The aim of this page is to inform you of the ways, in which we collect, store and use your personal data. The policy complies with the General Data Protection Regulation, which came into effect on the 25th of May 2018.
WE
CAPTURE INFORMATION ABOUT YOU IN ORDER TO IMPROVE YOUR EXPERIENCE.
To
help us give you more of what you love, we capture information about
you in order to improve your experience of our online store and
services we provide.
We are Cosy Posts, based in Leeds United
Kingdom.
This notice is to inform you about how we collect and
protect any personal information you provide to us and how you can
control what personal information we collect from you and what we do
with it. It sets out how we intend to use your information, who we
will share it with and what rights you have about use of your
information.
This notice applies however you provide personal
information to us, whether you go online to our websites, contact us
via social media, visit our events and stores , enter competitions,
engage in research activities or whether you telephone, email, write
to or text us.
WHAT PERSONAL DATA DO WE COLLECT?
We
may collect the following information about you:
• Your name,
age/date of birth, gender and other relevant demographic
information;
• Your contact details: postal address including
billing and delivery addresses, telephone numbers (including mobile
numbers) and email address;
• Your social media handles;
•
Purchases and orders made by you;
• Your online browsing
activities on any of our websites including which items you store in
your shopping cart;
• Information about the device you use to
browse our websites including the ip address and device type;
•
Your communication and marketing preferences;
• Your interests,
preferences, feedback, competition and survey responses;
• Your
location;
• Your correspondence and communications with us;
and
• Other publicly available personal data, including any
which you have shared via a public platform (such as Instagram,
Youtube, Twitter or public Facebook page etc).
This list is not
exhaustive and in specific instances, we may need to collect
additional data for the purposes set out in this notice. Some
personal data is collected directly, for example when you set up an
online account on our website or send an email to our customer
support team. Other personal data is collected indirectly, for
example when you browse our websites or undertake online shopping
activity. We may also collect personal data from third parties who
have your consent to pass your details to us, or from publicly
available sources. We may anonymise and aggregate personal data for
insight and research but this will not identify anyone.
Our
websites are not intended for children and we do not knowingly
collect data relating to children.
HOW WE USE YOUR DATA
GENERAL
Cosy
Posts (and trusted partners acting on our behalf) use your personal
data:
• To provide goods and services to you;
• To make a
tailored website available to you;
• To manage any account(s)
you hold with us;
• To verify your identity;
• For crime
and fraud prevention, detection and related purposes;
• With
your agreement, to contact you about promotional offers, events,
products and services which we think may interest you;
• To show
you promotional communications through online media as you browse the
web;
• For analysis, insight and research purposes – to better
understand your needs and ensure we are giving you what you want;
•
To identify and contact competition winners;
• To enable us to
manage customer service interactions with you; and
• Where we
have a legal right or duty to use or disclose your information (for
example in relation to an investigation by a public authority or in a
legal dispute).
MARKETING/PROMOTIONAL COMMUNICATIONS
To ensure you are kept up to date with the Cosy Posts e-commerce store experience, we use personal data for marketing purposes and may send you postal mail, texts and/or emails to update you on the latest offers and events. We may also show you online media communications through external social media platforms such as Facebook and Instagram and external digital advertisers such as google.
YOU HAVE THE RIGHT TO OPT OUT OF RECEIVING PROMOTIONAL COMMUNICATIONS AT ANY TIME, BY:
1.
Informing us that you wish to change your marketing preferences by
contacting our customer service at info@cosyposts.com
2. Where
applicable, making use of the simple “unsubscribe” link in emails
or the “stop” number for texts; and/or contacting us by post Cosy
Posts, 54 Lydgate, Leeds, LS9 7JJ
3. This may not stop service
messages such as order updates.
PERSONALISATION AND AUTOMATED DECISION MAKING
If
you visit any of our websites, you may receive personalised banner
advertisements whilst browsing websites of other companies. Any
banner advertisements you see will relate to your browsing activity
on our website from your computer or other devices.
These
advertisements are provided by us via external market leading
specialist providers using techniques such as pixels, web beacons ,
ad tags, mobile identifiers and ‘cookies’ placed on your computer
or other devices. You can remove or disable cookies at any time .
We
may collect data directly from you, as well as analysing your
browsing and purchasing activity online and your responses to
marketing communications. The results of this analysis, together with
other demographic data, allow us to ensure that we contact you with
information on products, services, events and offers that are
tailored and relevant to you. To do so, we use software and other
technology for automated decision making. We may do this to decide
what marketing communications are suitable for you and this activity
is based on our legitimate interests to develop and improve our
products and services.
