Lovehoney Privacy Policy (“Policy”)

This Policy is effective as of May 25, 2018

Our mission statement

Lovehoney understands that your Personal Information is exceptionally important to you, especially given the nature of our website and the products we sell, and when you trust us with it, we have a duty to keep it safe and secure. To that end you can be assured that our data handling policies and standards are fully in line with the current data protection legislation.

Lovehoney complies with all relevant data protection legislation including General Data Protection Legislation (GDPR), UK GDPR and CCPA. We will always apply the most stringent legislation procedures to protect your data.

What we do and don't do...

(a) We do use your Personal Information to provide you with great customer service, which includes tailoring the information we share with you to help ensure that it's relevant, useful and timely.

(b) We do respect your privacy and work hard to meet strict regulatory requirements.

(c) We do go the extra mile to protect your Personal Information.

(d) We don't sell your Personal Information to third parties.

Your Personal Information is in safe hands with Lovehoney and we've prepared this Policy to be completely transparent about how we collect, use and store your Personal Information.

Personal information is any information that can make you directly identifiable from the information in question or a combination of the information including, but not limited to name, age, telephone number, addresses and online identifiers such as cookies (“Personal Information”).

What this Policy contains:

This Policy describes the following important topics relating to your information (you can click on the links to find out more):

1. Overview - the key information you should be aware of

2. How we obtain your Personal Information;

3. Collection of your Personal Information and how we use it;

4. Legal basis for the use of your Personal Information

5. How and why we share your Personal Information with others;

6. How long we store your Personal Information;

7. Your rights;

8. Children;

9. Marketing;

10. Risks and how we keep your Personal Information secure;

11. Links to other websites;

12. Changes to this Policy; and

13. Further questions and how to make a complaint.

Overview – the key information you should be aware of

(A) Who we are: We are Lovehoney Group Limited, a company registered in England and Wales (company number 163408909), whose registered office is 100 Locksbrook Road, Bath, BA1 3EN and we are the data controller of your Personal Information. All references in this Policy to "Lovehoney", "our", "us" or "we" refer to Lovehoney Group Limited [and include its subsidiaries and affiliates]. All references in this Policy to "our website", refer to the website owned by Lovehoney Group Limited at www.lovehoney.com.au.

(B) Our values and what this Policy is for: We value your privacy and want to be accountable and fair as well as transparent with you in the way that we collect and use your Personal Information. We also want you to know your rights in relation to your information which you can find by contacting:

Data Protection Officer,

Lovehoney,

100 Locksbrook Road,

Bath,

BA1 3EN.

OR

Email: GDPR@lovehoneygroup.com

In line with these values, this Policy tells you what to expect when we collect and use your Personal Information. So that you can find the information that is most relevant to you and about our relationship with you we have made our Policy easy for you to navigate.

We are always looking to improve the information we provide to our customers and website users, so if you have any feedback on this Policy, please let us know using our contact details in section 12 or send an email to GDPR@lovehoneygroup.com

(C) Who this policy applies to:

This policy applies to:

1. visitors to our website; and

2. customers who create an account with us.

Depending on your relationship to us, we may collect and use your information in different ways. Please click on the links above to find out the information that we collect about you and how we use this information.

(D) Your right to object:

You have various rights in respect of our use of your Personal Information as set out in section 6. Two of the fundamental rights to be aware of are:

1. you may ask us to stop using your Personal Information for marketing purposes. If you exercise this right, we will stop using your Personal Information for this purpose; and

2. you may ask us to consider any valid objections which you have to our use of your Personal Information where we process your Personal Information on the basis of our, or another person's, legitimate interest.

(E) What you need to do and your confirmation to us:

Please read this Policy carefully to understand how we handle your Personal Information. By engaging with us in the ways set out in this Policy, you confirm that you have read and understood the entirety of this Policy, as it applies to you.

The detail – the key information you should be aware of

1. How we obtain your Personal Information

You may give us Personal Information about yourself by using:

  • online forms provided on our website;
  • setting up an account with us;
  • purchasing product from our website;
  • using the Lovehoney forum on our website;
  • entering a competition, promotion, or survey on our website;
  • contacting us by phone, email, or other means.

