Privacy Policy & Data Security


Claire's CraftHouse Limited - Privacy & Data Policy

INTRODUCTION

Last Updated: 18th September 2018

Welcome to the Claire's CraftHouse Privacy & Data Security Policy.

We want to give you the best customer experience possible at Claire's CraftHouse. We are committed to protecting your privacy and take our responsibilities regarding the security of customer information very seriously.  We use the information you share with us to make our services and your experience even better.

This Privacy & Data Policy aims to give you a clear view of what personal data we collect about you, how we may use your personal data, why we use it, who we disclose it to, how we protect your data and the options you have to control your personal data and protect your privacy.

By using the Claire's CraftHouse website, you confirm you have agreed to the Terms of Service and read and understood this Privacy & Data Policy and our Cookies Policy.

CHANGES TO THIS PRIVACY POLICY
We may change this privacy notice from time to time by updating this page in order to reflect changes in the law and/or our privacy practices. We encourage you to check this privacy notice for changes whenever you visit our website. 

This Privacy Statement was last updated on 18th September 2018.

WHO IS RESPONSIBLE FOR YOUR DATA
Our Privacy & Data Policy applies to the personal data that Claire's CraftHouse collects and uses.

References in this Privacy & Data Policy to “Claire's CraftHouse”, “we”, “us” or “our” mean Claire's CraftHouse Limited (a limited company registered in England and Wales with registration no 11071281 and registered office at Unit 3, Coppice Garden Centre, Coppice Lane, Middleton, Staffordshire, B78 2BU).

We control the ways your personal data are collected and the purposes for which your personal data are used by Claire's CraftHouse and are the “data controller” for the purposes of the UK Data Protection Act 1998, EU General Data Protection Regulation (GDPR), PCI-DSS, and European data protection legislation.

WHAT PERSONAL INFORMATION DO WE COLLECT AND PROCESS
When using the term “personal data” in our Privacy Policy, we mean information that relates to you and allows us to identify you, either directly or in combination with other information that we may hold.

Your personal data may include for example your name, your contact details, information relating to your purchase (e.g. your order references) or information on how you use our website and apps or how you interact with us.  It does not include data where the identity has been removed (anonymous data).

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together follows:

Identity Data includes first name and last name.

Contact Data means the data we use to contact you including your billing address, delivery address, email address and telephone number.

Financial Data means the data we use to process your payments for your orders including your payment card details. We do not store or process your card details ourselves, they are processed and stored via one of our contracted third party service providers. We encrypt your payment card details in your browser and securely transfer this data to our relevant third party payment provider to process a payment.

Transaction Data means details about transactions you have made on our website including the payments to and from you along with other details of products and services you have purchased from us.

Technical Data means details about the device(s) you use to access our website including your internet protocol (IP) address, browser type and version, location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.

Profile Data includes your username (email address) and password, your login data, purchases or orders made by you, your interests, preferences, feedback and survey responses.

Usage Data includes information about how you use our website, products and services. This includes your browsing patterns and information such as how long you might spend on one of our webpages and what you look at and for on our website, the click stream to and from our website, page response times and page interaction information such as scrolling, clicks and mouseovers.

Marketing and Communications Data includes your preferences in receiving marketing from us and your communication preferences.

We also collect, use and share aggregated and/or anonymised data (“Aggregated Data”) such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. 

HOW WE COLLECT PERSONAL INFORMATION
We’ll collect personal information from the following general sources:

Direct interactions. You may give us your Identity Data, Contact Data, Transaction Data, Profile Data, Financial Data and Marketing and Communications Data by using our website, filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you

Automated technologies or interactions. As you interact with our website, we may automatically collect Usage Data and Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. Please see our Cookies Policy for further details.

