1. Aspinal of London
  2. T&Cs, Policies & Personal Data
  3. Privacy Policy

Privacy Policy

 

Welcome to Aspinal of London Limited’s Privacy Notice. Aspinal of London, referred to as "we", "us" or "our" throughout this privacy notice and our registered office is Aspinal of London, Highfield, Midhurst Road, Fernhurst, West Sussex, GU27 3HA.

 

We take our Data Protection obligations very seriously and are committed to protecting and respecting your privacy and your information. This Privacy Notice (together with our terms and conditions and any other documents referred to in it) explains what types of personal information we collect about you, what we do with that personal information, the legal basis for our processing of your personal information, what rights you have in relation to your personal information and how you can exercise those rights. It also explains how we keep your personal information safe and secure. We take our Data Protection obligations very seriously and this notice gives you information about our approach to Data Protection legislation (UK & EU General Data Protection Regulation, Data Protection Act 2018, Privacy & Electronic Communications (EC Directive) Regulations (PECR)).

  1. IMPORTANT INFORMATION AND WHO WE ARE

PURPOSE OF THIS PRIVACY NOTICE

This privacy notice gives you information on how Aspinal of London collects and processes your personal data through your contact with us and any data processed from such contact.

Aspinal of London’s digital services are not intended for children and young people under the age of 16 and we do not knowingly collect data relating to children. All individuals who register with us or who otherwise provide their personal data to us or must be aged 16 or over. If you are under the age of 16, please ask your parent or guardian to contact us on your behalf.

 

It is important that you read this privacy notice together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This notice supplements other privacy notices and is not intended to override them. We may update this notice at any time, details of which are found at the end of this document. 

 

CONTROLLER

Aspinal of London is the Data Controller and we are responsible for your personal data. We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice or any other Data Protection query, please contact us using the details set out below.

    • Aspinal of London Limited
    • enquiries@aspinaloflondon.com
    • Highfield, Midhurst Road, Fernhurst, West Sussex, GU27 3HA.

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for Data Protection issues (www.ico.org.uk). We would welcome the opportunity to deal with your concerns before you approach the ICO so please contact us in the first instance.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us or if you would like to opt-out of any services we provide. You can update any information we hold about you by contacting our Customer Services Team https://www.aspinaloflondon.com/contact-us who will be delighted to help you.

  1. THE DATA WE COLLECT ABOUT YOU

Personal data, or personal information, means any information about a living individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, use, store, process and transfer different kinds of personal data about you which we have grouped together as follows:

  • Identity - Data includes first name, last name, username or similar identifier, postal address, telephone numbers, email address, age & special dates such as your birthday or anniversary (should you wish to provide this).
  • Financial - Data includes payment information such as payment method and payment details.
  • Transaction - Data includes details about payments to and from you and other details of products and services you have purchased from us.
  • Technical - Data includes your internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
  • Profile - Data includes your username and password, your interests, preferences, feedback, competition, promotion, or survey responses (should you chose to engage).
  • Marketing & Communications - Data such as your marketing and communication preferences, your interests and any feedback you give to us.
  • User - Data such as your transactions on our website, phone calls, messages, recordings, chat logs when you communicate with us, access to our premises, CCTV footage from our stores or Head Office and similar data that we maintain on your account.

Please note the above list is not exhaustive but gives an indication of the data we collect.

You may give us information about other people, such as the name and address of a friend/family member to whom you want to send a gift. Please do not give us information about others unless you are authorised and have their permission to do so. We will use their information for the purposes described in this Privacy Notice, so please inform them of this notice.

We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, genetic or biometric data). Nor do we collect any information about criminal convictions and offences. Please do not provide us with any such data.

IF YOU FAIL TO PROVIDE PERSONAL DATA

Where we need to collect personal data by law, or under the terms of a contract we have with you to purchase our products, and you fail to provide that data when requested, we may not be able to provide you with goods or services. In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case at the time.

  1. HOW IS YOUR PERSONAL DATA COLLECTED?

We use different methods to collect data from and about you including through:

DIRECT INTERACTIONS

You may give us your Identity, Contact, User and Financial Data on our website, in our stores or by corresponding with us by post, online, phone, email or otherwise. This includes personal data you provide when you: purchase our products; create an account with us; subscribe to our marketing services; request a catalogue, enter a competition, promotion, sweepstake, survey or similar initiative; attend our stores, give us feedback or contact us.

AUTOMATED TECHNOLOGIES OR INTERACTION

As you interact with our website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies. You can set your browser to refuse all or some browser cookies, however if you disable or refuse cookies, please note that some parts of our website may become inaccessible or not function properly.

Further information can be found in our cookie policy.

