Privacy Policy

ENDER LEGARD is committed to protecting and respecting your privacy. This Privacy Policy describes how your personal data is collected, used, and shared when you visit or make a purchase from www.ENDERLEGARD.com (the “Site”). Under the terms of the General Data Protection Regulation 2016 (GDPR), ENDER LEGARD Ltd is the data controller and we are responsible for any personal information we hold about you. We are registered with the Information Commissioner's Office to process your data under registration number ZA850850.

Throughout this notice, the terms “we”, “us” and “our” refer to ENDER LEGARD Ltd.

For queries regarding this notice, we may be contacted via email (MyData @ enderlegard.com), telephone (+44 (0) 207 252 4666) or by post at Unit 1, The Workhouse, 90A Camberwell Road, London SE5 0EG, UNITED KINGDOM

You may use any of the above contact methods to inform us of any changes to your personal information (e.g. your email address, postal address etc) We may also from time to time contact you to ensure that any personal data we hold about you is accurate and up to date.

THE PERSONAL DATA WE COLLECT

When you browse or shop at enderlegard.com, we may collect/process your data as follows:

• Device Information - When you visit our Site, we automatically collect certain information about your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device. Additionally, as you browse the Site, we collect information about the individual web pages or products that you view, what websites or search terms referred you to the Site, and information about how you interact with the Site. We collect Device Information using the following technologies: “Cookies”, “Log files”, “Web beacons,” “tags,” and “pixels”. (See our Cookies Policy for more information)

• Order Information - When you make a purchase or attempt to make a purchase through our Site, we collect certain information from you, including your name, business name, billing address, shipping address, payment information (including credit card numbers as processed through our payment gateways STRIPE, PayPal, ApplePay, LayBuy, AmazonPay, Klarna, LayBuy etc), email address, and telephone or mobile number.

• Additionally, we may also collect your marketing and communication preferences and any other data you directly provide to us whether through a contact form, over the telephone, by email or otherwise - for example when providing information regarding your measurements or photographs as part of your request or enquiry for help with garment sizing - and use this to send you sales and marketing communications that we believe may be of interest to you provided we have your explicit consent for this activity, or if you are an existing customer where we have a legitimate interest in communicating with you. Under the law, you can opt out of our sales and marketing communications at any time.

HOW WE USE YOUR PERSONAL DATA

We collect and process your personal data for the following purposes:

• We use the Order Information that we collect generally to fulfill, record and store any orders placed through the Site (including processing your payment information, arranging for shipping, and providing you with invoices and/or order confirmations). Additionally, we use this Order Information to communicate with you; screen our orders for potential risk or fraud; and - when in line with the preferences you have shared with us - provide you with marketing information or advertising relating to our products or services.

• We use the Device Information that we collect to help us screen for potential risk and fraud (in particular, your IP address), and more generally to improve and optimise our Site (for example, by generating analytics about how our customers browse and interact with the Site, and to assess the success of our marketing and advertising campaigns). We may also use your data to deliver relevant website content and products to you through advertising/ retargeting campaigns.

• Where you have signed up for our marketing communications with your email address, we will use this to market our products to you. You may withdraw your consent at any time by either unsubscribing using the link on the bottom of the email or by contacting our Customer Care team. We will also use the contact information that you provide to deliver service messages such as changes to our Terms and Conditions or Privacy Policy, delivery updates or other non-marketing communications.

OUR LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA

Under General Data Protection Regulations (GDPR), we must have a valid reason for using your personal data. The lawful grounds of processing your personal data are as follows:

• Customer Data - When you choose to purchase a product from www.enderlegard.com, we ask you for personal data such as your name, billing address, delivery address, email, contact telephone numbers, purchase details and payment details. This data is necessary to allow us to fulfil our contract with you and is processed in order for us to supply and deliver the goods you have purchased and to keep all resultant records of the transaction. Lawful ground for processing: The performance of a contract between you and us (at your request) and our Legitimate Interest in keeping proper records of these transactions.

• Communication Data - Any communication that you send to us through our website, by email, social media messaging, social media posting or any other method when enquiring about our products. We process this data for the purposes of replying to your communication and to keep records of this. Lawful ground for processing: Our legitimate interests to reply to communications sent to us, to keep records and to establish, pursue or defend legal claims.

• User Data - Includes all data we have collected through cookies on our website for the purpose of operating our website, ensuring relevant content is provided to you, ensuring the security of our website, maintaining back- ups of our website and to enable publication and administration of our website, other online services and business. Lawful ground for processing: Our legitimate interests to properly administer our website and our business and your consent to our use of cookies via the cookie banner that appears on the website.

• Technical Data - Includes data sourced from our analytics about your use of our website such as your IP address, login data, browser/ device details, length and frequency of visits, page views and navigation paths, date and time of visit and other technology on the devices you use to access our website. We process this data to analyse your use of our website and other online services, to administer and protect our business and website, to deliver relevant website content and advertisements to you and to understand the effectiveness of our advertising. Lawful ground for processing: Our legitimate interests to enable us to properly administer our website and marketing strategy.

• Marketing Data - Includes data you have provided to us about your marketing and communications preferences when you consented to us sending you details about our products, promotions or offers. This data is processed to deliver relevant website content and advertisements to you and to measure or understand the effectiveness of this advertising. Lawful ground for processing: Your consent and our legitimate interests in ensuring that you receive information about goods and services that may be of interest and relevance to you.

• Sensitive Data - We do not collect any Sensitive Data about you. Sensitive data is defined as data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, information about your health, genetics or biometric data. We also do not collect any information about criminal convictions and offences nor do we carry out any automated decision making or profiling.

