October’s Very Own Merchandising Limited (“OVO”, “we”, “our”, “us”) recognizes the importance of your right to privacy and wants you to be familiar with how we collect, use and disclose any personal information that individually identifies you and is subject to the protection of General Data Protection Regulations (GDPR). For the purposes of our customers in the EEA, October’s Very Own Merchandising Limited is the data controller.
What Personal Information do we collect?
Personal information means any information about an identifiable individual. Anonymous data means data that is not associated with or linked to any individual’s personal information or will not easily permit the identification of individuals (“Anonymous Data”). The types of personal information that we may collect include, but is not limited to:
- your name;
- your address;
- you age and date of birth;
- your telephone number;
- your email address;
- other information you provide when you register to use our Site or App, place an order on our Site or App, subscribe for any newsletters, enter any competition, promotion, raffle or survey, participate in any social media functions on our site or when you report a problem with our Site or App
- your payment information;
- your IP address;
- the type of device(s) you use to access our Site or App;
- the version and build of the App and operating system and platform you are using;
- a unique device identifier when you use our App (for example your device's IMEI number, the MAC address of the device's wireless network interface, or the mobile phone number used by the device), mobile network information and the type of mobile browser you use;
- location information
- browsers and plug in types and versions;
- information provided when you download an App or when you share data via our App’s social media functions;
- log information such as details of how you used our Site and App and your time zone setting;
- personal information you give us that we did not request (such as personal information you voluntarily put into an email to us or give us by phone or some or some other method);
- information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our Site or App (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call our customer service number.
We work closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies). Mostly the information we receive from these third parties is required in order for us to perform and contract with you or to protect our legitimate interests, but if this is not the case we will notify you when we receive information about you from them and the purposes for which we intend to use that information.
We may associate any category of information with any other category of information and will treat the combined information as personal information in accordance with this policy for as long as it is combined.
Purposes for Collecting Your Personal Information
We collect, use and disclose your personal information in order to provide you with our Site and App and so that you may purchase our Products and to provide you with the information, products and services that you request from us. We also collect, use and disclose your personal information to comply with legal and regulatory requirements and as otherwise may be permitted or required by applicable laws. We will only use the personal information that we collect for the purposes for which it was collected. We collect your personal information for the following purposes and in accordance with applicable laws:
- to provide you access to our Site and App;
- to verify your identity;
- to establish and maintain commercial relations with you, including fulfilling your orders through our Site or App;
- to respond to questions that you send by email or through our Site or App;
- to contact you about the Products you have purchased, including notifying you about updates or to send you any Products you have purchased from us;
- subject to applicable law, to notify you about other products, services and events which may be of interest to you;
- subject to applicable law, to provide you with newsletters and articles;
- to customize the appearance of the Site and App displayed to you;
- as part of our efforts to keep our Site and App safe and secure;
- to track behavioural information on the Site and App to serve similar content upon future visits;
- to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you;
- to make suggestions and recommendations to you and other users of our Site and App about products or services that may interest you or them
- to improve the Site and App and help us develop new products, services, apps, tools and Site and App features;
- to support our business functions such as internal business processes, marketing and advertising; and
- to meet any legal or regulatory requirements.
A more detailed breakdown of the activities which involved the processing of data and the legal bases for this are available here
When Do We Collect Personal Information?
We may collect your personal information when you voluntarily provide it to us by using our Site and App. For example, we may ask you to provide personal information if you:
- use our Site and App;
- purchase a Product on our Site and App;
- register, update or create an account on our Site and App;
- sign into your account;
- send us a question or comment by email or phone;
- participate in our contests and competitions;
- register to receive newsletters, articles and updates about our Products, Site and App; and
- otherwise participate in features of our Site and App that ask for personal information.
Limiting Collection of Personal Information
Use, Disclosure and Retention of Personal Information
We may generate Anonymous Data (that is data that cannot identify you either by itself or when associated with other data) from personal information collected through the Site and App by removing information that makes the data personally identifiable to an individual. Such Anonymous Data includes, but is not limited to, information we collect from your use of our Site and App. We may use this Anonymous Data and aggregated data for any reasonable purpose subject to applicable laws and disclose such data to third parties in our sole discretion.
We may also use and disclose your personal information to service providers, data processors and other third parties (“Third Parties”) under the following limited circumstances:
- when necessary to protect our safety, property or other rights, our representatives, customers and users of the Site and the App, including to detect and prevent fraud;
- with your consent; or
- when otherwise required or permitted by law.
