Privacy Policy

This Privacy Policy sets out how we collect and use your personal information and what your individual data protection and privacy rights are.

Effective from 25th May 2018. This Privacy Policy was last updated on 23rd May 2018 and is version 1.0.

JD Williams & Company Ltd trading as Figleaves (we, our, us or Figleaves) is the Data Controller. This is the legal entity responsible for how your personal data is collected, stored and processed.

At Figleaves, we are committed to protecting the privacy and security of all our customers and website visitors. This policy explains:

  • What information we collect.
  • Why we collect that information.
  • How we may use that information.
  • How long we keep and protect your information.
  • What we won’t do with your information.
  • What options you have to control your marketing preferences.
  • What your individual data protection rights are.

When you share your personal information with us, you have a right to expect that information to be treated with total confidentiality. Therefore, it is our responsibility to manage your personal data that you provide to us with care and in accordance with all data protection legislation and industry best practice.

Whether you have supplied your personal details online, by phone, by email or in a letter, we will never use them without a lawful reason to do so. We will use your personal data for the purposes for which they were initially requested and as fully explained in this Privacy Policy.

It is your responsibility to ensure that your personal data provided to us is accurate and up to date. You can update your personal contact details, including email address and phone number, by visiting My Account online or contacting our Customer Service team.

Using Your Personal Data for Direct Marketing Purposes

Based on your marketing preferences, we use your email and home address to send you details of our latest products and promotions. We also use marketing Profiling techniques (see Your Personal Data to Improve Your Online Shopping Experience) to determine what product offers may be of interest to you whether that be by email, direct mail or social media. For further information on how we use your personal data to keep you informed about our products and promotions and how you can change your marketing preferences, click the relevant sections below.

> Obtaining Your Consent

We will obtain your consent to send you details of our latest products and promotions via Email Marketing in a number of ways. We will obtain your consent when you register your details with us, make a purchase, sign up to our email newsletters, check out as a guest, enter a competition or sign up via Facebook. You can change your email marketing preferences at any time - see Your Personal Data Rights.

> Email Marketing

If we have obtained your consent, we will send you regular marketing emails to keep you informed about our new products, promotions and other information about Figleaves. These emails may be personalised to contain your name and we also use Profiling techniques to ensure the marketing emails you receive are relevant and contain information that we feel will be of interest to you. We also use your date of birth to send you specific birthday offers. However, should you wish to exercise your right to withdraw your consent for email marketing, you can do this at any time, please see Your Personal Data Rights.

> Direct Mail

We will use your name and address to send you personalised marketing in the post. We have a legitimate business interest to send you information about our products and offers in the post as we know that many of our customers like to browse through brochures or offers prior to placing an order with us. However, should you wish to exercise your right to stop personalised postal marketing activity, you can do this at any time - see Your Options and Choices.

> Social Media

We will use your email address to send you online targeted marketing information about our product offers and promotions via social media. To do this, we will share your email address in a secure manner with Facebook who will match to your Facebook profile. We have a legitimate business interest to send you product information via social media which we believe is of relevance to you; this is known as Interest-Based Advertising. However, should you wish to exercise your right to stop targeted social media marketing, you can do this at any time, please see Your Options and Choices.

Your options and choices

We want you to have control over your information. You can withdraw or modify your marketing preferences for email, social and direct marketing at any time.

Email marketing:

If you receive our marketing emails but no longer wish to, please click on the "unsubscribe" link in any marketing email, which you may have received from us.

If you have a registered account with us, you can update and change your marketing preferences at any time by going to the My Account section of the Figleaves website. Alternatively, simply contact our Customer Service team to change any of your marketing preferences.

Please note that it may take up to 72 hours for all our systems to process and update your emails marketing preference changes.

Direct Mail or Social Media Marketing:

You can exercise your right to object to Direct Mail or Social Media marketing at any time by:

If you have a registered account with us, you can update and change your marketing preferences at any time by going to the My Account section of the Figleaves website. Alternatively, simply contact our Customer Service team to change any of your marketing preferences.

