Privacy Policy Vicarious Media Ltd (Vicarious) Amended 08.05.18

This policy applies to all websites owned or operated by Vicarious Media Ltd except online.vicarious.media and it describes how your personal information is collected, used, and shared when you visit our sites or make a purchase from www.vicarious-shop.com.

For simplicity throughout this Policy, ‘we’ and ‘us’ means Vicarious Media Ltd and its brands.

LEGAL BASIS
The General Data Protection Regulation requires us to identify the lawful basis for processing personal data.

CONTRACTUAL OBLIGATIONS
We need your data to comply with our contractual obligations. For example, when you create an order with us you enter into a contract with us. To fulfil an order contract, we require your name and address so that we can deliver your ordered products to you. Your contact details will be passed onto the delivery company, either Royal Mail or a courier, so that they can fulfil delivery. Contact will be made by email and phone during order fulfilment irrespective of your marketing preferences.

CONSENT
We may collect and process your data with your consent. For example, if you wish to receive our marketing emails you give your consent by ticking a box during checkout or you can subscribe to or unsubscribe from our email newsletter here. You can also read old newsletters on that page, which will give you an idea what you can expect to receive.

LEGITIMATE INTEREST
In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests.
We will continue to send marketing emails to our long term newsletter subscribers based on Legitimate Interests. You can subscribe to or unsubscribe from our email newsletter at any time.

LEGAL COMPLIANCE
If the law requires us to, we may need to collect, process and share your data.

HOW PERSONAL DATA IS COLLECTED AND USED
We collect your data in the following ways:

If you make contact with us, we may use the data to respond. We may also keep a record to support any future communication with us and to demonstrate how we communicated with you throughout. We do this on the basis of our contractual obligations to you, our legal obligations and our legitimate interests in providing you with the best service and understanding how we can improve our service based on your experience. We may request consent to publish provided information and accreditation.

All Vicarious websites are monitored by Google analytics. When you visit our Sites, we automatically collect certain information about your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device. Additionally, as you browse the Sites, we collect information about the individual web pages or products that you view, what websites or search terms referred you to the Sites, and information about how you interact with the Sites. We refer to this automatically-collected information as “Device Information”. We use the Device Information that we collect to help us screen for potential risk and fraud (in particular, your IP address), and more generally to improve and optimise our Sites (for example, by generating analytics about how our customers browse and interact with the Site, and to assess the success of our marketing and advertising campaigns). You can read more about how Google uses your Personal Information here: https://www.google.com/intl/en/policies/privacy/. You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.

We collect Device Information using the following technologies

Vicarious-shop.com is a Shopify-hosted ecommerce webshop. Shopify is a Canadian company and their hosted ecommerce platform is one of the world’s largest. Personal Data will be processed by Shopify's Irish affiliate, Shopify International Ltd. As part of providing the Services, this Personal Data may be transferred to other regions, including Canada and the United States. Such transfers will be completed in compliance with relevant Data Protection Legislation. Shopify maintains the highest levels of security for its servers and software. Shopify does not independently contact or market to our customers. You can read more about how Shopify uses your Personal Information here: https://www.shopify.com/legal/privacy.

When you make a purchase or attempt to make a purchase, we collect certain information from you, including your name, billing address, shipping address, payment information (including credit card numbers or payment confirmation details from PayPal), email address, and phone number. We refer to this information as “Order Information”.

Payments are processed securely through Shopify Payments Stripe or PayPal. These providers have their own Privacy Policies. Vicarious does not have access to your card details when Paypal is used. Payments made through Shopify Payments Stripe leave a record of the type of card and the last 4 digits. Phone payments are processed live through Shopify Payments Stripe and no record is kept by Vicarious.

When we write about “Personal Information” in this Privacy Policy, we are referring to both Device Information and Order Information.

When you place an order with us we require data from you. If we didn’t collect this data we would not be able to process your order and comply with our contractual obligations.

Some of this information is used to prevent fraud, other data helps us make informed business decisions. We collect this data based on our legitimate business interests.

Abandoned checkout emails are sent automatically after 10 hours if you have not returned to the store and completed your purchase. You will have had to have filled in your name and address and provided a valid email address. No further emails will be sent unless you also agreed to receive our newsletters. We may phone you to ask if you want help to complete your order.
Delivery of goods makes it necessary for us to pass on your personal data to couriers; DPD, for example, will email and/or text you during the delivery process. When orders are sent abroad it is normal for several companies to handle your goods and personal details. It is the responsibility of each company to maintain their own Privacy Policy. You can read Royal Mail's privacy policy here: https://www.royalmail.com/privacy-policy/ and DPD's privacy policy here: http://www.dpdlocal.co.uk/privacy_policy.jsp.

