Privacy Notice

Summary

If you are a customer of Katie Loxton, or represent a wholesaler, we use your personal data to fulfil your orders with us, operate your online account, send marketing to you (where you have consented to that) and to gain an understanding of your interest in our products so we can provide you with a more tailored service. To do this, we gather information and insights about your interactions with us over all our channels, your age, purchase history, website usage and other information to build a profile of you so we can provide personalised service such as information about products which we think will be of more interest to you given what we know about you.

If you are a visitor to our website, social media or contact us through these channels or by phone or letter, we will use your personal data to respond to your enquiry, query or complaint.

About Us and About this Notice

This Privacy Notice is provided by Katie Loxton Ltd ("Katie Loxton" or "we"). We are a 'controller' for the purposes of the General Data Protection Regulation (EU) 2016/679.

Overview

We take your privacy very seriously. Please read this Privacy Notice carefully as it sets out important information about our processing and your rights:

  • when you interact with us on our website, over the phone, by letter or on social media (as a customer or a visitor),
  • as a customer,
  • as one of our wholesalers.

This notice explains what data we process, why, how it is legal and your rights. It applies to both retail and wholesale customers, and all interactions you have with us whether you use our website or social media, telephone us, write to us or speak to us at a trade show or in store.

How to Contact Us

If you have any questions about this Privacy Notice or if you would like this Privacy Notice in another format, e.g. audio, large print, please contact us or use the 'Contact Us' page on our website: www.katieloxton.com/us ("Website").

Changes to this Privacy Notice

We may change this Privacy Notice from time to time by updating this page. We will notify you of any significant changes by way of a banner on our Website. Changes will become effective from the next time that you interact with us or use your account.

What personal data do we collect?

This section sets out the categories of personal data we may hold about the different groups of people we interact with.

General contacts through website, over the phone, by letter, email or on social media

  • Your title and name,
  • Your contact details (including email address and mobile number),
  • Other information that you provide in any correspondence or communication with us including feedback, suggestions and complaints.

Cookies on our Website collect anonymous information about your browsing or shopping activity, website use, information about your computer, such as which browser you are using, your network location, the type of connection you are using (e.g. broadband, ADSL etc) but this information is anonymous and we cannot tell who you are.

Customers

  • Your title and name,
  • Your contact details (including email address and mobile number) and your password for your account on the Website,
  • Your postal address (including both your billing and delivery address) ,
  • Age/date of birth (although this is optional) ,
  • Purchases and orders made by you,
  • Your "wish list",
  • Your alerts,
  • Your payment card details,
  • Your online browsing activities on our Website when you are logged in to your account,
  • Your communication and marketing preferences.

Wholesalers

  • Your title and name,
  • Your contact details (including email address and mobile number) ,
  • Company name / Store name, account number and your role,
  • Your postal address (including billing address, delivery address and your company address),
  • Payment card details,
  • Your online browsing activities on our Website,
  • Your communication and marketing preferences,
  • Personal information about a second contact including name and contact details,
  • Information provided by sales agents and customer services when they interact with you.

Personal information about other individuals

If you give us information on behalf of someone else (for example as a wholesale customer the secondary contact's details or where you "refer [a product] to a friend" or if you are sending a gift to someone at a different address), you confirm that the other person has appointed you to act on his/her behalf and has agreed that you can.

Why do we process your personal data?