Also to provide more personalised services
and experiences, we may review data held by external social media
platform providers about you, for example, details on your twitter or
Facebook profiles that you have chosen to make publicly accessible
such as your name, date of birth. Some of our services enable you to
sign-in via external social media platform providers such as
Facebook. If you choose to sign-in via a third party app, you will be
presented with a dialog box which will ask your permission to allow
us to access your personal information (e.g. Your full name, date of
birth, email address and any other information you have made
accessible).
We aim to update you about products and services
which are of interest and relevance to you as an individual. To help
us do this, we process data by profiling and segmenting, identifying
what our customers like and ensuring messages we send them are
relevant based on their demographics, interests, purchase behaviour,
online web browsing activity and engagement with previous
communications. We may also use your data to exclude you from
communications which we feel are irrelevant to you. For example, we
may exclude someone from resends of marketing emails when we know
that person has already opened the original email sent.
Another
example of how we may tailor our communications with you is that we
may group individuals with similar interests using this data so we
can send them product news or promotional offers that are relevant to
that shared interest.
YOU HAVE THE RIGHT TO OPT OUT OF ANY AUTOMATED PROCESSING, INCLUDING PROFILING, AT ANY TIME BY:
1. Informing us that you wish to opt out of automated processing by contacting our customer servic at info@cosyposts.com
COOKIES
Our websites use cookies to capture information. This includes information about browsing and purchasing behaviour by people who access our websites, including pages viewed, products purchased and customer journey around our websites. You can manage cookies on your browser and enable & disable cookies at any time.
SHARING DATA WITH THIRD PARTIES OUR SERVICE PROVIDERS AND SUPPLIERS
In order to make certain services available to you and to help us better understand your preferences, we have partnered with certain trusted third parties including logistics and marketing service providers. We may need to share your personal information with some of our service partners. We only allow our service providers to handle your personal information when they have confirmed that they apply appropriate data protection and security controls. We also impose contractual obligations on service providers relating to data protection and security, which mean they can only use your information to provide services to us and to you, and for no other purposes. We may provide outside companies with aggregated and anonymised information and analytics about our customers but that would never identify you and we will never sell or rent your personal information to other organisations for any purposes.
OTHER THIRD PARTIES
We
may also share your data with:
• Other companies within our
group;
• To purchasers, investors, funders and advisers if we
sell our business or assets or restructure whether by merger,
re-organisation or otherwise;
• Our legal and other professional
advisers, including our auditors;
• Credit reference agencies
where necessary for card payments;
Governmental bodies,
regulators, law enforcement agencies, courts/tribunals and insurers
where we are required to do so: –
• To comply with our legal
obligations and the administration of justice;
• To exercise our
legal rights (for example in court cases);
• For the prevention,
detection, investigation of crime or prosecution of offenders; and
•
For the protection of our employees and customers.
LEGAL BASIS FOR USING DATA
We
are required to set out the legal basis for our processing of your
personal data.
We collect and use customers’ personal data:
1.
As necessary to perform our contract with you:
• For the
purposes of complying with our duties and exercising our rights under
a contract for the sale of goods or services to a customer;
or
2.
As necessary for the pursuit of our legitimate interests,
including:
• Selling and supplying goods and services to our
customers;
• Promoting, marketing and advertising our products
and services;
• Sending promotional communications which are
relevant and tailored to individual customers;
• To identify and
contact competition winners;
• Understanding our customers’
behaviour, activities, preferences, and needs;
• Improving
existing products and services and developing new products and
services;
• Protecting customers, employees and other
individuals and maintaining their safety, health and welfare;
•
Good governance, accounting and managing and auditing our operations
and complying with our legal and regulatory obligations;
•
Preventing, investigating and detecting crime, fraud or anti-social
behaviour and prosecuting offenders, including working with law
enforcement agencies;
• Handling customer contacts, queries,
complaints or disputes;
• Protecting our business, its employees
and customers, by taking appropriate legal action against third
parties who have committed criminal acts or are in breach of legal
obligations to us;
• Handling any legal claims or regulatory
enforcement actions taken against us; and
• Fulfilling our
duties to our customers, colleagues, shareholders and other
stakeholders;
or
3. As necessary for complying with our legal
obligations including:
• Where you exercise your rights under
data protection laws
• For compliance with legal and regulatory
requirements;
• To establish or defend legal rights;
or
4.
