Security, Privacy & Cookie Policy

SECURITY, PRIVACY AND COOKIE POLICY

OVERVIEW

We collect personal information from you when you shop online at www.celticandco.com or if you place an order with us over the telephone. Maintaining the security of your data is a priority at Celtic & Co, and we are committed to respecting your privacy rights. We pledge to handle your data fairly and legally at all times. Celtic & Co. is also dedicated to being transparent about what data we collect about you and how we use it. By shopping with us, you are agreeing to our Privacy Policy. We are registered under the Data Protection Act as Celtic Sheepskin & Co Ltd. We will only use the information that we collect about you lawfully in accordance with the Data Protection Act 1998 and the General Data Protection Regulation 2018.

This policy, which applies whether you shop with us online or over the telephone, provides you with information about:

- how we use your personal information;

- what personal information we collect;

- how we ensure your privacy is maintained; and

- your legal rights relating to your personal information.

HOW WE USE YOUR PERSONAL INFORMATION

Celtic & Co. (and trusted partners acting on our behalf) uses your personal information:

- to provide goods and services to you;

- to make a tailored website available to you;

- to manage any registered account(s) that you hold with us;

- to verify your identity;

- for crime and fraud prevention, detection and related purposes;

- to contact you about promotional offers and products and services which we think may interest you;

- to enable Celtic & Co. to manage customer service interactions with you; and

- where we have a legal right or duty to use or disclose your information (for example in relation to an investigation by a public authority or in a legal dispute).

Marketing

Celtic & Co. uses your personal information for electronic marketing purposes and may send you postal mail to send you our catalogues or special offers

Celtic & Co. aims to update you about products & services which are of interest and relevance to you as an individual.

You have the right to opt out of receiving promotional communications at any time, by:

1. changing your marketing preferences HERE (www.celticandco.com/removeme)

2. making use of the simple “unsubscribe” link in emails; and/or

3. contacting Celtic & Co. via the contact channels set out in this Policy.

Please note that it takes 10 days for you to stop receiving our emails, two months to stop receiving Celtic & Co catalogues and up to three months to stop receiving third party mailings from the date you unsubscribe.

You can also subscribe to the Direct Marketing Association’s (DMA) Mailing Preference Service to stop receiving any future unsolicited direct mail entirely. This can be done at www.mpsonline.org.uk/mpsr/

We may analyse your browsing and purchasing activity online, and your responses to marketing communications. The results of this analysis, together with other demographic data, allows us to ensure that we contact you with information on products and offers that are relevant to you. To do so, we use software and other technology (automated processing).

Sharing data with third parties

a. Our service providers and suppliers

In order to make certain services available to you, we may need to share your personal information with some of our service partners. These include IT, delivery and marketing service providers.

Celtic & Co. only allows its service providers to handle your personal data when we have confirmed that they apply appropriate data protection and security controls. We also impose contractual obligations on service providers relating to data protection and security, which mean they can only use your data to provide services to Celtic & Co. and to you, and for no other purposes.

b. Other third parties

Aside from our service providers, Celtic & Co. will not disclose your personal information to any third party, except as set out below. We will never sell or rent our customer information to other organisations for marketing purposes. We will never pass your email address or telephone number on to a third-party for marketing purposes.

We may share your personal information with:

- similar companies to Celtic & Co. whose products we think will be of interest to you. We send a single catalogue to their customers and in return they can send a single catalogue to our customers. Your details will not be added to their mailing list unless you request it;

- data co-operatives including Epsilon Abacus (registered as Epsilon International UK Ltd), Sub2 and I-behaviour. Data co-operatives work by members sharing information on what their customers buy. The co-operatives analyse this pooled information to understand consumer’s wider buying patterns. From this information, members can tailor their communications and send consumers suitable offers that should be of interest to them, based on what they like to buy;

- credit reference agencies where necessary for card payments;

- governmental bodies, regulators, law enforcement agencies, courts/tribunals and insurers where we are required to do so: -

- to comply with our legal obligations;

- to exercise our legal rights (for example in court cases);

- for the prevention, detection, investigation of crime or prosecution of offenders;

- for the protection of our employees and customers;

International transfers

If we intend to transfer your information outside the EEA (European Economic Area) we will always obtain your consent first. This would be subject to special rules under data protection laws. We would ensure that the transfer was compliant with data protection law and all personal information would be secure.

How long do we keep your data?

