This Privacy Notice will provide you with information on the types of personal data which we collect from you and how we use it. We will explain the following:
what personal information we collect about you;when we collect this information;why we collect this information;our lawful basis for collecting this information;who we share this information with;how we store this information;how long we keep this information; andwhat rights you have over this information.
1.1 “Linda Farrow” means Bally Sunglass and Optical Ltd, as well all JKC Retail Ltd, and other JKC associated businesses.
1.2 We only collect, store and process your personal data in accordance with relevant laws and regulation
2 Contact Us
Linda Farrow is the Controller for personal information we process, unless specified otherwise within this document.
You can contact us about your personal data by emailing GDPR@lindafarrow.co.uk
Alternately you can write to us at the following address:
FAO: Data Protection
51 Calthorpe Street
London WC1X 0HH
What we collect
3 What Personal Information do we Collect?
3.1 Information collected from you
We collect personal information from you in the following circumstances:
when you open an online account with us;when you complete a purchase with us;when you contact Customer Service with an enquiry;andwhen you interact with us on social media.
when you purchase something with us;when you provide us with your details so we can answer an enquiry;when you email us;when we are ordering prescription lenses for you;when you are making payments over the phone;when you give us an item to repair; andwhen you attend one of our instore events.
when you meet us at trade shows;when you place an order with us;when you email us with enquiries; andwhen we take payment over the phone.
when you apply for a role with us; andwhen you accept an offer of employment with us.
3.2 Information Collected from Third Parties
We collect your personal information from third parties where you have given permission for us to do so, such as to provide you with additional goods or services.We also collect personal information from third party databases such as Signifyd which provides our online fraud detection service.Where Linda Farrow works with Third Parties who are considered Data Controllers in their own right, we will ask you to consent to your details being shared.Please note that where you have given your consent and your personal information is shared with Third Parties, for the purposes of offering you goods or services, which fall outside the remit of Linda Farrow’s ordinary business, these Third Parties will be considered Data Controllers in their own right, and Linda Farrow cannot be held liable for any data breach which happens subsequently.
Please see Appendix A for full list of Third Party sources from which your personal information is collected.
3.3 New and Existing Customer/Client Personal Data – Purpose and Lawful Basis for Processing Personal Information
Type of Personal InformationPurpose for processing your Personal InformationLawful Basis for Processing your Personal InformationName and contact details (address, telephone number, email address)We use your name and contact details so we can set up your account, draft contracts, process and fulfil your orders, take part-payments and update you on delivery status.We collect this data so we can fulfil our contract with you.To manage any issues during order fulfilmentWe collect this information to fulfil our contract with you.To provide you with additional services such as repairs, tax free shopping, and to be able to offer you refunds and exchanges.We need this information so that we can fulfil our contract with you and also keep records to comply with our legal obligations. Where the information includes special category data, we will rely on your explicit consent to process this for the purposes expressed.To send you information about our business, marketing promotions, offers, competitions, event information by email, phone, post or SMS, for all goods and services offered by us.Where you have not purchased with us previously, we will collect your data with your consent. You will be asked for this when you complete our CRM form. If you have purchased with us in the past we have a legitimate interest in selling our product, however you have the right to opt out at any time.To provide you with e-receipts. We use a third party (TouchRetail) to facilitate this.We require your email address to provide you with a retail receipt. This is done so we can fulfil our contract with you.To prevent fraud.We have a legitimate interest in protecting ourselves against fraud.To validate the email address you provide to us.We have a legitimate interest in protecting ourselves against fraud.To record any incidents/accidents in store.We have a legitimate interest to preserve the health and safety of our team and our customers. We will also keep a record to comply with our legal obligations.To ask you for your feedback on our product or services.It is in our legitimate interest to sell our products and services and your feedback helps us to improve these. Your consent is not required for this type of communication because these do not include any promotional material. You are also free to opt out at any time.To analyse combined customer data (without identifying individuals) to help us improve services and sales.We have a legitimate interest to analyse data to help us improve our business operations.To process and manage your booking/appointment.We have to do this to fulfil our contract with you.In the case of non-payment your information may be shared with our Third Party credit insurer, EULER.We have to do this to fulfil our contract with you.Information on your date of birth and personal preferencesWe process this to help us streamline the communication that we send to you, to ensure that it always remains relevant.We have a legitimate interest to sell our goods and services, and it is in your interest to provide this information to ensure that you only receive relevant information. Any communications sent that are relating to marketing/promotional activities have an opt-out option.Medical information relating to your eyesWe send this information to a third party so that they can fit lenses into the frames you have purchased with us.We do this with your explicit consent. Each order for lenses has to be accompanied by a completed Prescription Data Agreement Form, which has a consent box.Payment informationWe take payment information to fulfil your order.We do this to fulfil our contract with you.To analyse your spend, and payment method.We have a legitimate interest to monitor this type of information as it.Helps us improve our overall store operations and customer experience.Your image on CCTVWe use CCTV in stores for the safety of our clients and our teams, and to deter and identify criminal activityWe have a legitimate interest to protect ourselves from crime.