Based on your consent for example in relation to sending direct
marketing communications via email or text message.
You have the
right to withdraw consent at any time. Where consent is the only
legal basis for processing, we will cease to process data after
consent is withdrawn.
HOW WE PROTECT YOUR DATA
OUR CONTROLS
Cosy
Posts is committed to keeping your personal data safe and secure.
Our
security measures include: –
• Encryption of data;
•
Regular cyber security assessments of all service providers who may
handle your personal data;
• Regular planning to ensure we are
ready to respond to cyber security attacks and data security
incidents;
• Daily penetration testing of systems;
•
Security controls which protect our it systems infrastructure and our
premises from external attack and unauthorised access;
•
Internal policies setting out our data security rules for our
personnel; and
• Regular training for our employees.
WHAT YOU CAN DO TO HELP PROTECT YOUR DATA
You
should always be cautious when sharing your personal data. No one
from our business will ever ask you to confirm any bank account or
credit card details via email. If you receive an email claiming to be
from Cosy Posts store asking you to do so, please ignore it and do
not respond.
If you are using a computing device in a public
location, we recommend that you always log out and close the website
browser when you complete an online session.
In addition, we
recommend that you take the following security measures to enhance
your online safety: –
• Keep your account passwords private
because anyone who knows your password may access your account or be
compromised if your account is accessed without authority.
•
When creating a password, use a difficult word/number combination of
at least 8 characters and something that is not easily guessed by
hackers such as your name, email address, or other personal data that
can be easily obtained. Also, frequently change your password. You
can do this in your account settings.
• Avoid using the same
password for different online accounts.
HOW LONG WE KEEP YOUR DATA
We
will not retain your data for longer than necessary for the purposes
set out in this notice. Different retention periods apply for
different types of information, and our data retention policy sets
out the length of time we will usually retain personal data and where
these default periods might be changed.
In summary, various laws,
accounting and regulatory requirements applicable to us require us to
retain certain records for specific amounts of time. In relation to
your personal data, we will hold this only for so long as we require
that personal data for legal or regulatory reasons or for legitimate
organisational purposes. We will not keep your data for longer than
is necessary for the purposes for which we collect them.
INTERNATIONAL TRANSFERS OF YOUR DATA
To
deliver products and services to you, it is sometimes necessary to
share your personal information outside of the European Economic Area
(the EEA). This will typically occur when service providers are
located outside the EEA or if you are based outside the EEA. These
transfers are subject to special rules under data protection laws.
If
we transfer your personal information outside the EEA, we will ensure
that the transfer will be compliant with data protection law and all
personal data will be secure. Our standard practice is to assess the
laws and practices of the destination country and relevant service
provider and the security measures that are to be taken as regards
the data in the overseas location; alternatively, we use standard
data protection clauses.
COPYRIGHTS
The copyrights of our Website are the property Cosy Posts
Texts, graphics, photographs, animations, videos and clips, visible on the Website are the object of copyright and are part of the intellectual property of Cosy Posts Those may not be reproduced, used, presented or represented without an explicit written permission by Cosy Post.
YOUR RIGHTS
You
have the following rights:
• The right to be informed about our
processing or your personal data which is the aim of this notice;
•
The right to request access to personal data we hold about you at any
time;
• The right to ask us to update and correct any
out-of-date or incorrect personal data that we hold about you;
•
The right to object to processing of your personal data and/ or to
withdraw any consent you have given us and to opt out of any
marketing communications that we may send you;
• The right to
prevent processing that is likely to cause damage or distress to you
or anyone else;
• The certain rights in relation to automated
decision making including profiling;
• The right to request that
we erase your personal data in certain circumstances (the right to be
forgotten) for example when the data are no longer necessary for the
purpose for which we collected them;
• The right to have your
personal data provided to you by us in a structured, commonly used
and machine-readable format and transmitted to another data
controller. This is known as the right to data portability.
If you
wish to exercise any of the above rights, you can always contact us
either by email to info@cosyposts.com or by post to Cosy Posts. 54
Lydgate, Leeds, LS9 7JJ
You have the right to lodge a complaint
with the information commissioner’s office at Wycliffe House, Water
Lane, Wilmslow, SK9 5AF, United Kingdom if you believe we have not
handled your personal data in accordance with the law. Further
information, including contact details, is available at
https://ico.org.uk.