WEBSITE PRIVACY NOTICE

 Purpose of Notice

 

  • At YMC, we’re committed to protecting and respecting your privacy. This notice explains when and why we collect your personal information. It also explains how we use your personal data, the conditions under which we may disclose it to others and how we keep it secure.
  • Importantly, this notice details how you can take control of your personal data and how you can contact us, if you wish to change, request or delete any of your personal data.
  • Our privacy practices are in line with requirements set out in the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.
  • In order to provide you with the best products and experiences, we constantly evolve our services. We may, therefore, change this notice from time to time, so please continue to check this page to ensure that you’re happy with any changes. By using our website, you’re agreeing to be bound by this policy.
  • Any questions regarding this notice and our privacy practices should be sent by email to: dataprivacy@youmustcreate.com

Scope of Notice – Who We Are and Who Does This Notice Apply To:

 

  • This notice gives information to those who visit our website, enquire about or buy a product from us, use our services, or otherwise communicate with us about where and how we process their personal data. We have a separate privacy notice for employees. We also have a separate policy for those who want to join our business found here.
  • We do not offer services to children under the age of 13. If you are under the age of 13, please stop using our services.
  • This privacy notice is issued on behalf of YMC Limited so when we mention “company”, “we”, “us” or “our” in this privacy notice, we are referring to YMC Limited, the company responsible for processing your data.
  • If you have any questions about how we collect, store or use personal data that we hold about you, please contact us c/o YMC c/o Centro One, 1st Floor, 39 Plender Street, London NW1 0DT, or at dataprivacy@youmustcreate.com.

How Do We Obtain Information From You?

 

  • We primarily collect your personal data when you buy from us, contact us about products and services, or if you register to receive one of our newsletters. Although, we may also obtain information about you when you use our website, or communicate with us in any way (email, social media, calls, mail).
  • We obtain information about you, for example when you:
    • use the website (including collecting data on your browsing habits, or your interactions with us through live chat);
    • register for, or use any in-store services;
    • register for, or create an account with us;
    • search for, purchase and/or return products to us;
    • communicate with us by telephone, email or otherwise;
    • sign up for our newsletters or to receive other marketing communications from us;
    • participate in any discussion board or other social media function on or linked to the website; or
    • enter any competition, or participate in any promotion organised by us.

What Type Of Data Do We Process?

 

  • We collect data in many ways. Here we explain what type of data we collect. We’ll tell you how we use the data later.
  • Some of the data you may choose to give us includes:
    • personal details such as your name, age, gender, date of birth, address, email and telephone number;
    • information you provide us when accessing our services using your social media account;
    • account login and password details;
    • financial and payment information;
    • details relating to your transaction history with us;
    • details of your shopping and product preferences; and
    • photographs submitted digitally by you for display on the website or our social media channels.
  • We may also collect information from you due to your interaction with our website, for example:
    • technical information: such as your time zone setting, the Internet Protocol (IP) address used to connect your computer to the Internet, the Wireless Access Point used to connect to our in-store Wi-Fi services, your computer or mobile device and connection information such as your browser type, version, operating system and platform.
    • information about your visit and traffic pattern: such as the full Uniform Resource Locators (URL) clickstream to, through and from our website (including date and time), frequency, duration and usage of in-store services, products you viewed and searched for; page response times, download errors, length of visits to certain pages, page interaction information, basket contents and methods used to browse away from the page; and
    • email addresses and phone numbers used to contact our customer service number and any related call recordings.
  • We may also collect information from third parties, or combine your information with information lawfully obtained from third parties such as technical, payment and delivery service providers, advertising networks, social media platforms, analytics service providers and search information providers.

Cookies

 

  • Like many other websites, the YMC website uses cookies. A “cookie” is a small data file stored by your web browser on your computer’s hard drive. It allows us to recognise your computer (but not specifically who is using it) upon entering our website, and remember you when you return to our website, by associating the identification numbers in the cookie with other customer information you have provided to us. This customer information is stored on secured databases.
  • We use cookies to keep track of what you have in your basket and to identify which website you came to us from.
  • You can disable cookies on your computer by changing the preferences or options menus in your browser. However, it is possible that some parts of our Site will not operate correctly if you disable cookies.
  • Cookies helps us to improve our website and deliver a better, more personalised service.
  • Please refer to our Cookie Policy, located here for full details of precisely who, how, when and why we use Cookies and how to disable Cookies if you wish.

