If you are using our services or Site (defined below) from Ireland, including interacting with us, visiting our stores and social media pages, then Ann Summers Ireland Retail Ltd is the controller in relation to the processing activities described below and references to “we, our or us” is referring to Ann Summers Ireland Retail Ltd. Otherwise, Ann Summers Limited is the controller of your personal information.

A “controller” is the organisation that decides why and how your personal information is processed.

This Privacy Policy explains why and how we will use the personal information that we have obtained from you or others, with whom we share it and the rights you have in connection with the information we use. Please read the following carefully.

This policy describes the way we handle and use the personal information that we obtain from all the different interactions you may have with us as a business, including when you visit our stores, social media pages or website currently located at www.annsummers.com and related websites (Site) or when you contact us, use our Apps or take part in any of our competitions or promotions. Ann Summers Limited is the controller in relation to the processing activities described below. This means that Ann Summers Limited decides why and how your personal information is processed. Please see the section at the end of this policy for our contact and legal information.

Responsible Retailing

Online: we do not and will not knowingly collect information from any person under the age of 18. If you are under the age of 18, you must not use the Site or submit any personal information. Due to the nature of some of our products, you must be 18 or over to use and shop on our Site.

In-Store: Under 18’s are allowed to browse and shop in our stores, as we sell more than just sex toys. Our stores are laid out so that all sex toys are displayed together in a dedicated area. Should a customer who we believe is under the age of 18 enter the sex toy area, we will politely explain that to continue to shop in this area then we need confirmation they are 18 or over.

Party Plan: We do not encourage under 18s to attend or book one of our parties. If a young adult is aged 16 or over is in attendance at a party, we will leave this to parental discretion, but we actively would not encourage this.

This policy was last updated on Thursday 17^th May 2018.

Personal information that you give to us

We collect the following information if you choose to give it to us in connection with your account registration on our Site, Apps, social media pages or in store, your purchases or general enquiries, when exercising your legal rights or by corresponding with us by phone, email or other means and is provided by you entirely voluntarily. The information you give to us can include your name, contact details (such as phone number, email address and postal address), enquiry details, your opinion of our products and services and certain marketing preferences. There are some circumstances where we need the information (pursuant to our contract with you), for example, where you have placed an order with us, we need to know where to deliver your order and to be able to take payment from you. If you don’t provide us with this information we may not be able to provide our services to you or be able to interact with you in the way you would expect.

Information that we collect about you – in store, online, by phone, email, or when using our Party Plan services

• your name, title and contact details (email address, telephone number, postal address, social media handle);
• your date of birth;
• gender
• any information you include in correspondence you send to us or in forms you submit to us at our stores or when using our Site, Apps or social media pages;
• details of your orders and purchases;
• your marketing preferences;
• the opinions and other information you provide when responding to customer surveys and product reviews;
• information you provide when completing a Tax Free Shopping Form;
• any personal information included in your entries to competitions that we run;
• your identification information when exercising the rights that you have in relation to our processing of your personal information (see further Your rights in relation to your personal information)
• details of any transactions between you and us;
• information you give us when you contact us with a query or issue;
• your payment card details and, in relation to certain refunds, your bank account details;
• information you give us when you contact us with a query or issue

When you visit one of our stores we automatically collect:

• footage of you and your shopping companions (including your/their physical appearance) on CCTV

When you visit our Site or use our Apps we automatically collect:

• the frequency of your voucher and discount downloads;
• the internet protocol (IP) address of your device and details regarding the type of device and browser software you use to access the Site;
• details of your use of our Site and Apps, namely traffic data, weblogs and statistical data, including where and when you clicked on certain parts of our Site and details of the webpage from which you visited it;
• the date and time you used our Site;
• the pages you visited on our Site and how long you visited us for;
• your GPS location (where you have permitted access to this);
• the website address from which you accessed our website;
• details regarding when and how you consented to receive marketing communications from us (including the date you provided your consent);
• cookie, pixels and beacon identification information (for more information please see our Cookie Policy).

