Privacy Policy

1   IMPORTANT NOTICE

This is the Privacy Notice of Evora Boutique Limited (Company number 15303161) whose registered office is at 2 Birchfields, Hale, Altrincham, England, WA15 9LW ( “we”, “us” or “our”) and sets out how we collect and process your personal data.

We understand that your privacy is important to you and that you care about how your personal data is used. We respect and value the privacy of all of our customers and other persons who interact with us and will only use personal data in ways that are described here and in a way that is consistent with our obligations and your rights under the law.

  • This Privacy Notice may vary from time to time so please check it regularly.  If it changes we will update our website with the new privacy notice.
  • This Privacy Notice also provides certain information that is legally required and lists your rights in relation to your personal data. Please read this Privacy Notice to understand how we may use your personal data.
  • This Privacy Notice relates to personal information that identifies “you” meaning customers or potential customers, individuals who browse our website and individuals outside our organisation with whom we interact. If you are an employee, contractor or otherwise engaged in work for us or applying to work for us, a separate privacy notice applies to you instead.

This Privacy Notice may vary from time to time so please review regularly. This version of this Privacy Notice was first published on 13/02/2024 and was most recently updated on 13/02/2024

2               HOW TO CONTACT US

This Privacy Notice applies where we are a controller in respect of your personal data – this is where we decide how and why your personal data is processed. If you wish to correct your personal data held by us or to opt out at any time from receiving marketing correspondence from us or to alter your marketing preferences please contact our customer care. If you need to contact us in connection with our use or processing of your personal data, or gain access to the data held please contact hello@evoraboutique.co.uk.  

 

3               WHAT DOES THIS NOTICE COVER?

 

This Privacy Notice explains how we use your personal data: how it is collected, how it is held, and how it is processed. It also explains your rights under the law relating to your personal data.

 

4               WHAT IS PERSONAL DATA?

 

Personal data is in simple terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.

 

5               WHAT PERSONAL DATA WE COLLECT AND HOLD?

 

The categories of personal data about you that we may collect, use, store, share and transfer are:

 

  • Individual Data. This includes personal data which relates to your identity, such as your name, username or similar identifier, marital status, title, date of birth and gender and your contact details such as your billing address, delivery address, email address and telephone numbers; 
  • Advertising Data. This includes personal data which relates to your advertising preferences, such as information about [your preferences in receiving marketing materials from us and our third parties and your communication preferences as well as your personal interests;
  •  Information Technology Data. This includes personal data which relates to your use of our website, such as your internet protocol (IP) address, login data, traffic data, weblogs and other communication data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website;
  • Account and Profile Data. This includes personal data which relates to your account or profile on our website, such as your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses;
  • Economic and Financial Data. This includes personal data which relates to your finances, such as your bank account and payment card details and information which we collect from you for the purposes of the prevention of fraud;
  • Sales Data. This includes personal data which relates to the transactions you have conducted with us, such as details about payments to and from you, details of subscriptions to our services or publications and other details of products and services you have purchased from us;
  • Audio and Visual Data. This includes personal data which is gathered using recording systems in the form of images, video footage and sound recordings that is taken at any of our locations or otherwise by us for promotional purposes;
  • Market Research Data. This includes personal data which is gathered for the purposes of market research, such as price comparison information.


We may also create personal data about you, for example, if you contact us by telephone to make a complaint, for example about our services or goods, then we may make a written record of key details of the conversation so that we can take steps to address the complaint.

 

[We also obtain and use certain aggregated data such as statistical or demographic data for any purpose (“Aggregated Data”). Aggregated Data may be derived from your personal data but does not directly or indirectly reveal your identity. For example, we may aggregate your Information Technology Data to calculate the percentage of users accessing a specific feature on our website. However, if we re-combine or re-connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Notice.]

 

We do not collect any information about criminal convictions and offences.

 

6               WHERE DO WE COLLECT PERSONAL DATA FROM?

 

We obtain your personal data from the following sources:

 

Directly from you, via our website, e-mail, instant message, social media, or by telephone or via handheld devices. This could include personal data which you provide when you:

 

(a)            place an order for our products.

