CAD & THE DANDY LIMITED – PRIVACY NOTICE
Last Updated: July 2, 2021
1. IMPORTANT NOTICE
1.2. This Privacy Notice relates to personal data that identifies “you” meaning our customers, website visitors, consumers, our suppliers and trade customers (and potential suppliers and trade customers), any third parties that we trade or may trade with and individuals outside our organisation with whom we interact. If you are an employee, contractor or otherwise engaged in work for us or applying to work for us, a separate privacy notice applies to you instead.
1.3. This Privacy Notice sets out how we collect and process your personal data. This Privacy Notice also provides certain information that is legally required and lists your rights in relation to your personal data. By accessing or browsing our website, contacting us on social media, offering to purchase from us or to provide your goods or services, using any of the goods and services that we provide to you or otherwise providing your data to us, your personal data is subject to this Privacy Notice.
1.4. Our websites and other services are not intended for children and we do not knowingly collect personal data relating to children. Additionally, this Privacy Notice is not intended to apply to personal data collection during the recruitment of employees, for which there is a separate privacy notice.
1.5. This Privacy Notice may vary from time to time so please check it regularly. This version of this Privacy Notice was finalized on 2 July 2021 and has not been updated since.
2. HOW TO CONTACT US
2.1. Please email us at firstname.lastname@example.org if you wish to:
2.1.1. correct your personal data held by us;
2.1.2. opt out at any time from receiving marketing correspondence from us;
2.1.3. alter your marketing preferences;
2.1.4. contact us in connection with our use or processing of your personal data; or
2.1.5. gain access to your personal data.
2.2. Our Data Protection Officer is Ian Meiers and you can contact them at email@example.com.
3. CATEGORIES OF PERSONAL DATA WE COLLECT
3.1. We, or third parties on our behalf, may collect, store, share, transfer and use any of the following personal data about you (referred to as “personal data” throughout this Privacy Notice):
3.1.1. Individual Data. This includes personal data about you or which otherwise relates to your identity, such as your name, job title, company name, e-mail address, telephone number, account information, address, gender, date of birth and age, body shape information including any measurements and/or photographs taken during product fittings, data provided when you correspond with us, any updates to data provided to us and if you attend our sites, CCTV footage and proof of identification and address;
3.1.2. Advertising Data. This includes personal data which relates to your advertising preferences, such as information about your preferences in receiving marketing materials from us and our third parties and your communication preferences as well as your personal interests;
3.1.3. Information Technology Data. This includes personal data you provide when you visit our social media channels including our websites where we may automatically collect any of the following data technical data, including the Internet protocol (IP) address used to connect your computer to the internet, domain name and country which requests data, the files requested, browser type and version, browser plug-in types and versions, operating system and platform, data about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time), time and length of visits to certain pages, page interaction data (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, traffic data, location data, weblogs and other communication data and data provided when requesting further service or downloads;
3.1.4. Account and Profile Data. This includes personal data which relates to your account or profile on our website, such as your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses;
3.1.5. Economic and Financial Data. This includes personal data which relates to your finances, such as your bank account and payment card details and information which we collect from you for the purposes of the prevention of fraud;
3.1.6. Sales Data. This includes personal data about the goods or services we provide to you, such as details about payments to and from you, details of subscriptions to our services or publications and other details of products and services you have purchased from us, data needed to provide goods or services to you (including data on account opening forms, details of your order, order history, payment details, delivery address including details provided for us to contact you by SMS, delivery requirements and restrictions, trade references and tax information), the name you give us for personalised products, customer services data and customer relationship management and marketing data;
3.1.7. Services Data. This includes personal data (i) about services that we receive from you or (ii) that we receive from any third parties that we trade or may trade with including wholesalers, media contacts, transport suppliers, warehouses, fulfilment centres, technical support equipment providers and engineers, brand ambassadors, and other contractors. This also includes supplier or other third party due diligence data;
3.1.8. Audio and Visual Data. This includes personal data which is gathered using our CCTV or other recording systems in the form of images, video footage and sound recordings that is taken at any of our locations or otherwise by us for promotional purposes;
3.1.9. Social Media Data. This includes personal data you provide if you choose to use social media in order to contact us or find out about our products or services, your profile data (including your preferences and interactions with us on Facebook, Twitter and Instagram) and data which you post on message boards which are relevant to our business;
3.1.10. Market Research Data. This includes personal data which is gathered for the purposes of market research, such as price comparison information; and
3.1.11. Public Data. This includes personal data about you in the public domain, such as if you are a journalist or work for an institution/trade association in our industry. If you are a supplier or a trade customer (or a potential supplier or trade customer) we may obtain data about you from your company’s website or other public sources.