Information we collect about you from other sources

We collect the following personal information about you from the following sources, which we use in the ways described in the section below:

CACI

UK HEAD QUARTERS Kensington Village Avonmore Road London W14 8TS

Data Source: CACI OCEAN Database

Example categories of data: 650+ demographic, lifestage and lifestyle variables: Examples: Demographics – age, income, no. of children Home & Motor – house type, no. of cars Digital – internet usage, social networking Lifestyle – interests and hobbies Shopping – weekly spend, supermarket brands Attitudes – finance, lifestyle, technology

We use your personal information in the following ways:

3.1 Where you have provided CONSENT

We may use and process your personal information for the following purposes where you have consented for us to do so:

• to contact you via email or SMS (as you have indicated) with marketing information about our products, events, product launches, exciting offers and services (see Marketing for further details).

3.2 Where necessary to comply with our LEGAL OBLIGATIONS

We will use your personal information to comply with our legal obligations:

• to keep a record relating the exercise of any of your rights relating to our processing of your personal information;
• to take any actions in relation to health and safety incidents required by law; and
• to handle and resolve any complaints we receive relating to the services and products we provide.

3.3 Where necessary for us to pursue a LEGITIMATE INTEREST

We may use and process your personal information where it is necessary for us to pursue our legitimate interests as a business for the following purposes:

Processing necessary for us to promote our business, brands and products and measure the reach and effectiveness of our campaigns

• for analysis and insight conducted to inform our marketing strategies, and to enhance your visitor experience;
• to tailor and personalise our marketing communications based on your attributes, for example, by sending you a birthday treat message;
• to fulfil and complete your orders, purchases and other transactions entered into with us;
• to contact you with targeted advertising delivered online through social media and other online platforms operated by other companies, unless you object. You may receive advertising based on information about you that we have provided to the platform or because, at our request, the platform has identified you as having similar attributes to the individuals whose details it has received from us. To find out more, please refer to the information provided in the help pages of the platforms on which you receive advertising from us;
• to send you an electronic communication if you have closed your browser with items in your shopping basket;
• to send you electronic marketing information after you have purchased a product or service from us, made a purchasing enquiry or requested information of interest. At the time we first collect your details we will give you a simple way to opt out and object to our sending you electronic marketing information and this option will be repeated in every subsequent marketing message we send you. We will only contact you with information about our own similar products and services, which we hope you will like. You have the right to object to us sending you this information at any time;
• to identify and record when you have received, opened or engaged with our Site, Apps or social media or other electronic communications (please see our Cookie Policy for more information); and
• in some cases we may use automated methods to analyse, combine and evaluate information that you have provided to us. We collect and analyse this information in this way so that we can deliver the most appropriate customer experience to you by tailoring and making relevant all our service and communications.

Processing necessary for us to support you with your enquiries

• to respond to correspondence you send to us and fulfil the requests you make to us.

Processing necessary for us to respond to changing market conditions and the needs of our customers

• to analyse, evaluate and improve our products and services so that your visit and use of our Site, Apps, party plan services, social media pages and stores are more useful and enjoyable (we will generally use data amalgamated from many people so that it does not identify you personally);
• to undertake market analysis and research (including contacting you with customer surveys) so that we can better understand you as a customer;
• for product development purposes.

Processing necessary for us to operate the administrative and technical aspects of our business efficiently and effectively

• to administer our Site, Apps and our social media pages and for internal operations, including troubleshooting, testing, statistical purposes;
• for the prevention of fraud and other criminal activities;
• to verify the accuracy of data that we hold about you and create a better understanding of you as an account holder or visitor;
• for network and information security in order for us to take steps to protect your information against loss or damage, theft or unauthorised access;
• to comply with a request from you in connection with the exercise of your rights (for example where you have asked us not to contact you for marketing purposes, we will keep a record of this on our suppression lists in order to be able to comply with your request);
• for the purposes of corporate restructure or reorganisation or sale of our business or assets;
• for efficiency, accuracy or other improvements of our databases and systems, for example, by combining systems or consolidating records we hold about you;
• to enforce or protect our contractual or other legal rights or to bring or defend legal proceedings;
• to inform you of updates to our terms and conditions and policies; and
• for other general administration including managing your queries, complaints, or claims, and to send service messages to you.

