Feather and Stitch

PRIVACY POLICY

Feather & Stitch are committed to looking after your personal information safely and securely.

This policy applies when you visit our web site www.featherandstitch.com without purchasing any product, when you create an online account with Feather & Stitch, when you sign up to our newsletter, when you make a purchase online or interact with us offline.

We would like to inform you:

  • what personal data we collect about you, and how we use it;
  • when we share it with third parties, and why;
  • your privacy rights and how the data protection law protects you.

Updates to the Feather & Stitch privacy policy may be made from time to time and we will update the revision date at the end of this policy on each occasion.

1. WHAT Personal data DOES FEATHER & STITCH COLLECT?

Personal data, or personal information, means any information about an individual from which that person can be identified. You can find out more about personal data from the Information Commissioner’s Office.  

We may collect, use, store and transfer different kinds of personal data about you, which we have grouped together as follows:

Identity – Title, First Name, Last Name, Username.

Contact – Billing Address, Delivery Address, Email, Telephone Numbers.

Profile – Order History, Username, Passwords.

Technical – Referring Websites, IP Address, Browser Type, and other online online identifiers.

Marketing – Communications / Opt-in Status.

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.

Third-party links outside of our control

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements.

When you leave our website, we encourage you to read the privacy notice of every website you visit.

2. HOW DO YOU COLLECT MY PERSONAL DATA?

We collect personal data from you in the following ways:

Website Purchases

By ordering through the website you will provide your billing contact details – your name, billing address, phone number and email address. You have the option to supply a different delivery address and specify a different contact name at that delivery address.

The payment data you provide when making an online purchase through our website is processed directly through one of our trusted third party payment processors (Secure Hosting or PayPal). Feather & Stitch do not handle any payment data. Further information on how they process and use your data can be viewed here: Secure Hosting and PayPal.

Newsletter Subscription / Online Account

You may provide your personal data including name, email address and phone number when setting up an account online, or your email address when subscribing to our newsletter.

Automated Technologies or Interactions

As you interact with the website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this data by using cookies and other similar technologies. See our Cookie Policy for details.

We receive Technical Data from various third parties such as analytics providers (Google Analytics). This anonymous data is used to improve website usability, identify and resolve technical issues and assist customers experiencing technical issues.

3. HOW DOES FEATHER & STITCH USE MY DATA?

Data Protection allows us to use and share your personal data where we have a lawful basis to do so as follows:

Contract this means processing your data where it is necessary for the performance of a contract to which you are a party. E.g. when you purchase from us.

Consent this means where you agree to us using your information in this way. E.g. when signing up to our newsletter.

Legitimate Interest this means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). E.g. analysing info about shopping habits and products purchased to inform our future ranges and respond to customer demand.

Legal/Regulatory this means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.

Purposes for Which We Will Use Your Personal Data

We have set out below a description of the ways we plan to use your personal data, with the legal basis we rely on to do so.

Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.

Purpose

Type of data

Lawful basis for processing including basis of legitimate interest

To create your online customer account

Identity

Contact

Consent

To process your order

Identity

Contact

Performance of a contract with you

Necessary for our legitimate interests

To deliver your order

Identity

Contact

Necessary for our legitimate interests

To manage our relationship with you including:

Notifying you about changes to our terms or privacy policy

Asking you to leave a review 

Identity

Contact

Profile

Marketing

Necessary for our legitimate interests

Necessary to comply with a legal obligation

To send you marketing communications via our newsletter

Contact

Marketing

Consent and Legitimate interests depending on your level of interaction and engagement with our services

To administer and protect our business and this website including: troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data

Identity

Contact

Technical

Necessary for our legitimate interests for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise

Necessary to comply with a legal obligations

To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you

Identity

Contact

Profile

Marketing

Technical

Necessary for our legitimate interests, to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy

To use data analytics to improve our website, products/services, marketing, customer relationships and experiences

Technical

Profile

Necessary for our legitimate interests, to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy

To make suggestions and recommendations to you about products or services that may be of interest to you

Identity

Contact

Profile

Marketing

Necessary for our legitimate interests, to develop our products/services and grow our business

 

Marketing

We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. We have established the following data control mechanisms relating to our marketing and promotional activity.

We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you.

When you subscribe to our newsletter, you provide consent to the use of your email address to receive marketing communications from us, which you can opt out of at any time. Please note we do not rent or share your data with any third parties for their marketing purposes.

