Cole Buxton Website Privacy Notice
Effective Date: 10th November 2021
Cole Buxton Limited (“Cole Buxton” or “we”) is registered in England with company number 11236451, with its registered office at 64 New Cavendish Street, London, W1G 8TB, United Kingdom, respects your concerns about privacy.
We are committed to respecting your privacy and complying with applicable laws and regulations to ensure that the personal information you give us is kept appropriately secure and processed fairly and lawfully. This Website Privacy Notice describes the types of information we collect about individuals on (the “Site”), how we use the information, with whom we share it, and the choices available regarding our use of the information. The Website Privacy Notice also describes the measures we take to safeguard personal information, how long we retain it, and how individuals can contact us about our privacy practices and to exercise their rights.
Information We Obtain
Information You Provide
We may collect and store personal information (such as name, delivery details, payment information, contact information) that you choose to provide to us through the Site or when you contact us. “Personal Information” is information that identifies you as an individual or relates to an identifiable individual. The types of personal information we collect includes:
CONTACT INFORMATION AND OTHER IDENTIFYING INFORMATION: your name, postal address, phone numbers and e-mail addresses. You acknowledge that we may also obtain information about you as a result of authentication or identity checks (for example in connection with our standard fraud checks when you make a purchase on our Site). We use this information to identify you as a customer, to process your order, to deliver products and services, to process payments, to update our records and to generally manage your account with us under our terms with you. Providing us with certain personal information is voluntary but we may not be able to process your order and/or send you the required order acknowledgement and shipping confirmation communications if you do not provide us with certain requested information.
We may also use your contact information to send you marketing communications and to contact you in relation to service-related matters, including aftercare services or to assist you in relation to prospective purchases on our Site and, on occasion, to request and respond to feedback relating to Cole Buxton. This feedback may relate to matters including Cole Buxton’s brand, product and services and/or your experience and satisfaction with Cole Buxton, on our Site. We will only use your contact information where permitted to do so in accordance with applicable laws or if we have your consent to do so (if required by applicable laws).
PAYMENT INFORMATION: information related to your credit card, debit card, and/or other payment information to process payments in connection with your orders.
OTHER ACCOUNT AND TRANSACTIONAL INFORMATION: if you have a customer account we may also collect information about the products you browse online or purchase, where you purchased the products from and other information related to your purchases or which is otherwise relevant to your customer relationship with Cole Buxton. We use this information, for our internal demographic insights into our customers, to offer you an enhanced service according to your preferences (including any style preferences you may share when using our Site), such as identifying relevant products, services and events which may be of interest to you, personalising your experience with Cole Buxton and sharing with you information about your past purchases.
DEMOGRAPHIC INFORMATION: we may ask you for your gender, birthday and age. You may also provide us with information about yourself, your product size preferences and lifestyle interests on our Site. We use this information and/or your customer account and profile information for our internal demographic insights into our customers, to offer you an enhanced service according to your preferences, including by identifying relevant products, services and events which may be of interest to you, and personalising your experience with Cole Buxton.
INFERENCES: We may create inferences drawn from the categories of personal information described above in order to create a profile about you to reflect your preferences, characteristics, behaviour and attitudes. We use this information to personalise and improve our services and to better understand the interests and preferences of our key customer audiences.
Automated Collection of Data
When you use the Site, we obtain certain information by automated means, such as browser cookies, beacons, device identifiers, server logs, and other technologies.
The information we obtain in this manner may include your:
Device IP address,
Identifiers associated with your devices,
Device and operating system type and characteristics,
Web browser characteristics,
Your interactions with the Site (such as the web pages you visit, links you click, and features you use),
The pages that led or referred you to the Site,
Dates and times of access to the Site, and
Other information about your use of the Site.
SOURCES OF PERSONAL INFORMATION
We collect personal information from you directly. We may also collect personal information from you indirectly, including through your use of our Site and/or where we draw inferences about you (both as described above).
Third-Party Web Analytics Services
COMMUNICATIONS WITH Cole Buxton
If you contact Cole Buxton from our Site, by email or phone, Cole Buxton will collect your personal information and use this information to identify you as a customer, help with your query, process your order, deliver products and services, process payments, update our records and to generally manage your account with us under our terms with you.
How We Use Personal Information
We use the Personal Information we obtain on the Site for legitimate business purposes, including to:
Provide our services to you; process, evaluate, and respond to your requests; and send administrative information to you, such as changes to our terms, conditions, and policies. We will engage in these activities to manage our contractual relationship with you and/or to comply with a legal obligation.
Market our services to you. We will engage in this activity with your consent or where we have a legitimate interest.
Operate, evaluate, and improve our business (including developing new services; enhancing and improving our services; analysing our services; managing our communications; performing data analytics and market research; and performing accounting, auditing, and other internal functions).
