Who we are
GAIA LONDON is womenswear brand designed and made in the United Kingdom. Our website address is https://gaia-london.com.
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
What personal data we collect
If you place an order, complete a form on our Website, correspond with us by phone, email, or in writing, report a problem, sign up to receive our communications, or request to receive information about our products and/or services, we may collect and process the following data: name, address, telephone number and email address.
If you visit our Website, we may automatically collect the following information: technical information, including the internet protocol (IP) address used to connect your computer to the Internet, login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; information about your visit to our Website such as the products and/or services you searched for and view, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.
How we use your personal data
When we ask you to supply us with personal data we will make it clear whether the personal data we are asking for must be supplied so that we can provide the products and services to you, or whether the supply of any personal data we ask for is optional.
Contract performance: we may use your personal data to fulfil a contract, or take steps linked to a contract:
To provide the products and/or services to you; to communicate with you in relation to the provision of the contracted products and services; to provide you with administrative support such as account creation, security, and responding to issues; and
to provide you with information about our awards and events, offers and promotions, related to the products and/or services.
Legitimate interests: where this is necessary for purposes which are in our, or third parties, legitimate interests. These interests are:
Communicating with you in relation to any issues, complaints, or disputes;
improving the quality of experience when you interact with our products and/or services, including testing the performance and customer experience of our Website;
performing analytics on sales/marketing data, determining the effectiveness of promotional campaigns.
NOTE: you have the right to object to the processing of your personal data on the basis of legitimate interests as set out below, under the heading Your rights.
Where you have given your consent to receive marketing communications, or we have provided you with products and services in the past (Soft Opt in) we may use your personal data to: send you newsletters, surveys, information about our events, offers, and promotions, related to products and services offered by GAIA LONDON which may be of interest to you.
We may do this through the post, by email, text message, online, using social media, or by any other electronic means. You may withdraw consent from being contacted via direct marketing via the links on any off our marketing emails or contacting us directly via email to email@example.com.
Where required by law: we may also process your personal data if required by law, including responding to requests by government or law enforcement authorities, or for the prevention of crime or fraud.
Who we share your personal data with
GAIA LONDON will not pass data to any third parties, except to enable us to complete our contracts with you. For example, delivery of your goods.
We ensure that these trusted third parties provide the same level of protection as GAIA LONDON. These third parties have access to your personal information only for purposes of performing these tasks on our behalf.
Where a third-party recipient is located outside the European Economic Area, we will ensure that the transfer of personal data will be protected by appropriate safeguards, namely the use of standard data protection clauses adopted or approved by the European Commission where the data protection authority does not believe that the third country has adequate data protection laws.
We take all reasonable steps to ensure that our staff protect your personal data and are aware of their information security obligations. We limit access to your personal data to those who have a genuine business need to know it.
We may transfer your personal information to other organisations in certain scenarios. For example, if required to by law, under any code of practice by which we are bound or we are asked to do so by a public or regulatory authority such as the Police or the Department for Work and Pensions.
We do not sell your personal information or content and will not share or disclose any of your personal information or content with third parties except as described in this policy. We do not share personal information about you with third parties for their marketing purposes (including direct marketing purposes).
How long we keep your personal data
We will retain a record of your personal information. This is done in order to provide you with a high quality and consistent service.
Where there is a contract between us, and we are the Data Controller we will retain your personal data for the duration of the contract, and for a period of six years following its termination or expiry, to ensure we are able to comply with any contractual, legal, audit and other regulatory requirements, or any orders from competent courts or authorities.
We will always retain your personal information in accordance with law and regulation and never retain your information for longer than is necessary.
Where you have consented to marketing communications, you may change your preferences or unsubscribe from marketing communications at any time by emailing us directly.
How personal data is collected
We take reasonable steps to protect your personal data from loss or destruction. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to our Website; any transmission is at your own risk. Once we have received your personal data, we will use strict procedures and security features to try to prevent unauthorised access.
Under the GDPR, you have various rights with respect to our use of your personal data outlined below.
RIGHT TO ACCESS
You have the right to request a copy of the personal data that we hold about you by contacting us using the details provided. Please include with information that will enable us to verify your identity with your request. We will respond within 30 days of request. Please note that there are exceptions to this right. We may be unable to make all information available to you if, for example, making the information available to you would reveal personal data about another person, if we are legally prevented from disclosing such information. Or if your request is manifestly unfounded or excessive.
RIGHT TO RECTIFICATION
We aim to keep your personal data accurate and complete. We encourage you to contact us using the contact details provided below to let us know if any of your personal data is not accurate or changes, so that we can keep your personal data up to date.
RIGHT TO ERASURE
You have the right to request the deletion of your personal data where, for example, the personal data are no longer necessary for the purposes for which they were collected, where you withdraw your consent to processing, where there is no overriding legitimate interest for us to continue to process your personal data, or your personal data has been unlawfully processed. If you would like to request that your personal data is erased, please contact us using the contact details provided.
RIGHT TO OBJECT
In certain circumstances, you have the right to object to the processing of your personal data where, for example, your personal data is being processed on the basis of legitimate interests and there is no overriding legitimate interest for us to continue to process your personal data, or if your data is being processed for direct marketing purposes. If you would like to object to the pressing of your personal data, please contact us using the contact details provided.
RIGHT TO RESTRICT PROCESSING
In certain circumstances, you have the right to request that we restrict the further processing of your personal data. This right arises where, for example, you have contested the accuracy of the personal data we hold about you and we are verifying the information, you have objected to processing based on legitimate interests and we are considering whether there are any overriding legitimate interests, or the processing is unlawful, and you elect that processing is restricted rather than deleted. Please contact us using the contact details provided.
RIGHT TO DATA PORTABILITY
In certain circumstances, you have the right to request that some of your personal data is provided to you, or to another data controller, in a commonly used, machine-readable format. This right arises where you have provided your personal data to us, the processing is based on consent or the performance of a contract, and processing is carried out by automated means. If you would like to request that your personal data is ported to you, please contact us using the contact details provided.
Please note that the GDPR sets out exceptions to these rights. If we are unable to comply with your request due to an exception, we will explain this to you in our response.
If you have any queries about this Privacy Notice, the way in which GAIA LONDON processes personal data, or about exercising any of your rights, please send an email to firstname.lastname@example.org.
If you believe that your data protection rights may have been breached, and we have been unable to resolve your concern, you may lodge a complaint the applicable supervisory authority or to seek a remedy through the courts. Please visit www.ico.org.uk/concerns for more information on how to report a concern to the UK Information Commissioner’s Office.
Any changes we may make to our Privacy Notice in the future will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes.