BOUTIQUE UNIQ Privacy Statement
Effective Date: March 4, 2019
This website is operated by Boutique Uniq Limited (“us” or “we” or “our”). Boutique Uniq Ltd is the “data controller”, (Company Number 11024805). We are responsible for complying with the General Data Protection Regulation (GDPR), the 2018 United Kingdom Data Protection Act, and certain other legal and regulatory maintains and industry standards with regards to the safeguard and protection of our customer’s and employees’ personal information.
Our Privacy Statement explains what type of personal information we may collect, use, share and store about you; how we’ll handle that data, and keep it safe. For the purposes of complying with the GDPR, we act in the capacity of a “Data Controller” when collecting, using, sharing, or storing your personal information. This means, per the GDPR, we are required by law to, alone or jointly with others, determine the purposes and means of processing of personal data; where the purposes and means of such processing are determined by the European Union or Member State law, the controller, or the specific criteria for its nomination may be provided for by Union or Member State law. We advise you read the following carefully as we want you to be fully informed about your rights, and how the Boutique Uniq uses your personal information.
Please note from time to time, we’ll need to update this online privacy statement. If we make any changes to this statement, we’ll update the “Effective Date” at the top of the page.
- What type of personal information do we collect and how do we collect your personal information?
Most of the personal information we collect and process about you comes directly from you: your full name, email address, billing/delivery address, telephone number when you:
- make an online purchase from our website
- create an account with us
- contact us for queries, complaints
- leave comments/feedbacks or reviews on our products
- sign up for our newsletter
- connect with us through our social media
Additional personal information may be gathered through“Cookies and Similar Technologies” when you contact us or visit our website, including:
- Your computer’s internet protocol (IP) address, information about your device and operating system
- Your purchase history on our website
- Your browsing history on our website
- Your log-in information on our website
- Your visit history on our website (URL, Clickstream, page interaction information e.g.)
Instagram Product Tagging
We embed videos from our official YouTube channel using YouTube’s privacy-enhanced mode. This mode may set cookies on your computer once you click on the YouTube video player, but YouTube will not store personally-identifiable cookie information for playbacks of embedded videos using the privacy-enhanced mode.
Read more at YouTube’s embedding videos information page.
We use Google Analytics which Google uses the information shared by Websites and applications to deliver our services, maintain and improve them, develop new services, measure the effectiveness of advertising, protect against fraud and abuse, and personalize content and advertisements you see on Google and on our partners’ Websites and applications. To learn more about the Company’s use of Google Analytics and what Google Analytics does, please see here.
The website is hosted on Shopify Inc. Shopify provide us with the online e-commerce platform that allows us to sell our products and services to you. Your data is stored through Shopify’s data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall. Per the GDPR, Shopify is a “Data Processor” whom is responsible for processing your personal information on behalf of us as the “Data Controller”
We may also collect personal information made publicly available through third-party platforms (such as online social media platforms), through online databases or directories, or that is otherwise legitimately obtained.
The Boutique Uniq website is hosted on Shopify Inc. Shopify allows us to sell our products and services to you via their online e-commerce platform. Shopify’s data storage, databases and the general Shopify application store your personal information on a secure server behind a firewall.
If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.
PCI-DSS requirements help ensure the secure handling of credit card information by the website and its service providers.
For more insight, you may also want to read
Shopify’s Terms of Service (https://www.shopify.com/legal/terms)
Privacy Statement (https://www.shopify.com/legal/privacy
2. How do we use your personal information?
We use your personal information for example: to notify you about changes to our service or policies, provide you information about our products, deliver your purchased product(s), authenticate your access to our website, improve the user experience and provide a good level of customer service, and comply with applicable laws and regulations.
When we advertise and market Boutique Uniq’s products and services, we may send our customer (with customer’s consent, where necessary) promotion and/or offer emails.
3. How do we share your information?
We do not share your personalinformation with anyone except as described above and below.
We will share your Personal Information only with your consent or if we are under a duty to disclose or share your personal information as required or permitted by applicable law or if you violate our Terms of Service.
We may share your personal information with our suppliers and service providers (as described above), where they are helping us to market and advertise our products, only with your consent.
4. What Legal Basis we rely on
Consent: If we ask for your personal information for a secondary reason, for example email marketing and other promotional related communications, we will either ask you directly for your expressed consent, or if you have previously opted-in to receive such communications we will provide you with an opportunity to change your existing privacy choices by de-selecting any such opt-in preferences to receive marketing communications.
You can withdraw your consent at any time by contacting us at firstname.lastname@example.org by logging into your e-mail account to opt-out of receiving marketing information by clicking on the “unsubscribe” link at the bottom of any marketing email we send you.
Contractual obligations: For example, where you have purchased a product from us we will collect your address details to deliver your purchase. Where the “contractual obligations” legal basis applies, we are not required by the GDPR to obtain your consent for using your personal information for such purposes.
Legitimate interest: Where it is necessary for us to understand our customers, promote our services and operate effectively as a clothing retailer, provided in each case that this is done in a legitimate way which does not unduly affect your privacy and other rights. Where the “legitimate interest” legal basis applies, we are not required by the GDPR to obtain your consent for using your personal information for such purposes.
Legal compliance obligation: We may need to collect and process your personal information in order to comply with legal and regulatory compliance obligations.Where the “legal compliance” legal basis applies, we are not required by the GDPR to obtain your consent for using your personal information for such purposes.
5. How long will we keep your personal information?
We will only keep your personal information for 6 years for the purpose for which it was collected. When your personal information is no longer necessary we will take reasonable steps to securely destroy such information, so can comply with our legal and contractual obligations.
6. What are your rights?
You have certain rights per the GDPR in relation to your personal information, including:
- Right of access
- Right to rectification
- Right to erasure and the right to be forgotten
- Right to restriction and objection
- Right to abstain from automated decision making, including profiling
For more information about your legal rights under the GDPR please refer to GDPR rights of the data subject
If you wish to exercise any of these legal rights please contact us using the contact details below.
We will handle any request to exercise your rights in accordance with applicable law, and respond without undue delay and at the latest within one month of receiving your request. We will process your request free of charge. If for any reason, and in accordance with applicable legal & regulatory obligations, we are unable to fulfil/action your request, we will respond to you in writing with the reasons why.
7. Do you have queries about this privacy statement, want to exercise any of your rights or make a complaint?
Please contact to our customer services team at email@example.com you wish to make a complaint.
You may also choose to contact to the United Kingdom Information Commissioner’s Office (ICO) (the UK Data Protection Authority / regulator) if you are unhappy with how we have used your personal information. The ICO’s address is: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, Helpline number: 0303 123 1113
8. How to Contact to usPlease contact our Customer Services team at firstname.lastname@example.org if you have a general query and/or would like to exercise any of your legal rights including (but not necessarily limited to): right of access; right to rectification; right to erasure and the right to be forgotten; right to restriction and objection; right to abstain from automated decision making, including profiling; and/or right to data portability. This includes seeking to access, correct, amend or delete any personal information we collect, use, share, and store about you.