Personal Data We Collect And How We Collect It
We collect personal information about you, including information that can help us directly or indirectly identify you (“personal data”). Where applicable, we will indicate whether and why you have to provide us with your personal data, as well as the consequences of failing to do so. In certain circumstances, if you do not provide your personal data, you may not be able to benefit from our products and services if that information is necessary to provide you with them or if we are legally required to collect it. The type of personal data we collect includes:
- identifiers and similar information such as name and title, postal address, email address and telephone numbers;
- financial data such as bank account and payment card details;
- transaction data such as details of products and services you have purchased from us;
- profile data such as your interests, preferences, feedback and survey responses;
- internet or other electronic network activity information, including interactions with our website or use of certain online tools; and
- audio, visual, or similar information, and photographs and video images which may later be used to identify you
We collect personal data directly from you when you submit it to us in the following ways:
- Communications via our website. We collect personal data when you provide it to us through communications via our website. This includes where you have contacted us through the channels listed on the “Contact Us” page on our website and similar situations in which you have chosen to provide the information to us, including for customer services support
- Goods or services you request. Where you request a good or service from us, we will collect your personal data in order to process your request and otherwise contact you following a purchase
- In-store. In certain cases, we ask you to provide us with your contact details in store to allow us to send you marketing materials in accordance with applicable law
We collect personal data via automated means, as follows:
We may also collect personal data from others, such as:
- Publicly available sources. We may collect information from public websites or other publicly accessible directories and sources, including bankruptcy registers, tax authorities, governmental agencies and departments, and regulatory authorities
- Third parties. We may receive personal data about you from various third parties, for example providers of technical, payment and delivery services
- Our affiliates. We may receive personal information from our affiliates, our service providers, or our affiliates’ service providers
Purposes For And Bases For Collection And Use Of Personal Data
We collect, use and process personal data for the purposes outlined below and based on the legal bases provided below. We process your personal data in order to enable us to perform the contract we are about to enter into or have entered into with you. We also process personal data to ensure compliance with local legal and regulatory requirements. We handle your personal data for the purposes of our legitimate and overriding business interests, including:
- to enable us to carry out our obligations arising from any contracts and to provide you with the information, products and services that you request from us;
- to enable us to respond to an enquiry or other request you make when you contact us via our website or otherwise, including for customer services support;
- to notify you about changes to our service;
- to enable us to issue a notice or corrective action to you in relation to any of our products or services, if required;
- to better understand how you interact with our website, including its functionality and features, and ensure that content is presented in the most effective manner;
- to enable us to send you direct marketing that you have consented to receive;
- to provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about and we feel may interest you, as described in the section 3 (Marketing) below;
- to invite you to take part in market research and testing of new features, products or services and to conduct these activities;
- to detect security incidents and protect against malicious, deceptive, fraudulent, or illegal activity, including preventing fraud or terrorist financing and complying with anti-money laundering obligations;
- to monitor and collect video evidence of any crime or wrongdoing in our stores;
- to arrange internal operations, such as troubleshooting, testing, research and statistical purposes; and
- to protect our business interests and legal rights in connection with legal claims, compliance, regulatory and investigative purposes. We also handle your personal data where you have consented to us doing so.
We may contact you to provide you with information about goods and services similar to those which were the subject of a previous sale or negotiations of a sale to you. We may also contact you to provide you with information about goods and services by way of direct marketing that you have consented to receive, including by submitting your preferences electronically or during a visit to one of our stores. You may be contacted by us, Centric Brands affiliated companies, or by one of our selected partners, in each case where you have consented to receive these communications. You may opt out of receiving our marketing communications at any time, please contact us through the contact information provided in section 11 below or by using the unsubscribe link in any of our communications. We will continue to contact you for non-marketing related purposes where we need to issue a field corrective or safety notice, or where we need to send certain information to you under a legal, regulatory, or ethical requirement.
