CHEFS WARDROBE PRIVACY & DATA PROTECTION POLICIES
Privacy And Cookies Policy
At Chefs Wardrobe, we understand your information is important and is committed to ensuring the security of your data. To prevent unauthorised access, maintain data accuracy and ensure the appropriate use of information, we have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the information we collect.
*Personal data means any information that may be used to identify an individual. This includes (although is not limited to) names, addresses, email addresses or other contact information.
Chefs Wardrobe is hosted on the Wix.com platform. Wix.com provided us with the online platform that allows us to sell our products and services to you. Your data may be stored through Wix.com’s data storage, databased and the general Wix.com applications. They store your data on secure servers behind a firewall.
All direct payment gateways offered by Wix.com and used by our company adhere to the standards set by PCI-DSS as managed by the PCI Secuity Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
You may provide us with personal data on an order form, online or over the telephone. This may include your name, address, email, telephone number and payment instructions. We use this information in order to manage your orders and purchase activity. We may also keep information contained in any correspondence with us, for example by email or post.
This provision of personal data is essential for us to be able to administer your account, for example to collect payments for your purchases and verify your identity when you contact us.
When you use our website, we may collect, store and use the following kinds of data:
information about your PC and your visits to this website such as your IP address, geographical location, browser type, referral source, length of visit and number of pages viewed.
information relating to any transactions carried out between you and Chefs Wardrobe on or in relation to our websites, including information relating to any purchases you make of our goods and/or services.
information that you provide to us for the purpose of registering with us and allowing us to send you email notifications and/or newsletters.
Chefs Wardrobe states that information of this nature is used only to enhance the customer shopping experience of the website.
Using Your Personal Information
Personal data submitted to us will be used (by Chefs Wardrobe as the controller and processor) for the purposes specified in this section or as found elsewhere in the relevant parts of the website. We may use your personal information to:
administer the website and your account
improve your browsing experience by developing and improving the design and layout of the website, through monitoring of your usage
to process and deliver your orders
provide you with information such as news regarding the website, new services and special offers or promotions that may be of interest to you, with your consent (see also 'Keeping In Touch With You')
We never make your personal details available to companies other than Chefs Wardrobe for marketing purposes (see also ‘Third Parties’). We will comply with the standard, procedures and requirements as laid down in the General Data Protection Regulation 2018 and Data Protection Acts 1984 and 1998 to ensure that your personal data is kept secure and processed lawfully. Our full Data Protection policy can be found below.
Keeping In Touch With You
With your consent, we would like to keep you up to date with key information about new ranges, promotional offers and what's coming soon to the Chefs Wardrobe website. We may also use your details to send you information about other goods and services we sell or for our research purposes. If you have registered to receive email newsletters from us, you can remove your email address from our list by using the 'unsubscribe' links in the emails we send you.
The UK Data Protection Act and consumer legislation requires that we do not release your personal information to any external company for mailing or marketing purposes unless we have your prior approval. We will only disclose your information with other third parties with your express consent with the exception of the following categories of third parties:
Couriers/our suppliers so as to complete delivery of orders as per the contract entered into at the point of sale e.g UPS, DPD, Royal Mail
reviewing companies in order to provide the customer with a method of giving company feedback e.g Trust Pilot
regulatory authorities, to comply with any legal and regulatory issues and disclosures
insurance companies / loss assessors / fraud prevention agencies for the purposes of fraud prevention
mailing / printing agents and contractors / advisors that provide a service to us (on the understanding that they keep the information confidential)
anyone to whom we may transfer our rights and duties under any agreement we have with you
legal / crime prevention agencies to satisfy any regulatory request (including recognised practitioner bodies) if we have a duty to do so or if the law allows us to do so
Transfer Of Personal Data Outside Of The European Economic Area (EEA)
We do not currently transfer your personal data outside the EEA. In accordance with the terms of this Policy, if in the future we transfer your personal data outside of the EEA we will make sure that the receiver agrees to provide the same or similar protection as we do and that they will only use your personal data in accordance with our instructions.
