FatFace Foundation Privacy Notice

FatFace Foundation (“we”) are committed to protecting and respecting your privacy. This privacy notice sets out the ways in which we may process your personal data, your rights in relation to our processing and other matters.

This privacy notice contains important details about the way we will treat your personal data, and your rights in respect of the personal data that we hold about you.

This privacy notice applies in relation to information we collect from you via our website, in-store, in correspondence or otherwise.

For the purpose of UK and EU data protection law, the data controller is FatFace Foundation, registered in England & Wales, charity no. 1129392. FatFace Foundation determines the purposes and way in which any personal data are, or will be, processed.

If you would like to contact us in connection with this privacy notice or its subject matter, please write to our Data Protection Officer, either by post to Unit 3 Ridgway, Havant, Hampshire, PO9 1QJ or by email to compliance@fatface.com, quoting ‘Security and Privacy Enquiry’.

Information we collect from you

This includes information that you give us by filling in forms on our website, by corresponding with us by phone, e-mail or otherwise, and while you are in-store. It includes information you provide when you register to use our website, open an account, subscribe to our mailing list, search for a product, place an order on our website, apply for any job via our website, use our social media platforms, enter a competition or promotion and when you report a problem with our website, products or services. The information you give us may include your name, address, e-mail address and phone number, financial and credit card information, clothing sizes, and, in relation to any job application, your employment history, education records and other details relevant to your application.

In order to personalise your website experience and understand how people use our website, we may also gather information about the devices you use to access our website (desktop and mobile) and your use of our website. This may include the following information:

  • Technical data about your device and browser such as the Internet Protocol (IP) address used to connect devices to the Internet, geographical location, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform and login information.
  • Information about your use of our website such as referral source, length of visits to certain pages, page views, website navigation paths including the clickstream to, through and from our sites (including date and time), items viewed or searched for, page response times, download errors, page interaction information (such as scrolling, clicks and mouse-overs) and methods used to browse away from pages.

This data is collected automatically by our analytics tracking system and third party services and involves the use of cookies. As such, the data collected about you will depend on the cookie preferences you select using our cookie preference tool. Please see our Cookie Policy for more information about our use of cookies and tracking.

We may use CCTV in our stores for security monitoring purposes.

We also occasionally engage mystery shoppers who may film their experiences with our store staff to help ensure that our staff are providing the highest standards of service.

Cookies

Our websites use cookies for a variety of functions, including to distinguish you from other users of our websites. This helps us to provide you with a good experience when you browse our websites and also allows us to improve our sites.

We will tell you about the cookies used on our website when you first visit our website and provide you with the option to accept these cookies or change which cookies are set, using our cookie preference tool to accept or reject different types of cookies. We will also ask you to re-confirm your cookie preferences every 90 days if you re-visit our website.

For detailed information on the cookies we use and the purposes for which we use them see our Cookie Policy.

Purposes for which we may process your information

We have set out below the purposes for which we process the information described in this notice and the legal basis we rely on for each processing purpose. UK and EU data protection law requires us to have at least one “legal basis” for processing personal data. The legal bases applicable to the personal data to which this notice relates are:

  • Performance of contract: Where the processing is necessary for us to perform a contract that you are party to, or to take steps at your request prior to entering a contract, such as a contract for the sale of our products to you;
  • Legal obligation: Where the processing is necessary for compliance with a legal obligation to which we are subject;
  • Legitimate interests: Where processing is necessary for the purposes of our legitimate interests or the legitimate interests of a third party, provided that your interests or fundamental rights and freedoms which require protection of your data do not override those legitimate interests;
  • Consent: If you have given your consent to us processing your personal data for specified purposes.
Purpose of processingLegal basis for processing
To process, fulfil and provide you with information relating to your ordersPerformance of contract
To provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about (depending on your marketing preferences)

For email marketing: legitimate interests (promoting our brand, products and services to increase sales)

For postal marketing: consent

To build a profile of your interests and show you relevant adverts on our website and other websites (depending on your cookie preferences)Consent (as indicated by website visitors using our cookie preference tool)
To ensure that content from our sites is presented in the most effective manner for you and for your device (depending on your cookie preferences)Consent (as indicated by website visitors using our cookie preference tool)
To measure or understand the effectiveness of web advertising we serve to you (depending on your cookie preferences)Consent (as indicated by website visitors using our cookie preference tool)
For fraud and theft prevention (for example, using PCI payment processors to verify card details)

