Privacy Policy

SHAKERA DESIGN LTD

PRIVACY NOTICE

Last Updated 10/06/2020

This Privacy Notice (“Privacy Notice”) applies to the processing of personal data in connection with the provision of the Shakera Design Ltd t/a Shaku website at www.shaku.co.uk (the “Site”), and all of the goods and services offered on the Site (“Services”). We respect the privacy of every person who visits our Site and/or uses our Services and we are committed to ensuring a safe online experience for all.

1. Purpose of this privacy notice

This Privacy Notice explains our approach to any personal data that we might collect from you or which we have obtained about you from a third party and the purposes for which we process your personal data. This Privacy Notice also sets out your rights in respect of our processing of your personal data. For more information see below.

When we talk about “personal data”, we mean any information which relates to an identified or identifiable living individual. Individuals might be identified by reference to a name, an identification number, location data, an online identifier (such as an IP address) or to other factors that are specific to them, such as their physical appearance.

This Privacy Notice informs you of the nature of the personal data about you that is processed by us and how you can request that we delete it, update it, transfer it and/or provide you with access to it.

This Privacy Notice is intended to assist you in making informed decisions when using the Site and our Services. Please take a moment to read and understand it. It should be read in conjunction with our Terms of Use and our Cookie Policy.

This Privacy Notice only applies to the use of your personal data obtained by us, whether from you directly or from a third party. It does not apply to personal data collected by third parties during your communications with those third parties or your use of their products or services (for example, where you follow links to third party websites over which we have no control, or you purchase goods or services from those third parties).

2. About us

The Site and our Services are made available by Shakera Design Ltd t/a Shaku (“SDL”, “we”, “us, “our”). SDL is the data controller responsible for your personal data. For more information see below.

Shakera Design Ltd t/a Shaku (company no: 12040318) is an English company with its registered office at Castle House, 75-76 Wells Street London, W1T 3QH, England.

3. How to contact us

If you have any questions about this Privacy Notice or want to exercise your rights set out in this Privacy Notice, you can contact us by:

  • sending an email to privacy@shaku.co.uk.
  • writing to Castle House, 75-76 Wells Street London, W1T 3QH.


4. How we collect and receive personal data

We collect and receive personal data using different methods:

Personal data you provide to us.
You may give us your personal data directly. This will be the case when, for example, you contact us with enquiries, complete forms on our Site, subscribe to receive our marketing communications, or provide feedback to us.
You may give us your personal data directly. This will be the case when, for example, you contact us with enquiries, complete forms on our Site, subscribe to receive our marketing communications, or provide feedback to us.
Personal data we collect using cookies and other similar technologies.
When you access and use our Site, we will collect certain technical information about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies (see the “Our use of cookies and similar technologies ” section below).
Personal data received from third parties.
From time to time, we will receive personal data about you from third parties. Such third parties may include analytics providers, payment providers, and third parties that provide technical services to us so that we can operate our Site and provide our Services.
Publicly available personal data.
From time to time we may collect personal data about you (including your contact details, biography, interests or affiliations) from publicly available sources (including open source data sets), media reports or that you or a third party may otherwise make publicly available (for example through speeches at events or publishing articles or other news stories or posts on social media platforms).

5. Who we collect personal data about

We collect and process personal data from the following people:
Site visitors.
If you browse our Site, register as a user on our Site, contact us with an enquiry through our Site, submit a complaint through our Site or use any Services available on our Site, we will collect and process your personal data in connection with your interaction with us and our Site.
Customers
If you buy products or services from us, we may collect and process your personal data in connection with the supply of goods or services to you.

