This notice applies to any online and mobile website, application and digital service ("Services") of Annie Oak Limited ("Annie Oak", "we", "us" or "our"), as well as any information that we collect about you when you visit one of our stores in person.
It also describes your data protection rights, including a right to object to some of the processing which Annie Oak carries out (e.g. direct marketing). You can also learn about cookies and similar technology in this notice.
What information do we collect?
The following categories of personal data will be collected about you in connection with your interaction with us and use of our Services including, but not limited to, when you purchase products on our Services, you complete forms on our Services, submit user-generated reviews or ratings, engage in any social media functions on our Services, and when you visit one of our stores in person.
Information you give us
personal identification information such as, your name, date of birth and gender;
contact information such as, email address and telephone number;
demographic information: such as, postal address;
financial information: such as, credit/debit card numbers;
your purchase history;
if you have completed a survey or entered a competition with us;
if you contact us by phone, email or otherwise, we will keep a record of that correspondence; and
your marketing preferences, including any consents you have given us when you subscribe to our newsletter or set up an online account.
Information we collect automatically
information related to the browser, device or operating system you use to access our Services;
your IP address, the website you came from, information on actions taken on our Services including but not limited to pages viewed, dated and times of visits, time spent on each page, products viewed, clicked on, added to your basket and purchased;
Information we receive from third parties
Sometimes we receive personal data about you from third parties when you engage with our Services through social media, or other non-Annie Oak sites or applications, those sites will share personal data with us including, but not limited to:
the content you have viewed or interacted with;
about adverts within the content which you have been shown or clicked on;
your IP address, registered beacons or GPS (geo location) signals you have received;
publicly available information; and
non-personal information used to supplement existing information, such as demographics and affluence metrics (e.g. social-demographic groupings through matching postcodes).
The privacy notices for these sites and applications will contain more detail about this and how to change your privacy settings on those sites and applications.
How do we use this information, and what is the legal basis for this use?
We process your personal data for the following purposes:
To fulfil a contract, or take steps linked to a contract including fulfilling any orders your place. This includes:
- a) processing your order, registration for the Services, or entry to a competition;
- b) providing the Services, to communicate with you about them or your account with us;
- c) communicating with you (including by email and SMS) and providing our customer services;
- d) verifying your identity; and
- e) sending you information about changes to our terms or policies.
To conduct our business and pursue our legitimate interests, in particular:
- a) we will use your personal data to provide products and Services you have requested, and respond to any comments or complaints you may send us;
- b) we monitor use of our Services, and use your personal data to help us monitor, improve and protect our products, content, Services and websites, both online and offline;
- c) we use your personal data to personalise our products and Services for you;
- d) to prevent, investigate and/or report fraud, misrepresentation, security incidents or crime, in accordance with applicable law;
- e) we use information you provide to investigate any complaints received from you or from others, about our website or our products or services;
- f) we will use data in connection with legal claims, compliance, regulatory and investigative purposes as necessary (including disclosure of such information in connection with legal process or litigation);
- g) to create a profile of your interests and preferences, and personalise content and advertising for you, so that you only receive content and marketing communications that are relevant to you;
- h) where you have purchased products from us, to send you marketing emails and texts, unless you have either: asked us not to; or, we have asked for your consent, in which case your consent will form the appropriate lawful basis for our data processing; and
- i) to send you marketing communications by post.
Where you give us your consent, we will use your personal data:
- a) to send you newsletters and other promotional material about our Services by email and text (for instance, this will include where you have signed up to receive our newsletters, or have provided us with your consent to receive marketing communications at the point of checkout or when setting up an account), and to use technologies to check if these have been received and opened to help make our communications relevant to you. Please note that in certain circumstances, we may be relying on our legitimate interests to send you marketing emails (see above);
- b) to place cookies and use similar tracking technologies (as set out in the "Cookies" section and the information provided to you when those technologies are used);
- c) to invite you to take part in market research (where consent is required); and
- d) on other occasions where we ask you for consent, we will use the data for the purpose which we explain at that time.
For purposes which are required by law:
- a) in response to requests by government or law enforcement authorities conducting an investigation.
Relying on our legitimate interests
We have carried out balancing tests for all the data processing we carry out on the basis of our legitimate interests, which we have described above. You can obtain information on any of our balancing tests by contacting us using the details set out below.
Who will we share this data with, where and when?
With your consent (where required), we share your personal data with trusted third-party service providers, suppliers, affiliates, divisions, partners, sponsors, agents and representatives we have engaged to perform business-related functions on our behalf. For example, to: (i) conduct research and analytics; (ii) create content; (iii) provide customer support services; (iv) maintain databases (v) fulfil orders; (vi) handle payments; (vii) host Services; (viii) administer contests; (ix) with service providers that conduct or support marketing including service providers in the US and UK that send postal marketing on our behalf and (x) third party providers who may send you direct mail.
Without your consent, we share your personal data:
- a) with third party platforms such as Facebook or Google to send you targeted advertisements on our behalf;
- b)in response to legal process, for example, in response to a court order or a subpoena, a law enforcement or government agency's request;
- d) if we, or one of our business units, undergoes abusiness transition, like a merger, acquisition by another company, or sale of all or part of our assets.
We operate globally, so we do need to transfer your personal data internationally. In particular, your personal data will be transferred to and processed in Australia, Canada, Chile, European Economic Area, Hong Kong, Singapore, Taiwan and the United States.
