Please take the time to read the following information carefully so that you fully understand our views and practices regarding your personal data and how we will use it. You must be over 18 years old to use our site.
This privacy policy applies to people who:
- simply visit our site;
- are our customers (including potential customers) because they:
- buy products and/or services (including people who create an account with us, check out as a guest, or redeem vouchers);
- engage with us on social media, sign-up for events, contact us with queries or complaints, or comment on or review products and/or services;
- choose to complete customer surveys or enter prize draws or competitions; and whether via our site, over the phone or in our stores; and
- supply products and/or services to us (e.g., vendors, partners, professional advisers).
This Site is not intended for children and we do not knowingly collect data relating to children.
It is important that you read this privacy policy together with any other privacy policy or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your personal data. This privacy policy supplements other notices and privacy policies and is not intended to override them.
The Authentic Bespoke Group (ABG) is made up of different legal entities, including (without limitation) Authentic Bespoke Ltd, Ally Capellino Ltd, Budd (Shirt Makers) Ltd, J.R Tusting & Company Ltd and Sterling & Burke Ltd. This privacy policy is issued on behalf of ABG so when we mention “ABG”, “we”, “us” or “our” in this privacy policy, we are referring to the relevant company within ABG responsible for processing your personal data.
Authentic Bespoke Ltd. is the controller and responsible for this site.
If you have any questions regarding this privacy policy or believe we have breached the Data Protection Act 2018 and/or the General Data Protection Regulation ((EU) 2016/679) (DP Laws), please contact us at:
- Email: [email protected]
- Telephone:+44 (0)203 911 9346
- Write to us at Authentic Bespoke, 51/52 St John’s Square, London, EC1V 4JL (marked for the attention of Data Controller).
You have the right to make a complaint at any time to a data protection authority about our collection and use of your personal data. For more information, please contact your local data protection authority. Contact details for data protection authorities in the European Economic Area, Switzerland and certain non-European countries (including the US and Canada) are available here. We would, however, appreciate the chance to deal with your concerns before you approach a data protection authority so please contact us in the first instance.
This privacy policy, together with our cookie policy and terms and conditions (and any other documents referred to in it) (this Policy) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. By using our site, you accept the practices described in this Policy.
This Policy is effective on and from 20th February 2019. We may amend this Policy at any time, and whenever we do so we will notify you by posting a revised version on our site or emailing you. Please review this Policy each time you visit our site as it may have been updated since your last visit.
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Personal data we collect: With regard to each of your visits to our site, we will automatically collect:
- technical information, including the Internet Protocol (IP) address used to facilitate your connection to the Internet, browser type and version, time zone setting, browser plug-in types and versions, hardware information
- information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); services, products, publications and articles you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page
We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate information about how you use our site to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Policy.
Cookies: Our Site uses cookies to distinguish you from other users of our site. This helps us to provide you with a good experience when you browse our site and also allows us to improve our site. Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of our site and to compile statistical reports on website activity. You can read more about how we use cookies in our cookie policy. You can enable or disable cookies by modifying the settings using the cookie preference button and in your browser.
Using your personal data: We will use this information for the following legitimate interests (whether ours or a third party’s):
- to maintain our site and keep it safe and secure;
- to protect the rights, property or safety of ABG, its customers, suppliers, contacts or others (we will also use your information where we are required by law to do so);
- to improve our site and ensure that content is presented in the most effective manner for you and for your device(s);
- for internal operations (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data);
- to measure or understand the effectiveness of our site and/or any marketing we serve to you and others, and to deliver relevant marketing to you;
- to deal with any issues you have reported with our site;We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.Sharing your personal data: We will only share personal data with third parties (but only the minimum amount they need) in the following instances:
- our employees, contractors, consultants, freelancers and agents (but their use shall be limited to the performance of their duties and in line with the reason for processing);
- other companies within ABG (acting as joint controllers or processors) who are based in the UK, to enable them to provide IT and system administration services, undertake leadership reporting and carry out marketing activities;
- our website hosting supplier (acting as a processor) who is based in the United Kingdom, to enable them to maintain and host our site;
- our third party IT support provider (acting as a processor) who is based in the UK, for the purposes of providing IT support to us;
- analytics and search engine providers (acting as processors) who are based in the United States of America, that assist us in the improvement and optimisation of our site
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
Retaining your personal data: This information is kept for 2,555 days and will then be deleted automatically. However:
- if we are required by law to retain it for longer, we will retain it for the required period; and/or
- where the information is being used in connection with legal proceedings (including prospective legal proceedings) it will be retained for the duration of those legal (and any enforcement) proceedings.Your rights: Please see Your rights.
