Privacy & Cookie Policy
SECURITY, PRIVACY AND COOKIE POLICY
OVERVIEW
We collect personal information from you when you shop online at www.celticandco.com or if you place an order with us over the telephone. Maintaining the security of your data is a priority at Celtic & Co, and we are committed to respecting your privacy rights. We pledge to handle your data fairly and legally at all times. Celtic & Co. is also dedicated to being transparent about what data we collect about you and how we use it. By shopping with us, you are agreeing to our Privacy Policy. We are registered under the Data Protection Act as Celtic Sheepskin & Co. Ltd. We will only use the information that we collect about you lawfully in accordance with the Data Protection Act 2018 and the General Data Protection Regulation 2018.
This policy, which applies whether you shop with us online or over the telephone, provides you with information about:
- -how we use your personal information;
- -what personal information we collect;
- -how we ensure your privacy is maintained; and
- -your legal rights relating to your personal information.
HOW WE USE YOUR PERSONAL INFORMATION
Celtic & Co. (and trusted partners acting on our behalf) uses your personal information:
- to provide goods and services to you;
- to make a tailored website available to you;
- to manage any registered account(s) that you hold with us;
- to verify your identity;
- for crime and fraud prevention, detection and related purposes;
- to contact you about promotional offers and products and services which we think may interest you;
- to enable Celtic & Co. to manage customer service interactions with you; and
- where we have a legal right or duty to use or disclose your information (for example in relation to an investigation by a public authority or in a legal dispute).
Marketing
Celtic & Co. uses your personal information for electronic marketing purposes and may send you postal mail to send you our catalogues or special offers.
Celtic & Co. aims to update you about products & services which are of interest and relevance to you as an individual.
You have the right to opt out of receiving promotional communications at any time, by:
1. changing your marketing preferences HERE
2. making use of the simple “unsubscribe” link in emails; and/or
3. contacting Celtic & Co. via the contact channels set out in this Policy.
Please note that it takes 2-3 days for you to stop receiving our emails, two months to stop receiving Celtic & Co. catalogues and up to three months to stop receiving third party mailings from the date you unsubscribe.
You can also subscribe to the Direct Marketing Association’s (DMA) Mailing Preference Service to stop receiving any future unsolicited direct mail entirely. This can be done at www.mpsonline.org.uk/mpsr/
We may analyse your browsing and purchasing activity online, and your responses to marketing communications. The results of this analysis, together with other demographic data, allows us to ensure that we contact you with information on products and offers that are relevant to you. To do so, we use software and other technology (automated processing).
Sharing data with third parties
a. Our service providers and suppliers
In order to make certain services available to you, we may need to share your personal information with some of our service partners. These include IT, delivery and marketing service providers.
Celtic & Co. only allows its service providers to handle your personal data when we have confirmed that they apply appropriate data protection and security controls. We also impose contractual obligations on service providers relating to data protection and security, which mean they can only use your data to provide services to Celtic & Co. and to you, and for no other purposes.
b. Other third parties
Aside from our service providers, Celtic & Co. will not disclose your personal information to any third party, except as set out below. We will never sell or rent our customer information to other organisations for marketing purposes. We will never pass your email address or telephone number on to a third-party for marketing purposes.
We may share your personal information with:
- similar companies to Celtic & Co. whose products we think will be of interest to you. We send a single catalogue to their customers and in return they can send a single catalogue to our customers. Your details will not be added to their mailing list unless you request it;
- data co-operatives including Epsilon Abacus (registered as Epsilon International UK Ltd), Experian, Sub2 and I-behaviour. Epsilon Abacus manages the Abacus Alliance on behalf of UK retailers. The participating retailers are active in the clothing, collectables, food & wine, gardening, gadgets & entertainment, health & Beauty, household goods, and home interiors categories. They share information on what their customers buy. Epsilon Abacus analyses this pooled information to help the retailers understand consumers’ wider buying patterns. From this information, retailers can tailor their communications, sending people suitable offers that should be of interest to them, based on what they like to buy.