THIRD PARTIES OR PUBLICLY AVAILABLE SOURCES

We will receive personal data about you from various third parties as set out below:

Technical Data from the following parties:

  • analytics providers such as Google based outside the EU;
  • advertising networks;
  • Social Media Platforms and similar services (including but not limited to Facebook, Instagram, Twitter, TikTok and YouTube). When you engage with our content or ads on Social Media Platforms, we might obtain information from Social Media Platforms, including your username, user ID, and demographic information, subject to the settings and privacy practices of the relevant Social Media Platform. We obtain this information directly from the Social Media Platform or through plug-ins, integrations or applications. Please keep in mind that the operators of the Social Media Platforms also gather information about your use of the Digital Services and their features and tools. We are not responsible for their practices. In relation to Social Media Platforms, we only process information which you have already shared with the world. Where we receive personal data via Social Media Platforms we ensure this is processing lawfully in accordance with our legitimate interests which we do not consider affects your rights and freedoms.

Contact, Financial and Transaction Data from providers of technical, payment services, fulfilment and delivery services, including Klarna.

 

In order to be able to offer you Klarna’s payment options, we will pass to Klarna certain information, such as your name, billing and shipping address, email address, phone number, and order details, in order for Klarna to assess whether you qualify for their payment options and to tailor the payment options for you.

 

General information on Klarna you can find here. Your personal data is handled in accordance with applicable data protection law and in accordance with the information in Klarna’s privacy policy.

 

Our website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

 

  1. HOW WE USE YOUR PERSONAL DATA

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • To create your account and register you as a customer (if you have chosen to create an account with us) and to send you information relating to your account.
  • To fulfil any order, you place with us or subsequent orders, to provide any services you request, to process payments and deal with after sales enquiries.
  • To keep you informed about the status of your order, to deal with any queries or issues that might arise and to send you the products you have ordered.
  • Make your shopping experience with us as quick and as simple as possible.
  • Inform you of Aspinal of London offers or new products that may be of interest to you or events that may be happening in a store close to you, where you have consented to be contacted for such purposes.
  • Send you product catalogues.
  • Ensure that content from our site is presented in the most effective manner for you and for your device.
  • Carry out our obligations arising from any contracts between us.
  • Allow you to participate in interactive features of our service when you choose to do so.
  • Notify you about changes to our service.
  • Help to protect you from fraud (for instance we may carry out identity verification, credit or anti-fraud checks against your name using third party databases, which may involve disclosure to registered credit reference or fraud prevention agencies who may retain and use your personal information), carry out analysis and to help us manage our business, statutory returns and legal and regulatory compliance.
  • Use your personal information for our internal marketing and demographic studies, together with non-personal data to consistently improve our site design and customer communication to better meet our visitors' needs and to enhance the overall service we provide to our customers.
  • To comply with a legal obligation.
    • To protect your vital interests such as emergency situations on our premises and in our stores.

Please note this is not an exhaustive list but gives an indication of how we use your personal data.

 

We will request your consent in respect of marketing communications sent to you via email or text message. You may unsubscribe from our marketing communications by clicking the "unsubscribe" link in any communication that we send to you by email. Please also note that while your unsubscribe request is being processed, for a brief period you may continue to receive communications which are already on their way to you.

 

  1. PURPOSES FOR WHICH WE WILL USE YOUR PERSONAL DATA

We have set out below a description of the ways we use your personal data, and which of the legal bases for processing we generally rely on to do so. Please note this is not an exhaustive list but gives an indication of the purposes for our processing.

PURPOSES/ACTIVITY

  • To register you as a new customer – Identity, Contact.

GDPR Article 6(1)(b) - Performance of a contract with you.

 

  • To process and deliver purchases including managing payments, fees and charges & collecting and recovering money owed to us – Identity, Contact, Financial, Transaction, Marketing and Communications.

GDPR Article 6(1)(b) Performance of a contract with you,

GDPR Article 6(1)(f) Necessary for our legitimate interests (to recover debts due to us as required).

 

  • To manage our relationship with you – Identity, Contact, Profile, Marketing & Communications.

GDPR Article 6(1)(b) Performance of a contract with you,

GDPR Article 6(1)(a) Consent (for marketing purposes).

 

  • To enable you to partake in a prize draw, competition or complete a survey – Identity, Contact, Profile, Usage, Marketing and Communications.

GDPR Article 6(1)(a) Consent (for marketing purposes for our existing customers),

GDPR Article 6(1)(f) Necessary for our legitimate interests (to improve our business and receive feedback on how we can do this and to inform our marketing strategy).

 

  • To administer and protect our business (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) - Identity, Contact, Technical.

GDPR Article 6(1)(f) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise),

 

  • To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you – Identity, Contact, Profile, Usage, Marketing and Communications, Technical.

GDPR Article 6(1)(f) Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy).

 

  • To use data analytics to improve our digital services, products/services, marketing, customer relationships and experiences,– Technical, Usage.

GDPR Article 6(1)(f) Necessary for our legitimate interests (to define types of customers for our products and services, to keep our digital services updated and relevant, to develop our business and to inform our marketing strategy).

 

  • To make suggestions and recommendations to you about goods or services that may be of interest to you – Identity, Contact, Technical, Usage, Profile, Marketing & Communications.