3.2. We may also create personal data about you, for example, if you contact us by telephone to make a complaint, for example about our services or goods, then we may make a written record of key details of the conversation so that we can take steps to address the complaint.
3.3. We also obtain and use certain aggregated and/or anonymous data such as statistical or demographic data for any purpose (“Aggregated Data”). Aggregated Data may be derived from your personal data but does not directly or indirectly reveal your identity. For example, we may aggregate your Information Technology Data to calculate the percentage of users accessing a specific feature on our website. However, if we re-combine or re-connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Notice.
3.4. We do not collect any special categories of data or information about criminal convictions and offences.
4. PERSONAL DATA ABOUT OTHER PEOPLE WHICH YOU PROVIDE TO US
5. THE SOURCES FROM WHICH WE OBTAIN YOUR PERSONAL DATA
5.1. We obtain your personal data from the following sources:
5.1.1. directly from you, either in person (at our locations or otherwise), via other forms of media such as our website, e-mail, instant message, other social media channels, by telephone or via hand held devices. This could include personal data which you provide when you:
(a) place an order for our products or services;
(b) create an account on our website;
(c) subscribe to our publications;
(d) request information on our products or services or for other marketing to be sent to you;
(e) enter into a competition or promotion; and
(f) complete a survey from us or give us feedback.
5.1.2. via automated technologies, such as CCTV or other recording systems, cookies, server logs and other similar technologies. We may automatically collect Information Technology Data about your equipment, browsing actions and patterns by using cookies, server logs and other similar technologies. We may also receive Information Technology Data about you if you visit other websites employing our cookies. Please see our cookies policy below for further details.
5.1.3. from third parties such as retailers where you are a customer, analytics providers, advertising networks, search information providers, providers of technical, payment and delivery services, providers of social media platforms (such as Facebook, Twitter and Instagram), data brokers or aggregators, media agencies, market research companies, our suppliers, our trade customers, group companies, public websites, agencies (including booking agents) and public agencies (including customs officials), which we refer to as “Third Party Sources” throughout this Privacy Notice.
6. HOW WE USE YOUR PERSONAL DATA
6.1. We, or our Third Party Sources acting on our behalf, collect personal data about you in order to:
6.1.1. perform our contractual obligations to you. This would include:
(a) processing and performing any bookings and order placed by you;
(b) orders placed by us where you are a supplier;
(c) making or receiving payments, fees and charges; and
(d) collecting and recovering money owed;
6.1.2. manage our relationship with you including:
(a) to send you important notices such as communications about changes to our terms and conditions and policies (including this Privacy Notice);
(b) to provide you with important real-time information about products or services you have ordered from us (e.g. a change of time or location due to unforeseen circumstances);
(c) to send you information you have requested;
(d) to deal with your enquiries; and
(e) to ask you to leave a review or feedback on us;
6.1.3. administer our business and carry out business activities;
6.1.4. make suggestions and recommendations to you about goods or services that may be of interest to you, deliver relevant website content and advertisements to you and to measure or understand the effectiveness of our advertising;
6.1.5. communicate with you about, and administer your participation in, special events, programs;
6.1.6. for internal purposes to use data analytics, to identify usage trends, determine and measure the effectiveness of promotional campaigns and advertising and to improve our website, products/services, marketing, customer relationships and experiences;
6.1.7. protect our business including to deal with any misuse of our website and to comply with our security policies at our locations;
6.1.8. use your personal data to comply with our own legal obligations e.g. to comply with health and safety requirements, or to assist in a police investigation;
6.1.10. to detect and prevent fraud and other illegal activities (and to assist regulators, trade bodies and law enforcement agencies in relation to the same);
6.1.11. finance, restructure, sell, make ready for sale or dispose of our business in whole or in part including to any potential buyer or their advisers including, without limitation, in connection with any bankruptcy, liquidation or reorganization proceeding is brought by or against us;
6.1.12. use our knowledge of any personal data you disclose to us in the event of illness or injury or some other related emergency or to record any accident or injury or other incident you may suffer when visiting any of our locations; and
6.1.13. investigate and defend any third-party claims or allegations.
