WHAT DOES THIS POLICY COVER?
This policy describes the processing of your personal data by Tonic UK Limited (02084195) of 276 Portobello Road, London, England, W10 5TE (“we”, “us” or “our”) in relation to:
- your use of our website at www.tonicuk.com (the “website”); and
- your interaction with us at the Tonic store (“in-store”)
For the purposes of applicable data protection law (including, the General Data Protection Regulation 2016/ 679 (the “GDPR”), we are a ‘data controller’ of your personal data.
Where applicable, this policy should be read alongside our terms and conditions, which tell you about the terms on which you may use the website.
WHAT PERSONAL DATA IS COLLECTED?
- PERSONAL DATA COLLECTED FROM YOU:
The following categories of personal data will be collected about you in connection with your use of the website and your interaction with us in-store, including, but not limited to, when you fill in forms on the website or whilst in-store, when you submit user-generated content, reviews or ratings, engage in any social media functions or ‘like’/ ‘love’ products on the website:
- Personal Identification Information: such as, your name and date of birth;
- Contact Information: such as, your email address, postal address, postcode and telephone number;
- Demographic Information: such as your gender;
- Preference Information: such as, information about the types of products you have purchased on the website, and information about the types of products you like or are interested in;
- Financial information: such as, payment card numbers; and
- Your marketing preferences, including any consents you have given us
In addition, if you contact us by phone, email or otherwise, we may keep a record of that correspondence.
- PERSONAL DATA COLLECTED ABOUT YOU:
- From Others: Although we generally collect personal data directly from you, we also collect certain categories of personal data about you from other sources. In particular:
- financial and/or transaction details from payment providers in order to process a transaction;
- Automatically Collected Information: such as, web browser type and version, operating system, the website you came from and exit to, your IP (Internet Protocol) address, your Device ID and Mac ID, your browser settings, the date and time of your visits, and details regarding your interaction with the website (including which pages, products or resources on the website you access), our emails and our in-store wifi network; and
- Cookies Information: in accordance with the Cookies section below
HOW IS YOUR PERSONAL DATA USED, AND WHAT IS THE LEGAL BASIS FOR THIS USE?
WE PROCESS YOUR PERSONAL DATA FOR THE FOLLOWING PURPOSES:
- Contractual Necessity: As required to establish and fulfil a contract with you, for example: if you make a purchase from us (this will include taking payments, and arranging the delivery or other provision of products, awards or services); communicating with you and providing customer services.
- Legitimate Interests: As required by us to pursue our own legitimate interests, in particular:
- facilitating the creation of, and securing, online registered accounts;
- managing, operating and improving online registered accounts (incl. enabling you to: manage your account details, manage your marketing preferences, track your orders, return products, and manage your wish lists), and customers’ journeys on the website;
- monitoring any online registered accounts to prevent, investigate and/or report fraud, terrorism, misrepresentation, security incidents or crime, in accordance with applicable law;
- delivering tailored advertising (incl. via Facebook look-a-like and custom audience);
- we will use data in connection with legal claims which concern our company, group or partners, compliance, regulatory and investigative purposes as necessary (including disclosure of such information in connection with legal process or litigation);
- creating user/customer insights based on user behaviour to drive targeted direct marketing;
- creating user/customer insights based on demographic segments to drive targeted email direct marketing and also carrying out market research and surveys;
- communicating with you; and
- investigating and handling any complaints received from you about our website, or our products and services
You can obtain further information on the legitimate interests balancing exercises which we have carried out by contacting us using the contact details provided below
- Legal Compliance: To ensure compliance with applicable laws and legal processes including, but not limited to, use in connection with legal claims, compliance, regulatory, tax, investigative purposes (including disclosure of such information in connection with legal process or litigation and to law enforcement agencies)
- Consent: Subject to the following, we will send you direct marketing by email, post and online about Tonic products which we think may be of interest to you. This will only be sent where you have given your consent to Tonic during the online sign-up process or via your online account on the website or verbally in-store, or (where permissible) you have been given an opportunity to opt out. You will be able to opt-out of electronic direct marketing by clicking the unsubscribe link contained in the email and, in all other cases, by updating your preferences in your account on the Tonic website or by contacting us on the contact details provided below
Visitors under 16 years of age are not permitted to subscribe to our services or use and/or submit their personal information on any of our website or applications. We do not knowingly solicit or collect information from visitors under 16 years of age. We encourage parents and guardians to spend time online with their children and to participate and monitor the interactive activities of their children.
If you make a purchase on the website, we may use automated tools as part of our fraud prevention measures. This means that your purchase may be declined if your payment has been rejected by the bank or if other factors indicate that the purchase may be fraudulent. If you have any concerns, please contact us on the contact details below.
WHO WILL YOUR PERSONAL DATA BE SHARED WITH, AND WHERE?
We will share your personal data with:
- third party service providers, who will process it on our behalf for the purposes above. Such third parties include, but are not limited to, logistics providers and couriers for delivery of your orders (which are located in the EU) and marketing providers (which are located in the UK, EU and US);
- government authorities and/or law enforcement officials if required for the purposes above, if mandated by law or if required for the legal protection of our own legitimate interests in compliance with applicable laws; and
- purchasers or prospective purchasers of all or part of our assets or our business, and their professional advisers, in connection with the purchase.
