Aden & Anais Limited Privacy and Cookies Policy
• you visit our website using any device, including your mobile phone;
• you contact us by post, telephone, email or social media; and
• when you buy a product from us.
Who we are and how to contact us
We operate the following websites: adenandanais.co.uk, adenandanais.fr, adenandanais.de, adenandanais.it and adenandanais.es.
For the purposes of data protection legislation Aden & Anais Limited is registered as a data controller under number ZA139421, which means that we are responsible for deciding how we hold and use personal data about you.
• Write to us at: Data privacy officer, aden + anais, The Light Bulb, Studio 316, 1, Filament Walk, London SW18 4GQ
• Email us at: firstname.lastname@example.org
• Call us on: +44 (0) 203 735 7569 between 9:00 and 17:00 GMT.
If you are contacting us to exercise your legal rights relating to your personal data, please let us know what personal data you are contacting us about, and what you want us to do, or stop doing, with that data.
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
Information we may collect from you.
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
Identity Data includes first name, last name, username, password, security question and answer title, date of birth and gender;
Contact Data includes postal addresses, billing addresses, email addresses and telephone numbers (including mobile phone numbers);
Financial Data includes bank account and payment card details;
Transaction Data includes details about payments and other details of products and services purchased from us;
Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website, details of the website from which you visit us and keywords you used, the pages on our website that you visit and in what sequence, and the date and length of your visit.
Profile Data includes the history of our communications with you, such as products you purchase from us, your personal interests, preferences, feedback and survey responses.
Usage Data includes information about how you use our website.
Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
How your personal data is collected
We use different methods to collect data from and about you including through:
• Information you give us:
Personal Data may be given by you directly when you:
- fill out a contact form or sign-up to our newsletter on our website;
make a purchase of a product from us;
- sign up to receive emails or other marketing communications from us;
- enter a competition, promotion or survey (via any social media channels, email or our website); or
- contact us by post, telephone, email or social media.
• Information we collect about you:
• Information received from third parties or publicly available sources: We may receive personal data about you from publicly available sources such as the electoral register.
We may also receive information about you if you use any of the other websites we operate or the other services we provide. We also work closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, to fulfill your orders as well as advertising networks and analytics providers, such as Google, and may receive information about you from them.
Cookies and pixel tags
A cookie is a small amount of data which often includes a unique identifier that is sent to your computer or mobile phone (referred to in this policy as a ‘device’) from the Website and is stored on your device’s hard drive. A cookie records on your device information relating to your internet activity (such as whether you have visited the Website before). We intend to use these cookies and this information in order to maximize the interactivity of our Website, as well as provide you with offers and advertisements relevant to your browsing history. We would also like to use pixel tags to collect information about how you view the Website. A pixel tag is an invisible tag placed on a website, but not on your device, for the purpose of tracking activity on that website. When you access those pages of the Website, pixel tags generate a notice of that visit. Pixel tags usually work in conjunction with cookies.
You also have the ability to enable your browser settings to “Do Not Track.” Doing this sends a signal to websites, ad networks and plug-in providers about your browsing preferences. Adenandanais.com does not respond to the Do Not Track browser signal.
We currently set the following cookies and pixel tags:
1. Google Tag Manager Container -Google Tag Manager Container is a Google product that enables website owners to centrally control the use of third party tags on their website. We use the following third party tags in Google Tag Manager Container:
Google AdWords Conversion - This records conversions on the Website’s conversion pages from search ads or product listing ads (shopping), as well as the conversion value of users once they make a purchase on the Website. You can opt out of Google AdWords Conversion by visiting Google's Ads Settings.
Google AdWords Remarketing – This is a remarketing and behavioural targeting service provided by Google. Google AdWords Remarketing records which pages of the Website you have visited, as well as optional meta-information that you provide about that visit (such as product IDs or basket values). Google AdWords Remarketing shows ads of our products to you if you have visited the Website or provided your email address to us. You can opt out of Google AdWords Remarketing by visiting Google's Ads Settings.
Google Analytics - This is a web analytics service provided by Google Inc. to track Website behaviour. You can opt out of Google Analytics without affecting your use of the Website – for more information on opting out of being tracked by Google Analytics, visit this Google page.
