Treatly Lingerie Subscription UK Privacy and Cookies Policy

Effective Date: 01 December 2021

PRIVACY

Your privacy is of paramount importance to us at TREATLY® and we are committed to protecting your personal data. This Privacy Policy will explain your rights with regard to privacy, as well as details of how we collect, store and process your personal information, and what we use this for. It is important that you read this, and any other notices we provide, on specific occasions where we are collecting your information, so that you are fully informed on how and why we are using your data.

We may update this Privacy Policy from time to time in order to reflect e.g. changes to our privacy practices or for other operational, legal, or regulatory reasons. If we make material changes to this Privacy Policy, we will notify you of such changes by posting the revised policy on this Website, and where appropriate, by other means. Changes and clarifications will take effect immediately upon their posting on the website. By continuing to use our Website and Services after these changes are posted, you agree to the revised policy. If our store is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to provide you with our Services. If such events do take place then this Privacy Policy will continue to apply to your personal data.

It is important that the personal data we hold about you is accurate and up to date. Please keep us informed if your data changes during your relationship with us.

WHO WE ARE?

THE GODDESS PROJECT LTD., trading as TREATLY® (collectively referred to as the company, “we”, “us” or “our” throughout this Privacy Policy and the rest of the website) is the data controller and responsible for your personal data. Our: website (www.treatly.uk), blog, content, branded pages on social media, accounts with us, products and services, are collectively referred to as our “Services” throughout this document. When you use the Services, even if you don’t have an account or purchase our products, we may receive some data from you via your web browser e.g. IP address, device type etc. and use this to understand how the Services are being used. If you do set up an account with us/ purchase our products, we’ll collect other personal information from you. This Privacy Policy will provide the information you need to understand what, how, why and for how long, personal data from you is collected, stored and processed.

This Privacy Policy doesn’t apply to the practices of third parties that we do not own or control, including third party websites, services, products or applications that you elect to access and interact with during your use of the Services, or to individuals that we neither manage nor employ. We take every precaution to ensure that the Third Parties that we work with share our respect for your privacy but we cannot be responsible for them and therefore ask that you carefully review the privacy policies of any Third Party Services that you access on our site e.g. PayPal.

If you have any queries about our Privacy Policy or wish to exercise any of your legal rights as detailed below, please contact us using the following contact information:-

Full name of legal entity: THE GODDESS PROJECT LTD.

Name or title of Data Protection Officer: eCommerce Manager

Email: info@treatly.uk

Postal Address: Treatly, 27 Newton Road, Knowle, Solihull, B93 9HL

You do have the right to register a complaint at any time with the UK supervisory authority for data protection issues- the Information Commissioner’s Office (ICO) www.ico.org.uk. However, we’d greatly appreciate an opportunity to address your concerns prior to this.

WHAT DATA DO WE COLLECT FROM YOU?

Any information from which a person can be identified, is known as personal data. Data from which the identity has been removed (anonymous data) is not included in this. Where we are required to collect personal data under the terms of a contract we have/ are trying to enter into with you, or by law, and you do not provide that information when it is requested, we may be unable to perform the contract with you e.g. the subscription service. In this scenario, we would notify you that we may need to cancel this product, service or contract with you.

The different types of personal data we may collect, store and transfer, can be grouped as follows:-

Identity data: including title, first name, last name, maiden name, usernames and date of birth
Contact Data: including shipping address, billing address, email address and phone numbers
Financial Data: including card details (card type, number, CVV/ security code and expiry date), bank account and PayPal account details.
Transaction Data: including details of products, subscriptions and services purchased, payment history etc.
Profile Data: including usernames and passwords, order history, interests, preferences, feedback/reviews, information you enter into our “Additional comments” and "Personalised message to be printed on dispatch note" boxes, bra size and brief size.
Marketing and Communications Data: including your marketing and communication preferences
Usage Data: including data which tells us how you use our services, products and website.
Technical Data: including your IP (Internet Protocol) address, operating system, browser type, browser version, browser plugins, location, time zone setting and login information
Aggregated Data: this may be derived from your personal data but it does not (directly or indirectly) reveal your identity. It is demographic or statistical data used for any purpose.

