For the purpose of applicable data protection laws, the data controller of your personal data (in order words, the organisation that determines how and for what purposes your personal data is used) is LK Bennett Fashion Limited (company no. 11903831 with registered office at: 95-96 New Bond St, London, W1S 1DB) ("we" and "us").
Like all retail businesses, we collect a range of personal data from our customers. This is described below:
- Personal details including your name, postal address, email address, phone number, date of birth and any other information collected on registration or the ordering process through our website.
- Transaction related data such as the items that you purchase, payment data, delivery information.
- Your contact details and preferences in the context of our direct marketing activities.
- Photographic images and other information (e.g. name, address and date of birth) if you attend an event that we run.
- Customer service related call recordings when calls are made to our customer service teams (which includes voice and personal information including order details), name, email address, phone number, IP address and "Live Chat" correspondence via our website (or via our social media channels) which may include contact details and order details.
- CCTV images from cameras in store.
If you are (or work for) a business partner or supplier, we will collect and process your personal data including but not limited to your name and business contact details and we will use that data on the basis of our legitimate interests in the context of managing our business relationship with you.
If you are a job applicant, we will collect and process your personal data including but not limited to your name, contact details, CV and application details. We may also process certain data that is particularly sensitive, such as details of any disability or health condition relevant to your application. You can find out more about our processing of recruitment related personal data by contacting [email protected]
Whenever we use your personal data, we need to make sure that we have established a valid legal justification (known as a "lawful basis") for that use of data. We have described the ways that we use your data and the associated lawful basis below.
|How and why we use your personal data||What is our legal justification for processing your personal data|
- To provide you with the products, information and services that you request or purchase from us (i.e. to fulfil orders for products, to send you electronic receipts, to communicate with you regarding products that you have ordered, to carry out customer services and respond to your questions and comments).
- To provide customer service, including troubleshooting in connection with purchases or your requests for services or when you ask us questions on social media.
- We may also carry out market research, request feedback or carry out surveys.
We rely on our contractual arrangements with you as the lawful basis on which we collect and process your personal data in relation to an order for products and services.
Alternatively, in some scenarios, we rely on our legitimate interests as a business (for example, it is in our interests to measure customer satisfaction and troubleshoot customer issues or deal with your specific queries on social media). Where we rely on our legitimate interests, we will always make sure that we balance these interests against your rights.
|We may use your personal data to tell you about relevant products/services and offers ("marketing"). This might include direct marketing such as via email or other channels, where you have given us your consent to do so.|| |
We will usually only use your personal data to send you marketing messages if we have consent from you to do so.
In some cases, we can rely on our legitimate interests as a business in order to send you marketing materials (our legitimate interest in marketing and advertising our products). Where we rely on our legitimate interests, we will always make sure that we balance these interests against your rights.
You can amend your preferences or opt out from marketing communications by using the unsubscribe links within our marketing messages, by updating your preferences within your account on the website or by sending an email to [email protected].
|If you attend an event and we take your photograph, we may use your image in our marketing materials.|| |
We would always obtain your consent for this use of your data.
Where we take photographs of groups at these events, we may rely on our legitimate business interest of using the images for marketing and promotional materials to promote our business. We will make sure that it is clear at the event group photographs will be taken and images used in this way, and we will give you the opportunity to avoid having your photograph taken.
|To operate promotions, prize draws, competitions and similar activities.||We may rely on our contractual relationship with you, or in some cases we may rely on our legitimate interests in running promotions for our customers and to learn about our customers' preferences. In some circumstances we may obtain your consent where the information is contained in marketing communications and we can't rely on our legitimate interests to contact you.|
|To find out more about the users of our services as a whole (and not to find out more about you as an individual) to ensure that the promotions, products and services that we offer are most likely to interest our customers.||We rely on our legitimate interest in making sure that we are providing our customers, prospective customers and website visitors with the information that we think is most relevant to them. Where we rely on our legitimate interests, we will always make sure that we balance these interests against your rights.|
We rely on our legitimate interest to ensure that our website works properly and that our products and services are high quality and efficient. Where we rely on our legitimate interests, we will always make sure that we balance these interests against your rights.
|We may record calls you make to us and will use this data for training and quality assurance purposes (where your call is recorded we will tell you in advance).||We use data in this way for a variety of reasons. It may be pursuant to a legal obligation and it is also in our legitimate interests to review call recordings for quality control purposes.|
- To ensure that the personal and financial information that you provide to us is accurate.
- To detect, investigate, report, and seek to prevent crime or other illegal activity.
- To manage risk for us and our customers.
- To fulfil our legal and compliance-related obligations
In some circumstances we will use your personal data because it's necessary for us to comply with a legal obligation (for example, if we receive a legitimate request from a law enforcement agency).