Lawful Disclosure - We may process your personal data without your knowledge or consent where this is required or permitted by law.

HOW WE COLLECT YOUR PERSONAL DATA

Your personal data may be collected when you provide your data directly to us (for example through an online email subscription form) Certain data may also be automatically collected from you as you use our website through cookies and similar technologies. (See our Cookie Policy) We may also receive data from third parties based outside of the EU including analytics providers (Google), advertising networks (Facebook, Google, Bing), search engines (Google, Yahoo, Bing) and various providers of technical, payment and delivery services. Lastly, we may also receive data from publicly available sources such as Companies House and the Electoral Register based inside the EU.

MARKETING COMMUNICATIONS

Our lawful ground of processing your personal data in order to send you relevant marketing communications, is either your (opt-in) consent or our legitimate interests (namely the growth and welfare of our business)

Under the Privacy and Electronic Communications Regulations, you may receive marketing communications from us if (i) you made a purchase or asked for information from us about our goods or services or (ii) you agreed to receive marketing communications and in each case you have not opted out of receiving such communications.

Under these regulations, if you are a limited company, we may send you marketing emails without your consent. However, you still have a choice and can opt out of receiving marketing emails from us at any time.

We will not share your personal data with any third party for their own marketing purposes.

You can ask us to stop sending you marketing messages at any time by following the opt-out links on any marketing message we have sent you or by emailing us at MyData @ enderlegard.com Note: If you opt-out of receiving marketing communications this opt-out does not apply to personal data previously provided as a result of other transactions including the previous purchase of goods from us.

DISCLOSURES OF YOUR PERSONAL DATA

In some instances, we may have to share your personal data with third parties that we use to provide our services. We require that these parties guarantee compliance with legislation on the processing of personal data and we will only permit such third parties to process your personal data for specified purposes and in accordance with our instructions. The third parties in question belong to the following categories:

• Internet providers and companies who specialise in IT and system administration services.
• Payment processors and fraud prevention agencies
• Professional advisors (accountants, banking operators, lawyers, insurers)
• Analysis tools providers
• Government bodies
• Social media organisations
• Customer Support tools providers
• Marketing and email providers
• Companies providing courier and distribution services
• Internal communication tools providers

Under some circumstances we may be required to share your data without your consent, for example if we are required by the police, the courts or for other legal reasons. We may also transfer your personal data to a buyer or potential buyer in the event that our assets - or part thereof - are acquired by another organisation. In this case, the purchaser will be required by law to use your personal data only as described in the General Data Protection Regulations 2016.

INTERNATIONAL TRANSFERS OF YOUR PERSONAL DATA

In some circumstances your personal data may be transferred to countries outside the European Economic Area (EEA). In these instances, we will endeavour to ensure that an adequate level of data protection is in place to provide a similar degree of security to your data as provided under the provisions of the General Data Protection Regulations 2016.

• We will only transfer your personal data to countries that the European Commission have approved as providing an adequate level of protection for personal data by; or
• Where we use certain service providers, we may use specific contracts or codes of conduct or certification mechanisms approved by the European Commission which give personal data the same protection it has in Europe; or
• If we use US-based providers that are part of EU-US Privacy Shield, we may transfer data to them as they have equivalent safeguards in place.

If none of the above safeguards is available, we may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.

DATA SECURITY

To protect your personal data, we take all reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed without authorisation. We only permit access to your personal data to those employees and partners who have a legitimate business need to know such data and will ensure that they process your personal data confidentially and on our instructions only. If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards. Notwithstanding, we have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach if we are legally required to.

DATA RETENTION

We will only keep your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. After this period, your data will be permanently erased or in some circumstances we may anonymise your personal data for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

• When you have purchased goods from us, we will retain the billing data until the end of the relevant accounting period, normally seven years from the billing date;
• When you make a payment, we will retain your payment details up to the certification of the payment and the completion of the relevant administrative-accounting formalities regarding your right of withdrawal and the terms applied for the disputing of the payment;
• When you give us your consent to send you marketing communications, you can withdraw your consent at any time. We will consider your consent to be current for 2 years from your last interaction with any email that we send you;
• When we use your personal data and browsing history to analyse your behaviour in order to customise the website and to show you personalised sales offers, we will keep the data for analytical purposes until you ask us to delete it;
• When we use personal data for market research and satisfaction surveys, we will keep the data until you ask us to stop.
• When you contact our Customer Care team, we will keep any additional personal data you provide that is specific to your inquiry for as long as you remain an active customer of www.enderlegard.com

YOUR RIGHTS

Under data protection laws you have rights in relation to your personal data. These may include:

• The right to access to your personal data;
• The right to rectification of your personal data;
• The right to object to and restriction our processing of your personal data;
• The right to be forgotten; erasure of your data;
• The right to data portability;
• The right (where lawful ground of processing is consent), to withdraw consent.

You may read more about your rights in the EU general data protection regulation Chapter III, at https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens_en or at https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/

To exercise your rights or if you otherwise have any questions regarding our processing of your personal data, you may contact us at MyData @ enderlegard.com

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive or refuse to comply with your request in these circumstances.

Note: We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. We try to respond to all legitimate requests within one month but it may on occasion take longer if your request is complex or you have made a number of requests. In this case, we will notify you.

If you are unhappy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk) Our registration number at the ICO is ZA850850

CHANGES TO THIS PRIVACY POLICY

This Privacy Policy was last updated on May 23, 2024. We reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this policy, we will notify you here that it has been updated so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it.

QUESTIONS AND CONTACT INFORMATION

If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information contact MyData @ enderlegard.com