Privacy Policy 2023

PRIVACY POLICY

Updated 19th October 2023: Lulu Guinness Limited of 25 Farringdon Street, London, England, EC4A 4AB, Company number 12574453 (“we” “us” “our”) are committed to protecting and respecting your privacy. We have updated Clause 2 of our Privacy Policy to include more information about tracking cookies used on our site by Google Analytics and Google Signals. We have updated this to provide clarity on the anonymisation of data and it’s usage for your own information. This can now be found under Clause 2.2 of the new policy.

We have also made changes to our Privacy Policy to update how we use your information under legitimate interests. We have updated Clause 3 to include using personal data to conduct researches and surveys about our products, customer experience, product development and product testing. This is necessary for our legitimate interest to constantly improve our offers, products and services to you. This can now be found under Clause 3.7 of the new policy.


For the purposes of data protection legislation, we are the data controller and we will process your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 and national laws which relate to the processing of personal data. 


Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.


 

VISITORS TO OUR WEBSITE

  1. We may collect and process personal data about you in the following circumstances:

    1.1 when you complete forms on our website (“Site”). This includes where you create an online account, where you ask us to contact you about our products, subscribe to our newsletter, subscribe to SMS messaging or place an order for our products;

    1.2 whenever you provide information to us when reporting a problem with our Site, making a complaint, making an enquiry or contacting us for any other reason. If you contact us, we may keep a record of that correspondence;

    1.3 details of your visits to our Site including, but not limited to, traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise, and the resources that you access (see section 2.2 on Cookies below); and

    1.4 whenever you disclose your information to us, or we collect information from you in any other way, through our Site.
     
  2. We may also collect data in the following ways:

    2.1 IP address: We may collect information about your device, including where available your Internet Protocol address, for reasons of fraud protection. We may also collect information about your device’s operating system and browser type, for system administration and to report aggregate information to our advertisers. This is statistical data about our users' browsing actions and patterns, and does not identify any individual.

    2.2 Cookies and Analytics Services: Our Site uses cookies and similar technologies to distinguish you from other users of our Site. This helps us to provide you with a good experience when you browse our Site and also allows us to improve our Site. We may also use Google Analytics and Google Signals to collect information about your interactions with our Site, such as the pages you visit and the actions you take. Google Analytics and Google Signals collect information anonymously and generate reports regarding website usage. Google signals are session data from sites and apps that Google associates with users who have signed into their Google accounts, and who have turned on Ads Personalization. This association of data with these signed-in users is used to enable cross-device reporting, cross-device remarketing, and cross-device conversion export to Ads. The information generated by Google Analytics and Google Signals is used to evaluate visitors' use of the website and compile statistical reports on website activity. For more information about Google Analytics and Google Signals, please refer to our Cookie Policy.
     
  3. We may use your personal data for our legitimate interests in order to:

    3.1 provide you with information, or products that you requested from us;

    3.2 allow you to participate in interactive features of our Site, when you choose to do so;

    3.3 ensure that content from our Site is presented in the most effective manner for you and for your device;

    3.4 improve our Site and services;

    3.5 process and deal with any complaints or enquiries made by you; and

    3.6 contact you for marketing purposes where you have signed up for these (see section 6 for further details).

    3.7 perform researches and surveys about our products, customer experience, product development, and product testing.
     
  4. Website links: Our Site may, from time to time, contain links to and from the websites of third parties. Please note that if you follow a link to any of these websites, such websites will apply different terms to the collection and privacy of your personal data and we do not accept any responsibility or liability for these policies. When you leave our Site, we encourage you to read the privacy notice/policy of every website you visit.

 

CUSTOMERS

  1. We will collect details including your name, email address, phone number, home address, shipping and credit card billing addresses when you order products from us via our Site. We will use this information to process your order, comply with our contractual obligations and where you have an account with us, to manage your account.
     
  2. In order to perform our contact with you, we may also need to share personal data with third parties such as payment providers and postal service organisations to assist in the delivery of goods or services you have ordered.
     
  3. We may also advertise your feedback on our website and marketing materials (subject to obtaining your prior consent where necessary).
     
