For the purpose of this Privacy Notice, Data Protection Legislation means: (i) the General Data Protection Regulation 2016/679 (the "GDPR") applicable in the European Union, including the UK until any UK data protection legislation replaces or adopts the GDPR in the UK; and (ii) then such UK data protection legislation replacing the GDPR once in force and applicable.
2. Who is responsible for your personal data?
Welow AB, VAT number SE 556967506801 (also referred to as "we", "us" and "our"), at Storgatan 58 in Stockholm, Sweden is responsible for the processing of your personal data.
3. Personal data we process about you
3.1 Personal data that you have provided to us or that we have collected from you. You will provide us with some information about yourself when purchasing items and when integrating with us in any other way (for example via our customer service). You may also provide us with information for other reasons.
Example of such information is:
● Personal identification number
● Contact information (such as email address, phone number & address)
● Physical attributes (size)
● Product feedback and comments (including unstructured comments/information, chat/mail, email & recordings of call sessions)
● Payment information (such as bank account)
4. Cookie Information
In your browser you can choose an option that allows you to receive a message before a website sends a cookie to your computer. You can then choose to accept or reject the cookie. You can also choose not to receive any cookies at all. Because different browsers work differently, you can search your help menu to find the setting on your browser.
5. Purpose and legal basis for processing your personal data
5.1 We process your personal information for different purposes, for example:
● Giving you information about your purchases
● Delivering your purchases to your specified address
● Administer your purchase if you have chosen to pay against invoice
● Providing you with digital receipts for your purchases in store
Deliver a personalized experience (profiling) by:
● Sending newsletters and other marketing to you
● Customizing your experience on gant.co.uk based on your behavior and preferences
● Delivering a personalized experience of our services, benefits and offers
Improve our communication, products and services by:
● Handling customer service issues and/or complaints
● Identify trends by collecting data for statistical purposes
Manage and administrate your information by:
● Keeping our customer records updated with the current address
Administrating events by:
● Conduct and manage participation in competitions and/or events
● Communicating before and after competitions and/or events
We may place a cookie on your device when you access our website. These cookies will let us know when you have accessed our website. We may share this information with our advertising social media providers such as Facebook or Twitter (e.g. IP addresses or unique mobile identifiers). The cookies will let our advertising providers know when to serve ads and to whom, ensuring that our ads are served only to people who have previously visited our websites or used or downloaded our apps ("Retargeting"). This is further explained in our Cookies Policy.
For further information, see section 11.
5.2 Legal basis for processing your personal data. Welow bases the processing of your personal data on a number of legal bases. These are described in this section and more detailed under section 11.
● Performance of Contract. We treat your personal information in order to fulfill the purchase agreement with you as a customer and/or member or to provide any other services we agree to provide to you. Based on this legal basis, we treat information such as your purchases and your interaction with our customer service.
● Legitimate Interest. Part of the processing of personal data we carry out is based on our legitimate interest when we conduct and manage our business. This applies, for example, to the personal data we process to send you personal offers and to make a limited segmentation of customers. For example, this includes the processing and analysing of your purchase history, your buying behavior and your behavior on gant.co.uk in order to gain more knowledge about you as a customer and our customers in general as well as to improve our offers.
● Law Compliance. In some cases, Welow may have a legal obligation to process your personal data to comply with a legal or regulatory obligation.
● Consent. Generally, Welow does not rely on consent as a legal basis for processing your personal data, other than in relation to marketing purposes such as direct marketing and newsletters.
Please note: You are never required to share your personal data with us, however, if you do not submit your personal data to us, we will not be able to fulfill our agreement or fulfill our commitments in relation to you.
6. Who can access your personal data?
Your personal data is for some purposes shared with parties who process personal data on our behalf, so-called processors.
We also transfer your personal data to joint or independent controllers:
● Collaborating partners. To handle payments made by customers, we use suppliers to ensure secure payment solutions;
7. Transfer of personal data to third countries
We always strive to process your data within the EU / EEA.
● We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
● Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
● Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US.
8. For how long is your personal data retained?
We will only retain your personal data for as long as you have consented to it or when is necessary to us to provide you with our services or fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, reporting or regulatory requirements. For instance, by law we have to keep basic information about our customers (including contact, identity, financial and transaction data) typically for six years after they cease being customers for tax purposes.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances you can ask us to delete your personal data.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
For further information, see section 14.
9. Data Security
Please be aware that communications over the Internet, such as e-mails are not secure unless they have been encrypted. Your communications may route through several countries before being delivered. We cannot accept responsibility for any unauthorised access or loss of personal data that is beyond our control.
We have appropriate security policies, rules and technical measures to protect the personal data that we have under our control (having regard to the type and amount of that data) from unauthorised access, improper use or disclosure, unauthorised modification, unlawful destruction or accidental loss. We have procedures in place to deal with any suspected personal data breach, and will notify you and any regulator of a breach when legally required to do so.
10. Your rights
Access. In accordance with Data Protection Legislation, you have the right to access information about what personal data we are processing about you and the right to request a correction of your personal data.
Rectification. You have the right to rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed.
Erasure. under certain conditions, for example if the processing is no longer necessary for the stated purposes or if you withdraw your consent, you have the right to request that we erase your personal data. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Restriction. In some cases, you also have the right to request that we restrict our processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
(i) if you want us to establish the data's accuracy;
(ii) where our use of the data is unlawful but you do not want us to erase it;
(iii) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
(iv) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Objection. You have the right to object to our processing of your personal data for example direct marketing purposes or profiling, or if the processing is based on our legitimate interest. You also have the right to object to processing of personal data for the purpose of profiling and direct marketing.
Portability. You also have the right, under certain circumstances, to obtain the personal data that relates to you, as provided to us, in a structured, widely used and machine-readable format and may transfer them to another controller.
Withdrawal. You are entitled to revoke all or part of a given consent for processing personal data at any time where we are relying on consent to process your personal data with effect from the date of withdrawal, unless further processing is required by law.
Profiling. You also have the right to object to processing of personal data for the purpose of profiling and direct marketing.
What we may require from you. We may need to request specific information from you to help us confirm your identity. We may also contact you to ask for further information in relation to your request.
Time limit to respond. We try to respond to all legitimate requests within one month. Occasionally it may take us longer that a month if your request is particularly complex, or you have made several requests. In this case, we will notify you and keep you updated.
11. Changes to this Policy and changes of purpose for which your data is collected
We reserve the right to amend or modify this Privacy Notice and if we do so we will post the changes on our website. It is your responsibility to check the Privacy Notice every time you submit your personal data to us.
If you would like to let us know about something we have done, or failed to do in relation to your personal data, whether positive or negative, please let us know by contacting us.
13. Contact information
If you want to execute your rights or contact us regarding our processing of your personal data, you can do so by contacting us at firstname.lastname@example.org.