We do not use, and never deliberately collect/hold, special categories of personal data such as race, ethnicity, political/ religious beliefs, genetic/health information, criminal history, sexual orientation or details of a person’s sex life, unless they have been communicated to us via e.g. email or entered into one of our free text fields on our website e.g. our “Additional Comments” or "Personalised message to be printed on dispatch note" boxes on the cart page where personal messages can be added.

When you communicate with us, including via email or social media, we automatically record that communication in order to respond to your questions or issues, based on our legitimate business interest in providing great quality customer service.

HOW DO WE COLLECT THIS DATA?

We collect this information when you use our Services e.g. place an order, create an account, subscribe to our newsletter, enter a competition, provide a review etc. via:-

Direct interactions: information which you provide to us when filling in forms or corresponding with us.
Automated interactions: technical information which we automatically collect by using cookies and similar technologies. Please see our Cookie policy below for more information.
Financial, transaction and contact data: from service providers for payment, delivery and technical providers.
Third parties and publicly available sources: e.g. advertising networks, search info and analytics providers.

WHY DO WE NEED YOUR DATA, WHAT IS IT USED FOR AND HOW DO WE STORE IT?

We generally use your data in order to fulfil contracts we have with you e.g. if you have placed an order on our site, to comply with a legal/regulatory obligation or to pursue our legitimate business interests. We will only use your personal data when the law allows and for the purposes for which it was collected, unless we reasonably consider that we need to use it for another reason which is compatible with the original purpose. The purposes for use of your data include the following:-

Action/ Activity completed by us ____________	Data Type and number _______________	Legitimate interest (lawful) basis for processing ___________________
Registering customers	1. Identity, 2. Contact	To perform a contract
Processing orders/ requests and delivering products/services. This includes managing payments/ fees and collecting/ recovering money owed to us	1. Identity, 2. Contact, 3. Financial, 4. Transaction, 6. Marketing/Comms	To perform a contract and recover debts owed to us
Delivering relevant and useful website content/ advertisements to you and measuring the effectiveness of these ads.	1. Identity, 2. Contact, 5. Profile, 6. Marketing/Comms, 7. Usage, 8. Technical	To: understand how people use our products/services, grow/improve our business and determine our marketing strategy.
Recommending products/services that may be of interest to you	1. Identity, 2. Contact, 5. Profile, 7. Usage, 8. Technical	To develop our products/services and grow/improve our business.
Managing relationships e.g. notifying you about changes to our privacy policy, or requesting that you leave a review/ take a survey/ provide feedback	1. Identity, 2. Contact, 5. Profile, 6. Marketing/Comms	To: perform a contract, comply with a legal obligation, keep our records updated, understand how people use our products/services and grow/improve our business
Facilitating you entering a competition, completing a survey or providing feedback	1. Identity, 2. Contact, 5. Profile, 6. Marketing/Comms, 7. Usage	To: perform a contract, understand how people use our products/services and grow/improve our business
Administering and protecting our business and our website	1. Identity, 2. Contact, 8. Technical	To: comply with a legal obligation, prevent fraud, provide IT/ admin services, ensure network security and run our business
Using data analytics to improve our website, products/services, marketing an your experience of our services	7. Usage, 8. Technical	To: develop our business, keep our website/ social media relevant/ up to date, define customer types and determine our marketing strategy.

If you post information publicly on or through the Services, social media or elsewhere (including submitting reviews of our lingerie subscriptions and products), that relates to us or our Services we may receive and share that public information with third parties based on our legitimate business interest in marketing our Services.

