Website privacy notice

This notice explains how Charles Tyrwhitt Shirts Limited ("We") collects personal data from you, why we collect it, how we process it and where we may disclose it to other entities.

We are committed to complying with the Data Protection Act 1998 and the EU General Data Protection Regulation for the purposes of data protection and privacy.

Your Rights

As from the 25th of May 2018, the EU General Data Protection Regulation replaces the Data Protection Act 1998. This gives you new rights in relation to the privacy of your personal information. As treating customers fairly is part of our culture, we are not going to wait until May to do this and we have provided a brief explanation below of how you can use those rights.

In the case of any request involving one of your rights, we will respond to your request without delay and at most within one month of receipt of your request. We are permitted to extend this time period by up to two months if your request is particularly complex.

The Right to Rectification

You are entitled to have the information that we hold about you rectified if it is inaccurate or incomplete.

If you believe that the information that we hold about you is inaccurate, incomplete or out of date then please let the Data Controller know.

We will also inform any third parties of the rectification in order that they can update their records too.

The Right of Access

Subject Access Requests allow your right to obtain a copy of the information that we hold about you. You have the right to ask us to provide you with this information free of charge. However, should the request be deemed to be manifestly excessive, manifestly unfounded or repetitive, then we are permitted to charge a reasonable fee for providing the information. In such circumstances, and as an alternative, we can refuse to comply with the request. If this is the case then we shall let you know the reasons for us refusing to comply. You have a right to appeal such a decision via the UK Information Commissioner’s Office. For further information visit https://ico.org.uk/

Subject access requests may be sent to the Data Controller.

The Right to Data Portability

You have the right to request the information that we hold on you be supplied to you in a portable format. This allows you to take your information from our IT environment to another organisation's IT environment. The format in which we supply your data will be a structured and machine readable CSV file.

Portable data requests may be sent to the Data Controller.

The Right to Object

You have the right to object to your personal information being processed by us. This means:

• If you object to us processing your data for marketing purposes then let us know and we and our third parties will stop sending you marketing material
• If you object to us processing your data at all (i.e. where you have an account with us) let us know and we will completely remove your personal information from our systems

If you choose the second option and then change your mind at a later date, then you will need to set up a new account to resume shopping with us.

Requests for either of these options may be sent to the Data Controller

Profiling

We use data profiling in order to make the content of our communications to you more interesting and relevant. This means that you will only receive details of our very best offers that have been tailored with you in mind. It also allows us not to waste your time by sending offers that are unlikely to be of interest.

You have the right not to be subject to a decision based solely on automated processing. This includes decisions based on profiling. If you choose to exercise this right, then you will no longer receive offers from us as we base our mailing list on our customers’ purchase history.

If you object to such automated decisions making being made based on your personal data, then please inform the Data Controller and we will ensure that is not done by either us or any organisation that processes your information on our behalf.

Information We May Collect From You

We use the EU General Data Protection Regulation definition of personal data. This is any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

We may collect and process the following data about you:

• Information that you provide by filling in forms on the website at www.charlestyrwhitt.com, information provided via live chat, information provided to our call centres and information provided in our retail stores. This includes information provided at the time of registering to use the website, subscribing to our service, posting material or requesting further services. We may also ask you for information when you report a problem with the website
• If you contact us, we may keep a record of that correspondence
• If you telephone us, we may keep recordings of the call for training, fraud prevention, servicing your account and regulatory consent
• Details of transactions you carry out through the website and of the fulfilment of your orders
• Details of your visits to the website including, but not limited to, traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise and the resources that you access
• We may also receive your information from another organisation that you have consented for them to share your data

Privacy Notice UK Website

We may obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies and other such software on our website contain information that is transferred to your computer's hard drive. They help us to improve the website and to deliver a better and more personalised service. Find out more about our cookies.

This includes, but is not limited to:

• Your IP address
• Your operating system
• Your browser type
• The name of your internet service provider
• The date, time and duration of your visit
• The name and URL of pages you access

The purpose of this is for system administration and to report aggregate information to our advertisers. This contains statistical data about our users' browsing actions and patterns, and does not identify any individual.

The website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

You may refuse to accept cookies by activating the setting on your browser which allows you to refuse the setting of cookies. However, if you select this setting you may be unable to access certain parts of the website. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you access the website.

Use of Our Services by Children

Our website is not intended for the use of children under the age of sixteen. We ask that children do not provide personal information through our website. If we become aware that we have collected personal information from a child under the age of sixteen, then we will delete that information from our records.

Where We Store Your Personal Data

The data that we collect from you may be transferred to, and stored at, a destination outside the European Union ("EU"). It may also be processed by staff operating outside the EU who work for us or for one of our suppliers. Such staff maybe engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with the appropriate EU General Data Protection Regulation Article, including Article 45 - Adequacy Decision, Article 46 - Appropriate Safeguards, Article 47 - Binding Corporate Rules, Article 49 (1) - Specific Situation Exemption or Article 49(2) - Transfer to the Data Subject.

Where we have given you (or where you have chosen) a password which enables you to access certain parts of the website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

We use physical, technological and administrative safeguards to protect your personal information against loss, misuse or alteration. All your personal information is stored securely and may only be accessed by employees with a legitimate business need to access the information. Unfortunately, the transmission of information via the internet is not completely secure and we cannot guarantee the security of your data transmitted to the website. Any transmission is at your own risk.

How We Use Your Information

We use information held about you in the following ways:

• To ensure that content from the website is presented in the most effective manner for you and for your computer
• To carry out our obligations arising from any contracts entered into between you and us
• To allow you to participate in interactive features of our service, when you choose to do so
• To notify you about changes to our service