This includes, for example, where you provide your Personal Information to us in order to receive products, deliveries, information or services from us.

2. Collection of your Personal Information and how we use it

Please go to the section or sections below that best describes our relationship with you to find out the Personal Information that we collect about you and how we use this information.

2.1 Visitors to our website

(a) What Personal Information we collect about you

We may collect and use any of the following information about you:

(i) your name;

(ii) your email address;

(iii) your telephone number;

(iv) information provided when you correspond with us;

(v) the following Personal Information is created and recorded automatically when you visit our website:

(A) Technical information. This includes: the Internet Protocol (IP) address used to connect your computer to the internet address; your browser type and version; time zone setting; browser plug-in types and versions; operating system and platform; and

(B) Information about your visit and your behaviour on our website (for example, the pages that you click on). This may include the full Uniform Resource Locators (URL) clickstream to, through and from our website (including date and time); products you viewed or searched for; page response times; download errors; length of visits to certain pages; page interaction information (such as scrolling, clicks, and mouse-overs); and methods used to browse away from the page.

(b) How we use your Personal Information

We will collect, use and store the Personal Information listed above for the following reasons:

(i) to allow you to access and use our website (including protected areas of our website);

(ii) for improvement and maintenance of our website and to provide technical support for our website;

(iii) to ensure the security of our website;

(iv) to recognise you when you return to our website, to store information about your preferences, and to allow us to customise the website according to your individual interests;

(v) to evaluate your visit to the website and prepare reports or compile statistics to understand the type of people who use our website, how they use our website and to make our website more intuitive. Such details will be anonymised as far as reasonably possible and you will not be identifiable from the information collected; and

(vi) to deal with any enquiries or issues you have about our website, products and services. If we do not have a contract with you, we may process your Personal Information for these purposes where it is in our legitimate interests for customer services purposes.

Please see sections 2.3 and 2.4 for more details about how we use your Personal Information.

(c) A word about cookies

(i) Some pages on our website use cookies, which are small files of text, often encrypted for privacy, that are stored by your web browser and used to store information between your visits to a website. That information includes the products you have added to your basket, and whether you prefer to view products by 'what's new' or new 'what's best-selling'.

(ii) We use cookies to keep track of your current shopping session so that you may retrieve your shopping basket at any time, and to personalise the contents of our website as well as to ensure a consistent experience. We also use cookies to track how visitors interact with our website to monitor how we are performing.

(iii) Where we use cookies on our website, you may block these at any time. To do so, you can activate the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies), you may not be able to access all or parts of our website or to use all the functionality provided through our website.

(iv) For detailed information on the cookies we use and the purposes for which we use them, please refer to our Cookie Policy here.

2.2 Customers who create an account with us

(a) What Personal Information we may collect about you

We may collect and use any of the following information about you:

(i) your name;

(ii) your postal address;

(iii) your email address;

(iv) your telephone number;

(v) your age;

(vi) your gender;

(vii) your day of birth;

(viii) your anniversary;

(ix) your sexual preference;

(x) your relationship status;

(xi) your credit/debit card details;

(xii) information provided when you correspond with us (such as where you report a problem with your order or account);

(xiii) any updates to information provided to us;

(xiv) information you post on the Lovehoney Forum;

(xv) information you provide when you enter a competition, promotion or survey;

(xvi) information about your account and associated services we provide to you:

(A) information needed to provide our services to you (including information on account opening forms, order details, order history and payment details);

(B) customer services information; and

(C) customer relationship management and marketing information.

(b) How we use your Personal Information

We will collect, use and store the Personal Information listed above for the following reasons:

(i) to provide you with our services as an online retailer;

(ii) to facilitate deliveries of our products to you;

(iii) to deal with any enquiries or issues you have about our website, products, services and your orders;

(iv) to verify your identity;

(v) to send you certain communications you have consented to (including by email, sms or telephone) about our products and services such as administrative messages (for example, setting out changes to our terms and conditions and this privacy policy); and

(vi) if you have consented, we may contact you by email with information about our products and services which we feel will be of interest to you.

Please see sections 2.3 and 2.4 for more details about how we use your Personal Information.

(c) Special categories of data.