2. Facebook Pixel - There is one pixel for Facebook which gives us user Website behaviour information after a user interacts with our Facebook or Instagram ads. We track everything from a user viewing specific product, through adding that item to cart and checking out. This allows us to retarget, build lookalike audiences, and run dynamic product ads. The standard events the Facebook pixel is customized to report on are different types of conversion events such as a Page View, View Content (Product Page), Add to Cart, and Purchase. You can opt out of the Facebook Pixel by visiting the Adverts tab in your Facebook profile settings.
3. Pinterest Pixel - This gives us click through data and Website behaviour from users who came to the Website through interacting with a Pinterest ad. This allows us to obtain revenue data from users who visit the Website and make a purchase after interacting with that Pinterest ad. You can opt out of the Pinterest Pixel by going to your account settings and turning off Personalization.
How we use your personal data
We will only use your personal information when the law allows us to: We need to have a “lawful basis” to use your personal data. The types of “lawful basis” that we will rely on to process your personal data are as follows:
• To perform a contract: Where it is necessary to perform a contract we are about to enter into or have entered into with you to provide you with products or services that you request or purchase from us, to provide you with customer service and support, and to deal with your complaints or feedback;
• If it is in our legitimate interests: We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we use your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
By “Legitimate Interests” we mean our interests in conducting and managing our business to enable us to give you the best products and services and the best and most secure experience, for example to:
- personalise your customer experience, such as tailoring the communications that we send you with your preferred products or services;
- improve our customer service, such as recording and/or monitoring calls for the purpose of improving our customer service, ensure quality assurance, training and security;
- optimise our website to ensure that content from our site is presented in the most effective manner for you and for your computer;
- prevent fraud, for example, such as using your information to protect you against fraud and to ensure that our systems are safe and secure;
- conduct research, such as using your information to carry out aggregated and anonymised research using site analytics, or if you choose to take part in a customer survey, to study how customers use our products and services to help us develop and improve our products and services and inform our marketing strategy; and
- to send you marketing communications, for example, to keep you up-to-date with the latest news, events, brochures, promotions and competitions we think may be of interest and relevant to you. We may need your consent to send you marketing communications in certain circumstances, please see the “Direct Marketing – your choices” section below for more information).
We may also combine information we may receive about you with information you give to us and information we collect about you. We will use this information and the combined information for the purposes set out above (depending on the types of information we receive).
We may use automated processing to analyse combined information about you, which is software and other technology that analyses data and automatically makes decisions based on that analysis, for example, to decide which products and offers would be relevant for us to contact you about.
You can obtain further information about how we assess our legitimate interests against potential impact on you by contacting us using the details in the “Who we are and how to contact us” section above.
• To comply with a legal obligation: Where we need to comply with a legal or regulatory obligation, for example, a court order in a legal action.
Where we have your consent: We will require your prior consent, for example, to use your personal data to send you electronic direct marketing (such as emails or texts), please see the “Direct Marketing – your choices” section below.
We may have more than one lawful basis to use your personal data depending on the specific purpose for which we are going to use that data. Please contact us using the details in the “Who we are and how to contact us” section above if you need details about the specific ground we are relying on to process your personal data.
We will only use your personal data for the purposes for which we collected it: We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is related to the original purpose. If we need to use your personal data for an unrelated purpose, we will let you know and will explain the legal basis which allows us to do so.
Direct Marketing – your choices:
How to Opt-in: You will only receive electronic marketing communications from us (such as emails and texts) if you have:
• purchased products or services from us and have not told us that you don’t want to hear from us; or
• requested information from us, for example, by signing-up to our newsletter; or
• specifically opted-in to receive details about our products, services, events, activities, promotions and special offers which we feel may be of interest to you when we have given you the choice to do so, for example, when you purchase a product from us.
If you wish to be contacted for these purposes please make sure that you tick the appropriate box or boxes when you are given the option to do so, otherwise we will assume that you do not want to be contacted.
We will not pass your information onto third parties for marketing purposes before getting your express consent to do so.
How to Opt-out: Your participation in our marketing activities is voluntary. If you ever want to change your preferences regarding our use of your personal information for marketing purposes, or opt-out altogether from receiving further marketing information, you can:
• use the opt-out or unsubscribe links in any marketing message we send you; or
• contact us at any time by email or phone using the contact details in the “Who we are and how to contact us” section above.
Where you opt-out of receiving marketing communications from us, we may continue to use your personal data for the other purposes we have explained in the “How we use your personal data” section of this policy.
