This is the privacy notice of Young Ted Clothing. In this document, “we”, “our”, or “us” refer to Young Ted Clothing.
We are company registered in the United Kingdom, and our registered office is at 47 Redstone Lane, Stourport on Severn, Worcestershire DY13 0JD.
Policy Update for General Data Protection Regulation (GDPR) Compliance (May 2018)
The EU General Data Protection Regulation (GDPR) effective from May 2018 gives all EU citizens more rights and protections for their personal data, to minimise the possibility of theft and fraud.
These regulations include provisions for the following areas:
The right to be informed: Companies must publish a privacy notice, in addition to explaining transparently how they use this personal data.
The right of access: Individuals will have the right to demand details of any of their data that a company may hold. This information must be provided within one month of request at no charge to the individual.
The right to rectification: If a person’s data is incorrect or incomplete, he or she has the right to have it corrected. If the company that holds the information has passed any of that information to third parties. The company must inform the third party of the correction and inform the person which third parties have their personal data.
The right to be forgotten: A person may request the removal of his or her personal data in specific circumstances.
The right to restrict processing: Under certain circumstances, an individual can block the processing of his or her personal data.
The right to data portability: A person can access their data for their own use anywhere they prefer.
The right to object: A person can object to the use of their personal data for most purposes.
i) It sets out the conditions under which we may process any information that we collect from you when you use this website, or that you provide to us. It covers information that could identify you (“personal information”) and information that could not. In the context of the law and this notice, “process” means collect, store, transfer, use or otherwise act on information.
ii) We take seriously the protection of your privacy and confidentiality. We understand that all visitors to our website are entitled to know that their personal data will not be used for any purpose unintended by them and will not accidentally fall into the hands of a third party.
iii) We undertake to preserve the confidentiality of all information you provide to us, and hope that you reciprocate.
iv) Our policy complies with UK law accordingly implemented, including that required by the EU General Data Protection Regulation (GDPR).
v) The law requires us to tell you about your rights and our obligations to you in-regards to the processing and control of your personal data. We do this now, by requesting that you read the information provided at http://www.knowyourprivacyrights.org/legitimate-uses/
vi) Except as set out below, we do not share, or sell, or disclose to a third party, any information collected through our website.
The bases on which we process information about you
The law requires us to determine under which of six defined bases we process different categories of your personal information, and to notify you of the basis for each category.
If a basis on which we process your personal information is no longer relevant, then we shall immediately stop processing your data.
If the basis changes then if required by law we shall notify you of the change and of any new basis under which we have determined that we can continue to process your information.
Information we process because we have a contractual obligation with you
When you create an account (giving full name, address, email address etc) or buy a product from us on our website, or otherwise agree to our terms and conditions, a contract is formed between you and us.
In order to carry out our obligations under that contract we must process the information you give us. Some of this information may be personal information. We may use it in order to:
1.1 Verify your identity for security purposes
1.2 Sell products to you
1.3 Provide you with our services
1.4 Provide you with suggestions and advice on products, services and how to obtain the most from using our website
We do not share your personal information that we obtain from you when you purchase an item from our website with any third party companies, outside of those stored by the third party companies who we use to run our online clothing platform, deal with the payment process and use to generate our Newsletter service (see Third Party Data Processors). No financial data is retained by these third party processors.
We process this information on the basis there is a contract between us, or that you have requested we use the information before we enter into a legal contract.
Additionally, we may aggregate this information in a general way and use it to provide class information, for example to monitor our performance with respect to a particular service or product we provide. If we use it for this purpose, you as an individual will not be personally identifiable.
We shall continue to process this information until the contract between us ends or is terminated by either party under the terms of the contract.
2. Information we process with your consent
Through certain actions when otherwise there is no contractual relationship between us, such as when you browse our website or ask us to provide you more information about our business (including job opportunities at Young Ted Clothing) and our products, you provide your consent to us to process information that may be personal information.
Sometimes you might give your consent implicitly, such as when you send us a message by email to which you would reasonably expect us to reply.
Except where you have consented to our use of your information for a specific purpose, we do not use your information in any way that would identify you personally. We continue to process your information on this basis until you withdraw your consent, or it can be reasonably assumed that your consent no longer exists.