In other cases (such as the detection of theft, fraud or ensuring security of our stores or the website) we will rely on our legitimate interests in keeping our stores and website secure and to prevent theft and fraud. Where we rely on our legitimate interests, we will always make sure that we balance these interests against your rights.
|For administrative or business purposes, where you contact us for a particular reason other than those set out above, such as to report problems with our website.||We have a legitimate interest to respond to your contact for the purposes of administering our business. Where we rely on our legitimate interests, we will always make sure that we balance these interests against your rights.|
We have put in place various security measures in accordance with up-to-date industry standards to keep personal data as safe and secure as possible and to protect from unauthorised or unlawful processing and accidental loss, destruction or damage. However, taken as a whole, the internet and email can never be considered to be completely secure (e.g. your communications may route through a number of countries before being delivered, may be intercepted by third parties and may not always reach the intended recipient). We cannot accept responsibility for any such unauthorised access or loss of personal information that is beyond our control and for which we would not be responsible under applicable data protection laws.
You are responsible for protecting your account password and username and must not share it with, or disclose it, to anyone.
If you notice anything unusual or suspicious about your account, please let us know by emailing us at [email protected]
We may transfer your personal data outside of the UK and the European Economic Area (EEA) where local laws may not provide legal protection for your information in the same way as is applicable in the UK or the EEA. This may for example be as a result of third party suppliers being based outside of the UK or the EEA and so their processing of your personal data will involve a transfer of data outside the EEA (see section 6 below for more information about how we share your data with third parties).
Whenever we send (or permit a third party to send) your personal data outside of the UK and the EEA, we will make sure that we take steps necessary to protect your data as required by applicable laws. For example, we may require the overseas recipient to enter into particular contract terms.
If you would like more information on how we protect your personal data when it is transferred outside of the UK and EEA, please contact us using the details on our Website (or by contacting [email protected]).
Our corporate group:
We may disclose your personal information with other companies within our corporate group for the purposes of administering our relationship with you or for other reasons relating to the delivery of our products and services to you, which means our subsidiary companies, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006 ("LK Bennett Fashion Limited Group").
Third parties suppliers and service providers involved in our contractual relationship with you:
Like most businesses, we work with third party suppliers and service providers as part of the day to day operation of our business. Some of these trusted suppliers will process your personal data on our behalf. We have listed the key third party suppliers and service providers who process your data on our behalf immediately below. We will always make sure that we require them to meet agreed standards for the protection of your data and they will only ever be allowed to use the data in order to provide services to us and not for their own commercial purposes).
|SAP||We use SAP’s cloud database to host the website, and we use their software as our web platform.||https://www.sap.com/corporate/en/legal/privacy.html|
|E-shop World||We work with E-shop World to fulfil orders for products from our international customers. E-shop World is only allowed to use your personal data in order to process payments for products and to provide the products to you and for no other purpose.||https://www.eshopworld.com/privacy-policy-en/|
|Adyen||We work with Adyen to fulfil payments on orders for products. Adyen is only allowed to use your personal data in order to securely process payments for products and for no other purpose.||https://www.adyen.com/policies-and-disclaimer/privacy-policy|
|Datacash||We work with Datacash to process and fulfil payments on orders for products. Datacash is only allowed to use your personal data in order to securely process payments for products and for no other purpose.||http://datacash.ca/privacy-policy/|
|MNP||We work with MNP to process orders and payments and direct this information to the relevant next step, be that the warehouse or a store for the order to be fulfilled. MNP also provide the portal through which payments are taken by our customer care team.||https://mnpthesolution.com/privacy-policy|
|GFS||We work with GFS to track the delivery of products once they have been ordered and purchased. GFS is only allowed to use your personal data in order to securely deliver the products and for no other purpose.||https://gfsdeliver.com/privacy-policy/|
|Cloudflare||Cloudflare provide security and protection for our website, their service will validate any visitors to our website are safe traffic.||https://www.cloudflare.com/en-gb/privacypolicy/|
|Warehouse - ASC||We work with Warehouse - ASC to fulfil orders for products. Warehouse - ASC is only allowed to use your personal data in order to provide the products to us and for no other purpose.||http://asc2011.ascbarcode.com/privacy-policy.aspx|
|Feefo||We work with Feefo to log customer reviews. Although we do not collect data about you, it helps us collect information about the use of our website.||https://www.feefo.com/en/business/privacy-policy|
|TrustPilot||We work with Trustpilot to log customer reviews. Although we do not collect data about you, it helps us collect information about the use of our website.||https://legal.trustpilot.com/for-reviewers/end-user-privacy-terms|
|GIVEX||We work with GIVEX to process and deliver all gift cards sold at LK Bennett. GIVEX is only allowed to use your personal data in order to securely deliver the gift cards and for no other purpose.||https://www.eshopworld.com/privacy-policy-en/|
Other third parties:
We have summarised other recipients of personal data below. We will share personal data:
- with our third party suppliers for business administration or IT purposes (e.g. hosting our website or customer relationship management data platform).
