1. Who are ‘we’?
When we refer to ‘we’ (or ‘our’ or ‘us’), that means Secret Scent Box. We are a monthly fragrance subscription box service that lets you discover new designer perfumes or aftershaves. Each month we send a 30 day supply of three fragrances delivered through our customers letterbox. If you have any questions about this privacy notice, please contact us at Hello@secretscentbox.co.uk
2. Information we collect or receive
When you use the Site, we collect and retain information that you, as a customer or potential customer, provide to us through the Site, as well as information that is automatically or passively collected from you, your device or your browser (the “Information”).
Information that you may provide to us:
- Contact and profile information, including name, email address and postal address (including post code).
- Account information, including your transaction details and successful payments.
- Credit card information, including the name on the card, card type, card number, expiry date and CV2 is collected and processed by our third party payment processor called Stripe. We have access to limited credit card information for our records via our payment partner Moonclerk (e.g. the last four digits for validation purposes) but we do not store or retain complete credit card information.
- Communications to us, for example reporting a problem or submitting queries, concerns or comments regarding the Site, its content or your account.
Information that may be automatically collected
We collect some information about you automatically when you visit our websites or use our services, like your IP address and device type. We also collect information when you navigate through our websites and services, including what pages you looked at and what links you clicked on. This information is useful for us as it helps us get a better understanding of how you’re using our websites and services so that we can continue to provide the best experience possible (e.g., by personalising the content you see).
Some of this information is collected using cookies and similar tracking technologies. If you want to find out more about the types of cookies we use, why, and how you can control them, take a look at our Cookie Notice.
Information we get from third parties
The majority of information we collect, we collect directly from you. Sometimes we might collect personal data about you from other sources, such as publicly available materials or trusted third parties like our marketing and research partners. We use this information to supplement the personal data we already hold about you, in order to better inform, personalise and improve our services, and to validate the personal data you provide.
Where we collect personal data, we’ll only process it:
- to perform a contract with you, or
- where we have legitimate interests to process the personal data and they’re not overridden by your rights, or
- in accordance with a legal obligation, or
- where we have your consent.
3. How we use your information
First and foremost, we use your personal information to operate our websites and provide you with any services you’ve requested, and to manage our relationship with you. We also use your personal information for other purposes, which may include the following:
To communicate with you. This may include:
- providing you with information you’ve requested from us (like how do i cancel my plan) or information we are required to send to you
- operational communications, like changes to our websites and services, security updates, or assistance with using our websites and services
- marketing communications (things like special offers and latest news at Secret Scent Box)
- asking you for feedback or to take part in any research we are conducting (which we may engage a third party to assist with).
To support you: This may include assisting with the resolution of technical support issues or other issues relating to the website or service.
To enhance our websites and services and develop new ones: For example, by tracking and monitoring your use of websites and services so we can keep improving, or by carrying out technical analysis of our websites and services so that we can optimise your user experience and provide you with more efficient tools.
To protect: So that we can detect and prevent any fraudulent or malicious activity, and make sure that everyone is using our websites and services fairly and in accordance with our terms and conditions.
To market to you: In addition to sending you marketing communications, we may also use your personal data to display targeted advertising to you online – through our own websites and services or through third party websites and their platforms.
To analyse, aggregate and report: We may use the personal information we collect about you and other users of our websites and services (whether obtained directly or from third parties) to produce aggregated and anonymised analytics and reports, which we may share publicly or with third parties.
4. How we can share your information
There will be times when we need to share your personal information with third parties. We will only disclose your personal information to:
- third party service providers and partners who assist and enable us to use the personal information to, for example, support delivery of or provide functionality on the website or services, or to market or promote our goods and services to you.
- We have to send the addresses of our customers who purchase a box to our fulfilment centre so they can fulfil each order.
- other people where we have your consent.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know.
When signing up we do not store your address or credit card details, these are stored by our payment partner Stripe via Moonclerk. MoonClerk provides bank level security and full SSL encryption during the entire checkout process. PCI compliance is certified to PCI Service Provider Level, the most stringent level of certification available. All credit card numbers are encrypted. If you'd like to learn more about Stripe's security measures, you can visit their security page.
We strive to protect the Personal Information submitted to us, both during transmission and once we receive it. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. While we take into account the sensitivity of the Personal Information we collect, process and store, and the current state of technology to use these measures protect your Personal Information, we cannot guarantee its absolute security.
6. Information retention
We retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax or accounting requirements).
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
7. Your rights
It’s your personal data and you have certain rights relating to it. When it comes to marketing communications, you can ask us not to send you these at any time – just click the unsubscribe button at the bottom of any of out marketing emails, or send your request to email@example.com
You also have rights to:
- know what personal data we hold about you, and to make sure it’s correct and up to date
- request a copy of your personal data, or ask us to restrict processing your personal data or delete it
- object to our continued processing of your personal data
You can exercise these rights at any time by sending an email to firstname.lastname@example.org
If you’re not happy with how we are processing your personal data, please let us know by sending an email to email@example.com. We will review and investigate your complaint, and try to get back to you within a reasonable time frame.
8. External links
The Site may contain links to external websites. We assume no responsibility for the privacy practices or the content of those websites. Therefore, please read carefully any privacy policies on those websites before either agreeing to their terms or using those websites.
9. How to contact us
If you have any questions about our privacy you can contact our Data Controller by email on firstname.lastname@example.org
10. Changes to our privacy notice
Our privacy notice may change from time to time and all updates will be posted on this page.
Last updated: May 17th, 2018