Updated: October 2019

If at any time you are concerned or have questions about how we might be handling your data, please reach out to our Data Protection Officer at DPO@spoke-london.com.

Respoke Limited (“SPOKE”, "We", “Us” and “Our”) is the Data Controller and remains fully committed to the protection of your privacy at all times. The information contained in this policy has been published to inform you of the way in which any Personal Data you provide us with or we collect from you will be used. Please read this information carefully so that you understand how we treat such Personal Data. We will collect, store, use and disclose Personal Data in accordance with all applicable laws relating to the protection of Personal Data.

The information we collect and how we use it

We collect data from you either when you are a prospective customer (e.g. filling in our Fit Finder) or once you become a customer. In order to fulfil your order and any future customer service requests, we need to know certain personal data collected at the time of order. The information we hold will consist of but not be limited to the following: title; name; address; mailing preference flags such as ‘do not mail’; products purchased from us in the past (including their size and cost); telephone number, if offered to us (this will only be used for matters relating to your order); email address; and where we believe you heard about us from. All customers are presumed to be over 18 years of age, it’s only then that you can legally enter a contract. 

Credit card details are encrypted after data entry and are not stored on our systems after use. We do not collect any Special Category Data (sensitive data) such as race, religion, biometrics or health data. It is our policy that your information is private and confidential. Accordingly, the personal information you provide to us is stored in a secure location, kept within the EEA, and is accessible only by designated staff. We also collect data because it is necessary for the pursuit of our legitimate interests. Our legitimate interests are set out below:

• Direct Marketing
• Understanding our customers’ wishes and shopping preferences
• Improving our service and our products

How we use your information for Direct Marketing & how to manage your marketing preferences

1) Marketing by us, Respoke Ltd. When you choose not to opt out of 1st party marketing, we may collect your email address, name and order details so that we can tailor our communications with you and send you relevant offers and news via email or, sometimes, by posting you our latest catalogue. If at any time you wish to opt out of receiving  our catalogues and/or emails, email us at hello@spoke-london.com or modify your marketing preferences at any time using the My Settings section of your account, which you can find here: https://spoke-london.com/pages/settings. We also advertise on digital platforms, such as Facebook, Google and Twitter. We use these platforms to reach you and people like you with relevant, targeted offers and updates from Spoke. To turn off targeted ads on any of these platforms, please see the individual privacy settings for each company.

2) Postal marketing by other companies We work with data pool companies Epsilon Abacus (registered as Epsilon International UK Ltd), Experian plc, Conexance MD SAS, and Wiland Inc (US customers only). These data pools help retailers to share information on what their customers buy. The participating retailers are active in clothing, collectibles, food & wine, gardening, gadgets & entertainment, health & beauty, household goods, and home interiors categories. This pooled information is analysed to understand consumer's wider buying patterns. From this information, customers are sent tailored postal marketing containing suitable offers from retailers that should be of interest to them based on what they like to buy. We do not share email addresses for the purposes of data pooling. If you do not wish to have your order data with us included in these data pools, you can opt out of 3rd party marketing at any time using the My Settings section of your account, which you can find here: https://spoke-london.com/pages/settings.

If you would like to stop all unsolicited postal communications, we suggest that you register with the Mailing Preference Service (MPS). MPS is a free service set up in 1983 and funded by the direct mail industry to enable consumers to have their names and home addresses in the UK removed from lists used by the industry. It is actively supported by the Royal Mail and all directly involved trade associations and fully supported by the Information Commissioner’s Office (ICO). For more information, or if you wish to register with the MPS, please visit their website at www.mpsonline.org.uk

How we use your information to understand our customers’ wishes and shopping preferences

Our communications are designed to tell you about the benefits we can offer so that you have access to our best deals. We use the information we have about you to tailor the content and try to ensure that the offers are as relevant to you as possible. Under the Data Protection Legislation, this might qualify as profiling. If you do not wish us to use your data for this purpose, please email us at DPO@spoke-london.com.