You may withdraw your consent at any time by instructing us www.youngted.com, email: firstname.lastname@example.org or write to us at Young Ted Clothing, 47 Redstone Lane, Stourport on Severn, Worcestershire DY13 0JD, UK.
3. Information we process for the purposes of legitimate interests
We may process information on the basis there is a legitimate interest, either to you or to us, of doing so. Where we process your information on this basis, we do after having given careful consideration to:
– whether the same objective could be achieved through other means
– whether processing (or not processing) might cause you harm
– whether you would expect us to process your data, and whether you would, in the round, consider it reasonable to do so
For example, we may process your data on this basis for the purposes of:
– record-keeping for the proper and necessary administration of Young Ted Clothing
– responding to unsolicited communication from you to which we believe you would expect a response
– protecting and asserting the legal rights of any party
– insuring against or obtaining professional advice that is required to manage Young Ted Clothing’s risk
– protecting your interests where we believe we have a duty to do so
4. Information we process because we have a legal obligation
We are subject to the law like everyone else. Sometimes, we must process your information in order to comply with a statutory obligation.
For example, we may be required to give information to legal authorities if they so request or if they have the proper authorisation such as a search warrant or court order.
This may include your personal information.
Specific uses of information you provide to us…
5. Information provided on the understanding that it will be shared with a third party
Our website allows you to post information with a view to that information being read, copied, downloaded, or used by other people, i.e. posting a comment on the ‘Blog’ section of our website. In posting any personal information, it is up to you to satisfy yourself about the privacy level of every person who might use it.
We do not specifically use this information except to allow it to be displayed or shared.
We store it on said blog and we reserve a right to use it in the future in any way we decide. Or until the comment is removed due to being out of date and new material has superseded it, or provided your request is reasonable and there is no legal basis for us to retain it, then at our discretion we may agree to your request to delete personal information that you have posted. You can make a request by contacting us at www.youngted.com or email: email@example.com
Once your information enters the public domain, we have no control over what any individual third party may do with it. We accept no responsibility for their actions at any time.
6. Security/Information on data we hold
We only collect information that we or our third party processors need for a specific purpose. We keep this information secure at all times, and ensure it is relevant and up to date.
We only hold the information we need that is important to the nature and running of Young Ted Clothing. Our third party processors will have different policies, so please read their current privacy policies to see what these are.
We store this data only for as long as we need it from a business perspective; and allow the subject of the information to see it on request.
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical and electronic procedures to safeguard and secure the information we collect online. Our site is SSL certificated, which gives our website a padlock, reassuring visitors they and their data are safe on our site.
We ensure that any data processor (see Third Party Processors) we use implements appropriate technical and organisational measures, i.e. encryption and/or pseudonymisation where it is appropriate to do so, and they undertake an analysis of the risks presented by their processing and use this to assess the appropriate level of security they need to put in place. These third party processors make sure they can restore access to personal data in the event of any incidents, such as by establishing an appropriate backup process.
We understand the requirements of confidentiality, integrity and availability for the personal data we and our third party processor’s process, we also make sure that we regularly review our information security policies and measures and, where necessary, improve them. Where necessary, we have additional policies and ensure that controls are in place to enforce them.
Any physical personal data arising from that stored in the encrypted services provider by our third party processors, i.e. printed hard copy material (i.e. emails printed off, letters etc.), Post-It notes and other correspondence is filed away securely onsite at the address registered for Young Ted Clothing.
Access to your own information
At any time you may review or update personally identifiable information that we hold about you, either by signing in to your account on our website if you have one, emailing us at firstname.lastname@example.org or writing to us at Young Ted Clothing, 47 Redstone Lane, Stourport on Severn, Worcestershire DY13 0JD.
To obtain a copy of any information that is not provided on our website you may send us a request at the email stated above. After receiving the request, we will tell you when we expect to provide you with the information
Removal of your information
‘Article 17 of the GDPR, The Right to Erasure’, states:
Data Subjects have the right to obtain erasure from the data controller (Young ted Clothing), without undue delay, if one of the following applies:
The controller doesn’t need the data anymore
The subject withdraws consent for the processing with which they previously agreed to (and the controller doesn’t need to legally keep it (N.B. Many will, e.g. banks, for 7 years.)
