We are Thorntons UK Ltd (“Thorntons”), and our registered Head Office is 889 Greenford Road, Greenford, England UB6 0HE. For the purposes of the Regulation (EU) 2016/679 (“GDPR”). We are known as a Data Controller of the information that you provide us with. We take our obligations as a Data Controller very seriously. Should you wish to find out more on how we collect, use and store your data, please contact us at Data.PrivacyUK@Thorntons.com and below you can find out more about how we look after your personal data. For more information on the GDPR, you can visit the Information Commissioner’s website.
All our contact details can be found on our website. Follow this link to our contact details..
Thorntons has appointed a Data Protection Officer (DPO) who can be contacted at the following e-mail address Data.PrivacyUK@Thorntons.com.
In general, any information and data which you provide, or which is otherwise gathered by us in the context of the Website, will be used by Thorntons in compliance with the GDPR. This means, in particular, that any Personal Data processing carried out by Thorntons will respect the principles of lawfulness, fairness, transparency, purpose limitation, storage limitation, data minimisation, accuracy, integrity and confidentiality, in accordance with the GDPR.
Thorntons does not knowingly collect any personal data from children under the age of 18. Thorntons takes children's privacy seriously. As such, we would recommend that a parent or guardian assist and guide any child under the age of 18 who may intend to browse the Website or access the services provided by Thorntons. Children under the age of age 18 should not use Thorntons Website or services. In the event that Thorntons learns that it has inadvertently collected Personal Data from a child under the age of 18, Thorntons will promptly delete such information.
COLLECTION OF PERSONAL DATA
We collect, process and store certain information about you (such as, information which may identify you in some way; such as your name, address, telephone number, email address, screen name and/or financial information) through the Site, only when you voluntarily submit it. We may request that you submit your personal information in certain instances, such as when you purchase products and services offered by us on this Site, submit comments or questions, request information, participate in a promotion, contest or sweepstakes or utilise other features or functions of this Site.
Certain pages of the Sites may allow you to create login credentials by typing in your username/ID or email address and password and other information; Payment method requiring login via PayPal.
Moreover, when you connect to the Site, there is certain information (e.g. IP address, purchase preferences, profiling features) that may include identifiers that may permit us to serve tailored ads to your device, along with technical, information which does not identify any individual (e.g. internet browser type) that may be collected and stored through the use of “cookie” technology. In addition, other parties such as advertising partners and analytics providers may collect information about your online activity over time and across the Sites. This information assists us to develop our business and provide customers with products tailored to visitors’ needs. You may set your computer browser to disable cookies or to alert you when cookies are being sent. If you disable cookies, we may be unable to optimise your visit to a Site and certain features on the Site may not be available.
The processing of data shall be made by such procedures, technical and electronic means, which are suitable to protect the confidentiality and security of data and consists of collection, recording, organisation, storage, consultation, elaboration, alteration, selection, retrieval, alignment, use, combination, block, communication, dissemination, erasure, and destruction of data, including a combination of two or more of such activities.
USE OF YOUR PERSONAL DATA
- You have permitted its use by providing us with your consent (Art. 6 (1) (a) GDPR);
- It is necessary for the performance of a contract, to which, you are a party (Art 6 (1) (b) GDPR);
- It is required for us to comply with a legal obligation (Art 6 (1) (c) GDPR);
- It is necessary for our legitimate interests. (Art 6 (1) (f) GDPR)
Performance of a contract to which you are a party (Art 6 (1) (b) GDPR):
- To finalise purchase orders and deliver products bought on the Site;
- To provide answers or services you request, including allowing the creation of an account, to receive information from Thorntons; to verify your identity and assist you, in case you lose or forget your login/password details for any of Thornton’s registration services;
- To allow you to create and maintain a registered user profile, to process transactions and enrolments you request, to contact you when necessary and respond to your requests and enquiries, including emails;
- To process card payments and to provide any other services which you may request;
- To send you newsletters you have subscribed to as a service (containing only informative content);
It is not mandatory for you to give Thorntons your personal data for these purposes; therefore, if you do not provide such data, Thorntons will not be able to provide any services to you.
Permitted use through your consent (Art. 6 (1) (b):
- For marketing, promotional and publicity purposes, including to carry out direct marketing, as well as to carry out studies, research, market statistics or surveys, via e-mail, SMS, push notifications, pop-up banners, instant messaging, phone calls by an operator, Thorntons’ official social media pages, regarding Thorntons’ products and services (“Marketing”).
- Processing for these purposes is based on your consent. It is never mandatory for you to give consent to Thorntons for the use of your Personal Data for these purpose, and you will suffer no consequence if you choose not to give it (aside from not being able to receive further marketing communications from Thorntons).
- To send you offers, promotions or other information about our goods and services. Any consent given may also be withdrawn at a later stage.
- For future marketing, promotional and publicity purposes, by sending you direct e-mail marketing communication regarding products and services provided by Thorntons which are identical or similar to those you have previously requested through the use of the Website. Processing for these purposes is based on your consent.
