Who are we?
Shade Shack (“We”) are committed to protecting and respecting your privacy.
Shade Shack is an online retailer of sustainable eyewear.
Shade Shack is responsible for your personal data, which means that we design the purposes and ways of the processing of your personal data, as detailed below.
Your personal data
Personal data is a term used to describe any information that could, reasonably, be used to identify you.
Using the Shade Shack website allows us to collect personal data about you through a variety of different ways:
- Automated data collection. Certain information can be ascertained without you needing to consent, such as your IP address, geographical location and what browser software you are using.
- Voluntary data submission. Information that you willingly give us, such as your name, email address and residential address. This is most commonly collected during a purchase.
- Third-party information. Data may be collected about you from third parties, as set out below.
Data we collect
We reserve the right to collect, store and use, where appropriate, information about you that could fall into one of the following categories:
- Contact data – names, addresses, email addresses and phone numbers.
- Financial data – billing addresses, payment details and phone numbers.
- Marketing and communications data – contact data, photos and images.
- Technical data – IP addresses, login data, computer operating system data, browser types, time zones, country location and cookies and usage data.
Shade Shack uses such data to:
- Monitor service usage
- Notify you about changes to our service
- Provide personalised customer support
- Gather vital information that will help to develop our service
- Identify technical and user issues, leading to rectification
- Keep you up to date with relevant offers, news and promotions, unless you have opted out of such communications.
If you buy Shade Shack products as a gift, we will collect contact data about the recipient.
Your contact data will be collected and retained if you enter a Shade Shack competition or promotion.
We may choose to receive data from third-party analytics providers, in a bid to understand demographic information and user experiences.
Data we will not collect
Special categories of personal data are explicitly NOT collected by Shade Shack. This includes, but is not limited to sexual orientation, ethnicity, health and criminal convictions.
As an e-commerce website, ShadeShack.com is not intended for the use of children, however, as we offer eyewear for younger customers, we may use data and images. We are transparent in our use of such imagery and data and always seek to safeguard the children in question, with parents and guardians being informed in a clear way as to the implications of allowing us to use such data.
What if you withhold your data?
If law or virtue of a sales contract that we are entering into with you requires us to collect personal data and you refuse it, we may have to terminate our agreement. This could mean a cancelled transaction and non-supply of our products, but you will be informed.
Data needed for specific contractual obligations
See below for a transparent account of which data types are needed for specific parts of a transaction.
- Contact data
- Financial data
- Contact data
Return of product(s):
- Contact data
- Financial data
Sending of confirmation email(s), receipts and dealing with live requests:
1. Contact data
Sending of marketing communications (including email newsletters):
- Contact data
- Marketing and communications data
- Technical data
To maintain records in connection with legal claims and for regulatory, governance and compliance purposes:
- Contact Data
- Financial Data
We have a legitimate interest to use your contact data to get in touch for marketing purposes, including but not limited to sending our email newsletter. We will only use your contact data for relevant communications and you have the right to opt out from receiving these at any point.
We have a legitimate interest in using your personal data for social media purposes. We may repost images of people wearing our products, if they have tagged us, as well as lifestyle imagery. We will tag relevant social media users in our reposts and will strictly only use contact data that is relevant, such as a user’s real name.
We have a legitimate interest in using your personal data to contact you, should you win a competition that we have launched. We will use your contact data only and you are able to opt out from receiving other communications.
We have a legitimate interest in using data analysis to improve our website, communications and customer service offerings. Customer feedback is extremely important for continued satisfaction and your contact data might be used to ask your opinions.
If you would prefer that we don’t use your data in one or more of these ways, you can email us [here].
Third-party data usage
Once you have placed an order with us, we may need to share your personal data with relevant third parties. To send your order, for example, we will need to share your address with a postal service or courier.
We ask all third parties to treat your personal data with reverence and to use it in accordance with the law. We do not give our third party service providers explicit or implied permission to use your personal data for their own purposes and they are only given access to it for specific reasons.
Some third-party service providers, including payment gateways and transaction processors operate in line with their own privacy policies and we recommend that you acquaint yourself with them, to protect your data.
For a full list of the third parties that may access your personal data through Shade Shack, you can email us [here].
Not just a tasty snack! You are able to set your browser preferences to block or accept cookies, but please be aware that some parts of our website might not load properly if you disable them.
Our website may contain links to third-party websites which, when you click through, might collect and share your personal data. We cannot control this and recommend that you read their privacy policies.
We will always ask for your permission prior to sharing personal data for marketing purposes.
We take data security very seriously and will always seek to keep your information as secure as possible. For example, credit card information is encrypted, using secure socket layer technology (SSL).
Please note that no method of transmission over the internet can be considered 100% secure, but we follow all legal requirements and seek to implement other accepted industry standards.
We consider your personal data to be confidential, which is why only those employees that need access to it, will have it granted.
In the unlikely event of a data breach, we will inform you and relevant regulatory bodies, in order to rectify the situation, minimise risk and revise data security policies.
International data usage
If we need to transfer your personal data out of the European Economic Area (EEA), we will always try to ensure that similar levels of data security are being implemented.
We will never retain your data for longer than we need to. To calculate a relevant period of time, we look at numerous factors, including risk of security breach, sensitivity of the data and how much data we hold.
By law we have to retain basic information about any and all customers, including both contact and financial data, for a period of six years after your last transaction.
In certain circumstances, you are able to request that we delete your personal data. Please see below for more information.
Your legal rights
Under data protection laws, you have a number of rights to be aware of. Please note that we may need to confirm your identity to release certain information.
Subject access requests – this allows you to receive a copy of the data we hold about you, so you can check it is being processed in accordance with the law.
Data amendment requests – this allows you to change incorrect information that is held about you or to fill in any missing information. It is likely that you’ll need to verify your identify and the information you are supplying.
Data erasure request – this allows you to ask that any and all information held about you is deleted without risk of retrieval. Please note that there might be legal reasons why your information cannot be deleted, but we will inform you if this is the case.
Data processing objection – if you feel strongly that your data being processed is infringing on our freedoms, you can lodge a request for the processing to stop. Please note that some cases, we may have legitimate reasons for overriding your request.
Data processing restriction – this allows you to pause data processing, if you have a security concern or are considering asking for data deletion.
Personal data transfer – you can ask us to provide you or a nominated third party with your personal data in a commonly used format. Please note that this is only applicable to automated information which you gave consent for us to use.
Data processing consent withdrawal – We will no longer process your data, if you withdraw your consent for us to do so. We will not be able to provide services to you any longer.
To exercise any of these rights, please email us [here], in the first instance.
We aim to respond to you within 30 days of receipt of your request, but in complex cases, this might be extended. We will keep you updated as to the progress of your request. You always have the right to make a complaint to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (ico.org.uk), though we do appreciate an opportunity to deal with your enquiry first.
It is unlikely that you will be asked to pay a fee for accessing your data, though special circumstances, such as repeated requests or exceptionally complicated cases may incur a reasonable charge.
What we may ask you for
In certain circumstances, we may need further personal information to confirm your identity. We may also ask to contact you directly in relation to this.
Changes should be considered as taking immediate effect, once published on the Shade Shack website. You will be informed of relevant changes, using your communications data.
Informing us of changes
It’s important that your personal data is accurate and up to date. If you need to make any changes, you can email us [here].
Change of purpose
Certain circumstances may require us to change the way we use your data, such as new company ownership. In this case, the new owners will be given your data, so that we can continue to ship products to you without disrupting service.
Please note we may need to disclose your personal information, if we are required by law to do so.