The subject uses their right to object (Article 21) to the data processing
The controller and/or its processor is processing the data unlawfully
There is a legal requirement for the data to be erased
The data subject was a child at the time of collection (See Article 8 for more details on a child’s ability to consent)
If a controller makes the data public, then they are obligated to take reasonable steps to get other processors to erase the data
Data might not have to be erased if any of the following apply:
The “right of freedom and expression”
The need to adhere to legal compliance, e.g. a bank keeping data for 7 years.
Reasons of public interest in the area of public health
Scientific, historical research or public interest archiving purposes
For supporting legal claims, e.g. PPI offerings.
If you wish us to remove personally identifiable information from our website or that we have hard copy form, you may contact us (as shown above). In some circumstances this may limit the service we can provide to you. All electronic data will be erased and all hard copy shredded.
Verification of your information
When we receive any request to access, edit or delete personal identifiable information we shall first take reasonable steps to verify your identity before granting you access or otherwise taking any action. This is important to safeguard your information.
Retention period for personal data
Except as otherwise mentioned in this privacy notice, we keep your personal information only for as long as required by us:
To provide you with the services you have requested or are seeking.
To comply with other law, including for the period demanded by our tax authorities.
To support a claim or defence in court.
We will endeavour to report any breaches in data security within 72 hours, to data protection authorities such as the Information Commissioner’s Office (ICO) in the UK. And let those affected by any breach know within the same timescale.
7. Complaints regarding content on our website
We attempt to moderate user generated content, i.e. on our blog page of Young Ted Clothing, but we are not always able to do so as soon as that content is published.
If you complain about any of the content on our website, we shall investigate your complaint.
If we feel it is justified or if we believe the law requires us to do so, we shall remove the content while we investigate.
Free speech is a fundamental right, so we have to make a judgment as to whose right will be obstructed: yours, or that of the person who posted the content that offends you.
If we think your complaint is vexatious or without any basis, we shall not correspond with you about it.
8. Information relating to your method of payment
Payment information is never taken by us or transferred to us either through our website or otherwise. Our employees and contractors never have access to it.
At the point of payment of any products on our website, you are transferred to a secure page on the website of PayPal. Neither us or PayPal retain any financial information you may submit as part of the purchasing process. You are directed to use PayPal’s payment process during the final stages of our checkout process. (See further information in Third Party Data Processors).
9. Sending a message to our support team
When you contact us, whether by mail, through our website or by email, we collect the data you have given to us in order to reply with the information you need.
We record your request and our reply in order to increase the efficiency of Young Ted Clothing.
We keep personally identifiable information associated with your message, such as your name and email address so as to be able to track our communications with you to provide a high-quality service.
When we receive a complaint, we record all the information you have given to us.
We use that information to resolve your complaint.
If your complaint reasonably requires us to contact some other person, we may decide to give to that other person some of the information contained in your complaint. We do this as infrequently as possible, but it is a matter for our sole discretion as to whether we do give information, and if we do, what that information is.
We may also compile statistics showing information obtained from this source to assess the level of service we provide, but not in a way that could identify you or any other person.
11. Affiliate and business partner information
We do not currently do not have any affiliates or business partners.
12. Use of information we collect through automated systems when you visit our website
Cookies are small text files that are placed on your computer’s hard drive by your web browser when you visit any website. These include:
Strictly necessary cookies – these cookies are essential in helping you to move around our site and use its features, such as accessing secure areas of the website. Without these cookies, services you have asked for, such as setting up an account cannot be provided. These cookies do not gather information about you that could be used for marketing or remembering where you’ve been on the internet.
Analytical/performance cookies – in order to keep the site, its services and products relevant, easy to use and up-to-date, we use web analytics services to help us understand how people use our website. For example, we can see which parts of Young Ted Clothing and products are most popular, identify when errors occur, and test different versions of a page or feature to see which one works best.
Functionality cookies – these cookies allow websites and applications to remember choices you make (such as your user name, language or the region you are in) and provide enhanced, more personal features. The information these cookies collect is usually anonymised which means we can’t identify you personally. They do not gather any information about you that could be used for selling advertising or remembering where you’ve been on the internet.