You can always opt-out of these communications, by clicking on the “Unsubscribe” link provided at the bottom of all such communications.
To create your user profile (individual and/or aggregate profiles) on our Website, by collecting and analysing information on the preferences you select and choices you make on the Website as well as on your general activities on the Website, through the use of profiling cookies (“Profiling”). This information will be used to personalise the Services provided through the Website, where possible, to suit your preferences and choices, as well as to serve you with information and advertisements which may be relevant to you and your interests, to propose customised offers that may be of your interest and to give you information about other websites/services which Thorntons believes you may be interested in.
All algorithms involved in this processing are regularly tested, to ensure the processing’s fairness and control for bias.
Processing for this purpose is based on your consent, collected by means of the cookie pop-up banner and/or a specific tick box. It is never mandatory for you to give consent to Thorntons for use of your personal data for this purpose, and you will suffer no consequence if you choose not to (aside from not being able to benefit from greater personalisation of your user experience regarding the Website). Any consent given may also be withdrawn at a later stage, either by modifying your device settings or contacting Thorntons at the address mentioned above.
- When you provide any personal information to Thorntons, Thorntons must process it in accordance with the applicable laws, which may include retaining and reporting your Personal Data to official authorities for compliance with tax, customs or other legal obligations. No consent is required for the processing of data for this purpose since such processing is necessary to comply with a legal obligation (GDPR, art. 6, 1a).
- To prevent and detect any misuse of the Website, or any fraudulent activities carried out through the Website (“Misuse/Fraud”).
Processing for this purpose is necessary to pursue Thorntons’ legitimate interests in preventing and detecting fraudulent activities or misuse of the Website (for potentially criminal purposes).
- To analyse and improve our service provision, enhance the Website, evaluate the effectiveness of Thorntons’ marketing activities and services, perform statistical and demographics analyses on Thorntons’ corporate clients and registered users (“Analytics”). Anonymous information is collected in order to understand behaviour on the website and identify issues or possible improvements. These include page browsing behaviour of subsets of traffic such as heatmaps, input form analysis, as well as aggregated collection of data including page visits, volumetric and insight such as time spent on page, site navigation and performance.
- Thorntons use age verification services to ensure that the sale of hampers and giftsets containing alcoholic products are to those over the age of 18. Where this cannot be proven your order may be rejected, or you may be requested to supply additional information when contacted by our Customer Service team.
- To respond to your questions and comments; to provide you with access to certain areas and features on a Site; and to communicate with you about your activities on a Site.
- To investigate suspected fraud, harassment, physical threats, or other violations of any law, rule or regulation, the rules or policies of a Site, or the rights of third parties; or to investigate any suspected conduct which we deem improper.
Processing for this purpose is necessary to pursue Thorntons’s legitimate interests in the development and administration of the Website and to improve the services provided on the Website.
Users shall not be required to provide Personal Data to browse public pages of the Website. The provision of Personal Data for the purposes mentioned above is optional, however, failure to provide required data (indicated as such in the registration form, as applicable) may prevent users from completing registration or availing of related services.
We will not provide any of your personal data to any third parties without your specific consent.
SHARING OF INFORMATION
Thorntons do not share, your personal information with independent companies for their own use. Personal data that you provide to us in the course of using our Sites’ features or requesting a product or service through this website, may be gathered and stored in one or more of our corporate databases.
These Sites may share your personal information with subcontractors (e.g. cloud service providers). Subcontractors are restricted from using this data in any other way other than to provide these services to Thorntons and they may not share this data.
Site metrics for this site may be shared with other Thorntons websites, subsidiaries or affiliates. The information shared will be anonymised data and will not include any of your personal data. Your personal information may be disclosed, in close relation to the purposes specified above, only to:
- subjects necessary for order fulfilment, delivering packages, sending postal mail and e-mail, removing repetitive information from customer lists, analysing data and providing marketing assistance, processing credit card payments, and providing customer service, which typically process personal data on behalf of Thorntons as data processors;
- persons authorised by Thorntons to process personal data, that are committed to/ or under an appropriate statutory obligation of confidentiality (Thorntons employees);
- law enforcement agencies and public authorities when so required by the applicable law or in good faith; and
- third-party commercial partners for their own purposes only in compliance with appropriate legal grounds.
Thorntons will disclose your personal information, without notice, only if required to do so by law or in good faith if such action is necessary to: (a) conform to the edicts of the law or comply with a legal process served on Thorntons; (b) protect and defend the rights or property of Thorntons and this site; or, (c) act under exigent circumstances to protect the personal safety of users of Thorntons, its websites, or the public.
We may transfer your personal data that we collect from you to third party data processors located in countries within the European Economic Area (“EEA”) or to members of our group of companies in connection with the above purposes. We do not transfer any personal data outside the EEA.