6. Personal data we collect and how we use it   

We use your personal data for the following purposes:
Fulfilment of our Services
We collect and maintain personal data that you submit to us for the purpose of supplying Services (including goods that you have ordered) that you have requested from us via our Site. We may collect and process your personal data whether you are interacting with us on your own behalf or on behalf of any organisation you represent.
The personal data we process may include your name and contact information (such as email address, postal address and telephone number) and your payment information (where applicable). We process this information so that we can fulfil the supply of Services, maintain our user databases and to keep a record of how our Services are being used.
Our legal basis for processing
It is necessary for us to use your personal data to perform our obligations in accordance with any contract that we may have with you, or it is in our legitimate interest or a third party’s legitimate interest to use personal data in such a way to ensure that we provide the our Services in an effective, safe and efficient way.
Use of our Site
We collect and maintain personal data that you submit to us during your use of our Site in the following ways
Registering and accessing your user account.
Our Site and Services provided through our Site may enable or require you to register a member’s account with us in order to gain access to additional features and/or receive exclusive member offers. We will ask all prospective applicants to complete the registration form, providing a username, email address and password.
We will use your personal data in order to process your application for a member’s account. Once you are registered, we will process your username and password to identify you when you login to your account and the secure areas of our Site. We will also process your login information so that we can administer your account and contact you about your account.
Your access to and use of our Site, including any secure member’s area, is subject at all times to our Terms of Use.
Our legal basis for processing
It is necessary for us to use your personal data to perform our obligations in accordance with any contract that we may have with you for the relevant Services, or it is in our legitimate interest or a third party’s legitimate interest to use personal data in such a way to ensure that we provide the relevant Services requested by you and others in a secure and effective way.
Content that you post
If you submit any content to us, including via our Site, such as photographs, quotes or testimonials, we may process any personal data comprised within that content for the purposes of making available particular Services via our Site and promoting our Site and Services.
We may also allow third parties to use the content that you provide (please see ‘Content requests’ below). If the use of such content would involve the use of your personal data, we may use your contact details to ask your permission to use the relevant content, unless we are satisfied that we have a lawful right to use the content without your permission.
Our legal basis for processing
Where we use your content in connection with Services that we provide via our Site, it is in our legitimate interest to use any personal data that you provide to us to ensure that we provide the relevant Service in an effective way.
Where we permit a third party to use your personal data contained within content that you submit, we will do so without your permission if we are satisfied that it is within our or the third party’s legitimate interest to use your personal data, including to promote our Services or services offered by the third party. If it is not within our legitimate interest, we will contact you to ask your permission, in which case our processing of such personal data will be based on your consent. 
Linking to social media sites and interacting with our social media pages
If you click on one of the social media links on our Site or otherwise interact with our social media pages such as on Facebook or Instagram (including interacting with any ‘like’ or similar embedded features on our Site or social media accounts) we and the relevant social media platform may receive information relating to such interaction and may share your personal data in connection with this purpose. For more information about how we use this personal data, please see the Insight and Analysis section below.
Please note that we are a joint controller with the relevant social media platform in respect of the personal data we use which is collected via your use of our social media pages. Your personal data may be used by the relevant social media platform for additional purposes. For details of how the relevant social media platform uses your personal data, please see the privacy policy of the relevant social media platform. 
Our legal basis for processing
It is in our legitimate interest or a third party’s legitimate interest to use personal data in such a way to ensure that we provide the Site and our Services in an effective way and to promote our Site and our Services via social media.
Customer service and general enquiries
Our Site features a “Contact Us” page which invites you to submit general enquiries about our Site and our Services by email.
When you make an enquiry, we will collect and process your name, contact information (including email address and/or telephone number) and any other personal data that is relevant to your enquiry. We use this information to manage and respond to your enquiry.
Our legal basis for processing
It is in our legitimate interest to use your personal data in the ways described above to ensure that we are able to help you with your enquiry and provide a good standard of service to you.
Surveys and feedback
From time to time, we will invite you to provide feedback about us, our Site or our Services in the form of online surveys. We will collect and process your name and contact details (including email address, postal address and telephone number, as applicable) and any other personal data you choose to volunteer in your survey response or other feedback.
We use this information to help us to monitor and improve our Site and Services and to assist with the selection of future product and service lines.
You can also voluntarily provide feedback by contacting our Customer Service team. Please see “Customer service and general enquiries” for more information.
Our legal basis for processing
It is in our legitimate interest to use the personal data provided by you so that we can improve our Services and provide them in an effective way.
Insight and analysis
We analyse your contact details with other personal data that we observe about you from your interactions with our Site, [our email communications] and/or with our Services, such as the products you have purchased or viewed.
Where you have given your consent (where lawfully required), we use cookies, log files and other technologies to collect personal data from the computer hardware and software you use to access the Sites, or from your mobile device. This includes the following:
  • an IP address to monitor Site traffic and volume;
  • a session ID to track usage statistics on our Site; and
  • information regarding your personal or professional interests, demographics, experiences with our Services and contact preferences.
