DUXIANA London Ltd understands that privacy is important to you and that you care about how your personal data is used. We respect and value the privacy of all our customers and will only collect and use personal data in ways that are described here, and in a way that is consistent with our obligations and rights under the law.
Registered Address & Number: DUX Bedding Ltd. of Second Floor, 11 Pilgrim Street, London, EC4V 6RN. Reg. Number 06936785
VAT Number: 974581184
This Privacy information explains how we use your personal data, how it is collected, held and processed. It also explains your rights under the law relating to your personal data.
What is Personal Data
Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.
Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.
The personal data that we use is set out in ‘Personal Information we collect’ section below.
Your Privacy Rights
Under the GDPR, you have the following rights, which we will always work to uphold:
- The right to access the personal data we hold about you. ‘How to Access My Personal Information’ section below, tells you how to do this.
- The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete. Please contact us using the details in the ‘Contacting Us’ section below.
- The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your personal data that we have. Please contact us using the details in the ‘Contacting Us’ section below.
- The right to restrict (i.e. prevent) the processing of your personal data.
- The right to object to us using your personal data for a particular purpose or purposes.
- The right to data portability. This means that, if you have provided personal data to us directly for the performance of a contract, and that data is processed using automated means, you can ask us for a copy of that personal data to re-use with another service or business in many cases.
- Rights relating to automated decision-making and profiling. We do not use your personal data in this way and the section on how we use your personal data explains more about how we use your personal data.
For more information about our use of your personal data or exercising your rights as outlined above, please contact us using the details provided in the ‘Contacting Us’ section below.
Further information about your rights can also be obtained from the Information Commissioner’s Office or your local Citizens Advice Bureau.
If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.
Personal Information we Collect.
We may collect some or all of the personal data (this may vary according to your relationship with us: name, title, email address, telephone number, postal address, zip code/postcode and credit card information), when you register on our website or purchase products and services from or through our website. We use the personal information that you provide to respond to your requests, to process our transactions with you and to send you emails or contact you by post or telephone. We may also use your information for administration, fraud protection and detection, billing and credit checking purposes and to improve the services we provide to you.
We may also collect personal information when you visit our website, such as your computer’s IP address, your browser type, the pages you view and other actions taken by you in connection with accessing and using our website.
Web beacons: We may also collect data about visitors to our website through the use of web beacons. Web beacons are small strings of code that provide a way for us to deliver a small graphic image (usually invisible) on a web page or in an email. Web beacons can recognize certain types of information on your computer such as cookies, the time and date a page is viewed, and a description of the page where the web beacon is placed. We use web beacons to improve your experience on our website, including to provide you with content customized to your interests and to understand whether you read email messages and click on links contained within those messages so that we can deliver relevant content. Usage of web beacons is not linked to any personally identifiable information without your permission.
Occasionally we may receive information about you from other sources (such as credit reference agencies, other websites we operate or other services we provide). In this case we will have informed you when we collected that data that it may be shared internally and combined with data collected on this site
How we use your personal data
Under the GDPR we must always have a lawful basis for using personal data. This may be because the data is necessary for our performance of a contract with you, because you have consented to our use of your personal data, or because it is in our legitimate business interests to use it. Your personal data will be used for the following purposes:
- Providing and managing your account, including any warranties.
- Supplying our products and/or services to you. Your personal details are required for us to enter into a contract with you.
- Communicating with you. This may include responding to emails, letters, text messages or calls from you.
- Supplying you with marketing information by e-mail or post that you have opted-in to (consented to), you may unsubscribe or opt-out at any time using the details in ‘Contacting Us’ below.
With your permission and/or where permitted by law, we may also use your personal details for marketing purposes, see marketing services below. You will not be sent any unlawful marketing or spam, unless we have received your consent to do so. We will always work to fully protect your rights and comply with our obligations under the GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003.
DUX Diary and Newsletter
If you sign up for the DUX Diary on our website, you will receive the DUX email newsletters, press releases and news on DUX features on products. If at any time thereafter you should decide to cease receiving them, you may click the opt-out link included in the newsletter or contact us at email@example.com.
DUX Bed Owners Club
If you own a DUX bed, you may join the DUX Bed Owners Club through our website and receive information via email about exclusive travel, hotel and vacation opportunities for club members. If at any time thereafter you should decide to terminate your club membership, you may contact us at firstname.lastname@example.org.
Subject to having obtained his/her prior consent, we may post Twitter® tweets or written or video testimonials from registered users of our website about our products and services, which with the user’s prior consent may include his/her name or Twitter address. A user whose testimonial has been posted on our Website may update or delete his/her testimonial at any time by contacting us at email@example.com.
How Long we keep your Personal Data
Wewill not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected. Your personal data will therefore be kept for the following periods (or, where there is no fixed period, the following factors will be used to determine how long it is kept):
- We keep ‘free from defects’ warranty information for up to 6 years;
- We keep ‘steel spring’ warranty information for up to 21 years;
- We keep order information for up to 6 years as required by HMRC
- We keep credit card records for up to 7 years as required by HMRC
- We review the details we hold for marketing purposes on an annual basis and may ask you to confirm the information we hold is accurate and up to date.
How we Store or Transfer your Personal Data
Wewill only store or transfer your personal data within the European Economic Area (the “EEA”). The EEA consists of all EU member states, plus Norway, Iceland, and Liechtenstein. This means that your personal data will be fully protected under the GDPR or to equivalent standards by law.
Where we use suppliers outside the EEA, we anonymise any personal data related to your order.
All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to prevent unauthorised access.
Sharing your Personal Data
Wewill not share any of your personal data with any third parties for any purposes, subject to two important exception.
We may share your information with other companies within our group for order management. This includes our holding company, and its subsidiaries.
Wecontract with third parties to supply productsand/orservicesto you on ourbehalf. These may include payment processing, delivery, and manufacture. In some cases, those third parties may require access to some or all of your personal data that wehold.
If any of your personal data is required by a third party, as described above, wewill take steps to ensure that your personal data is handled safely, securely, and in accordance with your rights, ourobligations, and the third party’s obligations under the law, as described in preceding section.
If any personal data is transferred outside of the EEA, wewill take suitable steps in order to ensure that your personal data is treated just as safely and securely as it would be within the UK and EEA under the GDPR, as explained above in preceding section.
In some limited circumstances, wemay be legally required to share certain personal data, which might include yours, if we areinvolved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority.
How to Access My Personal Data
If you want to know what personal data wehave about you, you can ask usfor details of that personal data and for a copy of it (where any such personal data is held). This is known as a “subject access request”.
All subject access requests should be made in writing and sent to the email or postal addresses shown in ‘Contacting Us’ section below.
There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover ouradministrative costs in responding.
Wewill respond to your subject access request within one month of receiving it. Normally, weaim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date wereceive your request.
The DUX website may contain links to other sites that are not under the control of DUX, which include the websites of the independently owned DUX retail stores. Once you enter one of those websites, whether through an advertisement, service, or content link, DUX is not responsible for its privacy practices. Please check those websites’ privacy policies before you submit any personal data to these websites.
The DUXIANA UK Data Controller under the General Data Protection Regulation (EU Regulation 2016/679), can be contacted at:
Email address: firstname.lastname@example.org.
Postal address: Duxiana London Limited of Second Floor, 11 Pilgrim Street, London, EC4V 6RN.