Who we share your personal information with
We may share your information with the following third parties or in the following circumstances:
To our service providers and suppliers: So that we can make certain services and products available to you we may need to share your personal data with some of our service providers and suppliers, such as card processing providers, as well as IT providers, site analytics providers and marketing service companies to, for example:
- host our website;
- operate certain of the features of our website such as online purchases and the processing of online transactions;
- send marketing communications, run contests and promotions and conduct customer research on our behalf;
- manage and analyse our network status and the responsiveness of our services
To other third parties: we may also share your personal data with the following third parties or in the following circumstances:
- On a business purchase, sale, transfer or merger: we may disclose your personal data to third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them, in which case we may disclose your personal data to such other businesses. If a change happens to our business, then the new owners may only use your personal data in the same way as set out in this privacy notice.
-To our professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
-To HM Revenue & Customs, regulators and other authorities who require reporting of processing activities in certain circumstances.
To comply with or enforce applicable laws or regulations: We may disclose personal data about you to third parties to comply with or enforce applicable laws and regulations. For example:
- Where a complaint arises concerning your use of our website, products or services;
- Where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, or situations involving potential threats to the physical safety of any person.
- in order to enforce or apply our terms of website use or terms and conditions of supply of products or services or to protect the rights, property, or safety of us, our customers, or others.
Safeguarding your personal data when we share it with other people: We require that all such third parties treat your personal information as fully confidential, respect the security of your personal information and fully comply with all applicable UK Data Protection, consumer legislation and other relevant laws from time to time in place.
Transfers of your personal data outside the UKWe are based within the European Economic Area (EEA). However, in certain circumstances information we collect about you will be sent to and held by us in countries outside the EEA where we work with suppliers and service providers that are based outside the EEA or have servers based outside the EEA or where we transfer your personal data to our affiliated companies based outside the EEA. Countries outside the EEA protect information differently, and so where we do transfer your information to suppliers based outside the EEA, we will take all steps necessary to ensure that it is adequately protected and used in accordance with this privacy notice, including but not limited to relying on any appropriate cross-border transfer solutions such as the European Commission’s standard contractual clauses (http://ec.europa.eu/justice/data-protection/internationatransfers/transfer/index_en.htm) or the EU-US Privacy Shield Framework (https://www.privacyshield.gov/welcome).
A list of countries outside the EEA to which we may transfer your personal information is available here.
How we keep your personal data secure
The data that we collect from you will be stored on our secure servers within the European Economic Area.
We use the Sage Pay System which is encrypted using 128-bit SSL certificates for our online credit card transactions. Westpac VeriSign Trusted processes online credit card transactions for thousands of UK and EC merchants, providing a safe and secure means of collecting payments via the internet.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of the Website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to the Website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features (in particular, by applying prior access controls to data for each category of users through management authorisations) for the purpose of preventing unauthorised access.
We have also put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where legally required to do so.
How long we will keep your personal data
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting obligations and requirements.
By law we have to keep certain basic information about our customers (including contact, identity and financial data) for six years after they cease being customers for tax purposes.
In some circumstances you can ask us to delete your data, please see the “Your legal rights section” below for further information.
Please note that if we have been informed by you that you no longer wish to be contacted by us, we will need to keep your relevant identity data and contact data about you indefinitely to ensure that we comply with your wishes.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
Your legal rights
Under certain circumstances, you have the following rights under data protection laws in relation to your personal data:
You have the right to:
Request access to your personal data (known as a "data subject access request"): This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you: This enables you to have any incomplete or inaccurate data we hold about you corrected, although we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data: This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to use it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to us using it (see below), where we may have used your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to use of your personal data: You can object where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to using your personal data on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are using your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to use your information which override your rights and freedoms.
Request restriction of processing of your personal data: This enables you to ask us to suspend the use of your personal data in the following scenarios: (a) if you want us to establish the data's accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer of your personal data to you or to a third party: We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract.
Withdraw consent: You can withdraw your consent at any time where we are relying on consent to use your personal data. However, this will not affect the lawfulness of any use carried out before you withdraw your consent.
How to exercise your rights: If you wish to exercise any of the rights set out above, please contact us using the details set out in the “Who we are and how to contact us” section above.
No fee usually required: You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
What we may need from you: We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond: We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Changes to this policy
Any changes we may make to this policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to this policy.