Data Processors in Other Countries
As discussed above, we may engage Third Parties to perform certain services on our behalf and to otherwise assist in the purchase of our products by you through our Site and App. These Third Parties may store, process and transfer personal information on servers located outside of the EEA in jurisdictions whose data protection laws may differ from those in the EEA, such as the United States of America and Canada. As a result, personal information may be subject to access requests from governments, courts, or law enforcement in those jurisdictions according to the laws in those jurisdictions. For example, information may be shared in response to valid demands or requests from government authorities, courts and law enforcement officials in those countries.
Links to Other Sites
Providing Payment Information
We use Third Parties to process transactions through our Site and App. We use commercially reasonable efforts to select an appropriate company to maintain the confidentiality and security of your payment information. At present, when you pay for our Products on our Site and App, your payment will be processed by Shopify Inc. (“Shopify”). Our Site is hosted on Shopify’s platform and as such, your personal information is stored on Shopify’s servers which are outside the EEA but Shopify has structured it business so as to comply with the GDPR. When paying for our Products, Shopify will collect payment information from you, such as your credit card numbers and expiration dates and any other personal information necessary to process your payment.
OVO and Shopify will send emails to you regarding the processing of your online payment. Your use of Shopify is governed by the agreement between you and Shopify. If you have any questions or concerns about your payment information or your agreement with Shopify, please contact Shopify at 1-888-746-7439 or www.shopify.com.
In addition, when you pay for our Products on our Site and App, we provide your personal information to Signifyd Inc. (“Signifyd”), a Third Party who we have engaged to detect, prevent, and analyze fraudulent transactions. Signifyd uses your information to determine if the payment information provided is fraudulent prior to us fulfilling your order. We may ask you for additional information to confirm your identity when you purchase Products from us. For example, if Signifyd notifies us that a transaction may be fraudulent, we may ask you for additional information before processing your Order. If you would like more information about Signifyd, please review Signifyd’s Terms of Service available at: https://www.signifyd.com/terms.
Cookies, Web Beacons and Other Similar Technology
As you interact with this Site and our App, we may use automatic data collection technology and services that record and collect information that identifies your computer, tracks your use of this Site and our App and collects certain other information about you and your surfing habits. This data collection technology may include cookies, web beacons and other similar devices on this Site and our App to enhance functionality and navigation for our visitors.
A cookie is a small data file that is placed on the hard drive of your computer so that your computer will “remember” information when you visit a site. Web beacons and tags are small strings of code that are used in conjunction with a cookie and allow us to record activity on our Site. Internet tags, graphic tags and similar web beacon type functions allow us to count the number of users who have visited a particular web page or to access certain cookies. We may use web beacons on this Site to count users and to recognize users by accessing our cookies. Being able to access our cookies allows us to personalize this Site and improve your experience at our Site. We may also include web beacons in HTML-formatted e-mail messages that we send to determine which e-mail messages were opened. Information tracked through these mechanisms includes, but is not limited to: (i) your IP address; (ii) the type of web browser and operating system being used; (iii) the pages of the Site a user visits; and (iv) other sites a user visited before visiting our Site.
We may also employ cookies and action tags (also known as single pixel gifs or web beacons) to collect information about your use of, and activities on, our Site for our use but also for use by third parties that serve advertisements about OVO on other sites you may visit. For instance, we may use Third Party programs/services, such as AdSense or AdWords run by Google Inc. (“Google”), to serve advertisements on our behalf across the Internet. These Third Party programs/services may collect information about your visits to our Site, and your interactions with our App. In addition to the information about your visits to our Site, Third Parties may also use the information about your visits to other sites to target advertisements for services available from OVO.
You can set your internet browser up so that you are notified when cookies are stored. You can decide in each individual case whether you want to accept cookies, or you can refuse to accept any cookies. However, if you do not accept cookies, you may be restricted in how you are able to use our Site. You can delete cookies that are already stored on your hard disk at any time. You will find more details on how to do this in the operating guide for your Internet browser program.
Third Party Analytics
Our Site uses third party analytics services such as Google Analytics, a web analytics service of Google LLC. (“Google”).
We also use the cookies to carry out frequency assessments, page usage assessments and marketing assessments. For these assessments, we use this cookie information without a link to your personal information, so it is completely anonymous.
