This privacy notice sets out how we, California Love, London uses and protects any personal information we collect or generate in relation to you whilst using our website, interacting with us and purchasing our products.
We have reviewed and updated this Privacy Notice to comply with the General Data Protection Regulation (EU) 2016 / 679 and the UK Data Protection Act 2018 (the Data Protection Regulations).
Any future changes to our website which may affect the personally identifiable information collected or used, will be communicated in an update to this Privacy Notice and made available on our website.
What we collect, the source, the purpose of processing and lawful basis
The types of personal data we collect when using our site:
|Source of data||Information stored||Purpose/Processing activity||Lawful basis of processing|
|Customer data||Name name, address, email address, user ID, password||To process orders and deliveries||To perform a contract|
|Customer data||Name, address, purchases, cost, transaction date||Issuing of invoices, refunds etc||To perform a contract|
|Customer data||Marketing preferences, , birth day/month||Newsletters, special offers||Consent|
|Customer Data||Bank details||To pay for orders||To perform a contract|
Please read this notice carefully for details about the information we collect when you use this site. If you do not wish to accept cookies in connection related to this site, you must disable them using your browser settings.
Links to other websites
Our site may contain links to other sites of interest. However, once you use these links we do not have any control over that external site. We cannot be responsible for the protection and privacy of any information you provide whilst visiting sites that are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to external sites.
Recipients of your data
We use third-party providers (data processors/joint data controllers) to help us deliver our services to you. Where we use third parties to process any personal data collected from this site, we ensure that they have committed to ensuring appropriate technical and organisational measures are in place to meet their obligations under the Data Protection regulations.
Credit/Debit Card payments using a third party
We never collect or store your payment card details and use a third-party payment gateway for purchases made on our website. We only use PCI-DSS complaint payment systems procured from reliable third- party providers, such as Mastercard and Paypal.
Our technology systems do not directly collect or store any payment card information and our online payment solutions are carried out using a ‘payment gateway’. This is a direct connection to a payment service provided by a bank or payment provider.
This means that when you input your payment card data you are communicating directly with the bank. As such your payment card information is handled by the bank or payment provider only.
Automated decision making
No automated decisions are made using any personal information collected using this site.
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
Controlling your personal information
You may choose to unsubscribe from newsletters at any time.
Data Transfers outside the EEA
We use selected third parties who are based in the USA.
- Our payment providers may store certain data in data centers located in the USA, however we only use providers who are PCI-DSS compliant and therefore adhere to strict security standards
- Mailchimp may store data outside of the EEA and are regulated through their adherence to the US Privacy Shield
Aside from our selected third parties, we do not send any Personally Identifiable data collected via our site outside the EEA unless you have consented for us to do so, for example: if you provide contact data which is outside of the EEA.
You are entitled to ask about the data that is held about you, subject to certain exceptions. This is called a Subject Access Request (SAR). These should be made by email or in writing at the following addresses:
Address: Data Protection Manager,
130 Old Street, London, EC1V 9BD.
In addition, the Data Protection Regulations provide the following rights for individuals: (https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/)
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling
If you would like to exercise any of your rights under the Data Protection Regulations, please contact us at the addresses above.
We will make every attempt to ensure you are satisfied with our handling of your data queries or requests. However, you have the right to complain to the Information Commissioners Office (ICO) if you are not satisfied with our handling of your requests about the protection of your data. Follow the link below to report a concern to the ICO.
Last updated: November 2019