article

CT Shirts Privacy Notice

This notice explains how Charles Tyrwhitt Shirts Limited handles your personal data when you shop with us or use our UK website. It reflects the requirements of the UK GDPR, the Data Protection Act 2018 and related UK privacy legislation. We also comply with the Data Protection and Digital Information Act 2024, which updates parts of the UK data protection framework.

1. Who we are and how to contact us

Charles Tyrwhitt Shirts Limited is the controller responsible for your personal data in the United Kingdom.

Data Protection Officer (DPO)
Email: dpo@ctshirts.co.uk

If we cannot resolve your concern, you have the right to complain to the Information Commissioner’s Office (ICO):
www.ico.org.uk
Telephone: 0303 123 1113

2. The information we collect about you

We collect the information needed to run our business, fulfil your orders and provide a reliable service. "Personal data" means any information that can identify you.

Depending on how you interact with us, we may collect:

  • Identity Data: first name and last name.
  • Contact Data: address, email address, telephone numbers.
  • Financial Data: payment card and transaction details.
  • Technical Data: IP address, browser type and version, time zone setting and location, operating system and other technology used to access our website.
  • Transaction Data: order history, payment records.
  • Profile Data: account credentials, purchases, interests, preferences, feedback, survey responses.
  • Marketing and Communications Data: your marketing preferences and communication settings.
  • Aggregated Data: statistical or demographic data that does not directly identify you.

We do not collect special categories of personal data (for example information about your health, beliefs or ethnicity), nor do we collect criminal conviction data.

Where we need personal data by law or to fulfil a contract with you and you do not provide it, we may not be able to complete your order.

How we collect your data

  • Direct interactions when you create an account, place an order, contact us, or complete forms.
  • Automated interactions through cookies and similar technologies that collect Technical Data as you browse. For more information, see our Cookie Policy.

3. How we use your information and why

We use your data to operate our business, deliver your purchases, provide customer support and improve our website. Under the UK GDPR, we must have a lawful basis for each use of your data. These include performance of a contract, legal obligations and legitimate interests.

Marketing and consent

We send UK customers marketing communications, via email, phone & SMS/text, where we have your consent or where the Privacy and Electronic Communications Regulations (PECR) allow us to rely on the "soft opt-in" (for example, where you previously bought from us and have not opted out).

You can opt out of marketing at any time by using the unsubscribe link in our emails or contacting us.

How we use your personal data

  1. Register you as a new customer
    Data: Identity; Contact
    Basis: Legitimate interests (to manage customer accounts).

  2. Respond to your enquiries
    Data: Identity; Contact; Profile
    Basis: Legitimate interests (to provide information and support).

  3. Process and deliver your order (payments, fulfilment, refunds)
    Data: Identity; Contact; Financial; Transaction; Marketing & Communications
    Basis: Contract performance; Legitimate interests (to recover debts).

  4. Manage our relationship with you
    Data: Identity; Contact; Profile; Marketing & Communications
    Basis: Contract performance; Legal obligation; Legitimate interests (record accuracy, service improvement).

  5. Administer and protect our business and website
    Data: Identity; Contact; Technical
    Basis: Legitimate interests (fraud prevention, system security); Legal obligation.

  6. Use analytics to improve website, products and service
    Data: Technical
    Basis: Legitimate interests (site optimisation and business development).

  7. Product recommendations and personalisation
    Data: Identity; Contact; Profile; Marketing & Communications; Technical
    Basis: Legitimate interests (to develop and promote relevant products).

If we introduce new uses of your personal data, especially profiling or automated decision-making, we will update this notice and obtain consent where required.

4. Who we share your data with

We may share your personal data with:

  • Members of our corporate group.
  • Service providers in the UK or abroad who support IT, payments, customer service and delivery.
  • HM Revenue & Customs and other UK regulators.
  • Professional advisers such as lawyers, insurers and auditors.
  • Third parties involved in business transfers or acquisitions.
  • Third parties where required to comply with a legal obligation or to protect the rights and safety of our customers and business.
  • Trusted retail partners for data pooling or other activities with your prior consent.

We require all third parties to use your data lawfully, securely and only for the purposes we specify.

We partner with Epsilon to provide you with personalised advertising and content. Epsilon may use first- and third-party cookies and other techniques (including cookies and pixels from Epsilon's advertising partners, a current list of which is available here) to recognize your browser and collect information about your web browsing activity when visiting this website. You may read more about Epsilon's use of cookies and other similar technologies by visiting: https://www.epsilon.com/emea/cookie-list. Such cookies and techniques collect personal data (e.g., information about the browser or device you are using, including browser type, browsing activity, cookie ids, IP-addresses and transactions made). We also provide Epsilon with other information about you, such as name, address and email for the same purpose. Please contact us if you no longer want us to share such information. Detailed information about Epsilon's processing can be found in Epsilon's privacy policy. You may visit the European Interactive Digital Advertising Alliance at http://youronlinechoices.eu/ to learn more about personalised interest-based advertising, and to opt-out of receiving the same from their respective members. You can also visit Epsilon's data subject request tool available here.

5. International transfers

Some of our service providers are based outside the UK, so your data may be transferred internationally.

Whenever we transfer your data outside the UK, we ensure appropriate safeguards are in place, such as:

  • Transfers to countries with a UK adequacy regulation.
  • International Data Transfer Agreements (IDTAs) or UK-approved Addendums to the EU Standard Contractual Clauses.
  • Additional technical and organisational measures where required.

You can contact us for details of the safeguards used for particular transfers.

6. Marketing and cookies

Where required by law, we rely on your consent to send marketing communications. Where permitted under PECR, we may send marketing using the soft opt-in. You can object or opt out at any time.

Our Cookie Policy explains how cookies and similar technologies are used on our UK website: https://www.charlestyrwhitt.com/uk/cookie-policy/

7. How we protect your information

We use appropriate security measures to protect your personal data from loss, misuse, unauthorised access, alteration or disclosure. These include access controls, encryption, secure systems and regular staff training.

8. How long we keep your information

We retain customer personal data for 8 years to meet our legal, tax, accounting and reporting obligations and to resolve potential disputes.

When data is no longer required, we delete it or anonymise it.

9. Your rights

Under the UK GDPR you have the right to:

  • Access your personal data.
  • Correct inaccurate or incomplete data.
  • Request deletion of your data in certain circumstances.
  • Object to processing based on legitimate interests.
  • Withdraw consent at any time (where processing relies on consent).
  • Restrict how your data is used.
  • Request data portability.

You also have the right to raise a complaint directly with us if you are concerned about how we have handled your personal data. We have implemented a formal process to receive, review and respond to such complaints. You can submit a data protection complaint by contacting us using the details set out in this policy. We will acknowledge receipt of your complaint within 30 days and investigate and respond without undue delay, keeping you informed of progress and the outcome. While you also have the right to lodge a complaint with the Information Commissioner's Office (ICO), we encourage you to contact us first so that we can try to resolve your concerns.

To exercise your rights, contact us at dpo@ctshirts.co.uk.

10. Changes to this notice

We may update this Privacy Notice from time to time. The latest version will always be available on our website. Where changes are material, we will notify you where appropriate.

11. THIRD-PARTY LINKS

Our website or any of our publications may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.