7. DISCLOSURE OF YOUR PERSONAL DATA
7.1. In the past 12 months, we may have disclosed all of the categories of your personal data that we collect to:
7.1.1. our group companies and affiliates or third party data processers who may process data on our behalf to enable us to carry out our usual business practices. Any such disclosure will only be so that we can process your personal data for the purposes set out in this Privacy Notice;
7.1.2. HMRC, legal and other regulators or authorities, including those who request your personal data or to report any potential or actual breach of applicable law or regulation;
7.1.3. our customer relationship management (CRM) database provider, Hubspot;
7.1.4. external professional advisers such as accountants, bankers, insurers, auditors and lawyers;
7.1.5. law enforcement agencies, courts or other relevant party, to the extent necessary for the establishment, exercise or defence of legal rights;
7.1.6. third parties where necessary for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties;
7.1.7. third parties which are considering or have decided to acquire some or all of our assets or shares, merge with us or to whom we may transfer our business (including in the event of a reorganisation, dissolution, bankruptcy or liquidation); and
We may also make personal data available to third parties operating plugins or content (such as Facebook, Twitter, Instagram) on our website which you intentionally choose to interact with.
8. ACCURACY OF YOUR PERSONAL DATA
8.1. It is important that the personal data we hold about you is accurate and current and we take all reasonable precautions to ensure that this is the case but we do not undertake to check or verify the accuracy of personal data provided by you. Please keep us informed if your personal data changes during your relationship with us either by logging onto your account on the website or by contacting us. We will not be responsible for any losses arising from any inaccurate, inauthentic, deficient or incomplete personal data that you provide to us.
9. INTERNATIONAL TRANSFERS OF PERSONAL DATA
9.1. The personal data may be transferred, used, stored and/or accessed in the United States and other countries outside of the UK or EEA.
9.2. This may be for the purposes listed in section 6 above, the provision of our services to you, the receipt of services from you or any of our Third Party Sources, the process of transactions and/or the provision of support services. Further details on to whom your personal data may be disclosed are set out in section 7 above.
9.3. In connection with such transfers, we will take appropriate measures to ensure that the recipient protects your personal data adequately in accordance with data protection law.
10. HOW LONG WILL WE STORE YOUR PERSONAL DATA FOR
10.1. We will store your personal data for the time period which is appropriate in accordance with (i) internal policy and (ii) the following criteria:
10.1.1. the on-going business operation / relationship that we have with you;
10.1.2. the completion of the purpose for which the personal data was given;
10.1.3. our legal obligations in relation to that personal data and other legal requirements;
10.1.4. the type and size of the data held and whether any if it is deemed to be special category personal data; or
our accounting requirements in relation to that personal data.
10.2. We keep the length of time that we hold your personal data for under review. These reviews take place annually.
11. YOUR RIGHTS IN RELATION TO YOUR PERSONAL DATA
11.1. Subject to applicable law including relevant data protection laws, in addition to your ability to withdraw any consent you may have given to our use of your personal data, you may have a number of rights in connection with the processing of your personal data, including:
11.1.1. the right to request access to your personal data that we process or control;
11.1.2. the right to request rectification of any inaccuracies in your personal data or, taking into account the purposes of our processing, to request that incomplete data is completed;
11.1.3. the right to request, on legitimate grounds as specified in law;
11.1.4. erasure of your personal data that we process or control; or
11.1.5. restriction of processing of your personal data that we process or control;
11.1.6. the right to opt-out of processing for targeted advertising and profiling;
11.1.7. the right to object, on legitimate grounds as specified in law, to the processing of your personal data;
11.1.8. if we were to sell your personal data, the right to opt-out of that sale;
11.1.9. the right to receive your personal data in a structured, commonly used and machine-readable format and to have your personal data transferred to another controller, to the extent applicable in law; and
11.1.10. the right to lodge complaints regarding the processing of your personal data with the relevant regulatory authority, such as the California Attorney General.
