For the purpose of this Privacy Notice, Data Protection Legislation means: (i) the General Data Protection Regulation 2016/679 (the "GDPR") applicable in the European Union, including the UK until any UK data protection legislation replaces or adopts the GDPR in the UK; and (ii) then such UK data protection legislation replacing the GDPR once in force and applicable.
2. Who is responsible for your personal data?
GANT UK Ltd. ("GANT UK"), is part of the GANT AB Group. GANT UK, company number 2474645 (also referred to as "we", "us" and "our"), at Floor 2, Holborn Gate, 26 Southampton Buildings, London, WC2A 1AN, is responsible for the processing of your personal data (controller or "GANT UK"). GANT UK shares your personal data with other companies of the GANT group which may act as separate or joint controllers or as processors of GANT UK, as described below.
3. Personal data we process about you
3.1 Personal data that you have provided to us or that we have collected from youYou will provide us with some information about yourself when joining GANT's membership, purchasing items in store or at gant.co.uk and when integrating with us in any other way (for example via our customer service). You may also provide us with information for other reasons.
Example of such information is:
● Personal identification number
● Contact information (such as email address, phone number & address)
● Physical attributes (size)
● Product feedback and comments (including unstructured comments/information, chat/mail, email & recordings of call sessions)
● Payment information (such as bank account)
● Image (collected from CCTV in our stores or our offices)
We also collect your information when you make a purchase at a GANT store, visit gant.co.uk, it.gant.com, pt.gant.com, fr.gant.com, es.gant.com, nl.gant.com, be.gant.com or when you integrate with us in any other way.
GANT processes information as:
● Technical data (such as IP address, language settings, geographical information)
● Transaction & purchase information (such as order number & item)
● Purchase and user generated data/E-commerce activities (such as clicked and viewed items)
● Preferences and behaviour
3.2 Personal data we have collected from third partiesIn order to maintain a good customer relationship, GANT regularly collects personal data from other places/other parties (so called third parties). The information we collect from third parties is:
● Addresses from public records to be sure we have the correct address details for you.
● Credit rating data from credit rating agencies or banks.
4. Cookie Information
In your browser you can choose an option that allows you to receive a message before a website sends a cookie to your computer. You can then choose to accept or reject the cookie. You can also choose not to receive any cookies at all. Because different browsers work differently, you can search your help menu to find the setting on your browser.
5. Purpose and legal basis for processing your personal data
5.1 The purpose of processing your personal dataWe process your personal information for different purposes. GANT processes your personal information in order to:
Administer your purchase, which includes:
● Giving you information about your purchases on gant.co.uk, it.gant.com, pt.gant.com, fr.gant.com, es.gant.com, nl.gant.com, be.gant.com e.g. order confirmation, delivery information etc.
● Delivering your purchases on gant.co.uk or in store to your specified address
● Administer your purchase if you have chosen to pay against invoice
● Providing you with digital receipts for your purchases in store
Deliver a personalized experience (profiling) by:
● Sending newsletters and other marketing to you
● Customizing your experience on gant.co.uk based on your behavior and preferences
● Delivering a personalized experience of our services, benefits and offers
Improve our communication, products and services by:
● Handling customer service issues and/or complaints
● Identify trends by collecting data for statistical purposes
Manage and administrate your information by:
● Keeping our customer records updated with the current address
Administrating events by:
● Conduct and manage participation in competitions and/or events
● Communicating before and after competitions and/or events
Manage and administrate your membership (only applicable for members) by:
● Offering points, bonuses and other benefits linked to your personal membership
● Administrate your account on our webpage
We may place a cookie on your device when you access our website. These cookies will let us know when you have accessed our website. We may share this information with our advertising social media providers such as Facebook or Twitter (e.g. IP addresses or unique mobile identifiers). The cookies will let our advertising providers know when to serve ads and to whom, ensuring that our ads are served only to people who have previously visited our websites or used or downloaded our apps ("Retargeting"). This is further explained in our Cookies Policy.
For further information, see section 11.
5.2 Legal basis for processing your personal dataGANT bases the processing of your personal data on a number of legal bases. These are described in this section and more detailed under section 11.
● Performance of Contract. We treat your personal information in order to fulfill the purchase agreement with you as a customer and/or member or to provide any other services we agree to provide to you. Based on this legal basis, we treat information such as your purchases and your interaction with our customer service.
● Legitimate Interest. Part of the processing of personal data we carry out is based on our legitimate interest when we conduct and manage our business. This applies, for example, to the personal data we process to send you personal offers and to make a limited segmentation of customers. For example, this includes the processing and analysing of your purchase history, your buying behavior and your behavior on gant.co.uk in order to gain more knowledge about you as a customer and our customers in general as well as to improve our offers.
