WHO WE ARE
We are Tilley Endurables Ltd. Our UK address is 6 Tresprison Court, Helston, Cornwall, TR13 0QD. You can contact us by post at the above address, by email at email@example.com or by telephone on +44 (0) 1326 574402
We are a data controller and act jointly with respect to the data we collect and process with Tilley Endurables Inc. with a representative in the UK.
TILLEY ENDURABLES SECURITY
Personal information provided on the website and online credit card transactions are transmitted through a secure server. We are committed to handling your personal information with high standards of information security. We take appropriate physical, electronic, and administrative steps to maintain the security and accuracy of personally identifiable information we collect, including limiting the number of people who have physical access to our database servers, as well as employing electronic security systems and password protections that guard against unauthorized access.
Our website uses encryption technology, like Secure Sockets Layer (SSL), to protect your personal information during data transport. SSL encrypts ordering information such as your name, address, and credit card number. Our Customer Care center and stores also operate over a private, secure network. Please note that email is not encrypted and is not considered to be a secure means of transmitting credit card information.
THE INFORMATION WE COLLECT
Generally, you may browse the Tilley website without providing any personally identifiable information with the exception of your internet protocol address and/or service provider. However, we may ask you to provide personally identifiable information at various times and places on this website. In some cases, if you choose not to provide us with the requested information, you may not be able to access all parts of this website or participate in all of its features, pricing, and product selection.
We may collect the following information:
- Contact information including email address, phone and fax number, billing and delivery addresses
- Pictures where these are provided by you
- Financial information such as bank and/or payment card details
- Product interests, purchase history, demographic information, interests, postcode, browser information, user name and password, marketing preferences (for us and relevant third parties), Internet Service Provider (ISP), Internet Protocol (IP) addresses, operating system and platform and other technology on the devices you use to access this website
- Other information relevant to customer surveys and/or offers
For the list of cookies we collect see the List of cookies we collect section. From your purchases and other interactions with us, we obtain information concerning the specific products or services you purchase or use. When you visit this website, our web server automatically collects anonymous information such as log data and IP addresses, and may collect general information concerning your location. We may use the automatically collected information for a number of purposes, such as improving our site design, product assortments, customer service, and special promotions. If we combine or connected this anonymous information with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
We do not collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
Tilley’s website is intended for use by adults. Tilley does not knowingly collect any personal information from children under the age of 13. Those under age 13 should not use Tilley’s website or provide Tilley with any personal information. Where personal information is knowingly collected from 13 to 16-year-old Tilley will not disclose it nor transfer it to third parties without parental consent.
HOW WE USE THE INFORMATION WE COLLECT
We require this information to understand your needs and provide you with a better service, and in particular for the following reasons:
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where we need to perform the contract, we are about to enter into or have entered into with you.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal or regulatory obligation.
Generally, we do not rely on consent as a legal basis for processing your personal data other than in relation to sending third party direct marketing communications to you via email or text message or to display your pictures. You have the right to withdraw consent to marketing at any time as referred to further below.
|Purpose/Activity||Type of data||Lawful basis for processing including basis of legitimate interest|
|To register you as a new customer and process any enquiries you may have.||Name, date of birth, contact information||Performance of a contract with you|
|To process and deliver your order including: (a) Manage payments, fees and charges (b) Collect and recover money owed to us||Name, contact information, delivery and. billing address||(a) Performance of a contract with you (b) Necessary for our legitimate interests (to recover debts due to us)|
|To publish letters and pictures supplied by you only after receiving written permission||Name, contact information, record of consent||Informed consent|
|To enable you to partake in a prize draw, competition or complete a survey||Name, contact information, product preferences, browser history||(a) Performance of a contract with you (b) Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business)|
|To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)||Name, date of birth, contact details, user name and password, Internet Service Provider (ISP), Internet Protocol (IP) addresses, operating system or platform||(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise) (b) Necessary to comply with a legal obligation|
|To deliver relevant website content and advertisements to you, make suggestions and recommendations to you about goods or services that may be of interest to you and measure or understand the effectiveness of the advertising we serve to you||Name, date of birth, contact details, user name and password, Internet Service Provider (ISP), Internet Protocol (IP) addresses, marketing preferences, browser information, purchase history, demographic information||Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)|
|To use data analytics to improve our website, products/services, marketing, customer relationships and experiences||Browser information, user name and password, marketing preferences, Internet Service Provider (ISP), Internet Protocol (IP) addresses, operating system or platform||Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)|
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, contact us using the details provided above.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
We are committed to ensuring that your information is secure. In order to prevent unauthorized access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
OTHERS WITH WHOM WE SHARE YOUR INFORMATION.
