1. This Policy
When we use your personal data we are regulated under the General Data Protection Regulation (GDPR) which applies across the European Union (including in the United Kingdom) and we are responsible as ‘controller’ of that personal data for the purposes of the GDPR.
We may provide additional, specific privacy information to you as you interact with us in different ways (e.g. that we will only use certain information for specific purposes). To the extent that any of that information differs from what we say below, those specific statements will apply in those circumstances.
2. Who we are
Little Sister London is a business established by Lucy Clemson; we decide why and how your personal information is processed, and you can find the relevant contact details at the end of this policy.
3. Personal Data that we collect
Personal data is defined in the GDPR as any information relating to an identified or identifiable natural person. Categories of personal data that we collect include:
- Contact information – for examples your name, address, telephone numbers, email addresses, and other such information as may be necessary (such as your shipping address)
- Financial information such as your billing address, and if necessary your bank and/or building society details
- Details of the products you have ordered, and your shopping preferences
- Details of your visits to our website
- Correspondence generated when you contact us by email, post, social media or telephone (we may keep a record of this correspondence)
- IT Communications information – for example information about your use of our IT, communication and other systems, and other monitoring information, eg if using our secure online customer portal
- Marketing, communication preferences and related information – with your permission, we retain your personal information, preferences and details of your transactions to keep you informed by email, post, phone and/or through other digital means (including social media) about products and services (including special offers, discounts and promotions)
Depending on how we interact, some of the above personal data may be required to enable us to provide our products to you; so if you do not provide personal data we ask for, it may delay or prevent us from doing so.
4. How your personal data is collected
When you use our website, our products or services, interact with us online, or by phone, email or otherwise, the categories of information that we collect about you are as follows; we collect most of this information from you when you:
- Leave comments on our site – when you leave comments on the website we collect the data shown in the comments form, and also your IP address and browser user agent string to help spam detection.
- Register with us as a customer via our website using our secure customer login portal (and your use of the portal)
- Contact us by telephone or email, or any other method (including via social media)
- Subscribe to our newsletter, or tell us you’d like to hear about offers or promotions
We may also collect information in other ways, for example by monitoring of our website and other technical systems, such as our computer networks and connections, CCTV and access control systems, communications systems, email and instant messaging systems;
5. How and why we use your personal data
Under data protection law, we can only use your personal data if we have a proper reason for doing so, eg:
- to comply with our legal obligations;
- for the performance of our contract with you or to take steps at your request before entering into a contract;
- for our legitimate interests or those of a third party; or
- where you have given consent.
A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests.
The table below explains what we use (process) your personal data for and our reasons for doing so:
|What we use your personal data for||Why we use it|
|To provide our products and services to you||For the performance of our contract with you or to take steps at your request before entering into a contract|
|Gathering and providing information required by or relating to audits, accounts, enquiries or legal investigations||To comply with our legal and regulatory obligations|
|Ensuring business policies are adhered to, eg policies covering security and internet use||For our legitimate interests or those of a third party, ie to make sure we are following our own internal procedures so we can deliver the best service to you|
|Operational reasons, such as improving efficiency, training and quality control||For our legitimate interests or those of a third party, i.e. to be as efficient as we can so we can deliver the best service for you|
|Ensuring the confidentiality of commercially sensitive information||For our legitimate interests or those of a third party, ie to protect our intellectual property and other commercially valuable information
To comply with our legal and regulatory obligations
|Statistical analysis to help us manage our practice, eg in relation to our financial performance, customer base, work type or other efficiency measures||For our legitimate interests or those of a third party, ie to be as efficient as we can so we can deliver the best service for you at the best price|
|Preventing unauthorised access and modifications to systems||For our legitimate interests or those of a third party, ie to prevent and detect criminal activity that could be damaging for us and for you
To comply with our legal obligations
|Updating and enhancing customer records||For the performance of our contract with you or to take steps at your request before entering into a contract
To comply with our legal obligations
For our legitimate interests or those of a third party, eg making sure that we can keep in touch with our customers about existing and new products and services
|Ensuring safe working practices, staff administration and assessments||To comply with our legal and regulatory obligations
For our legitimate interests or those of a third party, eg to make sure we are following our own internal procedures and working efficiently so we can deliver the best service to you
|Marketing our services and those of selected third parties to:
—existing and former customers;
—third parties who have previously expressed an interest in our services;
—third parties with whom we have had no previous dealings.
|For our legitimate interests or those of a third party, ie to promote our business to existing and former customers|
6. Special Category Data
It is highly unlikely that we will need to process any special category data – in any case, we would only do so where you have given explicit consent to the processing of such data for one or more specified purposes, or it is necessary to do so in order to establish, exercise or defend legal claims.