For Wix.com’s information on personal data transfer please click here for more information.
Retaining Personal Data Information
Retention periods are in line with the length of time we need to keep personal data information in order to manage and administer your account. This may include any claims or requests for assistance made to us and takes into account our need to meet any legal, statutory and regulatory obligations. Our need to use your personal data information will be reassessed on a regular basis; information no longer required will be disposed of.
Links To External Websites
Within our site there are links to third party websites which we feel may be relevant and interesting to our customers. Following these links will take you to external websites which Chefs Wardrobe do not have any control over. For this reason we cannot be held responsible or liable for any content on these sites.
Credit Card Security
Chefs Wardrobe accepts major credit and debit cards, including Visa and MasterCard, through our payment service provider Wix Payments & PayPal. All direct payment gateways offered by Wix.com and used by our company adhere to the standards set by PCI-DSS as managed by the PCI Secuity Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
Data Subject Rights
Subject Access Requests
The General Data Protection Regulation (GDPR) grants you (the "data subject") the right to access particular personal data held about you. This is known as a ‘subject access request’. We shall respond promptly, certainly within one month from the point of receiving the request and any necessary information from you. Our formal response shall include details of the personal data we hold about you, including the purpose for processing the personal data and the person or entity we may be sharing the information with.
Right to rectification
The data subject has the right to obtain the rectification of inaccurate personal data we may hold concerning them, without undue delay. The data subject has the right to have incomplete personal data completed, taking into account the purposes of the processing.
Right To Erasure
The data subject has the right to obtain the erasure of personal data concerning them in certain circumstances (for example where the data held is no longer required for the purposes for which it was collected), without undue delay. (Please note that this may affect future product warranty rights if we are not able to verify the authenticity of a possible future claim).
Right To Restriction Of Processing
The data subject has the right to obtain restriction of processing where one of the following applies:
the accuracy of the personal data is contested by the data subject (and personal data is restricted until the accuracy has been verified)
the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of its use instead
the personal data is required by the data subject for a potential legal claims but is no longer required by us for the purposes of processing
the data subject has objected to processing of their personal data, pending verification of whether there are legitimate grounds for us to override these objections.
We shall communicate any rectification, erasure or restriction of processing of personal data (as described above) to each recipient to whom the personal data has been disclosed, unless this proves impossible or requests are manifestly unfounded or excessive. The data subject shall be provided with information about these recipients if they request it.
Right To Data Portability
The data subject has the right to receive the personal data they have provided to us in a machine-readable format (for example CSV) and can request the transfer of this data to another controller.
Right To Object
The data subject has the right to object, on grounds relating to their particular situation, to the processing of their personal data including any personal profiling, unless the processing is necessary for the performance of a task carried out in the public interest or exercise of official authority vested in us. There must be demonstrable compelling legitimate grounds to override the interests, rights and freedoms of the data subject, or for the establishment / exercise / defence of potential legal claims.
Right To Not Be Subject To Decisions Based Solely On Automated Processing
The data subject has the right not to be subject to automated processing based on their personal data and be able to obtain human intervention, express their point of view, obtain an explanation of the decision and challenge it.
Invoking Your Rights
Please contact us at firstname.lastname@example.org or write to us at Chefs Wardrobe, 20 Hunstanton Close, Rainham, Kent ME8 8RL if you would like to invoke any of the data subject rights with us.
Accuracy Of Information
Please help us to maintain accurate records by informing us if changes occur, for example with names and addresses. We need to keep accurate personal data in order to provide a high level of customer service and reasonable steps are taken to ensure the accuracy of any personal data or sensitive information obtained. The source of any personal data or sensitive information should be clear and any challenges to the accuracy of the information will be carefully considered.
If you have any complaints regarding the use of your personal data, please email email@example.com and we will try to resolve the issue. If you are unsatisfied with the outcome of your complaint, you can make a formal complaint to the Information Commissioner’s Office (ICO) by phone on 01625 545745 or 0303 123 1113.