  4. We will retain your information as long as we require this to provide you with the products ordered from us and for a period of 6 years. Where you have subscribed to receive marketing correspondence from us we will keep your personal data for the period of time described in the section entitled 'Marketing' below.

 

SUPPLIERS AND SUB-CONTRACTORS

We will collect details such as contract and bank details in order to contact you about goods or services we require from you, to request further goods/services and to pay you for the goods and/or services supplied. We will keep the personal data for 6 years.

 

IF YOU FAIL TO PROVIDE PERSONAL DATA

Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide the data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example to provide you with our products or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

 

MARKETING

  1. In addition to the uses described in sections 2-4 above, where you indicate you would like to receive marketing correspondence from us, subscribe to our mailing lists or newsletters, subscribe to our SMS messaging list, enter into any of our competitions or provide us with your details at networking events, we may use your personal data for our legitimate interests in order to provide you with details about our products, business updates, competitions, promotions and events which we think may be of interest.

  2. We may use your data to contact you via email, telephone or SMS message (if you provide such information on the completion of one of our website (“Site”) forms) with information about your purchase, market our products, offers and campaigns or any other relevant information we feel might be of interest to you.  
     
  3. You have the right to opt-out of receiving the information detailed in section 1 at any time. To opt-out of receiving such information, you can:

    3.1 click the unsubscribe button contained in any such communication received; or

    3.2 email us at customercare@luluguinness.com or call +44 20 4538 1352 (Monday to Friday, 11am to 5pm UK time) providing us with your name and contact details.
     
  4. Where you have subscribed to receive marketing correspondence from us we will keep personal data 6 years from when you are provided with the opportunity to opt-out of receiving marketing correspondence from us.

 

MONITORING AND RECORDING

We may monitor and record communications with you (such as telephone communications and emails) for the purpose of fraud prevention, security, insurance and health and safety. We also have CCTV cameras installed in our premises for the purpose of crime prevention and for health and safety reasons. We retain such information for 31 calendar days.

 

CREDIT CHECKS

  1. We may carry out a credit check on our customers:

    1.1 so that we can make credit decisions about you; and

    1.2 to prevent fraud and money laundering
     
  2. Where we use a credit reference agency to undertake a credit search, our search will be recorded on the files of the credit reference agency.
     
  3. If further to undertaking a credit check you receive a low credit score, we reserve the right not to supply you with our products on credit and require upfront payment for the goods or services you wish to purchase.
     
  4. If you provide false or inaccurate information and we suspect fraud, we will record this. if you want to see your credit file, please contact us at dataprotection@luluguinness.com

 

CLEARPAY  

In order to offer you Clearpay’s payment methods, we might in the checkout pass your personal data in the form of contact and order details to Clearpay, in order for Clearpay to assess whether you qualify for their payment methods and to tailor those payment methods for you. Your personal data transferred is processed in line with Clearpay Privacy Policy. 

 

KLARNA 

In order to offer you Klarna’s payment methods, we might in the checkout pass your personal data in the form of contact and order details to Klarna, in order for Klarna to assess whether you qualify for their payment methods and to tailor those payment methods for you. Your personal data transferred is processed in line with Klarna’s own privacy notice. 

 

LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA

  1. We will only use your personal data where the law allows us to. Most commonly, we will use your personal data in the following circumstances:

    1.1 for performance of a contract we enter into with you;

    1.2 where necessary for compliance with a legal or regulatory obligation we are subject to; and

    1.3 for our legitimate interests (as described within this policy) where your interests and fundamental rights do not override these interests.

 

DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES

  1. In addition to the third parties mentioned above, we may disclose your information to third parties for our legitimate interests as follows:

    1.1 to staff members in order to facilitate the provision of goods or services to you;

    1.2 to our affiliated entities to support internal administration;

    1.3 software providers that host our website and store data on our behalf;

    1.4 Marketing organisations that assist us on the distribution of marketing correspondence;

    1.5 professional advisers including consultants, lawyers, bankers and insurers who provide us with consultancy, banking, legal, insurance and accounting services;

    1.6 HM Revenue and Customs, regulators and other authorities who require reporting of processing activities in certain circumstances; and

    1.7 third parties who we may choose to sell, transfer or merge parts of our business or assets. Alternatively, we may seek to acquire other business or merge with them. If a change happens to our business then the new owners may use your personal data in the same way as set out in this privacy policy.
     