7. Promotional communications
We may use your personal data to send you updates (by email, text message, telephone or post) about things that might be of interest to you, such as information about our services, including exclusive offers, promotions or new services or products.
We have a legitimate interest in processing your personal data for promotional purposes (see above ‘How and why we use your personal data’). This means we do not usually need your consent to send you promotional communications. However, where consent is needed, we will ask for this consent separately and clearly.
We will always treat your personal data with the utmost respect and never sell it to other organisations for marketing purposes.
You have the right to opt out of receiving promotional communications at any time by:
- contacting us using the contact details below
- using an of the stated opt-out methods detailed in promotional communications themselves.
8. Who we share your personal data with
We may share your personal data with:
- Companies involved with the payment and logistics of your purchase, such as payment service providers (e.g. Stripe/Paypal), our warehouses, order packers, and delivery companies
- Professional service providers who help us run our business, such as website hosts and marketing agencies
- Credit reference agencies, law enforcement and fraud prevention agencies, in an effort to prevent fraud
- Third party sites approved by you, such as social media sites (if you choose to link your accounts to us)
- Third party organisations to assist with our marketing and brand strategy (including logistical support in relation to the delivery of newsletters and promotional communications)
- Third party organisations who may provide IT and information security services, including cloud-based back-up facilities
- Other bodies or organisations if required by law
9. Where we store your personal information
Information may be held at our offices and those of our third party agencies, service providers, representatives and agents as described above (see ‘Who we share your personal data with’).
On occasion, the information you provide to us may be transferred to countries outside the European Economic Area (EEA). By way of example, this may happen where any of our servers or those of our third party service providers are from time to time located in a country outside of the EEA. These countries may not have similar data protection laws to the UK. Where possible, we will seek to work with service providers whose servers are located within the EEA.
If we transfer your information outside of the EEA in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this policy.
10. How long we keep your personal information
We do not keep your personal data for any longer than is necessary to fulfil the purpose for which we collected it, or to comply with any legal, obligations or to assert or defend against legal claims.
Different retention periods apply for different types of data; when it is no longer necessary to retain your personal data, we will delete or anonymise it.
11. Your rights
You have the following rights, which you can exercise free of charge:
|Access||The right to be provided with a copy of your personal data|
|Rectification||The right to require us to correct any mistakes in your personal data|
|To be forgotten||The right to require us to delete your personal data, in certain situations|
|Restriction of processing||The right to require us to restrict processing of your personal data, in certain circumstances, eg if you contest the accuracy of the data|
|Data portability||The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party, in certain situations|
|To object||The right to object:
—at any time to your personal data being processed for direct marketing (including profiling);
—in certain other situations to our continued processing of your personal data, eg processing carried out for the purpose of our legitimate interests.
|Not to be subject to automated individual decision-making||The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you|
You can exercise the above rights, where applicable by contacting us using the details at the end of this policy. We will require you to provide satisfactory proof of your identity in order to ensure that your rights are respected and protected. This is to ensure that your personal data is disclosed only to you.
12. Withdrawing Consent
Where we rely on your consent as the legal basis for processing your personal information, you may withdraw your consent at any time by contacting us using the details at the end of this policy.
If you would like to withdraw your consent or object to receiving any direct marketing to which you previously opted-in, you can do so by using the contact details at the end of this policy. If you withdraw your consent, our use of your personal information before you withdraw is still lawful.
If you have provided consent for your details to be shared with a third party, and wish to withdraw this consent, please let us know – but please also contact the relevant third party in order to amend your preferences.
13. Keeping your personal data secure
We have appropriate security measures to prevent personal data from being accidentally lost, or used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner.
If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.
14. Complaining to the UK data protection regulator
Should you have any concerns about your personal data, we’d like to be able to resolve them and we hope that we can do so. Where we haven’t been able to do this, you have the right to complain to the Information Commissioner’s Office (ICO) if you are concerned about the way we have processed your personal information. Please visit the ICO’s website for further details: https://ico.org.uk.
This policy may change from time to time so please check this page (our website) occasionally to ensure that you’re happy with any changes.
16. Contact details