  • Information generated about you when you use our products and services

  • When you create an account on our website

  • When you purchase our products or service (including gift cards)

  • When you take part in our competitions,

  • When you attend our events and talks, or

  • When you choose an offer we make available on our website

  • When we undertake market research when you have consented to be included in phone, email or workshop surveys

  • When you use our colour sticks service

  • When you use our services in-store

  • When you choose to allow this information to inform our analysis while creating an account or through managing your preferences

  • When you contact Claire's CraftHouse or you are contacted by us

  • When you interact with us on social media

  • When we target social media posts

  • When you interact with us on social media

  • When you reply to our requests for feedback or participate in our customer surveys

  • When you choose to provide this information while creating an account or through managing your preferences

  • When you navigate on our website or use our mobile app

  • When you request marketing information to be sent to you

Sensitive personal data

Information that could reveal your racial or ethnic origin, physical or mental health, religious beliefs or alleged commission or conviction of criminal offences is considered “sensitive personal data” under the UK Data Protection Act 1998 and other data protection laws. We do not collect this data.

HOW AND WHY WE USE YOUR PERSONAL DATA
We will only use your personal data when the law allows us to. Most commonly, we rely on the following legal bases when using your personal data in the following circumstances:

Where it is needed to provide you with our products or services, such as:

  • To manage your orders and provide our services to you:
    Where we need to perform the contract we are about to enter into or have entered into with you, we use your information to perform our services in relation to your purchase or enquiry.

  • To communicate with you and manage our relationship with you:
    Occasionally we may need to contact you by email and/or telephone for administrative or operational reasons, for example in order to send you confirmation of your purchases and your payments.

Please be aware that these communications are not made for marketing purposes and as such, you will continue to receive them even if you opt-out from receiving marketing communications. 

We will also use your personal data if we contact you after you have sent us a request, filled in a web-form through our website or contacted us on social media. 

Your opinion is very important to us, so we may send you an email or SMS to seek your feedback on products purchased or services used.

We will use the communications you exchange with us and the feedback you may provide in order to manage our relationship with you as our customer and to improve our services and experiences for customers. 

  • To personalise and improve your customer experience:
    We may use your personal data in order to tailor our services to your needs and preferences and to provide you with a personalised customer experience. For example, if you inform us about your preferred products, colours or style we will be able to send you inspirational tips and ideas relevant to your interests.

We may also collect information on how you use our website, which pages of our website you visit most, which colours, finishes or product you search for and what products you buy, in order to understand what you like. We may use this information to tailor the content and offers that you see on our website and, if you have agreed to receiving marketing communications, to send you relevant messages that we think you like.

If you are in the process of making a purchase under your account and you leave our website before your order has been placed, we may contact you in order to help you easily complete your purchase.

Where it is necessary for our legitimate interests (or those of a third party) to do so, such as:

  • To improve our services, fulfil our administrative purposes and protect our business interests:
    The business purposes for which we will use your information include accounting, billing and audit, credit or other payment card verification, fraud screening, security and legal purposes, statistical and marketing analysis, systems testing, maintenance and development.

To carry out monitoring and to keep records of our communications with you and our staff.

For market research and analysis and developing statistics.

  • To inform you about our products, services, news and offers that you may like:
    For direct marketing communications and related profiling to help us to offer you relevant products and services, including deciding whether or not to offer you certain products and service.

    We may send marketing to you by email, post, phone, SMS, social media and digital channels (for example, using Facebook Custom Audiences and Google Custom Match).

We may send you marketing communications, if you have indicated that you are happy to receive these, for example when you purchase from us online or in-store and you explicitly agree to receive such communications.

Where you have not previously bought from us but have registered your details with us (for example by entering a competition or signing up for a newsletter), we will only send you marketing communications if you opted into receiving marketing at the time and so have given us your express consent (which you may withdraw at any time – see Opting Out below).

If you are happy to receive marketing communications, we will provide you with news from us such as new products that you may be interested in or services that you may like

Please note that we do not share your contact details and other personal data with other companies for marketing purposes.

We may share certain data with third party social media platforms in order to show you targeted ads when you visit them. We do this by:

The use of cookies which capture your visits to our website. Please refer to our Cookies Policy for more information; and

We may also provide these platforms with your email address to create ‘audiences’ of users fitting within a certain demographic/category so that we can target our marketing. Please check the social media platforms’ terms for more details of these services. This is in our legitimate interests of sending you direct marketing.

See ‘Opting out’ below for details of how you can adjust your marketing preferences. Our Cookies Policy also explains how you can adjust your cookies preferences.

Where it is needed to comply with our legal obligations, such as:

  • To comply with a legal or regulatory obligation - for example, our legal obligation to provide your information to local law enforcement agencies.

