Privacy and Cookies Policy
Purpose of policy
We are committed to protecting your personal information and being transparent about what information we hold about you.
Using personal information allows us to develop a better understanding of our customers and in turn to provide you with relevant and timely information about our products and services.
The purpose of this policy is to give you a clear explanation about how we collect and use the information we collect from you directly and from third parties.
We use your information in accordance with all applicable laws concerning the protection of personal information. This policy explains:
- What information we may collect about you
- How we may use that information
- In what situations we may disclose your details to third parties
- Information about how we keep your personal information secure, how we maintain it for and your rights to be able to access it
If you have any queries about this policy, please contact us by email at email@example.com.
Who we are
Charlie’s Pop Up Boutique Limited is a company registered in England and Wales with company registration number 10644294. Our registered office is at 21a, New Road, Ilford, England, IG3 8AU. Our correspondence address is PO Box 12472, Brentwood, CM14 9QF.
We collect various types of information and in a number of ways:
Information you give us
For example when you register on our website, or buy our products or services we’ll store personal information you give us such as your name, email address, postal address, telephone number and card details. We will also store a record of your purchases.
Information about your interactions with us
For example, when you visit our website, we collect information about how you interact with our content and ads. When we send you a mailing we store a record of this, and in the case of emails we keep a record of which ones you have opened and which links you have clicked on.
Information from third parties
We occasionally receive information about you from third parties. For example, we may use third party research companies to provide general information about you, compiled using publicly available data.
Sensitive personal data
Data Protection law recognises that certain categories of personal information are more sensitive such as health information, race, religious beliefs and political opinions. We do not usually collect this type of information about our customers unless there is a clear reason for doing so.
There are three bases under which we may process your data:
When you make a purchase from us you are entering into a contract with us. In order to perform this contract we need to process and store your data. For example we may need to contact you by email or telephone in the case of cancellation of a show, or in the case of problems with your payment.
Legitimate business interests
In certain situations we collect and process your personal for purposes that are in our legitimate organisational interests. However we only do this if there is no overriding prejudice to you by using your personal information in this way. We describe below all situations where we may use this basis for processing.
With your explicit consent
For any situations where the two bases above are not appropriate, we will instead ask for your explicit consent before using your personal information in that specific situation.
We aim to communicate with you about our products and services in ways that you find relevant, timely and respectful. To do this we use data that we have stored about you, such as what products and services you have bought in the past, as well as any preferences you may have told us about.
We use our legitimate organisational interest as the legal basis for communications by post and email. In the case of postal mailings, you may object to receiving these at any time using the contact details at the end of this policy. In the case of email, we will give you an opportunity to opt out of receiving them during your first purchase with us. If you do not opt out, we will provide you with an option to unsubscribe in every email that we subsequently send you, or you can alternatively use the contact details at the end of this policy.
We may also contact you about our work by telephone however we will always get explicit consent from you before doing this. Please bear in mind that this does not apply to telephone calls that we may need to make to you related to your purchases (as above).
Other processing activities
In addition to marketing communications, we also process personal information in the following ways that are within our legitimate organisational interests:
We may analyse data we hold about you to ensure that the content and timing of communications that we send you are as relevant to you as possible. We may analyse data we hold about you in order to identify and prevent fraud.
In order to improve our website we may analyse information about how you use it and the content and ads that you interact with.
In all of the above cases we will always keep your rights and interests at the forefront to ensure they are not overridden by your own interests or fundamental rights and freedoms. You have the right to object to any of this processing at any time. If you wish to do this, please use the contact details at the end of this policy. Please bear in mind that if you object this may affect our ability to carry out tasks above that are for your benefit.
There are certain circumstances under which we may disclose your personal information to third parties. These are as follows:
To our affiliates and subsidiaries when it is necessary for them to be able to provide you with products or services that you’ve requested.
To our own service providers who process data on our behalf and on our instructions. In these cases we require that these third parties comply strictly with our instructions and with data protection laws, for example around security of personal data. The providers of such services may have access to certain personal data provided by you. Any data used by such parties is used only to the extent required by them to perform the services that we request. Any use for other purposes is strictly prohibited within a data sharing agreement between us and the provider.
Where we are under a duty to disclose your personal information in order to comply with any legal obligation (for example to government bodies and law enforcement agencies).
Your debit and credit card information
If you use your credit or debit card to purchase from us or to make a donation, we will ensure that this is carried out securely and in accordance with the Payment Card Industry Data Security Standard (PCI-DSS). You can find more information about this standard here.
We optionally allow you to store your card details for use in a future transaction. This is carried out in compliance with PCI-DSS and in a way where none of our staff members are able to see your full card number. We never store your 3 or 4 digit security code.
Maintaining your personal information
We store your personal information indefinitely such that for any subsequent purchases you make we are able to link them back to a single unique record that we hold for you on our system. If there are aspects of your record that are inaccurate or that you would like to remove, you can usually do this by logging in to your account through our website. Alternatively please use the contact details at the end of this policy. Any objections you make to any processing of your data will be stored against your record on our system so that we can comply with your requests.
Security of your personal information
We will put in place appropriate safeguards (both in terms of our procedures and the technology we use) to keep your personal information as secure as possible. We will ensure that any third parties we use for processing your personal information do the same. We will not transfer, process or store your data anywhere that is outside of the European Economic Area.
We will only retain information for as long as necessary. Records are maintained in line with our retention schedule which determines the length of time records should be kept. We are bound by law to retain certain financial records, and these circumstances override our other retention periods.
We will ask you to check and update your contact preferences periodically so that we know our database is up to date. You can withdraw your consent, or make changes to your contact preferences at any time.
We actively maintain customer data, including communications with you, and purchase histories to allow you to sign in to your account even if you have not purchased from us for a while, and to continue to allow you to update and make changes to your marketing preferences. This also allows us to look up your customer account if you make purchases from us. If your account has had no activity for some time, before it has gone 6 years with no activity it will be made inactive from our database, thereby restricting access to the information, but is stored indefinitely such that for any subsequent enquiry or activity you make we are able to link back to it.
You can make a subject access request by emailing us at firstname.lastname@example.org.
You have the right to withdraw consent at any time.
You have a ‘right to be forgotten’ so you can ask for your personal information to be deleted where:
- It is no longer needed for the reason why it was collected in the first place.
- You have removed your consent for us to use your information and we do not have to keep your information for legal reasons.
If we have shared your personal information with others, we will do what we can to make sure those using your personal information comply with your request for erasure. We may not be able to delete your personal data if it is needed for legal reasons, for reasons of public health, public interest or for medical purposes.
You have the right to request a copy of personal information held about you.
You have the right to request that inaccuracies be corrected.
You have the right to request us to stop processing your personal data.
You have the right to lodge a complaint with the Information Commissioner's Officer www.ico.org.uk/concerns.
Contact details and further information
Charlie’s Pop Up Boutique Limited
PO Box 12472