3.4 Where necessary for us to carry out PRE-CONTRACT STEPS you have requested or for the performance of our CONTRACT

We will use your personal information where this is necessary for us to perform our contract with you or to carry out any pre-contract steps you’ve asked us to so that you can enter into that contract, for the following purposes:

• to fulfil your party plan event requirements;
• to process, fulfil and complete your orders, purchases and other transactions entered into with us and deliver your order and deliver your order;
• to process your payment card or bank details when taking payment for your orders or when providing a refund; and
• to run our competitions and promotions that you enter from time to time and to distribute prizes.

3.5 Where processing is in your VITAL INTERESTS

We will use your personal information where this is in your vital interest for the following purposes:

• to notify you of any product recall issues.

Marketing communications: If we have requested your consent and you give your consent, we may use your personal information to contact you by email or SMS (as you indicate) to send you newsletters or to notify you of special offers, promotions, competitions or new products and services. We try to adapt any marketing material that we send to you for example by notifying you of special offers or promotions that will be of relevance to you, apply to your interests and in your location (we do this by monitoring your browsing and online shopping habits and providing information on products you have viewed and related products). If you do not wish to receive email communications from us, please inform us by using the unsubscribe link inside the email or code within the SMS, by sending an email to dataprotection@annsummers.com or by changing your profile settings from within your account.

If you opt-out of receiving marketing communications from us, we keep your email address on our suppression list indefinitely to ensure that we comply with your wishes. Please see further The periods for which we retain your personal information.

We may disclose your information to our third party service providers, agents and subcontractors (Suppliers) for the purposes of providing services to us or directly to you on our behalf, including the operation and maintenance of our Site, Apps and social media pages. Our Suppliers can be categorised as follows:

• Advertising, PR, digital and creative agencies
• Ann Summers Ireland Retail Ltd
• Banks, payment processors and financial services providers
• CCTV administration and monitoring service providers
• Cloud software system providers, including database, email and document management providers
• Competition data capture providers
• Customer care/services providers (Support)
• Delivery and mailing services providers
• Facilities and technology service providers including scanning and data destruction providers
• Gift card and shopping code providers
• Health and safety claims administrators and consultants
• Insurers and insurance brokers
• Legal, security and other professional advisers and consultants
• Market and customer research providers
• Service Providers for email marketing campaigns
• Social media platforms
• Website and App developers
• Website and data analytics platform providers
• Website hosting services providers

When we use Suppliers, we only disclose to them any personal information that is necessary for them to provide their services and only where we have a contract in place that requires them to keep your information secure and not to use it other than in accordance with our specific instructions.

We may disclose the personal information to other third parties as follows:

• any third party who is restructuring, selling or acquiring some or all of our business or assets or otherwise in the event of a merger, re-organisation or similar event; and
• if we are under a duty to disclose or share your information in order to comply with any legal or regulatory obligation or request, including by the police, courts, tribunals or regulators.

The personal information you provide to us may be transferred or stored in countries located outside of the European Economic Area (EEA). By way of example, if any of our servers or those of our third party service providers are from time to time located in a country outside of the EEA or if our third party suppliers themselves send personal Information out of the EEA. These countries may not have similar data protection laws to the UK and may not have adequate data protection laws equivalent to those in the EEA. The non-EEA countries to which we transfer your personal data are: The USA.

If we (or our third party suppliers) transfer or store your information outside of the EEA in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this policy. These steps include imposing contractual obligations on the recipient of your personal information or ensuring that the recipients are subscribed to ‘international frameworks’ that aim to ensure adequate protection. Please contact us using the details at the end of this policy for more information about the protections that we put in place and to obtain a copy of the relevant documents.

If you use our services whilst you are outside the EEA, your information may be transferred outside the EEA in order to provide you with those services.

We employ security measures to protect the personal information you provide to us, to prevent access by unauthorised persons and unlawful processing, accidental loss, destruction and damage. When we have provided (or you have chosen) a password allowing you access to certain parts of the Site, you are responsible for safeguarding it and keeping it confidential and you promise not to allow it to be used by third parties.