Legitimate interests (protecting our business from risk)

Legal obligation, when necessary to ensure our business complies with applicable laws such as those imposing crime-reporting obligations

For our own legal and risk management purposes

Legitimate interests (protecting our business from risk)

Legal obligation, when necessary to ensure our business complies with applicable laws

For security monitoring purposes in our stores (for example, using CCTV)Legitimate interests (protecting our store staff, customers and visitors and our business from physical or financial harm)
To monitor the quality of our stores and customer service (using mystery shoppers)Legitimate interests (providing a high standard of customer service and experience)
If you have submitted a job application, in order to evaluate and manage that applicationLegitimate interests (recruitment of suitable staff to work in our business)

Please note that, where you are asked to provide information to us which is of a sort that is necessary to enable us to perform a contract or fulfil a request that you make (e.g. contact, delivery or payment information) – if you do not do so, we may not be able to perform your contract or fulfil your request.

Who we share your information with and why

We work with a number of trusted service providers, suppliers, agencies and businesses in order to provide you with the highest quality products and services you expect from us, e.g. delivery companies, fraud prevention agencies and product technicians amongst others, and share personal data with those third parties to the extent necessary for them to provide their services to us. Some of the categories of third parties with whom we share the personal data described in this notice are:

  • business partners, suppliers and sub-contractors for the performance of any contract we enter into with you;
  • service providers who provide services to us in connection with publishing and running our website and providing the services and functions available via our website;
  • service providers who provide software and/or professional services in connection with running our business;
  • advertisers and advertising networks that require the data to select and serve relevant adverts to you;
  • analytics and search engine providers that assist us in the improvement and optimisation of our website.

We may share your personal data with other third parties if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply the terms of any agreement or policy to which we are a party, or to protect the rights, property, or safety of us, our staff or customers, or others. This may include exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

We may share your personal data, including your name, address, email address, as well as a record of any transactions you conduct on our website or offline with us with a third-party advertising partner and its service providers in order to deliver to you banner advertisements and other advertising tailored to your interests when you visit certain websites. Our advertising partner will make the data we provide to it pseudonymous. To learn more about the use of this information or to make choices about receiving personalised advertising provided by third parties, please visit the European Digital Interactive Advertising Alliance. Our sharing of your personal data in connection with these advertising activities will depend on the cookie preferences you select using our cookie preference tool and on the privacy settings you select on your device and/or browser.

Keeping in touch with you

We want to keep you up to date with information about new ranges, special offers and improvements to our website. Where we have consent or it is in our legitimate interests to do to, we may do this through the post, by email, through online advertising or by any other electronic means.

We understand that preferences change and you might not wish to receive marketing communications from us. You can amend your marketing preferences by any of the following methods:

  • writing to the Data Protection Officer, FatFace, Unit 1-3 Ridgway, Havant, PO9 1QJ;
  • emailing compliance@fatface.com
  • calling the Customer service centre on +44 (0)330 124 0000;
  • changing your contact preferences in the Personal Details section of your account online;
  • using the unsubscribe link within our emails.

If you have requested to opt out of marketing, please note that you may continue to receive marketing communications for a short period while your request is dealt with. It may take around five working days to unsubscribe you from emails and, as catalogues get printed in advance, it can take up to one month for you to unsubscribe from postal marketing.

Special categories of personal data

Special categories of personal data means information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health, sex life or sexual orientation or genetic or biometric data.

We do not need, and do not ask for, special categories of personal data or personal data relating to criminal convictions and offences for the processing purposes set out in this privacy notice in respect of our customers or website visitors. If you do provide this type of information to us, we will require your explicit consent to process it unless we have an alternative legal basis for processing it. Accordingly, if you do not want us to process any such categories of personal data, please do not provide it to us.

