Concerning the privacy of your data
The Fitting Room is a trading name of sole trader Clare Glenister who is the Data Controller for this small, independant business. We are committed to protecting your privacy and maintaining the security of any personal information (personal data) received from you. We strictly adhere to the requirements of the EU General Data Protection Regulation 2016/679 (GDPR).
The purpose of this policy is to explain to you what personal data we collect, how we may use it, your rights over it, how we keep it secure, how we report on it, and how to complain about our use of it.
Your rights under the GDPR include:
Right to access - you are entitled to a copy of your personal data, free of charge
Right to restrict processing - under certain circumstances you can request the restriction of use
Right to rectification - you are entitled to ensure any data held is accurate
Right to erasure - under certain circumstances you can request your data is removed (known as the "right to be forgotten")
Right to data portability - you are entitled to a copy of your data in a common electronic format
Right to object to automated decision-making - under certain circumstances, you can request that your data is not used to make automated decisions about you that could have legal consequences
Right to complain - you can lodge a complaint with the ICO
How we collect and use your personal information
If you visit us and make a purchase in store, this purchase information will be stored within our database to enable us to comply with taxation laws. The order will be processed using the Data Processing Procedure set out below. In this instance we will seek your permission to use your email address, name and telephone number for our records. If you require the item to be posted your address will also be required. If you supply us with an email address you will receive an email outlining the details of the order you have placed. Upon request we are able to provide you with your size and past purchase history should you require it. You are not obliged to set up an account.
Should someone ask for this information to enable them to purchase a gift for you we will only give them the style number and size from a past order to help them make a purchase, no other personal information will be disclosed.
If you place an order in our store for items not in stock today (special order) your information will be stored within an encrypted and password protected spreadsheet, this information will be deleted when your order has arrived at our store and it has been processed, collected and paid for.
When you place a special order we will require your telephone number so we can contact you to let you know that the order has arrived with us.
Data Processing Procedure
When you place an initial order with us, we collect sufficient data to allow us to process and fulfil your order. This includes your:
Name, Billing Address, Email Address, Telephone Number and, if applicable, your Company Name, Shipping Adress and VAT Registration Number.
We collect additional information (data) in order to comply with the EU Rules governing the supply of Digital Services. This includes your:
IP Address, Hostname, Country Location, Device Used, Date and Time
You have the right to withhold any personal data that is not required for the order process, but you must give your consent to our Terms and Conditions in order for us to provide you with our services.
We use the personal data collected to notify you of your purchase and to communicate with you in connection with all matters relating directly to the order you have placed.
It is your responsibility to ensure that the personal data provided to us is accurate and up to date. You can update your personal contact details, including email address and phone number, by visiting your account online or contacting us by email or telephone.
From time to time we may send you updates of our products and services. We will only contact you if we have acquired your specific consent.
We do not sell, rent, share, or exchange your personal data with any third party for commercial reasons. We will only share your personal data with any organisation, agency, or regulatory body if required to do so by law.
We do not collect sensitive data about you.
You can ask us what personal data we hold on you at any time, free of charge. In order to maintain the accuracy of the data, you can check, update, amend, or remove personal data by logging into your Account. You can also contact us directly - please see below.
How we keep your details safe
All website purchases take place in a safe environment using the latest security technology to protect our customers. We encrypt yourpersonal information to ensure your transactions with us are private and protected. We accept orders only from web browsers that permit communication through Secure Socket Layer (SSL) technology and can be identified by the green padlock in your browser. This encryption makes it virtually impossible for unauthorised parties to read any information that you send us.
Processing Paypal Payments
PayPal is a fast and convenient way of transacting online without the need to input payment details. We share your name, email, shipping address and basket details securely with PayPal to process your order. With regards to your personal data used in PayPal transactions, both PayPal and Clare Glenister are each respectively a data controller. This means that we each, independently maintain privacy policies, notices and procedures governing our use of your personal data.
Delivering Your Goods
We will use your personal contact details such as name, postal address, phone number and email address that you provide to us in respect of delivering products or services to you. We will share this information with our delivery partners who may contact you to arrange a convenient delivery time and provide you with updates as to when the order will arrive.
Processing Returns and Refunds
We use your customer account and contact details to verify any returns and refunds that we process by Paypal.
Who is able to access my information?
How we use third parties for storing and processing your information
We use third party agencies (known as Subprocessors) to process your personal data only as is necessary to provide you with our services, maintain appropriate records for regulatory and taxation purposes, and keep your personal data secure.
Any Subprocessor engaged in the processing of personal information is also required to be GDPR compliant.
Where your personal data is transferred outside of the EEA (European Economic Area), specific protections are required. Certain agencies require access to your personal data. For example, a bank or card processing agency may need to verify your personal information for authorisation outside the EEA.