11.2. If you would like to exercise any of the rights set out above, please contact us using the contact details set out in section 1.5.
CALIFORNIA RESIDENTS: YOUR PRIVACY RIGHTS
If you are a California resident, this section applies to you. Consumers residing in California are afforded certain rights described above, such as access, deletion and the right to opt-out of the sale of their personal data under the California Consumer Privacy Act or “CCPA.” We will not discriminate against you if you exercise your rights under the CCPA. We may also act as a service provider on behalf of our business partners (a “business” for purposes of the CCPA) with whom you have a direct relationship. In such circumstances, we may forward your rights requests to such business rather than responding directly to you.
Sale of Personal Data: California law requires that we provide transparency about personal data we “sell,” which for the purposes of the CCPA broadly means scenarios in which we have shared personal data with partners in exchange for valuable consideration. Although we do not consider the following to be a sale, subject to your cookie preferences as managed through our cookie consent tool, we do allow our advertising partners to collect identifiers, commercial information and Internet or other electronic network activity information to show you ads that are targeted to your interests. You may opt out of having your personal data used for targeted advertising purposes through our cookie management tool and through browser settings.
13.1. There may be sections of this website which can only be accessed by users who we have given a password.
13.2. If we do provide you with a user name and password, it is your responsibility to ensure that these details are kept confidential at all times and you must not disclose your password to any third party.
13.3. In the event that a third party gains access to your user name or password, you should notify us immediately by emailing firstname.lastname@example.org. We are not liable for any loss resulting from your failure to protect the confidentiality of your user name or password.
14.1. In the course of provision of submitting your order to us, your personal data may be transferred over the internet. Although we make every effort to protect the personal data which you provide to us, the transmission of information over the internet is not completely secure. As such, you acknowledge and accept that we cannot guarantee the security of your personal data transmitted to our website and that any such transmission is at your own risk. Once we have received your personal data, we will use strict procedures and security features to prevent unauthorised access to it (including the latest SSL (Secure Socket Layer) encryption technology).
15. LINKS TO OTHER WEBSITES
This cookies policy was last updated on: July 2, 2021.
1. WHAT ARE COOKIES?
1.1. Cookies are small snippets of text that are stored on your computer. When you request a page from our website, the cookies are sent to our web server, and when we send a page back to you our server may add to or change these cookies. Without cookies, we would not be able to know that you are the same person from page to page. You can find more information about cookies at: allaboutcookies.org and www.youronlinechoices.eu.
1.3 Additionally, we have partnerships with some carefully chosen third party services which involve including some code on our website, for example advertising networks and providers of external services like web traffic analysis services, so that we can measure the effectiveness of our marketing activities, enable you to share content with your friends or login via a social media account. In some cases these partners may also store and retrieve their own cookies on your computer. Cookies set by websites other than https://www.cadandthedandy.com/ are known as “third party cookies”. We have no control over these third parties or their cookies and are not responsible for the same. These third party cookies are likely to be analytical cookies or performance cookies or targeting cookies. To deactivate the use of third party advertising cookies, you may use the Preferences setting in the cookies consent pop up.
2. COOKIE CONSENT AND REMOVAL OF COOKIES
2.2 You may refuse to accept cookies by changing the settings in your web browser to allow or deny different websites from setting cookies. Disabling essential cookies may mean that you are not able to use some or all of the functionality of our website. For more information about cookies including how to set your internet browser to reject cookies please go to allaboutcookies.org.