- credit reference agencies where necessary for card payments;
- governmental bodies, regulators, law enforcement agencies, courts/tribunals and insurers where we are required to do so: -
- to comply with our legal obligations;
- to exercise our legal rights (for example in court cases);
- for the prevention, detection, investigation of crime or prosecution of offenders;
- for the protection of our employees and customers;
International transfers
We may transfer data outside the EEA, if we did, this would be subject to special rules under data protection laws. We would ensure that transfers would take place in the presence of appropriate safeguards, including standard data protection clauses adopted by the EU commission.
How long do we keep your data?
We will not retain your data for longer than necessary for the purposes set out in this Policy. Different retention periods apply for different types of data, however the longest we will normally hold any personal data is 10 years since your last purchase from us.
WHAT PERSONAL INFORMATION DO WE COLLECT
Celtic & Co. may collect the following information about you:
- your name, age/date of birth and gender;
- your contact details: postal address including billing and delivery addresses, telephone numbers (including mobile numbers) and e-mail address;
- purchases and orders made by you;
- your on-line browsing activities on our website;
- your password(s);
- when you make a purchase or place an order with us, your payment card details. We use the latest secure server technology to ensure this information is protected to the highest standards;
- your communication and marketing preferences;
- your location;
- your correspondence and communications with Celtic & Co.; and
- other publicly available personal data, including any which you have shared via a public platform (such as a Twitter feed or public Facebook page).
Our website is not intended for children and we do not knowingly collect data relating to children.
This list is not exhaustive and, in specific instances, we may need to collect additional data for the purposes set out in this Policy. Some of the above personal information is collected directly, for example when you set up an on-line account on our websites, or send an email to our customer services team. Other personal information is collected indirectly, for example your browsing or shopping activity. We may also collect personal information from third parties who have your consent to pass your details to us, or from publicly available sources.
We randomly monitor and record telephone calls. This helps to ensure that we provide you with the highest level of services and maintain quality standards.
HOW WE PROTECT YOUR DATA
Our controls
Celtic & Co. is committed to keeping your personal data safe and secure.
Our security measures include: -
- encryption of data;
- regular scenario planning and crisis management exercises to ensure we are ready to respond to cyber security attacks and data security incidents;
- security controls which protect the Celtic & Co. IT infrastructure from external attack and unauthorised access; and
- internal policies setting out our data security approach and training for employees.
WHAT YOU CAN DO TO HELP PROTECT YOUR DATA
Celtic & Co. will never ask you to confirm any bank account or credit card details via email. If you receive an email claiming to be from Celtic & Co. asking you to do so, please ignore it and do not respond.
If you are using a computing device in a public location, we recommend that you always log out and close the website browser when you complete an online session.
In addition, we recommend that you take the following security measures to enhance your online safety both in relation to Celtic & Co. and more generally:
- keep your account passwords private. Remember, anybody who knows your password may access your account.
- when creating a password, use at least 8 characters. A combination of letters and numbers is best. Do not use dictionary words, your name, email address, or other personal data that can be easily obtained. We also recommend that you frequently change your password. You can do this within your account section on our website.
- avoid using the same password for multiple online accounts.
YOUR RIGHTS
You have the following rights:
- the right to ask what personal information that we hold about you at any time,
- the right to ask us to update and correct any out-of-date or incorrect personal information that we hold about you; and
- (as set out above) the right to opt out of any marketing communications that we may send you.
If you wish to exercise any of the above rights, please contact us using the contact details set out below.
Legal basis for Celtic & Co. processing customers’ personal information
General
Celtic & Co. collects and uses customers’ personal information because it is necessary for:
- the pursuit of our legitimate interests (as set out below);
- the purposes of complying with our duties and exercising our rights under a contract for the sale of goods to a customer; or
- complying with our legal obligations.
