Rohan Privacy Policy

This is the privacy policy for Rohan Designs Limited (“Privacy Policy”). It explains who we are and how and why we collect, store, use and share your personal data if you:

browse our website (www.rohan.co.uk);
use the services available through our website, for example if you place an order, create an account, sign up to receive our marketing communications or enter any of our competitions;
shop in a Rohan retail store; or
send us feedback or interact with us in connection with any of the above.

From time to time, we may also receive personal data about you from certain third party sources. This Privacy Policy also explains what those sources are and how we use this information.

We take your privacy very seriously and will always treat your personal data with the utmost respect. We also want to ensure that you are properly informed about how your personal data is used by us and what your privacy rights are, which is why we provide this Privacy Policy. Please review it carefully.

Please select from the different sections of this Privacy Policy below to find out more:

You have the right to object to us processing your personal data on the basis of our legitimate interests or for direct marketing purposes (including any related profiling we do to help ensure that our marketing is relevant to your interests). For more information about your right to object and how you can exercise it, see the section Your privacy rights.

1. About us

We are Rohan Designs Limited, a private limited company incorporated in (and subject to the laws of) England and Wales with registration number 01567549 (referred to in this Privacy Policy as "we", "us" or "our"). Our registered address is Buckingham House, West Street, Newbury, Berkshire RG14 1BD, UK.

We are the “data controller” of your personal data, which means that we determine the purposes and the means of use of the personal data we collect about you for the purposes of applicable data protection law (which includes the General Data Protection Regulation 2016 or “GDPR”).

2. What personal data we collect

Personal data is any information which identifies you personally whether directly (for example, your name) or indirectly (for example, information about your use of our website, products and services).

We collect the following personal data about you:

Basic contact details: We ask you to provide us with your name, title, postal address, email address and telephone number if you purchase any products on our website. We may also collect some or all of these basic contact details if you create an account on our website, sign up to receive our marketing communications (whether in store or on our website), enter any of our competitions, complete a survey or send us feedback, or contact or correspond with us;
Payment details: We ask you to provide us with your shipping address and billing address if you purchase any products on our website. We also ask you to provide your payment card details – this information is processed by our third party payments service provider and not retained by us;
Purchase details: We keep a record of your purchase history (including the date, time and value of each purchase and, if you choose to make a purchase for delivery to one of our Rohan retail stores, the store from which you collect your purchase);
Account login details: If you decide to create an account on our website, we keep a record of your account login details (such as your username) in case you need reminding of these in the future;
Information you provide through correspondence, feedback and competitions: We collect any additional personal data that you may provide to us from time to time if you contact us by email, letter or telephone, through our website or a social media platform or by any other means. In addition, we collect any additional personal data that you may provide to us if you send us feedback or enter any of our competitions;
Information about how you use our website and services: Each time you visit our website, where you have consented to cookies, we or our service providers automatically collect technical information about the device you have used to access our website (including the make, model and operating system, IP address, browser type and mobile device identifiers) and information about your user preferences and browsing habits (such as items or links clicked on, web pages viewed, any web page download errors, products you have added to your shopping basket and other customised features). In addition, if you receive emails from us, we or our service providers may automatically collect technical information about how you have interacted with those emails, including whether you have opened them or clicked through any links within them. Please see our Cookie Policy to find out more about what cookies and other similar technologies we use, and how to decline or disable them;
Information you provide when using our store finder: We collect your postcode or use basic location technology to assist you in locating our stores. This data is not retained by us.
Information provided by our third party partner stores: You can sign up to receive our marketing communications through some of our third party partner stores in the UK. If you do this, those third parties will share with us the contact details they have collected from you, as well as details of the Rohan products you have purchased at their store, so that we can send you information about similar products and services we offer; and
Information provided by our third party analytics providers: We may combine information you have provided to us with additional information shared with us by our third party analytics providers, where we both have a lawful basis to do so. This includes information we receive from Experian Ltd, who we engage from time to time to check whether your information is still valid.

We use the data described above for the purposes set out in the How we use your personal data section below.

3. How we use your personal data

We use your personal data for the following purposes:

To process your orders and returns

We use your personal data to process any orders and returns you make in accordance with our terms and conditions.

To manage and administer your account

If you create an account with us, we use your personal data to identify you as a new or returning customer, and to manage and administer your account. This includes keeping a record of your account login details (such as your username) in case you need reminding of these in the future.

