Welcome to The Pretty Damned. This policy explains how we handle and use your personal information in connection with our websites and services and your rights in relation to it. Under data protection law, The Pretty Damned is the controller of that information.
The Pretty Damned (we, our or us) is committed to protecting and respecting your privacy.
This policy applies to our website located at www.theprettydamned.com and related websites, social media accounts, and our instashop (together, the Site) and the services you can access through them.
The Pretty Damned is the controller in relation to the processing activities described below. This means that The Pretty Damned decides why and how your personal information is processed in connection with those activities. Please see the section at the end of this policy for our contact and legal information.
The Site is intended for use by individuals aged 16 and over. We do not knowingly collect personal information about children. If you are under the age of 16, please do not use the Site.
- Information we collect about you
We receive personal information about you that you give to us (i.e. contact details, information you submit online via our Site and correspondence), that we collect from your use of the Site (i.e. device and Site activity data, traffic data and communication data) and that we obtain from other sources (i.e. account setup details). We only collect personal information that we need and that is relevant for the purposes for which we intend to use it.
Personal Information you give us
This is information about you that you give to us by entering information via the Site or our social media pages or by corresponding with us by phone, email or other means and is provided by you entirely voluntarily. The information you give to us can include your name, title and contact details (such as phone number, email address, postal address, social media handle), enquiry details, your opinion of our products, your comments on them and services and certain marketing preferences
If you do not provide this information to us we may not be able to contact you and/or resolve your queries effectively.
Information we collect about you from your use of the Site
Each time you use the Site we automatically collect the following information:
- the following technical information: a unique identification code for our authentication system, the internet protocol (IP) address of your device and details regarding the type of browser software you use to access the Site;
- details of your use of the Site, namely traffic data, weblogs and other communication data, including where and when you clicked on certain parts of the Site and details of the webpage from which you visited it.
If you do not provide this information, you may be unable to access some or all of the Site or its features.
Information we collect about you from other sources
- Use of your personal information
We use your personal information for a variety of reasons. We rely on different legal grounds to process your personal information, depending on the purposes of our use and the risks to your privacy. You will only receive unsolicited marketing communications from us if you have consented and can opt-out of receiving them at any time. We do not share your personal information with companies that would send their marketing to you.
We use your personal information in the following ways:
- 3.1 Where you have provided CONSENT
We may use and process your personal information where you have consented for us to do so for the following purposes:
- to contact you via email (as you have indicated) with marketing information about our products, exciting product launches, events, promotions and general marketing communications (see Marketing for further details); and
- to supply e-newsletters, brochures, marketing or other material you have specifically requested from us.
You may withdraw your consent for us to use your information in any of these ways at any time. Please see Your rights over your personal information for further details.
- 3.2 Where required to comply with our LEGAL OBLIGATIONS
We will use your personal information to comply with our legal obligation to keep a record relating to the rights you exercise in connection with our processing of your personal information.
- 3.3 Where processing is necessary for us to pursue a LEGITIMATE INTEREST
We may use and process your personal information where it is necessary for us to pursue our legitimate interests as a business for the following purposes:
Processing necessary for us to promote our business, brands and products
- Processing necessary for us to promote our business, brands and products and measure the reach and effectiveness of our campaigns
- for analysis and insight conducted to inform our marketing strategies, and to enhance and your visitor experience;
- to tailor and personalise our marketing communications based on your attributes, for example, by sending you a birthday treat message;
- to supply your details to social media and other online platforms operated by other companies for them to contact you with our targeted advertising online. You may receive advertising based on information about you that we have provided to the platform or because, at our request, the platform has identified you as having similar attributes to the individuals whose details it has received from us. To find out more, please refer to the information provided in the help pages of the platforms on which you receive advertising from us;
- if you are a corporate subscriber, to contact you by email or by telephone with marketing information about our products and services (other than where we have asked you for your consent). We will use your personal information to tailor or personalise the marketing communications you receive to make them relevant to you and also to send targeted marketing messages via social media and other third party platforms, which may involve sharing your personal information with those platforms.
- to send you an electronic communication if you have closed your browser with items in your shopping basket; and
- in some cases we may use automated methods to analyse, combine and evaluate information that you have provided to us. We collect and analyse this information in this way so that we can deliver the most appropriate customer experience to you by tailoring and making relevant all our service and communications.
