your personal data to fulfil your orders with us, operate your online account, send marketing to you (where you have consented to that) and to gain an understanding of your interest in our products so we can provide you with a more tailored service. To do this, we gather information and insights about your interactions with us over all our channels, your age, purchase history, website usage and other information to build a profile of you so we can provide personalised service such as information about products which we think will be of more interest to you given what we know about you.
If you are a visitor to our website, social media or contact us through these channels or by phone or letter, we will use your personal data to respond to your enquiry, query or complaint.
About Us and About this Notice
This Privacy Notice is provided by Katie Loxton Ltd ("Katie Loxton" or " we "). We are a 'controller' for the purposes of the General Data Protection Regulation (EU) 2016/679.
We take your privacy very seriously. Please read this Privacy Notice carefully as it sets out important information about our processing and your rights:
- when you interact with us on our website, over the phone, by letter or on social media (as a customer or a visitor),
- as a customer,
- as one of our wholesalers.
This notice explains what data we process, why, how it is legal and your rights. It applies to both retail and wholesale customers, and all interactions you have with us whether you use our website or social media, telephone us, write to us or speak to us at a trade show or in store.
How To Contact Us
If you have any questions about this Privacy Notice or if you would like this Privacy Notice in another format, e.g. audio, large print, please contact us or use the 'Contact Us' page on our website: www.katieloxton.com ("Website")
Changes to this Privacy Notice
We may change this Privacy Notice from time to time by updating this page. We will notify you of any significant changes by way of a banner on our Website. Changes will become effective from the next time that you interact with us or use your account.
Your Personal Data
What personal data do we collect?
This section sets out the categories of personal data we may hold about the different groups of people we interact with.
General contacts through website, over the phone, by letter, email or on social media
- Your name and title
- Your contact details (including email address and mobile number)
- Other information that you provide in any correspondence or communication with us including feedback, suggestions and complaints
- Information you give us by filling in forms on our website.
Cookies on our Website collect anonymous information about your browsing or shopping activity, website use, information about your computer, such as which browser you are using, your network location, the type of connection you are using (e.g. broadband, ADSL etc) but this information is anonymous and we cannot tell who you are.
- Your title and name
- Your contact details (including email address and mobile number) and your password for your account on the Website
- Your postal address (including both your billing and delivery address)
- Age/date of birth (although this is optional)
- Purchases and orders made by you
- Your "wish list"
- Your alerts
- Your payment card details
- Your online browsing activities on our Website when you are logged in to your account
- Your communication and marketing preferences
- Information you give us by filling in forms on our website, for example; the date of your wedding
- Your title and name
- Your contact details (including email address and mobile number)
- Company name / Store name, account number and your role
- Your postal address (including billing address, delivery address and your company address)
- Payment card details
- Your online browsing activities on our Website
- Your communication and marketing preferences
- Personal information about a second contact including name and contact details
- Information provided by sales agents and customer services when they interact with you
Personal information about other individuals
If you give us information on behalf of someone else (for example as a wholesale customer the secondary contact's details or where you "refer [a product] to a friend" or if you are sending a gift to someone at a different address), you confirm that the other person has appointed you to act on his/her behalf and has agreed that you can.
Opt Out of Cookies
You can opt out of cookies by clicking here where you can learn more about NAI members, who deliver tailored online ads, and your choices to opt-out of receiving them.
Why do we process your personal data?
