When visiting our website and using any of the services offered via the website ("services"), you will be asked to indicate your acknowledgment of, and where applicable your consent to, the practices described in this policy. Our website contain links to third party websites. If you follow a link to any of those third-party websites, please note that they have their own privacy policies and that we do not accept any responsibility or liability for their policies or processing of your personal information.
The Information We Collect
You may browse the Cefinn website without providing any personally identifiable information. However, we may ask you to provide personally identifiable information at various times and places on this website. In some cases, if you choose not to provide us with the requested information, you may not be able to access all parts of this website or participate in all its features, pricing, and product selection.
We may collect and process the following data about you:
Information you provide us when you:
- Fill in forms, or correspond with us by phone, email or otherwise.
- Register to use our services, subscribe to our newsletter, promotional emails or other marketing materials.
- Use of our services and reporting a problem with our services.
- Complete any surveys we ask you to fill in that we use for research purposes (although you do not have to respond to these if you do not want to).
- Device-specific information, such as your hardware model, operating system version, unique device identifiers, and mobile network information.
- Technical information about your computer, including where available, your IP address, operating system and browser type, for system administration and analytical purposes.
- Details of your visits to our website, including the full Uniform Resource Locators (URL) clickstream to, through and from our website (including date and time), length of visits to certain pages, and page interaction information (such as scrolling, clicks, and mouse-overs).
The information we don't collect is credit/debit card Information - we use a third-party payment processor to handle this information securely. None of your Credit/Debit card information is stored anywhere on this site.
How We Use the Information We Collect
We require this information to understand your needs and provide you with a better service, and for the following reasons:
- Internal record keeping and administer our business.
- From time to time, we may also use your information to contact you for market research purposes. We may contact you by email, phone, fax or mail. We may use the information to customise the website according to your interests.
- Process any order or enquiry by you.
- Process marketing, customer and product assessment and analysis to improve our products and services.
- Send you email marketing communications (if you've given your consent)
- Send you seasonal catalogues.
Use of personal information under EU data protection laws must be justified under one of several legal "grounds" and we are required to set out the ground in respect of each use of your personal data in this policy. These are the principal grounds that justify our use of your information:
- Consent where you have consented to our use of your information (you are providing explicit, informed, freely given consent, in relation to any such use and may withdraw your consent in the circumstance detailed below by notifying us).
- Contract performance where your information is necessary to enter into or perform our contract with you.
- Legal obligation where we need to use your information to comply with our legal obligations.
- Legitimate interests where we use your information to achieve a legitimate interest and our reasons for using it outweigh any prejudice to your data protection rights.
- Legal claims where your information if necessary for us to defend, prosecute or make a claim against you or a third party.
We use information held about you (and information about others that you have provided us with) in the following ways. For more information on our third-party data processors, please scroll down.
- Creating an account provides us with your email address, first name and surname and we use that information to provide you with access to our website, information which you request from us, and to use our Services. This is justified by contract performance.
- Placing an order provides us with your email address, first name, surname, billing and delivery address, contact phone number, order history. This is to provide you with our services and is justified by contract performance.
- Subscribing to receive marketing emails, via account creation or subscription overlay, provides us with your email address, first name, surname for marketing our own products and services that we believe will be of interest to you via email. This is justified by consent.
- Contact us via email or phone can provide us with first name, surname, delivery address, order history to provide you with our services. This is justified by contract performance or legitimate interest.
We may use your information for marketing products and services to you in the following ways. Please note you can unsubscribe at any time.
- Email marketing our own products and services that we believe will be of interest to you via email, justified by consent. You can unsubscribe at any time you can click on the "unsubscribe" link at the bottom of any email sent by us.
- Direct mail marketing to you of our own, and other companies, products and services that might be of interest to you
Because customer lists often are prepared well in advance of an offering (sometimes a few months before the offer is made), you may continue to receive some offers after you send us a request not to use your information for specified marketing purposes. We appreciate your patience and understanding in giving us time to carry out your request.
Transferring Data Outside of EEA
Please note that Epsilon Abacus may transfer data outside the EEA. The transfer will take place in the presence of appropriate safeguards, including standard data protectioncaluses adopted by the EU Commission. If you would like more information, please call us on +44 203 327 0580, write to us at our address or email us at email@example.com
Our marketing communications are designed to tell you about the benefits we can offer so that you have access to our best deals. We use the information we have about you to tailor the content and try to ensure that the offers are as relevant to you as possible. Under the Data Protection Legislation, this might qualify as profiling. If you do not wish us to use your data for this purpose, please call us on +44 203 327 0580, write to us at our address or email us at firstname.lastname@example.org
Third Party Data Processors
Processors Cefinn Directly Handles Your Information With
We have chosen a secure set of digital partners to help us provide the best possible service to you. These are service providers and sub-contractors for the performance of fulfilling the contract we enter with you. Third parties are only authorised by us to use or disclose the information we provide them, to the extent necessary to perform services on our behalf or comply with legal requirements. These partners are the following:
- Magento, our website platform, which stores your account and order information for you to access via ‘My Account’ and to enable you to place orders.
- Mailchimp, our email service provider, stores your account and order information so to send you marketing emails (that you’ve consented to receive).
- Ingenico e-Payments and PayPal are payment service providers via which we take payment when placing orders.
- Brightpearl is Cefinn’s order management system and enterprise resource planning system through which we perform all our financial functions and fulfil your order.
- Shiptheoryconnects to Brightpearl and various shipping providers to provide Cefinn with the postage labels to ship your order.
- Cefinn ship orders with DPD and DHL.