We use your personal data for the following reasons and we are allowed to do so on certain legal bases (please see section "How is processing you data lawful" for further details):

Type of data Why we process your personal data Legal basis for processing customer data
General contacts through website, over the phone, by letter or on social media
Your name, title, contact details, other information you provide in relation to your enquiry, query or complaint To respond to and deal with your enquiry, query or complaint Legitimate interests
Customers and Wholesalers
Your name, title, contact details, and password To supply you with our products when you purchase them. To respond to your enquiries, queries, or complaints. To operate your online account Contract and legitimate interests
Age and/or date of birth To send you relevant promotion communications based on your demographic (this is an optional field, you do not have to provide this information) Legitimate interests
Purchases and orders made by you and your online browsing activities For market research purposes to better understand our customers' behaviour, activities, preferences and needs and to improve and develop our existing products and services. Legitimate interests
Your alerts To send you communications letting you know the product is back in stock. Legitimate interests
Your payment card details To take payment and fulfil your order, including doing anti-fraud checks Contract and legal obligation
Your communication and marketing preferences To send you relevant promotion communications Consent
Profiling of our customers, in the aggregate and individually We use the following tools to gather information about customers and potential customers: Google Analytics, Google Ad words, pixel placement technologies and cookies. We will analyse the data gathered from these tools together with (i) data collected directly from you particularly your age and location, (ii) your browsing and purchasing activity through all our channels and (iii) your responses to marketing communications to develop profiles of our overall customer base, and of you individually. The results of this analysis will allow us to tailor our contact with you so that we can provide you with a service that is most relevant to you including sending you information about products and offers that are best suited to you. Legitimate interests

How is Processing your Personal Data Lawful?

We are allowed to process your personal data on the following legal bases:

Legitimate interests - We are permitted to process your personal data if it is based on our ‘legitimate interests’ i.e. we have good, sensible, practical reasons for processing your personal data which is in the interests of Katie Loxton. To do so, we have considered the impact on your interests and rights, and have placed appropriate safeguards to ensure that the intrusion on your privacy is reduced as much as possible. The section above explains the personal data processed on this basis and provides a description of our specific 'legitimate interests'. You can object to processing on the grounds of legitimate interests. See the section headed "Your Rights" to find out how.

Contract - It is necessary for our performance of the contract you have agreed to enter with us (such as for the sale of our goods). If you do not provide your personal data to us, we will not be able to carry out our obligations under the terms of your contract.

Consent - Sometimes we want to use your personal data in a way that is entirely optional for you. On these occasions, we will ask for your consent to use your information for that purpose. You can withdraw your consent at any time. Currently we only rely on consent as a legal basis for processing to send direct marketing to you.

Who will have access to your personal data?

We share your personal data with organisations acting as our processors who will only have access to your personal data to provide a particular service. We share data across our brands, for marketing purposes.

Currently your information may be shared with:

  • Pretashop – our ecommerce platform,
  • Formation Media – our website developers and website support,
  • DPD, TNT, Royal Mail, Hermes, DHL, Hacklings – to arrange delivery of our goods to you,
  • First Data - our payment gateway provider and anti-fraud checking service,
  • Quick Stock – an internal stock and customer management tool,
  • Mirus - our IT support agency,
  • Ometria – our marketing distribution provider,
  • Katie Loxton Inc – our sister company. We share infrastructure and systems with our group companies who stores and manages data on our behalf,
  • Zendesk chat – website live chat functionality,
  • Webmart – Direct Mail production and distributor,
  • Epsilon International UK Ltd,
  • Attentive - Our SMS marketing provider,
  • Rakuten Advertising - our advertising platform.

Rakuten Advertising may collect personal information when you interact with our digital property, including IP addresses, digital identifiers, information about your web browsing and app usage and how you interact with our properties and ads for a variety of purposes, such as personalization of offers or advertisements, analytics about how you engage with websites or ads and other commercial purposes. For more information about the collection, use and sale of your personal data and your rights, please use the below links.

We also work with Epsilon Abacus a company that manages the Abacus Alliance on behalf of UK retailers. The participating retailers are active in the following product categories: clothing, collectables, food & wine, gardening, gadgets & entertainment, health & beauty, household goods, and home interiors. They share information on what their customers buy. Epsilon Abacus analyses this pooled information to help retailers understand consumers’ wider buying patterns. From this information, retailers can tailor their communications, sending people suitable offers that should be of interest to them, based on what they like to buy.

