Effective Date: 25/05/2018
For the purpose of the General Data Protection Regulation (GDPR) and the Data Protection Act 2018, the data controller is ALLSAINTS Retail Limited of Units C15-C17 Jacks Place, 6 Corbet Place, London, E1 6NN, UK.
We process following categories of your personal data when it is necessary for the performance of a contract between you and us: your salutation, first and last name, email address, delivery and billing address, telephone number and payment card details, web site’s login details.
We will also process the above categories of data for the purposes of our legitimate interests set out below:
We process the following categories of data for marketing purposes if we have a legitimate interests or when you give us your consent: email address, name, gender, how you have reached our digital platform and the internet protocol (IP) address you have used, your login information, browser type and version, plug-in, operating system and platform, the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our Customer Experience Team.
We use your data for the following marketing purposes:
We may collect some of your information using automatic data collection technologies as you navigate through and interact with the Services. This may include certain information about your equipment, browsing actions and patterns, including, IP address, login information, browser type and version, time zone setting, location, operating system and platform, products viewed, searched for or purchased, page response times, download errors, length of visit to certain pages, page interaction (scrolling, clicks, mouse-overs) and methods used to browse away from the page.
We may also participate in Facebook's ‘Custom Audience’ service from time to time. This service enables us to display to you personalized advertisements when you visit Facebook’s social media platforms. It works by converting your email address to a unique number that Facebook uses to match to unique numbers that Facebook generates from email addresses of its users. Where we use Facebook Custom Audiences, we will only include you if you have consented to receive marketing from us.
We may share information that we collect about you with Affiliates, business partners, suppliers, sub-contractors, marketers, advertisers and advertising networks for marketing and advertising purposes, which may include: (i) sending you direct mail or emails about their products, services, sales, promotions events, news and store openings that may interest you; or (ii) serving ads or adverts that may interest you; or (iii) for data analytics that assist in the improvement and optimisation of products, Services and the Site.
If you have given us your consent, you can change your mind at any time by unsubscribing or by adjusting your preferences in the preference centre.
We may monitor or record telephone calls for security purposes and to improve the quality of services that we provide to you.
Please note that for your safety and security, CCTV is in operation in all of our premises which are open to the public.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
All transactions are secured within the AllSaints app - an SSL encryption system protects your personal and payment data. All payment details are encrypted with our payment provider, plus the option to secure any saved card details using your fingerprint with Apple Touch ID (using iPhone 5s or later) or with facial recognition using Face ID (using iPhone X or later).
When using the card scanning feature, we do not store photos of your card. We simply read the card details required for payment. The image is not saved and is deleted immediately after use.
In common with many other website and app operators, we use standard technology called 'cookies' on our website. Cookies are small pieces of information that are stored by your browser on your computer's hard drive and they are used to record how you navigate this website on each visit.
We may need to disclose your personal data to our Business partners, suppliers, and sub-contractors as follows:
We may share information that we collect about you with affiliates, which include other entities directly or indirectly controlled by, or under common control with, us (“Affiliates”), business partners, suppliers, sub-contractors, marketers, advertisers and advertising networks for marketing and advertising purposes, which may include: (i) sending you direct mail or emails about their products, services, sales, promotions events, news and store openings that may interest you; or (ii) serving ads or adverts that may interest you; or (iii) for data analytics that assist in the improvement and optimisation of products, Services and the Site.
We may also disclose your personal information to third parties:
We use cyber security best practices to prevent the unauthorised use, access, or disclosure of your personal information. All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using SSL/TLS technology and card data are processed by PCI compliant payment providers.
You can help protect your online personal data by following these safety tips:
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Sites, you are responsible for keeping this password confidential. You must not share your password(s) with anyone.
Our Services are not directed to the individuals under the age of 18. If you are under the age of 18, please stop using our Services. It is our policy not to knowingly solicit or permit anyone under the age of 18 to provide their personal information for any purpose.
You can withdraw your consent and opt out of receiving marketing emails from ALLSAINTS, by following the instructions in the email, or by logging into your online account, going into "My Account" under the heading "My Preferences".
Please note that if you decide to opt out it may take a few days to process your opt-out request and that you may continue to receive promotional or marketing materials during this time. Also, please note that opting out of receiving will not preclude us from sending you other types of non-promotional messages, such as emails confirming transactions.
You have an option to correct and update your account information when you are logged into your account.
You have a right to access, rectify or erase personal data we hold about you. You also have a right to restrict processing of your personal data, right to object to profiling for marketing purpose and right to data portability. If you are the customer and you would like to find out more about your rights or exercise your rights, please email us on firstname.lastname@example.org or call us on +44 344 980 2211 . If you are current or previous employee, and you would like to find out more about your rights or exercise your rights, please email us on email@example.com.
Alternatively, you can write to us:
ALLSAINTS Retail Ltd
Units C15-C17 Jacks Place,
6 Corbet Place,
We will provide information to you free of charge and we aim to respond to you within 30 days.
If you are not satisfied with our handling of your data, you also have a right to lodge a complaint with supervisory authority by writing to the Information Commissioner’s Office at the following address:
Information Commissioner's Office
You can also contact the Information Commissioner’s Office using their online form: https://ico.org.uk/concerns/handling/