Smiffys II Ltd Privacy Policy (www.escapade.co.uk Customers)
Smiffys II Ltd, trading as Smiffys (“we”, “us” or “our”) is committed to protecting your privacy and meeting its data protection obligations under the retained EU law version of the General Data Protection Regulation ((EU) 2016/679)(“UK GDPR”) and the Data Protection Act 2018, together the “UK DP Laws”.
This Privacy Policy sets out the basis on which any personal data we collect from or about you, as a result of your use of our website https://www.escapade.co.uk/ (“our website”) or when you communicate with us in person, by telephone, email or post will be processed by us.
This Policy only applies to our use of ‘personal data’ about ‘data subjects’ (as defined by UK DP Laws) which includes personal data relating to our customers and prospective customers who are consumers (“you” or “your”).
We will be the data controller of your personal data which you provide, or which is collected by us via our website or when you communicate with us by telephone, email or post. This means that we are responsible for deciding how we hold and use personal information about you and that we are required to notify you of the information contained in this Policy. It is important that you read this Policy so that you are aware of how and why we are using such information and how we will treat it.
You can contact us using the details provided at the end of this Policy in the “Contacting Us” section.
THE TYPE OF INFORMATION WE COLLECT FROM YOU AND HOW WE WILL USE IT
We will collect various types of personal data from you when use our website and when you communicate with us in person, via telephone, post and email. Further details of the personal data we collect and how we use it are set out below.
The law requires us to have a legal basis for collecting and using your personal data. We rely on one or more of the following legal bases:
- Performance of a contract with you: Where we need to perform the contract we are about to enter into or have entered into with you.
- Legitimate interests: We may use your personal data where it is necessary to conduct our business and pursue our legitimate interests, for example to prevent fraud and enable us to give you the best and most secure customer experience. We make sure we consider and balance any potential impact on you and your rights (both positive and negative) before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
- Legal obligation: We may use your personal data where it is necessary for compliance with a legal obligation that we are subject to. We will identify the relevant legal obligation when we rely on this legal basis.
- Consent: We rely on consent only where we have obtained your active agreement to use your personal data for a specified purpose, for example if you subscribe to an email newsletter.
The situations in which we will process your personal information are listed below. In this section, we have indicated on which basis we process your personal data by reference to the above legal bases.
When you open an account with us
You will need to complete our “Register with us” form (https://www.escapade.co.uk/account/register) and we will collect the following details:
- Name
- Email Address
- Telephone (optional)
In the “My Dashboard” feature you have the option of adding a default billing and default shipping address. We will use this information to create and administer your account with us (Legitimate Interests).
When you contact us
When you use the form on our website to contact us (https://www.escapade.co.uk//pages/contact-us), we will collect the following details:
- Name
- Email Address
- Your order number, subject and details of your enquiry
When you contact us by telephone, email or post, we will need to collect from you your Name, email address and order number (if query relates to a specific order), to allow us to locate your account, order and deal with your enquiry, together with any information you provide us with.
We will only use this information for the purpose of responding to and, to the extent possible, dealing with your enquiry (Legitimate interests).
When you make a purchase on our Website
When you make a purchase on our website we will collect the following details (Performance of a contract with you):
- First & Last Name
- Billing Address & Postcode
- Delivery Address & Postcode
- Phone Number
Card Payment Details (name, card number, expiry date, CVV) which are provided via the website to our payment processing provider Stripe
Other Uses of our website
We will also process personal information about you to:
- process your order, take payment, arrange delivery, keep records of payments and carry out analysis for financial purposes (Performance of a contract with you/Legitimate interests);
- allow you to participate in interactive features of our service, when you choose to do so (Performance of a contract with you/Legitimate interests);
- allow you to access offers and promotions or enter competitions via our website provided by third parties (Legitimate interests);
- provide you with information about our products, offers, events or promotions we feel may interest you where permitted by law (Legitimate interests/Consent);
- notify you about changes to the services provided through our website (Legitimate interests);
- ensure that content from our website is presented in the most effective manner for you and your device (Legitimate interests);
- personalise our website to you and provide you with targeted offers (Legitimate interests); and
- deal with any queries, complaints or claims made by you (Legitimate interests/Legal obligation).
Automatic Personal Data Collection
When you visit our website we will automatically collect technical information relating to the operating system, platform and device you use via behavioural cookies as is detailed further in our Cookie Policy which is available here: (https://www.escapade.co.uk/pages/cookies-policy).
We will use the above information in order to:
- to administer our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes to comply with our legal obligations (Legitimate interests/Legal obligation);
- to improve our website to ensure that content is presented in the most effective manner for you and for your computer / device (Legitimate interests); and
- as part of our efforts to keep our website safe and secure to comply with our legal obligations (Legitimate interests/Legal obligation).
We will not carry out any solely automated decision-making using your personal data.
Change of Purpose
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will usually notify you and we will explain the legal basis which allows us to do so.
DISCLOSURE OF YOUR INFORMATION
We will share your data with the following categories of companies in order to provide our services to you, as set out in this statement:
Companies that we need to use, in order to get your purchases to you, such as delivery and logistics companies, and payment service providers.
Professional service providers, that help us with important functions such as IT services, accounting services, marketing, advertising, and hosting our website, and those that help us run our business.
Government bodies including tax authorities, law enforcement and fraud prevention agencies, to help fight fraud.
We will also disclose your personal information to third parties:
- in the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets;
- if we or substantially all of our assets are acquired by a third party, in which case personal data held by us about our customers will be one of the transferred assets; and/or
- if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Terms and Conditions and other agreements; or to protect the rights, property, or safety of our company our customers or others.
Some of our service providers detailed above may be based outside of the United Kingdom or may transfer or allow access to personal data outside of the United Kingdom. Countries located outside the UK are not governed by UK DP Laws.
However, your personal information will be protected by the safeguards required by UK DP Laws.
Details of the countries which your personal data may be processed in and the safeguards in place (including how to obtain a copy of them) may be obtained by contacting us using the details below.
STORAGE OF YOUR PERSONAL DATA
We will only keep your personal data for as long as we need to in order to fulfil the relevant purpose(s) it was collected for, as set out above in this Policy, and for as long as we are required to keep it for legal purposes.
Please note that your credit and debit card details collected and processed by our payment processing service provider Stripe Payments Europe, Ltd (“Stripe”).
Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access, such as password protection, access controls, firewalls, encryption and anti-virus protection. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk.
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.
YOUR RIGHTS
Data protection laws provide you with the following rights to:
- request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it;
- request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected;
- request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below);
- request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it;
- transmit personal data you submitted to us back to you or to another organisation in certain circumstances; and
- complain to the Information Commissioner’s Office, who are responsible for the regulation and enforcement of UK DP Laws.
You also have the right to object to the processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights above). However, we may charge a reasonable fee if your request for access is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
If we rely on your consent to process your personal data, (for example if we need your consent to send you direct marketing), you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact us using any of the details set out below in the “Contacting Us” section. Once we have received notification that you have withdrawn your consent, we will stop processing your data for the purpose(s) you originally agreed to, unless we have legal basis for doing so.
CHANGES TO OUR POLICY
Any changes we make to our Policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our Policy.
THIRD-PARTY LINKS
Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share personal data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.
CONTACTING US
If you have any queries, comments or requests regarding this Policy or you would like to exercise any of your rights set out above, you can contact us by email at intellectualproperty@smiffys.com.
These terms were last updated on 26th July 2024.