Our communications are designed to tell you about the benefits we can offer so that you have access to our best deals. We use the information we have about you to tailor the content and try to ensure that the offers are as relevant to you as possible. Under the Data Protection Legislation, this might qualify as profiling. If you do not wish us to use your data for this purpose, please call on (866) 245-8737, write to us at the address below or email us at [email protected].

Katie Loxton 460 E Plaza Drive Mooresville, 28115, NC

Some of these organisations such as anti-fraud checking services are also be controllers of your personal data for the service that they provide to us. For these providers, please check their websites and read their privacy notices to understand how they will use your personal data.

We may also need to share your personal information with a purchaser or potential purchaser of our business, with our legal and financial advisers and insurers. We will disclose personal data where required by law, a court, the police or a law enforcement agency.

Transfers of your personal data outside the EEA

To deliver our products and services to you, we need to transfer your personal data to the following countries, which are located outside the European Economic Area:

Country Purpose
United States of America Our sister company, Katie Loxton Inc, and their infrastructure and systems which we share, are based in the USA.
United States of America MailChimp - our email distribution tool.
United States of America Epsilon International UK Ltd.

Please note that Epsilon Abacus may transfer data outside the EEA. The transfer will take place in the presence of appropriate safeguards, including standard data protection clauses adopted by the EU Commission. If you would like more information, please call us on (866) 245-8737, write to us at our address below or email us at [email protected].

Katie Loxton 460 E Plaza Drive Mooresville, 28115, NC

Please bear in mind that the countries to which your personal information is sent to or accessed from may have a different standard of data protection than the country in which you are situated. We have put in place protections to ensure that any transfer of your data will be carried out in accordance with the law to safeguard your privacy rights and give you remedies in the unlikely event of a security breach or to any other similar approved mechanisms.

If you want to know more about how data is transferred, please contact us using the details in the 'How to contact us' section.

How we keep your personal data secure

We are committed to ensuring that your information is secure.

In order to prevent unauthorised access or disclosure we have put in place appropriate technical and organisational measures to safeguard, protect and secure your personal data against accidental or unlawful destruction, accidental loss or alteration, unauthorised disclosure or access and any other unlawful forms of processing. We aim to ensure that the level of security and the measures adopted to protect your personal data are appropriate for the risks presented by the nature and use of your personal data.

We follow recognised industry practices for protecting our IT environment and physical facilities.

If at any point you suspect or become aware of a security incident (i.e. your password is stolen or you receive suspicious communication from someone holding themselves out to be from Katie Loxton or representing Katie Loxton), please forward the communication to us or report the incident by email or in writing to the contact details at the top of this Privacy Notice as soon as possible.

When will we delete your data?

We will keep personal data for the following periods:

Category of Data Retention Period
All data related to customer transactions Six (6) years from the date of each transaction for data related to a particular transaction
Email address for marketing purposes Until you withdraw your consent
Cookies information Twenty four (24) months

We will not retain your data for longer than necessary for the purposes set out in this Privacy Notice.

Your Rights

You have the following rights under the Data Protection Laws:

  • the right to object to processing of your personal data,
  • the right of access to personal data relating to you (known as data subject access request),
  • the right to correct any mistakes in your information,
  • the right to restrict processing of your personal data,
  • the right to have your personal data ported to another controller,
  • the right to withdraw your consent (including to receiving marketing) ,
  • the right to erasure.

These rights are explained in more detail below. If you want to exercise any of your rights, please contact us (please see "How to contact us").

We will respond to any rights that you exercise within a month of receiving your request, unless the request is particularly complex, in which case we will respond within three months.

Please be aware that there are exceptions and exemptions that apply to some of the rights which we will apply in accordance with the Data Protection Laws.

Right to object to processing of your personal data

You may object to us processing your personal data where we rely on a legitimate interest as our legal grounds for processing.

