25th May 2018
At Aimé, we care about your privacy.
This policy sets out how we collect, use, share, and store your personal data and if you would like more details, please feel free to contact us by emailing firstname.lastname@example.org or writing to The Data Controller, Aimé, 32 Ledbury Road, London W11 2AB.
WHICH INFORMATION DO WE HOLD AND WHY?
If you have subscribed to our mailing list on our website, we collect your name and email address.
If you have shopped with us, we collect your name and other information you have given us, such as your email address, telephone number and delivery address; only if you agree to it. We also keep a record of your purchases. It is a convenient way for us to provide you with Customer Service for instance to find your receipts if they have been misplaced or if you need to make an exchange.
We never hold credit card information.
We use the data we collect to send you news, brand updates and information on special events
GDPR LAWFUL BASIS
Under the GDPR (General Data Protection Regulation), we must have a lawful basis to process your data.
In most instances, we will process your data because we have a contract with you, ie to honour a sale. We will also use your data to send you marketing communications that we believe may be of interest to you if we have your explicit consent through your newsletter sign ups, or if you are an existing customer, where we have a legitimate interest to communicate with you. You can opt out of marketing communications from us at any time. When pursuing a legitimate interest, we consider your rights to privacy and believe that you can reasonably expect us to use your data in such a way. We must make sure that our interests do not override yours and you are entitled to object to this use of your data.
Finally, we may be required to use your data to meet a legal obligation.
WHO WILL PROCESS YOUR DATA?
Our team will process your personal data.
We may share your data with trusted contractors (“Data Processors” under the GDPR) to help meet our business needs such as sales processing, banking, emailing, and couriering. We also use companies that provide social media services, and IT support. These contractors may access your information, but they are not allowed to use any of it for any commercial or marketing purpose unrelated to our products and services. We evaluate these contractors’ competence and security and we choose them for their reliability.
Some of these contractors may be based outside the EU but we will make sure they offer the adequate level of protection such as the EU-U.S. Privacy Shield Framework.
DATA RETENTION PERIODS
We do not retain your personal data for longer than is necessary to fulfill the purposes for which you provided that data. Our retention periods will vary depending on the reason for processing your personal data.
When you make a purchase, we will retain the billing data up to seven years from the billing date to meet tax legislation requirements.
When you have given us your consent to send you marketing communications, you can withdraw it at any time. We will consider your consent to be current for five years from your last interaction with any email we have sent you.
If there is a legal requirement to retain your data for a specific minimum period, we will retain this data for that period.
YOUR RIGHTS REGARDING YOUR PERSONAL DATA
You can use these rights free of charge at any time by emailing email@example.com or writing to The Data Controller, Aimé, 32 Ledbury Road, London W11 2AB.
You can access the data we hold about you. You have the right to know where that data came from and how we use it. This information can be requested by email addressed to firstname.lastname@example.org. The email account from which you send the email request must match the email account for the personal data record requested. We will reply to your request within 30 days.
You can ask us to correct your data record;
You can withdraw your consent for us to process your data;
You can request that we erase your data. Your data will be disposed of securely within 30 days of your request.
You have the right to limit or object to the processing of your data;
In certain circumstances, you have the right to receive the data we hold about you in an easy machine-readable format and the right to obtain that we transfer that data directly to a third party nominated by you.
To ensure that our database Is not subject to breaches or illegitimate use by third parties, we will ask you to confirm your identity before carrying out your request.
If you believe that we are processing your personal data in contravention of the law, you can file a complaint with the ICO (Information Commissioner’s Office). More information on how to complain is available here www.ico.org.uk.