Generally, we do not rely on consent as a legal basis for processing your personal data other than for sending out marketing communications to you. When you use our Services or provide us with personal information to complete a transaction, verify your credit card, place an order, arrange for a delivery or return of a purchase, we imply that you consent to our collecting your data and using it for legitimate business uses. If we ask for your personal information for a secondary reason, like marketing, we will either ask you directly for your expressed consent, or provide you with an opportunity to say no. We get your express opt-in permission to send marketing emails to you. You can opt-out of these marketing messages at any time by contacting us. If after you opt-in, you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at any time, by contacting us at info@treatly.uk

By using this site, you represent that you are at least 18 years of age. We do not knowingly collect or solicit Personal Data from anyone under this age. If you are under 18, please do not access or use our Services or send us any personal data. If we do discover that we have any personal data from an individual who is under 18, we will delete this data as quickly as we possibly can.

We have strict security procedures covering the storage and disclosure of your information in order to comply with the General Data Protection Regulation (GDPR). We will never share, sell, rent, disclose or otherwise provide personal data to other companies other than where required to by law, if you violate our Terms of Service or to Third Party Suppliers that we rely on to provide you with our Services and fulfil our lingerie subscriptions.

Third Parties

Third Party Services that we use may act as joint controllers or processors and may be based inside or outside the EEA. They include the following:-

Activity _______	Company ________	Privacy Policy ____________
Shipping/ logistics	Royal Mail	https://www.royalmail.com/privacy-notice/
Payment processing	PayPal	https://www.paypal.com/us/webapps/mpp/ua/privacy-full
Payment processing	Braintree	https://www.braintreepayments.com/en-gb/legal/braintree-privacy-policy
Subscription order management	Appstle (Recurring Orders)	https://appstle.com/privacy-policy/
Email Management	Mailchimp	https://mailchimp.com/legal/privacy/
Email Management	Ox	https://www.open-xchange.com/privacy/
Security	McAfee Secure	https://www.mcafee.com/enterprise/en-gb/about/legal/privacy.html
Analytics and advertising	Google	https://policies.google.com/privacy
eCommerce Platform Hosting and Data Storage	Shopify	https://www.shopify.com/legal/privacy
Social Media and advertising	Facebook	https://www.facebook.com/about/privacy/update
Social Media and advertising	Instagram	https://help.instagram.com/519522125107875?helpref=page_content
Social Media	Twitter	https://twitter.com/en/privacy
Social Media	Pinterest	https://policy.pinterest.com/en-gb/privacy-policy
Integration	Integromat	https://www.integromat.com/en/help/privacy-policy
Analytics and Customer Experience	Hotjar	https://www.hotjar.com/legal/policies/privacy/
Surveying	Zigpoll	https://www.zigpoll.com/terms-and-policies

In general, the third-party providers used by us will only collect, use and disclose your information only to the extent necessary to allow them to perform the services they provide to you/us. We (and our suppliers) use your data for our legitimate business interests of collecting and processing requests and orders, for risk and fraud screening, authentication, processing payments and to improve our Services. We do use some of the personal data that you provide to us to conduct some automated decision-making e.g. IP addresses or payment information to auto-block potentially fraudulent transactions for a period of time. Third-party service providers, such as our payment processors PayPal and Braintree, have their own privacy policies. We recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.

Once you leave our store’s website or are redirected to a third-party website or application, you are no longer governed by this Privacy Policy or our website’s Terms of Service. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.

Our store uses Google Analytics, a commonly used software, to help us learn about who visits our site, what pages are being looked at and how well we are doing to help people in their online shopping experience. It records certain information e.g. the city and country you are browsing from, which browser you are using and how you reached TREATLY® site.

Occasionally, we use advertisements that are targeted to people who fit certain general profile categories (Interest Based Ads) e.g. on Facebook or Google. The data for these may be provided to us by you, or by Third Parties. You can opt out of Interest Based Ads sourced by Google using Google's Ads Settings. For further information on your options around these ads please visit the European Interactive Digital Advertising Alliance.

