1.1 SINFUL ("Sinful", "sinful.co.uk", "our", "us", or "we") is the data controller of the personal information we have received from you. You will find our contact information in Section 7.
2. WHICH PERSONAL DATA WE COLLECT AND FOR WHAT PURPOSE, AND HOW WE PROCESS YOUR PERSONAL DATA IN ACCORDANCE WITH APPLICABLE LAW
2.1 When you visit sinful.co.uk, our system automatically collects information about you and your use of our website. The data registered by the system include information about which browser you use, which words, products and categories you search for, your IP address, network location and information about your computer, mobile or tablet, which makes it possible for us to improve your user experience and optimise sinful.co.uk’s functions, and we use the information to be able to carry out relevant marketing activities. The legal basis for processing your data in connection with your visit to our website can be found in the GDPR, article 6, subsection 1, paragraph f.
2.2 When you sign up for direct marketing from sinful.co.uk, e.g. through our Facebook page, newsletter, push notifications etc., we register your name, email address and other voluntary information that you provide in connection with signing up. The aim is to ensure that we can deliver relevant marketing to you. The legal basis for can be found in the GDPR, article 6, subsection 1, paragraph a.
2.3 When you buy a product at sinful.co.uk or communicate with us through our website, we register the information that you yourself provide, e.g. your name, address, email address, phone number, payment method, delivery method, IP address and which products you have bought and might have returned to us. This information is registered so that we can deliver the products you have ordered and in order for us to be able to manage and observe your right to return and complain about a product in accordance with the GDPR, article 6, subsection 1, paragraph b. Information about your purchases through our website is also collected so that we can comply with legal requirements to bookkeeping and accounting records in accordance with the GDPR article 6, subsection 1, paragraph c. We register your IP address because sinful.co.uk has an interest in preventing fraud. The legal basis for this can be found in the GDPR, article 6, subsection 1, paragraph f.
2.4 When you enter into a collaboration agreement with us, we register the following information: your name, address, email address, phone number, delivery preferences, IP address and the products you have received from us. The purpose of collecting and storing these data is to evaluate the potential collaboration agreement and to deliver the products you have requested in accordance with the agreement. The information you give to us is processed in order to take action on your request prior to entering into a collaboration agreement in accordance with the GDPR, article 6, subsection 1, paragraph b.
2.5 When you fill out a questionnaire, we register your name and email address as well as information regarding your sexual relations and health, if the questionnaire includes questions about such topics. The purpose of a questionnaire is to obtain information for a specific study. Thus, the legal basis can be found in the GDPR, article 6, subsection 1, paragraph a, and article 9, subsection 2, paragraph a.
3. RECIPIENTS OF PERSONAL DATA
3.1 sinful.co.uk entrusts information about your name, address, phone number, email address, order number and delivery choices to Royal Mail or any other carrier that handles the carriage and delivery of the items you buy from us. If you buy products that are out of stock at our warehouse, your details may in exceptional cases be passed on to the manufacturer, who then will make sure the item in question is sent to you. Such information is exchanged between Sinful and the carrier through Coolrunner. In addition, your details may be passed on to business partners, such as lenders, who assist us with our business activities.
3.2 Since we use external partners for things like technical operation, website improvements, collection of permissions for sending newsletters, participation in competitions, pop ups, relevant marketing and rating of our company and products, information about your name and your email address may be entrusted to them.
We transfer information about your name and your email address to, inter alia, the following external collaborators established within the EU:
Some of the above-mentioned companies carry the status of data processors, who under our specific instructions process data that we are legally responsible for. All external partners that process personal data on our behalf have signed written data processing agreements with us in which they are subject to strict confidentiality. None of our external partners may use your personal data for any other purpose than to fulfil the agreement they have signed with us.
Some of our external data processors, e.g. Google Analytics of Google LLC, Klaviyo Inc., Magento Inc., Zendesk Inc. and Microsoft Corporation, are established in the United States. Transfer of personal information to our data processors in third countries are safeguarded by valid transfer guarantees provided by the European Commission's Standard Contractual Clauses.
4. YOUR RIGHTS
4.1 For maximum transparency regarding our processing of your personal data, we as data controller must inform you about your rights.
4.2 Right of access
4.2.1 You have the right to at any time ask for access to the data we hold about you, what purposes your data serves, which categories of personal data we hold about you, who receives and processes the data and where our data about you is collected from.