GDPR Article 6(1)(f) Necessary for our legitimate interests (to develop our products/services and grow our business).

 

  • To protect our stores and Head Office by the use of CCTV and security services – Usage.

GDPR Article 6(1)(f) Necessary for our legitimate interests (to protect our stores and assist law enforcement agencies).

 

CHANGE OF PURPOSE

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.

In the unlikely event that we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with Data Protection legislation, where this is required or permitted by law.

  1. DISCLOSURES OF YOUR PERSONAL DATA

We minimise the amount of personal information we disclose to what is directly relevant and necessary, and so we may disclose your personal information to authorised third parties who help us to provide our services such as:

  • Companies involved with the payment and logistics of your purchase, such as payment service providers, address verification providers, fulfilment providers to facilitate order management, and delivery companies or couriers (such as Royal Mail, DHL & DPD).
  • Professional service providers who help us run our business, such as CRM solutions, website hosts, IT providers, CCTV & Alarm services, analytics and research, data enrichment, survey providers, customer support and marketing agencies.
  • To any competent law enforcement body, regulatory, government agency, court, credit reference agencies or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation (such as prevention of fraud), (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person,
  • Third party sites approved by you, such as social media sites (if you choose to link your accounts to us). We encourage you to review the privacy policies of the Social Media Platforms that you engage with to understand their privacy practices, which we do not control.
  • To enforce or apply our Terms of Service or other agreements or to protect Aspinal of London and our customers (including sharing with other companies and organisations for the purposes of fraud protection and credit risk reduction),
  • To any other person with your consent to the disclosure.

 

If we were to be acquired by another company or decided to sell any parts of our business, we may also need to share your personal data with the buyer of those parts of the business. In those circumstances, we will make sure that any new buyer agrees to follow this Privacy Notice with respect to your personal information and will promptly give you details of how they will use your personal data, and your options for changing that.

 

A list of third parties who we may share your data with can be obtained from our Data Protection Officer. Please note this list is not exhaustive but gives an indication of the data we share with third parties.

 

INTERNATIONAL TRANSFERS

Our data is typically hosted in the UK and other parts of the EEA, there are however some of our contracted technical service providers that process data from outside of the EEA. Where these transfers and any other transfers that may occur in the future are concerned, we ensure that there is a legal basis for the transfer and a lawful transfer mechanism in place prior to any transfers in place, in accordance with Data Protection legislation.

Any such transfers are currently done using either a transfer to a country with an adequacy ruling, or if a third country, using the UK International Data Transfer Agreement (IDTA), or the European Commission Standard Contractual Terms (SCC’s) with the UK ICO Standard Contractual Clauses Addendum and the relevant transfer impact assessments. Should the international data transfer requirements change, we will review the obligations and amend this notice as appropriate. More information can be obtained by contacting our Data Protection Officer.

  1. DATA SECURITY

We take the security of your information very seriously. We have in place the appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties to those who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

  1. DATA RETENTION

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements. Please contact our DPO for further information about retention and our schedule.

  1. YOUR LEGAL RIGHTS

Your rights in connection with personal information 

Under certain circumstances, by law you have the right to: 

Right to be informed by the provision of a privacy notice when your personal information is processed.

Request access to your personal information (commonly known as a “data subject access request”).  This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it. 

Request rectification of the personal information that we hold about you.  This enables you to have any incomplete or inaccurate information we hold about you corrected. 

Request erasure of your personal information.  This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it.  You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing. 

Right to object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your situation which makes you want to object to processing on this ground.  You also have the right to object where we are processing your personal information for direct marketing purposes. 

Request the restriction of processing of your personal information.  This enables you to ask us to suspend the processing of personal information about you. 

Request the transfer of your personal information to another party. 

Automated decision making, including profiling We do not envisage that we will conduct any automated processing including profiling, however we will inform you if this changes.

 

In the limited circumstances where you may have provided your consent to the processing of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time.   

 

Generally, you will not have to pay a fee to exercise any of your legal rights. However, we are entitled to charge a reasonable fee if any request is clearly unfounded, repetitive or excessive. We can also refuse to comply with an unfounded or excessive request. We may need to request information from you to confirm your identity, in order to make sure that personal data is not disclosed to someone who is not entitled to have it. We may also need to ask you for additional information to help us respond to your request. We will try to respond to your request within one month but, if the request is very complex or if you have made a number of requests, we are legally able to extend the request by an additional two months. In such circumstances, we will explain to you why it will take longer to respond and we will keep you updated.

 

If you want to exercise any of your rights, please contact our Data Protection Officer in writing at enquiries@aspinaloflondon.com

 

  1. CHANGES TO THIS PRIVACY NOTICE

From time to time, we may revise this Privacy Notice. Any such changes will be reflected on this page. Aspinal of London recommends that you review this Privacy Notice regularly for any updates. The date on which this notice was last revised is located below.

Date