Nifty Fashion & Trends is an online shop provided by the company Catherine Bennewitz & Christian Bennewitz GbR, registered in Germany (Collective referred to as “Nifty”, “We” “Us” in this policy)
Maintaining the security of your data is a high priority at Nifty, and we are committed to respect your privacy rights and want to be transparent about what data we collect about you and how we use it. This policy applies when you visit our website and shares information with you on how we use your data, what we collect, how we ensure privacy is maintained and your legal rights relating to your personal Data.
What Personal Data Do We Collect
Nifty may collect the following information about you:
- Your name, age/date of birth and gender
- Your contact details: postal address, billing address and despatch address (if different), telephone numbers (including mobile number) and e-mail address
- Purchases and orders made by you
- Your browsing activity while on the Nifty website
- Your password if you create a registered account (not compulsory)
- Payment details (your card information is not held by us, it is collected by our third party payment processors, who specialise in the secure online capture and processing of credit/debit card transactions)
- Marketing and communication preferences
- Feedback and survey responses
- Reviews of our products or services
- Location via IP Address
- Device information when navigating our website
This list is not exhaustive and we may collect additional information under specific instances. Some of the above data is collected directly, for example if you email our customer services team or create a order. Other personal data is collected indirectly, for example through your browsing and shopping on our site. We may also collect personal data from third parties who have your permission to pass your details to us, or from publicly available sources.
How We Collect Information About You
When you visit our website we may automatically collect information about your computer, including your ip address, information about your visit, your browsing history, and how you use our website. This information is combined with other information for example, completing contact forms or when you order, we need to have your name, e-mail address, card number and card expiry date. Without this information we will not be able to process your request or notify you of acceptance of your order. A contact telephone number may also be required so that we may contact you urgently if there is a problem with your order.
How We Use Your Personal Information
We use personal information about you for the following purposes:
- When processing your order or contact query
- Providing information about our products which can be personalised based on the information we have collected about you
- To verify your Identity
- For crime and fraud prevention, detection and related purposes
- The effectiveness of the advertising we serve you and others
- Make suggestions and recommendations to you and other users of our site about the products we offer
- With your agreement, to contact you electronically or through the post with promotional offers and products we think may interest you. so that you have exclusive access to our best deals. We use the information we have about you to tailor the content and try to ensure that the offers are as relevant to you as possible. If you would not like to receive these notifications, please select the relevant tick box at the basket/checkout page. For emails, You can unsubscribe from all communications by simply clicking on the unsubscribe link placed in the end of every email communication we send. If, in the past, you have chosen to be notified and you no longer wish to receive correspondence from us please send an email to firstname.lastname@example.org and we will update your preferences
We may analyse your information to create a profile of your interests, preferences and purchase history so that we can contact you or provide you on your visit with more relevant products and information that would be interesting for you. We may source additional information from 3rd parties to enhance this.
If you would like to know more about this process then please contact email@example.com
Security Of Your Data
We follow a tight security procedure as required under UK Data Protection Legislation (the Data Protection Act 1998) and in Article 32(1)GDPR to protect the information that we store about you from unauthorised access. Our secure payment is via the highly respected and secure Klarna online payment system and information between you and us is 256 bit encrypted. We perform daily malware scans and restrict data access and have an internal confidentiality policy as follows:
Within Nifty we protect your privacy in 4 ways:
1. Access to customer account information is limited to those who need access for the performance of their job
2. We use full login and password controls on our sales control system
3. All full and part-time employees are required to sign a confidentiality clause as part of their terms of employment with the company
4. Confidentiality and database access controls are reviewed periodically and updated as required to further protect your personal data
3rd Party Data Access
As with many businesses Nifty relies on a number of core service providers who held fulfill our promise to you when you place an order, these may include our delivery partners such as Royal Mail and Amazon Fulfillment (FBA), our payment gateway and others within IT infrastructure and marketing services to help our business run smoothly and create a good experience for you.
Nifty may use the services of third parties to collect and use anonymous information about User visits to and interactions with our website through the use of technologies such as cookies, as set out above, to personalise advertisements for goods and services. To learn more, or to opt-out of receiving advertisements tailored to your interests by our third party partners, visit the European Interactive Digital Advertising Alliance at http://youronlinechoices.eu.
Where data is shared with third parties we aim to ensure that this transfer is as secure as possible, we will conduct an audit of this process and potential impact on you plus we require all 3rd parties we work with to have a contract which outlines their compliance with appropriate data protection laws and that the use of the data is only used in relation to the purpose it is meant. Such as:
If, for any reason, you are unsure about the personal and account information we are holding in your name, please contact our customer service team. They will happily review your file and update the records if required whether this is simply updating incorrect or out-of-date information or opting out of communications. You can contact our customer service team by email.
Right of Access – in accordance with Article 15 GDPR, you are entitled to obtain information, free of charge, about your saved data, where applicable, has a right to the correction, blocking, deleting of data (Article 5 (1 d), e) Article 12 and 17-19 GDPR). On Request Nifty shall inform the user in line with Valid Law in Writing of the User’s personal data (after appropriate security check to prove identity) we have saved. To request information that we may hold on you please email firstname.lastname@example.org with the subject line “Right of Access Request”. We will have 21 days (unless complex this can then be extended for 2 months) to respond to your request and will provide it in a common electronic format (CSV)
Right to lodge a complaint – In accordance to Article 77 GDPR. You have the right to complain to a supervisory body if you feel your data is being misused. Contact the ICO (Information Commissioners Office) for more information. We would hope that you would discuss with us any concerns so that we could look to rectify before it gets this far.