Our Site and emails contain cookies, web beacons, pixel tags and other similar technologies (“Tags”). Tags allow us to [track receipt of an e-mail to you, to] count users who have visited a web page [or opened an email] and collect other types of aggregated information. [Once you click on an email that contains a Tag, your contact information may subsequently be cross-referenced to [the source email] and/or the relevant Tag].
[In some of our email messages, we use a “click-through URL” linked to certain websites administered by us or on our behalf. We may track click-through data to assist in determining interest in particular topics and measure the effectiveness of these communications.]
Please see our Cookie Policy  for further information.
This information is used to create insights about our visitors’ browsing habits on our Site. Where we have your consent to do so, we will also use your location data for insight and analysis purposes. 
By using this information, we are able to measure the effectiveness of our content and how visitors use our Site and Services. This allows us to learn what pages of our Site are most attractive to our visitors, which parts of our Site are the most interesting and what kind of features and functionalities our visitors like to see.
We also use this information to help us with the selection of future product and service lines, website design and to remember your preferences.
We also use this information for marketing purposes (see the “Marketing Activities” section below for further details).
Our legal basis for processing
Where your data that we process is anonymised, we do not require a legal basis to use it as the information does not constitute personal data. However, our collection and use of such anonymised personal data may be subject to other laws where your consent is required. Please see our Cookie Policy  for further details.
Where your personal data is not in an anonymous form, it is in our legitimate interest to use your personal data in such a way to ensure that our Site and our Services are provided in an effective way.
Where we use Tags to obtain your personal data, we shall rely on your consent.
We will only use your location data for insight and analysis purposes where we have your consent to do so.
Marketing activities
We carry out the following marketing activities using your personal data:
Email marketing
We use your name and email address to send you marketing communications by email. Our email marketing communications will include press releases and information [insert description of content], as well as general information about our organisation, our Site, the Services we provide and the events and promotions we offer.
Our email marketing will include personalised and non-personalised email marketing. Personalised marketing is marketing which has been specifically tailored to you. For example, our personalised email marketing will feature services, events, offers and/or promotions that we think are most likely to appeal to you. Non-personalised marketing is marketing about our services, events, offers and/or promotions generally and is not tailored to any particular individual. 
Where we are sending you personalised email marketing, we also use information that we observe about you from your interactions with our Site [with our email communications to you,] and/or with our Services in order to decide what sort of personalised marketing communications to send you. Please see the “Insight and Analysis” section above for more details about the personal data collected and how it is collected.
Our legal basis for processing
Where data that we process is anonymised, we do not require a legal basis to use it as the information does not constitute personal data. However, our collection and use of such anonymised information may be subject to other laws where your consent is required. Please see our Cookie Policy  for further details.
We will only send you marketing communications by email where you have consented to receive such communications, or where we have another lawful right to send such communications to you.
Online personalised advertising
We use information that we observe about you from your interactions with our Site, [with our email communications to you] and/or with our Services (see the Insight and Analysis section above for more details of the information collected and how it is collected) to provide you with personalised online advertising. 
The suppliers that we use for this purpose are described in our Cookie Policy.
Our legal basis for processing
Where data that we process is anonymised, we do not require a legal basis to use it as the information does not constitute personal data. However, our collection and use of such anonymised personal data may be subject to other laws where your consent is required. Please see our Cookie Policy for further details.
Where your personal data is not in an anonymous form, it is in our legitimate interest to use your personal data for marketing purposes.
Social media remarketing
We use information that we observe about you from your interactions with our Site, with our email communications to you, and/or with our Services to provide you with personalised advertising on social media channels, including those operated by Facebook (including Instagram), Snapchat, and/or Google.
We do this by securely providing your personal data to the relevant social media platform so that they can identify whether you are registered with their service and, if so, provide the personalised advertising to you.
Such activity is also subject to the privacy choices you have elected to make on such services.
Please see the “Insight and Analysis” section above for more details about the personal data collected and how it is collected. 
Our legal basis for processing
Where data that we process is anonymised, we do not require a legal basis to use it as the information does not constitute personal data. However, our collection and use of such anonymised personal data may be subject to other laws where your consent is required. Please see our Cookie Policy for further details.
Where your personal data is not in an anonymous form, it is in our legitimate interests to use your personal data so that we can promote our Services to you via social media.
Social media insight
Where you are a registered user of a social media platform, including those offered by Facebook (including Instagram), Snapchat or Google, we will provide your personal data to the relevant social media platform as described in the Social Media Remarketing section above, and we then ask the operator of the social media platform to find other registered users who share similar interests to you based on:
  • information that we observe about you from your interactions with our Sites, [with our email communications to you] and/or with our Services (see the “Insight and Analysis” section above for more details of the information collected and how it is collected); and
  • the information Facebook (including Instagram), Snapchat and/or Google hold about you.
    This is known as ‘lookalike’ audience advertising. Please note that such activity is also subject to the privacy choices you have elected to make on such services.
    Our legal basis for processing
    Where data that we process is anonymised, we do not require a legal basis to use it as the information does not constitute personal data. However, our collection and use of such anonymised personal data may be subject to other laws where your consent is required. Please see our Cookie Policy for further details.
    Where your personal data is not in an anonymous form, it is in our legitimate interest to use your personal data for marketing purposes.

