For the purpose of the Data Protection Act 1998 (the "Act"), the data controller is All Saints Retail Limited of Units C15-C17 Jacks Place, 6 Corbet Place, London, E1 6NN.
We may collect and process the following data about you:
a) Information you give us. You may give us information about you when you use our Services by for example, filling in forms on our Sites or by corresponding with us by phone, e-mail or otherwise. This includes information you provide when you register to use our Sites, search for a product, place an order on our Sites, enter a competition, promotion or survey, and when you report a problem with our Sites. The information you give us may include your name, address, e-mail address and phone number, financial and credit card information, personal description, gender and photograph. If you apply for or inquire about a job opening with us, we may also collect additional information about you, such as your work history and other information in connection with your application.
b) Information we collect about you. With regard to each of your visits to our Sites we may automatically collect the following information:
c) Information we receive from other sources. We are also working closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies) and may receive information about you from them.
We use information held about you in the following ways:
a) Information you give to us. We will use this information:
b) Information we collect about you. We will use this information:
c) Information we receive from other sources. We may combine this information with information you give to us and information we collect about you. We may use this information and the combined information for the purposes set out above (depending on the types of information we receive).
All transactions are secured within the AllSaints app - an SSL encryption system protects your personal and payment data. All payment details are encrypted with our payment provider, plus the option to secure any saved card details using your fingerprint with Apple Touch ID (using iPhone 5s or later) or with facial recognition using Face ID (using iPhone X or later).
When using the card scanning feature, we do not store photos of your card. We simply read the card details required for payment. The image is not saved and is deleted immediately after use.
In addition, we may offer you additional choices with respect to the use of these Web Technologies. Some of our Web Technologies will only be employed on your device on an opt-in basis, i.e. where you actively choose to receive them. For example, when using the App in a store where the service has been rolled out, you will be prompted to confirm whether you agree to your location data being used so we can make you aware of any special in-store items or promotions. You can withdraw consent at any time by turning off the location services sharing settings for the App on your Device, or by deleting the App.
Our policy is to not share the information described above with third parties outside of AllSaints without your prior consent. We may, however, share the information we collect about you in limited circumstances including to:
We may disclose your personal information to third parties:
If you wish to opt out of receiving marketing emails from AllSaints, you can do so by following the instructions in the email or by logging into your online account, going into "My Account Details" and clicking "Unsubscribe" under the heading "My Subscriptions".
Please note that if you decide to opt out it may take a few days to process your opt-out request and that you may continue to receive promotional or marketing materials during this time. Also, please note that opting out of receiving will not preclude us from sending you other types of non-promotional messages, such as emails confirming transactions.
We also provide you with the option to correct and update your account information when you are logged into your account.
We use cyber security best practices to prevent the unauthorised use, access, or disclosure of your personal information. For example, all information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using SSL/TLS technology and card data are processed by PCI compliant payment providers.
While we strive to protect your personal information, no system can ever be 100% secure and we cannot guarantee the absolute security of your personal information; any transmission is at your own risk. You can help protect your online personal data by following these safety tips:
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Sites, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Our Services are not directed to children under the age of 13 and we do not knowingly collect personal information from children. If you are under the age of 13, please stop using our Services. It is our policy not to knowingly solicit or permit children under the age of 13 to provide their personal information for any purpose.
If you would like to see a copy of the personal data that we hold on you then please write to:
AllSaints Retail Ltd
Units C15 - C17 Jack's Place,
6 Corbet Place,
For the attention of the Data Protection Manager. We reserve the right to charge a small fee to cover our administration costs where we are legally entitled to do so.
California law permits our users who are California residents to request and obtain from us once a year, free of charge, information about the personally identifiable information (if any) we disclosed to third parties for direct marketing purposes in the preceding calendar year. At this time, AllSaints does not share personal information with third parties for their own direct marketing purposes.
In addition, under California law, website operators are required to disclose how they respond to web browser "do not track" signals or other similar mechanisms that provide consumers the ability to exercise choice regarding the collection of personal information of a consumer over time and across third party websites, to the extent the operator engages in that collection. At this time, we do not track our customers' personal information over time and across third-party websites. This law also requires website operators to disclose whether third parties may collect personally identifiable information about their users' online activities over time and across different Sites when the users use the operator's website. AllSaints does not knowingly permit third parties to collect personally identifiable information about an individual consumer's online activities over time and across different web sites when a consumer uses our Services.