We will not retain your data for longer than necessary for the purposes set out in this Policy. Different retention periods apply for different types of data, however the longest we will normally hold any personal data is 10 years since your last transaction from us.

WHAT PERSONAL INFORMATION DO WE COLLECT

Celtic & Co. may collect the following information about you:

- your name, age/date of birth and gender;

- your contact details: postal address including billing and delivery addresses, telephone numbers (including mobile numbers) and e-mail address;

- purchases and orders made by you;

- your on-line browsing activities on our website;

- your password(s) (passwords are fully encrypted, at no point are the unencrypted versions accessible);

- when you make a purchase or place an order with us, your payment card details. We use the latest secure server technology to ensure this information is protected to the highest standards;

- your communication and marketing preferences;

- your location;

- your correspondence and communications with Celtic & Co.; and

- other publicly available personal data, including any which you have shared via a public platform (such as a Twitter feed or public Facebook page).

Our website is not intended for children and we do not knowingly collect data relating to children.

This list is not exhaustive and, in specific instances, we may need to collect additional data for the purposes set out in this Policy. Some of the above personal information is collected directly, for example when you set up an on-line account on our websites, or send an email to our customer services team. Other personal information is collected indirectly, for example your browsing or shopping activity. We may also collect personal information from third parties who have your consent to pass your details to us, or from publicly available sources.

We randomly monitor and record telephone calls. This helps to ensure that we provide you with the highest level of services and maintain quality standards.

HOW WE PROTECT YOUR DATA

Our controls

Celtic & Co is committed to keeping your personal data safe and secure.

Our security measures include: -

- encryption of data;

- regular scenario planning and crisis management exercises to ensure we are ready to respond to cyber security attacks and data security incidents;

- security controls which protect the Celtic & Co. IT infrastructure from external attack and unauthorised access; and

- internal policies setting out our data security approach and training for employees.

WHAT YOU CAN DO TO HELP PROTECT YOUR DATA

Celtic & Co. will never ask you to confirm any bank account or credit card details via email. If you receive an email claiming to be from Celtic & Co. asking you to do so, please ignore it and do not respond.

If you are using a computing device in a public location, we recommend that you always log out and close the website browser when you complete an online session.

In addition, we recommend that you take the following security measures to enhance your online safety both in relation to Celtic & Co. and more generally:

- keep your account passwords private. Remember, anybody who knows your password may access your account.

- when creating a password, use at least 8 characters. A combination of letters and numbers is best. Do not use dictionary words, your name, email address, or other personal data that can be easily obtained. We also recommend that you frequently change your password. You can do this within your account section on our website.

- avoid using the same password for multiple online accounts.

YOUR RIGHTS

You have the following rights:

- the right to ask what personal information that we hold about you at any time,

- the right to ask us to update and correct any out-of-date or incorrect personal information that we hold about you free of charge; and

- (as set out above) the right to opt out of any marketing communications that we may send you.

If you wish to exercise any of the above rights, please contact us using the contact details set out below.

Legal basis for Celtic & Co. processing customers’ personal information

General

Celtic & Co. collects and uses customers’ personal information because it is necessary for:

- the pursuit of our legitimate interests (as set out below);

- the purposes of complying with our duties and exercising our rights under a contract for the sale of goods to a customer; or

- complying with our legal obligations.

Our legitimate interests

The normal legal basis for processing customer data, is that it is necessary for the legitimate interests of Celtic & Co. including:-

- selling and supplying goods and services to our customers;

- protecting customers, employees and other individuals and maintaining their safety, health and welfare;

- promoting, marketing and advertising our products and services;

- sending promotional communications which are relevant and tailored to individual customers;

- understanding our customers’ behaviour, activities, preferences, and needs;

- improving existing products and services and developing new products and services;

- complying with our legal and regulatory obligations;

- preventing, investigating and detecting crime, fraud or anti-social behaviour and prosecuting offenders, including working with law enforcement agencies;

- handling customer contacts, queries, complaints or disputes;

- managing insurance claims by customers;

- protecting Celtic & Co, its employees and customers, by taking appropriate legal action against third parties who have committed criminal acts or are in breach of legal obligations to Celtic & Co.;

- effectively handling any legal claims or regulatory enforcement actions taken against Celtic & Co.; and

- fulfilling our duties to our customers, colleagues, shareholders and other stakeholders.

