Dated: 12th July 2023
PLEASE READ THIS POLICY CAREFULLY BEFORE USING THIS WEBSITE
Protecting your data, privacy and financial details is very important to Vinterior Group Limited (“Vinterior”, “us” or “we”).
This policy (together with our Website Terms and Conditions and any other documents referred to in it) sets out the basis on which any personal data we collect from you, or that you provide to us, through your use of this website, including any data you may provide through this website when you sign up to our newsletter, purchase a product or use our website functionalities will be processed by us. Please read the following carefully to understand the types of information we collect from you, how we use that information and the circumstances under which we will share it with third parties.
This website is not intended for children and we do not knowingly collect data relating to children.
For the purposes of the retained EU law version of the General Data Protection Regulation ((EU) 2016/679) ("UK GDPR"), and the Data Protection Act 2018 (DPA 2018), the controller of your data is Vinterior Group Limited, a company registered in England and Wales under company number 09647881, whose registered office is at International House, 36-38 Cornhill, LondonEC3V 3NG.
For Data Subjects based in the EU, we have appointed Rickert Rechtsanwaltsgesellschaft mbH as our GDPR Representative according to GDPR Art. 27. If you wish to contact us via our representative please email [email protected] or write to: Rickert Rechtsanwaltsgesellschaft mbH (Vinterior), Colmantstraße 15, 53115 Bonn, Germany.
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK regulator for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
INFORMATION WE MAY COLLECT FROM YOU AND HOW WE COLLECT IT
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
Information you give us about you by direct interactions including filling in forms on http://www.vinterior.co (our “Site”) or by corresponding with us by phone, e-mail or otherwise. Unless context otherwise requires, a reference to the Site shall be deemed to also refer to any Vinterior mobile application (“App”) where such App is available.
The information you give us may include (but is not limited to):
- Information you provide when you register/create an account to use our Site, subscribe to our service, contact third parties via the Site, and when you report a problem with our Site, give us feedback or contact us.
- Contact Data which includes delivery and billing addresses, e-mail addresses, and phone numbers.
- Identity Data which includes personal information such as your name, personal description, gender, photograph, and copies of identification documents.
- Transaction Datawhich includes buying or selling information you provide during a transaction, such as details about payments to and from you and other details of products you have purchased from us, or other transaction-based content that you generate or that is connected to your account as a result of a transaction you are involved in.
- Marketing and Communications Data which includes your preferences in receiving marketing from us and our third parties when you request marketing be sent to you, and your communication preferences.
Information we collect about you. With regard to each of your visits to our Site we may automatically collect the following information via automated technologies or interactions:
- Technical Data which includes internet protocol (IP) address, your login data, browser type and version, time zone setting and geographic location, browser plug-in type and version, operating system and platform, and other technology on the devices you use to access this Site.
- Usage Data which includes other content that you generate, or that is connected to your account, such as adding items to your cart, creating listings, and other uses of the Site. This includes information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our Site (including date and time); what you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number.
- Information we receive from other sources. We may receive information about you if you use any of the other websites we operate or the other services we provide. We are also working closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies) and public services, as set out below, and may receive information about you from them.
Technical Data from the following parties:
(a) analytics providers such as Google based outside the UK;
(b) advertising networks Google based outside the UK, Meta based outside the UK; and
(c) search information providers such as Google based outside the UK.
- Contact, Financial and Transaction Data from providers of technical, payment and delivery services such as Stripe based outside the UK.
- Identity and Contact Data from data brokers or aggregators.
- Identity and Contact Data from publicly available sources such as Companies House and the Electoral Register based inside the UK.
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
IF YOU FAIL TO PROVIDE PERSONAL DATA
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
HOW WE USE YOUR PERSONAL DATA
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where we need to perform the contract we are about to enter into or have entered into with you. Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.
- Where we need to comply with a legal obligation. Comply with a legal obligation means processing your personal data where it is necessary for compliance with a legal obligation that we are subject to.