(b)            create an account on our website.

(c)            subscribe to our publications.

(d)            request information on our products or for other marketing to be sent to you.

(e)            enter a competition or promotion; and

(f)             complete a survey from us or give us feedback.

 

Via automated technologies, such as cookies, server logs and other similar technologies. We may automatically collect Information Technology Data about your equipment, browsing actions and patterns by using cookies, server logs and other similar technologies. We may also receive Information Technology Data about you if you visit other websites employing our cookies. Please see our cookie policy [LINK] for further details.

 

From someone else, such as;

 

(a)            analytics providers.

(b)            our provider of customer feedback.

(c)            advertising networks.

(d)            search information providers.

(e)            providers of technical, payment and delivery services.

(f)             data brokers or aggregators.

(g)            providers of social media platforms (such as Facebook, Twitter and Instagram) for example where you share our content through social media, for example by liking us on Facebook, following or tweeting about us on Twitter.

 

7               HOW WE USE YOUR PERSONAL DATA

 We collect personal data about you in order to:

  • perform our contractual obligations to you. This would include:

-processing and performing any order/s placed by you;

-orders placed by us where you are a supplier;

-making or receiving payments, fees, and charges;

-collecting and recovering money owed.

  • manage our relationship with you including:
    -to send you important notices such as communications about changes to our terms and conditions and policies (including this Privacy Notice)
    -to provide you with important real-time information about products or services you have ordered from us (e.g. a change of time or location due to unforeseen circumstances)
    -to send you information you have requested
    -to deal with your enquiries
    -to ask you to leave a review or feedback on us
  • administer our business and carry out business activities;
  • make suggestions and recommendations to you about goods or services that may be of interest to you, deliver relevant website content and advertisements to you and to measure or understand the effectiveness of our advertising;
  • communicate with you about, and administer your participation in, special events, programs, promotions, any prize draws or competitions;
  • for internal purposes to use data analytics, to identify usage trends, determine and measure the effectiveness of promotional campaigns and advertising and to improve our website, products/services, marketing, customer relationships and experiences;
  • protect our business including to deal with any misuse of our website and to comply with our security policies at our locations;
  • use your personal data to comply with our own legal obligations e.g. to comply with health and safety requirements, or to assist in a police investigation;
  • enforce or apply our terms of use, terms and conditions of supply and other agreements with third parties;
  • to detect and prevent fraud and other illegal activities (and to assist regulators, trade bodies and law enforcement agencies in relation to the same);
  • finance, restructure, sell, make ready for sale or dispose of our business in whole or in part including to any potential buyer or their advisers;
  • investigate and defend any third-party claims or allegations;

 

8               OUR LAWFUL BASIS FOR PROCESSING YOUR PERSONAL DATA
Where we may rely on consent
For certain purposes it may be appropriate for us to obtain your prior consent. The legal basis of consent is only used by us in relation to processing that is entirely voluntary – it is not used for processing that is necessary or obligatory in any way. Where we rely on your consent, you may at any time withdraw your consent. Please contact us using the contact details set out in paragraph 1 to do so. Please note even if you withdraw consent for us to use your personal data for a particular purpose we may continue to rely on other lawful bases to process your personal data for other purposes.

 Examples of when we may rely on your consent to process your personal data include:

  • where we would like to use photos or images taken of you in promotional materials];
  • where we or our carefully selected third parties have new products and services which we think you'll be interested in.