To communicate with you about your orders and the services we provide to you

We use the contact details you have provided to us so that we can communicate with you about the products you have purchased from us (for example, to confirm that you have successfully placed an order or to let you know when your order has been dispatched) and to notify you of changes to any of our services or to the terms of any contracts between us or to any related information (such as changes to this Privacy Policy).

To deliver direct marketing (involving profiling to tailor our communications to your interests)

Our marketing communications

Where you have given your consent or where we have a justifiable reason for doing so (and are permitted to do so by law – see further below), we will use your contact details to send you marketing communications by email and post about Rohan products, services, special offers, promotions, competitions and events that we think may be of interest to you.

You can unsubscribe or opt out of receiving our marketing communications at any time by:

getting in touch with us using the contact details set out in the section How you can contact us below;
using the “Unsubscribe” link in our emails; or
updating your marketing preferences in your account with us (if you have chosen to create one).

If we collect your contact details in the course of you purchasing any products from us, provided you have not opted out, we are permitted by law to send you emails about similar products and services we offer. We may also send you post. We will always give you the option to opt out of receiving this information from us at the time we collect your contact details. Even if you don’t opt out at that stage, you can always choose to opt out at a later stage by following the steps above.

Our use of profiling to send tailored marketing communications

We want to ensure that the marketing communications we send to you are relevant to your interests. Consequently, we undertake analysis and profiling of the information you provide to us as well as your purchase history and other information we collect about how you use our website and services. This information helps us build a profile of you, meaning that if you sign up to receive marketing communications from us, you are more likely to receive information about Rohan products, services, special offers, promotions, competitions and events that we think are more relevant to you and your interests. It also means that we don’t send the same marketing communications to all of our customers, so you may not receive the same offers as another customer.

The legal ground for us using profiling to tailor our marketing communications to your interests is that it is in our legitimate interests to do so, having taken into account whether your interests and fundamental rights and freedoms are overridden by this type of processing. See Legal grounds for using your personal data for more information about our legitimate interests. If you don’t agree with us using profiling for this purpose, you can let us know (see How you can contact us). If you do object, we won't be able to continue to send you tailored marketing communications, which means you will receive less information from us and the information you receive from us may not be as relevant to you.

Email interaction technology

If you receive emails from us, we or our marketing service provider may automatically collect technical information about how you have interacted with those emails, including whether you have opened them or clicked through any links within them. This helps us understand how an email campaign performed, what types of emails and content our customers find interesting, and what actions our customers took, so we can improve our email campaigns in the future and make our emails more relevant to you. Please see our Cookie Policy to find out more about this, including how to turn this functionality off.

To manage, administer and improve our website and deliver relevant online advertising

We also use the information we collect about you based on your use of our website and services to:

manage and administer our website and for internal operations, including for troubleshooting, data analysis, testing and statistical purposes;
improve the products and services we offer you through our website;
help ensure that you get the best from our website by making it as easy and intuitive as possible for you to use;
help keep our website safe and secure;
make suggestions and recommendations to you and other users of our website about products or services that may interest you or them; and
measure and understand the effectiveness of our advertising campaigns, and deliver relevant advertising to you.

Please see our Cookie Policy to find out more about how we use cookies and other similar technologies in this context, and how to decline or disable them.

To provide and improve customer support

We use your personal data to be able to provide and improve the customer support we provide to you (for example, where you have questions about our products and services or to assist you in locating our stores).

To run our competitions

If you choose to enter a competition that we run, we need to use your contact details and any other personal data that you provide at the time of entry so that we can manage the competition and let you know if you've won! If we ask for any other personal data as part of the competition, we will let you know at the time of entry exactly how we will use it.

To respond to communications or enquiries from you, and address complaints and disputes

We use the personal data we hold about you to help us respond to any enquiries or complaints you have made, or address any dispute which may arise in the course of us providing our products and services to you.

Please note that if you contact us through a social media platform, please see the privacy statements of the social media platforms you use for details of how they use your personal data, who they share it with and how you can manage your privacy settings with them.

To conduct market research

We may invite you to be involved in market research. If you accept our invitation, we will use your feedback to improve our website and the products and services available through it. If you tell us that you don't want to be contacted for this purpose, or you don't accept our invitation, we will respect this choice and it won't affect your ability to access and use our website or interact with us in other ways.

To provide other services requested by you from time to time

We process your personal data to provide any other services requested by you from time to time, as described at the time we collect the data.

