Last updated 20th December 2019
This privacy notice aims to give you information on how Yoppie collects, stores and processes your personal data, including any data you may provide through this website when you register on our website, buy products or services from us, or otherwise contact us. This notice also explains how Yoppie may use data about you that it receives from third parties.
It is important that you read this privacy notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data.
For the purposes of applicable laws, YHPL Limited is the data controller. The company may also be called “Yoppie”, “we”, “us” or “our” in this privacy notice. YHPL Limited is a company incorporated in England and Wales under company number 12106203. Our registered office is at 3rd Floor, 1 New Fetter Lane, London EC4A 1AN, United Kingdom.
What are your contact details?
Our full details are:
For more information about our privacy practices and policy, please contact us by email on firstname.lastname@example.org, or by post to YHPL Limited, 3rd Floor, 1 New Fetter Lane, London EC4A 1AN, United Kingdom.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact our CEO in the first instance by email at email@example.com.
YHPL Limited is registered with the ICO as entry ZA557728.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Personal data is data that can identify you as a living individual. There is general Personal Data such as name and address. Personal data may also include information on physical and mental health, sexual orientation, race or ethnic origin, religious beliefs, trade union membership and criminal records (known as “Sensitive Personal Data“). Sensitive Personal Data must be protected to a higher level.
Our website and some emails may include links to third-party websites, plug-ins and applications of interest. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and we do not accept any responsibility or liability for these policies, or for any Personal Data that may be collected through these websites or services. We encourage you to exercise caution and to read the privacy policies applicable to the website you visit.
We collect Personal Data from the following types of people to allow us to undertake our business:
Identity Data includes first name, last name, title, username or similar identifier, date of birth, gender and health data;
Contact Data includes billing address, delivery address, email address and telephone numbers;
Financial Data includes bank account and payment card details, e.g. Paypal Account, debit card number, credit card number, expiration date, billing address. Please note that this billing information is collected and processed by our third-party payment vendors (“Payment Platform”). We never store credit card details on our site, these are stored securely with our payment providers also known as a third party system. We use Stripe, PayPal and E-payment solutions;
Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us;
Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, time spent on particular pages, page views, operating system and platform and other technology on the devices you use to access this website. Please note that we use google analytics to track how you arrived on the site and how you might be spending your time while on the site. The tool is used to help us understand how our customers and visitors behave and use our website. You can read more about how Google uses your personal information at google.com/intl/en/policies/privacy. You can opt-out from google here tools.google.com/dlpage/gaoptout;
Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses;
Usage Data includes information about how you use our website, products and services;
Marketing and Communications Data includes your preferences in receiving marketing from us and your communication preferences. Please note that you can ask us to stop sending you marketing messages at any time.
Where you have given your explicit consent, sensitive Personal Data you may give us includes:
We collect data directly from you when:
you visit our website;
you make a transaction with us;
you engage with us on social media; or
you correspond with us (for example, by email, telephone or video conferencing).
We also collect from:
our website (both when navigating by web or mobile view);
other tools and applications.
We use your personal data as follows:
to process the orders you make;
to provide you with customer service;
for internal record keeping;
to customise, measure and improve our services and products;
to provide you with editorial content, promotional emails about new products, special offers or other information which we think you may find interesting using the email address which you have provided and we may personalise such content based on what we believe may be of interest to you;
to contact you for market research purposes;
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data:
where we need to in order to perform a contract between you and us (such as fulfilling your order);
where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests;
where we need to comply with a legal or regulatory obligation.
UK Data Protection laws set out a number of different reasons for which a company may collect and process your Personal Data, including:
In certain situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests.
UK Data Protection laws allow the following as part of our legitimate interest in understanding our customers and providing the highest levels of service:
to process the orders you make;
to communicate with you;
for marketing purposes; or
to analyse your behaviour, activities, preferences and needs in order to send relevant and tailored promotional communications to you.
In certain situations, we can collect and process your Personal Data with your consent. On certain occasions, we may ask you to consent to disclose Sensitive Personal Data such as your gender and health data.