2.3 To opt out of Google Analytics visit http://tools.google.com/dlpage/gaoptout.
3. WHICH COOKIES ARE USED ON THIS WEBSITE?
3.1 A list of all the cookie types used on this website by category is set out below.
3.1.1 Essential cookies – These cookies are required to enable core site functionality. They measure a session and are essential to enable a user to move around the website and its features;
3.1.2 Functional cookies – These cookies collect information about how visitors use a website, for instance which pages visitors go to most often, and if they get error messages from web pages;
3.1.3. Performance cookies – These cookies allow the website to remember choices you make (such as your user name, language or the region you are in) and provide enhanced, more personal features;
3.1.4. Targeting cookies – These cookies are used to deliver more relevant advertising to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaign. They are usually placed by advertising networks with the website operator’s permission. They remember that you have visited a website and this information is shared with other organizations such as advertisers. Quite often targeting or advertising cookies will be linked to site functionality provided by the other organization;
3.1.5. Analytics cookies – These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited.
3.2 The table below explains the individual cookies we use and why.
|CATEGORY||NAME||DOMAIN||DESCRIPTION||EXPIRES IN||THIRD PARTY PROVIDER|
|Analytics||_gac||cadandthedandy.com||Google Analytics: Used to distinguish users|
It records a particular ID used to come up with data about website usage by the user. It is a HTTP cookie that expires after 2 years.
|1 year 12 months 4 days|
|Analytics||_gid||cadandthedandy.com||Google Analytics: Used to distinguish users|
Keeps an entry of unique ID which is then used to come up with statistical data on website usage by visitors. It is a HTTP cookie type and expires after a browsing session.
|Analytics||tk_ai||cadandthedandy.com||Stores a randomly-generated anonymous ID. This is only used within the admin area and is used for general analytics tracking.||session||Automattic,
This describes if this specific cookie or localStorage is responsible for sharing, collecting or storing personal data.
Collection of internal metrics for user activity, used to improve user experience
|Analytics||_Fbp||connect.facebook.net||Used by Facebook to deliver a series of advertisement products such as real time bidding from third-party advertisers.||90 days|
|Marketing||IDE||doubleclick.net||Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.|
|Essential||wfwaf-authcookie-(hash)||www.cadandthedandy.com||This cookie is used by the Wordfence firewall to perform a capability check of the current user before WordPress has been loaded. This is only set for users that are able to log into WordPress. This cookie allows the Wordfence firewall to detect logged in users and allow them increased access. It also allows Wordfence to detect non-logged in users and restrict their access to secure areas. The cookie also lets the firewall know what level of access a visitor has to help the firewall make smart decisions about who to allow and who to block.||Wordfence|
|Essential||woocommerce_cart_hash||www.cadandthedandy.com||Helps WooCommerce determine when cart contents/data changes.|
|Essential||woocommerce_items_in_cart||www.cadandthedandy.com||Helps WooCommerce determine when cart contents/data changes.|
|Essential||wordpress_logged_in_||www.cadandthedandy.com||This cookie is set by WordPress. It is used for indication and identification of the logged in user.|
is used to indicate when you are logged in, and who you are. This cookie is maintained on the front-end of the website as well when logged in.
|Functional||wordpress_test_cookie||www.cadandthedandy.com||WordPress sets this cookie when a user navigates to the login page. The cookie is used to check whether user’s web browser is set to allow, or reject cookies.||WordPress|
|Essential||wp-settings-, wp-settings-time-||www.cadandthedandy.com||These cookies are set by WordPress. They are used to customize user’s view of admin interface, and possibly also the main site interface. These cookies have no impact on user experience and do not store any personal information. They contain some information about user’s general geographic location.|
is used to customize the view of your admin interface and the front-end of the website. The value represented by [UID] is the individual user ID of the user as given to them in the users' database table.