Protect against, identify, and prevent fraud, security breaches, and other criminal activity and risks. We will engage in these activities to comply with a legal obligation and/or because we have a legitimate interest.
Aggregate and/or anonymise Personal Information so that it will no longer be considered personal information. We do so to generate other data for our use, which we may use and disclose for any purpose.
Personal Information Sharing
We may share information about you with companies we have chosen to handle our order dispatch service, any delivery company that we may use from time to time and with other companies that provide support services to us, including website hosting companies, IT service providers and fraud management solution providers. We may also share your information with other companies who sell or promote Cole Buxton products and services, (including social media and internet search platforms who you independently subscribe to), in order to provide you with an enhanced customer experience. In addition, we may also share certain limited information with companies who assist Cole Buxton with other services, for example, in analysing our customer data in order to better understand, profile and monitor customer patterns so we can consistently improve our products and services and understand what may be of interest to you and other customers. In each case, we will only provide these companies with the information which they need to carry out their services and they will not be permitted to use the information for other purposes. They will only be allowed to use your information in the way in which we instruct them and as permitted by applicable laws.
ORDER DISPATCH AND DELIVERY PARTNERS
FINANCIAL INSTITUTIONS, PAYMENT PROCESSING PARTNERS AND FRAUD MANAGEMENT SOLUTION PROVIDERS
Payments using our Site are made through our payment solutions providers. We may also direct you to our providers’ sites if you wish to make a remote purchase when speaking to our Customer Service and/or store teams. In each case, you will be providing credit or debit card information direct to our providers who process payment details further.
Our service providers who perform services on our behalf, such as hosting this Site or data analytics. We do not authorise our service providers to use or disclose the information except as necessary to perform services on our behalf or comply with legal requirements.
We also disclose information about you (1) if we are required to do so by law or legal process (such as a court order or subpoena), including laws outside your country of residence; (2) in response to requests by, or to co-operate with, government agencies, such as law enforcement authorities, including outside of your country of residence; (3) to establish, exercise, or defend our legal rights; (4) when we believe disclosure is necessary or appropriate to protect our rights, privacy, safety, or property and/or that of our affiliates, you, or others; (5) in connection with an investigation of suspected or actual illegal activity; (6) in connection with the sale or transfer of all or a portion of our business, assets, or stock (including in the event of a reorganisation, dissolution, or liquidation); or (7) otherwise with your consent.
We do not, and will not, sell any of your personal data to any third party – including your name, address, email address or credit card information. We want to earn and maintain your trust, and we believe this is absolutely essential in order do that.
Your personal information may be processed and stored in any country where we have facilities or in which we engage service providers, and, by using the Site, you understand your information may be transferred to countries outside of your country of residence, including the United States, which may have data protection rules that are different from those of your country. In certain circumstances, courts, law enforcement agencies, regulatory agencies, or security authorities in those other countries may be entitled to access your personal information.
ADDITIONAL INFORMATION REGARDING THE EUROPEAN ECONOMIC AREA (“EEA”): Some non-EEA countries are recognised by the European Commission as providing an adequate level of data protection according to EEA standards. For transfers from the EEA to countries not considered adequate by the European Commission, we have put in place adequate measures, such as standard contractual clauses adopted by the European Commission to protect your personal information. You may obtain a copy of the EU’s Standard Contractual Clauses here.
Cross-border TRANSFERS OF DATA
The personal information that you provide through the Site is processed in the United Kingdom and is stored on servers in the following countries: Canada, United States of America, Ireland and Germany.
Your Rights and Choices in relation to your personal information
You may have the right under applicable data protection laws to ask:
- For details of the personal information, we hold and process about you (including information regarding how your information may be shared),
- For a copy of your personal information,
- That we correct your personal information where it is inaccurate and/or that we complete your information where it is incomplete,
- That we limit or restrict your personal information in certain cases,
- That we delete your personal information in certain cases,
- To receive your personal information in a structured, commonly used and machine-readable format, and for Cole Buxton to transmit that data to another controller (data portability) in certain cases
You can also withdraw any consent you give to us at any time and may have the right under applicable law to object to us using your personal information for Cole Buxton’s legitimate purposes. You may ask us for further information regarding withdrawal or refusal of consent and the consequences of such refusal. If you do withdraw your consent, this will not affect the lawfulness of any previous processing based upon such consent.
If you would like to exercise any of these rights in relation to the personal information we hold about you or wish to change your preferences at any time, please contact our Customer Services at firstname.lastname@example.org.
Please note that we may require you to verify your identity in order to process a request made to exercise your rights in relation to your personal information. If we are unable to match this information, we may ask you to provide additional identifying information, such as a copy of your passport or drivers’ license. You may designate a third party to act on your behalf provided they have appropriate written authority to do so.