To maintain our records and improve data accuracy

We process personal data in the course of maintaining and administering our internal records. This includes processing your personal data to ensure that the information we hold about you is kept up to date and accurate. To help us achieve this, from time to time we may allow a third party analytics provider, Experian Ltd, to access certain records we hold about you (for example, your contact details) to check whether the information is still valid.

To conduct business analytics and reporting

We may aggregate the data we hold about you on an anonymous basis with other data for analytical and reporting purposes.

To comply with our legal obligations and to detect, prevent and investigate other actual or suspected violations of law or misuse of our website

In certain circumstances, we use your personal data only to the extent required in order to enable us to comply with our legal obligations, including to detect, prevent and investigate fraud or to facilitate the exercise of your consumer rights. In addition, we may need to use your personal data to detect, prevent and investigate any other actual or suspected violations of law or misuse of our website.

4. Legal grounds for using your personal data

Applicable data protection law requires us to only process your personal data if we satisfy one or more legal grounds. These are set out in law and we rely on a number of different grounds for the processing we carry out, depending on the purposes of the processing. These are as follows:

Necessary for the performance of a contract and to comply with our legal obligations

Much of the personal data we collect about you is necessary for the performance of certain contracts between us. This includes most of the information you provide to us when completing transactions with us, creating an account on our website, or entering any competitions that we run from time to time, in order that we can comply with our terms and conditions for the use of our website, for the sale of our products and for the operation of any competitions.

In certain circumstances, we also use your personal data only to the extent required in order to enable us to comply with our legal obligations, including to detect, prevent and investigate fraud or to facilitate the exercise of your consumer rights.

Necessary for the purposes of our legitimate interests

It is sometimes necessary to collect and use your personal data for the purposes of our legitimate interests as a business, which are to:

provide our customers with products and services that are as useful and beneficial as possible, including by personalising our contact with customers and telling customers about special offers and promotions that we think might be relevant to our customers and their interests;
informing customers who purchase any products from us of similar products and services we offer (provided they have not opted out of this);
develop and improve our website to enhance the customer experience;
safeguard the security and effective operation of our website;
better understand our customer base by engaging with customers and conducting research into, and analysis of, how customers interact with us and use our website and the services available through it so that we can improve those services as well as our product selection, marketing activities and communications (all of which could also benefit you); and
ensure effective operational management and internal administration of our business, including in relation to document retention, compliance with regulatory guidance and exercise or defence of legal claims.

To help us achieve these outcomes, we profile your personal data, including by combining the data we collect about how you use our website and services with other information we hold about you.

Please note that where we wish to rely on this legal ground, we are required by law to conduct balancing tests to determine whether our legitimate interests are overridden by your interests or your fundamental rights and freedoms. We may continue to process your personal data on the basis of our legitimate interests only if we determine that your interests, rights and freedoms are not overridden by our legitimate interests.

We have considered these matters and where we think there is a risk that your interests or fundamental rights and freedoms may be affected we will not process your personal data unless there is another legal ground for us to do so (either that we have obtained your consent to the processing or it is necessary for us to perform our contract with you or to comply with our legal obligations).

Please contact us if you would like further information regarding our balancing tests (see How you can contact us).

Consent

In certain limited circumstances, we also process your personal data after obtaining your consent to do so for the purposes of:

sending you marketing communications about Rohan products, services, special offers, promotions, competitions and events (unless we have a justifiable reason for sending you marketing communications without your consent, and are permitted to do so by law, as explained in the section How we use your personal data above); and
collecting market research data.
assisting you to find your nearest Rohan stores

You don’t have to provide your consent, and can withdraw it at any time.

5. Who we disclose your personal data to

We may from time to time need to disclose your personal data to third parties in order to provide you with our services and ensure the effective operation of our website and Rohan retail stores. The providers of such services are granted access to certain personal data to the extent necessary for them to perform the services that we request. Any personal data that is processed by third parties must be processed in accordance with applicable data protection law and subject to contractual obligations, including regarding security and confidentiality. The third parties are:

First Mailing Ltd, which sends out postal marketing on our behalf;
Ballard Communications, Inc., which also sends out postal marketing on our behalf, specifically to our customers in the United States;
Emarsys Ltd, a marketing service provider, which assists us with our marketing activities, including sending you email marketing on our behalf;
More2 Ltd and Sub2 Technologies, which assist us with our marketing and advertising activities, including by helping us analyse and profile our customer database to determine how we can improve the effectiveness of our marketing and advertising campaigns;
Google to assist you in finding your nearest Rohan stores
Experian Ltd, which provides us with analytics services. In particular, to help us ensure that the information we hold about you is kept up to date and accurate, from time to time we may allow this third party to access certain records we hold about you (for example, your contact details) to check whether the information is still valid;
Epsilon Abacus (registered as Epsilon International UK Ltd), a company that manages the Abacus Alliance on behalf of UK retailers. The participating retailers are active in the clothing, collectables, food & wine, gardening, gadgets & entertainment, health & beauty, household goods, and home interiors categories. They share information on what their customers buy. Epsilon Abacus analyses this pooled information to help the retailers understand consumers’ wider buying patterns. From this information, retailers can tailor their communications, sending people suitable offers that should be of interest to them, based on what they like to buy.
review sites, which send out review requests on our behalf and
organisations which help us deliver our products to you, including payment service providers and courier companies.
We may also disclose your personal data:
if we buy or sell any businesses or assets, to the buyer or seller (or prospective buyer or seller) and/or their advisers; and
if we are under a duty to disclose or share your personal data in order to comply with (and/or where we believe we are under a duty to comply with) any legal obligation, or in order to protect the rights, property or safety of our business, our customers or others. This includes, in specific cases, sharing information with law enforcement or regulatory agencies, or authorised third parties, in response to a verified request relating to a criminal investigation or actual or suspected violation of law, misuse of our website or breach of contract that may expose us and/or any customer or third party to legal risks or liability.

Additionally, where you have consented to cookies:

we allow third parties such as Google to set Google Analytics cookies on your device to assist us with the improvement and optimisation of our website. Google Analytics cookies collect information such as items clicked on, web pages viewed and any web pages where users are encountering download error messages from time to time; and
we allow third parties who help us carry out our advertising activities (Google, Facebook and Sub2 Technologies) to set their cookies on your device in order to show you relevant online advertising. These third parties collect information about you (such as the web pages you’ve viewed, products you’ve put in your shopping basket and the links you’ve clicked through) in order to select and serve relevant adverts to you.

Please see our Cookie Policy to find out more about how we use cookies and other similar technologies (including links to further information provided by third parties about their practices), and how to decline or disable them.

6. International transfers of personal data

The personal data we collect about you is stored by us on secure servers located within the European Economic Area (“EEA”) and processed by us in the UK.

In some limited cases, your personal data may, for the purposes set out in this Privacy Policy, be accessed, transferred or processed outside the EEA by or to our third party service providers. The countries concerned may not have laws which protect your personal data to the same extent as in the EEA. We are required by applicable data protection law to ensure that where we or our third party service providers access, transfer or process your personal data outside the EEA, it is treated securely and is protected.

We do this by ensuring that at least one of the following safeguards is implemented:

EU-US Privacy Shield: We use certain service providers, which are based in the United States or otherwise process your personal data in the United States (Google and Facebook). Pursuant to GDPR Article 45, your personal data is transferred by these service providers to the United States on the basis of their self-certification under the Privacy Shield framework, which requires them to provide similar protection to personal data shared between the European Union and United States. For further details, see European Commission: EU-US Privacy Shield.
Standard data protection clauses adopted by the EU Commission: Pursuant to GDPR Article 46(2), where required we use specific contracts approved by the European Commission, which give personal data the same protection it has within the EEA. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.

Please contact us if you would like more information about the countries to which your personal data is transferred and the specific safeguards that are used to protect your personal data when it is transferred outside the EEA (see How you can contact us).

7. How long we keep your personal data for

We retain your personal data for no longer than is necessary for the purpose(s) for which it was collected. What this means in practice will vary between different types of data. When determining the relevant retention periods, we take into account factors including:

legal obligation(s) under applicable law to retain data for a certain period of time;
statute of limitations under applicable law;
the warranty period for any products you have purchased from us;
potential or actual disputes; and
guidelines issued by relevant data protection authorities.

Otherwise, we securely erase your personal data from our systems when it is no longer needed.

8. Your privacy rights

The table in this section below explains what rights you have with regard to your personal data. These rights are not absolute and are subject to certain exceptions and qualifications.

For more information about your rights or if you would like to exercise any of your rights, you are welcome to contact us using the contact details set out below under How you can contact us.