● Law Compliance. In some cases, GANT may have a legal obligation to process your personal data to comply with a legal or regulatory obligation.
● Consent. Generally, GANT does not rely on consent as a legal basis for processing your personal data, other than in relation to marketing purposes such as direct marketing and newsletters.
Please note: You are never required to share your personal data with us, however, if you do not submit your personal data to us, we will not be able to fulfill our agreement or fulfill our commitments in relation to you.
6. Who can access your personal data?
Your personal data is for some purposes shared with parties who process personal data on our behalf, so-called processors. We will provide your personal data to the following;
● Suppliers of IT systems such as gant.co.uk, it.gant.com, pt.gant.com, fr.gant.com, es.gant.com, nl.gant.com, be.gant.com and its sub-suppliers in development and support. These companies provide services, technical solutions and platforms for GANT.
Only applicable for GANT Loyalty members:
● Franchise Companies. Those who provide and sell products under GANT's trademark have access to your personal data so that you can use your member benefits in the store;
● Other partners. As a member of GANT, we also want to offer you the benefits from any of our partners. This means that in order for you to benefit from their offers and benefits we need to share some of your personal data, such as name, email, mobile number and social security number to be able to identify you as a member. Offers in cooperation with external partners will only be sent by GANT and the personal data provided to partners will only be used to identify you as a GANT member.
We also transfer your personal data to joint or independent controllers:
● Collaborating partners. To handle payments made by GANT's customers, we use suppliers to ensure secure payment solutions;
● Other companies within the GANT group. Since GANT is an international company, some of your personal data is disclosed to companies in the GANT Group which operate in other countries such as Sweden, Germany, UK, France, Benelux and Switzerland;
7. Transfer of personal data to third countries
We always strive to process your data within the EU / EEA. However, the data may in some situations be transferred to, and processed in, non-EU / EEA countries by a company within the GANT group or by another supplier or subcontractor. As GANT is determined to always protect your personal data, GANT will take all reasonable legal, technical and organizational measures to ensure that your personal data is handled securely and with an adequate level of protection comparable to and at the same level as the protection offered in EU / EEA. For instance, we may implement one of the following safeguards:
● Only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
● Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
● Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US.
8. For how long is your personal data retained?
We will only retain your personal data for as long as you have consented to it or when is necessary to us to provide you with our services or fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, reporting or regulatory requirements. For instance, by law we have to keep basic information about our customers (including contact, identity, financial and transaction data) typically for six years after they cease being customers for tax purposes.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances you can ask us to delete your personal data.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
Only applicable for GANT Loyalty members: Your personal data will as a general rule be saved until you end your membership or automatically due to inactivity for a period of 24 months. You may contact us at any time and terminate your membership and request that we remove your personal data.
For further information, see section 14.
9. Data Security
Please be aware that communications over the Internet, such as e-mails are not secure unless they have been encrypted. Your communications may route through several countries before being delivered. We cannot accept responsibility for any unauthorised access or loss of personal data that is beyond our control.
We have appropriate security policies, rules and technical measures to protect the personal data that we have under our control (having regard to the type and amount of that data) from unauthorised access, improper use or disclosure, unauthorised modification, unlawful destruction or accidental loss. We have procedures in place to deal with any suspected personal data breach, and will notify you and any regulator of a breach when legally required to do so.
10. Your rights
Access. In accordance with Data Protection Legislation, you have the right to access information about what personal data we are processing about you and the right to request a correction of your personal data.
Rectification. You have the right to rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed.
Erasure. under certain conditions, for example if the processing is no longer necessary for the stated purposes or if you withdraw your consent, you have the right to request that we erase your personal data. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Restriction. In some cases, you also have the right to request that we restrict our processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
(i) if you want us to establish the data's accuracy;
(ii) where our use of the data is unlawful but you do not want us to erase it;
(iii) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
(iv) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Objection. You have the right to object to our processing of your personal data for example direct marketing purposes or profiling, or if the processing is based on our legitimate interest. You also have the right to object to processing of personal data for the purpose of profiling and direct marketing.
Portability. You also have the right, under certain circumstances, to obtain the personal data that relates to you, as provided to us, in a structured, widely used and machine-readable format and may transfer them to another controller.
Withdrawal. You are entitled to revoke all or part of a given consent for processing personal data at any time where we are relying on consent to process your personal data with effect from the date of withdrawal, unless further processing is required by law.
Profiling. You also have the right to object to processing of personal data for the purpose of profiling and direct marketing.
What we may require from you.We may need to request specific information from you to help us confirm your identity. We may also contact you to ask for further information in relation to your request.