Please note that you have the right to withdraw your consent at any time. Where consent is the only legal basis for processing, we will cease to process your Personal Data after your consent is withdrawn.
In certain circumstances, we need your Personal Data to comply with our contractual obligations.
Yoppie may be compelled to process your Personal Data to comply with our legal and regulatory obligations under UK law, e.g. to prevent and investigate fraud or anti-social behaviour and to work with law enforcement agencies:
handling customer contacts, queries, complaints and disputes; and
fulfilling our duties to our customers, colleagues, shareholders and other stakeholders;
Yoppie may process your personal data for the performance of a task carried out in the public interest.
Who do we share your Personal Data with?
We sometimes share your Personal Data with third parties. We require third parties to respect the security of your data and to treat it in accordance with the law. We may share your Personal Data with:
Your data may be shared with parties who process data on our behalf. We are happy to provide a list of these third-party suppliers on request.
Some of our payment providers include:
Stripe, for processing payments in our online store. You can read more about how Stripe uses your Personal Data at stripe.com/ca/privacy;
PayPal, for processing payments in our online store. You can read more about how PayPal uses your Personal Information at paypal.com/webapps/mpp/ua/privacy-full;
Government authorities and third parties involved in court
Any regulatory authority or statutory body pursuant to a request for information or any legal obligation which applies to us.
Occasionally, we may share Personal Data with other third parties such as legal and professional advisors or insurers.
We would like to send you information about our products and services, competitions and special offers, which may be of interest to you. Where we have your consent or it is in our legitimate interests to do so, we may do this by post, email, telephone, text message (SMS) or automated call;
You will receive marketing communications from us if you have agreed to receiving them, have requested information from us or have purchased products from us and, in each case, you have not opted out of receiving that marketing;
You can unsubscribe to marketing communications at any time by contacting us at firstname.lastname@example.org or using the ‘unsubscribe’ link in emails.
Yoppie is committed to keeping your Personal Data safe and secure from unauthorised access to or unauthorised alterations, disclosure or destruction of information that we hold. Our security measures include:
encryption of our services and data;
reviewing our information collection, storage and processing practices, including physical security measures;
restricting access to Personal Data to Yoppie employees, contractors and agents who need to know that information in order to process it for us and who are subject to contractual confidentiality and processing obligations. They may be disciplined or their contract terminated if they fail to meet these obligations; and
Internal policies setting out our data security approach and training for employees.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. After it is no longer relevant for us to retain your personal information, we dispose of it securely according to our data retention and deletion policies.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Details of retention periods for different aspects of your personal data are available in our retention policy which you can request from us.
In accordance with applicable UK Data Protection Laws, you have a number of rights when it comes to your Personal Data.
You have the right to be provided with clear, transparent and easily understandable information about how we use your Personal Data and your rights. This is why we’re providing you with the information in this policy.
You are entitled to have your Personal Data corrected if it’s inaccurate or incomplete.
This is also known as the ‘right to be forgotten’, and, in simple terms, enables you to request the deletion or removal of your Personal Data where there is no compelling reason for us to keep using it. It is not a general right to erasure, there are exceptions.
You have the right to object to certain types of processing, including processing for direct marketing (i.e. if you no longer want to be contacted with potential opportunities);
In cases where we are processing your Personal Data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your Personal Data.
You have rights to obtain and reuse your Personal Data for your own purposes across different services. For example, if you decide to switch to a new provider, this enables you to move, copy or transfer your information easily between our IT systems and theirs safely and securely, without affecting its usability.
You have the right to lodge a complaint about the way we handle or process your Personal Data with your national data protection regulator.
If you have given your consent to anything we do with your Personal Data, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your Personal Data with your consent up to that point is unlawful). This includes your right to withdraw consent to us using your Personal Data for marketing purposes.
We usually act on requests and provide information free of charge, but may charge a reasonable fee to cover our administrative costs of providing the information for:
baseless or excessive/repeated requests; or
further copies of the same information.
Please consider your request responsibly before submitting it. We’ll respond as soon as we can. Generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we’ll come back to you and let you know. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask for further information in relation to your request to speed up our response.
If you would like to exercise any of your rights, please send an email to email@example.com.