- Please see further the Marketing section below;
Processing necessary for us to support customers and users with sales and other enquiries
- to correspond and communicate with you in connection with the services we offer;
- to train and monitor our staff and to identify ways of improving their call handling and your customer service experience;
Processing necessary for us to respond to changing market conditions and our customers’ needs
- for market research in order to improve the products and services that we deliver to you.
Processing necessary for us to operate the administrative and technical aspects of our business efficiently and effectively
- to administer the Site and our social media pages and for internal operations, including troubleshooting, testing and statistical reporting purposes;
- for the prevention of fraud and other criminal activities;
- to verify the accuracy of information we hold about you and create a better understanding of you as an account holder or visitor;
- for network and information security purposes in order for us to take steps to protect your information against loss or damage, theft or unauthorised access;
- to comply with a request from you in connection with the exercise of your rights (for example where you have asked us not to contact you for marketing purposes, we will keep a record of this on our suppression lists in order to be able to comply with your request);
- for the purposes of a corporate restructure or reorganisation or sale of our business or assets;
- for efficiency, accuracy or other improvements of our databases and systems e.g. by combining systems or consolidating records we or our group companies hold about you;
- to enforce or protect our contractual or other legal rights or to bring or defend legal proceedings; and
- for general administration including managing your queries, complaints, or claims, to send service messages and to provide you with important information about our business.
- 3.4 Where necessary for the performance of our CONTRACT
We will use your personal information where this is necessary for us to perform our contract with you or to carry out any pre-contract steps you’ve asked us to so that you can enter into that contract, for the following purposes:
- to process and deliver your order;
- to process your payment card or bank details when taking payment for your orders or when providing a refund;
- to run our competitions and promotions that you enter from time to time and to distribute prizes.
As described above, if we specifically request your permission to send (or you specifically ask us to send) you newsletters, marketing material or to notify you of special events, offers, promotions, competitions or new products and services by email, we rely on your consent to do so. If you do not wish to receive email communications from us, please inform us by using the unsubscribe link inside the email, or by sending an email to firstname.lastname@example.org or using your email settings (to unsubscribe from marketing emails).
Otherwise we process your personal information for direct marketing purposes on the basis that it is necessary for us to pursue our legitimate interests as a business (see above in this section for further details). We try to tailor and personalise any marketing communications that we send to you, for example, by notifying you of products, services, offers or promotions that apply to your interests, location. If you do not wish to receive marketing communications from us, you can opt-out at any time by using the unsubscribe link inside the email (to unsubscribe from marketing emails), or by sending an email to email@example.com or using your email settings (to unsubscribe from marketing emails).
If you opt-out of receiving marketing communications from us, we keep your email address on our suppression list for a defined period to ensure that we comply with your wishes. Please see further the periods for which we retain your personal information.
- Disclosure of your personal information by us
We only disclose your personal information outside our business in limited circumstances. If we do, we will put in place a contract that requires recipients to protect your personal information, unless we are legally required to share that information. Any suppliers or other recipients that work for us will be obliged to follow our instructions.
We may disclose your information to our third party service providers, agents and subcontractors (Suppliers) for the purposes of providing services to us or directly to you on our behalf, including the operation and maintenance of our Site, Apps and social media pages. Our Suppliers can be categorised as follows:
- Banks, payment processors and financial services providers – EEA
- Santander, Paypal, WordPress, Elavon, Onesaas
- Cloud software system providers, including database, email and document management providers – EEA
- Gmail, OneDrive, iCloud
- Delivery and mailing services providers – WORLDWIDE
- DHL, Limmworks
- Health and safety claims administrators and consultants – EEA
- Legal, security and other professional advisers and consultants – EEA
- Internal consultant
- Website and data analytics platform providers – WORLDWIDE
- WordPress, Mailchimp, Google Analytics
- Website and App developers – WORLDWIDE
- WordPress, Internal consultant
- Website hosting services providers – EEA
- WP Engine, WordPress
- Wifi and other communication service providers – EEA
When we use Suppliers, we only disclose to them any personal information that is necessary for them to provide their services and only where we have a contract in place that requires them to keep your information secure and not to use it other than in accordance with our specific instructions.
We may disclose the personal information to other third parties as follows:
- any third party who is restructuring, selling or acquiring some or all of our business or assets or otherwise in the event of a merger, re-organisation or similar event; and
- if we are under a duty to disclose or share your information in order to comply with any legal or regulatory obligation or request, including by the police, courts, tribunals or regulators.