We use information held about you in the following ways:
Information you give to us. We will use this information:
- to carry out our obligations arising from any contracts entered into between you and us (including the Website Terms and Conditions and to provide you with the information, products and services that you request from us;
- to provide you with information about other goods and services we offer that are similar to those that you have already purchased;
- to provide you with information about goods or services we feel may interest you from third parties (further details of whom are set out in the ‘Disclosure of your Information’ section below). We will only contact you by email with information about goods and services similar to those which were the subject of a previous sale to you, and you will be given an option to unsubscribe with each communication;
- to notify you about changes to our service;
- to ensure that content from our Site is presented in the most effective manner for you and for your computer or mobile device.
Information we collect about you. We will use this information:
- to administer our Site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- to improve our Site to ensure that content is presented in the most effective manner for you and for your computer or mobile device;
- to allow you to participate in interactive features of our service, when you choose to do so;
- as part of our efforts to keep our Site safe and secure;
- to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you;
- to make suggestions and recommendations to you and other users of our Site about goods or services that may interest you or them.
- Information we receive from other sources. We may combine this information with information you give to us and information we collect about you. We may use this information and the combined information for the purposes set out above (depending on the types of information we receive).
THE LEGAL BASIS FOR PROCESSING YOUR INFORMATION
Generally, we do not rely on consent as a legal basis for processing your personal data although we will get your consent before sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.
In accordance with GDPR, the main grounds that we rely upon in order to process your information are as follows:
- Necessary for entering into or performing a contract. In order to perform obligations which arise under any contract we have entered into with you, it will be necessary for us to process your information.
- Necessary for compliance with a legal obligation. We are subject to certain legal requirements which may require us to process your information. We may also be obliged by law to disclose your information to a regulatory body or law enforcement agency.
- Necessary for the purposes of legitimate interests. Either we or a third party will need to process your information for the purposes of our (or a third party’s) legitimate interests, provided that we have established that those interests are not overridden by your rights and freedoms (including your right to have your information protected). Our legitimate interests include responding to requests and enquiries from you or a third party, optimising our website and user experience, informing you about our services and ensuring that our operations are conducted in an appropriate and efficient manner.
- Consent.In some circumstances, we may ask for your consent to process your information in a particular way.
For example, if you have given your consent, we may disclose your personal data (for example, a first name, first initial of your surname and photograph) to a third party (for example, the recipient or your peer-to-peer counterparty) in order to fulfil a request. Similarly, if you have given your consent, we may also use details of your transaction together with your first name, first initial of your surname and photograph for marketing and advertising purposes.
We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. We have established a privacy centre where you can view and make certain decisions about your personal data use and a marketing preference centre where you can view and choose the emails and communications we send to you.
PROMOTIONAL OFFERS FROM US
We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing).
You will receive marketing communications from us if you have requested information from us or purchased goods or services from us and you have not opted out of receiving that marketing.
We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.
You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at any time.
Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product/service purchase or other transactions.
CHANGE OF PURPOSE
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to receive an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
DISCLOSURE OF YOUR INFORMATION
We may share your personal information with internal third parties, including any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
We may share your information with selected third parties, including:
External third parties such as:
- business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you;
- Service providers acting as processors based in the United Kindom, USA, Malta, Ireland, Spain, Denmark who provide IT and system administration services;
- advertisers and advertising networks that require the data to select and serve relevant adverts to you and others
- analytics and search engine providers that assist us in the improvement and optimisation of our Site.
- Professional advisers acting as processors or joint controllers including lawyers, bankers, auditors and insurers based in the United Kingdom and France who provide consultancy, banking, legal, insurance and accounting services.
- HM Revenue & Customs, regulators and other authorities acting as processors or joint controllers based in the United Kingdom who require reporting of processing activities in certain circumstances.
We may also disclose your personal information to specific third parties:
- in the event that we sell, transfer, merge or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or as
- if Vinterior or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
- if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply the Website Terms and Conditions and any other documents referred to on it; or to protect the rights, property, or safety of Vinterior, our users, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
WHERE WE STORE YOUR PERSONAL DATA AND INTERNATIONAL TRANSFERS
Whenever we transfer your personal data out of the UK or EEA, or allow it to be accessed by third parties from outside the UK or EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data.