We reserve the right, at all times, to update, modify or amend our Policies. Please check and review this Privacy and Cookies Policy from time to time to ensure you are aware of any changes we may have made.
Data Protection Policy – GDPR
The General Data Protection Regulation (GDPR), effective May 25th 2018, is the latest EU privacy framework. The regulation builds on existing privacy law such as the Data Protection Act 1998, and aims to give EU individuals greater control over their personal data and subsequently increase confidence in how personal data is used.
This policy document has been produced to inform individuals about the data that Chfes Wardrobe processes and on which grounds. Through this, we aim to eliminate doubt regarding safety of personal details and to show our commitment to GDPR compliancy.
Chefs Wardrobe will continue to follow industry-standard procedures to maintain the privacy and security of your data. Where necessary, we have been actively assessing and improving our procedures in data processing to eliminate excess data handling, as well as considering privacy for each aspect of processing.
If you have any questions regarding the information in this policy please email firstname.lastname@example.org
Personal Data – “information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”
Processing – “any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction”
Restriction of processing – “the marking of stored personal data with the aim of limiting their processing in the future”
Profiling – “any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements”
Pseudonymisation – “the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person”
Controller – “the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law”
Processor – “a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller”
Recipient – “a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Unionor Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing”
Third party – “a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data”
Consent – “any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her”
How We Process Your Data
Chefs Wardrobe acts as the data controller for all data processing carried out by Chefs Wardrobe. This includes, but is not limited to: customer, supplier, employee and applicant data processing. Examples of data processors used by Chefs Wardrobe have been provided below.
Commercial Data Processes
Your name, company name and address details will be used to complete delivery. This data is shared with our couriers/supply partners (for example DPD, Parcelforce, Royal Mail).
We may contact you (for example by telephone or email) to provide order updates or to contact you for additional information relating to an order.
If you have consented to receive news, special offers and discounts from Chefs Wardrobe, your email address will be shared with a third party marketing service (for example MailChimp) to receive content from Chefs Wardrobe. Consent can be withdrawn at any time by clicking the unsubscribe links provided at the bottom of an email.
A third party (for example Feefo) may contact you by email to allow you to leave a service review.
Wix.com hosts the Chefs Wardrobe website and provides us with the online platform that allows us to sell our products and services to you. All direct payment gateways are offered by Wix.com and used by our company.
Characteristic data may be processed such as clothing size for the purpose of providing the correct products.
Professional data such as job title may be processed if requested for embroidery on garments or for name badges.
The following data is collected during website use: transaction history, user account details, abandoned basket data, ‘ordered with’ sales data, stock request data, IP data in logs, rejected order table.
Applicant CVs containing personal data may be received and processed by Chefs Wardrobe. The personal data contained in a CV may include, but is not limited to: name, date of birth, address, phone number, email address, qualifications, job history and any other data that an applicant may willingly provide.
The following processes are carried out on the basis of legitimate business interest:
Contact by telephone or email to request further order details or to provide order updates
Contact by direct mail
Contact by a third party to leave a service review
Processing of characteristics and professional data to ensure orders are personalised
Processing of CVs and applicant data.
Processing of data collected whilst browsing the Chefs Wardrobe website
Your details will be retained for as long as you have your account with Chefs Wardrobe, or for as long as is necessary to provide services to you. We may hold data after an account is closed if it is necessary to meet legal or regulatory requirements, prevent fraud, or resolve dispute
Contact details with no transaction history within the ERP software will be anonymised or deleted after 7 years
Applicant CVs may be retained for a period of up to 2 years after the position has been filled if the application is unsuccessful.
Legal Basis for Processing
The above processing procedures are carried out under the following legal bases: performance of contract, legitimate business interest, consent, and legal obligation.
We reserve the right, at all times, to update, modify or amend our Policies. Please check and review this Data Protection Policy from time to time to ensure you are aware of any changes we may have made.