Payment Security

We are a member of IMRG, the leading industry body for global e-tailing, promoting the highest possible industry standards and best practices ensuring honest and truthful transactions. We utilise industry-standard 256 bit Secure Sockets Layer (SSL) technology to allow for the encryption of sensitive information such as your name, address and other sensitive information like your credit card details.

This technology includes the following features:

Authentication: this assures your browser that your data is being sent to the correct computer server, and that the server is secure.
Encryption: this encodes the data, so that it cannot be read by anyone other than the secure server.
Data Integrity: this checks the data being transferred to ensure it has not been altered.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do everything possible to protect your personal information, we cannot guarantee the security of any personal information during its transmission to us online. You accept the inherent security implications of using the internet and will not hold us responsible for any breach of security unless we are at fault.

If you are using a computer or terminal in a public location, we recommend that you always log out and close the website browser when you complete an online session for your security. In addition, we recommend that you take the following security measures to enhance your online safety: When creating a password, we recommend use at least 8 character with a combination of letters and numbers. We recommend you frequently change your password – you can do this by going to “Sign In” and clicking “Personal Information”.

Keep your passwords private. Remember, anyone who knows your password may access your account. Avoid using the same password for multiple online accounts. We will never ask you to confirm any account or credit card details via email. If you receive an email claiming to be from annsummers.com asking you to do so, please ignore it and do not respond.

Our Site, Apps and social media pages may contain links to other websites run by other organisations which we do not control. This policy does not apply to those other websites‚ so we encourage you to read their privacy policies. We are not responsible for the privacy policies and practices of other websites (even if you access them using links that we provide) and we provide links to those websites solely for your information and convenience. We specifically disclaim responsibility for their content, privacy practices and terms of use, and we make no endorsements, representations or promises about their accuracy, content or thoroughness. Your disclosure of personal information to third party websites is at your own risk.

In addition, if you linked to our Site from a third party website, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party website and recommend that you check the policy of that third party website.

The only exceptions to the periods mentioned above are where:

• you exercise your right to have the information erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted or required under the law (see further Your rights in relation to your personal information);
• you exercise your right to require us to retain your personal information for a period longer than our stated retention period (see further Your rights in relation to your personal information);
• we bring or defend a legal claim or other proceedings during the period we retain your personal information, in which case we will retain your personal information until those proceedings have concluded and no further appeals are possible; or
• in limited cases, existing or future law or a court or regulator requires us to keep your personal information for a longer or shorter period.

We retain an anonymised version of the submitted personal information for as long as we require it for reporting and other statistical and analytical purposes. Such anonymised information will not identify you and may be derived from personal information that was contained within accounts that have subsequently been deleted.

You have the following rights, some of which may only apply in certain circumstances.

To find out more about each of your rights, please click the ✓ icon next to each right above. To exercise these rights, please contact us using the details at the end of this policy.

to be informed about the processing of your personal information (this is what this statement sets out to do);

✓ to have your personal information corrected if it is inaccurate and to have incomplete personal information completed; ✓ to object to processing of your personal information; ✓ to withdraw your consent to processing your personal information; ✓ to restrict processing of your personal information; ✓ to have your personal information erased; ✓ to request access to your personal information and information about how we process it; ✓ to electronically move, copy or transfer your personal information in a standard, machine-readable form; and ✓ rights relating to automated decision making, including profiling.

We may review this policy from time to time and any changes will be notified to you by posting an updated version on our Site and/or by contacting you by email. We recommend you regularly check this page for changes and review this policy each time you visit our Site.

To contact us for any reason, including to exercise any of your rights in relation to your personal information, please contact us using our Comments Form, selecting "General Query" and then "Query about my data" from the drop down list; or write to our Data Protection Team at Ann Summers Ltd, Gold Group House, Godstone Road, Whyteleafe, Surrey, CR3 0GG, or email us at dataprotection@annsummers.com.

Ann Summers’ Limited company registration number is 1034349 and registered office address is Gold Group House, Godstone Road, Whyteleafe, Surrey, CR3 0GG.