At Aimé, we care about your privacy.
3rd February 2020
This Policy sets out how Aimé (“we” and “us”) process, use, share, and store the personal information we collect about our website visitors and customers (“you”). It should be read in conjunction with our Terms and Conditions of use of the website of which it forms part (“the Terms”).
By using this Website or submitting information to us through or in connection with this website, you acknowledge having been informed that we collect, use and disclose your personal information in accordance with this Policy.
If you would like more details, please feel free to contact us by emailing firstname.lastname@example.org or writing to The Data Controller, Aimé, 32 Ledbury Road, London W11 2AB.
WHICH INFORMATION DO WE HOLD AND WHY?
- You may give us information about you by filling in forms on our website, by corresponding with us by phone, e-mail or post or if you have shopped in one of our London stores. This includes information you provide when you register to use our website, subscribe to our e-mail notifications, search for a product, place an order on our website, participate in discussion boards or other social media functions on our website, enter a competition, promotion or survey and when you report a problem with our Website. The information you give us may include but is not restricted to, your name, address, e-mail address and telephone number, financial and credit card information, personal description and photographs. We also keep a record of your purchases. It is a convenient way for us to provide you with Customer Service for instance to find your receipts if they have been misplaced or if you need to make an exchange.
- Every time you visit our website, we may automatically collect the following information: the IP address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform and location data.
- We will take reasonable steps to ensure the Personal Data that we store is accurate, complete and up-to-date.
We will only process your Personal Data, in accordance with applicable law, for the following purposes:
- Creating and maintaining your customer account, if you become our registered customer;
- To carry out our contract with you, including handling and fulfilling your orders, processing payments, returns and refunds, if you are a customer;
- Dealing with your inquiries;
- Resolving disputes;
- Offering our goods and services to you in a personalised way, for example, we may provide suggestions based on your previous searches to enable you to identify suitable goods or services quicker. This may also include, where legally permitted, processing data related to your location;
- Enabling our suppliers and service providers to carry out certain functions on our behalf, including payment processing, verification, technical, logistical or other functions, as may be required, in order to fulfil your orders;
- Notifying you about changes to our service and our website;
- Carrying out market research campaigns and sending you personalised marketing communications, where you have agreed that we may do so, in order to keep you informed of our products, which we consider may be relevant to you;
- Ensuring the security of your account and our business, preventing or detecting fraud or abuses of our website, for example, by requesting verification information in order to reset your account password;
- Developing and improving our products and services, for example, by reviewing visits to our website and its various subpages and demand for specific goods or services; and
- To administer our website and for internal operations, including training our staff, conducting internal audits or transferring assets as part of a sale, purchase or investment in the business.
The transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
GDPR LAWFUL BASIS
Under the GDPR (General Data Protection Regulation), we must have a lawful basis to process your data.
- In most instances, we will process your data because we have a contract with you, ie to honour a sale.
- We will also use your data to send you marketing communications that we believe may be of interest to you if we have your explicit consent through your newsletter sign ups, or if you are an existing customer, where we have a legitimate interest as a business to communicate with you. You can opt out of marketing communications from us at any time. When pursuing a legitimate interest, we consider your rights to privacy and believe that you can reasonably expect us to use your data in such a way. We must make sure that our interests do not override yours and you are entitled to object to this use of your data.
- Finally, we may be required to use your data to meet a legal obligation.
WHO WILL PROCESS YOUR DATA?
- Our team will process your personal data.
- We may share your data with trusted contractors (“Data Processors” under the GDPR) to help meet our business needs such as sales processing, banking, emailing, and couriering. We also use companies that provide marketing, advertising and social media services, and IT support. These contractors may access your information, but they are not allowed to use any of it for any commercial or marketing purpose unrelated to our products and services. We evaluate these contractors’ competence and security and we choose them for their reliability.
- We may share your data with another legal entity, on a temporary or permanent basis, for the purposes of a joint venture, collaboration, financing, sale, merger, reorganisation, change of legal form, dissolution or similar event.
- We may transfer your data to public authorities or other third parties if we are under a legal obligation to do so.
WHERE IS YOUR DATA STORED?
The data that we collect from you may be transferred to, and stored at, a destination outside the European Union. It may also be processed by staff operating outside the EU who work for us or for one of our contractors. Such staff maybe engaged in, among other things, the processing of your payment details and the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps required by the GDPR to make sure our contractors offer the adequate level of protection such as the EU-U.S. Privacy Shield Framework.
All information you provide to us is stored on secure servers owned by our contractors. Any payment transactions will be encrypted. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Cookies are small data files that a website or its service provider transfers to your computer’s hard drive through your web browser that enables the websites or service providers systems to recognise your browser and capture and remember certain information.
They may be served by the entity that operates the website you are visiting (“first-party cookies”) or by other companies (“third-party cookies”). For example, we partner with third-party analytics providers, like Google, which set cookies when you visit our website. This helps us understand how you are using our website and services so that we can improve them.
- Strictly necessary cookies – these cookies are required for the operation of our website. They will, for example, allow you to navigate the site, add items to your shopping basket and purchase them.
- Site analytics – to measure and analyse how customers use our website and respond to marketing, to improve your shopping experience and to improve the overall functionality of our website.
- Targeting or advertising – these cookies are used to enhance your Aimé online experience and to deliver relevant content to you e.g. adverts or abandoned basket emails. Such cookies also help us measure the effectiveness of our marketing campaigns. These cookies may be placed by us, or by third parties.
To prevent your data from being used by Google Analytics, you can install Google’s opt-out browser add-on.
DATA RETENTION PERIODS
We do not retain your personal data for longer than is necessary to fulfil the purposes for which you provided that data. Our retention periods will vary depending on the reason for processing your personal data.
For instance, when you make a purchase, we will retain the billing data up to seven years from the billing date to meet tax legislation requirements.
When you have given us your consent to send you marketing communications, you can withdraw it at any time. We will consider your consent to be current for five years from your last interaction with any email we have sent you.
If there is a legal requirement to retain your data for a specific minimum period, we will retain data for that period.
YOUR RIGHTS REGARDING YOUR PERSONAL DATA
You can use these rights free of charge at any time by emailing email@example.com or writing to The Data Controller, Aimé, 32 Ledbury Road, London W11 2AB.
- You can access the data we hold about you. You have the right to know where that data came from and how we use it. This information can be requested by email addressed to firstname.lastname@example.org. The email account from which you send the email request must match the email account for the personal data record requested. We will reply to your request within 30 days.
- You can ask us to correct your data record;
- You can withdraw your consent for us to process your data;
- You can request that we erase your data. Your data will be disposed of securely within 30 days of your request.
- You have the right to limit or object to the processing of your data;
- In certain circumstances, you have the right to receive the data we hold about you in an easy machine-readable format and the right to obtain that we transfer that data directly to a third party nominated by you.
To ensure that our database Is not subject to breaches or illegitimate use by third parties, we will ask you to confirm your identity before carrying out your request.
If you believe that we are processing your personal data in contravention of the law, you can file a complaint with the ICO (Information Commissioner’s Office). More information on how to complain is available here www.ico.org.uk.