This is a privacy notice of Snug Shack Limited (trading as Snug). We respect your privacy and are determined to protect your personal data. The purpose of this privacy notice is to inform you as to how we look after your personal data when you visit our website (regardless of where you visit it from). We’ll also tell you about your privacy rights and how the data protection law protects you. This privacy notice is provided in a layered format so you can click through to the specific areas set out below.
Personal information we collect
When you visit the Site, we automatically collect certain information about your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device. Additionally, as you browse the Site, we collect information about the individual web pages or products that you view, what websites or search terms referred you to the Site, and information about how you interact with the Site. We refer to this automatically-collected information as “Device Information”.
We collect Device Information using the following technologies:
- “Log files” track actions occurring on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
- “Web beacons”, “tags”, and “pixels” are electronic files used to record information about how you browse the Site.
When placing an order with us (including requesting samples ) you will be enrolled in our email, Facebook, Instagram, Pinterest and Google Audiences marketing programmes. You can opt out of this at any time using unsubscribe links in our email messages, the links below or by contacting us at email@example.com. We will not share your personal information with any other companies for their marketing purposes. Your information may be processed outside of Europe but strict rules are in place to safeguard it. We collect certain information from you, including your name, billing address, shipping address, payment information (including credit card numbers (not for samples), email address and phone number). We refer to this information as ‘Order Information’.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us directly on firstname.lastname@example.org if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out below.
- To register you as a new customer
- When you make an online purchase and check out as a guest (in which case we just collect transaction-based data).
- When you create an account with us.
- When you purchase a product or service in store or by phone but don’t have (or don’t use) an account.
- When you engage with us on social media.
- When you contact us by any means with queries, complaints etc.
- When you ask us to email you information about a product or service.
- When you enter prize draws or competitions.
- When you book any kind of appointment with us or book to attend an event
- When you choose to complete any surveys we send you.
- When you comment on or review our products and services.
- Any individual may access personal data related to them, including opinions. So if your comment or review includes information about the member of staff who provided that service, it may be passed on to them if requested.
- When you fill in any forms. For example, if an accident happens in store, a member of staff may collect your personal data.
- When you’ve given a third party permission to share with us the information they hold about you.
- We collect data from publicly-available sources (such as Land Registry) when you have given your consent to share information or where the information is made public as a matter of law.
- When you order product swatches on the website
- When our finance providers, such as hitachi, share information with us about the product you have purchased.
How do we use your personal information?
We use the Order Information that we collect generally to fulfill any orders placed through the Site (including processing your payment information, arranging for shipping, and providing you with invoices and/or order confirmations). Additionally, we use this Order Information to:- Communicate with you;
- Screen our orders for potential risk or fraud; and
- When in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services.
We use the Device Information that we collect to help us screen for potential risk and fraud (in particular, your IP address), and more generally to improve and optimize our Site (for example, by generating analytics about how our customers browse and interact with the Site, and to assess the success of our marketing and advertising campaigns).
Sharing you personal information
We share your Personal Information with third parties to help us use your Personal Information, as described above. For example, we use Shopify to power our online store--you can read more about how Shopify uses your Personal Information here: https://www.shopify.com/legal/privacy. We also use Google Analytics to help us understand how our customers use the Site -- you can read more about how Google uses your Personal Information here: https://www.google.com/intl/en/policies/privacy/. You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
Finally, we may also share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights. We may have to share your personal data with the parties set out below:
- Internal Third Parties: Google (Google Analytics & Google Adwords), Viral Loops, Hotjar, Active campaign, Zapier, Facebook & Instagram (Facebook & Instagram advertising), Twitter, CACI, Slack, Magento, WordPress, Infinity, Survey Monkey, Rob wiTypeform, Helpscout, Pipedrive, Reply, Pinterest, Mailchimp, AirTable, Linkedin, DEAR, Xero, Shopify, Klaviyo, GemPages, StoreRocket, Metafields Guru, Seccomap, Hulk Forms, MentionMe.
