Privacy Notice

OEX PRIVACY NOTICE

Who are we?

We are OEX, a retail trading arm of Focus International Ltd T/A Focus Brands, a company incorporated in England and Wales with registered number 1461548 and whose registered office is at 6 Alexandra Road West, Huddersfield, West Yorkshire, United Kingdom, HD3 4EX (“the Company").

We use your information as further explained in this Privacy Notice. We’ll be the “controllers” of the information you provide to us.

Our website links to other websites, which will have their own privacy notices and terms.

 

What does this Privacy Notice cover?

We at OEX take your personal data seriously. This policy:

· Sets out the types of personal data that we collect about you

· Explains how and why we collect and use your personal data

· Explains how long we keep your personal data for

· Explains when, why and with who we will share your personal data

· Sets out the legal basis we have for using your personal data

· Explains the effect of refusing to provide the personal data requested

· Explains where we store your personal data and whether we transfer your data outside of the European Economic Area

· Explains the different rights and choices you have when it comes to your personal data

· Explains how you can contact us.

 

What personal data do we collect about you?

We will collect certain personal information about you in the course of your relationship with us.

This information includes:

· Your name

· Address

· Telephone number

· Email address

· Details about your orders

· Billing/payment information

· Internet Protocol (IP) address

· MAC addresses

· Traffic data

· Location data

· Login information

· Weblogs

· Cookies and other communication data

· Social media account details

· CCTV images

· Recording calls to contact centres

We may also collect sensitive personal data about you. We only collect sensitive personal data from you, and further process this data, where you have given your explicit consent.

 

 

How and why do we use your personal data?

The main purpose for which we use your information is to provide you with the products that you purchase from us and to send you offers and promotions that you might be interested in.

· In particular, we use your information:

· To provide you with the products that you have purchased from us and any receipts of purchase, including to deliver your products, and to send you order status updates

· To take payments for the products that you have purchased and to give refunds or exchanges

· To provide customer service and support to you

· To develop and improve our products and services

· To develop and improve our websites and set default options for you, such as language and currency and to ensure that content is presented in the most effective manner

· To provide you information that you request from us or which we feel may interest you such as marketing information by email, SMS or post

· To research our customers' preferences and trending products

· To run surveys and competitions

· To notify you about changes to our products

· To keep stores safe and secure through CCTV use

We will not use your information for any other purposes unless we are required to do so by law.

 

How long do we keep your personal data?

How long we keep your information will depend on the purpose for which we use it.

We will only keep your information for as long as is necessary to carry out the purposes we collected it for, as set out in this privacy policy (unless a longer retention period is required by the applicable law). We typically keep your personal data for 6 years from the purchase in order to enable us to deal with any issues or concerns you may have about the products or services you have received, and to allow us to bring or defend legal proceedings.

In some circumstances, some of your data will be deleted in much shorter timescales, for example:

· Cookies are deleted in accordance with our cookies policy

· CCTV images are kept for 60 days

· Marketing consents will be refreshed/deleted after 4 years

If reasonably necessary or required to meet legal or regulatory requirements, resolve disputes, prevent fraud and abuse, or enforce our terms and conditions, we will also keep hold of some of your information, even if it is no longer needed to provide our services to you.

 

Who do we share your personal data with?

We share your personal information with carefully selected third parties to help us to provide you with products, services and to market to you, such as:

· Payment service providers, warehouses, order packers and delivery companies in order to get your purchases to you

· Marketing agencies, advertising partners, website hosts and other third parties who provide services to help us to tailor our marketing to you

· Credit reference agencies, law enforcement and fraud prevention agencies

· Companies approved by you, such as social media sites, including companies such as Facebook and Google etc

 

As we continue to develop our business, we may sell or purchase assets. If another entity acquires us or merges with us, your personal information will be disclosed to such entity. If any bankruptcy or reorganisation proceeding is brought by or against us, all such information will be considered an asset of ours and as such it is possible, they will be sold or transferred to third parties.

Where required we share your personal information with third parties to comply with a legal obligation; when we believe in good faith that an applicable law requires it; at the request of governmental authorities conducting an investigation; to detect and protect against fraud, or any technical or security vulnerabilities; to respond to an emergency; or otherwise to protect the rights, property, safety, or security of third parties, visitors to the our website, our business or the public.

These third parties comply with similar and equally stringent undertakings of privacy and confidentiality.

No other third parties have access to your information unless we specifically say so in this Privacy Notice, or the law requires this.

 

What legal basis do we have for using your personal data?

We process your information:

· To be able to provide you with products in line with our Terms & Conditions via our website.

· For the entry into or performance of a contract
When you enter into a transaction with us or one of our brands, a contract between you and the relevant brand will have been entered into. In order for us to fulfil our obligations under such contract (e.g., to allow you to place an order and receive products from us), we will need to collect and process your personal information. Failure to provide the requisite personal information on sign-up to an account or on placing an order and payment information or objecting to this type of processing / exercising your deletion rights will mean we cannot provide our products to you.

· For compliance with our legal obligations
As a corporate group there are certain laws we need to comply with. In particular, we will need to process your personal information to verify your identity and for fraud and crime prevention purposes. Failure to provide the requisite personal information on sign-up / as you use our websites, may mean we cannot provide our products to you, as to allow you to purchase our products may mean we may be in breach of our legal obligations. You will not be able to object to processing or ask for the deletion of your personal information insofar as it falls under this category.

