2.4 Personal Data that we collect from Third Parties
We may collect personal data from third party databases (for example for our fraud checks) or from other companies. This personal data helps us to manage our relationship with you as a customer for instance it helps us to manage your loyalty account and the loyalty programme benefits and related administrative requirements; review and improve the accuracy of the personal data we hold; and to ensure the effectiveness of marketing communications.
We work with third parties in relation to the provision of services to you (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies) and may receive information about you from them.
2.5 Personal Data of Children
Although visitors of all ages may navigate through our websites and services, we do not intentionally collect Personal Data from those under the age of 16, unless we are making it clear that this is what we are doing. We will always seek permission from relevant guardian. We store any data received for the specific purpose and will not further process or include for communications or marketing.
All Personal Data will be processed fairly and in keeping with the purposes for which it was obtained.
We will only process your Personal Data where we have a lawful purpose to do so, for example:
3.2 Main purposes for which we process your personal data
The below table includes the main purposes for which we process your personal data as well as the appropriate lawful basis. We may process your personal data for more than one lawful basis depending on the specific purpose for which we are using your data.
|Purpose(s) for Processing||Legal Basis for Processing|
3.3 Banner messages and personalised adverts on other websites
We, and/or 3rd parties we engage on our behalf, may also target banners and ads to you when you are on other websites, apps and social media. We do this using a range of advertising technologies such as ad tags, cookies, and mobile identifiers, as well as specific services offered by some sites and social networks, such as Facebook, Twitter, Google, Microsoft, and Pinterest.
These will be based on information we hold, or your previous use of our services (for example, your search history, and the content you read on our sites) or on banners or ads you have previously clicked on. We do this to serve you ads that we believe you will be most interested in and prevent you from seeing ads that are unlikely to be of interest to you, or for products that aren’t available in your area.
If you don't want to see these ads, then you can either disable cookies in your browser, or reject cookies from our site. Please see our Cookies Policy for further details.
3.4 Automated decision-making
We, and/or 3rd parties we engage on our behalf, may make some decisions about you using your Personal Data which is based on profiling without our staff intervention (known as automated decision making).
You have the right not to be subject to a decision based solely on automated decision making which produces a legal or other similarly significant effect. However, this will not apply if the decision is necessary for a contract, authorised by law, or has your express consent.
In most cases, we use automated decision making in order for you to enter into a contract with us (such as automatic fraud screening), or in ways which won’t have a significant effect on you as an individual (such as our general analysis of data to gain insights into behaviours and characteristics of our customers).
You can request a manual review of the accuracy of an automated decision if you are unhappy with it. Please see the Contact Us section below for details.
We will store your Personal Data only for as long as necessary for the purpose(s) for which it was obtained. The criteria used to determine our retention periods include:
Please see the Contact Us section below if you wish to obtain further information concerning our retention periods.
From time to time, we may share information relating to you with third parties in order to provide the Services. This may include the disclosure of information to third party social media companies, in the following manner:
In order to:
We may associate any category of information with any other category of information and will treat the combined information as Personal Data (and/or Your Information, as appropriate) in accordance with this Policy for as long as it is combined.
We will not sell your personal data to any third party.
We may transfer and/or store Personal Data related to you to a destination outside the European Economic Area (“EEA”) from time to time. In this context, this Personal Data may also be processed by staff operating outside the EEA who work for us or for one of our suppliers.
Any transfer of Personal Data relating to you to a location outside the EEA is made in accordance with data protection law. Specifically, such transfers to locations that are not in receipt of an adequacy decision are only ever made lawfully by way of the European Commission’s Model Contractual Clauses. More information and a copy of the Model Contractual Clauses are available on the European Commission’s website.
We work with certain third parties to provide goods and services, such as eShops, Digital Advertising. These companies may, from time to time, collect Personal Data directly from you to use their services, or for their own marketing and tracking purposes and they may collect this from Personal Data you provided on our websites.
Our websites may, from time to time, contain links to and from other websites. If you follow a link to any of those websites, please note that those websites have their own privacy policies and we do not accept any responsibility or liability for those policies. Please check those policies before you submit any Personal Data to those websites.
You have several rights in relation to your Personal Data under the General Data Protection Regulation (GDPR), the Irish Data Protection Act 2018 and the UK Data Protection Act 2018 which may be subject to certain limitations and restrictions.
You have the right to request access to and rectification or erasure of your Personal Data, data portability, restriction of processing of your Personal Data, the right to object to processing of your Personal Data where processing is based on consent or our legitimate interests, and the right to lodge a complaint with a supervisory authority. For more information about these rights, please visit the European Commission’s “My Rights” page relating to GDPR, which can be displayed in a number of languages. If you reside outside of the European Union, you may have similar rights under your local laws.
We will respond to any valid requests within one month, unless it is particularly complicated or you have made repeated requests in which case we will inform you of any such extension, together with the reasons for the delay. You will not be charged a fee to exercise any of your rights unless your request is clearly unfounded, repetitive or excessive, in which case we will charge a reasonable fee in the circumstances or refuse to act on the request.
Please be aware that we may need to verify your identity before providing any Personal Data to you. We may need to do this to protect your data. We may also ask you to provide us some additional voluntary information to help us process your request more efficiently.
If you wish to exercise any of these rights, please contact us.
We are committed to protecting the security of your Personal Data. We use a variety of security technologies and procedures to help protect your Personal Data from unauthorised access and use. As effective as modern security practices are, no physical or electronic security system is entirely secure. We cannot guarantee the complete security of our database, nor can we guarantee that information you supply will not be intercepted while being transmitted to us over the Internet. We have implemented strict internal guidelines to ensure that your privacy is safeguarded at every level of our organisation. We will continue to revise policies and implement additional security features as new technologies become available. Where we have given you a password which enables you to access certain parts of our systems or sites, you are responsible for keeping that password confidential. We’ll never ask for your secure personal or account data by an unsolicited means of communication. You are responsible for keeping your personal and account data secure and not sharing it with others.
Although we will do our best to protect your Personal Data, we cannot guarantee the security of your Personal Data transmitted to our website. Any transmission of Personal Data is at your own risk. Once we receive your Personal Data, we use appropriate security measures to seek to prevent unauthorised access or disclosure.
Questions, comments and requests regarding this Policy are welcomed and should be addressed to our Data Protection Team at Le Bon Marché Ltd , Unit 136 The Square, Tallaght, Dublin D24 WP82 or by email to: firstname.lastname@example.org.
Last Updated: 11/02/2021