 

 

 

 

Other legal bases we may rely on
Where we are relying on a basis other than your consent, the lawful basis for processing personal data will be one of the following:

  1. a)     the processing is necessary in order for us to comply with our legal obligations(such as compliance with anti-money laundering legislation);
  2. b)     the processing is necessary for the performance of a contractyou are party to or in order to take steps at your request prior to you entering into a contract;
  3. c)     processing is necessary for the establishment, exercise or defence of legal claims; or
  4. d)     the processing is necessary for the pursuit of our legitimate business interests. In particular, our legitimate interests include:
  • the provision of goods and services;
  • the recovery of debt;
  • the provision of administration and / or IT services;
  • the security of our IT network;
  • the prevention of fraud;
  • marketing of goods and services and promotion of our business;
  • the reorganisation or sale or refinancing of the business [or a group restructure];
  • the study in how to develop and the update of our products and services;
  • the development of our business strategy;
  • protecting our business and property.
  1. e)     the processing is necessary in order to protect the vital interestsof an individual e.g. where there is a medical emergency at one of our premises.

9               WHO RECEIVES YOUR PERSONAL DATA
We may disclose your personal data to:

  • our group companies and affiliates or third party data processers who may process data on our behalf to enable us to carry out our usual business practices. Any such disclosure will only be so that we can process your personal data for the purposes set out in this Privacy Notice;
  • our service providers and sub-contractors, including but not limited to payment processors (such as Shopify). Some of these service providers may process your data as a controller which means that they independently decide how to process your data (without reference to us) and some may process your data as our processor which means they only process your personal data in accordance with our instructions. Where a service provider is a controller, you should check their privacy policy for details of how they process your personal data;
  • [our PR agency [and provider of our App] and customer feedback;]
  • HMRC, legal and other regulators or authorities, including those who request your personal data or to report any potential or actual breach of applicable law or regulation;
  • external professional advisers such as accountants, bankers, insurers, auditors and lawyers;
  • law enforcement agencies, courts or other relevant party, to the extent necessary for the establishment, exercise or defence of legal rights;
  • third parties where necessary for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties;
  • third parties which are considering or have decided to acquire some or all of our assets or shares, merge with us or to whom we may transfer our business (including in the event of a reorganisation, dissolution or liquidation);
  • third parties operating plugins or content (such as Facebook, Twitter, Instagram) on our website which you choose to interact with;

 

 

 

10            PERSONAL DATA ABOUT OTHERS WHICH YOU PROVIDE TO US 
If you provide personal data to us about someone else (such as one of your directors or employees, or someone with whom you have business dealings) you must ensure that you are entitled to disclose that personal data to us and that, without our taking any further steps, we may collect, use and disclose that personal data as described in this Privacy Notice.

You must ensure the individual concerned is aware of the various matters detailed in this Privacy Notice, as those matters relate to that individual, including our identity, how to contact us, the way in which we collect and use personal data and our personal data disclosure practices, that individual's right to obtain access to the personal data and make complaints about the handling of the personal data, and the consequences if the personal data is not provided.

 

11            ACCURACY OF YOUR PERSONAL INFORMATION
It is important that the personal data we hold about you is accurate and current and we take all reasonable precautions to ensure that this is the case but we do not undertake to check or verify the accuracy of personal data provided by you.  Please keep us informed if your personal data changes during your relationship with us either by logging onto your account on the website or by contacting us. We will not be responsible for any losses arising from any inaccurate, inauthentic, deficient or incomplete personal data that you provide to us.

 

12            INTERNATIONAL TRANSFERS OF PERSONAL DATA
It is possible that personal data we collect from you may be transferred, stored and/or processed outside the European Economic Area.

 In connection with such transfers we will ensure that:

  1. a)     there are appropriate safeguards in place such as binding corporate rules or the approved EU model contractual clauses between us and the recipient (as per Article 46 GDPR (or English law equivalent)). A copy of the appropriate safeguard can be obtained by [INSERT e.g. contacting us using the contact details set out in paragraph 2];]
    b)     the transfer is to a country that the European Commission has decided provides an adequate level of protection such as to a country approved by the European Commission or to certain organisations with the US pursuant to the Privacy Shield (as per Article 45 GDPR (or English law equivalent))
    c)     one of the derogations for specific situations in the first sub-paragraph of Article 49(1) GDPR (or English law equivalent) applies to the transfer including explicit consent or necessary for the performance of a contract or exercise or defence of legal claims.

