This policy sets out important information about how we collect, use and store personal data for those who visit our Website, enquire about or buy a product from us, use our services, or otherwise communicate with us. It also contains important information on how you can contact us, if you wish to change, request or delete any of your personal data, so please read it carefully.
1. ABOUT US
The Website is owned and operated by POAN Limited (London) Limited a company registered in England and Wales under company number 09982582 with its registered office at Fourth Floor, 23 Queens Gate, London, United Kingdom, SW7 5JE (“POAN Limited”).
If you place an order for delivery of products to an address within the UK and Isle of Man, you will contract with POAN Limited. If you place an order for the delivery of products to an address within the European Union (excluding the Republic of Ireland), you will contract with POAN. If you place an order for the delivery of products to an address anywhere else in the world (including the Channel Islands and the Republic of Ireland), you will contract with POAN.
Unless we say otherwise, “we/us” refers to POAN Limited, POAN or POAN, as the context requires.
Other members of the POAN Limited Group may be involved in providing certain services available through the Website to you. All members of the POAN Limited Group are intended to benefit from POAN Limited’s rights under these Terms & Conditions, but are not parties to these Terms & Conditions.
2. HOW DO WE COLLECT INFORMATION?
We collect personal data:
directly from you, for example when you buy from us, create an account with us, sign up for our newsletters, sign up for or use any of our in-store services (such as WiFi or e-receipts), participate in any discussion board or other POAN Limited related social networking site, enter any competition or participate in any promotion organised by us, complete any survey that we send you, for example if we ask for feedback, or communicate with us in any way;
when you use our Website, for example by observing your browsing and purchasing habits, or your interactions with us through live chat;
from other organisations such as fraud preventing agencies; and
from CCTV footage where this is used in our premises to ensure the safety of our staff and customers.
Like many other websites, we may obtain information about you by using cookies. A "cookie" is a small data file stored by your web browser on your computer's hard drive. It allows us to recognise your computer (but not specifically who is using it) upon entering our Website and remember you when you return to our Website.
You can disable cookies on your computer by changing the preferences or options menus in your browser. However, it is possible that some parts of our Website will not operate correctly if you disable all cookies.
4. WHAT INFORMATION DO WE COLLECT?
Here we explain what type of data we collect. We’ll tell you how we use the data later.
Some of the data we collect includes data you may choose to give us, including:
personal details such as your name, date of birth, address, email and telephone number;
information you provide us when accessing our services using your social media account;
account login and password details;
financial and payment information;
recording from calls with our customer services;
details relating to your transaction history with us; and
content or information that you post on our Website, tag to or post on any POAN Limited related third party social media site, or otherwise disclose to us.
Other information we collect from your interaction with our website, for example:
details of your shopping and product preferences;
technical information: such as your time zone setting, the Internet Protocol (IP) address used to connect your computer to the Internet, the Wireless Access Point used to connect to our in-store Wi-Fi services, your computer or mobile device and connection information such as your browser type, version, operating system and platform;
information about your visit and traffic pattern: such as the full Uniform Resource Locators (URL) clickstream to, through and from our website (including date and time), frequency, duration and usage of in-store services, products you viewed and searched for; page response times, download errors, length of visits to certain pages, page interaction information, basket contents and methods used to browse away from the page.
We may also collect information from third parties or combine your information with information lawfully obtained from third parties such as technical, payment and delivery service providers, advertising networks, social media platforms, analytics service providers and search information providers.
We may also use publicly accessible information to verify information we are provided with and to manage and expand our business
5. HOW DO WE USE YOUR INFORMATION AND OUR LAWFUL BASIS?
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
Performance of Contract: this means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract. For example, when you want to buy something from us.
Legitimate Interest: this means the interest of our Company in conducting and managing our business. This is to enable us to give you the best products, services and security. We make sure we consider and balance any potential impact on you (both positive and negative) as well as your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
YOU CAN OBJECT TO PROCESSING ON THE BASIS OF LEGITIMATE INTERESTS AT ANY TIME AND, IF YOU DO SO, WE WILL STOP PROCESSING THE PERSONAL DATA UNLESS WE CAN SHOW COMPELLING LEGITIMATE GROUNDS WHICH OVERRIDE YOUR RIGHTS AND INTERESTS, OR WE NEED THE DATA TO ESTABLISH, EXERCISE OR DEFEND LEGAL CLAIMS – ALSO SEE “YOUR RIGHTS AND HOW TO EXERCISE THEM” BELOW.
