Thursday 17th May 2018
Welcome to Ann Summers. This policy explains how we handle and use your personal information and your rights in relation to that information.
If you are using our services or Site (defined below) from Ireland, including interacting with us, visiting our stores and social media pages, then Ann Summers Ireland Retail Ltd is the controller in relation to the processing activities described below and references to “we, our or us” is referring to Ann Summers Ireland Retail Ltd. Otherwise, Ann Summers Limited is the controller of your personal information.
A “controller” is the organisation that decides why and how your personal information is processed.
This policy describes the way we handle and use the personal information that we obtain from all the different interactions you may have with us as a business, including when you visit our stores, social media pages or website currently located at www.annsummers.com and related websites (Site) or when you contact us, use our Apps or take part in any of our competitions or promotions. Ann Summers Limited is the controller in relation to the processing activities described below. This means that Ann Summers Limited decides why and how your personal information is processed. Please see the section at the end of this policy for our contact and legal information.
Online: we do not and will not knowingly collect information from any person under the age of 18. If you are under the age of 18, you must not use the Site or submit any personal information. Due to the nature of some of our products, you must be 18 or over to use and shop on our Site.
In-Store: Under 18’s are allowed to browse and shop in our stores, as we sell more than just sex toys. Our stores are laid out so that all sex toys are displayed together in a dedicated area. Should a customer who we believe is under the age of 18 enter the sex toy area, we will politely explain that to continue to shop in this area then we need confirmation they are 18 or over.
Party Plan: We do not encourage under 18s to attend or book one of our parties. If a young adult is aged 16 or over is in attendance at a party, we will leave this to parental discretion, but we actively would not encourage this.
This policy was last updated on Thursday 17th May 2018.
We receive personal information about you that you give to us, that we collect from your visits to our stores, Site, Apps and social media pages and that we obtain from other sources. We only collect personal information which we need and that is relevant for the purposes for which we intend to use it.
Personal information that you give to us
We collect the following information if you choose to give it to us in connection with your account registration on our Site, Apps, social media pages or in store, your purchases or general enquiries, when exercising your legal rights or by corresponding with us by phone, email or other means and is provided by you entirely voluntarily. The information you give to us can include your name, contact details (such as phone number, email address and postal address), enquiry details, your opinion of our products and services and certain marketing preferences. There are some circumstances where we need the information (pursuant to our contract with you), for example, where you have placed an order with us, we need to know where to deliver your order and to be able to take payment from you. If you don’t provide us with this information we may not be able to provide our services to you or be able to interact with you in the way you would expect.
Information that we collect about you – in store, online, by phone, email, or when using our Party Plan services
When you visit one of our stores we automatically collect:
When you visit our Site or use our Apps we automatically collect:
Information we collect about you from other sources
We collect the following personal information about you from the following sources, which we use in the ways described in the section below:
UK HEAD QUARTERS Kensington Village Avonmore Road London W14 8TS
Example categories of data:
650+ demographic, lifestage and lifestyle variables:
Demographics – age, income, no. of children
We use your personal information for a variety of reasons. We rely on different legal grounds to process your personal information, depending on the purposes of our use and the risks to your privacy. You will only receive unsolicited email and SMS marketing communications from us if: (a) we have obtained your details in the course of a sale or negotiation for a sale of our products or Party Plan services and you have not objected to receiving such direct email and SMS marketing from us. Of course, we will only send you marketing emails and SMS messages that are based on similar products or services that you purchased from us and you will always have the opportunity to opt out at any time; or (b) if you have consented to receiving marketing email and SMS messages from us (you can opt-out of receiving them at any time). We do not share your personal information with companies that would send their marketing to you.
We use your personal information in the following ways:
We may use and process your personal information for the following purposes where you have consented for us to do so:
We will use your personal information to comply with our legal obligations:
We may use and process your personal information where it is necessary for us to pursue our legitimate interests as a business for the following purposes:
Processing necessary for us to promote our business, brands and products and measure the reach and effectiveness of our campaigns
Processing necessary for us to support you with your enquiries
Processing necessary for us to respond to changing market conditions and the needs of our customers
Processing necessary for us to operate the administrative and technical aspects of our business efficiently and effectively
We will use your personal information where this is necessary for us to perform our contract with you or to carry out any pre-contract steps you’ve asked us to so that you can enter into that contract, for the following purposes:
We will use your personal information where this is in your vital interest for the following purposes:
Marketing communications: If we have requested your consent and you give your consent, we may use your personal information to contact you by email or SMS (as you indicate) to send you newsletters or to notify you of special offers, promotions, competitions or new products and services. We try to adapt any marketing material that we send to you for example by notifying you of special offers or promotions that will be of relevance to you, apply to your interests and in your location (we do this by monitoring your browsing and online shopping habits and providing information on products you have viewed and related products). If you do not wish to receive email communications from us, please inform us by using the unsubscribe link inside the email or code within the SMS, by sending an email to firstname.lastname@example.org or by changing your profile settings from within your account.