Please allow 72 hours for your changes to be processed for social media. You may still receive direct marketing materials that are already processed before we received your request for up to 2 months.

Using Your Personal Data to Improve Your Online Shopping Experience

We collect & use demographic information to make sure that we only contact you with content that you will find relevant and interesting. We do this by using online behavioural advertising (or Interest Based Advertising (see below)). In order for this to work we collect information about your browsing activity using Cookies. These Cookies pass your Figleaves.com browsing history back to us which then allows us to determine what content is most useful and relevant to be shown to you. The information that we collect and use for behavioural advertising is not personal information and it cannot be used to identify you, for example it will not contain your name, home address or phone number.

We have a legitimate business interest to use the aggregated and anonymised data obtained via Cookies and other data sources to help us provide you with relevant product marketing and improve your online shopping experience.

Profiling

Profiling is a term used to describe a form of data processing where significant volumes of data made up of lots of different data types – such as browser history from Cookies, age, gender, size, transaction history, demographics and buying habits – are all used in an aggregated, anonymised and non-personalised form to evaluate and predict, based on statistical analysis, what you may or may not want to purchase from us by assigning you to a profile type. We use this technique to understand what drives you to buy from us; the types of products you are most likely to be interested in and the medium by which we should contact you whether that be by email, direct mail or social media.

Interest Based Advertising

The data that we collect and use when you browse or shop online, including where we use Cookies, uses your IP address as the unique identifier; however, it will not contain your name, home address or phone number. We may also use your email address to send you online targeted marketing information but we always use hashed email addresses to keep your data secure. The email addresses are scrambled before being utilised to ensure nobody else can gain access to your email address. This enables us to offer our customers the best possible online user experience and equally allows us to improve the relevancy of our advertising. This allows us to provide you with more of the content you want to see.

Using Your Personal Data to Open and Operate Your Account

When you register to open an account with us, we will hold your personal data, which you have provided to us. We will also use your personal data to administer and to operate your account with us as set out below. We will collect and use the contact details that you provide to us to communicate with you about your account and in relation to the products and services we provide to you.

We will hold your personal data for 6 years, plus the current financial year, after the date of your last transaction on your account.

Processing Card Payments

When you make a payment to purchase products from us, we will use your personal data and card information to process the order. This involves sending your personal data to our card payment and banking providers to ensure that you have sufficient funds to cover the value of the transaction. Without this data, we are unable to fulfil your order.

We process all card payments in line with our obligations under the PCI-DSS regulations. Whenever you provide your card details to us either online or over the phone, we will encrypt the payment details before sending them on to our card payment and banking provider. If you pay over the phone, we will mask any card data that you provide so that this is not visible to our customer advisors as well as stopping card data from being recorded in our Call Recordings. This is regularly monitored for quality assurance as part of our PCI-DSS obligations.

Processing Cheque Payments

Where you pay by cheque, we will also store the cheque details including account number and sort code which are required to deal with any queries raised to us by your bank.

Processing PayPal Payments

PayPal is a fast and convenient way of transacting online without the need to input payment details. We share your name, email, shipping address and basket details securely with PayPal to process your order. With regards to your personal data used in PayPal transactions, both PayPal and Figleaves are each respectively a data controller. This means that we each, independently maintain privacy policies, notices and procedures governing our use of your personal data.

Delivering Your Goods

We will use your personal contact details such as name, postal address, phone number and email address that you provide to us in respect of delivering products or services to you. We will share this information with our suppliers who directly despatch orders to you or our delivery partners who may contact you to arrange a convenient delivery time and provide you with updates as to when they will arrive.

Processing Returns and Refunds

We use your customer account and contact details to verify any returns and refunds that we process either by card or via your credit account. We process all card payments in line with our obligations under the PCI-DSS regulations and will encrypt the payment details before sending them on to our card payment and banking provider.

Call Recordings

We record all calls into our contact centre for quality assurance, regulatory compliance and training purposes. We retain all call recordings for a period of 12 months.