Comply with a legal or regulatory obligation: this means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.
Generally, we do not rely on consent as a legal basis for processing your personal data other than in relation to:
sending direct marketing communications to you via email or text message, when we do not have a legitimate interest to do so;
using cookies on our website or mobile apps (where such cookies are not of the strictly necessary type for functional purposes);
processing special categories of personal information in relation to health, medical or disability information, which you choose to provide to us (to the extent that this is not required for complying with a legal or regulatory obligation); and
contacting you about surveys and user groups. Participation in surveys is entirely voluntary and you are under no obligation to take up an invitation from us to participate.
You have the right to withdraw consent to marketing at any time by contacting us at email@example.com. Where consent is the only legal basis for processing, we will cease to process data after consent is withdrawn.
We have detailed below the ways we use your personal data and our legal basis for processing:
Exercising our rights under contract for the sales of goods or services. For example, we collect and use your name, delivery address, contact details and payment information in order to fulfil and manage your orders, provide you with service information, manage your accounts with us, process returns and address your complaints and queries.
Undertake our legitimate interests as a business. These include, but are not limited to:
selling and supplying our products and services;
advertising and marketing our products and services;
communicating offers, events and competitions that we think will be of interest;
improving existing products and services and developing new products and services;
handling customer contacts, queries, complaints or disputes;
reminding you about items you have left in your shopping basket;
enhancing your interaction and experience with us for example by:
remembering you the next time you visit our Website to optimise and customise your experience by directing you to information on our site that we think will be of interest to you;
analysing how you and others use our Website and our stores, including details of pages viewed, accessed or visited and the length of your visit; and
curating, implementing and testing new systems or processes to provide a better user-experience and expand our digital offering;
understanding our customers’ behaviour, activities, preferences and needs;
measuring the effectiveness of our advertising;
notifying you about changes to our website, or services;
updating our records; and
ensuring the health, safety and wellbeing of our customers, employees and partners.
Ensuring that we discharge and undertake our statutory, regulatory and legal obligations which may include our obligations to our insurers and shareholders, preventing, investigating and detecting crime, fraud or anti-social behaviour, working with law enforcement agencies, keeping our business records and fulfilling our contractual obligations.
6. WHO DO WE SHARE INFORMATION WITH?
We will always treat your personal information with the utmost respect. We will not sell or rent your personal information to any third party.
However, in order to ensure that we offer the best service and can carry out the functions detailed within the 'How We Use Information' section above, it may be necessary for us to share the information we collect (which may include your personal data) with the following categories of third parties:
Companies within the POAN Limited as different entities within our group are responsible for different activities.
Carefully selected and trusted business partners, suppliers and sub-contractors where necessary to make products and services available to you for example, payment service providers, customer service providers, website hosts, datacentres, IT software and service providers, warehouse operators, logistics providers and delivery companies.
Carefully selected and trusted business partners, suppliers and sub-contractors where necessary to promote our products and services for example marketing agencies, advertising partners,
Companies who facilitate discount schemes you have registered with, for example Unidays.
Affiliates who help us engage with new audiences or promote our products on their websites.
Credit reference agencies, legal, accounting and financial service providers, law enforcement and fraud prevention agencies where it is necessary for us to do so to enforce a legal obligation, or in connection with actual or proposed litigation, or to protect the rights, property, or safety of our customers, employees or group companies, or otherwise where it is fair and reasonable for us to do so.
In the event that we sell or buy any business or assets, it may become necessary to disclose your personal data to the prospective seller or buyer and their advisors. Your information may also be transferred to another company in the event of sale of the whole or part of our business to a third party Similarly, your personal data may be passed on to a successor in interest in the unlikely event of a liquidation, bankruptcy or administration.
You may also choose to take advantage of some of our additional services, in which case, depending on your choices we may share your data with the following categories of companies to fulfil the services you have asked for:
Social Media sites (for example if you choose to link your accounts to us) and other companies approved by you; and
Third party payment providers, when you choose to use their payment services.