If you opt-out of receiving marketing communications from us, we keep your email address on our suppression list indefinitely to ensure that we comply with your wishes. Please see further The periods for which we retain your personal information.
We only disclose your personal information outside our business in limited circumstances. If we do, we will put in place a contract that requires recipients to protect your personal information, unless we are legally required to share that information. Any contractors or recipients that work for us will be obliged to follow our instructions. We do not sell your personal information to third parties.
We may disclose your information to our third party service providers, agents and subcontractors (Suppliers) for the purposes of providing services to us or directly to you on our behalf, including the operation and maintenance of our Site, Apps and social media pages. Our Suppliers can be categorised as follows:
When we use Suppliers, we only disclose to them any personal information that is necessary for them to provide their services and only where we have a contract in place that requires them to keep your information secure and not to use it other than in accordance with our specific instructions.
We may disclose the personal information to other third parties as follows:
We transfer your personal information outside of Europe. We take measures to protect your personal information.
The personal information you provide to us may be transferred or stored in countries located outside of the European Economic Area (EEA). By way of example, if any of our servers or those of our third party service providers are from time to time located in a country outside of the EEA or if our third party suppliers themselves send personal Information out of the EEA. These countries may not have similar data protection laws to the UK and may not have adequate data protection laws equivalent to those in the EEA. The non-EEA countries to which we transfer your personal data are: The USA.
If we (or our third party suppliers) transfer or store your information outside of the EEA in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this policy. These steps include imposing contractual obligations on the recipient of your personal information or ensuring that the recipients are subscribed to ‘international frameworks’ that aim to ensure adequate protection. Please contact us using the details at the end of this policy for more information about the protections that we put in place and to obtain a copy of the relevant documents.
If you use our services whilst you are outside the EEA, your information may be transferred outside the EEA in order to provide you with those services.
We take the security of your personal information seriously and use a variety of measures based on good industry practice to keep it secure. Nonetheless, transmissions over the internet and to our Site, Apps and our social media pages may not be completely secure, so please exercise caution. When accessing links to other websites, their privacy policies, not ours, will apply to your personal information.
We employ security measures to protect the personal information you provide to us, to prevent access by unauthorised persons and unlawful processing, accidental loss, destruction and damage. When we have provided (or you have chosen) a password allowing you access to certain parts of the Site, you are responsible for safeguarding it and keeping it confidential and you promise not to allow it to be used by third parties.
We are a member of IMRG, the leading industry body for global e-tailing, promoting the highest possible industry standards and best practices ensuring honest and truthful transactions. We utilise industry-standard 256 bit Secure Sockets Layer (SSL) technology to allow for the encryption of sensitive information such as your name, address and other sensitive information like your credit card details.
This technology includes the following features:
Authentication: this assures your browser that your data is being sent to the correct computer server, and that the server is secure.
Encryption: this encodes the data, so that it cannot be read by anyone other than the secure server.
Data Integrity: this checks the data being transferred to ensure it has not been altered.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do everything possible to protect your personal information, we cannot guarantee the security of any personal information during its transmission to us online. You accept the inherent security implications of using the internet and will not hold us responsible for any breach of security unless we are at fault.
If you are using a computer or terminal in a public location, we recommend that you always log out and close the website browser when you complete an online session for your security. In addition, we recommend that you take the following security measures to enhance your online safety: When creating a password, we recommend use at least 8 character with a combination of letters and numbers. We recommend you frequently change your password – you can do this by going to “Sign In” and clicking “Personal Information”.
Keep your passwords private. Remember, anyone who knows your password may access your account. Avoid using the same password for multiple online accounts. We will never ask you to confirm any account or credit card details via email. If you receive an email claiming to be from annsummers.com asking you to do so, please ignore it and do not respond.
In addition, if you linked to our Site from a third party website, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party website and recommend that you check the policy of that third party website.
We will not hold your personal information in an identifiable format for any longer than is necessary for the purposes for which we collected it. For certain purposes we retain your personal information indefinitely (e.g. to supress marketing messages) whilst for others we retain it for a period of 7 years after the information is no longer required for business reasons so that we can deal with any legal proceedings that could arise.