Some of the Personal Information that we collect about you or which you provide to us about you may be special categories of data. Special categories of data include information about your sex life or sexual orientation. We treat special categories of data with extra care.

(d) Information we need to provide services to you.

We need certain types of Personal Information so that we can provide services to you and perform contractual and other legal obligations that we have to you. If you do not provide us with such Personal Information, or if you ask us to delete it, you may no longer be able to access our services.

2.3 Whatever our relationship with you is, we may also collect, use and store your Personal Information for the following additional reasons:

(a) to deal with any enquiries or issues you have about how we collect, store and use your Personal Information, or any requests made by you for a copy of the information we hold about you. If we do not have a contract with you, we may process your Personal Information for these purposes where it is in our legitimate interests for customer services purposes;

(b) for internal corporate reporting, business administration, ensuring adequate insurance coverage for our business, ensuring the security of company facilities, research and development, and to identify and implement business efficiencies. We may process your Personal Information for these purposes where it is in our legitimate interests to do so;

(c) to comply with any procedures, laws and regulations which apply to us – this may include where we reasonably consider it is in our legitimate interests or the legitimate interests of others to comply, as well as where we are legally required to do so; and

(d) to establish, exercise or defend our legal rights – this may include where we reasonably consider it is in our legitimate interests or the legitimate interests of others, as well as where we are legally required to do so.

2.4 Further processing

We will not use your Personal Information in any way that is incompatible with the purposes set out in this section 2. Please contact us using the details in section 12 if you would like further information on the analysis we will undertake to establish if a new use of your Personal Information is compatible with these purposes.

3. Legal basis for the use of your Personal Information

3.1 We consider that the legal basis for using your Personal Information as set out in this Policy are as follows:

(a) our use of your Personal Information is necessary to perform our obligations under any contract with you (for example, to fulfil an order which you place with us); or

(b) our use of your Personal Information is necessary for complying with our legal obligations (for example, if we are asked by regulatory bodies or law enforcement agencies to share the information); or

(c) where neither (a) nor (b) apply, use of your Personal Information is necessary for our legitimate interests or the legitimate interests of others (for example, to ensure the security of our website). Our legitimate interests are to:

(i) run our business;

(ii) operate and ensure the security of our website;

(iv) provide services to our customers and receive payment and provide customer services; and

(v) for internal group administrative purposes.

If we rely on our (or another person's) legitimate interests for using your Personal Information, we will undertake a balancing test to ensure that our (or the other person's) legitimate interests are not outweighed by your interests or fundamental rights and freedoms which require protection of the Personal Information. You can ask us for information on this balancing test by using the contact details in section 12.

3.2 We may use your special categories of data (such as sex life or sexual orientation) where you have provided your consent (which you may withdraw at any time after giving it, as described below).

3.3 We may process your Personal Information in some cases for marketing purposes on the basis of your consent (which you may withdraw at any time after giving it, as described below).

3.4 If we rely on your consent for us to use your Personal Information in a particular way, but you later change your mind, you may withdraw your consent by contacting us at customercare@lovehoney.com.au and we will stop doing so.

4. How will we use your data?

4.1 We may share your Personal Information with our group companies where it is in our legitimate interests to do so for internal administrative purposes (for example, for corporate strategy, compliance, auditing and monitoring, research and development and quality assurance).

4.2 We will share your Personal Information with the following third parties or categories of third parties:

(a) website services providers who help us host and administer our website;

(b) email services providers;

(c) delivery services providers (such as Royal Mail) for the purposes of delivering your orders and sending you tracking notifications about your delivery and returns services providers;

(d) Trustpilot who we work with closely to help provide our independent reviews database;

(e) our other service providers and sub-contractors, including payment processors, suppliers of technical and support services, insurers, logistic providers, and cloud service providers; and

(f) analytics and search engine providers that assist us in the improvement and optimisation of our website.

4.3 Any third parties with whom we share your Personal Information are limited (by law and by contract) in their ability to use your Personal Information for any purpose other than to provide services for us. We will always ensure that any third parties with whom we share your Personal Information are subject to privacy and security obligations consistent with this privacy policy, industry standards and applicable laws.

