We, Fredrick Grove Ltd, respect our customers privacy and will only use information collected about you in a lawful way and in strict accordance with the Data Protection Act 1998 (The EU General Data Protection Regulation (GDPR) and Privacy and Electronic Communications Regulations (PECR). And in accordance with the rules set out by the ICO which you can read in full by clicking here.
Frederick Grove Ltd is the data controller and we are responsible for your personal data (referred to as “we”, “us” or “our” in this privacy notice).
Our full contact and address details are:
Full name of legal entity: Frederick Grove Ltd
Email address: firstname.lastname@example.org
Postal address: Frederick Grove Ltd, Unit 8 Taylors Yard, 170 Brick Lane, London, E1 6RU
Please ensure your personal details are both accurate and up to date and let us know if your personal information changes by emailing us at email@example.com.
The personal data we collect
Personal data means any information about an individual from which that person can be identified. It does not include anonymised data, where the identity and identifying information has been removed.
While our website is designed for a general audience, we will not knowingly collect any data from children under the age of 13 or sell products to children. If you are under the age of 13, you are not permitted to use or submit your data to the website. Furthermore, by providing us with your data, you warrant to us that you are over 13 years of age.
Our commitment to protecting your data
We, at Fredrick Grove Ltd, are committed to protecting and respecting the privacy of your personal data. This privacy notice explains how your data is collected, used, transferred and disclosed at Fredrick Grove Ltd. It applies to data collected, but not limited to, when you use our website and when you interact with us through social media, email, or phone, or tablet or when you participate in our competitions or events. It covers:
- The personal data we collect
- Marketing preferences, adverts and cookies
- How we collect your data
- How we use your data
- Analytics on our website that we may use to monitor performance
- Links to other websites and third parties
- How we share your data
- Changes to this privacy notice
- Your rights
- How to contact us
- The following groups of personal data are collected:
- Contact Data can include information such as: email address, billing address, delivery address, location, country, telephone number and social media id (if you log in by social media).
- Identity Data includes information such as: first name, last name, title, date of birth (optional), occupation.
- Transaction Data includes information such as: details of your purchases and the fulfilment of your orders (such as basket number, order number, subtotal, title, currency, discounts, shipping, number of items, product number, single item price, category, tax etc.); payments to and from you and details of other products and services you have obtained from us, correspondence or communications with you in respect of your orders, and details of any rewards and bonuses awarded.
- Financial Data includes information such as: payment card details and bank account. And any data that may be passed back to us legally and legitimately through our payment providers and secure checkout.
- Profile Data includes information such as: purchases or orders made by you, product and style interests, preferences, feedback, and survey responses.
- Technical Data includes information such as: details of the device(s) you use to access our services, your internet protocol (IP) address, login data, your username and password, device, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform.
- Usage Data includes information such as: how and when you use our website/app, how you moved around it, what you searched for; website/app performance statistics, traffic, location, weblogs and other communication data; loyalty programme activities; and details of any other Frederick Grove Ltd products and services used by you.
- Marketing and Communications Data includes information such as: your preferences in receiving marketing from us and our third parties and your communication preferences.
We also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal data but is not considered personal data as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregated data with personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
We may use Customer Data, User Data, Technical Data and Marketing Data to deliver relevant website content and advertisements to you (including Facebook adverts or other display advertisements) and to measure or understand the effectiveness of the advertising we serve you.
Our lawful ground for this processing is legitimate interests which is to grow our business. We may also use such data to send other marketing communications to you. Our lawful ground for this processing is either consent or legitimate interests (namely to grow our business).
Where required, we will collect personal data by law, or under the terms of the contract between us and you do not provide us with that data when requested, we may not be able to perform the contract (for example, to deliver goods or services to you). If you don’t provide us with the requested data, we may have to cancel a product or service you have ordered but if we do, we will notify you at the time.
Your personal data will only ever be used for the purpose it was collected for or a reasonably compatible purpose if necessary or if we are legally obliged too. For example, if permitted by law your personal data may be requested without your knowledge. For more information on this please email us at firstname.lastname@example.org.