If you provide us with any of the above types of data in relation to a job application, the information will only be used so that we can monitor our compliance with the law and best practice in terms of equal opportunities and non-discrimination. The legal bases we rely on for this processing are:

  • the processing is necessary to carry out our obligations and exercise our or your rights in the field of employment, namely under laws relating to equality and health and safety;
  • the processing is necessary for reasons of substantial public interest, such as identifying or keeping under review the existence or absence of equality of opportunity or treatment or promoting or maintaining diversity in the racial and ethnic origins of individuals who hold senior positions in our organisation.

Where we store and transfer your personal data

Our offices and servers are based in the UK. If you place an order with us and you are outside of the UK, the personal data you provide when placing your order will be transmitted to us and accessed by our staff in the UK.

Some of our service providers, suppliers and agencies and businesses we work with are based in and/or process personal data outside the UK or EEA. We transfer the personal data described in this notice to these third parties if and to the extent necessary for them to carry out the tasks and services we engage them to provide. These transfers are subject to safeguards to protect the personal data transferred to the standards required by UK data protection law.

Some of these third parties are based in EEA countries or non-EEA countries that the European Commission has determined provide adequate protection for personal data. Under UK data protection law, all these countries are deemed to provide adequate protection for personal data, so UK companies can transfer personal data to service providers in these countries without having to put any further safeguards in place.

Some of these third parties are based in the U.S.A. and other countries that are not deemed to provide adequate protection for personal data. Transfers of data to these third parties are therefore subject to safeguards including Standard Contractual Clauses or Binding Corporate Rules.

If you would like further details of the safeguards we use to transfer personal data to these third parties, please contact us compliance@fatface.com.

Security

All information you provide to us is stored on secure servers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our sites or your online account, you are responsible for keeping this password confidential, and for all use made of your account with such password. We ask you not to share this password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our sites; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

Length of data storage

Our policy is to ensure that personal data is only stored for as long as is necessary for the purposes it was collected. We keep your personal data in accordance with our global data retention policy which categorises all of the information held by us and specifies the appropriate retention period for each category of information. Those periods vary according to our obligations under applicable laws and regulations, good practice and our business purposes. At the end of the applicable retention period, your personal data will either be deleted completely or anonymised so that it is no longer personal data.

If you would like further detail about our storage of your personal data, please contact us compliance@fatface.com.

What are your rights

You have various rights under Data Protection Law. These include:

  • The right to ask us not to process your personal data for direct marketing purposes, even if you have given consent or previously subscribed to receiving direct marketing from us;
  • If our processing is based on your consent, the right to withdraw any consent you may have given for our processing of your data;
  • The right to ask us for access to the personal data we hold about you and how we use it;
  • The right to ask us to rectify any personal data that we hold about you that is inaccurate or incomplete;
  • The right to ask us to delete your personal data in certain circumstances;
  • The right to ask us to restrict our processing of your personal data in certain circumstances;
  • The right to object to our processing of your personal data in certain circumstances;
  • The right to data portability to electronically move, copy or transfer your personal data in a standard form in certain circumstances.

You can exercise any of the rights set out above by contacting compliance@fatface.com. In respect of certain of the rights referred to above, we may need more information from you, e.g. to provide further information in order to confirm your identity.

You also have the right to lodge a complaint with the applicable data protection supervisory authority if you are concerned that we are not respecting your rights under data protection law. The Information Commissioner’s Office is the authority in the UK which is responsible for overseeing the application of, and enforcing, UK data protection law. Information on making complaints to the Information Commissioner’s Office can be found on its website here: Make a complaint | ICO.

Automated decisions

We may, based on information that you provide, make certain decisions on an automated basis. Such decisions include deciding if you pose a fraud or money laundering risk. In certain circumstances, you have the right to object to such decisions being made on an automated basis. If you want to know more please contact us at compliance@fatface.com.

Other websites

Our websites may, from time to time, contain links to and from the websites of third party businesses and organisation, including the social media platforms we use. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies.

Changes to this privacy notice

Any changes we make to our privacy notice in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy notice.

European Representative

Pursuant to Article 27 of the General Data Protection Regulation (GDPR), FatFace Foundation has appointed European Data Protection Office (EDPO) as its GDPR Representative in the EU. You can contact EDPO regarding matters pertaining to the GDPR:

Contact

Questions, comments and requests regarding this privacy notice are welcomed and should be addressed to compliance@fatface.com

Last updated: October 2021