Where information is transferred outside the EEA, and where this is to a stakeholder or vendor in a country that is not subject to an adequacy decision by the EU Commission, data is adequately protected by EU Commission approved standard contractual clauses, an appropriate Privacy Shield certification or a vendor's Processor Binding Corporate Rules.
How long will you retain my data?
Where we process personal data for marketing purposes or with your consent, we process the data until you ask us to stop and for a short period after this (to allow us to implement your requests). We also keep a record of the fact that you have asked us not to send you direct marketing or to process your data indefinitely so that we can respect your request in future.
Where we process personal data in connection with performing a contract or for a competition, we keep the data for 6 years.
Where we process registration data, excluding in the circumstances outlined above, we retain your data for 6 years.
What rights do I have?
You have the right to ask us for a copy of your personal data; to correct, delete or restrict (stop any active) processing of your personal data; and to obtain the personal data you provide to us for a contract or with your consent in a structured, machine readable format, and to ask us to share (port) this data to another controller.
You can object to the processing of your personal data in some circumstances (in particular, where we don’t have to process the data to meet a contractual or other legal requirement, or where we are using the data for direct marketing).
These rights may be limited, for example if fulfilling your request would reveal personal data about another person, where they would infringe the rights of a third party (including our rights) or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping. We will inform you of relevant exemptions we rely upon when responding to any request you make.
To exercise any of these rights, or to obtain other information, such as a copy of a legitimate interests balancing test, you can get in touch with us using the details set out below. If you have unresolved concerns, you have the right to complain to an EU data protection authority where you live, work or where you believe a breach may have occurred.
Where we require your personal data to comply with legal or contractual obligations, then provision of such data is mandatory: if such data is not provided, then we will not be able to manage our contractual relationship with you, or to meet obligations placed on us.
Withdrawing consent or otherwise objecting to direct marketing
Wherever we rely on your consent to send you marketing communications (for instance, where you have signed up to our newsletter, or have provided us with your consent to receive marketing communications at the point of checkout or when setting up an account), you will always be able to withdraw that consent, although we may have other legal grounds for processing your data for other purposes, such as those set out above. In some cases, we are able to send you direct marketing without your consent, where we rely on our legitimate interests (for instance, where you are already a customer).
In any case, you can unsubscribe from receiving our marketing emails by clicking on the unsubscribe link at the bottom of our emails, or by contacting us using the details set out below. You can also update your marketing preferences in your customer account on www.annieoak.com at any time or by emailing email@example.com. Please note that you may continue to receive communications for a short period after changing your preferences while our systems are fully updated.
You also have an absolute right to opt-out of all data processing that we carry out for marketing purposes (this includes receiving marketing emails, and profiling whereby we tailor the content, adverts and marketing communications that you receive about our products and services), at any time.
We have put in place physical, electronic, and managerial procedures designed to help prevent unauthorised access, to maintain data security, and to use correctly the personal data we collect online.
These safeguards vary based on the sensitivity of the personal data that we collect and store.
Although we take appropriate measures to safeguard against unauthorised disclosures of personal data, we cannot assure you that your personal data will never be disclosed, altered or destroyed in a manner that is inconsistent with this privacy notice.
Our Services do not target and are not intended to attract children under the age of 18. We do not knowingly solicit personal data from children under the age of 18 or send them requests for personal information.
When you visit the Services we may store some information (commonly known as a "cookie" or similar technologies) on your device. Cookies are pieces of information that a website transfers to your hard drive to store and sometimes track information about you. Cookies are specific to the server that created them and cannot be accessed by other servers, which means that they cannot be used to track your movements around the web.
Cookies can be categorised in accordance with the categories found in the ICC UK Cookie guide as set out below:
- a) strictly necessary cookies - these cookies are essential in order to enable you to move around a website and use its features and enable services you have specifically asked for. Consent is not generally required for these cookies;
- b) performance cookies - these collect information about how visitors use a website, for example, by recording which pages users go to most often (usually on an anonymous basis);
- c) functionality cookies - these cookies allow a website to remember the choices a user makes, such as a user name or language preference; and
- d) targeting or advertising cookies - these collect information about a user's browsing habits and are usually placed by advertising networks with the website operator's permission.
Cookies can also be categorised in accordance with how long they are saved on your device. "Session cookies" are short-term cookies that are only saved on the computer's memory for the duration of a user's visit to the website, whereas "persistent cookies" remain saved in the computer's memory for a set period of time, even after the browser session has ended.
How to manage & remove cookies
If you are using our Services via a browser you can change your cookie preferences and withdraw your consent at any time using the Cookie Preferences Centre.
The Help menu on the menu bar of most browsers also tells you how to prevent your browser from accepting new cookies, how to delete old cookies, how to have the browser notify you when you receive a new cookie and how to disable cookies altogether.
If you are using our Services via an application, then you can change your consent by following the relevant application’s directions. In addition, the operating system for your device provides instructions on how to prevent tailored advertising and how to reset your device's advertising identifier.
Who is the data controller?
The data controller for your information is Annie Oak Limited which you have a relationship with or which manages the website you have visited. Please find our contact details below.
How do I get in touch with you?
We hope that we can satisfy queries you may have about the way we process your data. If you have any concerns about how we process your data, or would like to opt out of direct marketing, you can get in touch at firstname.lastname@example.org.
Changes to this Privacy Notice
From time to time, we may update this notice. We will notify you about any upcoming material changes by either sending you an email to the email address you most recently provided to us or by prominently posting a notice on our Services. We encourage you to periodically check back and review this notice so that you know what personal data we collect, how we use it, and with whom we share it.