Last updated 20th December 2019
This privacy notice aims to give you information on how Yoppie collects, stores and processes your personal data, including any data you may provide through this website when you register on our website, buy products or services from us, or otherwise contact us. This notice also explains how Yoppie may use data about you that it receives from third parties.
It is important that you read this privacy notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data.
Who is YHPL Limited?
For the purposes of applicable laws, YHPL Limited is the data controller. The company may also be called “Yoppie”, “we”, “us” or “our” in this privacy notice. YHPL Limited is a company incorporated in England and Wales under company number 12106203. Our registered office is at 3rd Floor, 1 New Fetter Lane, London EC4A 1AN, United Kingdom.
What are your contact details?
Our full details are:
Full name of legal entity: YHPL Limited
Email address: email@example.com
Postal address: YHPL Limited, 3rd Floor, 1 New Fetter Lane, London EC4A 1AN, United Kingdom.
For more information about our privacy practices and policy, please contact us by email on firstname.lastname@example.org, or by post to YHPL Limited, 3rd Floor, 1 New Fetter Lane, London EC4A 1AN, United Kingdom.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact our CEO in the first instance by email at email@example.com.
YHPL Limited is registered with the ICO as entry ZA557728.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
What is Personal Data?
Personal data is data that can identify you as a living individual. There is general Personal Data such as name and address. Personal data may also include information on physical and mental health, sexual orientation, race or ethnic origin, religious beliefs, trade union membership and criminal records (known as “Sensitive Personal Data“). Sensitive Personal Data must be protected to a higher level.
Our website and some emails may include links to third-party websites, plug-ins and applications of interest. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and we do not accept any responsibility or liability for these policies, or for any Personal Data that may be collected through these websites or services. We encourage you to exercise caution and to read the privacy policies applicable to the website you visit.
Who does Yoppie collect Personal Data from?
We collect Personal Data from the following types of people to allow us to undertake our business:
Customers and website users;
Supplier contacts to support our services; and
Employees, consultants, temporary workers and contractors.
What Personal Data does Yoppie collect?
Identity Data includes first name, last name, title, username or similar identifier, date of birth, gender and health data;
Contact Data includes billing address, delivery address, email address and telephone numbers;
Financial Data includes bank account and payment card details, e.g. Paypal Account, debit card number, credit card number, expiration date, billing address. Please note that this billing information is collected and processed by our third-party payment vendors (“Payment Platform”). We never store credit card details on our site, these are stored securely with our payment providers also known as a third party system. We use Stripe, PayPal and E-payment solutions;
Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us;
Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, time spent on particular pages, page views, operating system and platform and other technology on the devices you use to access this website. Please note that we use google analytics to track how you arrived on the site and how you might be spending your time while on the site. The tool is used to help us understand how our customers and visitors behave and use our website. You can read more about how Google uses your personal information at google.com/intl/en/policies/privacy. You can opt-out from google here tools.google.com/dlpage/gaoptout;
Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses;
Usage Data includes information about how you use our website, products and services;
Marketing and Communications Data includes your preferences in receiving marketing from us and your communication preferences. Please note that you can ask us to stop sending you marketing messages at any time.
Where you have given your explicit consent, sensitive Personal Data you may give us includes:
How does Yoppie collect personal data?
We collect data directly from you when:
you visit our website;
you make a transaction with us;
you engage with us on social media; or
you correspond with us (for example, by email, telephone or video conferencing).
We also collect from:
our website (both when navigating by web or mobile view);
other tools and applications.
What does Yoppie use personal data for?
We use your personal data as follows:
to process the orders you make;
to provide you with customer service;
for internal record keeping;
to customise, measure and improve our services and products;
to provide you with editorial content, promotional emails about new products, special offers or other information which we think you may find interesting using the email address which you have provided and we may personalise such content based on what we believe may be of interest to you;
to contact you for market research purposes;
What legal basis do we rely on to process your Personal Data?
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data:
where we need to in order to perform a contract between you and us (such as fulfilling your order);
where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests;
where we need to comply with a legal or regulatory obligation.
UK Data Protection laws set out a number of different reasons for which a company may collect and process your Personal Data, including:
In certain situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests.
UK Data Protection laws allow the following as part of our legitimate interest in understanding our customers and providing the highest levels of service:
to process the orders you make;
to communicate with you;
for marketing purposes; or
to analyse your behaviour, activities, preferences and needs in order to send relevant and tailored promotional communications to you.