- Transfers of your personal information outside of Europe
We do not transfer your personal information outside of Europe. If we do so in the future, we’ll let you know and take measures to protect your personal information.
All information you provide to us is stored on our secure servers which are located within the European Economic Area (EEA).
If at any time we transfer your personal information to, or store it in, countries located outside of the EEA (for example, as a result of changing our hosting services provider) we will amend this policy and notify you of the changes. We will also ensure that appropriate safeguards are in place for that transfer and storage as required by applicable law. This is because some countries outside of the EEA do not have adequate data protection laws equivalent to those in the EEA. If we transfer your personal information to the United States of America, we will only send the personal information to companies that participate in the Privacy Shield framework (or such other framework that may replace it from time to time) or for which we have an alternative safeguard in place in accordance with applicable law. Where they apply to our data transfer activities, we may rely on adequacy decisions by the European Commission about certain countries for data transfers to countries outside the EEA.
- Security and links to other websites
We take the security of your personal information seriously and use a variety of measures based on good industry practice to keep it secure. Nonetheless, transmissions over the internet and to the Site may not be completely secure, so please exercise caution. When accessing links to other websites, their privacy policies, not ours, will apply to your personal information.
We employ security measures to protect the information you provide to us, to prevent access by unauthorised persons and unlawful processing, accidental loss, destruction and damage. When we have provided (or you have chosen) a password allowing you access to certain benefits of the Site, you are responsible for safeguarding it and keeping it confidential and you promise not to allow it to be used by third parties. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do everything possible to protect your personal information, we cannot guarantee the security of any personal information you disclose online. You accept the inherent security implications of using the internet and will not hold us responsible for any breach of security unless we are at fault.
In addition, if you linked to the Site from a third party website, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party website and recommend that you check the policy of that third party website.
- The periods for which we retain your personal information
We will not hold your personal information in an identifiable format for any longer than is necessary for the purposes for which we collected it. The periods for which we hold your personal information will depend on the type of personal information and whether you are a user of the subscription services we provide to a subscribing client or of a prospective/trialling client, or a visitor to the Site. These periods also apply where we share your information with suppliers who process your personal information on our behalf.
We (and the suppliers we instruct) retain your personal information for the following periods:
We retain your personal information for the following periods:
Type of personal information
When do we receive your personal information?
How long do we keep your personal information after we receive it?
IP addresses and type of device
From when you use any The Pretty Damned websites/apps
Payment card information
From when the payment is processed via card processor
Electronic truncated payment card information is held for 5 years
Info given via competition entries
We receive completed form entry
Opinions /other info given via customer surveys
Online form is submitted
2 years if completed a questionnaire. Maximum of 2 years for research
Details of your orders
From when the system records the order
7 years, stored on Elavon, Paypal, Wordpress, Limmworks, Onesass, Quickbooks
Information included in any correspondence to RIXO sites, Customer care, Apps and social media pages
Correspondence is received/acknowledged
5 years for inactive users
Location and frequency of your visits
From when signed up to our newsletter
5 years for inactive app users, ongoing for active app users
Social media handles
When you like or follow a The Pretty Damned account
Ongoing until you remove 'link' (i.e. unfriends etc.) to Rixo social accounts or request comment removed as inappropriate.
Details regarding when you have consented to receiving marketing from us
When form completed
Name, email address, telephone number, postal address, date of birth, your marketing preferences
Signed up to received marketing
Data is retained ongoing if customer active (i.e. opened trackable Marketing Comms within the last 5 years). If a customer hasn’t opened trackable Marketing Comms for >5 years (but hasn’t actively unsubscribed from The Pretty Damned Marketing) then they will be removed from Rixo marketing database.
In relation to any period mentioned above, we will retain your personal information from the expiry of that period until the start date of our next financial year (1st of July each year) to allow us to manage the deletion/destruction process efficiently.The only exceptions to the periods mentioned above are where:
- you exercise your right to have the information erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted or required under the law (see further Your rights over your personal information);
- you exercise your right to require us to retain your personal information for a period longer than our stated retention period (see further Your rights over your personal information);
- we bring or defend a legal claim or other proceedings during the period we retain your personal information, in which case we will retain your personal information until those proceedings have concluded and no further appeals are possible;
- the terms of our contract with our client under which you access our subscription services require that we delete, destroy or return your personal information sooner; or
- in limited cases, existing or future law or a court or regulator requires us to keep your personal information for a longer or shorter period.
