FatFace Privacy Notice
Fat Face Limited (“we") are committed to protecting and respecting your privacy. This privacy notice sets out the ways in which we may process your personal data, your rights in relation to our processing and other matters.
This privacy notice contains important details about the way we will treat your personal information, and your rights in respect of the personal data that we hold about you.
This privacy notice applies in relation to information exchanged via our website, in-store, in correspondence or otherwise. By visiting any of our websites, or by providing us with any information about yourself, you are accepting and agreeing to the practices described in this privacy notice.
For the purpose of the Data Protection Act 1998 until 24 May 2018 and thereafter the General Data Protection Regulation (Regulation (EU) 2016/679, the “GDPR”), the data controller is Fat Face Limited, registered in England & Wales, company no. 2954734. By Data Controller, this means FatFace determines the purposes and way in which any personal data are, or will be, processed.
Should you need to contact us please write to:
Data Protection Officer, Unit 3 Ridgway, Havant, Hampshire, PO9 1QJ or by email email@example.com quoting Security and Privacy Enquiry.
Information we collect from you
This is information that you give us by filling in forms on our websites, by corresponding with us by phone, e-mail or otherwise, and while you are in-store. It includes information you provide when you register to use our sites, open an account, subscribe to our mailing list, search for a product, place an order on our sites, apply for any job via our sites, use our social media platforms, enter a competition, promotion and when you report a problem with our sites, products or services. The information you give us may include your name, address, e-mail address and phone number, financial and credit card information, clothing sizes, and in relation to any job application – employment history, education records and other details relevant to your application.
If you provide any information about any other individuals such as friends or family, you warrant to us that you are entitled to provide that information to us and to authorise us to process it on the same basis as we will process the rest of the data that you provide about yourself.
In order to personalise your website experience, we may also gather information about the devices you use to access our sites (desktop and mobile), this may include the following:
We may use CCTV in our stores for security monitoring purposes.
We also occasionally engage mystery shoppers who may film their experiences with our store staff to help ensure that our staff are providing the highest standards of service.
Purposes for which we may process your information
We may use this information:
- to process, fulfil and provide you with information relating to your orders;
- to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us;
- to provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about;
- to provide you, or permit selected third parties to provide you, with information about goods or services we offer, so long as, where required by law, you have given the relevant consent;
- to notify you about changes to our products and services;
- for fraud and theft prevention;
- to ensure that content from our sites is presented in the most effective manner for you and for your computer;
- if you have submitted a job application, in order to evaluate and manage that application, and to manage your employment if you are successful;
- for our own legal and risk management purposes;
- to measure or understand the effectiveness of advertising we serve to you and to deliver relevant advertising to you;
- to make suggestions and recommendations to you and other users of our sites about goods or services that may interest you.
Please note that, where you are asked to provide information to us which is of a sort that is necessary to enable us to perform a contract or fulfil a request that you make (e.g. contact, delivery or payment information) – if you do not do so, we may not be able to perform your contract or fulfil your request.
Who we share your information with and why
FatFace work with a number of trusted suppliers, agencies and businesses in order to provide you with the highest quality products and services you expect from us e.g. delivery companies, fraud prevention agencies and product technicians amongst others. Some of the categories of third parties with whom we share your data are:
- business partners, suppliers and sub-contractors for the performance of any contract we enter into with you.
- advertisers and advertising networks that require the data to select and serve relevant adverts to you;
- analytics and search engine providers that assist us in the improvement and optimisation of our sites;
If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply the terms of any agreement or policy to which we are a party, or to protect the rights, property, or safety of Fat Face, our customers, or others. This may include exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
Keeping in touch with you
We want to keep you up to date with information about new ranges, special offers and improvements to our website. When you set your account up, we will ask you if you want to receive this type of marketing information.
If you decide you do not want to receive this marketing information you can request that we stop by writing to the Data Protection Officer: Lisa Oliver, FatFace, Unit 1-3 Ridgway, Havant, PO9 1QJ, by emailing firstname.lastname@example.org, by calling the Customer service centre on 0330 124 0000, by changing your contact preferences in the Personal Details section of your account online or by using the unsubscribe link within the email.
You may continue to receive mailings for a short period while your request is dealt with.
Legal basis of processing
Data Protection Law requires us to meet at least one “legal ground” for processing personal data, currently set out in Article 6 of the GDPR. The grounds applicable to the personal data to which this notice relates are:
- Where the processing is necessary for us to perform a contract that you are party to, or to take steps at your request prior to entering a contract, that is the ground on which we are processing that data;
- Where the processing is necessary for compliance with a legal obligation to which we are subject, that is the ground on which we are processing that data;
- Where processing is necessary for the purposes of our legitimate interests or the legitimate interests of a third party, that is the ground on which we are processing that data, provided that your interests or fundamental rights and freedoms which require protection of your data do not override those legitimate interests (our legitimate interests comprise the management, marketing and promotion of our business, products and services the supply of our products and services, and the recruitment and management of staff);
- If you have given your consent to our processing the data, that is the basis on which we are processing that data.