We maintain reasonable technical, physical and administrative security safeguards to protect your personal information against loss, theft, and unauthorized access. Any personal information that you provide to us is exchanged on a secured server. Unfortunately, no data transmission over the Internet can be guaranteed to be 100% secure. As a result, while we are committed to protecting your personal information, we cannot ensure or warrant the security of any information you provide to us and any transmission of your personal information is at your own risk.
We take reasonable steps to verify your identity before granting you access to your account on our Site, however, you are solely responsible for maintaining the secrecy of your username, password and any other account information. We also take reasonable steps to ensure that our employees are aware of the importance of maintaining the confidentiality of personal information and that unauthorized persons do not gain access to personal information that we have disposed of or destroyed.
Your Legal Rights
You have the right to:
Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data's accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
You may request any of the above by contacting us at the contact information set out below and we will respond within the time periods provided for under applicable laws. We will need to verify your identity before providing you with the personal information we hold about you. There is no cost for these services unless permitted by applicable law.
We may not be able to provide you with access to your personal information if the information cannot be separated from the personal information of others, cannot be disclosed for reasons of security or commercial confidentiality, or is protected by legal privilege. If we cannot provide you with access to your personal information, we will advise you of the reasons access is being denied, unless we are prohibited by law from doing so.
You may request to update and change your personal information at the contact information set out below. Where appropriate, the amended information will be transmitted to third parties having access to such information.
We are committed to protecting the privacy of children and we do not knowingly solicit personal information from children under the age of 13. If a child has already provided us with personal information, his or her parent or guardian may contact us for the purpose of deleting this information.
You will always have the opportunity to "unsubscribe" from receiving any of our marketing e-mails or other marketing communications at any time and we will ensure that our e-mails include instructions on how to unsubscribe if you no longer wish to receive future e-mails from us. We provide an on-going opportunity to unsubscribe or opt-out of contact by us by accessing our Site or by e-mail to email@example.com.
You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us at firstname.lastname@example.org.
How to Contact Us
- see your personal information that you have already sent us so that you can correct, update or delete it from our files;
- if your child under 13 has used this Site or App and sent us personal information, delete that personal information from our files;
- ask that we not send you electronic communications or otherwise contact you; or
Please contact us at email@example.com, and we will endeavour to get back to you promptly.
DATA PROCESSING ACTIVITIES
We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please email us at firstname.lastname@example.org if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.
|Purpose/Activity||Type of data||Lawful basis for processing including basis of legitimate interest|
|To register you as a new customer||Details about who you are and your contract details.||
(a) Performance of a contract with you
(b) Necessary for our legitimate interests (for example, registering you as a customer where you do not buy anything)
|To process and deliver your order including: (a) Send products and orders to you (b) Manage payments, fees and charges (b) Collect and recover money owed to us||Details about who you are, your contact details and payment information.||
(a) Performance of a contract with you
(b) Necessary for our legitimate interests (for example, to recover debts due to us)
To manage our relationship with you which will include:
(b) Asking you to leave a review or take a survey
|Details about who you are and your contact details. We may also need to use other details provided to us when you register on the Site or App, subscribe to newsletters or enter any competition or promotion.||
(a) Performance of a contract with you
(b) Necessary to comply with a legal obligation
(c) Necessary for our legitimate interests (for example, to study how customers use our products/services, to develop them and grow our business)
|To enable you to partake in a prize draw, competition or complete a survey||Details about who you are and your contact details. We may also need to use other details provided to us when your register on the Site or App, subscribe to newsletters or enter any competition or promotion.||
(a) Performance of a contract with you
(b) Necessary for our legitimate interests (for example, to study how customers use our products/services, to develop them and grow our business)
|To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)||Details about who you are, your contact details along with technical data we collect including IP addresses, types of device, operating system and platform.||
(a) Necessary for our legitimate interests (for example, for running our business, provision of administration and IT services, network security, to prevent
fraud and in the context of a business reorganisation or group restructuring exercise)
(b) Necessary to comply with a legal obligation
|To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you||Details about who you are, your contact details, your previous orders and marketing preferences. We may combine with technical data including IP addresses and information on who you have previously used our Site and App.||Necessary for our legitimate interests (for example, to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)|
|To make suggestions and recommendations to you (including by email) about goods or services that may be of interest to you||Details about who you are, your contact details, your previous orders and marketing preferences. We may combine with technical data including IP addresses and information on who you have previously used our Site and App.||
(a) Necessary for our legitimate interests (for example, to develop our products/services and grow our business)