How we use your information to improve our service and our products

We use Zendesk as our customer service software platform, which means that, if you raise a customer service ticket with us or return any item, we store your contact and order details in Zendesk. If at any time you wish this information to be removed, erased or not used in any such way, please make this clear in the feedback you provide us with, or email us at hello@spoke-london.com. We may, from time to time, send you a quick survey about your experiences with us or more broadly about your shopping behaviour. We store this information against your profile so we can better understand our customers and use this insight to improve our service and products.

Data Processors

SPOKE work with a number of trusted suppliers, agencies and businesses in order to provide you with the highest quality products and services you expect from us e.g. delivery companies, our third party logistics partner, and product technicians amongst others. Some of the categories of third parties with whom we share your data are:

• Business partners, suppliers and subcontractors for the performance of any contract we enter into with you.
• Advertisers and advertising networks that require the data to select and serve relevant adverts to you;
• Analytics and search engine providers that assist us in the improvement and optimisation of our sites;

If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply the terms of any agreement or policy to which we are a party, or to protect the rights, property, or safety of SPOKE, our customers, or others. This may include exchanging information with other companies and organisations for the purposes of fraud protection.

How long we keep your data

We contact customers who have not visited our website, purchased from us or opened an email from us in the last 12 months to let them know that we will be suppressing them in our database. If the customer has not purchased for six years we will redact their transactional data. Six years has been selected as this aligns to our requirements for tax purposes.

Your Rights

You have various rights under Data Protection Law. These include:

• The right to ask us not to process your personal data for direct marketing purposes, even if you have given consent;
• If our processing is based on your consent, the right to withdraw any consent you may have given for our processing of your data – if you exercise this right, we will be required to stop such processing if consent is the sole lawful ground on which we are processing that data;
• The right to ask us for access to the data we hold about you and how we use it;
• The right to ask us to rectify any data that we hold about you that is inaccurate or incomplete;
• The right to ask us to delete your data in certain circumstances;
• The right to ask us to restrict our processing of your data in certain circumstances;
• The right to object to our processing of your data in certain circumstances;
• The right to data portability to electronically move, copy or transfer your personal information in a standard form in certain circumstances.

You can exercise any of the rights set out above by contacting DPO@spoke-london.com. In respect of certain of the rights referred to above, we may need more information from you, e.g. to provide further information in order to confirm your identity.

You may also modify your marketing preferences at any time using the My Settings section of your account, found here: https://spoke-london.com/pages/settings. 

You may also lodge a complaint with the UK data protection regulator, the Information Commissioner, should you be dissatisfied with the way we handle your Personal Data.

Disclosures

We will seek to act in the best interests of our customers and will not abuse our position of data controller. We wish to be as clear and transparent as possible and uphold any requests for data disclosure or amendment as soon as possible. Due to the nature of data and catalogue printing, when an amendment is made to data it may take up to six weeks for it to become effective, although we will do everything possible to ensure this time delay is kept to a minimum.

Disclosure of your information

We never disclose your information except in accordance with this Policy and with all applicable laws relating to the protection of Personal Data, including the EU Data Protection Directive 95/46/EC, the EU General Data Protection Regulation 2016/679, the EU ePrivacy Directive 2002/58/EC as amended by Directive 2009/136/EC, as amended or superseded from time to time, and any national implementing legislation (“Data Protection Laws”).

Credit Card Security

We take the security of our customers’ data very seriously and this includes credit card information. On our website at checkout, you are taken to a secure page and should always see a closed padlock beside the URL address or at the top/bottom of your browser window. If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored for as long as is necessary to complete your purchase transaction. After that is complete, only the last 4 digits of your card is kept, in order to respond to customer queries in the event of a payment / refund query. All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers. To learn more, you may also want to read Shopify’s Terms of Service or Privacy Statement.

Cookies

Our websites use cookies for a variety of functions, including to distinguish you from other users of our websites. This helps us to provide you with a good experience when you browse our websites and also allows us to improve our sites. For detailed information on the cookies we use and the purposes for which we use them see our Cookie Policy.

Changes to Our Privacy Policy

If at any time we make a change to this policy, we will update this page to reflect such change. We may email you to notify you of changes but recommend you check this page periodically to ensure you remain happy with the latest version.

Questions, Comments and Getting in Touch

We welcome any questions or comments in relation to this privacy policy, and advise you to send any such communication to DPO@spoke-london.com