- Cefinn handle customer enquiries via Microsoft Outlook and if considered necessary, notes are made against transaction records in Brightpearl.
- Epsilon Abacus (registered as Epsilon International UK Ltd), a company that manages the Abacus Alliance on behalf of UK retailers, analysing the pooled information to help the retailers understand consumers’ wider buying patterns. From this information, retailers can tailor their communications, sending people suitable offers that should be of interest to them, based on what they like to buy.
Processors Who Operate on Cefinn’s Website Via Cookies
- Advertisers and advertising networks that require the data to select and serve relevant adverts to you and others. We do not disclose information about identifiable individuals to our advertisers, but we may provide them with aggregate information about you. These currently are Facebook and Instagram.
- Analytics and search engine providers that assist us in the improvement and optimisation of our site. This is currently Google Analytics.
Cookies are text files stored on your computer. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
When visiting Cefinn’s website Cefinn, and third parties whose services we use, generate cookies. Cefinn uses two categories of cookies – ‘functional’ for website performance, and ‘marketing and tracking’ for marketing and analytics. Please note that it is possible to disable cookies being stored on your computer by changing your browser settings. However, our website may not perform properly, or some features may not be available to you if you disable cookies.
These cookies are essential for you to be able to browse and transact on Cefinn’s website smoothly. Deleting these cookies may negatively impact your experience of the Website.
- __cfduid - Cloudflare creates this cookie to make browsing Cefinn’s website faster and more secure. For more details please visit their website
- cfn_signup_displayed - this cookie is created by Cefinn to confirm if the email sign-up overlay has displayed so to stop you seeing it each time you visit our website.
- cookiepermission - Cefinn creates this cookie to record if a user has given their permission for our website to set Marketing and Tracking cookies.
- _lscache_vary - Litespeed, our webserver, creates this cookie to indicate whether the web page you visit should be cached. Caching makes browsing the website faster, you can find out more information on website caching here
- form_key,login_redirect,mage-cache-sessid,mage-cache-storage,mage-cache-storage-section-invalidation,mage-messages, mage-translation-file-version,mage-translation-storage,originalStoreView,PHPSESSID, private_content_version, section_data_ids,store,store_default,store_eu,store_us X-Magento-Vary - Magento, the platform on which Cefinn’s website runs, creates these cookies to perform key site functions such as multi-currency store views, remembering items you’ve put in your bag and that you logged in.
Marketing and Tracking Cookies
These cookies by third party data processors collect information about how you use Cefinn’s website from your purchases and other interactions with us so that we can track and improve our website performance and market relevant content to you on Facebook and Instagram. The third-party data processors automatically collect anonymous information such as log data and IP addresses, and may collect general information concerning your location. We may use the automatically collected information for several purposes, such as improving our site design, product assortments, customer service, and special promotions.
- _ga,_gat_UA-87369242-2,_gid,_gali - Google Analytics creates this cookie to help Cefinn understand how people use our website so we can solve problems and improve the performance. This information is encrypted and aggregated, and therefore anonymous and is only shared between Google and Cefinn.
- fr - Facebook creates this cookie to track users so to ensure Cefinn’s adverts and content are effective and relevant. The information Cefinn can access via Facebook is encrypted and aggregated, and therefore anonymous and is only shared between Facebook and Cefinn. For more information please visit Facebook’s Advertiser Help Centre
Under the General Data Protection Regulation (EU) 2017/676, you have various rights in relation to your personal data. All these rights can be exercised by contacting us at email@example.com
- Right of Access, the data subject shall have the right to obtain from the controller confirmation as to whether personal data concerning him or her are being processed, and, where that is the case, a copy of the personal data undergoing processing.
- Right to Rectification, we will use reasonable endeavours to ensure that your personal information is accurate. To assist us with this, you should notify us of any changes to the personal information that you have provided to us by sending us a request to rectify your personal data where you believe the personal data we have is inaccurate or incomplete.
- Right to erasure / 'Right to be forgotten', asking us to delete all your personal data will result in Cefinn deleting your personal data without undue delay (unless there is a legitimate and legal reason why Cefinn is unable to delete certain of your personal data, in which case we will inform you of this in writing).
- Right to restriction of processing, you have the right to ask us to stop processing your personal data at any time.
- Right to data portability, you have the right to request that Cefinn provides you with a copy of all your personal data and to transmit your personal data to another data controller in a structured, commonly used and machine-readable format, where it is technically feasible for us to do so.
- Right to complain, you have the right to lodge a complaint to a supervisory authority such as the Information Commissioner's Office although we encourage our customers to engage with us in the event they have any concerns or complaints.
We are committed to ensuring that your information is secure. To prevent unauthorized access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
Personal information provided on the website and online credit card transactions are transmitted through a secure server. We are committed to handling your personal information with exacting standards of information security. We take appropriate physical, electronic, and administrative steps to maintain the security and accuracy of personally identifiable information we collect, including limiting the number of people who have physical access to our database servers, as well as employing electronic security systems and password protections that guard against unauthorized access.
Our website uses encryption technology, like Secure Sockets Layer (SSL), to protect your personal information during data transport. SSL encrypts ordering information such as your name, address, and credit card number. Our Customer Care centre and stores also operate over a private, secure network. Please note that email is not encrypted and is not considered to be a secure means of transmitting credit card information.
We limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We have also put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Unfortunately, however the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Children under the age of eighteen may not shop on this website without the consent of their legal representatives.
Retention of Data
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances you can ask us to delete your data. In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you. If you would like us to delete your data, please contact firstname.lastname@example.org
Changes to Policy