WHAT COOKIES WILL BE USED ON THE WEBSITE?
We don’t have access to the cookies which third parties place on the website; other than allowing them to be served. These companies have their own privacy policies which we encourage you to review.
STRICTLY NECESSARY COOKIES
Some cookies are essential for the operation of the website. For example, some cookies allow us to identify registered users and ensure they can access the website. If a registered user opts to disable these cookies, the user may not be able to access all of the content of the website.
Other cookies may be used to analyse how users use the site and to monitor site performance. This allows us to provide a high quality experience by customising the offering and quickly identifying and fixing any issues that arise. For example, performance cookies may be used to keep track of which pages are most popular and to determine why some pages are receiving error messages.
Functionality cookies are used to allow us to remember users’ preferences and tailor the website to provide enhanced features.
Targeting cookies are used to serve users with content and adverts, and to collect information about users’ browsing habits and usage of the website in order to make adverts more relevant to users and their interests. We may use remarketing technologies to enable third parties to display relevant and personalised ads to users through their networks. They are also used to limit the number of times users see an advert as well as help measure the effectiveness of an advertising campaign.
SOCIAL MEDIA COOKIES
These cookies allow users to share what they’ve been doing on the website on social media such as Facebook and Instagram. These cookies are not within our control. Please refer to the respective privacy policies for how their cookies work.
We use Facebook services to deliver our ads to you during your browsing experience/ whilst you are online. Facebook services include the delivery of ads on other platforms owned by Facebook, such as Instagram. You can control how Facebook uses data to show you ads by turning off ads which may be based on interests and / or your relationship with specific advertisers, in your ad preference settings. For further information, please visit the various Facebook pages which allow you to learn more about Facebook ads and tracking technologies and to update your settings:
Further, by visiting the Your Online Choices link above, you can opt out from seeing Facebook’s interest-based ads and you can also use your mobile device settings to configure your advertising preferences.
On your Facebook ad preferences, you will see that ads may be delivered to you according to ‘interests’ or specific advertisers and you can manage your ad preference settings for both of these.
Please note that where you have opted out of receiving our email marketing communications via the methods described above, you may still see our non-targeted adverts whilst you are online, if your interests settings on Facebook are aligned to an audience segment (pre-defined by Facebook) which our business is also associated with. We do not control whether these ads are displayed to you. Please see the relevant links above for details on how to learn more and manage Facebook ad settings.
Further, to learn more about adverts which are displayed to you whilst you are online, please consult the applicable website’s privacy and cookies policy on which you see our ads and the Your Online Choices link above.
Users are always free to decline cookies if their browser permits, although doing so may interfere with their use of the website. More information about how to control cookies is available here ico.org.uk/for-the-public/online/cookies.
CHANGES TO THIS POLICY
Any changes we may make to the policy in the future will be posted on the website and, where appropriate, notified to you by email or otherwise.
- What rights do I have in relation to my personal data?
You are entitled to ask us:
- for a copy of your personal data;
- to correct your personal data (if it is inaccurate, incomplete or not up-to-date);
- to ‘port’ your personal data (i.e. to transfer in a structured, commonly used and machine-readable format, to you or another data controller);
- to erase your personal data; or
- restrict its processing (i.e. processing will temporarily stop (save to the extent that personal data will continue to be stored)).
You also have rights to object to some processing that is based on our legitimate interests, and to processing for direct marketing purposes. Further, where we have asked for your consent to process your data, you are entitled to withdraw this consent as more fully described above.
These rights are limited in some situations – for example, where we can demonstrate that we have a legal requirement to process your personal data. In some instances, this may mean that we are able to retain data even if you withdraw your consent.
Where we require your personal data to comply with legal or contractual obligations, then provision of such data is mandatory: if such data is not provided, then we will not be able to manage our contractual relationship with you, or to meet obligations placed on us.
We hope that we can satisfy any queries you may have about the way we process your personal data. If you have any concerns about how we process your personal data, you can get in touch at: firstname.lastname@example.org.
If you have unresolved concerns you also have the right to complain to EU data protection authorities. The relevant data protection authority will be the data protection authority of the country: (i) of your habitual residence; (ii) of your place of work; or (iii) in which you consider the alleged infringement has occurred.
- How long will you hold my data?
Where we process your personal and transaction data, we do this for as long as your account is active and for no more than 7 years after this.
Where we process personal data for marketing purposes or with your consent, we process the data until you ask us to stop and for a short period after this (to allow us to implement your requests). We also keep a record of the fact that you have asked us not to send you direct marketing or to process your data indefinitely so that we can respect your request in future.
Where we process personal data for site security purposes, we retain it for 24 months.
Where will you send my data?
Sometimes Tonic will need to share your personal data with third parties and suppliers outside of the European Economic Area (the “EEA“) (i.e. all 27 EU Member States plus Iceland, Liechtenstein and Norway), such as the USA and Japan.
Where this is the case, we have procedures in place to ensure that your personal data receives the same level of protection as if it were being processed inside of the EEA. If you have any questions about how we protect your data outside of the EEA, please contact us at email@example.com.
If you have any questions about this policy and / or our processing of your personal data, please contact us at firstname.lastname@example.org.