We use your personal data for the following reasons and we are allowed to do so on certain legal bases (please see section "How is processing you data lawful" for further details):
|Type of data||Why we process your personal data||Legal basis for processing customer data|
|General contacts through website, over the phone, by letter or on social media|
|Your name, title, contact details, other information you provide in relation to your enquiry, query or complaint||To respond to and deal with your enquiry, query or complaint||Legitimate interests|
|Customers and Wholesalers|
|Your name, title, contact details, and password||To supply you with our products when you purchase them. To respond to your enquiries, queries, or complaints. To operate your online account||Contract and legitimate interests|
|Age and/or date of birth||To send you relevant promotion communications based on your demographic (this is an optional field, you do not have to provide this information)||Legitimate interests|
|Purchases and orders made by you and your online browsing activities||For market research purposes to better understand our customers' behaviour, activities, preferences and needs and to improve and develop our existing products and services.||Legitimate interests|
|Your alerts||To send you communications letting you know the product is back in stock.||Legitimate interests|
|Your payment card details||To take payment and fulfil your order, including doing anti-fraud checks||Contract and legal obligation|
|Your communication and marketing preferences||To send you relevant promotion communications||Consent|
|Profiling of our customers, in the aggregate and individually||We use the following tools to gather information about customers and potential customers: Google Analytics, Google Ad words, Ometria, Mention Me, Attentive, SurveyMonkey, pixel placement technologies and cookies. We will analyse the data gathered from these tools together with (i) data collected directly from you particularly your age and location, (ii) your browsing and purchasing activity through all our channels and (iii) your responses to marketing communications to develop profiles of our overall customer base, and of you individually. The results of this analysis will allow us to tailor our contact with you so that we can provide you with a service that is most relevant to you including sending you information about products and offers that are best suited to you.||Legitimate interests|
How is Processing your Personal Data Lawful?
We are allowed to process your personal data on the following legal bases:
We are permitted to process your personal data if it is based on our ‘legitimate interests’ i.e. we have good, sensible, practical reasons for processing your personal data which is in the interests of Katie Loxton. To do so, we have considered the impact on your interests and rights, and have placed appropriate safeguards to ensure that the intrusion on your privacy is reduced as much as possible. The section above explains the personal data processed on this basis and provides a description of our specific 'legitimate interests'. You can object to processing on the grounds of legitimate interests. See the section headed "Your Rights" to find out how.
It is necessary for our performance of the contract you have agreed to enter with us (such as for the sale of our goods). If you do not provide your personal data to us, we will not be able to carry out our obligations under the terms of your contract.
Sometimes we want to use your personal data in a way that is entirely optional for you. On these occasions, we will ask for your consent to use your information for that purpose. You can withdraw your consent at any time. Currently we only rely on consent as a legal basis for processing to send direct marketing to you.
Who will have access to your personal data?
We share your personal data with organisations acting as our processors who will only have access to your personal data to provide a particular service.
Currently your information may be shared with:
- Magento – our ecommerce platform
- ObjectSource – our website developers and website support
- DPD, TNT, Royal Mail, Hermes, DHL, Hacklings – to arrange delivery of our goods to you
- First Data - our payment gateway provider and anti-fraud checking service
- Quick Stock – an internal stock and customer management tool
- NetSuite – our external stock and customer management tool
- Moon.it - our IT support agency
- Ometria – our marketing distribution provider
- Katie Loxton Inc – our sister company. We share infrastructure and systems with our group companies who stores and manages data on our behalf.
- Gorgias chat – website live chat functionality.
- Webmart – Direct Mail production and distributor
- Epsilon International UK Ltd
- Rakuten Advertising
- MentionMe - our customer refer-a-friend programme.
- SurveyMonkey (by Momentive) – Our Survey Tool
- DATA PROCESSOR
- Mention-Me Ltd Website: www.mention-me.com
- Data Protection Officer:
- [email protected]
- PROCESSING ACTIVITIES
- Processing customer email addresses and certain order data for the purposes of:
- Enrolling customers on to our refer-a-friend programme;
- Monitoring the programme and safeguarding against gaming or fraudulent use of the programme;
- Communicating with customers in connection with the operation of the programme and delivery of rewards;
- Reporting to [Controller] on the performance of the programme
- Attentive - our SMS marketing platform.
