dryrobe® Privacy Policy

This Privacy Policy explains the:

• Identity and contact information of the data controller
• Legitimate interests of the data controller or third party (if applicable)
• Purpose of the processing and the lawful basis for the processing
• Categories of personal data to be processed
• Details of whether personal data came from direct or indirect sources
• Receipts or categories of recipients of the personal data
• Details of the data transfer to a third country and safeguards
• Length of time personal data is processed and any criteria used to establish the length of time the data is processed
• Data Subjects Rights (Your rights)
• Right to complain to the supervisory authority/regulator
• Details of any part of a statutory or contractual requirement and possible consequences of failing to provide personal data
• The existence of any automated decision making, including profiling and information about how decisions are made.

This Privacy Policy applies to the information that we may obtain from you through your use of our website(s), collectively called the “Services”. If you have any questions or need more information about these Services, please contact us at the email address in the section below.

For the purpose of the data protection & Privacy legislation the Data Controller is dryrobe Ltd.

Legal Status “I” “we” “us” “our”

Trading as dryrobe

Postal Address Unit 4 Velator Way Braunton EX332FB United Kingdom

Email address privacy@dryrobe.com

How do we use the information we collect?

We may use the information we collect for a variety of purposes, including to:

• Make our Services work for you;
• Provide, operate, maintain, improve, personalise, and promote our services;
• Develop new products, services, features, and functionality;
• Process and complete transactions, and send you related information, including purchase confirmations and invoices;
• Communicate with you, including responding to your comments, questions, and requests; providing customer service and support;
• Providing you with information about services, transmitting technical notices, updates, security alerts, administrative messages, or advertising or marketing messages;
• Providing other news or information about us;
• Monitor and analyse trends, usage, and activities in connection with our services;
• Investigate and prevent fraudulent transactions, unauthorised access to our Services and other illegal activities.

How do we get your consent for collecting and storing information?

We only process personal data on the basis that:-

Such processing is necessary in order to enter into or preform a contact for our service(s).

Processing is necessary in order to protect the vital interests of the data subject or of another natural person.

It is necessary for compliance with a legal obligation to which the controller is subject.

We have a legitimate interest which is not overridden by the rights or freedoms of the affected data subjects.

The data subject has consented to such processing.

We only process special category personal data in relation to employment on the basis that:-

It is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law in so far as it is authorised by Union or Member State law or a collective agreement pursuant to Member State law providing for appropriate safeguards for the fundamental rights and the interests of the data subject.

Processing is necessary to protect the vital interests of the data subject or of another natural person where the data subject is physically or legally incapable of giving consent.

What information do we collect from you, and how is it used?

Direct:

You can visit our website without telling us who you are and without revealing any personal information about yourself. To provide full service however, we will most often need to collect information about you when your register for an account and when you create or modify your personal data on one of our Services. The types of Information we collect may include email address, country of residence, your name, postal address and phone number.

We do not process sensitive / special categories of personal data, nor facilitate processing personal data of data subjects under the age of consent (children).

Indirect:

From cookies: We may also collect “cookie” information that we save to your computer or mobile device. Cookies are small data files stored on your hard drive or in device memory. We use cookies to improve and customise our Services and your experience; to allow you to access and use our Services without re-entering your username and password; to log visits and to understand which areas and features of the Services are most popular. We may also associate the information we store in cookies with personal information you submit while using our services. You can instruct your browser, by changing its options to stop accepting cookies or to prompt you before accepting a cookie from websites you visit. If you do not accept cookies, however, you may not be able to use all aspects of our Services.

For specific information on cookies, please read our cookies policy.

Logs: We may record certain information and store it in log files when you interact with our Services. This information may include Internet Protocol (IP) or other device addresses or ID numbers as well as browser type, Internet service provider, URLs or referring / exit pages, operating system, date/time stamp, information you search for, local and language preferences, your mobile carrier, and system configuration information.