 

13           HOW LONG WE WILL STORE YOUR PERSONAL DATA FOR

We keep your personal data for no longer than necessary for the purposes for which the personal data is processed. The length of time we retain personal data for depends on the purposes for which we collect and use it and/or as required to comply with applicable laws and to establish, exercise or defend our legal rights.

 

 

 

 

TECHNICAL AND SECURITY MEASURES
We take the security your personal data seriously and have technical and organisational measures to ensure a level of security appropriate to the risk. We use a mixture of measures including utilising technology to combat cybersecurity, data management techniques, user access and management procedures, physical security and guidelines for personnel.

Our measures are aimed at having the ability to:

  • ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; and
  • restore the availability and access to personal data in a timely manner in the event of a physical or technical incident.

 

15            WHAT ARE YOUR RIGHTS?
Subject to applicable law, in addition to your ability to withdraw any consent you have given to our processing your personal data (see paragraph 8), you may have a number of rights in connection with the processing of your personal data, including:

  • The right to be informed about our collection and use of your personal data. This Privacy Notice should tell you everything you need to know, but you can always contact us to find out more or to ask any questions.
  •  The right to access the personal data we hold about you and to receive a copy. Parents may access their child’s records if this is in the child’s best interests and not contrary to a competent child’s wishes. Formal applications for access must be made in writing. See below.
  • The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete. Please contact us to find out more.
  • The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your personal data that we have. Please contact us to find out more.
  • The right to restrict (i.e. prevent) the processing of your personal data.
  • The right to object to us using your personal data for a particular purpose or purposes. However this may affect the services you receive – please speak to us. You are not able to object when information is legitimately shared for safeguarding reasons. In appropriate circumstances it is a legal and professional requirement to share information for safeguarding reasons. This is to protect people from harm.
  • The right to data portability. This means that, if you have provided personal data to us directly, we are using it with your consent or for the performance of a contract and that data is processed using automated means, you can ask us for a copy of that personal data to re-use with another service or business in many cases.


RIGHTS RELATING TO AUTOMATED DECISION-MAKING AND PROFILING
We do not use your personal data in this way.Some of the above rights only applicable in specific circumstances. You may find the Information Commissioner’s Office’s (ICO) website www.ico.org.uk useful in understanding when the different rights apply. For more information about our use of your personal data or exercising your rights as outlined above, please contact us using the details provided in at the beginning of this Privacy Notice. Further information about your rights can also be obtained from the Information Commissioner’s Office or your local Citizens Advice Bureau.

 If you have any cause for complaint about our use of your personal data, you can contact us using the contact details set out at the beginning of this privacy notice and we will consider your complaint. If you believe we are not processing your personal information in accordance with the law you can complain to the ICO. Please see the ICO’s website for how to do this.

 

16            HOW CAN YOU ACCESS YOUR PERSONAL DATA?
If you want to know what personal data we have about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a “subject access request”.  All subject access requests should be made in writing and sent to the email or postal addresses shown in at the beginning of this privacy notice.

If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) fees may be charged to cover our administrative costs in responding.

We will endeavour to respond to your subject access request within 14 working days and, in any case, within one month of receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of progress.

When requesting access to your personal information, please note that we may request specific information from you to enable us to confirm your identity and right to access, as well as to search for and provide you with the personal information that we hold about you. 

Your right to access the personal information that we hold about you is not absolute. There are instances where applicable law or regulatory requirements allow or require us to refuse to provide some or all of the personal information that we hold about you. In addition, the personal information may have been destroyed or erased in accordance with our record retention obligations and practices.

If we cannot provide you with access to your personal information, we will try to inform you of the reasons why, subject to any legal or regulatory restrictions.

17            LINKS TO OTHER WEBSITES

This policy only applies to us. If you link to another website from our website, you should remember to read and understand that website’s privacy policy as well. We do not control unconnected third-party websites and are not responsible for any use of your personal data that is made by unconnected third party websites. We do not endorse or otherwise accept any responsibility or liability for the content of such third party websites or third party terms and conditions or policies.

Contact form