To protect your personal information, we take reasonable precautions and follow industry best practices to safeguard personal data and ensure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed. Our information security systems apply to people, processes and IT systems. Our store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you. Your data is stored through Shopify’s data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall. They perform annual audits to ensure the handling of your credit card information aligns with industry guidelines. They are certified as a PCI DSS Level 1 compliant service provider, which is the highest level of compliance available, and their platform is audited annually by a third-party qualified security assessor. Shopify’s Privacy Policy is available here.

No method of data processing or storage is 100% secure. Therefore, we cannot guarantee the absolute security of your personal information. In the unlikely event that a data breach does occur, we will notify both the individuals concerned and the applicable regulator, if it is likely to result in a risk to the rights and freedoms of individuals e.g. discrimination, reputational damage, financial loss, loss of confidentiality or other significant economic or social disadvantage.

International Transfers

Whilst TREATLY® is a British company, we provide products and services to individuals from all around the world and some of our authorised third party suppliers are based outside of the European Union, Iceland, Norway or Lichtenstein (including in the USA and Canada). Accordingly, your personal data may be transmitted outside of the country, state, or province in which you are located and outside of the European Economic Area (EEA). When we do this we ensure a similar degree of protection to that which Personal Data has in Europe, or, where we use third party agents/ services based in the United States, we may transfer data to them if they are part of Privacy Shield. For further details of this visit www.privacyshield.gov

How long do we keep your data?

Unless we receive a valid erasure request, we will retain your data for the length of time it is necessary to fulfil the legitimate business interest and purpose for which it was collected, including providing you with services as well as any accounting, reporting, audit, dispute resolution or legal requirements. After this time we dispose of your personal data securely. Please note, we are legally required to keep basic customer data (identity, contact, financial and transaction data) for tax purposes for at least 6 years from the date they were last a customer with us. Our data retention policy was determined through careful consideration of the nature/sensitivity of any personal data we hold, the risk of potential harm from its unauthorised use/disclosure, the relevant legal requirements and whether that purpose could be fulfilled through other means e.g. anonymised data. If your data has been anonymised (i.e. it cannot in anyway be identified as you) then we may hold it indefinitely for statistical purposes.

WHAT ARE YOUR LEGAL RIGHTS?

Your legal rights as an individual include the following:-

The right to be informed

You have the right to be informed as to how we intend to use your personal data which we must do both in this document and when the data is being gathered. We cannot assume consent or take consent for granted.

The right of access to your personal data

This enables you to request and receive (usually free of charge) a copy of the personal data we hold about you and to ask how we make use of it to check that we are processing it lawfully. This is often referred to as a data Subject Access Request (SAR).

The right of rectification

This enables you to request the correction of any inaccurate or incomplete personal data that we hold about you. However, we may need to verify that the new data provided is accurate. We may need to inform third parties of the rectification where we have disclosed the data to them. We also need to make you aware of the third parties whom we have disclosed data to (where appropriate).

The right of erasure of your personal data (the right to be forgotten)

This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it or where you have successfully exercised your right to object to processing (see below). However, please note that in some circumstances we may not be able to comply with your request of erasure where there are specific legal reasons. If this is the case, you will be notified as such during the response to your request.

The right to restrict the processing your personal data

This means that in certain circumstances you can allow us to store your data but also state that we are not allowed to process that data for any reason. It enables you to request that we suspend the processing of your personal data in the following scenarios:

You require that we hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims
You would like us to establish the data's accuracy
Our use of the data is unlawful but you do not want us to erase it
You have objected to our use of your data but we need to verify whether or not we have overriding legitimate grounds to use it

The right to object to processing of your personal data

You have a right to object to the processing of your data where we are relying on a legitimate interest of ours (or those of a third party) and there is something about your particular situation which give you the grounds to do so (as you feel it impacts on your fundamental freedoms and rights). You also have the right to object where we have processed your information unlawfully (including that not in compliance with local law) or for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

The right to data portability

You can request the transfer of your personal data to you or to a third party. We will then provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

The right not to be subject to automated decision-making including profiling

There are safeguards in place against the risk that a (potentially damaging) decision is taken without human intervention.