    7. If you fail to provide your personal data

    Where we are required by law to collect your personal data, or we need to collect your personal data under the terms of a contract we have with you, and you fail to provide that personal data when we request it, we may not be able to perform the contract we have or are trying to enter into with you. This may apply where you do not provide the personal data we need in order to provide the Services you have requested from us or to process an application for employment with us. In this case, we may have to cancel your application or the provision of the relevant Services to you, in which case we will notify you.

    8. How we obtain your consent

    Where our use of your personal data requires consent, you can provide such consent:

    • at the time we collect your personal data following the instructions provided; or
    • by informing us using the contact details set out in the “How to Contact Us” section above.

    9. Our use of cookies and similar technologies 

    Our Site may use certain cookies, web beacons, pixel tags, log files and other technologies. Please see our Cookie Policy  to find out more about the cookies and other similar technologies we use, the purposes for which we use them and how to manage, block or delete them.

    10. Third party links and services

    This Privacy Notice does not apply to your interaction with services provided by third parties.

    Our Site may contain links to third party websites and services

    When you use a link to go from our Site to another website (even if you don’t leave our Site) or you request a service from a third party, this Privacy Notice shall not apply to the processing of your personal data carried out by the relevant third party provider.

    Your browsing and interactions on any other websites, or your dealings with any other third party service provider, is subject to that website’s or third party service provider’s own rules and policies. For example, our website invites you to connect with us on social media platforms such as Facebook and Instagram. When you click on the links we provide to such platforms, you will be transferred from our website to the relevant platform and the privacy notice (and other terms and conditions) of that platform will apply to you.

    We do not monitor, control or endorse the privacy practices of any third parties.

    We encourage you to become familiar with the privacy practices of every website you visit or third party service provider that you use in connection with your interaction with us and to contact them if you have any questions about their respective privacy notices and practices.

    This Privacy Notice applies solely to personal data processed by us through your use of our Site, your receipt of our Services and/or in connection with our business operations. It does not apply to the processing of your personal data by these third party websites and third party service providers.

    11. Sharing personal data

    We will only share personal data with others when we are legally permitted to do so. When we share personal data with others, we put contractual arrangements and security mechanisms in place to protect the personal data shared and to comply with our data protection, confidentiality and security standards and obligations.