If you make a request to delete your personal information, note that we may not delete all of your information. We may still process your personal information if it is necessary to do so and we are lawfully permitted. For example, in the following circumstances:
Transactional: to complete a transaction for which the personal information was collected, provide goods or services requested by you, or perform a contract we have with you;
Security and Maintenance: in the context of detecting and/or preventing security incidents and/or to debug or repair any errors; or
Legal: to protect against fraud or illegal activity or to comply with applicable laws or resolve legal claims or exercise rights under applicable laws.
If you remain unhappy with a response you receive from us you can refer the matter to your data protection supervisory authority.
If you have registered to receive Cole Buxton updates relating to our products and services and you no longer wish to receive these, you can request that we amend your preferences. You can do that as indicated in the particular communication, e.g., by using the unsubscribe link which is included on all email updates. Cole Buxton will stop sending updates in respect of which you withdraw your consent, within a reasonable period (as required by applicable law) and in any event within 28 days of receiving your request, in order to allow sufficient time for the change to be administered.
If you opt out of receiving Cole Buxton updates relating to our products, services and events, we may still send you non-marketing communications such as emails about your account or purchases you have made from the Site, and/or emails to request and respond to feedback relating to Cole Buxton. We will only use your contact information where permitted to do so in accordance with applicable laws.
You can unsubscribe from our marketing mailing lists by following the “Unsubscribe” link in our marketing emails. If you would like to unsubscribe from any other type of marketing you receive from us, please contact us as specified in the How to Contact Us section of this Website Privacy Notice.
Other Online Services and Third-Party Features
The Site may provide links to other online services and websites for your convenience and information, and may include third-party features such as apps, tools, widgets, and plug-ins. These services and websites may operate independently from us. The privacy practices of these third parties, including details on the information they collect about you, are subject to their own privacy statements. To the extent any linked online services or third-party features are not owned or controlled by us, we are not responsible for these third parties’ information or other practices.
Retention of Personal Information
We retain personal information for as long as needed or permitted in light of the purposes for which we obtained it and consistent with applicable law. We will only keep your information as long as you remain an active customer and normally for 5 years afterwards or otherwise as required for our business operations or by applicable laws. The criteria used to determine our retention periods include:
The length of time we have an ongoing relationship with you and provide the Site or our services to you;
Whether there is a legal obligation to which we are subject; and
Whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitation, litigation, or regulatory investigations).
How We Protect Personal Information
We seek to use reasonable administrative, technical and physical safeguards designed to protect personal information within our organisation. We hold our employees accountable for complying with policies, procedures, and regulations regarding the protection and confidentiality of personal information. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us in accordance with the How to Contact Us section of this Website Privacy Notice.
We take reasonable steps to protect your personal information against unauthorized or accidental access, processing, erasure, loss or use. Unfortunately, transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information submitted to us and any transmission is at your own risk.
We do however use strict procedures and security features to try to prevent unauthorised access wherever possible. Personal information may be accessed by persons within our organization, or our third-party service partners, who require such access to carry out the purposes indicated above, or such other purposes as may be permitted or required by the applicable law.
Personal information provided to Cole Buxton via the Site and online credit card transactions are transmitted through a secure server using Secure Socket Layering (SSL), encryption technology. When the letters "http" in the URL change to "https," the "s" indicates you are in a secure area employing SSL; also, your browser may give you a pop-up message that you are about to enter a secure area or display a padlock image. The Site uses this encryption technology to protect your information during data transport. SSL encrypts ordering information such as your name, address and credit card number. Please note that e-mail is not encrypted and is not considered to be a secure means of transmitting credit card information.
Children’s Personal Information
The Site is designed for a general audience and is not directed to children under the age of 16. We do not knowingly collect or solicit personal information from children under the age of 16 through the Site. If you believe that a child under the age of 16 may have provided us with personal information through the Site, please contact us as specified in the How to Contact Us section of this Website Privacy Notice.
Updates to Our Website Privacy Notice
This Website Privacy Notice will be updated periodically and without prior notice to you to reflect changes in our personal information practices. We will indicate at the top of the notice when it was most recently updated. Any changes will become effective when we post the revised Website Privacy Notice on the Site.
We use Klarna as the provider of our checkout. This means that we might transfer your personal data in the form of contact and order details to Klarna when the checkout is loaded, in order for Klarna to manage your purchase. Your personal data transferred is processed in line with Klarna’s own privacy notice.
How to Contact Us
If you wish to exercise any of your privacy rights, or if you wish to contact us in relation to this Privacy Notice or any privacy matter, including our use of your personal information, please use the following contact details, or for any query or issue, our Data Protection Officers for the UK and the EU can be contacted via email using the following details:
For the UK: privacyUK@colebuxton.com
For the EU: privacyEU@colebuxton.com
You have the right to lodge a complaint with a data protection authority for your country or region or where an alleged infringement of applicable data protection law occurs.