Enquiries and Complaints

If you have any complaints, please contact our Customer Service team so we can deal with your complaint as quickly as possible. We will need to access your personal data and account history to verify your identity for security reasons and deal with the details of your complaint. Details of any complaints received will be logged and recorded so they can be dealt with accordingly.

General Service Communications

We will use your personal data for all general service communications including sending your statements, processing orders, notifying you of orders received, updating you on deliveries, despatched or products out of stock. We need to do this for the performance of the contract and terms and conditions that you have signed.

Using Your Personal Data to Improve Our Services

As a valued Figleaves customer, we will occasionally use your personal data to contact you by phone, letter or email to ask you to participate in one of our customer satisfaction surveys. We have a legitimate business interest in contacting our customers in this way but should you not wish to participate, you can simply decline to participate at the point of contact or, should you wish never to be contacted by one of our research companies, you can tell us at any time by contacting our Customer Service team.

Product Reviews

Whenever you make a purchase from us, we will send you an email asking you to provide a review of the product and tell us what you think. If you choose to do so, you will be asked to enter your email address and thoughts about the product. You will also be asked to agree to separate terms and conditions as we use a third party to process and analyse the data for us. We will use your email address to confirm that we have received your product review. We are really keen to hear what you think about our products and use the information to inform future product ranges.

Trustpilot

We use a tool called Trustpilot to communicate with our customers to obtain feedback about our services. We will send you an email containing a short survey. This information is only used by us to improve our service offering and deal with any enquiries and complaints that you raise via Trustpilot. Should you not wish to participate, you can choose not to respond.

Social Media

We actively use social media platforms as a way of connecting, and getting closer, to our customers to hear and understand what our customers think about us, our products and service. Occasionally, we may contact you directly via those social media platforms if we would like to share your comments or pictures with other customers or publish them in our marketing materials. We will always ask you if you are happy for us to use your data in this way and will keep your email data confidential and secure.

Surveys

From time to time, we will contact you to take part in a customer satisfaction survey. We may sometimes follow up on surveys with you to get more information from you regarding specific complaints or feedback. You can choose not to participate in such surveys should you not wish for your personal data to be shared in this way by ringing the contact our Customer Service team.

How long will we keep your information?

We will retain the personal data you have shared with us no longer than is necessary to fulfil the purposes we collected it for, including satisfying any legal, accounting or reporting requirements.

Different retention periods apply for different types of data dependent up on your last purchase date with us or, if you haven’t purchased, the date we first received your data. The longest we will hold any personal data is 6 years plus the current financial year. Details of retention periods for personal data are available in our retention policy which you can request by contacting us.

In some circumstances, we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this aggregated and anonymised information indefinitely without further notice to you.

Using Your Personal Data to Process Insurance Claims

In the event that you need to make a claim against us, whether that be a product issue or personal injury claim, we will use your personal data and any supporting evidence that you provide to us to process your claim, including sharing this with our chosen insurance companies. From time to time where a claim is outside of our insurance policy, we may also need to engage with external lawyers and share your personal data with them.

Unless required by law or for the purpose of legal proceedings, we will hold your personal data for 6 years, plus the current financial year, after the date of your last transaction on your account with us.

Sharing Your Personal Data with Third Party Processors & Partners

As part of delivering our products and services to you, we will share your personal data with carefully chosen Third Party Processors and Partners who carry out a number of services on our behalf. Should you wish to obtain a list of our latest Third Party Processors and Partners, you can request this at any time by contacting our Customer Service team.

Any third party that communicates with you on our behalf must only do so for the purpose of carrying out the services and not for the purpose of direct marketing their own products and services. If you have any concerns about any of our third party processors and partners, please contact our Customer Service team.

Processing Your Personal Data Outside of the EU

We will occasionally transfer your personal data outside of the European Economic Area (the EEA) to prevent fraud. Please also see Sharing Your Personal Data with Third Party Processors & Partners. In some cases, countries outside the EEA may not have such well-developed data protection laws as those in the EEA. However, we will put in place measures and safeguards that require your personal data to be kept secure, confidential and to be processed only and strictly in line with the terms of this Privacy Policy and any relevant data protection laws.

