Copy of Privacy Policy

Cole Buxton Privacy Policy

Your personal information

This privacy policy explains how we collect and process your personal data.  Personal data, or personal information, means any information about an individual from which that person can be identified.  This includes information that you tell us, what we learn from you and the choices you make about the marketing you want us to send to you.  This policy explains how we do this, what your rights are and how the law protects you.

1. Who we are and how you can contact us

We are Cole Buxton Ltd.  Our registered office is at Elscot House Elscot House, Arcadia Avenue, London, England, N3 2JU.

You can contact us by email at info@colebuxton.com.  If you need to you can write to us at Cole Buxton Ltd, Elscot House, Arcadia Avenue, London, England, N3 2JU. 

 When we refer to our website, we mean our website at https://www.colebuxton.com.

2. Where we collect your personal information from

We may collect personal information about you in the following ways:

Data you give to us:

• Data you give to us when you purchase goods from us
• When you talk to us on the phone
• When you use our website, submit an online form or use our web chat
• In emails or letters to us
• If you take part in our competitions or promotions
• When you give us feedback
• When you interact with us on social media channels, including Facebook and Instagram
• When you report issues or interact with our customer service team
• When we verify your identification

Data we collect when you use our services:

• Payment and transaction data (as those terms are in more detail below)
• Profile and usage data, including data we gather from the devices you use to connect to those services such as computers and mobile phones, using cookies (please see our cookies policy for more details) and other internet tracking software

Data from third parties we work with:

• Companies that introduce you to us
• Social networks
• Courier service providers
• Third party contractors that work with us, such as freelance service providers, photographers, talent agencies and models
• Wholesalers, retailers and our customers
• Our manufacturers
• Government and law enforcement agencies

 

3. Data we collect about you

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

Identity data – name, username, marital status, title, date of birth, gender and, where applicable, identification numbers

Contact data – billing address, delivery address, email address and telephone numbers

Financial data – bank account and payment card details

Transaction data – details about payments to and from you and other details of products and services you have purchased from us, including the receipts and invoices which we retain on our systems

Technical data - internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website

Profile data - your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses

Usage data – information about how you use our website, products and services

Marketing and communications data – your preferences in receiving marketing from us and our third parties and your communication preferences

We also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.

We do not collect any special categories of personal data.  This includes details about race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about health and genetic and biometric data. We also do not collect any information about criminal convictions and offences.

4. How we use your personal information

Your privacy is protected by law.

We are only allowed to use personal information about you if we have a legal basis to do so, and we are required to tell you what that legal basis is (which is the purpose of this privacy policy). We have set out in the table below the personal information which we collect from you, how we use it, and the legal ground which we rely upon when we use that personal information. 

In some circumstances we can use your personal information if it is in our legitimate interest to do so, provided that we have told you what that legitimate interest is.  A legitimate interest is when we have a business or commercial reason to use your information which, when balanced against your rights, is justifiable.  Where we are relying on our legitimate interests, we have also set the basis out in the table below.

What we use your personal information for	What personal information we collect	Our legal grounds for processing	Our legitimate interests (if applicable)
To register you as a new customer	●     Identity information ●     Contact data ●     Profile data ●     Marketing and communications data	●     Consent of individual ●     Necessary for the purpose of performing a contract to which you are a party
To process and deliver your orders on our website	●     Identity information ●     Contact data ●     Financial data ●     Transaction data	●     Consent of individual ●     Necessary for the purpose of performing a contract to which you are a party
To verify your identity	●     Identity information ●     Contact data		To protect our legitimate interest in preventing fraud
To manage payments, track your gift card and credit balances and to collect or recover money owed to us	●     Identity information ●     Contact data ●     Financial data ●     Transaction data	Necessary for the purpose of performing a contract to which you are a party	To protect our legitimate interest in collecting any debts which are owed to us or enforcing any claims which we may have
To manage our relationship with you, including notifying you about changes to our terms or privacy notices	●     Identity data ●     Profile data ●     Contact data ●     Marketing and communications data	●     Necessary for the purpose of performing a contract to which you are a party ●     Necessary to comply with a legal obligation	Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)
To enable you to partake in a prize draw, competition or to complete a survey	Contact data	●     Necessary for the purpose of performing a contract to which you are a party	●     Necessary for our legitimate interest in marketing and promoting our business ●     Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business)
To administer and protect our business and our website (including troubleshooting, protecting our website against fraud and computer misuse, data analysis, testing, system maintenance, support, reporting and hosting of data)	●     Technical data ●     Profile data	Necessary to comply with a legal obligation	●     Necessary for our legitimate interest in marketing and promoting our business ●     To protect our legitimate interest in ensuring network and information security
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you	Contact data		Necessary for our legitimate interest in marketing and promoting our business
To use data analytics to improve our website, products / services, marketing, customer relationships and experiences	●     Technical data ●     Marketing data ●     Usage data		Necessary for our legitimate interest in improving the operation of our website and optimising our technical services
To make suggestions and recommendations to you about goods or services that may be of interest to you	●     Contact data ●     Marketing data ●     Usage data ●     Profile data ●     Identity data	Consent from the individual – where we carry out direct marketing we will only do so either with your consent or if you did not opt out when you placed an order with us.	Necessary for our legitimate interest in marketing and promoting our business
To respond to your queries, requests and complaints	●     Identity information ●     Contact data ●     Financial data ●     Transaction data		Necessary for our legitimate interests (for running our business, provision of administration and IT services