    When processing your personal data, we may need to share it with third parties as follows:

    Third-party organisations that provide applications/functionality, data processing or IT services: We share personal data with third parties who support us in providing our Services and help provide, run and manage our internal IT systems. Such third parties may include, for example, providers of information technology, cloud-based software as a service providers, identity management, website hosting and management, data analysis, data back-up, security and storage services. The servers powering and facilitating that cloud infrastructure are located in secure data centres around the world, and personal data may be stored in any one of them. We also share your personal data with third-party service providers to assist us with insight analytics. These providers are described in our Cookie Policy .

    Backend fulfilment partners: We share personal data with third parties that assist us with backend fulfilment, such as Shopify Inc.

    Payment providers and banks: We share personal data with third parties who assist us with the processing of payments and refunds, such as Stripe Inc.

    Third-party email marketing and CRM specialists: We share personal data with specialist suppliers who assist us in managing our marketing database and sending out our email marketing communications and user-related communications.

    Suppliers of postal and courier services: We share personal data with suppliers who assist us in sending out our postal marketing communications and membership-related communications.

    Auditors, lawyers, accountants and other professional advisers: We share personal data with professional services firms who advise and assist us in relation to the lawful and effective management of our organisation and in relation to any disputes we may become involved in.

    Law enforcement or other government and regulatory agencies and bodies: We share personal data with law enforcement or other government and regulatory agencies or other third parties as required by, and in accordance with, applicable law or regulation.

    Sharing with other third parties: Occasionally, we may receive requests from third parties with authority to obtain disclosure of personal data, such as to check that we are complying with applicable law and regulation, to investigate an alleged crime, or to establish, exercise or defend legal rights. We will only fulfil requests for personal data where we are permitted to do so in accordance with applicable law or regulation.

    This list is non-exhaustive and there may be circumstances where we need to share personal data with other third parties in order to operate our Site and to provide our Services.

    12. Transfers outside the european economic area (“eea”)

    Where necessary in order to operate our Site and to otherwise deliver our Services, we will transfer personal data to countries outside the EEA.

    Non-EEA countries do not have the same data protection laws as the EEA. In particular, non-EEA countries may not provide the same degree of protection for your personal data, may not give you the same rights in relation to your personal data and may not have a data protection supervisory authority to help you if you have any concerns about the processing of your personal data. However, when transferring your personal data outside the EEA, we will comply with our legal and regulatory obligations in relation to your personal data, including having a lawful basis for transferring personal data and putting appropriate safeguards in place to ensure an adequate level of protection for the personal data.

    We will take reasonable steps to ensure the security of your personal data in accordance with applicable data protection laws.

    When transferring your personal data outside the EEA, we will ensure that, where required by applicable law, at least one of the following safeguards is implemented:

    Adequacy decisions: We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en

    Model clauses: Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en.

    EU-U.S. Privacy Shield: Where we have partners or suppliers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US. For further details, see https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/eu-us-privacy-shield_en.

    Please contact us if you would like further information on the specific mechanisms used by us when transferring your personal data outside the EEA.

    13. How long we keep your personal data

    In respect of personal data that we process in connection with the supply of our Services, we may retain your personal data for up to six years from the date of supply of the relevant Services and in compliance with our data protection obligations. We may then destroy such files without further notice or liability.

    In respect of any other personal data that we process, we will retain relevant personal data for up to three years from the date of our last interaction with you and in compliance with our data protect obligations. We may then destroy such files without further notice or liability.

    If any personal data is only useful for a short period (e.g. for a specific event or marketing campaign), we will not retain it for longer than the period for which it is used by us.

    If you have opted out of receiving marketing communications from us, we will need to retain certain personal data on a suppression list indefinitely so that we know not to send you further marketing communications in the future.

    14. Confidentiality and security of your personal data

    We are committed to keeping the personal data you provide to us secure and we will take reasonable precautions to protect your personal data from loss, misuse or alteration.

    We have implemented information security policies, rules and technical measures to protect the personal data that we have under our control from:

    • unauthorised access;
    • improper use or disclosure;
    • unauthorised modification; and
    • unlawful destruction or accidental loss.