Right to Data Portability – In accordance to article 20 GDPR. You have the right to receive the personal data concerning yourself which you have provided to BAM as the data controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.
Right to be Forgotten – In accordance with Article 17 GDPR, You have a right for your data to be forgotten and erased (anonymised personal data) from our systems. if you would like this to happen please email email@example.com with the Subject Line “Right to be Forgotten Request”. We will need to confirm your identity before doing this and we will be extremely sorry to see you go. Please note under some circumstances we may be able to refuse this request for example the HMRC requires companies to keep records of VAT for up to 6 years.
Please note that the data cleansing process is total and we will have no records of your previous interaction. This is specific interest to rules following the Right to be Forgotten, which in turn may mean that we can legally acquire your data from opted-in sources at a later date with no knowledge that you were once a previous customer.
Please note, as advised by the ICO an Audit log comprising of just a name, plus the date the request came in, is kept for any access requests. A name on its own is not classed as personal identifiable information.
Our cookies do not contain any personal information about you and are used only to determine your browser and user preferences for our site. We believe that this can greatly assist us in providing you with the service that you desire and to enhance your browsing experience. However, if you prefer, your browser software should enable you not to accept cookies. You should still be able to use our site without cookies enabled.
Our cookies help us:
- Make our website work as you'd expect, load quickly and be safe and secure
- Save you having to login every time you visit the site, if you have created an account
- Remember your settings during and between visits
- Continuously improve our website for you
- Marketing more efficient and personal to you
- Collect any personally identifiable information (without your express permission)
- Collect any sensitive information (without your express permission)
- Pass personally identifiable data to third parties
What are cookies?
A cookie is a small text file that a website saves on your computer or mobile device when you visit the site. It enables the website to remember your actions and preferences (such as login, language, font size and other display preferences) over a period of time, so you don’t have to keep re-entering them whenever you come back to the site or browse from one page to another. to find out more please visit http://www.allaboutcookies.org/
The Types of Cookies we use?
There are two types of cookies, firstly session cookies and persistent cookies. Session cookies are created temporarily in your browser's subfolder while you are visiting a website. Once you leave the site, the session cookie is deleted. On the other hand, persistent cookie files remain in your browser's subfolder and are activated again once you visit the website that created that particular cookie. A persistent cookie remains in the browser's subfolder for the duration period set within the cookie's file, these could be from a few hours and days, to months and years depending on its purpose.
First Party Cookies:
These are set by our website and enable you to shop our site such as making our shopping basket and checkout pages work, and sees whether you are logged in or not. There is o way to remove these cookies other than not using our site.
3rd party cookies:
These are cookies which are provided by software and services which enable us to offer enhancements and improvements to our website, or continue to market effectively to you when you leave, such as Google or Facebook. Disabling these cookies will likely break the functions offered by these third parties.
How to control cookies:
You can control and/or delete cookies as you wish – for details, see aboutcookies.org. You can delete all cookies that are already on your computer and you can set most browsers to prevent them from being placed. If you do this, however, you may have to manually adjust some preferences every time you visit a site and some services and functionalities may not work.
Legal Basis for Nifty processing Customer Data
Nifty collects and uses customers’ personal data because it is necessary for the purposes of complying with our duties and exercising our rights under a contract for the sale of goods to a customer; or complying with our legal obligations. In general, we only rely on our legitimate interest or permission (e.g. when you tick a box to receive our Newsletters) as a legal basis for processing in relation to sending direct marketing communications to customers via post, email or text messages. Customers have the right to withdraw consent at any time. Where consent is the only legal basis for processing we will cease to process data after consent is withdrawn.
Our Legitimate Interests:
It is necessary for the legitimate interests of Nifty to process customer data as follows:
- Selling and supplying goods and services to our customers
- Protecting customers, employees and other individuals and maintaining there safety, health and welfare
- Promoting, marketing and advertising our products and services
- Personalising communications or content within emails and onsite
- Understanding customers behavior, activities, preferences and needs
- Improving existing or developing new products and services
- Complying with legal and regulatory obligations
- Preventing, Investigating and detecting crime, fraud, or anti-social behavior and prosecuting offenders, including working with law enforcement agencies
- Protecting Nifty, its customers, suppliers and employees, by taking appropriate legal action against third parties who have committed criminal acts or are in breach of legal obligations to Nifty
- Fulfilling our duties to our customers, colleagues, shareholders and other stakeholders
Data Retention Policy
Any information relating to your account (including order history, communications and correspondence records) is kept while you are still an active customer. If you have not bought within 6 years all data will be safely destroyed. We hold very little paper records but any relevant materials will be shredded. Electronic data sets will be deleted or anonymised from master sources and backups. An automated process to identify, alert and process these deletions is in place.
Please note that the data cleansing process is total and we will have no records of your previous interaction. This is specific interest to rules following the Right to be Forgotten, which in turn may mean that we can legally acquire your data from opted in sources at a later data with no knowledge that you were once previous customer.
Please note that within our website are a number of external links to other websites and companies, if you click on these then you will be subject to that 3rd parties privacy policies and not Nifty.
This page was last updated: 05/01/2021