The Tilley Endurables: All of the above information that we collect, as described above, may be shared among all Tilley entities, including Tilley Endurables Inc and Tilley Endurables Corp stores, website and Private Sales for the purposes of marketing and data storage.
Service Providers: We also may disclose information to outside companies that help us bring you the products and services we offer. For example, we may work with an outside company to: (a) manage a database of customer information; (b) assist us in distributing emails; (c) assist us with direct marketing and data collection; (d) provide us storage and analysis; (d) provide fraud prevention; and (e) provide other services designed to assist us in maximizing our business potential. We require that these outside companies agree to keep confidential all information we share with them and to use the information only to perform their obligations in our agreements with them.
Other Companies: We may provide information to carefully selected outside companies when we believe their products or services may be of interest to you and when we have received your written consent to do so.
Tilley specifically reserves the right to transfer or share a copy of personally identifiable information collected from its websites to the buyer of that portion of its business relating to that information.
Compliance with Law: We may provide access to information when legally required to do so, to cooperate with police investigations or other legal proceedings, to protect against misuse or unauthorized use of our website, to limit our legal liability, and to protect our rights or to protect the rights, property, or safety of visitors of this website or the public. Examples of such disclosures include HM Revenue & Customs, regulators and other authorities based in the United Kingdom who require reporting of processing activities in certain circumstances.
Tilley partners with advertising companies to place our advertising on publisher websites on the Internet. These advertising companies collect anonymous information about your visits to our web site (not including your name, address, email address or telephone number). This technology involves the use of third party cookies that allow them to develop personalized advertising so that it directly relates to offers that may be of interest to you. You may choose to opt-out of this service we have with our third-party advertising partner. We may also use Tilley cookies to provide similar enhanced online marketing to you based on your interests and preferences. You may also choose to opt out of these enhanced online marketing ads.
Tilley may transfer personal information to non-affiliated third parties, such as a shipping company to fulfill orders, a credit card processing company to bill you for goods and services and an email service provider to send out emails on our behalf (our “Customer Care Partners”), all of which are subject to agreements that prohibit the third parties from using or disclosing the personal information other than for the purpose of processing and which impose security safeguards appropriate to the sensitivity of the information.
Additional recipients could include professional advisers acting as processors or joint controllers including lawyers, bankers, auditors and insurers based in the EU who provide consultancy, banking, legal, insurance and accounting services.
International transfer of personal data
The collection, use, and disclosure of information contemplated in this Policy may involve a transfer of the information to jurisdictions located outside your country of residence that may not have equivalent laws and rules regarding personally identifiable information. By way of example, this may happen if one of our service providers is located in a country outside your home country. In these cases, we will take steps to ensure that your privacy rights continue to be protected.
We share your personal data within the Tilley Endurables group of companies. This will involve transferring your data outside the European Economic Area (EEA).
Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will ensure the recipient country has been deemed an adequate level of protection for personal data by the European Commision.
- Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
- Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US.
Please contact us using the details provided at the end of this document if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
YOUR CHOICES REGARDING USE OF THE INFORMATION WE COLLECT
You have several choices regarding our handling of your non-public personally identifiable information.
Direct Mail or Telephone Marketing: If you shop at the Tilley or Private Sales stores and wish to be removed from the list of customers that receive direct mail or telemarketing calls, please either write to Tilley Customer Care at 6 Tresprison Court, Helston, Cornwall, TR13 0QD or call by telephone on +44 (0) 1326 574402 or email at firstname.lastname@example.org. If you choose to write to us, please include your name and address and state one of the following:
- "NO MAIL OFFERS" (if you don't want to receive offers by mail);
- "NO PHONE OFFERS" (if you don't want to receive offers by phone);
- "NO PHONE OR MAIL OFFERS" (if you don't want to receive either).
