Customer Privacy & Cookie Notice

Customer Privacy and Cookie Notice

We take the privacy of your personal data very seriously. Please read this privacy notice carefully as it contains important information on who we are and how and why we collect, store, use and share your personal data. It also explains your rights in relation to your personal data and how to contact us or supervisory authorities if you have a complaint about the use of your personal data.

The controller for your personal data is MAGNIFY DISTRIBUTION Limited (XULA UK).

If you have any questions about this privacy notice or the personal data, we use about you please contact us using the details below:

by email to: xula@magnifybrands.co.uk 

If you have any concerns about the way we have handled your personal data, you have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues, by contacting them at www.ico.org.uk.

We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.

We regularly review this privacy notice and will update it where necessary. This privacy notice was last updated on 08 September 2021

  • When will this privacy notice apply?
  • This privacy notice will apply to the personal data we collect and process when you:

    visit www.xula.co.uk (Our Website);

    purchase XULA masks from Our Website;

    sign up to receive communication via Our Website;

    email our customer service team regarding purchases or make an enquiry relating to XULA UK;

  • What is the lawful basis for using your personal data?
  • Processing of personal data will be lawful only if one or more of the following lawful bases for processing applies:

    processing is necessary for the performance of a contract which you are party to or to take steps at your request prior to entering a contract;

    for compliance with a legal obligation to which XULA UK is subject;

    for the purposes of XULA UK’s legitimate interests or those of a third party (such as advertising agencies), but only if these are not overridden by your interests, rights or freedoms; or

    you have given your consent to the processing of your personal data for the processing detailed in this privacy notice.

    The table below sets out the personal data we process, why we use your personal data and the lawful basis we will rely on.

     

    Personal data

    What we use your personal data for

    Lawful basis

    Basic contact details as provided to us by you:

    full legal name;

    telephone number;

    email address; and

    postal address*

    • To enable us to process your online or purchase
    • To enable your purchased item to be delivered
    • To contact you to resolve any issues regarding your order

    For the performance of our contract with you or to take steps at your request before entering into a contract

    • To enable us to contact you via your preferred contact details
    • To keep you updated about out of stock items
    • To keep you updated on new products, services and offers
    • To send you a digital receipt
    • To answer any query, you have raised with us not relating to an order

    For our Legitimate interests to enable us to provide a high standard of customer service to you and keep up to data with the latest products and services of XULA UK.

    Consent – where you have signed up for marketing on Our Website 

    Transactional and billing information*

    To take payment purchases

    For the performance of our contract with you or to take steps at your request before entering into a contract

    To prevent and detect fraud against you or XULA UK

    For our legitimate interests or those of a third party, to minimise fraud that could be damaging for us and for you

    To record and monitor purchases

    For our legitimate interests or those of a third party to minimise fraud that could be damaging for us and for you

    Other processing necessary to comply with professional, legal and regulatory obligations that apply to our business

    To comply with our legal and regulatory obligations

    Your feedback on your purchases or shopping experience, including your purchase and personal opinions

    To improve our products and services based on customer feedback

    For our legitimate interests to improve our products and ensure we deliver the best service to you

    IP address using Our Website*

    Preventing unauthorised access and modifications to systems

    For our legitimate interests or those of a third party, to prevent and detect criminal activity that could be damaging for us and for you

    To monitor use on Our Website

    For our legitimate interests to analyse or customer spend and behaviour to improve our services

    Your contact history, purchase history and saved items

    To analyse customer behaviour and to ensure we send you the most appropriate and relevant information regarding promotional offers

    For our legitimate interests making sure that we can keep in touch with our customers and send them relevant information about existing orders and new products

    Marketing preferences

    Updating and enhancing customer records

    For our legitimate interests or those of a third party, making sure that we can keep in touch with our customers about existing orders and new products

    To maintain a suppression list ensuring we are not sending marketing information to individuals who have opted out

    To comply with our legal and regulatory obligations





  • What personal data must you provide to us as part of a statutory/regulatory or contractual requirement?
  • In certain circumstances you may be obliged to provide us with personal data and if you fail to provide the personal data, when requested, we may not be able to fulfil your purchase order or assist with your enquiry. Where this is the case we have identified these instances in the table above with an “*.”

  • Credit card and debit card information
  • All payment details are sent to and managed securely by our third party payment service provider. XULA UK will only retain the card type and last four digits as a reference of the purchase.

  • What special category or criminal data does XULA UK process about you?
  • We do not collect or process any special category or criminal data relating to our customers.

  • Promotional communications and direct marketing
  • When we are permitted to do so we may use your personal data to send you updates (by email, text message, telephone, or post) about our products and services, including exclusive offers, promotions or new products and services.