The right to withdraw consent at any time

Where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

The right to lodge a complaint with a supervisory authority

You have a right to lodge a complaint about our practices with respect to your personal data with the Information Commissioner's Office (ICO).

When will we respond to one of these requests?

We aim to respond to all legitimate requests within one month. For particularly complex requests, or if there are multiple requests from you, it may take us longer. If this is the case, we will notify you as such and keep you updated.

What do we need from you?

To help us confirm your identity, to speed up our response and as a security measure to ensure your right to access your personal data (or any other right) we may need to contact you to request specific information from you. This is to make sure that personal data is not disclosed to someone who doesn’t have the right to receive it.

How much will it cost you?

No fee will usually be required to access your personal data or exercise any of the other rights. However, we may refuse or charge for requests that are manifestly unfounded, repetitive or excessive. If we refuse a request, within one month we will tell you why and that you have the right to complain to the supervisory authority and to a judicial remedy.

If you would like to exercise any of the rights listed here, please contact us at info@treatly.uk

QUESTIONS AND CONTACT INFORMATION

If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information regarding how we collect, use, protect or share your Personal Data, contact our Data Protection Officer at info@treatly.uk or by mail at: The Goddess Project, 27 Newton Road, Knowle, Solihull, B93 9HL.

COOKIES

Your consent status

WHAT ARE COOKIES?

At TREATLY® your Privacy is of paramount importance to us. We understand that you may be concerned about any monitoring of your online activity. One of the most common ways for a website to track and save information about their visitors is through the use of cookies. These are small files of text, mostly encrypted for privacy purposes, used to store information between visits to a website. Personal details like contact info or credit card numbers are not stored in cookies but they do include things like your IP address, Internet Service Provider, browser type and version, device specific information, the pages you visit etc.

We use multiple cookies on this website including strictly necessary, performance, advertising and social media/ content cookies. Cookies do improve your experience of our site by remembering action preferences, e.g. login selection, so that you don’t have to repeat these. They also provide valuable information to us on how our customers use the site so that we can better serve you. Read more about how we use the data we collect through these technologies in our Privacy Policy below.

There are other similar technologies to cookies such pixel tags or web beacons but for the purpose of this Cookies & Privacy Policy, we refer to these technologies individually and collectively as “cookies”.

WHAT COOKIES DO WE USE AND WHY?

Here is a list of cookies that we use. We’ve listed them here so that you can choose if you want to opt-out of cookies or not.

Cookies Necessary for the Functioning of the Store:

Some cookies are essential if you want to browse our website, use its features, and access secure areas like our subscription portal. Examples include:-

User-input cookies - keep track of your inputs when filling in forms over several pages so they don’t get lost
Authentication cookies - sessional or persistent (if you tick the “remember me” box) so that you can gain access to authorised content across multiple pages and authenticate easily on subsequent visits to the site.
User-centric cookies - detect e.g. repeated failed login attempts for security purposes
User interface customisation cookies - store user preferences across web pages
Load balancing session cookies – used during the session to redirect user requests by identifying the same server in the pool

Name _____	Function _______
_ab	Used in connection with access to admin.
_orig_referrer	Used in connection with shopping cart.
_secure_session_id	Used in connection with navigation through a storefront. unique token, sessional, Allows our website provider to store information about your session (referrer, landing page, etc).
Cart	Used in connection with shopping cart. unique token, persistent for 2 weeks, Stores information about the contents of your cart.
cart_sig	Used in connection with checkout.
cart_ts	Used in connection with checkout.
checkout_token	Used in connection with checkout.
Secret	Used in connection with checkout.
Secure_customer_sig	Used in connection with customer login.
storefront_digest	Used in connection with customer login. unique token, indefinite. If the shop has a password, this is used to determine if the current visitor has access.

