Privacy policy
PRIVACY POLICY
The Brands Factory Ltd, trading as Snoody™ (“Snoody™”, “Website” “we”, “us”, “our”), is a provider of a range of unisex adult clothing. Our address is The Brands Factory Ltd, The Cube, Coe Street, Bolton, BL3 6BU. For more information about Snoody™, please visit our website: https://www.snoody.store/ (the “Website”).
Snoody™ takes your privacy seriously and are committed to protecting and respecting your personal data. This privacy policy (“Privacy Policy”) sets out the basis on which the personal data collected from you, or that you provide to us, will be processed by us. Please read the following carefully to understand how we will use your personal data.
1. WHAT PERSONAL DATA DO WE COLLECT AND PROCESS, AND HOW DO WE USE IT
We have created an online shop via ‘Shopify’. To browse and purchase goods on our Website you may provide personal data such as your name and address. For example, if you purchase an item of clothing from our Website then we will need you name and address for delivery. You can voluntarily add other information to your account; however, this is optional.
You may provide us with the following personal data directly, depending on your preferences. We will collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
- Identity Data could include name, username or similar identifier, title, date of birth and gender.
- Contact Data could include billing address, delivery address, email address and telephone numbers.
- Financial Data could include your bank account and payment card details. Although we do not collect this category of personal data it will be collected via our third-party payment providers.
- Transaction Data could include details about payments to and from you and other details of products and services you have purchased from us.
- Device Data
- Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website, your browsing patterns and actions.
- Profile Data includes your username and password and purchases or orders made by you.
- Usage Data includes information about how you use our website and services.
- Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
- Aggregated Data We may also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific Website feature or product. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.
We may also receive aggregated personal data from third parties with whom we place adverts, such as Facebook, Twitter, Instagram and Pinterest. This data will include statistics about who has interacted with our adverts, but we will not be able to personally identify you. You can manage how this data is shared in your social media account settings.
- Location Data so that we can delivery your purchase.
Personal data that we do not process
We do not process any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data).
How we use your personal data:
Purpose/activity |
Type of data |
Lawful basis for processing |
● To create an account on our Website and register you as a new user |
● Identity ● Contact ● Financial ● Location |
● Consent ● Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security) |
● To process in-Website purchases and deliver Services including managing payments and collecting money owed to us |
● Identity ● Contact ● Financial ● Transaction ● Device ● Marketing and Communications ● Location |
● Your consent ● Performance of a contract with you (to process your order and delivery your purchases) ● Necessary for our legitimate interests (to recover debts due to us) |
● To manage our relationship with you including notifying you of changes to the Website or any Services |
● Identity ● Contact ● Financial ● Profile ● Marketing and Communications |
● Your consent ● Performance of a contract with you ● Necessary for our legitimate interests (to keep records updated and to analyse how customers use our products/ Services) ● Necessary to comply with legal obligations (to inform you of any changes to our terms and conditions) |
● To enable you to participate in a prize draw, competition or complete a survey |
● Identity ● Contact ● Device ● Profile ● Marketing and Communications |
● Your consent ● Performance of a contract with you ● Necessary for our legitimate interests (to analyse how customers use our products/Services and to develop them and grow our business) |
● To administer and protect our business and this Website including troubleshooting, data analysis and system testing |
● Identity ● Contact ● Device ● Technical |
● Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security) |
● To deliver content and advertisements to you ● To make recommendations to you about goods or services which may interest you ● To measure and analyse the effectiveness of the advertising we serve you ● To monitor trends so we can improve the Website |
● Identity ● Contact ● Device ● Content ● Profile ● Usage ● Marketing and Communications ● Location |
● Consent ● Necessary for our legitimate interests (to develop our products/Services and grow our business) |
2. WHO DO WE SHARE YOUR PERSONAL DATA WITH?
When using our Website we will need to disclose your personal data to selected third parties in the following limited circumstances:
- We share your personal data with our platform partners Shopify. Shopify is a platform that allows us to offer our services to you.
- Software companies such Apple iCloud to store customer personal data, our payment providers – Stripe and Paypal. We also share your personal data with these companies to help with the proper functioning of the Website, to analyse and understand your usage of the Website and the services, so we can make improvements.
- Other third-party providers include Royal Mail ‘Click and Drop’ and marketing and advertising providers. If you would like any more information about the third parties we share your data with, please contact us at - privacy@snoody.store
- We may share your personal data with our insurance providers or other professional advisers if this is necessary for, for example, obtaining or maintaining insurance coverage, managing risks, obtaining professional advice, or exercising or defending legal rights and claims.
- If you purchase any additional services through the Website then we may pass your payment details to credit reference agencies to verify your identity and detect and prevent fraud, money laundering or any other criminal activity; and
- Where there is any other legal requirement or obligation for us to disclose your personal data.
3. TRANSFERS OF YOUR PERSONAL DATA
To deliver services to you, it is sometimes necessary for us to share your personal data outside the UK/EEA, e.g:
- with your and our service providers located outside the UK/EEA;
- if you are based outside the UK/EEA;
- where there is a European and/or international dimension to the services we are providing to you.