CUSTOMERS
Personal data we collect: How you interact with us will depend on what personal data we collect about you. You can interact with us by:
- purchasing of our products and/or services (whether via our site, over the phone or in our stores);
- creating an account online via this site (even if you don’t purchase any products and/or services from us);
- engaging with us on social media, signing-up for events, contacting us with queries or complaints, or commenting on or reviewing products and/or services;
- choosing to complete customer surveys or entering prize draws or competitions; and/orThe type of personal data we will hold about you may include your name, email address(es), phone number(es), billing and delivery address(es), bank information (if you pay with your credit or debit card), your preferences in receiving marketing from us (including products, services and/or events we think might be of interest to you) and other communications and any other personal data you choose to give us when you interact with us.If you create an account online via our site, we will also collect profile data (including your username and password, purchases or orders made by you, prize draws or competitions you have entered, your interests, preferences, feedback and survey responses.We may also collect:
- information about you from social media platforms including when you interact with us on those platforms or access our social media content (the information we may receive is governed by the privacy settings, policies, and/or procedures of the applicable social media platform, and we encourage you to review them);
- information you give us when you attend any of our events whether hosted by us or a third party, (including when you register to provide feedback);
- information about you on CCTV cameras if you visit our stores (CCTV cameras are used for crime prevention and public safety); and/or
We record all calls for training and quality purposes.
Using your personal data: We will use this information:
- to enable us to perform our contract with you (including to process and deliver your order, manage payments, fees and charges, and collect and recover money owed to us, and to enable you to partake in a prize draw or competition), or to take steps to enter into such contract (including to register you as a new customer);
- where we need to comply with a legal obligation (including where we need to pass details of people involved in fraud or other criminal activity affecting ABG to law enforcement);
- for the following legitimate interests (whether ours or a third party’s):
- to notify you of your order status;
- to manage our relationship with you including notifying changes to our terms or this Policy, keeping our records updated, to send you after-care emails relating to your product, and to study how customers use our products and/or services so that we can develop them and grow our business);
- to recover debts due to us;
- to ask you to leave a review or take a survey;
- to notify you about any other products and/or services we think you might be interested in;
- to send you marketing communications to inform you of product launches, exclusive promotions, events, and sales (see Marketing);
- for the organisation of, and to follow up on, events that you have registered to attend;
- to conduct market research that will help us better understand our target market and tailor our marketing communications;
- to study shopping habits, products bought and volumes to help us to respond to demand, ensure the right products and/or services get to the right areas and to help us plan our rangesWhere we need to collect personal data to comply with a legal obligation, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel a purchase or order you have made with us but we will notify you if this is the case at the time.We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.Sharing your personal data: We will only share personal data with third parties (but only the minimum amount they need) in the following instances:
- our employees, contractors, consultants, freelancers and agents (but their use shall be limited to the performance of their duties and in line with the reason for processing);
- other companies within ABG (acting as joint controllers or processors) who are based in the UK, to enable them to provide IT and system administration services, undertake leadership reporting and carry out marketing activities;
- our website hosting supplier (acting as a processor) who is based in in the UK, to enable them to maintain and host our site;
- our third party IT support provider (acting as a processor) who is based in the UK, for the purposes of providing IT support to us;
- third party delivery/courier providers (acting as processors) who are based in the UK, to enable them to deliver products you have ordered from us;
- third party marketing and PR providers (acting as controllers or processors) who are based in the UK and USA, to enable them to provide marketing services for us;
- third party payment processing providers (acting as controllers or processors who are based in the UK, USA, Netherlands and China to securely take and manage payments;
- third party supplier partners who supply products and/or services on our behalf and who are based in the UK and USA
- third parties who own, host and support (acting as processors) CRM tools that we use in our business and who are based in in the UK, Australia and USA;
- third parties who own, host and support (acting as processors) accounting software that we use in our business and who are based in in the UK, Australia and USA;
- various third parties who provide tools and cloud solutions to enable our business to operate (including email, instant messaging, document management and file-sharing) (acting as processors) and who are based in the UK and USA;
- third parties who help us to arrange and/or host events that you have registered to attend (acting as processors) and who are based in the UK and USA;
- third parties who provide credit reference checks for us and/or who assist us to recover monies owed to us (acting as controllers or processors) and who are based in the UK;
- professional advisers (acting as controllers or processors) including lawyers, bankers, auditors and insurers based in the UK who provide legal, banking, accounting and insurance;
- HM Revenue & Customs, regulators and other authorities (acting as controllers or processors) based in the UK who require reporting of processing activities in certain circumstances;
- potential buyers (and their agents and advisers) in connection with any proposed purchase, merger or acquisition of any part of our business, provided that we inform the buyer it must use your personal data only for the purposes disclosed in this Policy;
- where we are required by law to do so;
- our telephony supplier (which would get to see phone numbers if we call you) and our broadband supplier (which could see email addresses (but not the content of what you send us, if you encrypt it)) (acting as processors)
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
Retaining your personal data: This information will be kept for as long as you are a customer and then for 7 years thereafter in the event of a legal claim and/or for tax purposes. However:
- if we are required by law to retain it for longer, we will retain it for the required period; and/or
- where the information is being used in connection with legal proceedings (including prospective legal proceedings) it will be retained for the duration of those legal (and any enforcement) proceedings.In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.Your rights: Please see Your rights.