- with our professional advisors including tax, legal or other corporate advisors who provide professional services to the LK Bennett Fashion Limited Group.
- where you have expressly opted-out of receiving marketing from us / third parties, we may share "suppression lists" with our affiliates and selected third parties, to ensure you do not receive unsolicited marketing.
- with regulators, law enforcement or fraud prevention agencies, as well as our legal advisers, courts, the police and any other authorised law enforcement bodies, for the purposes of investigating any actual or suspected criminal activity or other regulatory or legal matters etc.
Other scenarios in which we might share personal data:
- in the event that we consider selling or buying any business or assets, in which case we will disclose your personal data to any prospective sellers or buyers of such business or assets.
- in the event of any insolvency situation (e.g. the administration or liquidation) of LK Bennett Fashion Limited or any of its group entities.
- if we, or substantially all of our assets, are acquired by a third party, in which case personal data held by us about our customers will be one of the transferred assets.
- to protect the rights, property, or safety of us, our staff, our customers, or others. This includes exchanging information with other companies and organisations (including without limitation the local police or other local law enforcement agencies) for the purposes of staff and customer safety, crime prevention, fraud protection and credit risk reduction.
- if we are under a duty to disclose or share your personal data in order to comply with any legal obligation or regulatory requirements, or otherwise for the prevention or detection of fraud or crime.
- we will process your personal data in order to operate affiliate marketing campaigns. This enables us to understand which third party operators of websites, apps and other technology have referred potential customers to our websites and apps and allows us to pay them a commission in return for those referrals.
We will typically keep your personal data for seven (7) years from (a) the closure of your account with us, or (b) your last purchase. This enables us to deal with any issues or concerns you may have about how we handled your account/order, and also to allow us to bring or defend legal proceedings.
Some of your data will be deleted sooner, for example:
- call recordings are kept for a maximum of 180 days from the date of recording
- unsuccessful job applications/CVs will be kept for 6 months
- CCTV recordings are kept for a maximum of 30 days from the date of recording and are only kept longer where the footage relates to an identified incident and is required for legal reasons
You have a number of rights under data protection laws in relation to the way we process your personal data. These rights are described below.
You can contact us using the details on our website (or by contacting [email protected] to exercise any of these rights. We will respond to any request received from you promptly and in compliance with our obligations under the data protection laws.
|Right||Description of Right|
|Access||A right to access personal data held by us about you|
|Rectification||A right to require us to rectify any inaccurate personal data held by us about you|
|Erasure||A right to require us to erase personal data held by us about you. This right will only apply where (for example): we no longer need to use the personal data to achieve the purpose we collected it for; or where you withdraw your consent if we are using your personal data based on your consent; or where you object to the way we process your data (in line with Right 6 below).|
|Restriction||In certain circumstances, a right to restrict our processing of personal data held by us about you. This right will only apply where (for example): you dispute the accuracy of the personal data held by us; or where you would have the right to require us to erase the personal data but would prefer that our processing is restricted instead; or where we no longer need to use the personal data to achieve the purpose we collected it for, but you require the data for the purposes of dealing with legal claims|
|Portability||In certain circumstances, a right to receive personal data, which you have provided to us, in a structured, commonly used and machine-readable format. You also have the right to require us to transfer this personal data to another organisation, at your request|
|Objection||A right to object to our processing of personal data held by us about you where the processing of such data is necessary for the purposes of our legitimate interests, unless we are able to demonstrate, on balance, legitimate grounds for continuing to process personal data which override your rights or which are for the establishment, exercise or defence of legal claims.|
|Not to be subject to automated processing||A right for you not to be subject to a decision based solely on an automated process, including profiling, which produces legal effects concerning you or similarly significantly affect you.|
|Withdrawal of consent and objection to marketing||A right to withdraw your consent, where we are relying on it to use your personal data (for example, to provide you with marketing information about our services or products).|
We encourage you to contact us first if you have any queries, comments or concerns about the way we handle your data. We will try to put things right. However, if you are not satisfied with our handling of any request by you in relation to your rights or concerns, you also have the right to make a complaint to our lead supervisory authority, which is the UK's Information Commissioner's Office (ICO). You can contact the ICO at: First Contact Team, Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF; 0303 123 1113; or https://ico.org.uk/.
For further information from us on data protection and privacy or any requests concerning your personal information please write to: 95-96 New Bond St, London, W1S 1DB or email us at [email protected].
This policy was last updated on 19/08/2021.