    When you provide your personal data in order to make a purchase online, or sign up for our newsletter via Our Website, XULA UK will use these details to send you emails relating to similar products and offers that we think will be of interest to you.

    You will be able to opt out of us using your personal data to send you promotional communications:

    1. at the point we collect the personal data (when you make a purchase);
    2. via the Unsubscribe link on all marketing emails; or
    3. by emailing xula@magnifybrands.co.uk 

    Please note even if you opt out of promotional communications, as a customer of XULA UK we will still send you service messages. This communication will be routine customer service messages and will include information about a current/past purchase, delivery information or service interruptions.

  • Different types of cookies
  • We have classified our cookies into two different types; First and Third party cookies. First party cookies are the cookies that XULA and Shopify set to offer you a fully functional experience when shopping our site.

    We also use functional cookies to remember choices you’ve made or information you’ve provided, such as your username, language, or the region you are in. This allows us to tailor your website experience specifically to your preferences. For example, authentication cookies are functional cookies that are used for the duration of a session (or persistent, if you agree to the “remember me” function) to allow users to authenticate themselves on subsequent visits or to gain access to authorized content across pages. The functional cookies we use include:

     

    User-centric security cookies to detect authentication abuses for a limited persistent duration, like repeated failed login attempts. These cookies are set for the specific task of increasing the security of the service.

    Multimedia content player session cookies (flash cookies) are used for the duration of a session to store technical data needed to play back video or audio content (e.g. image quality, network link speed, and buffering parameters).

    Load balancing session cookies are used for the duration of the session to identify the same server in the pool in order for the load balancer to redirect user requests appropriately.

    User interface customization persistent cookies are used to store a user’s preference regarding a service across web pages.

    ''Shopify is dedicated to user experience and we use many tools to help us improve our website. To this end, we use performance cookies to collect information about how you use our website and how often. These cookies only gather information for statistical purposes and do not gather any information that can personally identify you. However, because these cookies are not strictly necessary for the use of our website, we require your consent to use them. The performance cookies we use include:

    First party analytics cookies - We use these cookies to estimate the number of unique visitors, to improve our website and to detect the most searched for words in search engines that lead to a webpage. These cookies are not used to target you with online marketing. We use these cookies to learn how our website is performing and make relevant improvements to improve your browsing experience.

    We also use Google Analytics and other third-party analytics providers to help measure how users interact with our website content. These cookies “remember” what our users have done on previous pages and how they’ve interacted with the website. For more information on Google Analytics, visit Google’s information page. For instructions on how opt out of Google Analytics, see below.

    Targeting cookies are used on our website to tailor marketing to you and your interests and provide you with a more personalized service in the future. These cookies remember that you visited our website and we may share this information with third-parties, such as advertisers. Although these cookies can track your visits to our website and other sites, they typically cannot personally identify you. Without these cookies, the advertisements that you see may be less relevant and interesting to you. We do not use third-party advertising cookies.

    Finally, Social plug-in tracking cookies are used by many social networks that have “social plug-in modules”. We integrate these modules into our platform to provide services than can be considered as “explicitly requested” by our users. Your consent, however, is required because some third-party social plug-in tracking cookies are used for things like behavioural advertising, analytics, and/or market research.''

    Shopify (2018: https://www.shopify.co.uk/legal/cookies)

    We work with carefully selected suppliers who also use cookies on our website. These cookies enable certain features that are run in conjunction with partners such as Facebook, Twitter & YouTube to function. We don't control the setting of some of these cookies so for more information about please visit the relevant third-party website. Below is a list of the main cookies that our partner suppliers use and what they use them for. We are currently auditing use of third party cookies and we will update this section.

    We have tried to ensure that you our customers have full visibility of the cookies used on our website. Our website requires certain cookies to be enabled for you to be able to shop on www.xula.co.uk however if you would like to restrict or block cookies from this website you can use your browser to do so. Each browser allows you to restrict or block cookies in different ways so we recommend that you visit the Help section to learn how to set your preferences.

    For further information about cookies and how to manage them visit www.allaboutcookies.org.

    GDPR

    HOW DOES THE GDPR AFFECT OUR CUSTOMERS?

    At XULA UK we treat your privacy, security and data with the upmost respect and care. The privacy and security of your personal information is very important to us. We want to assure you that your information will be properly managed and protected whilst in our hands. 

    The General Data Protection Regulation (GDPR) affects us as a Shopify merchant being based in Europe and by serving European customers in the process. It takes into account Data Protection and enhances your digital security in all aspects. We will continue to make sure your data is safe in every aspect of our Business and will frequently update our policies to ensure privacy.