  2. We may disclose personal data to the police, regulatory bodies, legal advisors or similar third parties where we are under a legal duty to disclose or share personal data in order to comply with any legal obligation, or in order to enforce or apply our website terms and conditions and other agreements; or to protect our rights, property, or safety of our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
     
  3. We will not sell or distribute personal data to other organisations without your approval.

 

CROSS-BORDER DATA TRANSFER

We will not transfer your personal data outside the European Economic Area.

 

DATA SECURITY

  1. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
     
  2. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your information transmitted to our Site; any transmission is at your own risk.
     
  3. Information you provide to us is shared on our secure servers. We have implemented appropriate physical, technical and organisational measures designed to secure your information against accidental loss and unauthorised access, use, alteration or disclosure. This includes use of a secure socket layer encryption which encrypts your information before it is sent to us to protect it from unauthorised use.
     
  4. In addition, we limit access to personal data to those employees, agents, contractors and other third parties that have a legitimate business need for such access and take reasonable steps to ensure that third party business partners to whom we transfer any personal data will provide sufficient protection of that personal data.

 

ACCESS TO, UPDATING, DELETING AND RESTRICTING USE OF PERSONAL DATA

  1. It is important that the personal data we hold about you is accurate and current. Please keep us informed if the personal data we hold about you changes.
     
  2. Data protection legislation gives you the right to object to the processing of your personal data in certain circumstances or withdraw your consent to the processing of your personal data where this has been provided. You also have the right to access information held about you and for this to be provided in an intelligible form. If you would like a copy of some or all of your personal information, please send an email to dataprotection@luluguinness.com
     
  3. You can also ask us to undertake the following:

    3.1 update or amend your personal data if you feel this is inaccurate, (note, where you have an account with us you can amend this using the ‘sign in’ menu on the home page of our Site);

    3.2 remove your personal data from our database entirely;

    3.3 send you copies of your personal data in a commonly used format and transfer your information to another entity; or

    3.4 restrict the use of your personal data
     
  4. We may request specific information from you to help us confirm your identity and your right to access, and to provide you with the personal data that we hold about you or make your requested changes. Data protection legislation may allow or require us to refuse to provide you with access to some or all the personal data that we hold about you or to comply with any requests made in accordance with your rights referred to above. If we cannot provide you with access to your personal data, or process any other request we receive, we will inform you of the reasons why, subject to any legal or regulatory restrictions.
     
  5. Please send any requests relating to the above to our Data Protection Lead at dataprotection@luluguinness.comspecifying your name and the action you would like us to undertake.

 

RIGHT TO WITHDRAW CONSENT

Where you have provided your consent to the collection, processing and transfer of your personal data, you have the legal right to withdraw your consent under certain circumstances. To withdraw your consent, please contact us at dataprotection@luluguinness.com

 

CHANGES TO OUR PRIVACY POLICY

We reserve the right to update this privacy policy at any time, and any changes we make to our privacy policy will be posted on this page. Please check periodically for any updates. If we would like to use your previously collected personal data for different purposes than those we notified you about at the time of collection, we will provide you with notice and, where required by law, seek your consent, before using your personal data for a new or unrelated purpose. We may process your personal data without your knowledge or consent where required by applicable law or regulation.

 

CONTACT US

We have appointed a Data Protection Lead Data Lead/Privacy Officer to oversee compliance with this privacy policy. If you have any questions, comments or requests regarding this policy or how we use your personal data please contact our Data Protection Lead at dataprotection@luluguinness.com. This is in addition to your right to contact the Information Commissioners Office if you are unsatisfied with our response to any issues you raise at https://ico.org.uk/global/contact-us/

 

WHERE TO NEXT?