How we collect and use your data including the legal basis for processing your personal data
We will only collect and process your personal data where we have a legal basis to do so. The legal basis for our collection and use of your personal data will vary depending on the manner and purpose for which we collected it.
We will only collect personal data from you when we have your consent to do so, or we need your personal data to perform a contract with you. For example, when you order from us, to process a payment from you, fulfil your order or provide customer support connected with an order, or the processing is in our legitimate interests and not overridden by your rights, or we have a legal obligation to collect or disclose personal data from you.
You may also, provide data by filling in forms on our site and / or by communicating with us by post, phone, email or otherwise, including when you may enter a competition, prize draw, promotion or survey; give us feedback on service and products.
Furthermore, we may use the following systems and platforms to collect data:
- Third parties or publicly available sources: We may receive personal data about you from various third parties and public sources as set out below.
- Technical Data from the following parties: analytics providers such as Google based both inside and outside the EU; advertising networks such as Google, Twitter / Facebook based both outside and inside and the EU;
- Contact, Financial and Transaction Data from providers of technical, payment and delivery services which may be based outside the EU.
- Identity and Contact Data from publicly available sources such as Companies House and the Electoral Register based inside the EU.
Your personal data is used by Frederick Grove Ltd to support a range of different activities which we have listed with the types of data used and the legal bases we rely on when processing them, including where appropriate, our legitimate interests. Please be aware that we may process your personal data using more than one lawful basis, depending on the specific activity involved. Please contact us if you need details about the specific legal ground we are relying on to process your personal data. Disclosures of your personal data are set out below.
We may share your personal data with the parties set out below:
- Service providers who provide IT, system administration, payment processor providers, live chat operators, enhanced web functionality, fulfilment and courier services.
- HM Revenue & Customs, regulators and other authorities based in the United Kingdom and other relevant jurisdictions who require reporting of processing activities in certain circumstances.
- Suppliers who may operate mailing services on our behalf.
- Professional advisers including lawyers, bankers, auditors and insurers.
- Marketing services who we may use to produce and execute marketing campaigns.
- Third parties to whom we may in future sell, transfer, or merge parts of our business or our assets in which case personal data held by Frederick Grove Ltd about its customers will be one of the transferred assets.
- You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by emailing us at email@example.com.
We require all third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions.
We do not collect any Sensitive Data about you. Sensitive data refers to data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. We do not collect any information about criminal convictions and offences.
Marketing communications may be sent to you but only on lawful grounds whereby you have either given consent or there is a legitimate reason.
Examples of why you might receive marketing communications from us:
- If you have requested information directly from us or
- … purchased goods or services from us; or
- … been identified by our third-party data suppliers as potentially being interested in our goods or services by post.
To receive this information from us means that you have not opted out of receiving that marketing.
Under the Privacy and Electronic Communications Regulations (PECR), we may send you marketing communications from us if you have made a purchase or asked for information from us about our goods or services, or you agreed to receive marketing communications and in each case you have not opted out of receiving such communications since.
You may at any time opt out of receiving such marketing communications. If you opt out of receiving marketing communications this opt-out does not apply to personal data provided as a result of other transactions, such as purchases, guarantee, safety recalls etc.
Calls and emails may be monitored and stored for purposes of quality control and training,
Countries outside of the European Economic Area (EEA) do not always offer the same levels of protection to your personal data, so European law has prohibited transfers of personal data outside of the EEA unless the transfer meets certain criteria.
Some of our third parties service providers are based outside the European Economic Area (EEA) so their processing of your personal data will involve a transfer of data outside the EEA.
Whenever we transfer your personal data out of the EEA, we do our best to ensure a similar degree of security of data by ensuring at least one of the following safeguards is in place:
- If we use US-based providers that are part of EU-US Privacy Shield, we may transfer data to them, as they have equivalent safeguards in place; or
- We will only transfer your personal data to countries that the European Commission have approved as providing an adequate level of protection for personal data by; or
- Where we use certain service providers, we may use specific contracts or codes of conduct or certification mechanisms approved by the European Commission which give personal data the same protection it has in Europe;
If none of the above safeguards is available, we may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.