 

Opting out

You can opt out of receiving our newsletter via the unsubscribe link at the bottom of our emails or via our website here. Please note that when you purchase from us, we will continue to confirm your order by e-mail. In addition, we may also need to contact you via phone or email with other questions regarding your order.

Cookies

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. For more information about the cookies we use, please see our Cookie Policy.

 

Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact our Data Protection Officer. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

4. WHO DO YOU SHARE MY PERSONAL DATA WITH?

We will never sell or rent your personal data to third parties for their marketing purposes. However, we may have to share your personal data with carefully selected processors who help us to fulfil your order, or other parties as set out below. The lawful basis by which these parties have access to your data is outlined in the table under the above section “Purposes for which we will use your personal data”

  • Website development (Syrox) and hosting (Fasthosts)
  • Delivery partners (Royal Mail) – in order for you to receive your goods
  • Advertising platforms (Google, Facebook) – to show you products that might be of interest to you
  • Digital marketing companies (MailChimp, Launch Online) – to manage our electronic communications with you, where you have consented, and our remarketing ads
  • Cloud-based POS system (Eposnow) – to store contact details for our store VIP loyalty card holders
  • HM Revenue & Customs, regulators and other authorities

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

5. IS MY DATA SECURE?

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We use Secure Sockets Layer (SSL) encryption technology to protect your online order information as it is transmitted over the Internet. SSL is the gold standard in Internet encryption technology, which means it is a highly sophisticated method of scrambling data as it travels from your computer to our websites servers. Whilst SSL is of a high standard for internet security, it does not provide total protection against loss by unauthorised access or hacking. Feather & Stitch will not be liable in the event of any loss arising from any such unauthorised access or hacking. To check the security of your connection look at the URL line of your browser. When accessing a secure server, the first characters of the site address will change from "http" to "https." If your browser or firewall does not support SSL, you will not be able to connect to the server, which means you won’t be able to mistakenly place an order through an unsecured connection.

We have put in place procedures to deal with any suspected personal data breach, and will notify you and any applicable regulator of a breach where we are legally required to do so.

6. WHERE IS MY DATA STORED?

Due to the global nature of some of our data processors, we may need to transfer personal information internationally particularly if our processors have infrastructure in other countries.  We do not transfer any data to third countries or international organisations unless they are deemed by applicable law to have adequate privacy protection or recognised legal mechanisms are in place to ensure adequate protection of your information (e.g. EU Model Contract Clauses or EU-US Privacy Shield or Swiss-US Privacy Shield frameworks).

7. HOW LONG DO YOU RETAIN MY DATA?

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. We will undertake regular reviews to determine any personal data we are holding on to unnecessarily, e.g. where a subscriber is no longer engaging with our emails.

By law we have to keep basic information about our customers including contact, identity, financial and transactional data for six years after they cease being customers for tax purposes. In some circumstances you can ask us to delete your data, please see Your legal rights below for further information.

In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

8. WHAT ARE MY LEGAL RIGHTS?

Unless subject to an exemption under the data protection laws, you have the following rights with respect to your personal data:

  • The right to request a copy of the personal data which we hold about you;
  • The right to request that we correct any personal data if it is found to be inaccurate or out of date;
  • The right to request your personal data is erased where it is no longer necessary to retain such data;
  • The right to withdraw your consent to the processing at any time, where consent was the lawful basis for processing your data;
  • The right to request that we provide you with your personal data and where possible, to transmit that data directly to another data controller
  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
  • The right to object to our processing of personal data, where applicable i.e. where processing is based on our legitimate interests

If you wish to exercise any of the rights set out above, please contact our Data Protection Officer, contact details below.

Time limit to respond

We will respond to all legitimate requests within 30 days.

CHANGES TO THIS NOTICE AND YOUR DUTY TO INFORM US OF CHANGES

This version was updated in May 2018.

Please keep us informed if your personal data changes during your relationship with us. It is important that the personal data we hold about you is accurate and current.

Queries, requests or concerns

To exercise all relevant rights, queries or complaints in relation to this policy or any other data protection matter between you and us, please in the first instance contact our Data Protection Officer via the details below:

 

Contact

Data Protection Officer (DPO)

Feather & Stitch

16 King Street

Richmond

Surrey TW9 1ND

Email: dpo@featherandstitch.com   Telephone: +44 (0)20 8332 2717

If this does not resolve your complaint to your satisfaction, you have the right to lodge a complaint with the Information Commissioners Office on 03031231113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, England, UK.