Our legitimate interests
The normal legal basis for processing customer data, is that it is necessary for the legitimate interests of Celtic & Co. including:-
- selling and supplying goods and services to our customers;
- protecting customers, employees and other individuals and maintaining their safety, health and welfare;
- promoting, marketing and advertising our products and services;
- sending promotional communications which are relevant and tailored to individual customers. Our communications are designed to tell you about the benefits we can offer, so that you have exclusive access to our best deals. We use the information we have about you to tailor the content and try to ensure that the offers are as relevant to you as possible;
- understanding our customers’ behaviour, activities, preferences, and needs;
- improving existing products and services and developing new products and services;
- complying with our legal and regulatory obligations;
- preventing, investigating and detecting crime, fraud or anti-social behaviour and prosecuting offenders, including working with law enforcement agencies;
- handling customer contacts, queries, complaints or disputes;
- managing insurance claims by customers;
- protecting Celtic & Co, its employees and customers, by taking appropriate legal action against third parties who have committed criminal acts or are in breach of legal obligations to Celtic & Co.;
- effectively handling any legal claims or regulatory enforcement actions taken against Celtic & Co.; and
- fulfilling our duties to our customers, colleagues, shareholders and other stakeholders.
CREDIT CARD ENCRYPTION
We accept online payment in a secure environment using Secure Socket Layering technology (SSL). All of the information sent to us as you browse our site, including payment and address information, is encrypted to safeguard your details. Encryption prevents other internet users from accessing this information. You can check that you are shopping in a secure environment by looking for either a locked padlock icon or an image of a key in the grey bar at the bottom of your screen.
The encryption technique we use is the highest standard available for e-commerce and certified by Thawte, part of the Verisign group - the world's most respected certification body for Internet firms. If you have questions regarding our credit card security policies, please call us on 0333 400 0044.
COOKIE POLICY AND USE OF COOKIES
No personal data is stored in any of the cookies used, just unique numbers which, depending on the type of cookie, are used to analyse site usage or references which can then be associated with your account once you’ve signed in. If you’d prefer to restrict, block or delete cookies from celticandco.com, or any other website, you can use your browser to do this. Each browser is different, so check the ‘Help’ menu of your particular browser (or your mobile phone’s handset manual) to learn how to change your cookie preferences, or use the following guides for the most popular browsers:
Internet Explorer: http://windows.microsoft.com/en-GB/windows-vista/Block-or-allow-cookies
Google Chrome: http://support.google.com/chrome/bin/answer.py?hl=en&answer=95647
Mozilla Firefox: http://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences?redirectlocale=en-US&redirectslug=Enabling+and+disabling+cookies
For more information about cookies and instructions on how to manage or disable cookies see http://www.allaboutcookies.org
THIRD PARTY SHARING
We currently use third party cookies and pixels to allow us to track visitor behaviour and offer certain website services.
If you would like to disable 'third party' cookies, you can turn them off by going to the third party's website and getting them to generate a one-time 'no thanks' cookie that will stop any further cookies being written to your machine. Below are links to the third parties we use:
- Google (for analysing visitor behaviour and serving relevant advertising): http://www.google.com/policies/privacy/ads/#toc-analytics
- Doubleclick (advertising network): http://www.google.co.uk/doubleclick/
- Sub2 (for analysing visitor behaviour and personalisation) http://www.sub2tech.com/
- Fresh Relevance (Personalisation and targeted messaging) https://www.freshrelevance.com/
- Wisepops (Website Overlay/Pop Ups) https://wisepops.com/
- Emarsys (Marketing Automation Platform) https://www.emarsys.com/en/
- Visual Website Optimizer (Website Optimisation) https://vwo.com/
- Bing (Search Engine Advertising)- https://www.microsoft.com/en-us/concern/privacy
- Facebook (Serve relevent advertising content) - https://www.facebook.com/
- Hotjar- (Anonymised heatmaps to help improve customer experience) - https://www.hotjar.com/
- Trustpilot - We work with Trustpilot to generate authentic customer reviews - https://uk.trustpilot.com/
- Global-e - Global-e are our international payment and logistics provider, they provide currency conversion, payment gateway and logistics to all non UK customers - https://www.global-e.com/en/
If you have any questions about how Celtic & Co. uses your personal information that are not answered here, or if you want to exercise your rights regarding your personal information, please contact us by any of the following means:
- phone us on: +44 (0)333 400 0044
- e-mail us at: [email protected]
- write to us at: The Data Protection Officer, Celtic & Co, Newquay, Cornwall, TR7 2SX, United Kingdom
You have the right to lodge a complaint with the Information Commissioner’s Office. Further information, including contact details, is available at https://ico.org.uk.
UPDATES
This policy was last updated in July 2019