SHARING YOUR PERSONAL DATA
Your Personal Information may be transferred to third party service providers, who process information on our behalf, including providers of information technology, identity management, website hosting and management, data analysis, data back-up, security and storage services.

Membership Schemes, such as France Passion, require us to pass on members’ names, addresses and emails. It is the responsibility of each scheme/company to maintain their own Privacy Policy.

To protect our business and your data from fraud and other illegal activities we may need to use your personal data if we discover any criminal activity or alleged criminal activity through our use of fraud monitoring and suspicious transaction monitoring, or CCTV. We will process this data for the purposes of preventing, detecting, or reporting unlawful acts.

We may share information about you if we reasonably believe that disclosing the information is needed to: comply with any valid legal process, governmental request, or applicable law, rule or regulation; investigate, remedy, or enforce potential Terms of Service violations; protect our, our users' or others' rights, property and safety; or detect and resolve any fraud or security concerns.

If Vicarious Media is involved in a merger, asset sale, financing, liquidation or bankruptcy, or acquisition of all or some portion of our business to another company, we may share your information with that company before and after the transaction closes.

BEHAVIOURAL ADVERTISING
As described above, we use your Personal Information to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work and you can find more information here http://www.aboutads.info/how-interest-based-ads-work.

We use Facebook Pixel, https://www.facebook.com/ads/about/, and Google Adwords to generate targeted ads. 
You can opt out of targeted advertising by visiting:
FACEBOOK - https://www.facebook.com/settings/?tab=ads
GOOGLE - https://www.google.com/settings/ads/anonymous
Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at: http://optout.aboutads.info/.

DATA RETENTION
Typically we store individuals’ personal data for no more than seven years from their last interaction with us. Seven years is the legally recommended time period for such things as order processing. Personal posts and photos may survive for much longer on blogs, online.vicarious.media, product and site reviews, social media and within our historic publishing.

PROTECTING PERSONAL DATA
We secure access to all transactional areas of our websites and apps using ‘https’ technology.
We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your Personal Information. We will store all the Personal Information you provide securely.
Of course, data transmission over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet.
You are responsible for keeping your password and user details confidential. We will not ask you for your password.

INTERNATIONAL DATA TRANSFERS
Information that we collect may be stored and processed in and transferred between any of the countries in which we operate in order to enable us to use the information in accordance with this Privacy Policy.

If you are in the European Union, information which you provide may be transferred to countries which do not have data protection laws equivalent to those in force in the European Economic Area. By using our websites you expressly agree to such transfers.

You should be aware that if you authorise the sharing of your Personal Information (per above) it may be transferred to organisations outside the European Economic Area to countries that may not have laws that provide specific protection for Personal Information.

POLICY AMENDMENTS
We may update this Privacy Policy from time-to-time by posting a new version on our website. You should check this page occasionally to ensure you are happy with any changes.

INDIVIDUAL RIGHTS
We may need to verify your identity before we can make any changes.
If you are a European resident, you have the right to access Personal Information we hold about you and to ask that your Personal Information be corrected, updated, or deleted. If you would like to exercise this right, please contact us through the contact information below.

DATA CORRECTION
Please contact us if your Personal Information needs to be corrected or updated. You can do this by phoning, emailing or writing to us.

DIRECT MARKETING
You may instruct us not to process your personal data for marketing purposes at any time. Please follow this link to subscribe to or unsubscribe from our newsletters or phone, email or write to us.

If you wish to exercise the rights below please contact The Data Protection Officer, Vicarious Media Ltd, Unit 1 North Close Business Centre, Folkestone, CT20 3UH. If we choose not to action your request, we will explain the reasons for our refusal. We will charge a ‘reasonable fee’ when a request is manifestly unfounded or excessive, particularly if it is repetitive.

RIGHT OF ACCESS
Please contact The Data Protection Officer if you wish to access to the Personal Information that we hold about you.

RIGHT TO RESTRICT PROCESSING
Restrict Processing would allow us to hold data about you, but not use it. This right is not absolute and only applies in certain circumstances.

RIGHT TO ERASURE, the right to be forgotten
Erasure requests require us to delete information about you. This right is not absolute and only applies in certain circumstances. Due to business requirements, erasing customer data will not be considered until 180 days after their last pending order. Due to business requirements, we will not erase your data if there is an outstanding claim or dispute.

If you are unhappy with the way we are handling your data or our response to your requests, you may complain to the Information Commissioner’s Office. Their phone number is 0303 123 1113. Their website is www.ico.org.uk/concerns.