Privacy & Security
Privacy Notice Effective Date: Feb. 28, 2017
INTRODUCTIONNASTY GAL TAKES PRIVACY SERIOUSLY. Please read the following to learn more about our privacy Notice (“Privacy Notice”). This Privacy Notice applies to the use of the Services (as defined below), including by customers and other persons. Except as otherwise indicated, customers and other persons using the Services are individually and collectively referred to as “you”, “your” or “Customer”, and Nasty Gal Limited and the companies within its group are referred to as, "Nasty Gal", "we", "us" and "our." The family of Web sites operated by or on behalf of Nasty Gal (the "Services"), including, but not limited to, Web sites located at www.nastygal.com, our mobile application(s), our blog(s), and any other Web site(s) owned and/or operated by Nasty Gal and any of their associated Web pages, are committed to implementing policies and procedures designed to protect your privacy and security, in addition to providing you with the best possible online experience. To achieve that goal, we want you to understand what kinds of information we gather from and about you, how this information is used, shared and safeguarded, and how you can control its use. In order to offer various products and services to our Customers, Nasty Gal collects certain information as described in this Privacy Notice. Nasty Gal Limited is subject to the UK Data Protection Act 1998 (the “Act”) and is a data controller for the purposes of the Act. If you have questions or concerns regarding this Privacy Notice, you should first contact us at firstname.lastname@example.org or at Nasty Gal Limited, Attn: Legal Department, 49-51 Dale Street, Manchester, England, M1 2HF. Nasty Gal is responsible for the processing of personal data it receives and subsequently transfers to a third party acting as a data processor on its behalf. Nasty Gal is subject to the regulatory enforcement powers of the UK Information Commissioner’s Office (the “ICO”). If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please see https://ico.org.uk/concerns/ for how you may contact the ICO. In conjunction with this Privacy Notice, you should also review our Terms for a more complete understanding of the rules governing our Services. For more information on Internet safety and security, Click here for information from the ICO.
HOW YOUR INFORMATION IS USED AND SHAREDThe use and sharing of information about you depends on the context in which it is collected. Please see the categories below that relate to the features and functionality of the Services that you wish to utilize. If you do not want us to share your personal information with these companies, you may contact us at: email@example.com Personal Information: We may share the personal data we collect from you only with your consent, or as otherwise outlined in this Privacy Notice, or under the following circumstances: User-Requested Services and Information: For information, features, products and services offered and/or provided by the Services, the information you submit is used by us to provide the information, feature, product or service you've requested, including being used for internal purposes such as tracking your order, analyzing your preferences, and noting trends and statistics. We may combine and supplement the information we collect about you, with information from third parties, and add it to your account information. We will use this information for the purposes disclosed in this Privacy Notice. We may also share this information with others, but personal data will be shared by us only to fulfill your request or to facilitate your use of the information, features, products or services, or as otherwise outlined in this Privacy Notice, or with your consent. When sharing personal data in such a manner, we may also share your Internet Protocol (IP) address. In addition, we may use and share any registration information that you submit as described in the “Registration Information” section below. We may use other companies and individuals (1) to perform supporting functions for the various tools, functionality, information, products and services offered on or through our Services on our behalf, (2) to perform or support various tasks or initiatives instrumental to the business of, or related to operating or improving, the Services or (3) to assist us in testing, maintaining or improving the features, content or effectiveness of the Services or in performing research or development. These service providers (for example, third party payment processing service providers in respect of payment for goods purchased on the Services, delivery partners, email service providers to send out emails on our behalf, etc.) may be permitted to receive and use information collected from you, or for internal purposes on an aggregated and/or anonymous basis (where you cannot be personally identified), but will not be authorized by us to use personal data for any other purpose other than in connection with performing the support functions for Nasty Gal or such other tasks, initiatives or assistance for Nasty Gal. Some pages may have the look and feel of being on www.nastygal.com, however the information collected on these pages may not be covered under our privacy statement. All information collected on www.nastygal.com is governed by this Nasty Gal privacy statement. User-Initiated Communication: From time to time, portions of the Service(s) may enable you to send email and other types of messages to us and to participate in blogs, product reviews, and other discussion groups. All such emails, reviews, comments and messages, and all such postings to blogs and/or discussion groups, become our property once you submit them (please see our Terms for more details on this). Your Internet Protocol (IP) address may be included in any email that you send, whether to us or to third parties. Whenever you choose to initiate these kinds of communication with us, or anyone else, you may be contacted in return. Also, remember that our Services and blogs are open to the public, and, therefore, your postings can be seen by anyone and are therefore not protected by us or any other entity. Please use your own discretion when deciding whether and what to post and whom to contact. We reserve the right, in our sole discretion, to edit or delete postings from our Services, blogs, and discussion groups. This reservation of rights shall not under any circumstances obligate us to conduct such edits or deletions, nor shall it cause us to be liable for any such edits or deletions. To request removal of your personal information from our blog or community forum, please contact us at firstname.lastname@example.org. Protection of rights: In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We may release personal data or other information we collect from you if we believe that such action is appropriate to: (1) comply with legal requests and processes; (2) enforce the terms and conditions for the applicable Services; (3) identify, contact or bring legal action against persons or entities who are or we believe have caused or might cause injury to us or a third party; (4) defend or respond to claims brought or threatened against Nasty Gal, its employees, directors, suppliers or service providers, users of the Services or others; (5) to protect us and our customers from fraud and theft, including that we may pass on personal information that is required to make identity checks and personal information that we obtain from making identity checks to organisations including law enforcement agencies involved in fraud prevention and detection and credit risk reduction; or (6) otherwise protect or assert the rights, property, interests or personal safety of Nasty Gal, its employees, directors, suppliers or service providers, users of the Services or others. Record Keeping: It may be necessary for Nasty Gal to keep records of certain personal data you have provided to us or which we have obtained from you in accordance with this Privacy Notice for business purposes, including but not limited to for internal accounting and administration, to supply you with information about your account, to respond to inquiries, to enhance customer service and product options, to improve product performance, promotions, and special offers where you voluntarily supplied your personal details, to administer sales records, to provide information about us, our products, services and special offers, and to analyze usage on our Services. Business or Asset transfers: We continue to develop our business and in doing so may choose to buy or sell our business or related assets. Personal data and other information we collect from you is generally one of the assets acquired or transferred in such transactions. Registration Information: The personal data you provide when you become a registered user of and create an account on one of the Services is used primarily to provide the information, features, products and/or services you purchase or request, to help us customize or enhance your online experience, and to increase the convenience of accessing new or existing tools, products and services on the Services. If applicable, this personal data may also be shared among the Services to make use of the Services more convenient by, for example, limiting the number of times you have to register with us. Your email address serves as a unique identifier in our record system, and together with your password, is designed to help us prevent unauthorized access to information you choose to store on the Services. The data you give us about your personal preferences and demographics (e.g., your age, post code or ZIP code, or the like) may be used to help us offer tailored content, products, and services that we believe will be of interest to you. In addition, we may share this information, in aggregate or other protected forms (see the section entitled “Information We Collect From you: Personal Information,” above) or under confidentiality terms, with our current and/or future service providers so that either they or us can present and deliver products, functionality and services to you more effectively.