3.4 Recruitment and Employment –Purpose and Lawful Basis for Processing
Type of Personal InformationPurpose for processing your Personal InformationLawful Basis for Processing your Personal InformationName and contact details (address, telephone number, email address)To establish an employment contract with you.We do this to perform our contract with you.Tax code and national insurance numberTo ensure that your Tax and NI contributions are paidWe have a legal obligation to do this.Your gender, marital status, information of any disability you have or other medical informationWe use this to ensure the efficient administration of contractual benefits to you, as well as to allow us to make reasonable adjustments in relation to disabled employees.We have a legitimate interest to look after the welfare of our employees. We also have a legal obligation to make reasonable adjustments for disabled employees.Bank account detailsWe use your bank details to ensure that we can pay you.We do this so we can perform our contract with you.Name and contact details of your next of kinWe use this to ensure that we can contact someone for you in the case of an emergency.We process this information in your legitimate interest.Your photographWe do this to verify your identity for the purposes of identification as a Linda Farrow employee.We have a legitimate interest to protect the health and safety of our employees.Right to work documentationTo check whether you are legally entitled to work in the UK.We have a legal obligation to do this.Information gathered during the recruitment process, such as that which is included in a CVWe use this to make recruitment decisions in relation to initial and subsequent employment.We have a legitimate interest to ensure that we employ the right people for the role by ensuring that your experience is aligned with the role you are applying for.References from previous employersWe use this to make recruitment decisions.We have a legitimate interest to verify the character of any potential employees.Driving licenceWe use this to make recruitment decisions.We have a legitimate interest to ensure that our employees have the right qualifications for the roles which they apply for.Criminal convictionsWe use this to make recruitment decisions.We will collect this information with your consent. We also exercise our right to collect this information under the Data Protection Act 2018.Job title and job descriptionsTo carry out an employment contract with you.We do this to perform our contract with you.Salary informationTo carry out an employment contract with you.We do this to perform our contract with you.Your wider terms and conditions of employmentTo carry out an employment contract with you.We do this to perform our contract with you.Details of formal and informal proceedings, your annual leave records, appraisal and performance informationTo carry out an employment contract with you and to make decisions on salary and other benefits.We do this to perform our contract with you.Internal and external training modules undertakenTo carry out an employment contract with you and to make decisions on salary and other benefits.We do this to perform our contract with you.Information on time off from work, including sickness, absence, family related leave Etc.To carry out an employment contract with you.We do this to perform our contract with you.CCTV footageWe collect your image on CCTV for the safety of our employees and to deter and identify criminal activityWe have a legitimate interest to protect ourselves from crime.Building access card recordsTo ensure that we know who is entering our buildings and when for the purpose of health and safetyWe have a legitimate interest to protect the health and safety of our employees. Access records help us identify attendance onsite in case of an emergency, as well as help ensure that the business is open andoperating as per usual business hours.IT equipment use including telephones and internet accessTo ensure that IT equipment is being used in compliance with company policyWe have a legitimate interest to protect our assets from data breach, unauthorised downloads, virus, hacking and any other digital crime. We also have a legitimate interest to protect the reputation of the Brand by ensuring that employees do not access malicious or illegal materials.
In some circumstances Linda Farrow may be required to share your personal information with third parties in order to comply with legal obligations.
4 Data Sharing with Third Parties Considered Processors
4.1 During the course of Linda Farrow’s ordinary business operations, we will share your personal data with a number of third parties in order to fulfil the sale of goods or services which we have contracted or agreed to provide.
4.2 We will never share your personal information with third parties for the purposes of direct marketing, unless you have given your consent for us to do so.
4.3 We will share your personal information with the following category of processor:
all companies within the ‘Linda Farrow’ portfolio;logistic companies for the purposes of fulfilling your orders;third party warehouse companies for the purposes of fulfilling your orders;database providers for the purposes of making appointments and securely storing your information;analytic companies for the purposes of providing reports which allow us to further our business;IT support providers indirectly have access to your information through the access to our business network;accountants/ hr support providers for the purposes of processing your payroll information;email management software for the purposes of receiving and sending communications to you;consultants for the purposes of advising on business improvements;website management providers for the purposes of operating our website; and payment providers for the purposes of receiving payment for the goods/services supplied.
4.4 All third party processors are required to comply with the relevant Data Protection Laws and Regulations.
Data Retention & Your Rights
5 Data Retention
5.1 We will retain your information for as long as you remain a customer or employee of Linda Farrow, or for as long as is necessary for us to provide you with relevant goods or services. Generally we will retain your information for six years.
5.2 Where we are required to retain your information for the purposes of meeting our legal or regulatory obligations we may retain your information for longer than our general retention period.
5.3 All personal data retained is subject to periodic review to ensure that your personal information remains up to date and accurate.
5.4 Where your personal data has reached its retention limit, we will take steps to anonymise or delete you from all systems or databases.
6 Your Rights
6.1 Right to be informed – you have a right to be informed of what personal data we collect from you, why we collect it, and how we use it. This Privacy Notice provides you with information relating to the collection and processing of your data.
6.2 Right of access – you have the right to ask for copies of the information we hold on you, however, there may be limits on the amount of information we can share with you depending on whether this would compromise another individual’s personal data.