We retain an anonymised version of the submitted personal information for as long as we require it for reporting and other statistical and analytical purposes. Such anonymised information will not identify you and may be derived from personal information that was contained within accounts that have subsequently been deleted.
- Your rights over your personal information
You have a number of rights in relation to your personal information under data protection law. In relation to certain rights, we may ask you for information to verify your identity and, where applicable, to help us to search for your personal information. Except in rare cases, we will respond to you within 30 days after we have received this information or, where no such information is required, after we have received full details of your request.
You have the following rights, some of which may only apply in certain circumstances:
- to be informed about the processing of your personal information (this is what this statement sets out to do);
- to have your personal information corrected if it is inaccurate and to have incomplete personal information completed
- The accuracy of your information is important to us and we are working on ways to make it easier for you to review and correct the information that we hold about you. In the meantime, if you change your name or address/email address, or you discover that any of the other information we hold is inaccurate or out of date, please let us know by contacting us in any of the details described at the end of this policy.
- to object to processing of your personal information
- Where we rely on our legitimate interests as the legal basis for processing your personal information for particular purposes, you may object to us using your personal information for these purposes by emailing or writing to us at the address at the end of this policy. Except for the purposes for which we are sure we can continue to process your personal information, we will temporarily stop processing your personal
- to withdraw your consent to processing your personal information
- Where we rely on your consent as the legal basis for processing your personal information, you may withdraw your consent at any time by contacting us using the details at the end of this policy. If you would like to withdraw your consent to receiving any direct marketing to which you previously opted-in, you can also do so using our unsubscribe tool. If you withdraw your consent, our use of your personal information before you withdraw is still lawful.
- to restrict processing of your personal information
You may ask us to restrict the processing your personal information in the following situations:
- where you believe it is unlawful for us to do so,
- you have objected to its use and our investigation is pending or you require us to keep it in connection with legal proceedings.
In these situations, we may only process your personal information whilst its processing is restricted if we have your consent or are legally permitted to do so, for example for storage purposes, to protect the rights of another individual or company or in connection with legal proceedings.
- to have your personal information erased
- In certain circumstances, you may ask for your personal information to be removed from our systems by emailing or writing to us at the address at the end of this policy. Unless there is a reason that the law allows us to use your personal information for longer, we will make reasonable efforts to comply with your request.
- to request access to your personal information and information about how we process it
- You have the right to ask for a copy of the information that we hold about you by emailing or writing to us at the address at the end of this policy. We may not provide you with a copy of your personal information if this concerns other individuals or we have another lawful reason to withhold that information.
- to electronically move, copy or transfer your personal information in a standard form (data portability) Where we rely on your consent as the legal basis for processing your personal information or need to process it in connection with a contract in place directly with you, you may ask us to provide you with a copy of that information in a structured data file. We will provide this to you electronically in a structured, commonly used and machine readable form, such as a CSV file. and
To find out more about each of your rights, please click the✓ icon next to each right above. To exercise these rights, please contact us using the details at the end of this policy.
You have the right to lodge a complaint with a data protection regulator in Europe, in particular in a country you work or live or where your legal rights have been infringed. The contact details for the Information Commissioner’s Office (ICO), the data protection regulator in the UK, are available on the ICO website, where your personal information has or is being used in a way that you believe does not comply with data, however, we encourage you to contact us before making any complaint and we will seek to resolve any issues or concerns you may have.
In order to be able to offer you Klarna’s payment options, we will pass to Klarna certain aspects of your personal information, such as contact and order details, in order for Klarna to assess whether you qualify for their payment options and to tailor the payment options for you.
Please check this page regularly for changes to this policy. We will notify you of changes via your account and/or by email (if we hold a valid email address for you).
We may review this policy from time to time and any changes will be notified to you by posting an updated version on this Site and/or by contacting you by email or via your account. Any changes will take effect 7 days after we post the modified terms on our website or after the date we notify by email or via your account. We recommend you regularly check for changes and review this policy when you visit this Site. If you do not agree with any aspect of the updated policy, you must promptly notify us and cease using this Site.
- Contact and legal information
You can contact us with your queries in relation to this policy or for any other reason at any time.
To contact us for any reason, including to exercise any of your rights in relation to your personal information, please email us at firstname.lastname@example.org