CHILDREN’S PRIVACYOur Services are general audience Web sites and are not directed at children under age 13. Nasty Gal and the Services do not knowingly collect any personal information from children under age 13, and if you are under the age of 13 you should not register or provide information on our Services or to Nasty Gal. If you have knowledge that a child under the age of 13 has submitted personal data to us, please email email@example.com
HOW CAN I ACCESS AND CHANGE MY PERSONAL INFORMATION?You can edit or delete personal data that you submitted on the Services through your online account. Upon request Nasty Gal will provide you with information about whether we hold, or process on behalf of a third party, any of your personal information. Under the Act, we may charge an administrative fee of £10 to meet our costs in providing you with details of the information we hold about you. If you would like us to delete/remove your Account, or for us to no longer use or share personal data we may gather from you for any purpose, please send a request to firstname.lastname@example.org. We will respond to your request within a reasonable timeframe. However, please note that archival or backup copies of personal data may continue to exist. Please keep in mind that any change you request regarding personal data may adversely affect or otherwise change the availability, deliverability or quality for you of information, features, products or services in which you are interested or your experience on or relating to the Services. We will retain and use your information as may be necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
HOW IS PERSONAL INFORMATION PROTECTED?Whenever personal data is stored on our computers, that information is protected from unauthorized access or use by way of passwords or other industry-acknowledged means. In addition, servers of ours that store this information are located behind a firewall. Since certain personal data (such as credit card data) is especially sensitive, we take special care to keep it secure. We will only electronically transmit or ask for this information over secure Internet connections using generally accepted standards, and security keys. In addition, we require password authentication from any third parties you have authorized to receive this information. We use a trusted third party payment processing service to process your payment to us and we do not store your credit/debit card information. You can elect to save your credit or debit card details once your order on our Web site has been processed, to make any future orders easier. However, for your security you will need to enter your card’s 3-digit security code for every subsequent transaction where you elect to use the saved credit/debit card. If you elect to store your credit or debit card details after an order on the Web site, your credit/debit card details will be stored with our trusted third party payment processor. Of course, we appreciate your help in safeguarding the integrity of your own and others' privacy. We hope you'll use common sense whenever you disclose personal data over the Internet. Just as importantly, we encourage you to let us know immediately if you suspect that personal data you share with us is being used in any way contrary to this Privacy Notice. Finally, unfortunately no data transmission over the Internet nor any storage of information on servers or other media can be guaranteed or made to be 100% secure; and while we strive to protect personal data, as outlined in this Privacy Notice, we cannot promise, guarantee or warrant the complete security of information. To contact us, please send an email to email@example.com. The data we collect from you may be transferred to, and stored at, destinations outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff may be engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services. By submitting your personal data, you agree to this transfer, storing and processing, We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Notice.
SCOPE OF THIS PRIVACY NOTICE: OUTSIDE LINKSBe aware that our Services link to other Web sites that may collect personally identifiable information about you. This Privacy Notice applies only to the Services, and we are not responsible for the privacy practices, nor the content, associated with any linked Web sites. You should refer to the privacy Notices and statements of other Web sites or contact the respective Webmasters of those Web sites to obtain information regarding their information collection, security, use and disclosure policies.
EFFECTIVE DATE AND MODIFICATIONSThis Privacy Notice is effective as of the date first written above. We reserve the right to update, change, modify or otherwise alter this Privacy Notice at any time. If any material changes are made to this Privacy Notice, Nasty Gal will notify you by posting the revised Privacy Notice on the Services or notifying you through the Services prior to the change becoming effective. ANY ACCESS OR USE OF THE SERVICES BY YOU AFTER THE CHANGES GO INTO EFFECT SHALL CONSTITUTE AND BE DEEMED YOUR AGREEMENT TO THIS PRIVACY NOTICE. Accordingly, we encourage you to periodically review this Privacy Notice and the Services in order to keep apprised of our current privacy practices. If you do not want to be bound by this Privacy Notice, do not use or access any part of the Services.
CONTACTING USIf you have concerns about this Privacy Notice or our privacy practices in general, contact us at: Legal Department Nasty Gal Limited 49-51 Dale Street Manchester, England, M1 2HF Email: firstname.lastname@example.org