- Where we use certain service providers, we may use specific contracts approved for use in the UK which give personal data the same protection it has in the UK or EEA, such as the Standard Contractual Clauses
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK and EEA.
All information you provide to us is stored on our secure servers and we have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Site; any transmission is at your own risk. Once we have received your information, we use strict procedures and security features to try to prevent unauthorised access.
We restrict access of your personal information to those employees of Vinterior who have a business reason for knowing such information. We continuously educate and train our employees about the importance of confidentiality and privacy of customer information. We maintain physical, electronic and procedural safeguards that comply with the relevant laws and regulations to protect your personal information from any unauthorised access.
HOW LONG WE HOLD YOUR INFORMATION
We will only retain your information for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
The criteria that we use to determine retention periods will be determined by the amount of data, nature of the data and the purposes for which it is kept, the sensitivity of the data and the potential risk of harm from unauthorised use or disclosure, and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
Details of retention periods for different aspects of your personal data are available in our retention policy which you can request from us by contacting us.
In some circumstances you can ask us to delete your data: see your legal rights below for further information.
In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
YOUR LEGAL RIGHTS
Under certain circumstances, you have rights under data protection law in relation to the personal data that we hold about you. Details of these rights and how to exercise them are set out below. Please note we will require evidence of your identity before we are able to respond to your request.
- Right of Access. You have the right at any time to ask us for a copy of the personal information that we hold about you (commonly known as a "data subject access request") and to check that we are lawfully processing it. Where we have good reason, and if the GDPR permits, we can refuse your request for a copy of your personal information, or certain elements of the request. If we refuse your request or any element of it, we will provide you with our reasons for doing so.
- Right of Correction. If personal information we hold about you is not accurate or is out of date and requires amendment or correction you have a right to have the data rectified or completed.
- Right of Erasure. In certain circumstances, you have the right to request that personal information we hold about you is erased e.g., if the information is no longer necessary for the purposes for which it was collected or processed or our processing of the information is based on your consent and there are no other legal grounds on which we may process the information.
- Right to Object to or Restrict Processing. In certain circumstances, you have the right to object to our processing of your personal information. For example, if we are processing your information on the basis of our legitimate interests and there are no compelling legitimate grounds for our processing which override your rights and interests. You may also have the right to restrict our use of your personal information, such as in circumstances where you have challenged the accuracy of the information and during the period where we are verifying its accuracy. You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data.
- Right of Data Portability. In certain instances, you have a right to receive any personal information that we hold about you in a structured, commonly used and machine-readable format.
In such circumstances, you can ask us to transmit that information to you or directly to a third-party organisation.
While we are happy for such requests to be made, we are not able to guarantee technical compatibility with a third-party organisation's systems. We are also unable to comply with requests that relate to personal information of others without their consent.
You can exercise any of these rights at any time by contacting us at [email protected].
Our Site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates, including Stripe or any other third-party payments provider we use from time to time to process transactions entered into via the Site. If you enter into a transaction via the Site, or follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
ACCESS TO INFORMATION
Depending on applicable laws, you may have the right to access information held about you. Your right of access can be exercised in accordance with the relevant data protection legislation.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
No fee is usually required to access your personal data, however we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
RIGHT TO WITHDRAW CONSENT
In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
You can withdraw your consent by contacting us using the details in the 'Contact' section below.
Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
If you are unhappy about our use of your information, you can contact us using the details in the Contact section below. You are also entitled to lodge a complaint with the UK Information Commissioner's Office using any of the below contact methods:
- Telephone: 0303 123 11113
- Website: https://ico.org.uk/concerns/
- Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
If you live or work outside of the UK or you have a complaint concerning our activities outside of the UK, you may prefer to lodge a complaint with a different supervisory authority. A list of relevant authorities in the EEA can be accessed here.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.