If more than one of the above grounds apply to the processing of data in question, the applicable ground will be the one that is set out first above.
Special categories of personal data
If you provide us with any special categories of personal data (that is to say information as to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health, sex life or sexual orientation or genetic or biometric data) or personal data relating to criminal convictions and offences, then unless you provide that information to us in a recruitment or employment context (in which case please see below) it is a condition of us receiving that information that you expressly consent (and you hereby do) to us processing that personal data for the purposes set out above. Accordingly, if you do not want us to process any such categories of personal data, please do not provide it to us.
If you provide us with any of the above types of data in relation to a job application or in the context of your work with us, the information will only be used so that we can monitor our compliance with the law and best practice in terms of equal opportunities and non-discrimination and, where applicable, to review and keep under review your ability to carry out the work for which you may be employed and any health and safety issues.
Where we store your personal data
The data that we collect from you will be stored on our servers or those of our service providers.
Some of the information you provide to us may be transferred outside the European Economic Area to countries such as India and the US. This is a transfer to a “third country”. For example, FatFace has a business relationship with Company A who provide us with IT support. Colleagues in India may access it to undertake the activities described above.
If you place an order with us and you are outside of the UK we will transfer the data that we hold on you to FatFace Limited in the UK.
FatFace also works with suppliers and partners who may make use of cloud and/or hosted technologies. We undertake data security due diligence on our partners and ensure that that these partners conform to appropriate accreditations.
Wherever transfers of data to third countries occurs FatFace will ensure that the recipient is either (i) within the EEA, or (ii) in a country that the European Union has decided has adequate data protection laws in place, or (iii) has provided appropriate data protection safeguards of the sort approved by the European Union and which provide effective rights and remedies for you, further details of which are available from the contact details below.
All information you provide to us is stored on our secure servers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our sites, you are responsible for keeping this password confidential, and for all use made of your account with such password. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our sites; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Length of data storage
Our policy is to ensure that personal data is only stored for as long as is necessary for the purposes it was provided. This may vary according to the type of information and the specific purpose and our obligations under other laws.
We may need your personal information to establish, bring or defend legal claims. For this purpose, we will always retain your personal information for 7 years after the date it is no longer needed by us for any of the purposes listed under Purposes for which we may use your information above. The only exceptions to this are where:
- the law requires us to hold your personal information for a longer period, or delete it sooner;
- you exercise your right to have the information erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted or required under the law;
- we bring or defend a legal claim or other proceedings during the period we retain your personal information, in which case we will retain your personal information until those proceedings have concluded and no further appeals are possible; or
- in limited cases, existing or future law or a court or regulator requires us to keep your personal information for a longer or shorter period.
What are your rights
You have various rights under Data Protection Law. These include:
- The right to ask us not to process your personal data for direct marketing purposes, even if you have given consent;
- If our processing is based on your consent, the right to withdraw any consent you may have given for our processing of your data – if you exercise this right, we will be required to stop such processing if consent is the sole lawful ground on which we are processing that data;
- The right to ask us for access to the data we hold about you and how we use it;
- The right to ask us to rectify any data that we hold about you that is inaccurate or incomplete;
- The right to ask us to delete your data in certain circumstances;
- The right to ask us to restrict our processing of your data in certain circumstances;
- The right to object to our processing of your data in certain circumstances;
The right to data portability to electronically move, copy or transfer your personal information in a standard form in certain circumstances.
You can exercise any of the rights set out above by contacting email@example.com. In respect of certain of the rights referred to above, we may need more information from you, e.g. to provide further information in order to confirm your identity.
You also have the right to lodge a complaint with the applicable data protection supervisory authority if you are concerned that we are not respecting your rights under Data Protection Law. The Information Commissioner’s Office (www.ico.orgis the authority in the UK which is responsible for overseeing the application of, and enforcing, Data Protection Law.
We may, based on information that you provide, make certain decisions on an automated basis. Such decisions include deciding if you pose a fraud or money laundering risk. In certain circumstances, you have the right to object to such decisions being made on an automated basis, if you want to know more please contact us on the details above.
Our sites may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Changes to this privacy notice
Any changes we make to our privacy notice in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy notice.
Questions, comments and requests regarding this privacy notice are welcomed and should be addressed to firstname.lastname@example.org
Last updated: May 2018