Some cookies may last for a defined period of time, such as one day or until you close your browser. Others last indefinitely.
Your web browser should allow you to delete any you choose. It also should allow you to prevent or limit their use.
– to track how you use our website
– to record whether you have seen specific messages we display on our website
– to keep you signed in to our site
– to record your answers to surveys and questionnaires on our site while you complete them
13. Personal identifiers from your browsing activity
Requests by your web browser to servers run by our third party Data Processor (see Third Party Data Processors) for web pages and other content on our website are recorded.
They record information such as your geographical location, your Internet service provider and your IP address. They also record information about the software you are using to browse our website, such as the type of computer or device and the screen resolution.
We use this information in aggregate to assess the popularity of the webpages on our website and how we perform in providing content to you.
If combined with other information we know about you from previous visits, the data possibly could be used to identify you personally, even if you are not signed in to our website.
14. Email Newsletter/Marketing
If you choose to give consent and sign up for our regular Email newsletter, the email address that you submit to us will be stored with our third party data processor (See Third Party Data Processors), which we use for our email platform to customers who give consent. The email address that you submit will be stored by these third party processors and be available to us to use for as long as we continue to use these processors for email marketing or until you specifically request removal from the list (see Changing Your Marketing Preferences).
Obtaining your consent
We will obtain your consent to send you information on latest products and promotions, via email, through our ‘Sign Up’ form on our home page on Young Ted’s Website. By signing up and sending in your name and email details you are allowing consent for us to send you our regular newsletters . You can change your email preferences at any time (see below for contact details on how to do this).
We do not share your personal information that we obtain from you when you sign up to receive our emails with any third party companies or individuals, outside of the company who we use to run our email marketing service (see Third Party Data Processors), for the purpose of them marketing their products with you.
Changing your marketing preferences
You can change and update your email marketing preferences at any time by:
- Clicking unsubscribe in the body of the email sent to you;
- Going online to My Account; or
- Calling us on 07557 350325
- Writing to us at the address mentioned below
15. Social Media
16. Site Visitation Tracking
Like most websites, this site uses Google Analytics (GA) (we use WooCommerce Google Analytics Integration, which connects WooCommerce to Google Analytics) to track user interaction and collect personal information. We use this data from Google to determine the number of people using our site, to better understand how they find and use our web pages and to track their journey through the website, and to keep an eye on purchase habits etc. Although Google Analytics records data such as your approximate geographical location, device, internet browser and operating system, none of this information personally identifies you to us. GA also records your computer’s IP address which could be used to personally identify you but Google do not grant us access to this. We consider Google to be a third party data processor (see section on data processors).
Website visitors who don’t want their data used by Google Analytics can install the Google Analytics opt-out browser add-on. To opt-out of Analytics for the web, visit the Google Analytics opt-out page and install the add-on for your browser. Learn more about the opt-out and how to properly install the browser add-on here. Visitors can also opt-out of Google Analytics for Display Advertising and customize Google Display Network ads using the Ads Settings.
For your information our website uses the WooCommerce (the Ecommerce shop platform we use to run Young Ted Clothing) implementation (plug-in) of Google Analytics as stated above.
17. Our Third Party Data Processors
A third party data processor is defined under GDPR as, “a natural or legal person or organisation which processes personal data on behalf of a controller.”
This essentially means any third party who processes personal data on your behalf. This could include cloud services, mailing houses, hosting companies and any other organisation whereby you share personal data as part of your business operations or as part of any projects you may be running.
We use the third parties highlighted below to process personal data on our behalf, including payments, website platforms and email newsletters. The third parties we use are PayPal, WooCommerce, MailChimp and Google Analytics.
PayPaypal: We use PayPal as a third party processor to manage payments for any products purchased from our website. Neither us or PayPal retain any financial information you may submit as part of the purchasing process. You are directed to use PayPal’s payment process during the final stages of our checkout process. PayPal monitor every transaction, 24/7 to prevent fraud, email phishing and identity theft. Every transaction is heavily guarded behind PayPal’s advanced encryption. If something appears suspicious, their dedicated team of security specialists will identify suspicious activity and help protect you from fraudulent transactions. PayPal or Young Ted Clothing will never ask for any sensitive information. Your data as mentioned is encrypted before transmission to prevent misuse of the transmitted data by third parties.