We also work with Epsilon Abacus a company that manages the Abacus Alliance on behalf of UK retailers. The participating retailers are active in the following product categories: clothing, collectables, food & wine, gardening, gadgets & entertainment, health & beauty, household goods, and home interiors. They share information on what their customers buy. Epsilon Abacus analyses this pooled information to help retailers understand consumers’ wider buying patterns. From this information, retailers can tailor their communications, sending people suitable offers that should be of interest to them, based on what they like to buy.
Our communications are designed to tell you about the benefits we can offer so that you have access to our best deals. We use the information we have about you to tailor the content and try to ensure that the offers are as relevant to you as possible. Under the Data Protection Legislation, this might qualify as profiling. If you do not wish us to use your data for this purpose, please call on 01295 250879, write to us at the address below or email us at [email protected]
Katie Loxton Cherwell Business Village, Southam Road, Banbury, OX16 2SP
Some of these organisations such as anti-fraud checking services are also be controllers of your personal data for the service that they provide to us. For these providers, please check their websites and read their privacy notices to understand how they will use your personal data.
We may also need to share your personal information with a purchaser or potential purchaser of our business, with our legal and financial advisers and insurers. We will disclose personal data where required by law, a court, the police or a law enforcement agency.
Transfers of your personal data outside the EEA
To deliver our products and services to you, we need to transfer your personal data to the following countries, which are located outside the European Economic Area:
|United States of America||Our sister company, Katie Loxton Inc, and their infrastructure and systems which we share, are based in the USA.|
|United States of America||Ometria - our email distribution tool.|
|United States of America||Epsilon International UK Ltd.|
|United States of America||Attentive.|
|United States of America||SurveyMonkey|
Please note that Epsilon Abacus may transfer data outside the EEA. The transfer will take place in the presence of appropriate safeguards, including standard data protection clauses adopted by the EU Commission. If you would like more information, please call us on 01295 250879, write to us at our address below or email us at [email protected].
Katie Loxton Cherwell Business Village, Southam Road, Banbury, OX16 2SP
Please bear in mind that the countries to which your personal information is sent to or accessed from may have a different standard of data protection than the country in which you are situated. We have put in place protections to ensure that any transfer of your data will be carried out in accordance with the law to safeguard your privacy rights and give you remedies in the unlikely event of a security breach or to any other similar approved mechanisms.
If you want to know more about how data is transferred, please contact us using the details in the 'How to contact us' section.
How we keep your personal data secure
We are committed to ensuring that your information is secure.
In order to prevent unauthorised access or disclosure we have put in place appropriate technical and organisational measures to safeguard, protect and secure your personal data against accidental or unlawful destruction, accidental loss or alteration, unauthorised disclosure or access and any other unlawful forms of processing. We aim to ensure that the level of security and the measures adopted to protect your personal data are appropriate for the risks presented by the nature and use of your personal data.
We follow recognised industry practices for protecting our IT environment and physical facilities.
If at any point you suspect or become aware of a security incident (i.e. your password is stolen or you receive suspicious communication from someone holding themselves out to be from Katie Loxton or representing Katie Loxton), please forward the communication to us or report the incident by email or in writing to the contact details at the top of this Privacy Notice as soon as possible.
When will we delete your data?
We will keep personal data for the following periods:
|Category of Data||Retention Period|
|All data related to customer transactions||Six (6) years from the date of each transaction for data related to a particular transaction|
|Email address for marketing purposes||Until you withdraw your consent|
|Cookies information||Twenty four (24) months|
We will not retain your data for longer than necessary for the purposes set out in this Privacy Notice.
You have the following rights under the Data Protection Laws:
- the right to object to processing of your personal data
- the right of access to personal data relating to you (known as data subject access request)
- the right to correct any mistakes in your information
- the right to restrict processing of your personal data
- the right to have your personal data ported to another controller
- the right to withdraw your consent (including to receiving marketing)
- the right to erasure
These rights are explained in more detail below. If you want to exercise any of your rights, please contact us (please see "How to contact us").