- Third-party data processor, P.J. Bridgman & Company
- External Third Parties Service: Providers acting as processors who provide IT, system administration services and MentionMe Ltd. Website: www.mention-me.com, Data Protection Officer: email@example.com. The function of Mention Me - Operation of refer-a-friend programme. Processing activities include: processing customer email addresses and certain order data for the purposes of; enrolling customers onto our refer-afriend programme; monitoring the programme and safeguarding against gaming or
fraudulent use of the programme;communicating with customers in connection with operation of the programme and delivery of rewards; Reporting to Snug on the performance of the programme.
- Professional advisers acting as processors including lawyers, bankers, auditors and insurers based in United Kingdom who provide consultancy, banking, legal, insurance and accounting services: HM Revenue & Customs, regulators and other authorities acting as processors based in the United Kingdom who require reporting of processing activities in certain circumstances.
- Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets.
Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice. We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
As described above, we use your Personal Information to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work. You can opt out of targeted advertising by using the links below:
- Facebook: https://www.facebook.com/settings/?tab=ads
Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at: http://optout.aboutads.info/.
You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by emailing firstname.lastname@example.org at any time. Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product purchase, or swatch request warranty registration, product OR service experience or other transactions.
Do not track
Please note that we do not alter our Site’s data collection and use practices when we see a Do Not Track signal from your browser.
If you are a European resident, you have the right to access personal information we hold about you and to ask that your personal information be corrected, updated, or deleted. If you would like to exercise this right, please contact us through the contact information below. Additionally, if you are a European resident we note that we are processing your information in order to fulfill contracts we might have with you (for example if you make an order through the Site), or otherwise to pursue our legitimate business interests listed above.
Additionally, please note that your information will be transferred outside of Europe, including to Canada and the United States. Unless subject to an exemption under the data protection laws, you have the following rights with respect to your personal data:
- The right to request a copy of the personal data which we hold about you;
- The right to request that we correct any personal data if it is found to be inaccurate or out of date;
- The right to request your personal data is erased where it is no longer necessary to retain such data;
- The right to withdraw your consent to the processing at any time, where consent was the lawful basis for processing your data;
- The right to request that we provide you with your personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability), where applicable i.e. where our processing is based on consent or is necessary for the performance of our contract with you or where we process your data by automated means);
- The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
- The right to object to our processing of personal data, where applicable i.e. where processing is based on our legitimate interests (or in performance of a task in the public interest/exercise of official authority); direct marketing or processing for the purposes of scientific/historical research and statistics).
No fee required – with some exceptions
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable admin fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
We share your personal data within the Snug group. This will involve transferring your data outside the European Economic Area (EEA). Many of our external third parties are based outside the European Economic Area (EEA) so their processing of your personal data will involve a transfer of data outside the EEA. Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by implementing safeguards.
Please contact us at email@example.com if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
When you place an order or request swatches through the Site, we will maintain your Information for our records unless and until you ask us to delete this information. We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Whenever we collect or process your personal data, we’ll only keep it for as long as is necessary for the purpose for which it was collected. At the end of that retention period, your data will either be deleted completely or anonymised so that it can be used in a non-identifiable way for statistical analysis and business planning. By law we have to keep basic information about our customers including Contact, Identity, Financial and Transaction Data for six years after they cease being customers for tax purposes.
In some circumstances you can ask us to delete your data: see Your legal rights below for further information. In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
This version was last updated on 19/08/2020
The Site is not intended for individuals under the age of 18
We use the following cookies:
- Strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart or make use of e-billing services.
- Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
- Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region). MentionMe is a 3rd party service provider who will place functional cookies if you interact with the refer-a-friend programme. Please see here for more information: https://mention-me.com/help/privacy_policy_s#cookies.
- Targeting cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.
Except for essential cookies, all cookies will expire after 90 days.
For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact Robert Bridgman on firstname.lastname@example.org.
If this does not resolve your complaint to your satisfaction, you have the right to lodge a complaint with the Information Commissioners Office on 03031231113 or via email https://ico.org.uk/global/contact-us/email/or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, England, UK.