4.4 We will also disclose your Personal Information to third parties:

(a) where it is in our legitimate interests to do so to run our business:

(i) if we sell or buy any business or assets, we may disclose your Personal Information to the prospective seller or buyer of such business or assets;

(ii) if substantially all of our or any of our affiliates' assets are acquired by a third party, in which case Personal Information held by us will be one of the transferred assets;

(b) if we are under a duty to disclose or share your Personal Information in order to comply with any legal obligation, any lawful request from government or law enforcement officials and as may be required to meet national security or law enforcement requirements or prevent illegal activity;

(c) in order to enforce or apply our terms of use, our terms and conditions for customers or any other agreement or to respond to any claims, to protect our rights or the rights of a third party, to protect the safety of any person or to prevent any illegal activity; or

(d) to protect the rights, property, or safety of Lovehoney, our staff, our customers or other persons. This may include exchanging Personal Information with other organisations for the purposes of fraud protection.

4.5 We may also disclose and use anonymised, aggregated reporting and statistics about users of our website or our goods and services for the purpose of internal reporting or reporting to our group or other third parties, and for our marketing and promotion purposes. None of these anonymised, aggregated reports or statistics will enable our users to be personally identified.

4.6 Save as expressly detailed above, we will never share, sell or rent any of your Personal Information to any third party without notifying you and obtaining your consent. If you have given your consent for us to use your Personal Information in a particular way, but later change your mind, you should contact us and we will stop doing so.

5. How do we store your data?

We keep your Personal Information for no longer than necessary for the purposes for which the Personal Information is collected and where relevant consented to. The length of time for which we retain Personal Information depends on the purposes for which we collect and use it and/or as required to comply with applicable laws and to establish, exercise or defend our legal rights.

Lovehoney UK and EU customer records are stored securely within the EU and only transferred to the UK solely for the purpose of processing customer orders or other customer service requests and in any event only for the necessary period to carry out such customer requests.

6. Your rights

6.1 You have certain rights in relation to your Personal Information. If you would like further information in relation to these or would like to exercise any of them, please contact us via email at gdpr@lovehoneygroup.com at any time.

You have the following rights:

(a) Right of access & to be informed. You have a right of access to any Personal Information we hold about you. You can ask us for a copy of your Personal Information; confirmation as to whether your Personal Information is being used by us; details about how and why it is being used; and details of the safeguards which are in place if we transfer your information outside of the United Kingdom or the European Economic Area ("EEA").

(b) Right to rectification. You have a right to request we update any of your Personal Information which is out of date or incorrect.

(c) Right to erasure. You have a right to ask us to delete any Personal Information which we are holding about you. In certain specific circumstances we may have a legitimate interest to retain some of the Personal Information. You can ask us for further information on these specific circumstances by contacting us using the details in section 12.

(d) Right to restrict processing: You have a right to ask us to restrict the way that we process your Personal Information in certain specific circumstances such as whilst you are requesting access to your Personal Information. You can ask us for further information on these specific circumstances by contacting us using the details in section 12.

(e) Right to object: You have a right to ask us to stop using your Personal Information for certain purposes including direct marketing. If you exercise this right, we will stop using your Personal Information for this purpose. You have a right to ask us to consider any valid objections which you have to our use of your Personal Information where we process your Personal Information on the basis of our or another person's legitimate interest.

(f) Right to data portability: You have a right to ask us to provide your Personal Information to a third party provider of services, under certain conditions.

This right only applies where we use your Personal Information on the basis of your consent or performance of a contract; and where our use of your information is carried out by automated means.

We will pass your request onto other recipients of your Personal Information unless that is impossible or involves disproportionate effort. You can ask us who the recipients are using the contact details in section 12.

6.2 We will consider all such requests and provide our response within a reasonable period (and in any event within 28 days of your request unless we tell you we are entitled to a longer period under applicable law). Please note, however, that certain Personal Information may be exempt from such requests in certain circumstances, for example if we need to keep using the information to comply with our own legal obligations or to establish, exercise or defend legal claims.

6.3 If an exception applies, we will tell you this when responding to your request. We may request you provide us with information necessary to confirm your identity before responding to any request you make. We reserve the right to not carry out any request in the event that we are not reasonably satisfied with the confirmation of your identity.