If you object to us processing your personal data we must demonstrate compelling grounds for continuing to do so. We believe we have demonstrated compelling grounds in the section headed "How is processing your personal data lawful".

Right to access personal data relating to you

You may ask to see what personal data we hold about you and be provided with:

  • a copy of the personal data,
  • details of the purpose for which the personal data is being or is to be processed,
  • details of the recipients or classes of recipients to whom the personal data is or may be disclosed, including if they are overseas and what protections are used for those overseas transfers,
  • the period for which the personal data is held (or the criteria we use to determine how long it is held) ,
  • any information available about the source of that data,
  • whether we carry out an automated decision-making, or profiling, and where we do information about the logic involved and the envisaged outcome or consequences of that decision or profiling.

To help us find the information easily, please provide us as much information as possible about the type of information you would like to see.

Right to correct any mistakes in your information

You can require us to correct any mistakes in your information which we hold. If you would like to do this, please let us know what information is incorrect and what it should be replaced with.

Right to restrict processing of personal data

You may request that we stop processing your personal data temporarily if:

  • you do not think that your data is accurate. We will start processing again once we have checked whether or not it is accurate,
  • the processing is unlawful but you do not want us to erase your data,
  • we no longer need the personal data for our processing, but you need the data to establish, exercise or defend legal claims,
  • you have objected to processing because you believe that your interests should override our legitimate interests.

Right to data portability

You may ask for an electronic copy of your personal data which we hold electronically and which we process when we have entered into a contract with you. You can also ask us to provide this directly to another party.

Right to withdraw consent

You may withdraw any consent that you have given us to process your personal data at any time. This means that we will not be able to carry out any processing which required use of that personal data. If you want us to stop sending marketing, this may take a few days to implement in our systems.

Right to erasure

You can ask us to erase your personal data where:

  • you do not believe that we need your data in order to process it for the purposes set out in this Privacy Notice
  • if you had given us consent to process your data, you withdraw that consent and we cannot otherwise legally process your data,
  • you object to our processing and we do not have any legitimate interests that mean we can continue to process your data,
  • your data has been processed unlawfully or have not been erased when it should have been.

What will happen if your rights are breached?

You may be entitled to compensation for damage caused by contravention of the Data Protection Laws.

Complaints to the regulator

It is important that you ensure you have read this Privacy Notice - and if you do not think that we have processed your data in accordance with this notice - you should let us know as soon as possible. You may also complain to the ICO. Information about how to do this is available on his website at www.ico.org.uk

Useful Words and Phrases

For the purposes of this Privacy Notice the following words have particular meanings in the Data Protection Laws and are used throughout this Privacy Notice:

Term Definition
controller This means any person who determines the purposes for which, and the manner in which, any personal data is processed.
Data Protection Laws This means the laws which govern the handling of personal data. This includes the General Data Protection Regulation (EU) 2016/679 and any other national laws implementing that Regulation or related to data protection.
ICO This means the UK Information Commissioner's Office which is responsible for implementing, overseeing and enforcing the Data Protection Laws.
personal data

This means any information from which a living individual can be identified

This will include information such as telephone numbers, names, addresses, e-mail addresses, photographs and voice recordings. It will also include expressions of opinion and indications of intentions about individuals (and their own expressions of opinion/intentions).

It will also cover information which on its own does not identify someone but which would identify them if put together with other information which we have or are likely to have in the future.

processing This covers virtually anything anyone can do with personal data, including:
  • obtaining, recording, retrieving, consulting or holding it;
  • organising, adapting or altering it;
  • disclosing, disseminating or otherwise making it available; and
  • aligning, blocking, erasing or destroying it.
processor This means any person who processes the personal data on behalf of the controller
special categories of data This means any information relating to:
  • racial or ethnic origin;
  • political opinions;
  • religious beliefs or beliefs of a similar nature;
  • trade union membership;
  • physical or mental health or condition;
  • sexual life; or
  • genetic data or biometric data for the purpose of uniquely identifying you.