When transferring personal data outside the EEA, we will ensure that:
- Standard contractual data protection clauses, as approved by the European Commission, will be incorporated into our contracts with any third parties (Art. 46 (2) GDPR)
- The country in which your personal information will be handled has been deemed “adequate” by the European Commission (Art. 45 GDPR
MANAGING YOUR PERSONAL INFORMATION
You have the ultimate control over the personal data that we collect and use. You can always choose not to provide certain data, but please keep in mind that you may not be able to use some of the features offered by the Site(s) unless you provide us with the required personal data (e.g., we will not be able to fulfil your order without certain personal data such as name, address etc.).
If you wish to verify, update, cancel or correct any of your personal data collected through the Site, contact us by post, email or phone..
As a data subject, you are entitled to exercise the following rights, at any time:
- The right to be informed in relation to any changes made to the processing activities detailed in this Policy;
- The right of access to a copy of all the personal data that is held by Thorntons UK Ltd and any of its subsidiaries;
- The right to rectification of any inaccurate information;
- The right to erasure (or the “right to be forgotten”) of any personal data that is held by Thorntons UK Ltd and any of its subsidiaries.
- The right to data portability;
- The right to object to the processing of your personal data as specified in this Policy;
- Right to object in relation to automated decision making and profiling.
Please note that most of the personal data you provide to Thorntons can be changed at any time, including your e-mail preferences, by accessing, where applicable, your user profile created on the Website.
Consent for Profiling carried out by cookies may be withdrawn at any time. Where consent for Profiling was given via a cookie pop-up, you may set your computer browser to disable cookies or to alert you when cookies are being sent. If you disable cookies, we may be unable to optimise your visit to a Sites and certain features on the Sites may not be available.
At any time, you shall be entitled to exercise the rights established by the law in force, by contacting us at Data.PrivacyUK@Thorntons.com.
Generally, Thorntons will keep your Personal Data only for as long as strictly necessary, according to the principal reason for which it was originally collected:
- Personal data processed for Service Provision will be kept by Thorntons for the period deemed strictly necessary to fulfil such purposes. Information will, however, be kept for longer if we need it to address any claims regarding the services or to protect Thorntons’ interests related to potential liability related to the Service Provision.
- Personal data processed for Marketing and Profiling will be kept by Thorntons from the moment you give consent until the latter is withdrawn
- Once you have objected, Personal Data will no longer be used for these purposes, although it may still be kept by Thorntons, in particular as may be necessary to protect Thorntons’ interests related to potential liability related to this processing
- Personal data processed for Compliance will be kept by Thorntons for the period required by the specific legal obligations for which the Personal Data was processed.
- Personal data processed for preventing Misuse/Fraud and Analytics will be kept by Thorntons for as long as deemed strictly necessary to fulfil the purposes for which it was collected.
After such periods, all data shall be deleted or anonymised, except that data we are required by law to keep for a longer period.
LINKS TO OTHER SITES
The Site may contain links to other websites that are not owned, operated, or maintained by Thorntons. When you leave the Site, you should note and read the terms and conditions and privacy policies of each and every website that you visit. You should also independently assess the authenticity of any website which appears or claims that it is one of our Sites (including those linked to through an email). Despite any links that might exist on the Site, unless expressly stated otherwise, we do not control, recommend, or endorse and are not affiliated with these websites or their content, products, services, or privacy policies. Downloading material from certain websites may risk infringing intellectual property rights or introducing viruses into your computer system.
The security of your personal data I is very important to us. We have put in place appropriate technical and organisational, measures to safeguard the information we collect. However, due to the inherent open nature of the Internet, we cannot guarantee that communications between you and us or information stored on the Site or our servers will be completely free from unauthorised access by third parties, such as hackers. Your use of the Site demonstrates your assumption of this risk. To the fullest extent permitted by law, we disclaim all liability and responsibility for any damages (including, but not limited to, any and all direct, special, indirect, consequential, or punitive loss or other damages of any kind, whether in contract (including fundamental breach), tort (including negligence), or otherwise) that you may suffer due to any loss, unauthorised access, misuse, or alteration of any information you submit to the Site.
So that we maintain the integrity, security and confidentiality of your personal data, we have ensured that we have put in place the relevant and appropriate technical and organisational measures. This includes end-to-end encryption and access control that restrict and manage the way in which your personal data is stored and handled, while also ensuring physical security of where the data is located.
GOVERNING LAW / JURISDICTION
Should you have any questions or comments regarding the Sites, you may contact us by mail at the address of Thorntons Ltd or at the following email address Data.PrivacyUK@Thorntons.com
You have a right to lodge a complaint with a local data protection authority if you feel we have not complied with the relevant and applicable data protection laws. Please see below the details for the relevant Regulatory bodies in the UK and Ireland:
IRELANDData Protection Commissioner
Lo-Call: 1890 25 22 31
Tel. +353 57 868 4800
Fax +353 57 868 4757
UKThe Information Commissioner’s Office
Water Lane, Wycliffe House
Wilmslow – Cheshire SK9 5AF
Tel. +44 1625 545 745