 

5. Who we share your personal information with

We may share your personal information with any of the following organisations, for the purposes of providing the goods and services which you have requested from us:

• Agents and advisers that we use
• HM Revenue & Customs and other regulators or authorities
• Payment processors
• Sub-contractors and any third parties who we engage to assist us, including agencies who:
  • operate or host our website, mailing lists or social media
  • manage our marketing or PR services
• Our factories and distributors
• Our distribution and shipping/courier partners (including DHL and DPD)

You can find details of how these third parties use your personal information by looking at their privacy policies, all of which should be available on the relevant websites, or on request.

We require all organisations who we share your data with to respect the security of your personal data and to treat it in accordance with the law.  We do not allow any of our service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

6. Failing to provide personal data

Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or that we are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

7. Third party links

Our website may include links to third party websites, plug-ins and applications.  Clicking on those links or enabling those connections may allow third parties to collect or share data about you.  We do not control these third-party websites and are not responsible for their privacy statements.  When you leave our website, we encourage you to read the privacy notice or policy of every website you visit.

8. Transferring your personal information outside of the UK

Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

• We may transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data; or
• Where we use certain service providers, we may use specific contracts approved for use in the UK which give personal data the same protection it has in the UK.

Any such transfers will be conducted in accordance with the terms of this privacy policy and we will only do so where we have an appropriate legal basis for making the transfer. Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK.

9. Data security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator (including the ICO) of a breach where we are legally required to do so.

10. How long do we keep your personal information

We will only retain your personal data for as long as is reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

By law we have to keep basic information about our customers (including contact, identity, financial and transaction data) for six years after they cease being customers. for one of the following reasons:

• To respond to any questions or complaints from you;
• To maintain our records;
• To comply with laws applicable to us; or
• To enable us to defend again or make a legal claim.

 

11. Marketing

We may use your personal information to tell you about relevant goods or services and any upcoming offers. 

We can only use your personal information to send you marketing messages if we have either your consent or a legitimate interest to do so. 

You can ask us to stop sending you marketing messages at any time – you just need to contact us or use the opt-out links on any marketing message sent to you.

We will get your express opt-in consent before we share your personal data with any company (other than another company acting on our behalf) for marketing purposes.  You can ask a third-party company to stop sending you marketing messages at any time, by adjusting your marketing preferences in relation to that company or by using the opt-out links on any marketing message sent to you.

Where you opt out of receiving marketing messages, this will not apply to personal data provided to us as a result of purchasing our goods or services or any other transaction between you and us.

12. Your rights

You have certain rights which are set out in the law relating to your personal information.  The most important rights are set out below.

Getting a copy of the information we hold

You can ask us for a copy of the personal information which we hold about you by writing to us at info@colebuxton.com.  This is known as a data subject access request.

You will not have to pay a fee to access your personal data, unless we believe that your request is clearly unfounded, repetitive or excessive. In such circumstances we can charge a reasonable fee or refuse to comply with your request.

We will try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month and in that case we will notify you and keep you updated.

Telling us if information we hold is incorrect

You have the right to question any information we hold about you that you think is wrong or incomplete. Please contact us at info@colebuxton.com if you want to do this and we will take reasonable steps to check its accuracy and, if necessary, correct it.

Telling us if you want us to stop using your personal information

You have the right to:

• object to our use of your personal information (known as the right to object); or
• ask us to delete the personal information (known as the right to erasure); or
• request the restriction of processing; or
• ask us to stop using it if there is no need for us to use it (known as the right to be forgotten).

There may be legal reasons why we need to keep or use your data meaning that your right to object to processing is not absolute, but we will tell you about this if you exercise one of the above rights and we cannot comply with your request.

Where we rely on our legitimate interest

In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.

Withdrawing consent

You can withdraw your consent to us using your personal information at any time. Please contact us at info@colebuxton.com if you want to withdraw your consent. If you withdraw your consent, we may not be able to provide you with certain products or services.

Request a transfer of data

You may ask us to transfer your personal information to a third party. This right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

13. Making a complaint

Please let us know if you are unhappy with how we have used your personal information by contacting us at info@colebuxton.com.

You also have a right to complain to the Information Commissioner’s Office.  You can find their contact details at www.ico.org.uk.  We would be grateful for the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.