The only exceptions to the periods mentioned above are where:
We retain an anonymised version of the submitted personal information for as long as we require it for reporting and other statistical and analytical purposes. Such anonymised information will not identify you and may be derived from personal information that was contained within accounts that have subsequently been deleted.
You have a number of rights in relation to your personal information under data protection law. In relation to certain rights, we may ask you for information to verify your identity and, where applicable, to help us to search for your personal information. Except in rare cases, we will respond to you within 30 days after we have received this information or, where no such information is required, after we have received full details of your request.
You have the following rights, some of which may only apply in certain circumstances.
To find out more about each of your rights, please click the ✓ icon next to each right above. To exercise these rights, please contact us using the details at the end of this policy.
to be informed about the processing of your personal information (this is what this statement sets out to do);
The accuracy of your information is important to us and we are working on ways to make it easier for you to review and correct the information that we hold about you. In the meantime, if you change your name or address/email address, or you discover that any of the other information we hold is inaccurate or out of date, please let us know by contacting us in any of the details described at the end of this policy.
Where we rely on our legitimate interests as the legal basis for processing your personal information for particular purposes, you may object to us using your personal information for these purposes by emailing or writing to us at the address at the end of this policy. Except for the purposes for which we are sure we can continue to process your personal information, we will temporarily stop processing your personal information in line with your objection until we have investigated the matter. If we agree that your objection is justified in accordance with your rights under data protection laws, we will permanently stop using your data for those purposes. Otherwise we will provide you with our justification as to why we need to continue using your data.
You may object to us using your personal information for direct marketing purposes and we will automatically comply with your request. If you would like to do so, please use our unsubscribe tool.
Where we rely on your consent as the legal basis for processing your personal information, you may withdraw your consent at any time by contacting us using the details at the end of this policy. If you would like to withdraw your consent to receiving any direct marketing to which you previously opted-in, you can also do so using our unsubscribe tool. If you withdraw your consent, our use of your personal information before you withdraw is still lawful.
You may ask us to restrict the processing of your personal information in the following situations:
In these situations, we may only process your personal information whilst its processing is restricted if we have your consent or are legally permitted to do so, for example for storage purposes, to protect the rights of another individual or company or in connection with legal proceedings.
In certain circumstances, you may ask for your personal information to be removed from our systems by emailing or writing to us at the address at the end of this policy. Unless there is a reason that the law allows us to use your personal information for longer, we will make reasonable efforts to comply with your request.
You have the right to ask for a copy of the information that we hold about you by emailing or writing to us at the address at the end of this policy. We may not provide you with a copy of your personal information if this concerns other individuals or we have another lawful reason to withhold that information.
Where we rely on your consent as the legal basis for processing your personal information or need to process it in connection with a contract in place directly with you, you may ask us to provide you with a copy of that information in a structured data file. We will provide this to you electronically in a structured, commonly used and machine readable form, such as a CSV file.
You can ask us to send your personal information directly to another service provider, and we will do so if this is technically possible. We may not provide you with a copy of your personal information if this concerns other individuals or we have another lawful reason to withhold that information.
You may also contest a decision made about you based purely on automated processing by writing to our Data Protection Team at Ann Summers Ltd, Gold Group House, Godstone Road, Whyteleafe, Surrey, CR3 0GG; or by emailing us at email@example.com.
Please check this page regularly for changes to this policy. We will email you with changes if we hold a valid email address for you.
We may review this policy from time to time and any changes will be notified to you by posting an updated version on our Site and/or by contacting you by email. We recommend you regularly check this page for changes and review this policy each time you visit our Site.
You can contact us with your queries in relation to this policy or for any other reason by post, email or by phone.
To contact us for any reason, including to exercise any of your rights in relation to your personal information, please contact us using our Comments Form, selecting "General Query" and then "Query about my data" from the drop down list; or write to our Data Protection Team at Ann Summers Ltd, Gold Group House, Godstone Road, Whyteleafe, Surrey, CR3 0GG, or email us at firstname.lastname@example.org.
Ann Summers’ Limited company registration number is 1034349 and registered office address is Gold Group House, Godstone Road, Whyteleafe, Surrey, CR3 0GG.
In order to offer you Klarna’s payment methods, we might in the checkout pass your personal data in the form of contact and order details to Klarna, in order for Klarna to assess whether you qualify for their payment methods and to tailor those payment methods for you. Your personal data transferred is processed in line with Klarna’s own privacy notice.