Date of Last Update: 20 May 2018
Explaining The Legal Basis We Rely On
There are a number of different reasons for which a company may collect and process your personal data, including:
In specific situations, we can collect and process your data with your consent. For example, when you tick a box to receive email newsletters.
When collecting your personal data, we’ll always make clear to you, which data is necessary in connection with a particular service.
2. Contractual obligations
In certain circumstances, we need your personal data to comply with our contractual obligations. For example, if you order an item from us for home delivery, we’ll collect your address details to deliver your purchase, and pass them to one of our couriers.
3. Legal compliance
If the law requires us to, we may need to collect and process your data. For example, we can pass on details of people involved in fraud or other criminal activity affecting ThatsMyFace to law enforcement.
4. Legitimate interest
In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests. For example, we will use your purchase history to send you or make available personalised offers. We also combine the shopping history of many customers to identify trends and ensure we can keep up with demand or develop new products/services.
The Information We Collect
1. When you place an order with us, or interact with our website we may ask you for certain information and you may submit personal data to us (for example your name, phone number, postal address, email address, photos, contact and credit card details). We may also record which products you are interested in and which products you purchase as well as customer traffic patterns and site use.
2. Some examples of how information may be collected by us:
2.1 Information you provide us: we receive and store information that you submit when using our website or that you provide us in any other way (for example by email or telephone). This information may be provided when ordering from us (via our website, instant messaging, email or by telephone); entering competitions; registering an account on our website; accessing your account; querying order status; engaging with us on social media or by submitting text/photo/video reviews of us and our products. This information may include your name, billing/delivery address, telephone number and images.
2.2 Information automatically provided: we receive, process and store certain information whenever you interact with our website. Like many websites, we use “cookies” (see the Cookies section below) and obtain certain information automatically when your web browser accesses our website. Information automatically received by us includes the IP address that your computer uses to connect to the internet; your computer, browser, operating system and internet connection details; purchase history; clickstream/path analysis of your journey through our website; and products you searched for. We may also use software tools to measure and collect session information, length of visits to certain pages, repeat visits and page interaction information (such as clicks).
2.3 Email communications: to help us make our email newsletter more useful and interesting for our customers we attempt to receive a confirmation when you open and click on email newsletters from us (if your email software/service supports this option). If you no longer wish to receive email newsletters, please notify us using the links provided in each newsletter.
2.4 Telephone calls: From time to time we monitor and record telephone calls for training purposes and to improve the quality of our service to you.
2.5 Information from 3rd parties: we may receive information about you from other sources and add this to our account information. For example we update address information using data from third parties (including the USPS Address auto-completion), which we may use to correct our records and deliver your next catalogue to the correct updated address.
How We Use This Information
Information is kept securely in accordance with our internal security policy and may be used to:
1.Process and deliver your order via the services of our nominated fulfilment partner; by placing an order you are giving permission to pass on the necessary details to our nominated fulfilment partner to enable delivery of your order. In order to dispatch your order our nominated fulfilment partner will pass only the necessary data to the appropriate carrier for delivery & tracking;
2. Provide customer support services to you;
3. Provide you with an up to date, efficient, and reliable service;
4. Help prevent fraud (eg. we may check payment card details with our credit agency, who may keep a record of that information, and reserve the right to refuse orders on that basis.
5. Open and run your Thatsmyface customer account;
6. Administer prize draws; or
7. To build a better profile of you as a customer and personalise your shopping experience.
By making an order and/or submitting your data to us you agree to this use.
We use the latest security measures to protect your details when you shop with us. Our PCI-DSS-compliant payment providers such as Paypal, Worldpay and Square use 128-bit SSL software to encrypt your credit/debit card information when you place an order on our secure server. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Who Else May See Your Data
1. In order to complete your order we may need to disclose some of your information to our delivery partners including USPS, UPS, Fedex, DHL, our fulfilment partner and their affiliates.
2. If you order personalised products which are made to order based on information that you provide, then we will need to provide this information (including delivery details) to our manufacturers for the purpose of creating the personalised product to your specification.
3. We may disclose your personal information to third parties:
3.1 In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
3.2 If we or substantially all of our assets are acquired by a third party, in which case personal data held by us about our customers will be one of the transferred assets.
3.3 Suppliers and sub-contractors for the performance of any contract we enter into with them or you (e.g. in order to process your order and maintain your account, including the authorisation and validation of credit or debit card transactions, the provision of delivery services, the analysis of data.). These companies or individuals may be provided with access to your personal details in order to fulfil their function but may not use such information for any other purpose.
3.4 If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms and conditions and other agreements; or to protect our rights, property, or our safety or the safety of our customers, or others. This includes exchanging information with other companies and organisations for the purpose of fraud protection and credit risk reduction.
Where We Store Your Personal Information
Data Retention And Destruction
We store data for as long as it is necessary to provide products and services to you and others and so long as we are legally required to do so. Information associated with your account will be kept until your account is deleted, unless we no longer need the data to provide products and services, or until any legal requirement to keep it no longer exists. When we no longer need personal data, we securely delete and destroy it.
Your Right To Access Information
Accessing and modifying your personal information
You have the right to access information held about you in accordance with applicable laws. We will respond to your access request within one month, in accordance with applicable laws. Subject to applicable laws, you also have the right to update and correct inaccuracies in your personal data, and have the information blocked or deleted, as appropriate. You may request to change your personal information by sending a written request by e-mail to webmaster@ThatsMyFace.com
Right to erasure and right to be forgotten
Requests for the deletion or removal of your personal data, including information published or processed online, should be sent by email to webmaster@ThatsMyFace.com
Children Under Age 13
ThatsMyFace does not knowingly collect or solicit personal information from anyone under the age of 13 or knowingly allow such persons to register. If you are under 13, please do not attempt to register for ThatsMyFace or send any information about yourself to us, including your name, address, telephone number, or email address. No one under age 13 may provide any personal information to or on ThatsMyFace. In the event that we learn that we have collected personal information from a child under age 13 without verification of parental consent, we will delete that information as quickly as possible. If you believe that we might have any information from or about a child under 13, please contact us at webmaster@ThatsMyFace.com
Children Between the Ages of 13 and 18
We recommend that minors over the age of 13 ask their parents for permission before sending any information about themselves to anyone over the Internet.
Changing or Removing Your Account Information
Individuals who wish to deactivate their ThatsMyFace account may do so by sending an email to webmaster@ThatsMyFace.com. Removed information may persist in backup copies for a reasonable period of time.
ThatsMyFace takes appropriate precautions to protect our users' information. Your account information is located on a secured server behind a firewall. All payments are processed offsite using a secure online payment service (Worldpay, Square and Paypal.com) so we do not capture or store your credit card or other financial details. When you enter sensitive information (such as credit card number), the data is encrypted using secure socket layer technology (SSL). (To learn more about SSL, go tohttp://en.wikipedia.org/wiki/Secure_Sockets_Layer). Because email and instant messaging are not recognized as secure communications, we request that you not send private information to us by email or instant messaging services. If you have any questions about the security of ThatsMyFace Web Site, please contact us at webmaster@ThatsMyFace.com
Law, Jurisdiction And Language
This Site, any content contained herein, and any contracts entered into as a result of usage of this Site are governed by English law. The parties to any such contract agree to submit to the exclusive jurisdiction of the courts of England and Wales. All contracts are concluded in English.