Time limit to respond.We try to respond to all legitimate requests within one month. Occasionally it may take us longer that a month if your request is particularly complex, or you have made several requests. In this case, we will notify you and keep you updated.
No fee usually required.All communication and all actions taken by GANT regarding your rights described above are provided free of charge. GANT reserves the right, in the case of clearly unfounded or unreasonable requests, to either take out a reasonable fee covering the administrative costs of providing the information or taking the requested action or refusing to fulfill the requested action.
11. Changes to this Policy and changes of purpose for which your data is collected
Changes to this Policy.
We reserve the right to amend or modify this Privacy Notice and if we do so we will post the changes on our website. It is your responsibility to check the Privacy Notice every time you submit your personal data to us.
Change of purpose. We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us at email@example.com. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
If you would like to let us know about something we have done, or failed to do in relation to your personal data, whether positive or negative, please let us know by contacting GANT at firstname.lastname@example.org. Your comments enable us as an organisation to learn and continuously improve our services.
If you have any complaints regarding our processing of your personal data, you have the right to lodge a complaint with the ICO. More information on how to complain is available on the ICO's website at https://ico.org.uk/ or other competent supervisory authority that supervises GANT's handling of personal data.
13. Contact information
If you want to execute your rights or contact us regarding our processing of your personal data, you can do so by contacting GANT at email@example.com.
This information about the processing of personal data was determined by GANT UK Ltd. on the 20 April 2018.
14. Summary over the data we process about you, why and for how long
WHAT WHO PURPOSE LAWFUL BASIS HOW LONG DO WE STORE IT? Name, Age, Gender, Personal identification number, Contact information (such as email address, phone number & address), Technical data (such as IP address, language settings, geographical information), Transaction & purchase information (such as order number & item), Purchase and user generated data/E-commerce activities (such as clicked and viewed items)Preferences and behavior, Physical attributes (size) Members Deliver a personalized experience of our services,anage your membership, distribute loyalty points and benefits, administer your account on our webpage and ensure secure identification Performance of Contract (e.g. Performance of loyalty program agreement) Legitimate Interest Consent Until you end your membership (can be done manually or automatically due to inactivity for a period of 24 months) Name, Age, Gender, Contact information (such as email address, phone number & address), Technical data (such as IP address, language settings, geographical information), Transaction & purchase information (such as order number & item), Purchase and user generated data/E-commerce activities (such as clicked and viewed items), Preferences and behaviour, Physical attributes (size) Customers To obtain a good customer relationship, deliver a good experience of our services and administer your account on our webpage Consent, Performance of Contract, Legitimate Interest Until your consent is revoked or inactivity* for a period of 12 months Name, Contact information (such as email address, phone number & address), Transaction & purchase information (such as order number & item), Product feedback and comments (including unstructured comments/information, chat/mail & recordings of call sessions) Customers & Members Provide customer support, improve our communication, products and services Legitimate interest: The processing is necessary to meet our and your legitimate interest in evaluating, developing and improving our services, products and systems For a period of 36 months after the purchase in order to handle any complaints and warranty issues Name, Contact information (such as email address & phone number), Purchase and user generated data/E-commerce activities (such as clicked and viewed items), Technical data (such as IP address, language settings, geographical information) Members, customers & non- customers (marketing) Deliver a personalized experience of our services, benefits and offers by mail Consent Until your consent is revoked or inactivity* for a period of 12 months Name, Personal identification number, Contact information (such as email address, phone number & address), Transaction & purchase information (such as order number & item), Fraud score, Payment information (such as bank account) Customers & Members Fulfill the purchase agreement, administrate your purchases, deliver products, handle customer service issues/ reclamations and ensure secure identification Performance of the purchase agreement, Performance of Contract, Legitimate Interest, Compliance with laws & Regulations, Legitimate Interest Until the purchase has been completed (including delivery and payment) and for a period of 36 months thereafter in order to handle any complaints and warranty issues Name, Personal identification number or age, Contact information (such as email address, phone number & address), Comments given during the event and or/contest (unstructured data) Customers & potential customers Conduct and manage participation in competitions and/or events and identification and age control Legitimate interest: The processing is necessary to meet our own and our customers legitimate interest in managing your participation in events and/or contests, Performance of Contract, Compliance with laws & Regulations, Legitimate Interest Until the event/contest has ended (including any evolution/follow-up) Image from CCTV footage Customers & potential customers To protect us, our customers, premises, assets and employees from crime or any illegal or unlawful act Legitimate interest: The processing is necessary for the purposes of preventing. detecting and evidencing unlawful acts For as long as it is necessary under applicable laws
*Inactivity: Not opened mail/newsletter, made a purchase or registered under the specified time