COOKIES, WEB BEACONS, AND HOW WE USE THEM
A cookie is a small file which asks permission to be placed on your computer's hard drive. Once you agree, the file is added and the cookie helps analyze web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences. We use traffic log cookies to identify which pages are being used. This helps us analyze data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
A "web beacon" or "pixel tag" or "clear gif" is typically a one-pixel image, used to pass information from your computer or mobile device to a website.
The table below lists the cookies we collect and the information they store.
|COOKIE name||COOKIE Description|
|CART||The association with your shopping cart.|
|CATEGORY_INFO||Allows pages to be displayed more quickly.|
|COMPARE||The items that you have in the Compare Products list.|
|CUSTOMER||An encrypted version of your customer id.|
|CUSTOMER_AUTH||An indicator if you are signed into the store.|
|CUSTOMER_INFO||An encrypted version of the customer group you belong to.|
|CUSTOMER_SEGMENT_IDS||Stores your Customer Segment ID|
|EXTERNAL_NO_CACHE||A flag that, indicates whether caching is on or off.|
|FRONTEND||Your session ID on the server.|
|GUEST-VIEW||Allows guests to edit their orders.|
|LAST_CATEGORY||The last category you visited.|
|LAST_PRODUCT||The last product you looked at.|
|NEWMESSAGE||Indicates whether a new message has been received.|
|NO_CACHE||Indicates whether it is allowed to use cache.|
|PERSISTENT_SHOPPING_CART||A link to information about your cart and viewing history if you have asked the site.|
|RECENTLYCOMPARED||The items you recently compared.|
|STF||Information on products you emailed to friends.|
|STORE||The store view or language you have selected.|
|USER_ALLOWED_SAVE_COOKIE||Indicates whether a customer authorized cookies.|
|VIEWED_PRODUCT_IDS||The products that you recently looked at.|
|WISHLIST||An encrypted list of products added to your wish list.|
|WISHLIST_CNT||The number of items in your wish list.|
Online Account Registration
To make online shopping faster and easier, you may register on the Tilley website. As a registered customer, you only have to enter your shipping addresses once; they will be securely stored with us for your future use. Using your name and a password of your choice, you may access your account online at any time to add, delete, or change information. If you are using a public computer, we strongly encourage you to Sign Out when you finish shopping. Your information will still be stored with us but it will not be accessible to anyone else from that computer.
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
You will receive promotional emails from us only if you have asked to receive them. If you do not want to receive email from Tilley or its affiliates you can click on the "Unsubscribe" link at the bottom of any email communication sent by us. Please allow us 3 business days from when the request was received to complete the removal, as some of our promotions may already have been in process before you submitted your request.
How long is personal information secured?
Tilley will retain your personal information for only as long as necessary for the purposes described in this Policy or such longer period as may be required by law.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
For example; customer’s whom register a hat, which is guaranteed for life, will remain in Tilley’s database for the lifetime of the hat they register.
How can I access or change my personal information, withdraw my consent, or make inquiries or complaints in relation to this Policy and Tilley’s privacy practices?
Tilley will ensure that the personal information it collects is as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used. In order that we can achieve this, please keep us informed if your personal data changes during your relationship with us.
Under certain circumstances, you have rights under data protection laws in relation to your personal data.
- Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
- Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
- Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes.
- Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data's accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
If you wish to exercise any of the rights set out above, please contact
Phone: Customer Service: +44 (0) 1326 574402
Mail: Privacy Officer, Tilley Endurables Ltd., 6 Tresprison Court, Helston, Cornwall, England TR13 0QD
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
If you have consented to the collection, use and/or disclosure of personal information as identified herein, please note that you can also withdraw your consent at any time by communicating with our privacy officer as provided above.
QUESTIONS FOR TILLEY?
- E-mail: email@example.com
- Phone: Customer Service: +44 (0) 1326 574402
- Mail: Customer Service Dept., Tilley Endurables Ltd., 6 Tresprison Court, Helston, Cornwall, England TR13 0QD