If you have also visited our site, please see Visitors to our site.
SUPPLIERS
Personal data we collect: If you contact us or we contact you (by email, phone, in-store or otherwise) in connection with supply services, goods and/or software to us, we will hold your name, job title/profession, employer details, email address(es), phone number(s), location, and any other personal data you choose to give us when you interact with us give us (including any other details that appear on your business card which you provide to us).
We may also collect:
- information and documentation that we obtain about you and your business from publicly available information (e.g. your website, social media and Companies House) when we carry out research (this is to ensure that we understand you and your business);
- information about you from social media platforms including when you interact with us on those platforms or access our social media content (the information we may receive is governed by the privacy settings, policies, and/or procedures of the applicable social media platform, and we encourage you to review them);
- information about you on CCTV cameras if you visit our stores (CCTV cameras are used for crime prevention and public safety); and/orWe record all calls for training and quality purposes.
Using your personal data: We will use this information for the following legitimate interests (whether ours or a third party’s):
- to enable us to perform our contract with the company who is supplying the services, goods and/or software to us, or to take steps to enter into such contract;
- to manage payments, fees and charges due under our contract;
- to manage our relationship with the company who is supplying the services, goods and/or software to us including notifying changes to our terms or this Policy and keeping our records updated; and/orWe make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.Sharing your personal data: We will only share personal data with third parties (but only the minimum amount they need) in the following instances:
- our employees, contractors, consultants, freelancers and agents (but their use shall be limited to the performance of their duties and in line with the reason for processing);
- other companies within ABG (acting as joint controllers or processors) who are based in the UK, to enable them to provide IT and system administration services, undertake leadership reporting and carry out marketing activities;
- our third party IT support provider (acting as a processor) who is based in the UK, for the purposes of providing IT support to us;
- third parties who own, host and support (acting as processors) CRM tools that we use in our business and who are based in the UK and USA;
- third parties who own, host and support (acting as processors) accounting software that we use in our business and who are based in in the UK and USA;
- various third parties who provide tools and cloud solutions to enable our business to operate (including email, instant messaging, document management and file-sharing) (acting as processors) and who are based in the UK and USA;
- professional advisers (acting as controllers or processors) including lawyers, bankers, auditors and insurers based in the UK who provide legal, banking, accounting and insurance;
- HM Revenue & Customs, regulators and other authorities (acting as controllers or processors) based in the UK who require reporting of processing activities in certain circumstances;
- potential buyers (and their agents and advisers) in connection with any proposed purchase, merger or acquisition of any part of our business, provided that we inform the buyer it must use your personal data only for the purposes disclosed in this Policy;
- where we are required by law to do so;
- our telephony supplier (which would get to see phone numbers if we call you) and our broadband supplier (which could see email addresses (but not the content of what you send us, if you encrypt it)) (acting as processors)
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
Retaining your personal data: This information will be kept for the duration of our contract with the company who is supplying services, goods and/or software to us and then for 7 years thereafter in the event of legal claims and/or for tax purposes. However:
- if we are required by law to retain it for longer, we will retain it for the required period; and/or
- where the information is being used in connection with legal proceedings (including prospective legal proceedings) it will be retained for the duration of those legal (and any enforcement) proceedings.In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.Your rights: Please see Your rights.
