Namaste! Your adventure with Gandys is about to start. Sign up now and get 10% OFF your first purchase.
DATA PROTECTION PRINCIPLES
For the purposes of this policy data protection law means: (i) until 25thmay 2018 the Data Protection Act 1998 and then (ii) from 25thMay 2018 and unless and until it is no longer directly applicable in the UK, the General Data Protection Regulation (EU) 2016/679) (GDPR) and any national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK and then (iii) any successor legislation to the GDPR or the Data Protection Act 1998.
We will comply with data protection law. Personal information we hold about you will be:
THE KIND OF INFORMATION WE HOLD ABOUT YOU
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). There are “special categories” of more sensitive personal data which requires a higher level of protection.
We may collect, store and use the following information about you:
HOW WILL WE USE YOUR PERSONAL INFORMATION?
We use your information:
SHARING DATA WITH THIRD PARTIES
We do not transfer your information to anyone for marketing purposes without your consent. However, it may be necessary for us to share your personal information with third parties in the following circumstances:
HOW LONG WILL WE KEEP YOUR INFORMATION?
We will retain your personal information no longer than is necessary for the purpose we obtained it for thereby reducing the risk that it will become inaccurate, out of date or irrelevant. Information that is no longer needed will be securely deleted. Different retention periods apply for different types of data, however the longest we will normally hold data is 6 years.
WHAT ARE THE CONSEUENCES OF FAILING TO PROVIDE PERSONAL INFORMATION OR WITHDRAWING CONSENT?
If you fail to provide certain information when requested:
INFORMING US OF CHANGES
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.
CHANGE OF PURPOSE
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal information without your knowledge or consent where this is required or permitted by law.
We would like to send you information about our products and services which may be of interest to you. If you have signed up for an account with us whilst making an online purchase or consented to receive marketing in any other way, you may opt out at a later date. You have a right at any time to stop us from contacting you for marketing purposes. If you no longer wish to be contacted for marketing purposes, you can unsubscribe at the foot of every email or contact us at email@example.com
Social Media and Search Engine Advertising - In addition to targeted advertising using cookies, we may also use personal information you share with us (such as email) to provide you with relevant advertising about our products and services on Google, Facebook or Instagram. Any such adverts will always be clearly marked as ‘sponsored’. Should you wish to opt out of this service please contact firstname.lastname@example.org
Please note that it is not possible to opt out of all advertising on Facebook, Instagram and Google as these platforms rely on advertising to keep their services free. Should you choose to opt out of targeted advertising as set out above, most websites and social media will provide you with random advertising which may not be relevant to you. It may still be possible that on occasion you will receive advertising from Jack Wills based on the interests in your profile or demographic information.
To deliver products and services to you, it is sometimes necessary for us to share your personal information outside of the European Economic Area, usually when service providers are located outside the EEA or if you are based outside the EEA. These transfers are subject to special rules under data protection laws. If this happens, we will ensure that the transfer will be compliant with data protection law and your personal information will be kept secure.
WHAT ARE YOUR RIGHTS?
Right of access- You have the right to obtain confirmation that your data is being processed and access to your personal data. You can make a request by email to email@example.com
In most cases we will provide a copy of the information free of charge. However, we may charge a reasonable administration fee when a request is manifestly unfounded or excessive or to comply with requests for further copies of the same information although this does not mean that we will charge for all subsequent access requests.
We must without delay and in any event within 1 month of your request (subject to extensions in some cases):
We can extend the time to respond by a further two months where requests are complex or numerous. If this is the case, we will inform you of this within one month of the receipt of the request and explain why the extension is necessary.
Where requests are obviously unfounded or excessive we can refuse to respond. In such cases, we will, within one month, explain why and will inform you of your right to complain to our Supervisory Authority and to pursue a legal remedy.
Data portability– in addition to your access right you can require us to provide a copy of your information that we hold in a commonly used machine-readable format
Rights of Correction and Erasure (“right to be forgotten”)You may ask us to correct or remove information you think is inaccurate.
RIGHT TO WITHDRAW CONSENT OR RESTRICT PROCESSING
Processing for marketing purposes- You may object, at any time, to the processing of your personal data for direct marketing purposes. When you register and every time we get in touch with you, we will offer you the opportunity to opt-out of any service to which you have subscribed. Any e-mail we send you will contain an easy automated opt-out.
Processing for our legitimate interest- You can object to any processing which is for our legitimate interests or those of a third party in which case, the processing must stop, unless there are compelling legitimate grounds for the processing which override your rights, or where the processing is necessary in relation to legal action.
You can raise an objection, withdraw consent or restrict processing by email to firstname.lastname@example.org
Right to Complain- If you have any concerns with how we keep and use your information please contact our Data Protection Officer by email at email@example.com. You may also complain by phone on 02071831176
AUTOMATED DECISION MAKING
You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, unless we have a lawful basis for doing so and we have notified you. We do not envisage that any decisions will be taken about you using automated means, however we will notify you in writing if this position changes.
HOW WE KEEP YOUR INFORMATION SECURE
We use Mailchimp and Isettle to ensure that personal information, including credit card details, remains private and secure. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential.
We will maintain appropriate safeguards to ensure the security, integrity and privacy of your information and will take reasonable steps to try to ensure that third parties to whom we transfer any of your information will provide sufficient protection of that information.
Our site may, from time to time, contain links to and from the websites of partner networks, advertisers and affiliates. Please note that these websites have their own privacy policies and we do not accept any responsibility or liability for these. Please make sure you are happy with these policies before you submit personal data to these organisations via their websites.
HOW TO CONTACT US