6.3 Right to rectification – if you have reason to believe that the information we hold on you is incorrect or incomplete, you have the right to request that it be changed or completed. Upon receiving your request, we will initiate an investigation and respond to you with our findings. If we believe that the data is accurate, and we can demonstrate this, then the data will not be changed/completed.
6.4 Right to erasure – in certain circumstances, you have the right to ask for your data to be completely erased from our system.
6.5 Right to restrict processing – in certain circumstances, you have the right to ask us to restrict processing of your data.
6.6 Right to object – you have the right to object to us processing your data where the basis of our processing is our ‘legitimate interest’ or where we are using your information for the purpose of direct marketing. You can remove yourself from direct marketing at any time by clicking the ‘Opt Out’ option at the bottom of any communication from us.
6.7 Right to data portability – where you have provided us with your personal data, you have the right to ask us to transfer this information to another organisation, or directly to yourself.
6.8 The above rights can be requested by completing a ‘Rights Request Form’ found here and emailing it through to GDPR@lindafarrow.co.uk. Alternatively, you can call our Customer Service team on +44 (0) 207 841 8894 and express your wish to exercise a data protection right.
6.9 All requests will be responded to within one month. If we need more time to investigate or to make a decision, we will communicate this within one month, and let you know our reasons why.
6.10 If you feel like we have not handled your personal information correctly, you have the right to make a complaint to your relevant regulatory authority. For the UK, this is the ICO and more information can be found on their website: https://ico.org.uk/
7 Special Categories of Personal Data
7.1 The GDPR gives a higher level of protection to data which it considers to be ‘sensitive’. The following include examples of Special Category Personal Data:
race;ethnic origin;political views;religious views;trade union memberships;genetics;biometrics (where used for ID purposes);health;sex life; orsexual orientation
7.2 Where we process any of your special category personal information, we will do so only after identifying a lawful basis for processing (Article 6), and a further justification for processing (Article 9).
7.3 You can find the types of special category data that we process, and our reasons for doing so in the tables on pages 5-9 of this policy.
9 Transferring Data Outside of the EEA
9.1 In order to provide you with goods and/or services, there may be occasions when we need to transfer your personal information to organisations outside of the EEA.
9.2 Transfers of personal data outside of the EEA will only take place where we can be sure that your privacy and data protection rights can be protected. This will be dictated by European Commission decisions on whether countries have ‘adequate levels of protection.’ In the absence of a European Commission decision, transfers outside of the EEA will only be made where we have a contract in place with the third party, which includes the European Commission’s standard data protection clauses, or where the third party is registered under the EU-US privacy shield.
10.1 We take the security of your personal data seriously and undertake to, as far as is reasonable, to protect the information received from you.
10.2 We undertake to protect the information received from non-authorised access or non-authorised changes, and from the circulation or distribution of data via robust systems and internal process management.
10.3 All personal information provided to us, either directly, or indirectly, is kept on secure servers and within its internal systems. Where personal information is supplied in paper format, this information is input into a centralised system, and the paper format securely destroyed.
11. Breach Management
11.1Linda Farrow is responsible for reporting threatened, suspected or confirmed data breach, as well as assisting in any follow on investigations as and when required.
11. 2 Where a data breach has been identified, Linda Farrow will investigate the breach, and where appropriate will report the breach to the ICO, and or the data subject.
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
Controlling your personal information
You may choose to restrict the collection or use of your personal information in the following ways:
whenever you are asked to fill in a form on the website, look for the box that you can click to indicate that you do not want the information to be used by anybody for direct marketing purposes
if you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by writing to or emailing us at firstname.lastname@example.org
We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so. We may use your personal information to send you promotional information about third parties which we think you may find interesting if you tell us that you wish this to happen.
You may request details of personal information which we hold about you under the Data Protection Act 1998. A small fee will be payable. If you would like a copy of the information held on you please write to .
If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible, at the above address. We will promptly correct any information found to be incorrect.
11 Appendix A: Third Party Sources
The following is a list of Third Parties who may provide us with your personal data.
Third PartyCategories of Personal Data Collected From Third PartyUse of DataGoogle AdwordsCustomer browsing data, order information, cart & wishlist informationMarketingGoogle AnalyicsCustomer browsing data, order information, cart & wishlist informationAnalyticsFacebookCustomer browsing data, cart & wishlist informationMarketing, SocialMailchimpEmail, name, country of residence, opt in dateMarketingHotjarBrowsing dataAnalyticsNostoBrowsing data, cart & wish list informationMarketingZendeskEmailCustomer communicationMagemailCustomer browsing data, order information, cart & wishlist informationMarketingKlevuSearch bar informationAnalyticsStripe PaymentsPurchase history, payment detailsOrder ProcessingSignifydPurchase history, payment details, IP addressFraud PreventionPayPalPurchase history, payment detailsOrder ProcessingTouch RetailPurchase historyAnalyticsConcession Host Stores – Selfridges, KaDeWe Group, La Rinascente
A cookie is a small file which asks permission to be placed on your computer's hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us. You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
The table below lists the cookies we collect and what information they store.