This privacy notice sets out the basis on which personal information about you may be collected and used when you use (whether to just browse or make a purchase) www.ironlabelofficial.com ("Sites”), and official iron label official social media accounts ("Social Media") (the "Privacy Notice”).
By using the Sites, App, and interacting with us on Social Media you confirm that you have read and are satisfied with the information contained in the Privacy Notice.
We are committed to maintaining your privacy. We are registered as a data controller with the Information Commissioner's Office and our designated EU representative location is Ireland. All references to the EU, European Economic Area, or the EEA shall include the UK for the purposes of these terms / this notice.
We reserve the right to amend this Privacy Notice from time to time. This Privacy Notice was most recently updated on 1st July 2021.
Did you know you have rights to the information we collect hold and use about you? The information below will help to guide you about the rights that you have, where you can find specific information about the information we collect about you and why we're collecting it.
We will only collect and process your data when the law allows or requires us to, including where we need to comply with a legal obligation e.g. fraud, money laundering prevention. Only members of our staff that are employed to deal with your data will have access to it. Where we use third-party data processors to assist us, any such third party shall only use your data for the purposes outlined in this Privacy Notice.
Our legal basis for processing your personal information
Whenever we process your personal information we have to have something called a “legal basis” for what we do. The different legal bases we rely on are:
- Consent: You have told us you are happy for us to process your personal information for a specific purpose(s).
- Legitimate interests: The processing is necessary for us to conduct our business, but not where our interests are overridden by your interests or rights.
- Performance of a contract: We must process your personal information in order to be able to provide you with one of our products or services;
- Legal obligation: We are required to process your personal information by law.
The personal data we collect about you
Personal data means any information about an individual from which that person can be identified. It does not include data where the individual is no longer identifiable.
We may collect, use, store, transfer, and otherwise process different kinds of personal data about you which we have grouped together as follows:
- Identity Data includes name, username or similar identifier, marital status, title, date of birth, and gender.
- Contact Data includes billing address, delivery address, email address, and telephone numbers.
- Financial Data includes bank account and payment card details.
- Transaction Data includes details about payments to and from you and other payment details of products/services you have purchased from us.
- Technical Data includes information collected when you access our websites or mobile applications, your internet protocol (IP) address, your login data, browser type, and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our websites or mobile applications.
- Profile Data includes purchases or orders made by you, your interests, preferences, feedback, and survey responses.
- Usage Data includes information about how you use our websites, mobile applications, Wi-Fi, and similar electronic services.
- Marketing and Communications Data includes your marketing and communication preferences.
How we share your data
We may disclose and share your personal data with the parties set out below:
- to business partners, suppliers, sub-contractors and other third parties that we use in connection with the running of our business for the purposes set out in the table above in the section ‘Use of your personal data, such as:
- third party service providers that we engage to provide IT systems and software, and to host our websites and/or mobile applications;
- to provide marketing and advertising services;
- third party service providers that we engage to deliver goods you have ordered and to manage any returns;
- third party service providers that we engage to send emails and postal mail on our behalf including in relation to incomplete orders or abandoned baskets, or marketing communications, to provide data cleansing services and to provide marketing and advertising services;
- analytics and search engine providers that assist us in the improvement and optimization of our websites and/or mobile applications;
- affiliate networks through whom you have accessed our websites and/or mobile applications;
- to any third party to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice;
- to protect our customers, group companies, websites, and mobile applications from fraud and theft, we may share personal data that is required to make identity checks and personal data that we obtain from making identity checks (including data relating to your age, name, and location), together with account information, with other group companies and with third-party organizations (including law enforcement agencies), involved in fraud prevention and detection and credit risk reduction;
- if we are under a duty to disclose or share your personal data in order to comply with any legal obligation; or
- to our professional advisers including lawyers, bankers, auditors, and insurers who provide consultancy, banking, legal, insurance, and accounting services.
We may send you marketing communications and promotional offers:
- if you have opened an account with us or purchased goods from us, or registered for a promotion or event, and you have not opted out of receiving that marketing;
- if you have signed up for email newsletters;
- if you have provided us with your details when you entered a competition and you have consented to receive such marketing (in accordance with your preferences, as explained below).
If you ask us to stop processing your personal data for marketing purposes (e.g., by following the opt-out links on any electronic marketing sent to you or by otherwise contacting us), then we will do so.
From time to time we may also include with your order, inserts advertising goods, services, or offers from other third-party companies that you may be interested in.
How long will you keep my details?
We will only retain your personal data for as long as reasonably necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements and for the establishment or defense of legal claims.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data, and whether we can achieve those purposes through other means, and the applicable legal requirements.
Will my details be transferred outside the UK/EEA?
The information that we collect from you may be transferred to and stored at, a destination outside of the UK / European Economic Area ("EEA"). It may also be processed by staff operating outside the UK/EEA who work for us or for one of our suppliers or business partners. Such staff may be engaged in, among other things, the fulfillment of your order, the processing of your payment details, and the provision of support and associated services. Our suppliers and business partners may also transfer, store, use, and otherwise process your information outside the UK/EEA for the purpose of fulfilling their obligations to you and to provide you with information, goods, and services.
Some of these locations outside of these territories will not offer the same level of protection for your personal data as the UK or the EU. If we transfer, store, or process your personal data out of the UK/EEA, we will take steps to ensure that an adequate standard of security is in place in order to protect your data, using approved methods within the relevant data protection legislation.
Please contact our customer care team at email@example.com if you would like further information about how we protect your transferred data.
Please let us know if at any time you wish us to stop interacting with you on Social Media or using any of your information on Social Media by contacting us at the details set out below.
