Privacy Policy

The data controller is Loake. A data controller determines how and why personal data can be processed.

We currently use software tools to ensure all of our contractual obligations to you are met and we are able to fulfil any legal obligations we have.

The personal data we may collect from you includes:

• contact details you provide to us by filling in contact forms on the website or any other information submitted to us via the website/e-mail
• records of correspondence, whether via the Website, email, telephone or other means;
• details of the transactions you carry out with us, whether via the Website, telephone or other means
• details of your visits to the Website including, but not limited to, traffic data, location data, weblogs and other communication data
• your responses to surveys or market research that we carry out

1. Your consent
2. Our contractual obligations - to process orders you have raised
3. Our legal obligations - to keep our records
4. Our legitimate interest – We may use the information to improve our products and services and, from time to time, to contact you or market research purposes by email, phone, fax or mail. The acquired information will be used to tailor the website according to your interests. Additionally, we may also send promotional emails about new products, special offers or other information which we think you may find interesting using the email address which you have provided, if you have chosen to opt into this.

However, our legitimate interest will never prevail over your interests, fundamental rights or freedoms.

We usually collect your personal information when you enter it into a contract with the company or when accessing our website by using cookies. We might also collect information from third parties.

The collected information may include:
• Previously viewed products
• Browsing patterns
• Traffic data, location data

Personal information you provide to us will be made available to our Marketing team.
For the purpose of organising successful marketing campaigns, we might share your personal data with trusted third parties that are our contractors. You will be informed if that is the case, or asked for consent, depending on the case. We will always take into account the reason behind the necessity to share personal data with third parties, the jurisdiction where data will be sent to, what safeguards can be implemented etc.

We will also share your data for statistical analysis (it will be anonymised first).
We may also share data with a legal authority (police etc.) if we are required to do so by law – for example, by court order, or to prevent fraud or other crime.

We will not transfer your personal data outside the UK relying on the lawful mechanisms allowed by the UK GDPR and the DPA 2018. In exceptional cases, we may need your consent to legitimise this, if any other mechanisms cannot be applied.

We have put in place measures to protect the security of your information.

Third parties will only process your personal information on our instructions and where they have agreed to treat the information confidentially and to keep it secure.

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we only give access to your personal information to those employees, agents, contractors.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

All data provided to us is fully encrypted and stringent access controls are in place.

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for (having an excellent shopping experience).

This will depend on:
• the amount, nature, and sensitivity of the personal data
• the potential risk of harm from unauthorised use or disclosure of your personal data
• the purposes for which we process it
• whether we can achieve those purposes in other ways
• any lawful obligations we have to adhere to such as HMRC requirements

If, at any time, you want to cease your data retention earlier than the original period, contact our Data Protection Officer under the conditions listed in the next section.

You have the right to:
• request access to your personal information (known as a ‘data subject access request’ or DSAR) - you’ll receive a copy of the personal information we hold about you, so you can check that we are lawfully processing it. It also allows you to request an electronic copy of any data you have provided in a structured, commonly used and machine-readable format
• request that we correct incomplete or inaccurate personal information that we hold about you
• request we delete or remove your personal information - you can do this when there is no good reason for us to keep it - you can ask us to delete or remove your personal information where you have exercised your right to object to processing (see below)
• withdraw your consent for any data processed under the lawful basis of consent (see below)
• object to the processing of your personal information where we are relying on any legal basis other than contract or a lawful obligation
• request we restrict the processing of your personal information - you can ask us to stop processing your personal information, for example if you want us to establish its accuracy or the reason for processing it

To make any of these requests or to ask us to transfer a copy of your personal information to another party, contact our Data Protection Officer.

You will not have to pay a fee to access your personal information or to exercise any of the other rights. However, if your request for access is clearly unfounded or excessive, we may:
• charge a reasonable fee
• refuse the request

We will need some information to confirm your identity. This is to ensure that your personal information is not disclosed to someone who has no right to access it. Typically it will be copies of 2 forms of ID, one photo ID (eg passport) and one proof of address (eg utility bill). These copies will be destroyed after your request is satisfied.

We are committed to ensuring a balance between respecting your privacy rights and protecting our business interests.

We invest in innovation and in security at the same time. Therefore, we use Klaviyo as our business intelligence (BI) tool with the scope of improving our business, whilst maintaining a safe environment for your data protection. Klaviyo will act as a data processor, meaning it will process your personal data on our behalf and under our instructions. Klaviyo will process your personal data via cookies. For more details please check our Cookie Notice.

This is possible under the condition you consent to this process. Unless we have your consent, we cannot provide you with the best online experience and access to our services shall be limited.

At the same time, we use Google for ads personalisation, in line with the UK GDPR and DPA 2018. That means Google will have access to personal data collected via cookies. Please make sure you have read and understood how they will use your personal data as per https://policies.google.com/technologies/partner-sites

If you have any questions related to this, please contact our DPO and we will discuss your concerns with Google.

If you have any questions about this privacy notice or any concerns about how your personal data has been handled, please contact the Data Protection Officer:

Data Protection Officer
Mark Povey
mark@js-ig.com

If you have a complaint, you can also contact the Information Commissioner, who is an independent regulator set up to uphold information rights.

Information Commissioner's Office
Email: casework@ico.org.uk
Contact Form: https://ico.org.uk/global/contact-us/
Telephone: 0303 123 1113
Textphone: 01625 545860

In order to offer you Klarna’s payment methods, we might in the checkout pass your personal data in the form of contact and order details to Klarna, in order for Klarna to assess whether you qualify for their payment methods and to tailor those payment methods for you. Your personal data transferred is processed in line with Klarna’s own privacy notice.

We may change this privacy notice. When we make changes to this notice, the ‘last updated’ date at the top of this page will also change. Any changes to this privacy notice will apply to you and your data immediately. If these changes affect how your personal data is processed, we will take reasonable steps to let you know.