In certain situations, we can collect and process your Personal Data with your consent. On certain occasions, we may ask you to consent to disclose Sensitive Personal Data such as your gender and health data.
Please note that you have the right to withdraw your consent at any time. Where consent is the only legal basis for processing, we will cease to process your Personal Data after your consent is withdrawn.
In certain circumstances, we need your Personal Data to comply with our contractual obligations.
Yoppie may be compelled to process your Personal Data to comply with our legal and regulatory obligations under UK law, e.g. to prevent and investigate fraud or anti-social behaviour and to work with law enforcement agencies:
handling customer contacts, queries, complaints and disputes; and
fulfilling our duties to our customers, colleagues, shareholders and other stakeholders;
Yoppie may process your personal data for the performance of a task carried out in the public interest.
Who do we share your Personal Data with?
We sometimes share your Personal Data with third parties. We require third parties to respect the security of your data and to treat it in accordance with the law. We may share your Personal Data with:
Our service providers
Your data may be shared with parties who process data on our behalf. We are happy to provide a list of these third-party suppliers on request.
Some of our payment providers include:
Stripe, for processing payments in our online store. You can read more about how Stripe uses your Personal Data at stripe.com/ca/privacy;
PayPal, for processing payments in our online store. You can read more about how PayPal uses your Personal Information at paypal.com/webapps/mpp/ua/privacy-full;
Government authorities and third parties involved in court
Any regulatory authority or statutory body pursuant to a request for information or any legal obligation which applies to us.
Occasionally, we may share Personal Data with other third parties such as legal and professional advisors or insurers.
We would like to send you information about our products and services, competitions and special offers, which may be of interest to you. Where we have your consent or it is in our legitimate interests to do so, we may do this by post, email, telephone, text message (SMS) or automated call;
You will receive marketing communications from us if you have agreed to receiving them, have requested information from us or have purchased products from us and, in each case, you have not opted out of receiving that marketing;
You can unsubscribe to marketing communications at any time by contacting us at firstname.lastname@example.org or using the ‘unsubscribe’ link in emails.
Where we store your Personal Data
Yoppie is committed to keeping your Personal Data safe and secure from unauthorised access to or unauthorised alterations, disclosure or destruction of information that we hold. Our security measures include:
encryption of our services and data;
reviewing our information collection, storage and processing practices, including physical security measures;
restricting access to Personal Data to Yoppie employees, contractors and agents who need to know that information in order to process it for us and who are subject to contractual confidentiality and processing obligations. They may be disciplined or their contract terminated if they fail to meet these obligations; and
Internal policies setting out our data security approach and training for employees.
How long do we keep your Personal Data for?
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. After it is no longer relevant for us to retain your personal information, we dispose of it securely according to our data retention and deletion policies.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Details of retention periods for different aspects of your personal data are available in our retention policy which you can request from us.
In accordance with applicable UK Data Protection Laws, you have a number of rights when it comes to your Personal Data.
The right to be informed
You have the right to be provided with clear, transparent and easily understandable information about how we use your Personal Data and your rights. This is why we’re providing you with the information in this policy.
The right of access
The right to rectification
You are entitled to have your Personal Data corrected if it’s inaccurate or incomplete.
The right to erasure
This is also known as the ‘right to be forgotten’, and, in simple terms, enables you to request the deletion or removal of your Personal Data where there is no compelling reason for us to keep using it. It is not a general right to erasure, there are exceptions.
The right to restrict processing
You have the right to object to certain types of processing, including processing for direct marketing (i.e. if you no longer want to be contacted with potential opportunities);
In cases where we are processing your Personal Data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your Personal Data.
The right to data portability
You have rights to obtain and reuse your Personal Data for your own purposes across different services. For example, if you decide to switch to a new provider, this enables you to move, copy or transfer your information easily between our IT systems and theirs safely and securely, without affecting its usability.
The right to lodge a complaint
You have the right to lodge a complaint about the way we handle or process your Personal Data with your national data protection regulator.
The right to withdraw consent
If you have given your consent to anything we do with your Personal Data, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your Personal Data with your consent up to that point is unlawful). This includes your right to withdraw consent to us using your Personal Data for marketing purposes.
- baseless or excessive/repeated requests; or
- further copies of the same information.