7. Children

7.1 Lovehoney operates under the 'Age of Consent' law, By placing an order at Lovehoney, you declare that you are of the appropriate legal age to purchase the items. Terms and Conditions can be found here: https://help.lovehoney.com.au/terms.html

7.2 Our websites are not directed at children. We do not knowingly collect Personal Information from children under the age of 16. If you are a parent or guardian and believe your child has provided us with Personal Information, please contact us by using the information in the “Contacting Us” section, below, and we will take steps to delete such Personal Information from our systems.

7.3 Please contact us at customercare@lovehoney.com.au if you are aware that we may have inadvertently collected Personal Information from a child.

8. Marketing

8.1 We may collect and use your Personal Information for undertaking marketing by email, telephone and post where consent has been obtained, you may always opt out at a later date.

8.2 We will always obtain your consent to direct marketing communications where we are required to do so by law and if we intend to disclose your Personal Information to any third party for such marketing.

8.3 You have the right at any time to stop Lovehoney from contacting you for marketing purposes. If you wish to stop receiving marketing communications, you can contact us by email at customercare@lovehoney.com.au.

9. Risks and how we keep your Personal Information secure

9.1 The main risk of us processing your Personal Information is if it is lost, stolen or misused. This could lead to your Personal Information being in the hands of someone else who may use it fraudulently or make public, information that you may wish to keep private.

For this reason, Lovehoney is committed to protecting your Personal Information from loss, theft and misuse. We take all reasonable precautions to safeguard the confidentiality of your Personal Information, including through use of appropriate organisational and technical measures. For example, all information you provide to us is stored on secure servers and any payment transactions will be encrypted using SSL technology.

9.2 In the course of the provision of your Personal Information to us, your Personal Information may be transferred over the internet. Although we make every effort to protect the Personal Information which you provide to us, the transmission of information over the internet is not completely secure. You acknowledge and accept that we cannot guarantee the security of your Personal Information transmitted to our website and that any such transmission is at your own risk. Once we have received your Personal Information, we will use strict procedures and security features to prevent unauthorised access to it.

9.3 Where we have given you (or where you have chosen) a password which enables you to access your online account, you are responsible for keeping this password confidential. We ask that you do not share your password with anyone.

10. Links to other websites

Our website may contain hyperlinks to websites that are not operated by us. These hyperlinks are provided for your reference and convenience only and do not imply any endorsement of the activities of such third-party websites or any association with their operators. This Policy only applies to the Personal Information that we collect or which we receive from third party sources, and we cannot be responsible for Personal Information about you that is collected and stored by third parties. Third party websites have their own terms and conditions and privacy policies, and you should read these carefully before you submit any Personal Information to these websites. We do not endorse or otherwise accept any responsibility or liability for the content of such third party websites or third party terms and conditions or policies.

11. Changes to our Policy

We may update our Policy from time to time. Any changes we make to our Policy in the future will be posted on this page and, where appropriate, notified to you by post or email. Please check back frequently to see any updates or changes to our Policy.

12. Further questions and how you can make a complaint

12.1 If you have any queries or complaints about our collection, use or storage of your Personal Information, or if you wish to exercise any of your rights in relation to your Personal Information, please contact us:

(a) by email: customercare@lovehoney.com.au

(b) by post: 133B Lavarack Avenue, EAGLE FARM QLD 4009; or

(c) by telephone: 07 3053 8518.

Alternatively, you can contact our Data Protection Officer at:

Data Protection Officer

Lovehoney,

100 Locksbrook Road,

Bath,

BA1 3EN.

Email: GDPR@lovehoneygroup.com

We will investigate and attempt to resolve any such complaint or dispute regarding the use or disclosure of your Personal Information.

12.2 If you have a complaint about how we use your Personal Information, we would always prefer you to contact us first. However, you may also make a complaint to the data protection regulator in the country where you usually live or work, or where an alleged infringement of the General Data Protection Regulation has taken place. Alternatively, you may seek a remedy through the courts if you believe your rights have been breached. For the UK, the supervisory authority is the Information Commissioner's Office, details of which can be found here.

The practices described in this Policy statement are current as of 07 August 2018.