· When it’s necessary in pursuit of our legitimate interest
We are required to carry out a balancing test of our legitimate business interests in using your personal data outlined above against your interests and rights under the Data Protection Laws and regulations in the relevant territory. As a result of our balancing test, which is detailed below, we have determined, acting reasonably and considering the circumstances, that we are able to process your personal data in accordance with the Data Protection Laws on the basis that we have a legitimate business interest.
We have a legitimate interest in processing your information as:

· We both benefit from the effective management of your account(s) (where applicable)

· We both benefit from the effective management, operation and administration of our websites

· We both benefit from the provision of products, services and support and from improvements to our services

· We both benefit from updates to our websites

· We will both benefit from the ability to enforce or apply rights under any contract between us

· We are required to ensure the health and safety of our customers and the security of our stored data and have a legitimate interest in ensuring any processes relating to the same are effective and that fraud and other crimes are prevented and detected

· We would be unable to provide our products and services without processing your information; and

· We have a legitimate interest in processing your information in connection with any mergers, acquisitions or reorganisation of our business, in which case some of your information may be shared with a prospective buyer or otherwise but only so far as is strictly necessary for the purposes of such sale or administration.

You’ve the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on legitimate interests. More information on this right and on how to exercise it is set out below.

 

Do we make automated decisions concerning you?

We use an automated decision-making system to carry out some profiling of you for the purposes of improving and developing our products and services and to help us to tailor our marketing to you. The impact of any automated decision is to ensure you experience the best service possible. We use information that we learn about you such as your gender, preferences, hobbies, interests and purchase history to make sure the marketing you receive from us and the way our websites are displayed to you are appropriate and tailored to you.

You have the right not to be subject to a decision based solely on automated processing, including profiling, which has legal consequences for you or similarly significant effects. While we’re confident that the technology works, we understand that not everyone is comfortable with decisions being left entirely up to machines. If you have any questions about our identity checking system, please contact us on using the details at the end of this Privacy Notice.

 

Do we use Cookies to collect personal data on you?

To provide better service to you on our websites, we and our service providers use cookies to collect your personal data when you browse. For information about our use of cookies and how to decline them or turn them off please read our cookie policy.

 

What about marketing?

We would like to contact you from time to time about our new similar products and promotional offers by email, SMS, social media and post.

We always give you the choice of whether or not you wish to receive marketing communications from us.

By contacting us using the details at the end of this privacy policy you can tell us that you do not wish to receive marketing communications from us, and we will update your records. You can also click on the unsubscribe link in any promotional emails.

 

Where do we store your personal data? Do we transfer your personal data outside the EEA?

All information you provide to us is stored on our secure servers in the UK and European Economic Area (EEA).

The information which we collect about you may be transferred outside the European Economic Area. In the event of such transfer, we will ensure the adequate standard of security is in place for example by incorporating the European Commission approved clauses into our agreements with such third parties to ensure the security of your personal data. A copy of the European Commission approved model clauses is available here.

Where possible, we try to only process your information within the UK and European Economic Area (EEA). If we or our service providers transfer personal data outside of the UK or EEA, we always require that appropriate safeguards are in place to protect the information when it is processed.

 

How do we keep your personal data secure?

Transmission of information via the internet is not and cannot be completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our websites; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

We also take steps to ensure all our subsidiaries, agents, affiliates and suppliers employ adequate levels of security.

 

 

What rights do you have in relation to the personal data we hold on you?

By law, you have a number of rights under the Data Protection Laws in relation to the way we process your personal data, which are set out below. You may contact us using the details at the end of this privacy policy to exercise any of these rights.

Further information and advice about your rights can be obtained from the data protection regulator in your country.

In some instances, we may be unable to carry out your request, in which case we will contact you to explain why.

 

Right

What does this mean?

1. The right to be informed

You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we’re providing you with the information in this Privacy Notice.

2. The right of access

You have the right to obtain access to your information (if we’re processing it), and certain other information (similar to that provided in this Privacy Notice).

This is so you’re aware and can check that we’re using your information in accordance with data protection law.

3. The right to rectification

You are entitled to have your information corrected if it’s inaccurate or incomplete.

4. The right to erasure

This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there’s no compelling reason for us to keep using it. This is not a general right to erasure; there are exceptions.

5. The right to restrict processing

You have rights to ‘block’ or suppress further use of your information. When processing is restricted, we can still store your information, but may not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in future.

6. The right to data portability

You have rights to obtain and reuse your personal data for your own purposes across different services. For example, if you decide to switch to a new provider, this enables you to move, copy or transfer your information easily between our IT systems and theirs safely and securely, without affecting its usability.

7. The right to object to processing

You have the right to object to certain types of processing, including processing based on our legitimate interests and processing for direct marketing (i.e. if you no longer want to be contacted with potential opportunities).

8. The right to lodge a complaint

You have the right to lodge a complaint about the way we handle or process your personal data with your national data protection regulator.

9. The right to withdraw consent

If you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal data with your consent up to that point is unlawful). This includes your right to withdraw consent to us using your personal data for marketing purposes.

 

How can you make a request to exercise your rights?

To exercise any of the rights above, or to ask a question, contact us using the details set out at the end of this Privacy Notice.

 

How will we handle a request to exercise your rights?

We’ll respond as soon as we can. Generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we’ll come back to you and let you know.

We usually act on requests and provide information free of charge, but may charge a reasonable fee to cover our administrative costs of providing the information for:

· Baseless or excessive/repeated requests, or

· Further copies of the same information.

Alternatively, the law may allow us to refuse to act on the request.

 

How can you contact us?

If you have questions on the processing of your personal data, would like to exercise any of your rights, or are unhappy with how we’ve handled your information, please contact us.

If you’re not satisfied with our response to any complaint or believe our processing of your information does not comply with data protection law, you can make a complaint to the data protection regulator in your country.