Acting as a Data Processor for Our Marketplace Partners

We will sometimes act as a data processor for other companies including (but not limited to) Amazon, eBay, Next & ASOS. These companies pass your personal data – name, address, telephone number and unique identifier - to us for the sole purpose of fulfilling and managing your order on their behalf. We may occasionally contact you in respect of your order using this data. When placing an order with these companies, you will be agreeing to their terms and conditions and their privacy policy. Please contact the relevant company should you have any questions, comments or complaints about how your data is used.

How do we protect your information?

All Figleaves purchases take place in a safe environment using the latest security technology to protect our customers. We encrypt your credit card information to ensure your transactions with us are private and protected. We accept orders only from web browsers that permit communication through Secure Socket Layer (SSL) technology. Your payment details are encrypted until we process your order. This encryption makes it virtually impossible for unauthorised parties to read any information that you send us.

As part of our policy to protect against the fraudulent use of credit cards, we carry out security checks on orders. These can take various forms, and may involve contacting you by telephone before your order is processed.

What we don’t do with your information

We will use your personal data for the purposes for which they were initially requested and as fully explained in this Privacy Policy and we will not share your personal data with third party companies for the purpose of them marketing their products and services to you.

Your Personal Data Rights

Right of Access

You may wish to access a copy of the personal data we hold about you - known as a Subject Access Request. You can do so by ringing, writing to or emailing our Customer Service team. We will respond to your Subject Access Request as soon as possible and, in any event, within the statutory 30 days. However, in the event that we need more information from you to verify your identity, which we must do to ensure we disclose your personal data to the right person, the 30 day response period will only commence from the time that we have validated your identity.

Please be aware that for security reasons we do not usually provide details of any bank details that we hold against your account(s). Please speak to our Customer Service team should you need this additional information.

Right of Rectification

If you believe we have made an error as to the personal data we hold about you, please speak to Customer Service team who will be able to process the correction for you. Alternatively if you are a registered user, you can visit My Account to update your contact details online. Should you wish to discuss this matter further, please contact our Customer Service team.

Right of Erasure

You have the right to request your personal data to be permanently deleted from our records and systems to avoid any further communication with you. Your request will always be considered in light of the legal bases that we hold, store and process your personal data and the purpose that we collected your data. Where the legal bases permits, we will carry out your instruction without undue delay. Please note, however, that where we have a legal or contractual obligation to hold your personal data, we may not be able to carry out your request but we will explain this fully to you. Please address any request to delete your data to the Customer Service team.

Right to Restrict Processing

Should you believe that we are processing your personal data in a way that you did not understand or agree to and wish to restrict such processing, please speak to the Customer Service team.

Right to Portability

In the event that you wish to move your personal data that we hold on you to another organisation in the form of an excel or csv format, please contact the Customer Service team who will be able to assist you.

Right to be Informed

You have the right to be informed about the collection and use of your personal data. This is commonly known as a ‘privacy statement’ or ‘privacy policy’. Our Privacy Policy is regularly reviewed in line with our business processes. You can ask for a printed copy of our Privacy Policy by contacting the Customer Service team.

Right to Complain to the Information Commissioner’s Office (ICO)

You have a right to lodge a complaint with the Information Commissioner’s Officer (ICO) if you have a complaint with how you believe your personal data has been handled. For more information, please visit https://ico.org.uk/concerns

Contacting us

If you have any questions, concerns or comments about this privacy notice or our use of your personal information please contact privacy@figleaves.com or write to:

Data Governance Team
JD Williams and Company Limited T/A Figleaves
29 Broadwater Road
Welwyn Garden City
Hertfordshire
AL7 3BQ
Tel: 0345 401 2014

If you are at all dissatisfied with the information provided by the Data Governance team at Figleaves, please address any complaints to the Data Protection Officer at the same address.