1. Who we are
www.carolinemcgrath.co.uk is an English retail website.
2. What is a privacy notice?
Our obligations and promises to you about the different types of personal data we might collect about you when you shop, make contact, or browse. It explains how we store, handle and protect that data.
3.What personal data do we collect and when?
We collect the following information about you:
Name and Surname
Contact phone number(s) for delivery purposes
An encrypted record of your login password (for your security only)
Interactions with us e.g. contacting our Customer Services or visits to our website
Information you provide in your reviews of us, our products or survey responses
Payment details via our third party payment gateway providers only
Information from cookies, including information on the devices you may use to make a purchase – please see our separate Cookies Policy
We collect the information in the following circumstances:
When you register to use our website
When you allow social media sites to provide your data to us
When you contact us by telephone, email or post
When you enter any event, prize draw or competition
When completing any of our surveys or leaving us a review
When completing any forms for transactional, employment or other purposes
When you buy products or gift cards/vouchers
When you give a third party permission to share with us the information they hold about you
4. How do we use your personal data?
To allow us to handle your orders, deliver products and process your payments and refunds (including to ensure secure payment and prevent fraud).
To respond to your queries, refund requests and complaints.
To keep a record of when and why you contact us and to keep your contact details up-to-date.
To enable third parties to carry out technical, logistical or other business functions on our behalf such as advertising on social media sites you might use and visit. Our ability to do this will depend on the privacy settings you have on your social media accounts.
Where you are an existing customer (or you have otherwise given us your data) and have not opted out, or where you have consented, we use your data to send you information about our business and products we think you might like and to notify you of products or special offers that may be of interest to you.
USA customers only – in addition where you are an existing customer (or you have otherwise given us your data) and have consented to third party marketing, when we share your data with carefully selected cooperative database companies (as outlined above) other third party companies who use such databases in the USA may send you details of products and services that may be of interest to you. You can opt out at any time using the methods set out below.
To send you communications required by law or which are necessary to inform you about changes to the services we provide. For example, updates to this Privacy Notice, product recall notices, and legally required information relating to your orders. These service messages will not include any promotional content and do not require prior consent when sent by email or text message. If we do not use your personal data for these purposes, we would be unable to comply with our legal obligations.
To process your application when you enter a competition, promotion or prize draw. (If there are other purposes specific to that competition promotion or prize draw, these will be explained in the applicable Competition Terms & Conditions.)
In order to help us manage our customer relationships, we use third party platforms. These platforms assist us to do lots of things, including: conduct email marketing campaigns, advertise online, undertake customer analytics, fulfil orders, make deliveries, returns and refunds etc. We therefore pass on your personal data to these third parties, on the condition that they agree to handle your information in line with this notice.
5. Why are we allowed to handle and store your personal data?
The law on data protection sets out a number of reasons for which a company can collect and use your personal data. The following sets out more detailed explanations of the bases we rely on to collect and process your personal data:
If you visit our site and are not an existing customer we will ask for your consent to process your data.
ii) Contractual obligations
Our primary use of this basis is when you purchase our products. In this situation it is necessary for us to process your personal data in order to fulfil your order and send your goods to you.
iii) Legal compliance
In some circumstances, we may be legally required to collect and process your data e.g. to pass it on to the police if criminal activity is suspected.
iv) Legitimate interest
It may be necessary to use your data in a way which might reasonably be expected as part of running our business. For example, to action any changes to your account that you request or to personalise the services we provide – with the aim of improving your customer experience.
We will only use your data in these instances, where doing so does not materially impact your rights, freedom or interests.
6. How do we protect your personal data?
It is our duty to protect all personal data gathered and in order to do this we handle the data with the greatest level of care and expertise available to us. We use various security technologies and internal procedures to ensure that it is kept safe and secure.
7. How long do we keep your personal data for?
We only keep your personal data for as long as is necessary for the purpose for which it was collected (subject to any legal requirements). Once it is no longer necessary, we will either delete the data, or anonymise it. The use of anonymised data helps us to optimise our customer service.
8. Who else sees your personal data?
Sometimes we will share your personal data with trusted third parties. We will do this in the following circumstances:
To process your order e.g. with our distribution centre, delivery companies, or with third party web platform and payment service providers
To detect any fraudulent activity, or assist law enforcement authorities
To help us offer you a more personalised shopping experience by sending you offers and updates
To understand the behaviour of our customers online
When we share information with third parties, we will ensure that:
We only provide the data they need to perform their specific function
They only use the data provided as intended
They have the requisite measures in place to protect your data and delete it once the function has been performed, or delete it when we cease working with them
9. Where is your data stored?
Some of our partners and third parties who may receive your personal data are based outside of the European Economic Area. In such cases, we ensure that our partners are contractually-bound to protect your data to the same degree that is required in the European Union.
10. What rights do you have over the data we store and how can you ask us to stop storing it?
You have the right to correct any information we store which might be incorrect, incomplete, or out of date. You can do this yourself by logging into your account, or by contacting Customer Services on 0116 279 3368 or email@example.com
If we are processing your personal data on the basis of our legitimate interest, you have the right us to ask us to stop. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.
You have the right at any time to stop us sending you marketing material. Either click the ‘unsubscribe’ link in an email communication that we have sent or contact Customer Services on 0116 279 3368 / firstname.lastname@example.org
Please note that you may continue to receive communications for a short period after changing your preferences whilst our systems are fully updated.
If you follow a link which clicks through to a third party site, this notice will not apply and you will need to review that third party’s privacy terms and conditions.
You have the right to ask us what data we hold which concerns you. Such requests are usually free, but we will ask you to submit your query in writing and include the following:
Full name (we will ask you to verify your identity)
Specific details of your request
We will process your request and will either respond within 30 days, or contact you to gather more information before we fulfil your request. In the event that we refuse to fulfil your request (for example if it is unreasonable) we will give a full explanation as to why. Please email email@example.com
11. Do we process children’s data?
In order to shop with us online, you must be over 16 years old and we do not knowingly collect personal data from children under 16. However, we encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce this notice by instructing children never to provide personal data to us.
12. What can you do if you are unhappy with how we handle your data?
You should contact our Customer Services as outlined in Section 10. However, if you still feel that your data is not being handled appropriately, you have the right to lodge a complaint with the Information Commissioner’s Office.
If you are outside of the UK, please contact the relevant data protection regulator in your country of residence.
We may update this notice and our policies from time to time, so please check back here for the latest version.
What are cookies?
These cookies are set by the social networks (Facebook, Twitter, Google+, YouTube, etc) and allow you to share content from carolinemcgrath.co.uk with your friends on social networks. We don’t control the settings of these cookies, so we suggest you check the third-party websites for more information about their cookies and how to manage them. In addition, we enable you to share content from our site. Listed below are some of the social media platforms which may place cookies on your device. By disabling social cookies you will not be able to share content from our site.
twitter.com – various cookies against this domain
facebook.com – various cookies against this domain
google.com – various cookies against this domain
pinterest.com – various cookies against this domain
instagram – various cookies against this domain
These cookies are dropped onto your web browser by our email provider to monitor the performance of our email campaigns. These cookies contain no personal information and are solely for the purpose of displaying the most relevant carolinemcgrath.co.uk product & offers to you.
Can I delete or control my cookies?
If you wish to delete any cookies that are already on your computer or device, please refer to the help section on your browser or mobile phone handset manual.
If you have any queries concerning your personal information or any questions on our use of information, please contact our Customer Services on 0116 279 3368 or email firstname.lastname@example.org
Last updated 2.7.20