How We Use Your Data and Our Lawful Basis

 

  • We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
  • Performance of Contract: this means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.  For example, when you want to buy something from us.
  • Legitimate Interest:this means the interest of our Company in conducting and managing our business. This is to enable us to give you the best service, product and security. We make sure we consider and balance any potential impact on you (both positive and negative) as well as your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
  • Comply with a legal or regulatory obligation:this means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.
  • Generally, we do not rely on consent as a legal basis for processing your personal data other than in relation to sending direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us dataprivacy@youmustcreate.com.
  • We have detailed below the ways we use your personal data and our legal basis for processing:
  • Exercising our rights under contract for the sales of goods or services:
    • fulfilling and managing your requests, purchases and accounts with us – for example so that we can:
    • process orders, deliver products and services, process payments and carry out any other obligations arising from any sales entered into between you and us;
    • provide you with customer service functions to see if there was a problem with your use of the website;
    • notify you about changes to our website, or services;
    • maintain and update your account with us;
    • keep our business records and fulfil our contractual obligations.
  • Undertake our legitimate interests as a business. These include, but are not limited to:
    • analysing your personal information to create a profile of your interests and preferences so that we can contact you with information relevant to you. To help us to do this effectively, we may make use of additional information about you that is available from external sources;
    • offering you the opportunity to take part in customer feedback surveys, user groups, competitions and prize promotions. Your participation in competitions and/or surveys is entirely voluntary, and you are under no obligation to take up an invitation from us to participate;
    • delivering relevant advertising to you; and
    • measuring the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you, which may be based on your activity on our website(s) or those of third parties.
    • enhancing your interaction and experience with us – for example so that we can:
      • administer our website including for internal operations, trouble -shooting, testing, research, and for statistical and survey purposes;
      • improve and optimise our website and in-store customer experience and develop new services;
      • analyse how you and others use our website and stores;
      • customise your experience when using our Site or other services; and
      • ensure the health, safety and wellbeing of our employees, staff and partners.
    • Ensuring that we discharge and undertake our statutory, regulatory and legal obligations which may include:
      • our obligations to our insurers;
      • prevention of fraudulent transactions and other illegal activities; and
      • keeping our business records and fulfil our contractual obligations.
      • administering and protecting our business and website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data).
    • Generally, we do not rely on consent as a lawful basis for processing your personal information, other than in relation to:
      • sending certain direct marketing communications to you;
      • using cookies on our website or mobile apps (where such cookies are not of the strictly necessary type for functional purposes);
      • processing special categories of personal information in relation to health, medical or disability information, which you choose to provide to us (to the extent that this is not required for complying with a legal or regulatory obligation)
      • providing you with information that might be of particular interest to you (such as upcoming events);
    • You have the right to withdraw consent at any time by contacting us dataprivacy@youmustcreate.com.
    • Any of these functions may be carried out by us or appointed third parties who must process any personal information in accordance with this Privacy Notice. The type of companies and organisations who can access your information are set out within the Who We Share Information With section below.

Who We Share Information With:

 

  • We will not sell or rent your personal information to any third party without your express consent unless we are required or permitted to do so by law.
  • In order to ensure that we offer the best service and can carry out the functions detailed within the How We Use Information section above, it may be necessary for us to share the information we collect (which may include your personal data) with carefully selected and trusted business partners, suppliers and sub-contractors for the fulfilment of any contract we enter into with them and you.
  • For example, we may share:
    • your name, delivery address, email and phone number with our logistics partners such as MIQ and our partner courier companies in case they need to contact you in relation to a delivery for example DHL.
    • your identity, billing address and payment card information with our payment processors so that payment for an order can be collected for example Sage Pay.
    • your identity and payment card information with credit reference agencies so that they can check your card is not being used without your consent;
    • your name, email address, telephone number and address with technical and other service providers who help us provide and deliver our website and in-store experiences for example Camber Group.
    • your identity, billing address and payment information with third parties in order to conform to any requirements of law or to comply with any legal process, for example to prevent and detect fraud and to protect and defend our rights and property.
    • your personal data with entities within our corporate group, such as our holding company and its subsidiaries for example French Connection (London) Limited.
    • For a full list of who we share your data with, please contact us dataprivacy@youmustcreate.com.
  • When using third party providers, we only provide them with the information that they need in order to deliver the service, restrict them from using the data for any other purposes and require them to keep your information secure.
  • Where we share financial details, these will always be entered on a secured page and transferred using SSL, a cryptographic protocol designed to provide communication security over the Internet.
  • In the event that we sell or buy any business or assets, it may become necessary to disclose your personal data to the prospective seller or buyer. Your information may also be transferred to another company in the event of sale of the whole or part of our business to a third party.