Your data and countries outside of Europe
The personal data we collect from you may be transferred to, and stored at, destinations outside the European Economic Area ("EEA") using legally-provided mechanisms to lawfully transfer data across borders. It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff may be engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services. We will take all steps necessary to ensure that your data is treated securely and in accordance with this Privacy Notice.
If we transfer personal data outside the EEA, we will ensure a similar degree of protection is afforded to it by ensuring appropriate safeguards, as required by law, are in place. This may include using specific contractual clauses approved by the European Commission which give personal data the same protection as it has in Europe. More information about these is available here http://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX:32010D0087
Please contact us if you want further information on the countries to which we may transfer personal data and the specific mechanism used by us when transferring your personal data outside the EEA.
Data profiling and retention
Communications are designed to tell you about our benefits and any offers we think you may be interested in. The information we have about you will tailor the ads and content to ensure that our offers and those of third parties are as relevant to you as possible.
Your personal data will be retained indefinitely indefinitely to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Your personal data could be anonymised for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
Customers may return items to us many years after buying from us for the first time and our suppression list ensures we do not contact you when you have opted out.
The law requires us to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for tax purposes for six years after they stop being customers.
Payment to our website site is made via an https secure web server.
Security measures are in place to prevent your personal data from being accidentally lost, used, altered, disclosed, or accessed without authorisation. We also allow access to your personal data only to those employees and partners who have a business need to know such data. They will only process your personal data on our instructions, and they must keep it confidential.
A secure web server is where secure information that you provide to complete a purchase is encrypted so that it cannot be easily accessed by other people such as fraudsters.
Sensitive and private data exchange between the Site and its Users happens over a EV SSL secured communication channel and is encrypted and protected.
We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach if we are legally required to.
Your legal rights under data protection laws
Under data protection laws you have rights in relation to your personal data.
You can see more about these rights at:
These include the right to:
- Request access to your personal data and correction of your personal data.
- Request erasure of your personal data. If you request your data to be deleted (that not required by our legal obligations) this may invalidate any product guarantees and mean that we can not comply with any wishes not to be communicated with in the future. This is because we occasionally purchase third party data which is usually de-duped against our suppression list ie those people who have withdrawn consent. If we do not hold your data on this list we can not remove you from the mailing.
- Object to processing of your personal data.
- Request restriction of processing your personal data.
- Request transfer of your personal data.
- Where the lawful ground of processing is consent, to withdraw consent.
To exercise any of the rights set out above, please email us at firstname.lastname@example.org
Although a fee will not be charged to access your personal data (or any other rights) we may charge a reasonable fee if your request is deemed unreasonable on the following basis: clearly unfounded, repetitive or excessive or refuse to comply with your request in these circumstances.
All necessary details will be taken to ensure we can identify you before passing across any data or personal information to do our upmost to prevent your data from being fraudulently taken or going to someone else.
We aim respond to legitimate requests within one month from receipt of receiving them but it could take longer. In this case, we will notify you.
You have the right to complain about the way that we collect your data, for example if you are unhappy, to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We should be grateful if you would contact us first if you do have a complaint so that we can try to resolve it for you.
Cookies and third-party links
Automated technologies or interactions – as you interact with our website, we may automatically collect the following types of data (all as described above): Technical Data about your equipment, Usage Data about your browsing actions and patterns, and Contact Data where tasks carried out via our website remain uncompleted, such as incomplete orders or abandoned baskets. We collect this data by using cookies, server logs and other similar technologies.
Third parties – we may receive personal data about you from various third parties, including:
- Technical Data from third parties, including analytics providers such as Google. Please see further information in the section entitled ‘Marketing preferences, adverts and cookies’.
- Technical Data from affiliate networks through whom you have accessed our website;
- Identity and Contact Data from social media platforms when you log in to our website using such social media platforms;
- Contact, Financial and Transaction Data from providers of technical, payment and delivery services.
Clicking on any links that may appear on our website to third-party websites, plug-ins and applications those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. Make sure you read the privacy notice of every website you visit.
You are able to adjust your own browser settings to refuse all or some browser cookies, or to alert you when websites set or access cookies. Note that disabling or refusing some cookies may result in parts of that website becoming inaccessible.
For more information about the cookies we use, please see. frederickgrove.com/pages/cookie-policy