Reporting, Analytics, Advertising & Social Media

To give you a great experience when using our site and to help us improve over time, we use reporting/analytics cookies to collect info regarding how often and how you use our site. These are just stats and do not directly identify you.

First party analytics cookies – used to improve our site, to estimate how many unique visitors we are getting, to target you with online marketing and to detect the words that people used to search on Google and other search engines that led them to our website
Third party analytics cookies – e.g. Google Analytics are used to understand how people interact with our website. We do not control third party cookies. For additional information on this click here

Advertising cookies “remember” when you visited our website and we may share this information with third-parties to tailor marketing to you and your interests, providing you with more relevant ads and a more personalised service. For more information on how this works click here

Advertising Social and content cookies are used by social media channel plugins e.g. Instagram “Follow” button, Facebook “like” button etc. which improves the interaction between our site and social channels. Some of these third party services also use cookies for things like advertising and reporting.

	Name ______		Function _________
	_landing_page		Track landing pages.
	_orig_referrer		Track landing pages.
	_s		Shopify analytics.
	_shopify_fs		Shopify analytics.
	_shopify_s		Shopify analytics.
	_shopify_sa_p		Shopify analytics relating to marketing & referrals.
	_shopify_sa_t		Shopify analytics relating to marketing & referrals.
	_shopify_uniq		no data held, expires midnight (relative to the visitor) of the next day, Counts the number of visits to a store by a single customer.
	_shopify_visit		Used by our website provider’s internal stats tracker to record the number of visits
	_shopify_y		Shopify analytics.
	_y		Shopify analytics.
	tracked_start_checkout		Shopify analytics relating to checkout.
_________ Third Party _________		___________ Description ___________	_____________ Privacy Policy _____________
Google Analytics		We use Google Analytics to help measure how users interact with our websites.	https://policies.google.com/privacy
Facebook Custom Audiences		We use Facebook Custom Audiences to deliver targeted advertisements to individuals who visit our websites.	https://www.facebook.com/policy.php
Facebook Connect		We use Facebook Connect to allow visitors to our website to interact with and share content via Facebook’s social media platform.	https://www.facebook.com/policy.php
Pinterest		We use Pinterest to allow visitors to our website to interact with and share content via Pinterest’s social media platform.	https://policy.pinterest.com/en/privacy-policy
Twitter		We use Twitter to allow visitors to our website to interact with and share content via Twitter’s social media platform.	https://twitter.com/en/privacy

HOW LONG DO COOKIES LAST?

How long a cookie stays on your mobile device or computer depends on if it is a “session” or a “persistent” cookie. Session cookies last until you stop browsing and persistent cookies last until they are deleted or expire (whichever is the sooner). Most of the cookies used on this site are persistent and last (unless controlled by you the user) between 30 mins and 2 years from the date they are downloaded on to your mobile device or computer, after which time they expire. The next section details more information on how to control cookies.

HOW TO CONTROL COOKIES?

You can edit, disable or completely delete, cookies from your mobile device or computer using the settings within your internet browser. Most browsers accept cookies automatically, but you can amend this through your browser controls usually accessed via “Preferences”, “Tools” or “Options”. You can always choose to prevent us from collecting your cookie information by turning off the feature in your browser or by ceasing using our services. Please note, however, that blocking or removing cookies can reduce your user experience of the site. See www.allaboutcookies.org for further details on how to do this. If you would like any further information on Cookies you can visit:- https://ico.org.uk/for-the-public/online/cookies/ http://ec.europa.eu/ipg/basics/legal/cookies/index_en.html or http://www.youronlinechoices.com/uk/

Please be aware that because there is no consistent industry understanding of how to respond to “Do Not Track” signals, we do not alter our data usage and collection practices when we detect such a signal from your browser.