More about how we communicate with you:

 

  • We send two types of emails: customer service emails which are required to maintain our website and services; and newsletters or other marketing communications which contain special offers, discounts and information that might be of interest to you.
  • While customer service emails are necessary to help you benefit from our services, you may choose not to receive marketing communications when you set up your account with us. You may also unsubscribe from receiving marketing communications from us at any time, by following the unsubscribe link in our emails, by modifying your subscription preferences in your account, or by emailing dataprivacy@youmustcreate.com.
  • By signing up for our newsletters or to receive other marketing communications from us, you accept that your personal data may be used, as outlined above, for such purposes. You consent to receive such marketing communications from us using any contact method which you have provided us with. This may be by post, email, SMS, and telephone.
  • You may also receive marketing communications containing information and special offers from third parties if you have consented to receiving such communications.

What are your rights and how can you control the data we hold on you?

 

  • We will not contact you for marketing purposes by post, email, SMS, and telephone unless you have given your consent. You can withdraw this consent at anytime.
  • You can change your marketing preferences at any time by updating your account online, following the unsubscribe link in our emails, or by emailing dataprivacy@youmustcreate.com.
  • The Right to Object:
    • In some instances, you may have the right to ask us to stop processing your data. However, please note that this right does not always apply, for example where we are processing your data because we have a legitimate interest in doing so (such as where we contact you to follow up on a complaint you have made). You are always able to raise an objection to our processing and we will do our best to comply with your request, where we are legally able to.
  • The Right to Erasure (The right to be forgotten):
    • Similarly, you have the right (in some instances) to request that we destroy all the data that we hold on you.
    • We maintain and follow a retention policy, meaning we only store your personal data for as long as is necessary for the purposes listed in the How We Use Your Data and the Lawful Basis section above. The longest we normally hold customer records (apart from marketing) is 7 years after our business relationship has come to an end unless we are required by law or regulation to keep the data for longer. We will, however, stop processing your data for marketing as soon as you unsubscribe.
    • Nonetheless, should you want us to remove our records of your data prior to the end of our defined retention period, please contact: dataprivacy@youmustcreate.com.

How can I access and update my information?

 

  • The accuracy of your information is important to us. We’re working on ways to make it easier for you to review and correct the information that we hold about you. In the meantime, if any information that we hold on you is inaccurate or out of date, please email us at: dataprivacy@youmustcreate.com so that we can correct this for you.
  • You have the right to ask for a copy of all non- business personal information we hold about you. This is often called a Subject Access Request. You can do this by contacting dataprivacy@youmustcreate.com.
  • If you wish to raise a complaint on how we have handled your personal data, you can contact dataprivacy@youmustcreate.com.
  • If you are not satisfied with our response, you can contact the Information Commissioner’s Office (ICO): https://ico.org.uk/concerns/

Keeping your information safe

 

  • When you provide us with your personal information, we take steps to ensure that it’s treated securely.
  • Any sensitive information (such as bank, credit or debit card details) will always be entered on a secured page and transferred using SSL, a cryptographic protocol designed to provide communication security over the Internet. A secured page will be indicated by the appearance of a lock icon on the web browser.
  • Non-sensitive details, such as your email address, are transmitted normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk.
  • Where a password has been provided, or chosen by you, which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
  • We only store your personal data for as long as is necessary for the purposes listed in the How We Use Your Data and the Lawful Basis section above. We may have to keep some of your information (such as payments information) for longer where this is reasonably necessary or required by law or regulation, for instance, to prevent fraud or resolve disputes.

Keeping children safe

 

  • It is important to us that we protect the privacy of children, being those under the age of 18. If you are aged under 18‚ please get your parent/guardian’s permission beforehand whenever you provide us with personal information.
  • If we learn that we have collected the personal information of a child, being those aged 13 or under, we will take steps to delete the information as soon as possible.
  • If you believe that a child under your care has submitted personal information to us, please contact us at: dataprivacy@youmustcreate.com so that we can delete it.

Links to other websites

 

  • Our website may contain links to other websites run by third-party organisations. This privacy policy applies only to our website‚ so we encourage you to read the privacy statements which can be found on the other websites you visit. We cannot be responsible for the privacy policies and practices of other websites. This applies even if you access them using links from our website.
  • In addition, if you linked to our website from a third-party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third-party website. We recommend that you check the privacy policy of that third-party website.

Transferring your information outside of the European Union

 

  • We operate internationally. Generally, we store your data within the European Economic Area (“EEA”). However, we may need to transfer your personal information outside the EEA to a country which may not have equivalent protections for your data as your country of residence.
  • For example, this may happen if any of our servers are located in a country outside of the EU or where your data is processed by staff operating outside the EEA who work for us or for one of our suppliers.
  • If we transfer your data outside of the EEA, we will take steps to ensure that your rights and freedoms in respect of the processing of your personal data are adequately and appropriately protected and comply with all legal requirements.
  • If you use our services while you are outside the EU, your information may be transferred outside the EU in order to provide you with those services.
  • By submitting your personal data to us, you are agreeing to this transfer, storing or processing.