If you have also visited our site, please see Visitors to our site.
We share your personal data within ABG and to the external third parties (the categories of which are referred to in this Policy). This may involve transferring your data outside the European Economic Area (EEA) (which consists of all EU member states, plus Norway, Iceland, and Liechtenstein). Whenever we transfer your personal data out of the EEA, we will ensure a similar degree of protection is afforded to it. In some instances, your personal data may be transferred to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. In other instances, we will ensure at least one of the lawful safeguards are implemented, which may include:
- Where we transfer personal data within ABG and to certain external third parties, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe; or
- Where we use external third parties based in the US, we may transfer personal data to them if they are part of the EU-US Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US.If you have questions about, or need further information concerning, international data transfers, please contacting us.
YOUR RIGHTS
In relation to personal data we hold about you, you have the right to:
- where we process your personal data based on your consent (as detailed in this Policy), to withdraw your consent easily and at any time;
- get access to your personal data that we hold and receive information about our processing of it;
- ask us to correct the record of your personal data maintained by us if it is inaccurate or to complete incomplete personal data;
- ask us, in certain instances, to erase your personal data or cease processing;
- object to us processing your personal data for direct marketing purposes (see Marketing);
- challenge us processing your personal data which has been justified on the basis of our legitimate interests;
- ask us, in certain instances, to restrict processing personal data to merely storing;
- ask us, in certain limited instances, to transfer your personal data to another online provider;
- not to be subject to automated decision making (including profiling) in certain circumstances;
- prevent processing that is likely to cause damage or distress to you and seek compensation from us for any damages caused to you by us breaching DP Laws;
- be notified of a personal data breach which is likely to result in high risk to your rights and freedoms; and
- complain to a data protection authority (contact details for data protection authorities in the European Economic Area, Switzerland and certain non-European countries (including the US and Canada) are available here) (you may complain to a data protection authority in the EU Member State of your residence, your place of work or of the alleged breach of DPA Laws).
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
You may access certain areas of our site without providing any personal data at all. However, to use all features and functions available on our site you may be required to submit or allow for the collection of certain personal data. You may restrict our use of cookies. For more information, see our cookie policy.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
If you would like to exercise any of these rights, please contacting us.We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one calendar month (starting from the day after we receive your request). Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
To help protect the privacy of personal data you transmit, we maintain physical, technical and administrative safeguards and require the same of any third parties we share your personal data with. Any payment transactions will be encrypted. We update and test our security technology on an ongoing basis. In addition, we train our staff about the importance of confidentiality and maintaining the privacy and security of your personal data.
We use Secure Sockets Layer (SSL) encryption when collecting or transferring sensitive data such as personal and credit card information. SSL encryption is designed to make the information unreadable by anyone but the intended audience. This security measure is working when you see a closed padlock icon in your browser window, usually in the URL address bar.
We will only ask for payment details when you place an order over the telephone, we will never ask you to confirm any account or credit card details by email or text message. If you receive such emails or messages do not respond and contact us immediately. Credit Card details are not stored beyond completion of your order. All payments online will be taken securely through payment portals Safecharge and Paypal, card details are not fully visible to our staff. Our handling of credit card details is certified compliant with the Payment Card Industry Data Security Standard.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
As you will be aware the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to our site; any transmission is at your own risk. Once we have received your personal data, we will use physical, technical and administrative safeguards to prevent unauthorised access to your personal data.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. To opt out of marketing communications, see Opting out below.
Promotional offers from us: We may use the personal data you have given us to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing).
You will receive marketing communications from us if you have requested information from us (i.e., by ticking a box to indicate you consent to us sending you marketing communications) or purchased products or services from us and you have not opted out of receiving that marketing.
Third-party marketing: We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.
Opting out: You can ask us to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us any time. Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product/service purchase, product/service experience or other transactions. Please note that if you ask us not to contact you by email at a certain email address, we will retain a copy of that email address on a “suppression list” in order to comply with your no-contact request.
You are free to change your marketing choices at any time.
Our Site may, from time to time, contain links to and from the websites of third party websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Our Site uses interfaces with social media sites such as Facebook, LinkedIn, Twitter and others. If you choose to “like” or share information from our site through these services, you should review the privacy policy of that service. If you are a member of a social media site, the interfaces may allow the social media site to connect your site visit to your personal data.