We will respond to any rights that you exercise within a month of receiving your request, unless the request is particularly complex, in which case we will respond within three months.
Please be aware that there are exceptions and exemptions that apply to some of the rights which we will apply in accordance with the Data Protection Laws.
Right to object to processing of your personal data
You may object to us processing your personal data where we rely on a legitimate interest as our legal grounds for processing.
If you object to us processing your personal data we must demonstrate compelling grounds for continuing to do so. We believe we have demonstrated compelling grounds in the section headed "How is processing your personal data lawful".
Right to access personal data relating to you
You may ask to see what personal data we hold about you and be provided with:
- a copy of the personal data
- details of the purpose for which the personal data is being or is to be processed
- details of the recipients or classes of recipients to whom the personal data is or may be disclosed, including if they are overseas and what protections are used for those overseas transfers
- the period for which the personal data is held (or the criteria we use to determine how long it is held)
- any information available about the source of that data
- whether we carry out an automated decision-making, or profiling, and where we do information about the logic involved and the envisaged outcome or consequences of that decision or profiling.
To help us find the information easily, please provide us as much information as possible about the type of information you would like to see.
Right to correct any mistakes in your information
You can require us to correct any mistakes in your information which we hold. If you would like to do this, please let us know what information is incorrect and what it should be replaced with.
Right to restrict processing of personal data
You may request that we stop processing your personal data temporarily if:
- you do not think that your data is accurate. We will start processing again once we have checked whether or not it is accurate
- the processing is unlawful but you do not want us to erase your data
- we no longer need the personal data for our processing, but you need the data to establish, exercise or defend legal claims
- you have objected to processing because you believe that your interests should override our legitimate interests
Right to data portability
You may ask for an electronic copy of your personal data which we hold electronically and which we process when we have entered into a contract with you. You can also ask us to provide this directly to another party.
Right to withdraw consent
You may withdraw any consent that you have given us to process your personal data at any time. This means that we will not be able to carry out any processing which required use of that personal data. If you want us to stop sending marketing, this may take a few days to implement in our systems.
Right to erasure
You can ask us to erase your personal data where:
- you do not believe that we need your data in order to process it for the purposes set out in this Privacy Notice
- if you had given us consent to process your data, you withdraw that consent and we cannot otherwise legally process your data
- you object to our processing and we do not have any legitimate interests that mean we can continue to process your data
- your data has been processed unlawfully or have not been erased when it should have been.
What will happen if your rights are breached?
You may be entitled to compensation for damage caused by contravention of the Data Protection Laws.
Complaints to the regulator
It is important that you ensure you have read this Privacy Notice - and if you do not think that we have processed your data in accordance with this notice - you should let us know as soon as possible. You may also complain to the ICO. Information about how to do this is available on his website at www.ico.org.uk
Useful Words and Phrases
For the purposes of this Privacy Notice the following words have particular meanings in the Data Protection Laws and are used throughout this Privacy Notice:
|controller||This means any person who determines the purposes for which, and the manner in which, any personal data is processed.|
|Data Protection Laws||This means the laws which govern the handling of personal data. This includes the General Data Protection Regulation (EU) 2016/679 and any other national laws implementing that Regulation or related to data protection.|
|ICO||This means the UK Information Commissioner's Office which is responsible for implementing, overseeing and enforcing the Data Protection Laws.|
This means any information from which a living individual can be identified
This will include information such as telephone numbers, names, addresses, e-mail addresses, photographs and voice recordings. It will also include expressions of opinion and indications of intentions about individuals (and their own expressions of opinion/intentions).
It will also cover information which on its own does not identify someone but which would identify them if put together with other information which we have or are likely to have in the future.
|processing||This covers virtually anything anyone can do with personal data, including:
|processor||This means any person who processes the personal data on behalf of the controller|
|special categories of data|| This means any information relating to: