This is the Privacy Policy of Bespoke Folk’s website bespokefolk.co.uk. Please read it through carefully. It tells you how we handle the personal information that we collect through this website. Please only submit information to us through our website if you agree we may use it in accordance with this policy.

  1. Who we are

This website is provided by Bespoke Folk (referred to as “we”, “us” or “our” in this privacy policy).

More information about us can be found on the ‘About Us’ page and at the bottom of this Privacy Policy page.

  1. The information we collect

We collect certain basic information about you when you order products from our website. We recognise the importance of both keeping your information secure and of letting you know what we intend to do with it. We may amend our policy to reflect changes to our business, website, data protection law or other relevant legislation. We therefore ask you to revisit this page on a regular basis to ensure you are familiar with its terms. The policy sets out (1) who we are, and describes (2) the information we collect, (3) what we do with it and (4), how you can find out more.

We collect information on you from this website:

  • when you complete an online form or order
  • when you pay for the products that we provide
  • when you give us additional details about yourself in your online Account
  • by means of ‘cookies’ when you use our website
  • in the form of ‘traffic data’.
  • Online forms

In general, we will collect the information we need to provide you with the service to which the form relates. For example, if you place an order, we will collect your name and address, your telephone number, and your email address, and any other information which is required to process the product or service you are purchasing. Please note that we do not request nor collect any special categories of personal data about you. This includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data.

Where we ask for more information to help us improve our services, over and above the basic information required, your response is voluntary and you are free to not provide us with more information if you would prefer not to do so.

  • Cookies

Our website uses cookies. Cookies are small text files that are stored on your computer’s hard drive by websites you visit to enable the website to ‘remember’ who you are. In general, cookies are only visible to the website that serves them, not to other websites. ‘Serves’ means placed on your computer’s hard drive.

The cookies we use do not store any information that identifies you personally, such as by a name or address. Our website uses ‘persistent cookies’ which allocate a unique ID number to track your sessions. Persistent cookies remain on your hard drive until you delete them. These cookies originate from the web server hosting our website, so are ‘first party’ cookies.

We use the free Google Analytics Tool (see ‘How Google uses data when you use our partners sites or apps www.google.com/policies/privacy/partners) to collect and analyse website statistics. Google Analytics uses persistent cookies to track data. These cookies do not collect any personally identifiable information and are only used for the statistical collection of data such as visits and page hits. Google Analytics cookies store IP addresses but we cannot link those addresses to any individual or path through the website. Google uses the cookies to read information and evaluate visitors use of the website in the form of statistical reports that we can access. The Google Analytics code is incorporated into our websites code so that our website serves the cookies, but Google has access to the cookies. You can stop being tracked by Google Analytics across all our websites by going to Googles site at http://tools.google.com/dlpage/gaoptout

 

  • How to adjust your browser settings

Most browsers automatically accept cookies and you should be able to accept, delete or reject them if you wish by adjusting the settings on your browser. This will, however, affect your use of the areas of our website that use cookies.

For more information about cookies, please see the ICO website https://ico.org.uk/for-the-public/online/cookies

  • Traffic data

We keep a record of traffic data which is logged automatically by the server. This includes your IP address and which pages you visit on our website. We do not store or analyse this traffic data in a way that identifies any individual.

  1. WHAT WE DO WITH YOUR INFORMATION
    • How we use it

We use your information to provide you with the products and services that you request from us, and, if you have opted-in to receive emails from us with promotional offers or information, to offer you products and services that we consider appropriate for you in the future.

We will only use your personal data for the purposes for which we originally collected it. If we need to use your personal data for a different purpose, we will contact you and set out the legal basis upon which we process your personal data.

Usually, we will process your personal data in the following circumstances:

  • to fulfil our contractual obligations to you (such as processing your order);
  • where you have provided your consent; or
  • where it is in our (or a third party’s) legitimate interests, e.g. where we have business or commercial reasons to use your personal data, unless such interests are overridden by your interests or fundamental rights or freedoms.

We do not sell, trade or rent your information to third parties. Any information received regarding the payment for any product or service will be used to process that payment. If you opt-in and choose to receive emails from us which relate to marketing information or promotional offers, the information (except any credit card details) will be kept on our marketing database and used by us to service your requirements if you place another order. Information on our marketing database is available to our marketing and administrative staff but may not be accessed by anyone else. If you do not opt-in to receive marketing information or promotional offers when you place your order, we will use the information you have given us to process your order efficiently, but we will not contact you regarding any other matter which does not directly relate to the processing and fulfilment of your order (although we will keep very limited information about you to ensure that we do not send you any marketing emails).

We will keep you on our mailing list until you ask us not to contact you further. See ‘finding out more’ below for details of how to opt-out of mailings from us. Please note that we use a third party system (MAILCHIMP) to send out our marketing emails.

Email Marketing

We may use your Personal Data to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. You may opt-out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in any email we send or by contacting us.

We may use Email Marketing Site Providers to manage and send emails to you.

Mailchimp
Mailchimp is an email marketing sending service provided by The Rocket Science Group LLC.

For more information on the privacy practices of Mailchimp, please visit their Privacy policy: https://mailchimp.com/legal/privacy/

  • When we share it

We may disclose your information to third parties in the following circumstances:

  • Suppliers who process information on our behalf, such as our IT service providers. They will have incidental access to your information but will be obliged to act only on our instructions and to keep your information secure.
  • Independent suppliers, who may handle your information as our client in the course of processing one of our orders, and are required to respect and preserve the confidentiality of personal information.
  • We may disclose your information to law enforcement or regulatory bodies if required to do so by them and to our auditors.
  • We may also disclose your information to a third party in the context of actual or threatened legal proceedings or if otherwise required to do so by law, including to prevent fraud or to protect our rights, property, or safety of our customers, suppliers or employees.
  • In the event that we sell our business or assets, in which case we may disclose your personal data to the prospective buyer of such business or assets, or if we or substantially all of our assets are acquired by a third party, in which case personal data held by us will be one of the transferred assets.
  • With analytics and search engine providers that assist us in the improvement and optimization of our website.

 

If your personal data is provided to any third parties, you are entitled to request details of the recipients of your personal data or the categories of recipients of your personal data.

  • How we keep it secure

We will keep your information secure by taking appropriate technical and organisational measures against its unauthorised or unlawful processing and against its accidental loss, destruction or damage. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website (including payment card details); any transmission is at your own risk. Once we have received your information, we use strict procedures and security features to try to prevent unauthorised access.

We have put in place procedures to deal with any suspected personal data breach, and we will notify you and any applicable supervisory authority of a breach where we are legally required to do so. We will notify the Information Commissioners Office as soon as possible, and where possible, within 72 hours of becoming aware of a personal data breach, unless we consider that the personal data breach is not notifiable.

  • International transfers

In exceptional circumstances, we may need to transfer your personal data outside the UK. Whenever we transfer your personal data out of UK, we will ensure that a similar degree of protection is afforded to it by ensuring that at least one of the following safeguards is implemented:

  • We transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the UK Government;
  • One of the derogations in the GDPR applies (including if you explicitly consent to the proposed transfer); or
  • We put in place a contract with the recipient of the personal data, which means that the recipient must protect the personal data to the same standards as required within the UK, and we have carried out a risk assessment of the local laws of the importing country to ensure that those same standards can be complied with.
    • Data retention

We will only retain your personal data for as long as is necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In the event that you do not use your online account or submit an order on our website for a period of five years, then we will treat your account as expired and your personal data will be deleted.

If you have consented to receiving marketing information from us, we will continue to send you the marketing information you have consented to, unless you opt-out at any time. Our marketing emails will always contain an opt-out link which you can click on. Alternatively, you can ask us to stop sending you marketing material at any time by writing to us at  or by writing to us at our postal address. All of these details are at the bottom of this page.

We will always include an unsubscribe email address when we send you marketing information or promotional offers by email.

 

In certain circumstances we may anonymise your personal data so that it can no longer be associated with you, so that we can use this for business planning and other business uses which are in our legitimate interests. When we do this we may use such anonymised information without further notice to you.

  1. Finding out more

In certain circumstances, you have the following legal rights in relation to your personal data:

  • To request access to your personal data that we hold (please see further below);
  • To request correction of the personal data we hold about you if it is incorrect, out of date or incomplete. Please inform us about changes to your details so that we can keep our records accurate and up to date;
  • To request erasure of your personal data;
  • To object to processing of your personal data (please see further below);
  • To request the processing of your personal data be restricted;
  • To request the transfer of your personal data so that it can be transferred to you or a third party that you have chosen; and
  • To request we discontinue any consent-based processing of your personal data after you withdraw that consent. This will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain things to you (such as details about new offers or products) and/or your online Account may not work as effectively.

 

You have the right to object, at any time, to the processing of your personal data which is necessary for the purposes of the legitimate interests pursued by us or a third party, including where we undertake any form of automated processing of your personal data, consisting of the use of personal data to evaluate certain personal aspects relating to you, such as analysing or predicting your personal preferences (this is sometimes referred to as ‘profiling’). If you object to the processing, we must no longer process that personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or that the processing is required for the establishment, exercise or defence of legal claims.

 

You also have the right, at any time, to object to the processing of your personal data for direct marketing purposes.

If you wish to exercise any of the above rights, please contact us. Please note that we may not be required to comply with your request. If this is the case, we will notify you.

 

Right of access to your personal data

You will not have to pay a fee to access your personal data. However, we may charge a reasonable fee if your request is clearly unfounded or excessive (particularly where requests are repetitive). Alternatively, we may refuse to comply with your request in such circumstances.

We may need to request specific information from you in order to help us confirm your identity and ensure your right to access your personal data. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask for further information in relation to your request.

We will respond to any legitimate requests within the time limits set out in the GDPR. This is generally within one (1) calendar month of receipt but occasionally, it may take us longer than a month if your request is particularly complex or if you have made a number of requests. In this case, we will notify you and keep you updated.

 

AUTOMATED DECISION-MAKING

Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. We are allowed to use automated decision-making in the following circumstances:

  • where we have notified you of the decision and given you 21 days to request a reconsideration;
  • where it is necessary to perform a contract with you and appropriate measures are in place to safeguard your rights; and
  • in limited circumstances, with your explicit written consent and where appropriate measures are in place to safeguard your rights.

You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, unless we have a lawful basis for doing so and we have notified you.

If you have any questions about our privacy policy or the information we hold about you, please contact us at the address or telephone number on our Contact Us page.

You have the right, at any time, to make a complaint to the Information Commissioner’s Office. We would, however, appreciate the chance to deal with your concerns before you approach the ICO or your local supervisory authority, so we would ask that you contact us initially.

Further information about data protection issues can be found on the Information Commissioners website. You can contact the ICO on 0303 123 1113 or go online to www.ico.org.uk/concerns.

To Contact Bespoke Folk

Send an email to with your request or if there are any questions regarding this privacy policy.

 

Privacy Policy last updated 18 March 2024