When using third party providers, we only provide them with the information that they need in order to deliver the service, restrict them from using the data for any other purposes and require them to keep your information secure.
Where we share financial details, these will always be entered on a secured page and transferred using SSL, a cryptographic protocol designed to provide communication security over the Internet.
If you would like to know more about the third parties we may share personal data with, or how to find out more on how they will use your data, please contact us at the details below.
7. HOW WE COMMUNICATE WITH YOU
We send two types of emails: customer service emails which are required to maintain our website and services; and newsletters or other marketing communications which contain special offers, discounts and information that might be of interest to you.
While customer service emails are necessary to help you benefit from our services, you may choose not to receive marketing communications by following the unsubscribe link in our emails, by modifying your subscription preferences in your account, or by emailing firstname.lastname@example.org.
By signing up for our newsletters or to receive other marketing communications from us, you accept that your personal data may be used, as outlined above, for such purposes. You consent to receive such marketing communications from us using any contact method which you have provided us with. This may be by post, email, SMS, and telephone.
You may also receive marketing communications containing information and special offers from third parties if you have consented to receiving such communications.
We want to ensure that you get the most relevant information about our products and services, at the right time.
The most effective way of doing this is for us to create a profile of you for marketing purposes. We will build your profile based on information you give us and we may supplement this information with marketing insight from third party companies and information in the public domain. We also use services such as Facebook’s Custom Audience and Google’s Customer Match.
When you sign up to receive our emails, we will remember your name and email address along with your age and gender if you provide this information. If you tell us exactly what you’re interested in when you sign up, we can make sure we only send you information about the products we know you want to hear about. To make sure we only send you the things you’ll love, our emails will collect information like whether you’ve opened or clicked the email, your device type and general area in which you open it.
When you go on our Website, we may analyse how you use our site by recording your mouse clicks, page scrolling and any text keyed into website forms (not including bank details or any sensitive personal data). This information may be used to improve the usability of our Website and to personalise marketing to you when you visit other websites.
When you make a purchase from us online or in store, we will remember your purchase history along with your date of birth and your gender – if you volunteer this information, so we can make sure we are only recommending products to you that we think you are going to like.
If you don’t complete your purchase, we will keep track of what you put in your shopping basket for when you return to our Website, and we may remind you of what is in your shopping basket via email, or banners on other websites.
If you submit user generated content through our social media channels, providing you agree, we may use your username, email address and Content in accordance with our 'User Generated Content Policy'. We may also use your IP address and geolocation to filter content by region, country or other local area.
You can unsubscribe from our marketing communications at any time by clicking on the link found at the bottom of every marketing email, by updating your account preferences on our Website, or by emailing email@example.com. Please note that it may take up to 7 days for any changes to take effect.
9. TRANSFERS OUTSIDE UK/EU
POAN Limited operates internationally. Generally, we store your data within the UK. However, we may need to transfer and store your personal information in a country which is outside the UK and the European Economic Area (EEA). For example, it may be stored in servers located outside the EEA, or it may be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff may be engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services.
Some of these countries will not offer the same level of protection for your personal data as the UK or the EEA, but if we transfer your information to one of these countries, we will take steps to ensure that your rights and freedoms in respect of the processing of your personal data are adequately and appropriately protected and comply with all relevant Data Protection laws. Please contact us if you would like further information about how we do this.
By submitting your personal data, you agree to this transfer, storing or processing.
10. YOUR RIGHTS AND HOW TO EXERCISE THEM
You have a lot of rights relating to your personal information (which may be subject to some conditions and exceptions), these are:
The right to access the personal information we hold about you, often called a subject access request;
The right to request the correction of inaccurate personal information we hold about you;
The right to request that we delete your data, or stop processing it or collecting it, in some circumstances - please note that this right does not always apply, for example where we are processing your data because we have a legitimate interest in doing so;
The right to stop direct marketing messages;
The right to withdraw consent for any consent-based processing at any time;
The right to request that we transfer or port elements of your data either to you or another service provider if this is technically doable;
The right to ask us to explain any computer-system decision about you;
The right to complain about how we have handled your personal data – you can do this straight to us (which we encourage you to do in the first instance) and to your data protection regulator — in the UK, the Information Commissioner’s Office.
