Privacy
Policy & Data Collection
Privacy Policy Updated October 2018
We are committed to protecting and respecting your privacy. This policy sets out the basis on which any personal data we collect will be processed by us. Please read this privacy policy carefully to understand our views and practices and your rights regarding your personal data. By visiting www.caratlondon.com (our site) your personal information will be processed as described in this policy.
References in this Privacy Policy to “we”, “us” and Carat* are to Managebest Limited (company number 05975529) trading as Carat* London, registered office 62 High Street, Wimbledon, London, United Kingdom, SW19 5EE.
WHAT INFORMATION DO WE COLLECT FROM YOU?
We will collect and process the following data about you:
- Information you give us. You provide us with your information directly when you make a purchase in-store, register on our site or shop online. We also collect information about you when you contact Carat* through any channel (including phone, post, email, live chat or social media).
- the information you give us may include your name, date of birth, address, email address, phone number and financial information.
- Information we collect from your use of our site. With regard to each of your visits to our site we will automatically collect the following information:
- technical information from, such as the Internet protocol (IP) address used to connect your device to the Internet, whereabouts you connected to our service, your internet service provider (ISP), and what type of device you are using to access our service;
- information about your visits to our site, including whether you have visited our site before (including date and time); how you reached our site, pages you viewed or searched for, length of time spent viewing pages, frequency of voucher and discount usage and any phone number used to contact us.
Further information about your data that is collected through the use of our site is set out below in the ‘Cookies’ section.
- Information we collect as part of our competitions, prize draws, giveaways and offers or events.
- When you participate in a Carat* competition, prize draw, giveaway or offer, or sign up to attend one of our events, either through Carat* or indirectly through a third party, we will collect information about you. Your information will be used to administer competitions and manage events, to check your eligibility for each of our benefits, and to track your usage so that we can monitor customer engagement to improve our service.
- Information we collect throughout our relationship. This is information relating to your order and any communications you may have with us regarding our products and services.
- Information we collect when you call us. If you call us we will automatically collect the following information:
- the phone number used to call us.
- Information we receive from other sources. We are working closely with selected online retailers such as Shop Direct, who may collect personal data from you.
- We will only use this information to contact you about your order, answer any enquires and to facilitate the delivery of purchases you make through our retail partners.
- Providing us with your details online. This is information you may choose to provide us with using the ‘Livechat’ or ‘Contact Us’ sections of our site or where you email Carat* directly.
- It includes your name, address, telephone number, email address and preferences for receiving emails from us. Please let us know if any of this information changes so we can keep our records up to date.
- Information collected through the operation of CCTV. To ensure your safety and for the prevention and detection of crime, CCTV is in operation during your visit to any of our retail outlets. CCTV is also used at our concession outlets in Selfridges and John Lewis and will be subject to their privacy notice.
- Please be aware that if we are requested to provide CCTV images of you or any other personal information relating to you by the police or any other regulatory or government authority investigating suspected illegal activities, we are obliged to do so.
WHY DO WE COLLECT THIS INFORMATION?
We process your personal information for the following reasons:
- Pursuant to a contract in order to:
- process information at your request to take steps to enter into a contract;
- provide you with our products and services;
- process payments, please note we do not store any payment card numbers once the transaction has been completed. We share your personal information with credit card companies and other payment providers;
- make deliveries;
- process your tax free rebates. We share your information with HMRC;
- maintain business and service continuity;
- send service communications so that you receive a full and functional service and so we can perform our obligations to you. These may be sent by email or phone. These will include notifications about changes to our service. We share your information with our communication partners for this purpose.
- On the basis of your consent:
- Where we rely on your consent for processing this will be brought to your attention when the information is collected from you;
- We will only contact you with direct marketing communications if you consent to us doing so and you can unsubscribe at any time by clicking the link in any e-mail. See the What are your rights? section below for more information.
- In our legitimate interests of providing the best service and improving and growing our business we will process information in order to:
- provide you with a personalised service;
- improve our products and services;
- keep our site and systems safe and secure;
- understand our customer base and purchasing trends;
- defend against or exercise legal claims and investigate complaints; and
- understand the effectiveness of our marketing.
We will carry out analytics to improve our products and services as set out above.
This will include analysing aggregated customer information with other interactions customers have with Carat* in order to continually improve the products and services we offer through our stores, concession outlets and our site. We do this using Google Analytics.