The Sites and/or apps are not intended for use by children under the age of 13. We do not knowingly collect personal information from children under the age of 13. If you are under 13 do not use the Sites and/or App, or provide any information about yourself including without limitation your name, address, email address, or any screen name or user name you may use. If we learn that we have collected or received personal information from a child under 13 without verification of parental consent, we will delete that information. If you believe that we may have any information from or about a child under 13, please contact us at the address below.
You can ask us to delete information about you if any of the following apply: (a) it is no longer required by us for the purpose for which we collected it from you; (b) if we collected it with your explicit consent, when you withdraw that consent; (c) if you have grounds to object to us using it (see below) and we do not have any overriding legitimate grounds for using it; (d) if we have unlawfully used your information; (e) if you need us to delete it so that you can comply with a legal obligation. Please note we may still hold and process personal data which are outside the scope of your erasure request and will continue to process them in accordance with our legal rights and obligations. Examples of such legal rights and obligations may include financial regulatory requirements, audit purposes, and other legal obligations.
You can ask us to stop using your information if any of the following apply, (a) you don't think we have the correct details for you; (b) our use is unlawful and you do not want us to delete your information; (c) when you object to processing (see below); (d) we no longer require the information for the purpose for which we collected it; (e) where we collected the information with your explicit consent (f) if you object to our use (see below) and we do not have any overriding legitimate grounds for using it; (g) if you need us to delete it so that you can comply with a legal obligation. Please note when you make a request, we can still store your information and use it for claims purposes or if it is necessary to protect another person.
You have the right to ask us to send your information to you or another person where we originally collected your information with your explicit consent. We must provide this in a structured, commonly used, and machine-readable format. Please note this does not include information that we have inferred or derived, for example, the information we have collected about you to understand your shopping habits with Iron Label Official in order to give you a good customer experience.
You have the right to ask us to stop using your information where we have told you the legal purpose for which we are processing your information is for "legitimate interests" (see above) and you have grounds relating to your personal situation which requires us to stop using your information or where we have collected your information for direct marketing and you want us to stop using it for direct marketing purposes.
How do I exercise these rights?
If you want to exercise any of these rights or have any other feedback on questions, please contact our customer care team at firstname.lastname@example.org
ccpa privacy information
This section applies only to Iron Label Official customers who are California residents and supplements the details provided in our privacy notice (above) and contains the information that the Californian Consumer Privacy Act (“CCPA”) requires us to make available to customers. Any terms defined in the CCPA have the same meaning when used in this notice.
Information We Collect
We generally collect the following categories of personal information about your when you use our services:
- identifiers such as a name, address, unique personal identifier, email, phone number, your device’s IP address, software, and identification numbers associated with your devices;
- protected classifications, such as gender;
- commercial information such as records of products or services purchased obtained, or considered by you;
- Internet or other electronic information regarding your browsing history, search history, the webpage visited before you came to our Site, length of visit and number of page views, click-stream data, locale preferences, your mobile carrier, date and time stamps associated with transactions, and system configuration information;
- your geolocation, to the extent you have configured your device to permit us to collect such information;
- audio recordings of your voice to the extent you call us, as permitted under applicable law; and
- inferences about your preferences, characteristics, behavior, and attitudes.
You can find more information about the personal information we collect and how we collect it in the table above titled “Use of your personal data.
Use of Personal Information
We collect your personal information for the business purposes described above in the table titled “Use of your personal data”. The CCPA defines a “business purpose” as the use of personal information for the business’s operational purposes, or other notified purposes provided the use of personal information is reasonably necessary and proportionate to achieve the operational purpose for which the personal information was collected or another operational purpose that is compatible with the context in which the personal information was collected.
Sharing Personal Information
We may disclose your personal information to an organization for business purposes. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient organization to keep that personal information confidential and not use it for any purpose except performing the contract with us.
We disclose your personal information for a business purpose to the categories of third parties listed above in the section titled “How we share your data”.
Your Rights and Choices
If you are a California resident, you have rights in relation to your personal information; however, your rights are subject to certain exceptions. For instance, we cannot disclose specific pieces of personal information if the disclosure would create a substantial, articulable, and unreasonable risk to the security of the personal information, your account with us, or the security of our network systems.
1. Right Against Discrimination
You have the right not to be discriminated against for exercising any of the rights described in this section. We will not discriminate against you for exercising your right to know, delete, or opt-out of sales.
2. Right to Know
You have the right to request in writing a list of the categories of personal information, such as name, address, email address, that a business has disclosed to third parties during the immediately preceding calendar year for the third parties direct marketing purposes, and the names and addresses of all such third parties.
In addition, you have the right to request:
- the categories of personal information we have collected about you;
- the categories of sources from which personal information is collected;
- the business or commercial purpose for the information collection;
- the categories of third parties with whom we have shared personal information;
- the specific pieces of personal information we hold about an individual;
- a copy of the specific personal information we collected about you during the twelve (12) months before your request.
3. Right to Delete
You have the right to request we delete any personal information we have collected from you or maintain about you, subject to certain exceptions.
To assert your right to know or your right to delete your personal information, please contact us according to the ‘How do I exercise these rights’ section above. To confirm your identity, we may ask you to verify the personal information we already have on file for you. If we cannot confirm your identity from the information we have on file, we may request additional information from you, which we will only use to verify your identity, and for security or fraud prevention purposes.
4. Right to Opt-Out of Selling
You have the right to opt out of having your personal information sold. We do not sell your personal information.
In addition, California Civil Code Section 1798.83 permits customers of Iron Label Official who are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. Please allow 30 days for a response. To make such a request, contact us according to the ‘How do I exercise these rights?’ section above.