Most of the time e-commerce sites do not store its user’s credit card information, CCV and other data unless the customer explicitly permits them to. Therefore, the user can have trust that their payment is processed by PayPal and is reliable enough to have obtained what is called a PCI Compliance which is required to be able to process credit card transactions.
SSL (Secure Socket Layer) is a security technology which guarantees that your personal data, including credit card information, login data and payment method, are securely transferred via the Internet. The data is encrypted so that is only readable by the PayPal payment system. Your data which is encrypted, is as follows:
– personal data (address data, telephone number, etc.)
– login data (username and password)
– all methods of payment selected, credit card and bank account
WooCommerce: We use Woocommerce, a WordPress Plug-In as our online Ecommerce business platform, which powers our website and enables us to sell our current range of products online globally. Customers can browse products and place orders on www.youngted.com, these orders are then logged and stored being posted out to customers all over the world. From a security perspective, WordPress is secure and we update, maintain, optimise our WordPress ‘controlled’ site on a regular basis.
We also use a number of Plugins available through the Woocommerce platform. These enable us to add features that help with the ecommerce process and to also add another layer of security. The plugins monitor our site’s activity and prevent most common types of cyberattacks, and we receive instant notification whenever there’s suspicious activity going on. Areas of security include:
Secure Passwords: We ask customers who create their own account on Young Ted Clothing to provide strong and complex passwords to help with their own security.
Secure Checkout/SSL: Our SSL certificate, or HTTPS, ensures that any data transferred is secure and encrypted. This ensures the safety of the user’s data, as well as enabling safe and secure shopping.
These Plugins within Woocommerce do not hold any and have no access to any personal information of the user.
MailChimp: We use WooCommerce’s MailChimp plug-in to generate our newsletter service. Our store is connected to MailChimp’s automation platform, and we create and send our newsletters through this service.
We act as the controller in our relationship with MailChimp, we decide what information is uploaded or transferred into our MailChimp account; direct MailChimp, and through this application we regularly send out newsletters to those customers who have signed up to receive them and instruct MailChimp to place advertisements on their behalf on third party platforms such as Facebook or Instagram. MailChimp is acting as a Processor by performing this service for us.
See section 16 on Site Visitation Tracking on the use of Google Analytics (Google Suite) within our Young Ted Clothing ecommerce shopping platform.
18. Third party advertising on our website
We do not currently allow any form of third party advertising on our website.
Children need particular protection when collecting and processing their personal data because they may be less aware of the risks involved. We and our third party processors are aware of the law when it comes to dealing with, complying and gaining consent to use a child’s personal data.
We and our third party processors collect data about all users of and visitors to our website regardless of age, and we anticipate that some of those users and visitors will be children. Children have the same rights as adults over their personal data. These include the rights to access their personal data; request rectification; object to processing and have their personal data erased. An individual’s right to erasure is particularly relevant if they gave their consent to processing when they were a child.
Children under the age of 13 must get parental consent to use those areas of the site where approval is needed, i.e. setting up an account and signing up for our newsletter.
We do not knowingly collect personal data from children under 13 (note that the minimum age may vary based on country/region). If you become aware that a child has provided us with personal data without parental consent, please contact us through the contact details mention elsewhere in this document. If we become aware that a child under 13 has provided us with information without parental consent, we will take steps to remove the data and cancel the child’s account.
20. Approved Nation/Territory Cross-Border Processing
As of May 2018 territories which have concluded to have sufficient or equal data protection laws to the GDPR. As a consequence, third-party cross-border processing is permitted. The list of countries includes (correct at time of writing) Andorra, Argentina, Canada, Faroe Islands, Guernsey, Isle of Man, Israel, Jersey, New Zealand, Switzerland, United States of America (Privacy Shield), Uruguay
21. Compliance with the law
However, ultimately it is your choice as to whether you wish to use our website.
We may update this privacy notice from time to time as necessary. The terms that apply to you are those posted here on our website on the day you use our website. We advise you to print a copy for your records.