Under the GDPR, transfers of personal data outside the EEA are restricted unless the receiving entity has obtained an "adequacy decision" from the EU Commission or there is a valid data transfer mechanism in place.
How long we retain your personal information
After placing an order with our site your personal data is retained for 6 years after the current taxation year to enable us to comply with all legal taxation requirements. Legal and Statutory requirements determine how long we are required to retain certain types of data. Broadly, these include:
Value Added Tax Laws (at least 6 years)
Administrative Law (the body of Law and legal work that deals with Government agencies)
In the absence of any legal requirements, personal data will only be retained as long as is necessary to provide you with the agreed services. Data will be erased if you withdraw consent to the data being processed or held and request it be erased, except where any data may be required to be held for Statutory, Historical or Statistical purposes.
From time to time during the retention period, the need to retain identified data will be reviewed. In particular, the type of data and its purpose for processing will be re-considered and whether there remain lawful grounds for its continued processing. Out of date information will be archived.
Following the expiration of the applicable retention period, personal data may not necessarily be completely erased, if it is considered sufficient to anonymise the data. This may, for example, be achieved by means of:
Erasure of any unique identifier which enables the allocation of particular data to an individual person
Erasure of single pieces of personal data that identify an individual person
Separation of personal data from non-identifying information, for example, an order number from a Client's name and address
Aggregation of personal data in a way that no allocation to any individual person is possible
How we maintain the security of your personal information
We follow strict security procedures in the storage and disclosure of information you have given us, to prevent unauthorised access in accordance with the EU General Data Protection Regulation (GDPR).
Passwords are encrypted and may be automatically generated by our system. We recommend that you use strong Passwords to access your account and that you change them regularly.
We use Bluepark to maintain all of our ecommerce business. The data held by us is stored on servers located within the RapidSwitch facility in Maidenhead, Berkshire. RapidSwitch is one of the UK's leading server hosting providers and is recognised as one of the longest established in the UK. It is part of the AIM-listed Iomart Group PLC, with fully owned world class resilient infrastructure end to end. It is ISO 27001 and 9001 accredited. It has multiple levels of security and staff on-site 24x7x365.
You will be notified of any breach in the security of your personal data by either accidental or deliberate causes, without undue delay. Where required, in respect of certain types of breach identified, we will comply with the GDPR and report to the appropriate authority within the regulatory 72 hours.
A personal data security breach is defined as leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.
We do not send out specific marketing materials via Social Media platforms. If you no longer want to see information from The Fitting Room on your pages, you have the option to unsubscribe or hide all further communications from us.
If you receive our marketing emails but no longer wish to, please click on the "unsubscribe" link in any marketing email, which you may have received from us.
If you have a registered account with us, you can update and change your marketing preferences at any time by going to your account and changing your preferences. Alternatively, simply send us an email and we will change your marketing preferences.
Please note that it may take up to 48 hours for all our systems to process and update your emails marketing preference changes.
Profiling is a term used to describe a form of data processing where significant volumes of data made up of lots of different data types – such as browser history from Cookies, age, gender, size, transaction history, demographics and buying habits – we do not use any form of profiling on our website.
Enquiries and Complaints
If you have any complaints, please contact us by email or telephone so we can deal with your complaint as quickly as possible. We will need to access your personal data and account history to verify your identity for security reasons and deal with the details of your complaint. Details of any complaints received will be logged and recorded so they can be dealt with accordingly.
Right of Erasure
You have the right to request your personal data to be permanently deleted from our records and systems to avoid any further communication with you. Your request will always be considered in light of the legal bases that we hold, store and process your personal data and the purpose that we collected your data. Where the legal bases permits, we will carry out your instruction without undue delay. Please note, however, that where we have a legal or contractual obligation to hold your personal data, we may not be able to carry out your request but we will explain this fully to you. Please address any request to delete your data by email or using the contact us page.
Right to Restrict Processing
Should you believe that we are processing your personal data in a way that you did not understand or agree to and wish to restrict such processing, please email us or use the contact us page.
Right to be Informed
How to complain
If you have a complaint about our use of your personal information, you can contact the Information Commissioner's Office (ICO) via their website:
How to contact us
If you have any questions about privacy or about any aspect in connection with your personal information, you can contact us by email at firstname.lastname@example.org, by telephone on 01438 880429, or via our website: https://www.thefittingroomstevenage.co.uk/contact.html
Monday: 9.00am - 8.30pm
Weds: 9.00am - 2.00pm
Thurs: 7.00pm - 8.30pm
Friday 9.00am - 4.30pm
Saturdays 9am - 4pm
Sundays: Call to Book
There is a £20 charge for fitting consultations when a bra is not purchased to cover the wages of our fitting staff. Please see our Fitting Consultation page for more information on this service.