|Essential||wordpress_[hash]||www.cadandthedandy.com||to store the authentication details on login. The authentication details include the username and double hashed copy of the password. However, this usage of the cookie is limited to the admin console area, the backend dashboard of the website.||WordPress|
|Essential||wc_wishlists_user||www.cadandthedandy.com||Stores a unique key to identify users with a wishlist||29 days||WooCommerce WishLists|
|Analytics||__stid, __stidv||sharethis.com||The cookie is set by ShareThis. The cookie is used for site analytics to determine the pages visited, the amount of time spent, etc.||1 week||Share This|
|Marketing||__cfduid||hsappstatic.net, hubspot.com||This cookie is set by HubSpot’s CDN provider, Cloudflare. It helps Cloudflare detect malicious visitors to your website and minimizes blocking legitimate users. It may be placed on your visitors' devices to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It is necessary for supporting Cloudflare's security features.||HubSpot|
|Marketing||__hs_initial_opt_in||hubspot.com||This cookie is used to prevent the banner from always displaying when visitors are browsing in strict mode.||7 days||HubSpot|
|Marketing||__hs_opt_out||hubspot.com||Tracks when users decline notification banners and suppresses future notification banners for a period of two years.||13 months||HubSpot|
|Marketing||__hssc||cadandthedandy.com, hubspot.com||Traking time of visit.||13 months||HubSpot|
|Marketing||__hssc||hubspot.com||This cookie keeps track of sessions. This is used to determine if we should increment the session number and timestamps in the __hstc cookie. It contains the domain, viewCount (increments each pageView in a session), and session start timestamp.||30 minutes||HubSpot|
|Marketing||__hstc||hubspot.com||The main cookie for tracking visitors. It contains the domain, utk, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).||13 months||HubSpot|
|Functional||_conv_r||hubspot.com||This cookie holds the referral data for the current visitor. This is overwritten each time a visitor comes from a new referrer. Structure same as above using the following keys||1 minute||HubSpot|
|Marketing||_conv_v||hubspot.com||we are using this cookies in order to track visitor experiments. These cookies are a small bit of text that accompanies requests and pages as they go between the Web server and browser. The cookie contains information that Convert application can read whenever the user visits the site. So in that sense, they are necessary to store user-specific information.||6 months||HubSpot|
|Analytics||_gac_UA-#||hubspot.com||Stores information about ad campaigns from Google Adwords to show targeted ads to the visitor.||3 months||HubSpot|
|Analytics||_gcl_au||hubspot.com||Used by Google AdSense for experimenting with advertisement efficiency across websites using their services.||3 months||HubSpot|
|Marketing||_hjid||hubspot.com||Cadandthedandy cookie that is set when the customer first lands on a page with the Hotjar script. It is used to persist the Cadandthedandy User ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID.||365 days||HubSpot|
|Marketing||_hjTLDTest||hubspot.com||When the Cadandthedandy script executes we try to determine the most generic cookie path we should use, instead of the page hostname. This is done so that cookies can be shared across subdomains (where applicable). To determine this, we try to store the _hjTLDTest cookie for different URL substring alternatives until it fails. After this check, the cookie is removed.||Session||HubSpot|
|Marketing||hubspotutk||hubspot.com||The main cookie for tracking visitors.||HubSpot|
|Marketing||IR_(Campaign_ID)||hubspot.com||Affiliate tracking cookie. This is a current session cookie, The activity is updated everytime the page loads. This is as part of UTT API implementation for tracking web events.||HubSpot|
|Marketing||IR_gbd||hubspot.com||Used to track traffic and sales from affiliate users.||HubSpot|
|Marketing||IR_PI||hubspot.com||Affiliate tracking cookie helps to count visitors from websites participating in Impact Radius affiliate marketplace.||HubSpot|
|Functional||DV||www.google.com||This cookie is used to save the user's preferences and other information. This includes in particular the preferred language, the number of search results to be displayed on the page as well as the decision as to whether the Google SafeSearch filter should be activated or not||Google Map|
|Analytics||messagesUtk||www.cadandthedandy.com||to store browser details, store performed actions on the website.||HubSpot|
|Analytics||mp_(code)_mixpanel||www.cadandthedandy.com||This cookie is set by Mixpanel for analyzing trafﬁc, and in particular how users reached the plataform.||1 year||HubSpot|
CAD & THE DANDY USA INC.
130 W 57th Street, Suite 5A, Fifth Floor, New York, NY 10019, USA
Phone: +1 917 400 4804