CREDIT CARD ENCRYPTION

We accept online payment in a secure environment using Secure Socket Layering technology (SSL). All of the information sent to us as you browse our site, including payment and address information, is encrypted to safeguard your details. Encryption prevents other internet users from accessing this information. You can check that you are shopping in a secure environment by looking for either a locked padlock icon or an image of a key in the grey bar at the bottom of your screen.

The encryption technique we use is the highest standard available for e-commerce and certified by Thawte, part of the Verisign group - the world's most respected certification body for Internet firms. If you have questions regarding our credit card security policies, please call us on 0333 400 0044.

COOKIE POLICY AND USE OF COOKIES

A cookie is a small piece of data sent from a website and stored in your web browser. Many cookies are essential to the operation of celticandco.com, for example to allow you to make a purchase or create an account with us. Cookies on our site are also used to customise certain areas of content just for you, and to make your browsing experience more efficient and faster.

Ordering from Celtic & Co.’s website does require cookies to be enabled; without them you can browse the site and check the stock status but you cannot add items to your basket or wishlist.

Our cookies cannot harm your computer and we do not store personally identifiable information within them.

Below is a list of the various cookies that we use and what they do.

Cookie Name Description
ASP.Net_SessionID This cookie allows you to add items to your shopping basket or wishlist and create your order and to log in to view your order history.
_vwo_ds
_vwo_uuid
_vwo_uuid-v2 _vis_opt_s _vis_opt_test_cookie
These cookies are used by our Visual Website editor tool to test changes to website layout that will improve site experience and usability.
Scarab.mayAdd
Scarab.mayViewed
Scarab.visitor
These cookies identify customer behaviour onsite in order to offer a tailored website and email experience based on past behaviour and preferences.
Celtic_gelocation_preference This cookie is used to remember the customers preference of language and currency.
Saved-customer This cookie uses a number string to allow us to share basket details across devices. This way if an item is added on one device (say a mobile phone) and a customer logs in on their home computer, their basket details will be shared across the two. No personally identifiable information is stored in this cookie.
_GA
_GAT_
_dc_gtm_ _gid
These cookies are used to link to Google Analytics so we can monitor customer experience onsite and monitor the effectiveness of our marketing campaigns.
_uetsid This cookie is used to analyse marketing performance through Bing advertising.
S2Sv4
V1v4
V2v4 V3v4 V9v4
These cookies are used to interact with the SUB2 advertising network to better understand customer behaviour and offer targeted messages.
_RequestVerifificationToken This cookie helps prevent fraudulent activity.
Tms_VisitorId
Tms_wsip
These cookies communicate with Fresh Relevance technologies and are used to track customer behaviour and offer relevant communications based on past interactions with the website.
Fm-sess-live
Wisepops
Wisepops_session
viewedOuiBounceModal
These cookies are used to control the appearance and frequency of our website overlays (pop ups)

No personal data is stored in any of the cookies used, just unique numbers which, depending on the type of cookie, are used to analyse site usage or references which can then be associated with your account once you’ve signed in. If you’d prefer to restrict, block or delete cookies from celticandco.com, or any other website, you can use your browser to do this. Each browser is different, so check the ‘Help’ menu of your particular browser (or your mobile phone’s handset manual) to learn how to change your cookie preferences, or use the following guides for the most popular browsers:

Internet Explorer: http://windows.microsoft.com/en-GB/windows-vista/Block-or-allow-cookies

Google Chrome: http://support.google.com/chrome/bin/answer.py?hl=en&answer=95647

Mozilla Firefox: http://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences?redirectlocale=en-US&redirectslug=Enabling+and+disabling+cookies

For more information about cookies and instructions on how to manage or disable cookies see http://www.allaboutcookies.org

THIRD PARTY COOKIES

We currently use third party cookies to allow us to track visitor behaviour and offer certain website services.

If you would like to disable 'third party' cookies, you can turn them off by going to the third party's website and getting them to generate a one-time 'no thanks' cookie that will stop any further cookies being written to your machine. Below are links to the third parties we use:

HOW TO CONTACT US

If you have any questions about how Celtic & Co. uses your personal information that are not answered here, or if you want to exercise your rights regarding your personal information, please contact us by any of the following means:

- phone us on: +44 (0)333 400 0044

- e-mail us at: dataprotection@celticandco.com

- write to us at: The Data Protection Officer, Celtic & Co, Newquay, Cornwall, TR7 2SX, United Kingdom

You have the right to lodge a complaint with the Information Commissioner’s Office. Further information, including contact details, is available at https://ico.org.uk.

UPDATES

This policy was last updated in April 2018