4.2.2 You have the right to have a copy of your personal data, which we have registered and processed, sent to your email. If you wish to receive such a copy, please send our customer service team a written request at email@example.com. We only send personal data that relates directly to the email address from which the request was made. In other words, you cannot ask for information related to a different email address than the one you use to contact us from.
4.3 Right to rectification
4.3.1 You have the right to have incorrect personal data about yourself corrected by us, so we do not use false information about you when you use the company's services. If you find that there is an error in the information we hold about you, please notify us via an email to our customer service so that we can correct the error.
4.4 Right to erasure
4.4.1 In certain cases, you have the right to have all or part of your personal data erased by us. This applies, for instance, to cases where you withdraw your consent and we have no legal basis for continuing to process your data. If it’s necessary to continue the processing of your personal data, we are not obligated to erase the data we hold about you. This includes cases where we must comply with our legal obligations, so that legal claims can be determined, enforced or justified in connection with police investigations.
Personal data can only be erased retrospectively. Note that if you request to have your data erased, data will once again be collected about you if you decide to use our company’s services in the future.
4.5 Right to restriction of processing
4.5.1 In certain cases, you have the right to restrict the processing of your personal data, if you believe that the data we process about you is incorrect.
4.6 Right to data portability
4.6.1 In certain cases, you have the right to receive a machine-readable copy of the personal data that you yourself have given us, and you have the right to transfer any personal data concerning yourself to another data controller.
4.7 Right to object
4.7.1 You have the right to object to our processing of your personal data for direct marketing purposes, including the profiling, segmentation and analysis that we carry out to be able to make our communication and marketing relevant to you.
4.7.2 You have the right to, on grounds related to your personal situation, object to our processing of your personal data, which we carry out on the basis of our legitimate interest cf. section 2.1 and 2.3.
4.8 Right to withdraw consent
4.8.1 You have the right to withdraw your consent to direct marketing, e.g. newsletters. If you wish to withdraw your consent, please write to us at firstname.lastname@example.org cf. section 4.2.2.
4.9 Right to lodge a complaint
4.9.1 You have the right to lodge a complaint to an official supervisory authority, if you believe your rights have been breached. For the UK, the authority is the Information Commissioner's Office, the ICO. You can find their contact details here.
5. ERASURE OF PERSONAL DATA
5.1 Information collected about your use of sinful.co.uk, cf. sections 2.1 and 2.2, shall after a total period of 2 years either be erased or only be available in anonymous form, so that the information cannot be traced back to you. It is understood that you during this period have not interacted with our company’s services. In other words, that you have not visited our website, made purchases on our website, participated in our competitions, read or clicked on our emails, ads, pop-ups etc.
5.2 The personal data that we have collected in connection with you signing up to our newsletter shall be erased within 2 years after we sent our last newsletter to you. Withdrawing your consent is a prerequisite for erasure.
5.3 In general, the personal data we have collected in connection with your purchase at sinful.co.uk shall be erased or anonymised, so that they cannot be traced back to you, 5 years after the end of the calendar year in which you made the purchase. The data may, however, be stored for a longer period if we believe we have a legitimate need to keep them.
5.4 In accordance with the HMRC, the company’s financial records shall be stored for 6 years until the end of a fiscal year.
5.5 The personal data we have collected upon your interaction with our customer service shall be erased after a total period of 3 years after you last contacted us.
5.6 The data we have collected in connection with collaboration agreements shall be erased within 2 years of our last interaction with you. If we have received a request for a sponsorship that has not been agreed to, the related data will be erased immediately.
5.7 The data we have collected in connection with a questionnaire shall be erased as soon as the survey period is over. Information will only be published in anonymous state, unless the respondent consents to the disclosure of their information. In that case, the information shall be erased as soon as the questionnaire is no longer relevant.
6.1 SINFUL has implemented all the recommended technical and organisational security measures to prevent accidental or unlawful destruction, loss, alteration, deterioration, abuse, unauthorised disclosure of or access to your personal information.
6.2 Only employees with a legitimate need to access your data in order to perform their duties shall have access to your personal data.
7. CONTACT DETAILS
7.1 SINFUL is data controller of the personal data collected via our website.
SINFUL / Mcompany
5 Station Court
Telephone: 0330 808 5261