  • Who we share your personal information with?
  • We will share your personal data with other companies in order for them to fulfil services for us.

    We share your personal data with the below companies:

    1. our delivery providers;
    2. our online payment providers;
    3. our customer issue tracking tool provider;
    4. our customer reviews provider;
    5. our customer database system providers;
    6. our digital marketing tool providers, such as email service provider;
    7. our website platform provider;
    8. our website app providers, for services such as wish list;
    9. our order fulfilment providers;
    10. marketing service providers, for example those used to help us generate online advertisements.

    We only allow our service providers to handle your personal data on our behalf if we are satisfied they will take appropriate measures to protect your personal data. We also impose contractual obligations on service providers to ensure they only use your personal information to provide the requested service. They are not able to use your personal data for their own purposes unless you have a separate agreement with them directly to provide a service in their own right. These might include payment service providers with whom you have signed up for an account, such as Amazon Pay, PayPal, Klarna or others.

    In certain circumstances we may disclose and exchange information with law enforcement agencies to comply with our legal and regulatory obligations.

  • Sharing your personal data with Facebook
  • We place adverts on Facebook and Instagram. To make sure our adverts are seen by people who are most likely to be interested in them, we share your ‘hashed’ email address with Facebook. Emails are hashed so that they are secure. Facebook uses hashed email addresses to match our customers with Facebook accounts so that we can serve our adverts to you via Facebook and Instagram.

    Facebook also uses hashed email addresses to analyse our customers so that we can target adverts to individuals who share similar interests or characteristics. Facebook does not share any personal data with us.

    If you do not want your information to be used in this way you can opt out at any time by emailing xula@megnifybrands.co.uk  

  • How long will your personal data be kept?
  • We will only keep your personal data for as long as is necessary for the purposes for which it was collected. In order to determine the appropriate retention period for your personal data, we consider the amount, nature, and sensitivity of your personal data. We will also consider legal and regulatory requirements, for example where the law says we must keep your personal data for a certain period.

  • Transferring your personal data out of the UK
  • To deliver services to you, it is sometimes necessary for us to share your personal information outside the UK.

    Whenever we transfer your personal data outside of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

    1. We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the UK;
    2. Where we use third parties outside of the UK, we may use specific contracts approved under UK law, these are sometimes known as standard contractual clauses which give personal data the same protection it has in the UK.
  • Keeping your personal data secure
  • We have appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed unlawfully. We limit access to your personal information to those who have a genuine business need to access it. Those processing your personal data will do so only in an authorised manner and are subject to a duty of confidentiality.

    We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

  • Your rights relating to your personal data
  • You have a number of rights in relation to how we use your personal data.  These are as follows:

    1. your right to request access to your personal data – you have the right to know how we are using your personal data, a right to see a copy of the personal data we hold for you and a right to be provided with additional information, for example, about how and why we are using your personal data and who it is being shared with.
    2. You have the right to request that any inaccurate personal data is amended – if you think that any of the personal data that we hold about you is wrong or incomplete then you have the right to tell us and we have to ensure that the personal data we have is reviewed and if necessary, amended to ensure it is correct.
    3. You have the right to ask for your personal data to be deleted – in certain circumstances, you can ask us to delete your personal data where there is no good reason for us to hold or use this anymore, where:
      1. we are using your personal data because you provided us with your consent to use it in this way and you withdraw your consent; or
      2. where you have challenged our use of your personal data and there are no good reasons for us to process your personal data.
    4. This does not apply to all of your personal data, as we may need to still keep your personal data, for example, to comply with laws.
    5. You have the right to request restriction of processing your personal data – this right allows you to ask us to put processing on hold so:
      1. we can establish if the personal data that we have about you is correct;
      2. we can investigate any objection you have made about the use of your personal data; or
      3. if we have no justification for keeping it any longer you may ask us to put the processing on hold but retain the personal data in case you need this, for example, for legal reasons.
    6. You have the right to have your personal data sent to another organisation – in certain circumstances, you have the right to get your personal data from us in a way that is accessible and machine-readable, and you also have the right to ask us to transfer your personal data to another organisation. This only applies to personal data that you have provided to us and which is held electronically. We only have to comply with this right if it is technically feasible to provide this personal data in a commonly used format, for example, a csv file.
    7. You have the right to object to the processing of your personal data – you have the right to tell us about any concerns regarding the processing of your personal data and to ask us to stop using your personal data. This includes objection to marketing.

    If you would like to exercise any of those rights please contact us by email to xula@magnifybrands.co.uk