You have the right to object to processing carried out for our legitimate interests. See the What are your rights? section below for more information.
- To comply with legal requirements relating to:
- the provision of products and services;
- data protection;
- health and safety;
- anti-money laundering;
- fraud investigations;
- assisting law enforcement; and
- any other legal obligations placed on us from time to time.
HOW LONG DO WE KEEP HOLD OF YOUR INFORMATION?
- We will keep information about you for a maximum of 6 years after the end of our relationship with you unless obligations to our regulators require otherwise or we are required to remove such data from our records.
- Telephone records.This information will not be processed or retained by Carat*.
WHO MIGHT WE SHARE YOUR INFORMATION WITH?
For the purposes set out in the ‘Why do we collect this information?’ section above, we will share your personal information with:
- the following categories of third parties, some of whom we appoint to provide services, including:
- business partners, subsidiaries, suppliers and sub-contractors for the performance of any contract we enter into with you;
- analytics and search engine providers that assist us in the improvement and optimisation of our site;
- Customer survey providers in order to receive feedback and improve our services.
- Any member of our group, which means our subsidiaries.
- We use Shopify to power our online store – you can read more about how Shopify uses your Personal Information here: https://www.shopify.com/legal/privacy.
Additionally, we will disclose your personal information to the relevant third party:
- In the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets.
- If we are acquired by a third party, in which case personal data held by us about our customers will be one of the transferred assets.
- If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements; or to protect the rights, property, or safety of our customers, our regulator, or others. [This includes exchanging information with other companies and organisations for the purposes of fraud protection and prevention of money laundering and credit risk reduction].
- Social Partners for Behavioural Advertising; we use your Personal Information to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work. You can opt out of targeted advertising by using the links below:
HOW IS YOUR DATA SHARED, STORED AND KEPT SECURE?
At Carat* London, we take your safety and security very seriously and we are committed to protecting your personal and financial information. All information kept by us is stored on our secure servers. Where we have given you (or where you have chosen) a password that enables you to access certain parts of our service, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
- The personal information you provide to us may be transferred or stored in countries located outside of the European Economic Area (EEA). By way of example, if any of our servers or those of our third party service providers are from time to time located in a country outside of the EEA or if our third party suppliers themselves send personal Information out of the EEA. These countries may not have similar data protection laws to the UK and may not have adequate data protection laws equivalent to those in the EEA. The only non-EEA countries to which we currently transfer your personal data are the United States of America.
- If we (or our third party suppliers) transfer or store your information outside of the EEA in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this policy. These steps include imposing contractual obligations on the recipient of your personal information or ensuring that the recipients are subscribed to ‘international frameworks’ that aim to ensure adequate protection. Please contact us using the details at the end of this policy for more information about the protections that we put in place and to obtain a copy of the relevant documents.
- We use third party platforms to manage and deliver customer relationship management (CRM); newsletter mailing campaigns; online advertising, customer analytics, fulfilment of orders, delivery, returns, refunds, IT services and similar services necessary to provide a service to you. In providing the services, your personal information will, where applicable, be used by the service provider on our behalf. We will check any third party that we use to ensure that they can provide sufficient guarantees regarding the confidentiality and security of your personal information. We will have written contracts with them which provide assurances regarding the protections that they will give to your personal information and their compliance with the required data security standards and international transfer restrictions.
WHAT ARE YOUR RIGHTS?
Where processing of your personal data is based on consent, you can withdraw that consent at any time.
You have the following rights. You can exercise these rights at any time by contacting us at uk@carat.co. You have the right:
- to ask us not to process your personal data for marketing purposes. We will inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes;
- To ask us not to process your personal data where it is processed on the basis of legitimate interests provided that there are no compelling reasons for that processing;
- To ask us not to process your personal data for scientific or historical research purposes, where relevant, unless the processing is necessary in the public interest.
- to request from us access to personal information held about you;
- to ask for the information we hold about you to be rectified if it is inaccurate or incomplete;
- to ask for data to be erased provided that the personal data is no longer necessary for the purposes for which it was collected, you withdraw consent (if the legal basis for processing is consent), you exercise your right to object, set out below, and there are no overriding legitimate ground for processing, the data is unlawfully processed, the data needs to be erased to comply with a legal obligation or the data is children’s data and was collected in relation to an offer of information society services;
- to ask for the processing of that information to be restricted if the accuracy of that data is contested, the processing is unlawful, the personal data is no longer necessary for the purposes for which it was collected or you exercise your right to object (pending verification of whether there are legitimate grounds for processing);
- to ask for data portability if the processing is carried out by automated means and the legal basis for processing is consent or contract.