    All our employees and data processors (i.e. those who process your personal data on our behalf, for the purposes listed above) who have access to and are associated with the processing of personal data are obliged to respect the confidentiality of the personal data of all users of our Site and our Services.

    15. Personal data of children

    We do not specifically target our Sites or our Services at children. However, due to the nature of our organisation and the Services we provide, we may from time to time collect and process personal data relating to individuals under the age of 18. Where we do so, we will comply with all applicable laws and regulations relating to the processing of personal data of minors. However, if you are under the age of 18, you must ask a parent or guardian for permission before using our Site and our products and services. If you are a parent or guardian, please supervise your child’s use of our Site and our Services.

    16. How to access your information and your other rights

    You have the following rights in relation to the personal data we hold about you. If you would like to exercise any of these rights, please contact us using the details set out in How to contact us.

    Your right of access

    If you ask us, we will confirm whether we are processing your personal data and, if so, provide you with a copy of that personal data (along with certain other details). If you require additional copies, we may charge a reasonable fee for producing those additional copies.

    Your right to rectification

    If the personal data we hold about you is inaccurate or incomplete, you are entitled to have it rectified. If we have shared your personal data with others, we’ll let them know about the rectification where possible. If you ask us, where possible and lawful to do so, we will also tell you who we’ve shared your personal data with so that you can contact them directly.

    Your right to erasure

    You can ask us to delete or remove your personal data in some circumstances, such as where we no longer need it or where you withdraw your consent (where applicable). If we have shared your personal data with others, we will let them know about the erasure where possible. If you ask us, where it is possible and lawful for us to do so, we will also tell you who we have shared your personal data with so that you can contact them directly.

    Your right to restrict processing

    You can ask us to ‘block’ or suppress the processing of your personal data in certain circumstances such as where you contest the accuracy of that personal data or you object to us processing it for a particular purpose. This may not mean that we will stop storing your personal data but, where we do keep it, we will tell you if we remove any restriction that we have placed on your personal data to stop us processing it further. If we’ve shared your personal data with others, we’ll let them know about the restriction where it is possible for us to do so. If you ask us, where it is possible and lawful for us to do so, we’ll also tell you who we’ve shared your personal data with so that you can contact them directly.

    Your right to data portability

    You have the right, in certain circumstances, to obtain personal data you have provided to us (in a structured, commonly used and machine readable format) and to reuse it elsewhere or to ask us to transfer it to a third party of your choice.

    Your right to object

    You can ask us to stop processing your personal data, and we will do so, if we are:

    • relying on our own or someone else’s legitimate interest to process your personal data, except if we can demonstrate compelling legal grounds for the processing; or
    • processing your personal data for the purposes of direct marketing.

      Your rights in relation to automated decision-making and profiling

      You have the right not to be subject to a decision when it is based on automatic processing, including profiling, if it produces a legal effect or similarly significantly affects you, unless such profiling is necessary for the entering into, or the performance of, a contract between you and us.

      Your right to withdraw consent

      If we rely on your consent (or explicit consent) as our legal basis for processing your personal data, you have the right to withdraw that consent at any time. You can exercise your right of withdrawal by contacting us using our contact details in the “How to Contact Us ” section above or by using any other opt-out mechanism we may provide, such as an unsubscribe link in an email.   

      Your right to lodge a complaint with the supervisory authority

      If you have a concern about any aspect of our privacy practices, including the way we have handled your personal data, please contact us using the contact details provided in the “How to Contact Us” section above. You can also report any issues or concerns to a national supervisory authority in the Member State of your residence or the place of the alleged infringement. You can find a list of contact details for all EU supervisory authorities at: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm. As we are incorporated in the UK, our regulatory authority is https://ico.org.uk.

      17.Changes to this privacy notice

      We may make changes to this Privacy Notice from time to time

      To ensure that you are always aware of how we use your personal data, we will update this Privacy Notice from time to time to reflect any changes or proposed changes to our use of your personal data. We may also make changes to comply with changes in applicable law or regulatory requirements.

      We will notify you by e-mail of any significant changes to this Privacy Notice. However, we encourage you to review this Privacy Notice periodically to be informed of how we use your personal data.