Analytics: We and our analytics providers also collect and store analytics information when you use our Services to help us improve our Services. We make sure this data is anonymous by not connecting analytics data to personally identifiable data number as a name, email address, physical address, or phone number.

We are not in the business of selling your personal information. We consider this information to be a vital part of our relationship to you. There are, however, certain circumstances in which we may share your personal information with third party processors, as set forth below.

With your consent: We will not share your personal information with companies, organisations, or individuals who are not associated with us unless we have your affirmative consent to do so.

Payment Processing: We use a third-party service provider to manage credit card processing. This service provider is not permitted to store, retain, or use billing information except for the sole purpose of credit card processing.

Newsletter Service: We use a commercial application to facilitate our newsletter service.

Compliance with Laws and Law Enforcement Requests; Protection of Our Rights: We may disclose your information (including your personal information) to a third party if:

• We believe that disclosure is reasonably necessary to comply with any applicable law, regulation, legal process or government request
• To protect the security or integrity of our products and services
• To protect our property, rights, and safety and that of our customers of the public from harm or illegal activities
• To respond to an emergency which we believe in the good faith required is to injury of any person; or
• To investigate and defend ourselves against any third-party claims or allegations.

Business Transfers:

We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company. We will notify you of such a change in ownership or transfer of assets by posting a notice on our website.

Data Transfers:

The data controller does not transfer personal data outside of the United Kingdom or European Union, apart from the following exceptions where indicated below. All data processors acting on behalf of the data controller have appropriate safeguards in place. For example, those operating in the USA, are signed up to the EU-US Privacy Shield.

The following third-party services providers are used by us and only process data in accordance with the instructions from the data controller:-

Klaviyo
https://www.klaviyo.com/privacy/policy
Newsletter sign-up
US

PayPal
https://www.paypal.com/en/webapps/mpp/ua/privacy-full
Payment Processing
LU

Shopify
https://www.shopify.com/legal/privacy
Customer Relationship & Web Management system.
CA

Lucky Orange
https://www.luckyorange.com/privacy.php
Website Performance
US

Brightpearl
https://www.brightpearl.com/privacy-policy-eu/
ERP System and Order Processing
UK

Retaining some data may be subject to a statutory retention period and this must be adhered to, (to keep certain data for a minimum period of time). This may include personal data (name, address, contact details), but on expiry of such statutory requirement, such data will be destroyed securely. Where possible any personally identifiable data will be anonymised or pseudonymised.

Your information we use for marketing purposes will be kept with us until you notify us that you no longer wish to receive this information.

The data controller does not process personal data in respect of any statutory requirement, nor require personal data to be supplied as part of any contractual agreement, however in respect of the controller’s services, certain communications may not be possible without such personal data being supplied, for example an email to furnish with updates information etc. or an address to fulfil an order.

No profiling or automatic decision making processes are undertaken by the data controller in respect of any personal data processing activities.

Your fundamental rights as a Data Subject are:

1. The right to be informed
2. The right of access
3. The right of rectification
4. The right of erasure (often known as the right to be forgotten)
5. The right to prevent processing
6. The right to data portability
7. The right to object
8. Rights in relation to automatic decision making and profiling.

Under the right of access (2), you have the right to obtain:-

• Confirmation that your data is being processed;
• Access to your personal data; and
• Other supplementary information

So that you are aware of and can verify the lawfulness of the processing.

Your right to access can be exercised by contacting the data controller as above. Please note that not all of the fundamental rights are absolute some apply in certain circumstances only.

You have the right to complain about the organisations processing your personal data. You can exercise this right by contacting the supervisory authority of the data controller as follows:-

Head Office
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Tel: 03031 231113 (local rate) or 01625 545745 if you prefer to use a national rate number

Issue date 08.06.2020

In order to offer you Klarna’s payment methods, we might in the checkout pass your personal data in the form of contact and order details to Klarna, in order for Klarna to assess whether you qualify for their payment methods and to tailor those payment methods for you. Your personal data transferred is processed in line with Klarna’s own privacy notice.