How We Share Your Personal Data
We may share your personal data with:
- other affiliates, subsidiaries and companies within the Centric Brands group of companies, including in the United Kingdom, United States of America and Canada;
- our selected commercial partners and sponsors where you have chosen to participate in surveys, opinion groups or other marketing-related initiatives relating to your use of our goods and services;
- a prospective seller or buyer in the event of a sale or purchase of any Centric Brands business, shares or asset so that the seller or buyer can continue to provide you with information and services. We may also share personal data as part of a transactions such as financing, bankruptcy or reorganisation of Centric Brands and its affiliates, subsidiaries and companies within the Centric Brands group of companies;
- our service providers that we engage to provide services to us. Where we provide your personal data to third party services providers, they are required to keep your personal data confidential and secure, and must only use your personal data as instructed by us;
- our distributors, business partners, professional advisors (including banks, auditors, law firms and consultants) or other service providers, including for marketing purposes or where you have chosen to share your personal data through various features and functionality provided via our Website; and
- law enforcement agencies and other governmental and non-governmental bodies, for the purposes of reporting or evidencing a crime.
We may share your personal data within the Centric Brands group. If you are located in the United Kingdom (“UK”), the European Economic Area (“EEA”), Switzerland or other regions with laws governing the processing of personal data, please note that this will involve transferring your personal data outside the UK, EEA, Switzerland or those regions to countries that do not have the same data protection laws as the country in which you initially provided the information. Many of our external third parties are based in countries outside the UK or EEA (which may include, but are not limited to, the United States of America) so their processing of your personal data will involve a transfer of data outside the UK or EEA. Whenever we transfer your personal data outside of the UK or EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will transfer your personal data to persons and undertakings in countries that have been deemed to provide an adequate level of protection for personal data by the European Commission or the UK government. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries and Information Commissioner’s Office: International transfers after the UK exit from the EU Implementation Period.
- We will transfer your personal data to persons and undertakings where we use specific contracts approved by the European Commission or the UK Secretary of State which give personal data the same protection it has in the UK or EEA, as supplemented where and if required. For further details, see European Commission: Model contracts for the transfer of personal data to third countries and Information Commissioner’s Office: Standard Contractual Clauses (SCCs) after the transition period ends.
- We may transfer your personal data to persons and undertakings outside of the EEA or the UK pursuant to other appropriate safeguards for the transfer of personal data.
- We may transfer your personal data on one of the conditions allowed under applicable law in the absence of an “adequacy” decision or appropriate safeguards, for example where you have consented to such transfer. For further information on the specific mechanism used by us when transferring your personal data outside of the UK or EEA, please contact us through the contact information provided in section 11 below.
Security And Data Retention
To protect your personal data from unauthorised access and use, we use security measures that comply with applicable law. We will take reasonable steps to use technical, administrative, organisational and physical security measures appropriate to the nature of the personal data we are processing and that comply with applicable law to protect personal data against unauthorised access and exfiltration, acquisition, theft, or disclosure. We generally restrict access to personal data to those employees and agents who have been advised as to the proper handling of such information and who need to know such data to provide services to clients. Given the nature of information security, there is no guarantee that such safeguards will always be successful. We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, contractual, accounting, or reporting requirements. How long we keep your personal data will vary depending on, among other things, the type of personal data and our reasons for collecting it. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
You may inform us of any changes in your personal data, and in accordance with our obligations under applicable data protection laws we will update or delete your personal data accordingly. UK and EEA residents: You may have the right to request:
- (a) access to the personal data we hold about you;
- (b) request we correct any inaccurate personal data we hold about you;
- (c) request we delete any personal data we hold about you in certain circumstances;
- (d) restrict the processing of personal data we hold about you;
- (e) object to the processing of personal data we hold about you in certain circumstances, including where we process personal data for direct marketing purposes or where we have processed such data on the basis of our legitimate interests;
- (f) withdraw your consent to the processing of your personal data (where applicable); and/or
- (g) receive any personal data we hold about you in a structured and commonly used machine-readable format or have such personal information transmitted to a third party.
We may ask you for additional information to confirm your identity and for security purposes, before disclosing information requested to you. To exercise any of your rights in connection with your personal data, please contact us through the contact information provided in section 11 below. If you wish to make a complaint regarding our handling of your personal data, please contact us through the contact information provided in section 11 below. For UK and EEA residents, you also have a right to lodge a complaint about the processing of your personal data with your local data protection authority (for example, the UK data protection authority is the Information Commissioner. You can contact the Information Commissioner at: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF; telephone: +44 (0)303 123 1113; email: firstname.lastname@example.org).
Links to External Websites
Changes to this Privacy Notice
How to Contact Us