Where it is needed with your consent or explicit consent, such as:

Generally we do not rely on consent as a legal basis for processing your personal data other than in relation to sending third party direct marketing communications to you via email or text message. And for some our profiling and other automated decision making.

You have the right to withdraw consent to marketing at any time - by unsubscribing from our marketing newsletters or by updating your Personal Preferences.

OPTING-OUT AND WITHDRAWING YOUR CONSENT
You have the right to withdraw your consent to marketing at any time, by opting out from receiving electronic marketing communications.  You can click on the relevant unsubscribe link at the bottom of any marketing related email you may receive from us.

If you prefer, you can also call our Customer Services team and express your preference to not receive marketing communications (Tel: +44 (0)121 308 7828) or send an email to hello@clairescrafthouse.co.uk with the header “Unsubscribe”. We ask that you allow 28 working days to complete any unsubscribe request.

IS YOUR PERSONAL INFORMATION TRANSFERRED OUTSIDE THE UK OR THE EEA
We’re based in the UK but sometimes your personal information may be transferred outside the European Economic Area. If we do so we’ll make sure that suitable safeguards are in place, for example by using approved contractual agreements, unless certain exceptions apply.

CHANGES TO YOUR PERSONAL INFORMATION
You should tell us so that we can update our records using the details in the Contact Us section of our website. We’ll then update your records where we can.

SHARING YOUR PERSONAL DATA
We may share some of your personal data with, or obtain your personal data from, the following categories of third parties:

Service Providers
We use various suppliers that provide services to us in order to help us run our business and improve your customer experience.  Such companies may include web hosting companies, online cloud services, delivery services, payment processors and customer feedback providers.

These companies use your information on our behalf, and are subject to strict rules they need to adhere to in order to process your information. We select very carefully our suppliers and require that they comply with high security standard for the protection of your data, and we do not allow such companies to use the data in any other way than as per our instructions.

We may for example share your personal data with the companies who provide deliveries for us. We may also disclose your information to the companies who help us get your feedback on our services.

Credit &  Debit Card Processing Companies
Claire's CraftHouse shares some of your personal data, which includes information about your method of payment and purchase value, to the credit or debit card company that issued the card you used to make your transaction. In order to ensure the security of your transactions and prevent or detect fraudulent transactions, we may also share your information with our fraud screening partner.

From time to time, we make certain third party offers available through our website or we publish competitions co-organised by third parties. If you choose to purchase products or services offered on our websites by third parties (for example soft furnishings, furniture etc), accept offers or participate in a competition, some of your personal data, such as your contact details and your billing information, may be directly collected by or disclosed to that third party.

We don’t store your personal payment information on our servers.  Your payment information details is transferred securely to our third party payment processors.

Authorities 
We may disclose your personal data when this is required by the law of any jurisdiction to which Claire's CraftHouse may be subject.

SECURITY OF YOUR PERSONAL DATA
We are committed to taking appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing and against accidental loss, destruction or damage to personal data. When you provide your personal data through our website or store, this information is transmitted across the internet securely using high-grade encryption.

Furthermore, Claire's CraftHouse is a PCI DSS compliant organisation. This means that we adhere to high security standards in order to protect your payment card details when you are sending us this information.

As described in this Privacy Policy, we may in some instances disclose your personal data to third parties. Where Claire's CraftHouse discloses your personal data to a third party, we require that third party to have appropriate technical and organisational measures in place to protect your personal data; however, in some instances we may be compelled by law to disclose your personal data to a third party, such as local police agencies, and have limited control over how it is protected by that party.

The information that you provide to us will be held in our systems, which are located on our premises or those of an appointed third party. We may also allow access to your information by other third parties who act for us for the purposes described in this Privacy Policy or for other purposes approved by you. Your personal data may be accessed by and processed outside the European Economic Area (the European Economic Area being the European Union and Iceland, Liechtenstein and Norway, also referred to as the “EEA”) - including by staff operating outside the EEA who work for us or for one of our suppliers or agents. Where your personal data are transferred outside of the EEA, we require that appropriate safeguards are in place.

DATA TRANSFERS
Personal information that you submit through us may be transferred to countries other than where you live, such as, for example, to our data servers in the U.S. We also store personal information locally on the devices you use to access our site.