Please note that if you ask us to stop using your personal data in a certain way or erase your personal data, and this type of use or personal data is required by us in order to facilitate your use of our website or services in any way, you may not be able to use our website or services as you did before. This does not include your right to withdraw your consent to receiving marketing communications from us, which you can do so at any time without restriction.

Privacy rights	What does this mean?
1. Right to be informed	You have the right to be provided with clear, transparent and easily understandable information about how we use your personal data and your rights. This is why we provide you with the information in this Privacy Policy.
2. Right of access	You have the right to receive confirmation from us that your personal data is being processed, and where that is the case, obtain access to the personal data that we hold about you and certain other information (similar to that provided in this Privacy Policy).
3. Right to rectification	You have the right to require us to rectify any personal data that we hold about you if it is inaccurate or incomplete. Please contact us if you believe that any personal data we hold about you is inaccurate or incomplete. If you have an account with us, you can also view and update your basic contact details and marketing preferences at any time by logging into your account on our website.
4. Right to erasure	This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the erasure of the personal data that we hold about you where: the personal data is no longer necessary for the purpose it was originally collected/processed; you withdraw your consent (where consent was previously provided and required for us to process the data); you object to the processing, as long as there are no overriding legitimate grounds for us to continue the processing; we’ve been processing your personal data unlawfully, or your personal data has to be erased in order to comply with a legal obligation. This is not a general right to erasure; there are exceptions. For example, we have the right to continue using your personal data if such use is necessary for compliance with our legal obligations or for the establishment, exercise or defence of legal claims.
5. Right to restrict processing	You have the right to restrict further processing of your personal data where: you consider the personal data we hold to be inaccurate, in which case we have to restrict any processing while we verify the accuracy of your personal data; the processing we are carrying out is unlawful and you request us to restrict processing, rather than erasing your personal data; we no longer need the personal data, but you need it to establish, exercise or defend a legal claim; or we are considering our legitimate interests for processing your personal data to which you have objected. this is personal data you provided to us (i.e. not any other information); we are processing such data on the basis of your consent or to perform a contract with you; and the processing is carried out by automated means.
7. Right to object to processing	You have the right to object to processing in the following circumstances: where the processing of your personal data is based on our legitimate interests. However, If we can show compelling legitimate grounds for processing your personal data which override your interests, rights and freedoms, or we need your personal data to establish, exercise or defend legal claims, we can continue to process it. Processing of your personal data will be restricted while we make this assessment. Otherwise, we must stop using the relevant personal data; or where your personal data is processed for direct marketing purposes (including profiling related to such direct marketing).
8. Right to withdraw consent to processing	If you have given your consent to us to process your personal data for a particular purpose (for example, to send you marketing communications), you have the right to withdraw your consent at any time (although if you do so, it does not mean that any processing of your personal data up to that point is unlawful).
9. Right to make a complaint to the data protection authority	You have the right to make a complaint to the Information Commissioner’s Office (ICO) if you are unhappy with how we have handled your personal data or believe our processing of your personal data does not comply with applicable data protection law. The contact details of the ICO are set out below under .

9. How you can contact us

If you would like to exercise your privacy rights or if you are unhappy with how we have handled your personal data, please contact us by:

emailing: post@rohan.co.uk;
writing to: Rohan Designs Limited, 30 Maryland Road, Tongwell, Milton Keynes MK15 8HN, UK; or
calling: 0800 840 1411 or +441908 517901 if calling from outside the UK.

If you’re not satisfied with our response to any enquiry or complaint or believe our use of your personal data does not comply with applicable data protection law, you can make a complaint to the Information Commissioner’s Office (ICO) by:

writing to: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF;
calling: 0303 123 1113; or
submitting a message through the ICO’s website at: www.ico.org.uk.

10. Children’s personal data

We do not knowingly collect personal data from children under the age of 16. If you become aware that your child or any child for which you have parental responsibility has provided their personal data to us without your consent, please contact us using the contact details set out above under How you can contact us.

11. Links to other websites

Our website may, from time to time, contain hyperlinks to third party websites. This Privacy Policy does not apply to your use of those other websites. We encourage you to read the privacy statements on the other websites you visit, as they will govern the use of any personal data you provide when visiting those websites.

12. Changes to this Privacy Policy

This Privacy Policy was last updated on 01/08/18.

This Privacy Policy may be updated from time to time. We will post the updated terms on our website and, where appropriate, we will notify you of the changes, for example by an email notification. We recommend that you check this page from time to time to ensure that you are aware of and understand any changes.