Should you have any issues, concerns or problems in relation to your data, or wish to notify us of data which is inaccurate, please let us know by contacting us using the contact details above. In the event that you are not satisfied with our processing of your personal data, you have the right to lodge a complaint with the relevant supervisory authority, which is the Information Commissioner’s Office (ICO) in the UK, at any time. The ICO’s contact details are available here: https://ico.org.uk/concerns/.
CHANGES TO OUR PRIVACY POLICY:
To ensure that you are always aware of how we use your personal information we will update this privacy policy from time to time to reflect any changes to our use of your personal information. We may also make changes as required to comply with changes in applicable law or regulatory requirements. We will notify you by Email of any significant changes. However, we encourage you to review this Privacy Policy periodically to be informed of how we use your personal information.
HOW WE COLLECT DEVICE INFORMATION:
“Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org.
“Log files” track actions occurring on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
“Web beacons”, “tags”, and “pixels” are electronic files used to record information about how you browse the Site.
WHAT COOKIES DO WE USE?
We use cookies and similar technology to distinguish you from other users of our site. This helps us to provide you with a good experience when you use our site and also allows us to improve our site.
We use the following cookies for the following purposes:
- Strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website.
- Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
- Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you and remember your preferences.
- Targeting cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website more relevant to your interests.
You can find more information about the individual cookies we use and the purposes for which we use them in the table below:
Cookies Necessary for the Functioning of the Store:
Cookie name |
Purpose |
_ab |
Used in connection with access to admin. |
_orig_referrer |
Used in connection with shopping cart. |
_secure_session_id |
Used in connection with navigation through a storefront. |
Cart |
Used in connection with shopping cart. |
cart_sig |
Used in connection with checkout. |
cart_ts |
Used in connection with checkout. |
checkout_token |
Used in connection with checkout. |
Secure_customer_sig |
Used in connection with customer login. |
storefront_digest |
Used in connection with customer login. |
_Brochure_session |
Used in connection with browsing through site. |
Secret |
Used in connection with checkout. |
Reporting and Analytics:
Cookie Name |
Purpose |
_landing_page |
Track landing pages. |
_orig_referrer |
Track landing pages. |
_s |
Shopify analytics. |
_shopify_fs |
Shopify analytics. |
_shopify_s |
Shopify analytics. |
_shopify_sa_p |
Shopify analytics relating to marketing & referrals. |
_shopify_sa_t |
Shopify analytics relating to marketing & referrals. |
_shopify_uniq |
Shopify analytics. |
_shopify_visit |
Shopify analytics. |
_shopify_y |
Shopify analytics. |
_y |
Shopify analytics. |
tracked_start_checkout |
Shopify analytics relating to checkout. |
_shopify_sa_t |
Shopify analytics relating to marketing & referrals. |
_shopify_uniq |
Shopify analytics. |
ab_test_3190590030 |
Shopify analytics. |
cart_sig |
Shopify analytics. |
ki_r |
Shopify analytics. |
ki_t |
Shopify analytics. |
Third Party Providers:
In addition, we use some Third-Party providers and services, which may in turn place cookies on your device. For full information on these Third-Party Privacy Policies please see below.
Third Party |
Purpose |
Privacy / Cookie Policy |
Shopify |
Functioning of the website, reporting, analytics and advertising |
|
Google Analytics |
We use Google Analytics to help measure how users interact with our website. |
|
|
We use Facebook for Social Media marketing and customer service |
|
|
We use Instagram for Social Media marketing and customer service. |
HOW LONG WILL COOKIES REMAIN ON MY DEVICE?
The length of time that a cookie remains on your device depends on whether it is a "persistent or "session" cookie. Session cookies last until you stop browsing and persistent cookies last until they expire or are deleted. Most of the cookies we use are persistent and will expire between 30 minutes and two years from the date they are downloaded to your device.
HOW DO I CONTROL COOKIES?
You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site.
CONTACT US:
Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to Managebest Limited, 62 High Street, Wimbledon, London, SW19 5EE or uk@carat.co or you can call us on 0207 2406754.