Your personal information may be transferred to countries that do not have the same data protection laws as the country in which you initially provided the information.

We rely upon a number of means to transfer personal information which is subject to the European General Data Protection Regulation (“GDPR”) in accordance with Chapter V of the GDPR.  These include:

Privacy Shield. We transfer, in accordance with Article 45 of the GDPR, personal information to companies that have certified their compliance with the EU-U.S. or Swiss-U.S. Privacy Shield Frameworks (each individually and jointly, the “Privacy Shield”)

Standard data protection clauses. We may, in accordance with Article 46 of the GDPR, transfer personal information to recipients that have entered into the European Commission approved contract for the transfer of personal data outside the European Economic Area.  

Other means. We may, in accordance with Articles 45 and 46 of the GDPR, transfer personal information to recipients that are in a country the European Commission or a European data protection supervisory authority has confirmed, by decision, offers an adequate level of data protection, pursuant to an approved certification mechanism or code of conduct, together with binding enforcement commitments from the recipient to apply the appropriate safeguards, including as regards data subjects’ rights, or to processors which have committed to comply with binding corporate rules.

HOW LONG IS YOUR PERSONAL INFORMATION RETAINED BY US?

We will retain your personal data for as long as we need it in order to fulfil our purposes set out in this Privacy & Data Policy or in order to comply with the law, based on the following criteria:

  • For as long as we have reasonable business needs, such as managing our relationship with you and managing our operations

  • For as long as we provide goods and/or services to you and then for as long as someone could bring a claim against us; and/or

  • Retention periods in line with legal and regulatory requirements or guidance.

YOUR RIGHTS UNDER DATA PROTECTION LAWS
Here is a list of the rights that all individuals have under data protection laws. They don’t apply in all circumstances.  The right of data portability is only relevant from May 2018.

  • The right to be informed about the processing of your personal information

  • The right to have your personal information corrected if it is inaccurate and to have incomplete personal information completed

  • The right to object to processing of your personal information

  • The right to restrict processing of your personal information

  • The right to have your personal information erased (the “right to be forgotten”)

  • The right to request access to your personal information and to obtain information about how we process it

  • The right to move, copy or transfer your personal information (“data portability”)

  • Rights in relation to automated decision making which has a legal effect or otherwise significantly affects you

You have the right to complain to the Information Commissioner’s Office which enforces data protection laws: https://ico.org.uk/

REQUESTING ACCESS TO YOUR PERSONAL DATA

You have a right to request access to the personal data that we hold about you. This could include purchase information relating to products and services.

If you have questions in relation to your personal data, please contact us at: hello@clairescrafthouse.co.uk

YOUR RIGHT TO OBJECT
You have the right to object to certain purposes for processing, in particular to data processed for direct marketing purposes and to data processed for certain reasons based on our legitimate interests. You can contact us by going to the Contact Us section of our website to exercise these rights. 

UPDATES TO OUR PRIVACY POLICY
We’ll update this Privacy & Data Policy from time to time to reflect changes in technology, law, our business operations or any other reason we determine is necessary or appropriate. When we make changes, we’ll update the “Last Updated” date at the top of the Privacy Policy and post it on our site.

If we make material changes to it or the ways we process personal information, we’ll notify you (by, for example, prominently posting a notice of the changes on our sites before they take effect or directly sending you a notification).

We encourage you to check back periodically to review this Privacy Policy for any changes since your last visit.  This will help ensure you better understand your relationship with us, including the ways we process your personal information.

EXTERNAL WEBSITE LINKS
Throughout our website we provide external links to third party websites which are subject to their own separate Privacy Polices and Terms & Conditions. Please be aware that this Privacy & Data Policy does not apply to such websites and Claire's CraftHouse is not responsible for your information that third parties may collect through these websites.

HOW TO CONTACT US
If you have any questions about this privacy notice, or if you wish to exercise your rights, you can contact us by going to the Contact Us section of our website. Alternatively, you can write to us at:

Claire's CraftHouse Limited, Unit 3, Coppice Garden Centre, Coppice Lane, Middleton, Staffordshire, B78 2BU. Or email hello@clairescrafthouse.co.uk

Telephone: +44 (0)121 308 7828