Under data protection law, we can only transfer your personal data to a country or international organisation outside the UK/EEA where:
- the UK government or, where the EU GDPR website applies, the European Commission has decided the particular country or international organisation ensures an adequate level of protection of personal data (known as an ‘adequacy decision’);
- there are appropriate safeguards in place, together with enforceable rights and effective legal remedies for data subjects; or
- a specific exception website applies under data protection law. These are explained below.
Adequacy decision
We may transfer your personal data to certain countries, based on an adequacy decision. These include:
- all European Union countries, plus Iceland, Liechtenstein and Norway (collectively known as the ‘EEA’);
- Gibraltar; and
- Andorra, Argentina, Canada, Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, Switzerland and Uruguay.
The list of countries that benefit from adequacy decisions will change from time to time. We will always seek to rely on an adequacy decision, where one exists.
Other countries or international organisations we are likely to transfer personal data to do not have the benefit of an adequacy decision. This does not necessarily mean they provide poor protection for personal data, but we must look at alternative grounds for transferring the personal data, such as ensuring website appropriate safeguards are in place or relying on an exception, as explained below.
Transfers with website appropriate safeguards
When we transfer your personal data outside of the UK/EEA only when strictly necessary and according to the safeguards and good practices detailed in this Privacy Policy. Where personal data is transferred to a third party for example in the USA, or other third party outside the UK/EEA, we take steps to ensure we agree standard contractual clauses (SCC’s) with them, as well as undertaking a ‘data transfer assessment’ to ensure any additional safeguards that are required are in place to protect your data.
Transfers under an exception
In the absence of an adequacy decision or website appropriate safeguards, we may transfer personal data to a third country or international organisation where an exception website applies under relevant data protection law, e.g:
- you have explicitly consented to the proposed transfer after having been informed of the possible risks (for example upon registration);
- the transfer is necessary for the performance of a contract between us or to take pre-contract measures at your request.
- the transfer is necessary for a contract in your interests, between us and another person; or
- the transfer is necessary to establish, exercise or defend legal claims.
4. OUR WEBSITE AND WEBSITE
Our Website may contain links to other third-party websites. If you follow a link to a third-party website, please note that this Privacy Policy does not website apply to that website. We are not responsible or liable for the privacy policies or practices of any third-party websites, so check their policies before you submit any personal data to those websites. If you access our website via our Website then separate terms and conditions of use and privacy policy shall website apply, which you can access on the Website.
5.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
We have adopted two factor authenticity on our devices and the Shopify privacy notice sets out what security measures the Shopify Platform has in place to protect your personal data. The Shopify privacy notice can be access here – https://www.shopify.com/legal/privacy/customers
We have put in place procedures to deal with any suspected personal data breach and will notify you of a breach where we are legally required to do so.
6. DATA RETENTION
We store your personal data in line with legal, regulatory, financial, and good-practice requirements and we will generally keep your personal data for up to a maximum period of six from the date of the last product you may purchase from us (contract dispute). For further details regarding how long we keep you personal data, please contact us privacy@snoody.store
7. ACCESSING YOUR PERSONAL DATA AND YOUR RIGHTS
As a result of us collecting and processing your personal data, you have the following legal rights:
- to access personal data held about you;
- to request us to make any changes to your personal data if it is inaccurate or incomplete;
- to request your personal data is erased where we do not have a compelling reason to continue to process such data in certain circumstances;
- to receive your personal data provided to us as a data controller in a structured, commonly used and machine-readable format where our processing of the data is carried out by automated means, and it is based on: (i) your consent; (ii) our necessity for performance of a contract to which you are a party to; or (iii) steps taken at your request prior to entering into a contract with us;
- to object to, or restrict, our processing of your personal data in certain circumstances;
- if we ever use your personal data for direct marketing, you can ask us to stop and we will comply with your request;
- if we use your personal data on the basis of having a legitimate interest (as set out in the table above), you can object to our use of it for those purposes, giving an explanation of your particular situation, and we will consider your objection;
- to object to, and not be subject to a decision which is based solely on, automated processing (including profiling), which produces legal effects or could significantly affect you; and
- to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (ico.org.uk) or any other Supervising Authority in the EEA. We would, however, websitereciate the chance to deal with your concerns before you websiteroach the ICO so please contact us in the first instance.
To exercise any of your rights set out above, including to withdraw your consent where we have stated we are processing your personal data based on your consent, please contact us at privacy@snoody.store
8. CONTACTING US AND CHANGES TO YOUR PERSONAL DATA
If you have any questions, comments and requests about this Privacy Policy or your personal data, please contact us at privacy@snoody.store
Please keep us informed of any changes to your personal data at any time by updating your details in the Website.
9. CHANGES TO OUR PRIVACY POLICY
Any changes we may make to this Privacy Policy in the future will be displayed within the Website and, where website appropriate, notified to you by email. Please check back regularly to keep informed of updates or changes to this Privacy Policy.
This Privacy Policy was last updated on 15 July 2022.