Security & Privacy
Our promise to you
Introducing our policy
This policy governs any kind of processing of personally identifiable information about natural persons, who are consumers of Jellycat products or services (“personal data”), by Jellycat Limited and all entities within the corporate group headed by its ultimate parent undertaking (the “Jellycat Group”). This policy applies to our processing of personal data collected through any means, actively as well as passively, online as well as offline, from persons located anywhere in the world. When you are using Jellycat websites, Jellycat Limited is the data controller. Any question regarding our processing of personal data may be directed to:
Customer Care Team
800 North Washington Avenue
Suite 500, Minneapolis MN 55401
We are guided by the following principles when processing personal data:
- We will only collect personal data for specific and specified purposes;
- We will not collect personal data beyond what is necessary to accomplish those purposes;
- We will retain personal data only for so long as it is necessary for the purpose
- We will not use personal data for purposes other than that for which the data was collected, except as stated herein, or with prior consent;
- We will not transfer personal data to third parties or across borders, except as stated herein, or with prior consent;
- We will seek to verify and/or update personal data periodically, and we will accept requests for amendments of personal data;
- We will apply high technical standards to make our processing of personal data secure;
- Except when stated herein, we will not store personal data in identifiable form longer than is necessary to accomplish its purpose, or as is required by law.
The legal basis for collecting data
In specific situations, we collect and process your data with your consent, for example, when you tick a box or register your email to receive email newsletters. You can withdraw this consent at any time, for example, by clicking on the unsubscribe link.
In certain circumstances, we need your personal data to comply with our contractual obligations, for example, if you order and item for home delivery, we will collect your address details to delivery your purchase and pass them to our courier.
In exceptional circumstances, if the law requires us to, we may need to pass data for law enforcement, for example, details of people involved in online fraud.
Transfer of personal data to third parties and/or other countries
As a general principle, we process personal data in order to facilitate or improve our offerings and services to you.
- We do not process personal data on behalf of third parties, nor do we sell personal data to, or share personal data with, third parties for their own, independent use..
- We do share personal data with third party service providers only when it is necessary to provide services that we don’t perform ourselves, for example, shipping of Jellycat products, etc. This includes certain overseas providers such as delivery companies or payment service providers.
- We also use third party data hosting companies to store personal data collected by us in their servers, and to do data validation checks for us.
All data transfers to third party vendors or partners, including those listed as examples above will be subject to a written contract between us and the third party vendor or partner in question, and the vendor or partner will not have any authority to use such personal data for any purpose other than as instructed by us.
When relevant, personal information may be shared among the business units and entities inside the Jellycat Group. We will disclose personal data when legally obligated to do so under subpoena or court order, or for law enforcement purposes.
Processing of personal data through online shopping
When you use our service online or offline (e.g. ordering online via jellycat.com or via our customer care team, or otherwise), we will process transaction-related personal data, such as your first and last name, mailing and shipping address, phone number, email address, credit card or other payment information, and gender. We will also process information about your purchases with us.
We will use such personal data to process and deliver your order, to provide notification of order status, and to update your profile periodically to ensure that we have the most accurate personal data available. We will also use said personal data to analyse customer behaviour and to customise our communication with you, if applicable. In this respect, we may transfer tracking information about your use of our sites to external service providers, which will help us optimise your browsing experience. Optimisation services will be performed under a written contract between us and any service provider.
If you opt-in (or upon request), we will send you Jellycat promotional and marketing emails. These may be targeted to you based on your purchase history or online browsing behaviour.
Retention of personal data
Whenever we collect or process your personal data, we will only keep it for as long as is necessary for the purpose for which it was collected. At the end of the retention period, your data will either be deleted completely, or anonymised, so that it can be used in a non-identifiable way.
When you place an order with us, we will ordinarily keep the personal data you give us for 5 years so we can comply with our legal and contractual obligations relating to the sale of goods. For nursery products we will hold the data for 10 years, and if your order included a warranty, the associated personal data will be kept until the end of the warranty period.
Jellycat Customer Care
Please contact our customer care team with questions or comments related to the Jellycat Group, and our products and services. When you contact us, we will process personal data such as your email address, your gender, first and last name, mailing address, phone and/or cell phone number, and details of your comment as relevant.
- Whether you are already a registered customer, so we can make it easy for you to log into your customer account.
- Your language and region choice. This means that we can show you the most appropriate content for the region where you live
- Your shopping bag and shopping options.
- What products you view and buy in the store so we can provide you with suggestions.
- What products and gallery entries you have rated and the rating you have given.
- Your movement on and usage of our sites. We do not collect personal data as part of this. We collect statistical data so we can optimise our site.
- Recently used data - to improve performance. In case we store personal data in a cookie, the information will be encrypted and thus safe.
We use third party companies as suppliers for some of our functions. Their use of the data is controlled by our contract with them and they are only allowed to use the data strictly for the purpose we have stated e.g. the data is not used in connection with data from other companies and we are not tracking user behaviour outside our own sites.
Most browsers automatically accept cookies. You can prevent cookies from being stored on your computer or device by setting your browser to not accept cookies. Some browsers provide a mode where cookies are always deleted after a visit. The exact instructions for this can be found in the manual for your browser. You can delete cookies already on your computer or device at any time. If you choose not to accept cookies at all, you can still visit our website, however we cannot guarantee an optimum experience without cookies.
Your rights over personal data
You have the right to request access to the personal data that we hold about you and to have your data corrected if it is inaccurate. You also have the right to withdraw you consent to receive direct marketing material at any time.
You may always contact us to review and update personal data we may have stored about you. Please get in touch with our Customer Care team. You may also ask for your information, by contacting our Data Protection Officer by email at [email protected] or in writing to:
Data Protection Officer
800 North Washington Avenue
Suite 500, Minneapolis MN 55401
Shopping data security
Access to a number of jellycat.com services are protected by access restrictions based on your email address and password. It is important that you always choose a password which is hard to guess for others, and protect your password against disclosure.
All external transmissions of payment data facilitated by us are protected by encryption.
All data storage, at Jellycat Group operated computer facilities as well as at business partner facilities, will be subject to written contracts.
Generally, processing of personal data will take place in accordance with applicable legislation and best practices concerning data security.
Credit card information is directed to one or more approved and certified service provider(s), and will not be stored by us for longer than it takes to process the data.
Handling of personal data is controlled by documented policies and procedures, including strict physical and logical access control, security back-up, failover, anti-malware protection, monitoring and vulnerability detection mechanisms.
We hope this Privacy Notice has been helpful in setting out the way we handle your personal data and your rights to control it.
Effective date: 15 May 2018