If you want to correct any incorrect, incomplete, or out of date information we hold, you should be able do this yourself by logging into your account via our website and editing your information. Similarly, if you want us to stop sending you marketing material at any time, you can follow the unsubscribe link in our emails or modify your subscription preferences in your account.
If you have any difficulty exercising your rights yourself, or if you need us to action your request, you have a complaint, or you just have questions, then please email us at firstname.lastname@example.org. As a starting point, we have 30 days in which to respond to you.
11. HOW LONG DO WE STORE PERSONAL DATA FOR?
We only keep your personal data for as long as is necessary for the purpose for which it was collected (see 'How We Use Information' above). Once it is no longer necessary, we will either delete the data, or anonymise it. The use of anonymised data helps us to optimise our customer service.
We will, however, stop processing your data for marketing as soon as you unsubscribe. Nonetheless, should you want us to remove our records of your data prior to the end of our defined retention period, please contact: email@example.com.
12. HOW WE KEEP YOUR PERSONAL DATA SECURE
We have implemented appropriate technical and organisational security measures designed to protect the security of any personal data we process to guard against unauthorised or unlawful processing of your personal data and against accidental loss or destruction of, or damage to, your personal data.
Please note that despite the measures taken by us and the third parties we engage, the internet is not secure. As a result, others may nevertheless unlawfully intercept or access private transmissions or data and so transmission of personal data to and from our Website is at your own risk. You should also only access the Website within a secure environment. If you have asked us to share data with third party sites (such as social media sites), their servers may not be secure either.
It remains your responsibility however, particularly where you hold an account with us:
To log off or exit from the Website when not using it;
To ensure no-one else uses the Website while your device is logged on to the Website (including by logging on to your device through a mobile, Wi-Fi or shared access connection you are using);
To keep your password or other access information secret. Your password and log in details are personal to you and should not be given to anyone else or used to provide shared access for example over a network. You should use a password which is unique to your use of the Website – do not use the same password as you use for another site or email account; and
To maintain good internet security. For example if your email account or Facebook account is compromised this could allow access to your account with us if you have given us those details and/or permitted access through those accounts. If your email account is compromised it could be used to ask us to reset a password and gain access to your account with us. You should keep all of your account details secure. If you think that any of your accounts have been compromised you should change your account credentials with us, and in particular make sure any compromised account does not allow access to your account with us. You should also tell us as soon as you can so that we can try to help you keep your account secure and if necessary warn anyone else who could be affected.
Those processing your personal data will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
13. IF YOU WANT TO JOIN US
14. IF YOU ARE UNDER 18
Our Website is not directed to individuals under the age of 18. If you are under the age of 18, please stop using our Website and our services. It is our policy not to knowingly solicit or permit anyone under the age of 18 to provide their personal information for any purpose.
15. LINKS TO OTHER WEBSITES
16. IF YOU ARE UNHAPPY ABOUT HOW WE HANDLE YOUR DATA
If you wish to raise a complaint on how we have handled your personal data, we urge you to contact us at firstname.lastname@example.org in the first instance. We’re committed to protecting and respecting your privacy and will do our utmost to resolve your concerns.
If you are not satisfied with our response, you can contact the Information Commissioner’s Office (ICO) if you are a resident of the United Kingdom. You can contact them by calling +44 (0)7310 484 295, or online at www.ico.org.uk/concerns.
If you are not a UK resident, please contact the relevant data protection regulator in your country of residence.
17. APPLICABLE LAW
The following laws will apply to the protection of your personal data when you shop on our Website, or in our stores:
If you are a resident of the United Kingdom, the UK GDPR as defined in the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019, the Data Protection Act 2018 and the Privacy and Electronic Communications (EC Directive) Regulations 2003;
If you are a resident of the European Union, the Regulation (EU) 2016/679 (General Data Protection Regulation) and any applicable local laws, statutes and regulatory guidance.
If you are a California resident, the California Consumer Privacy Act (CCPA);
If you reside in any other country, the applicable data protection laws and regulations in your country of residence.