Privacy & Cookies Policy
By choosing to shop with the Melbury & Appleton you have placed a great deal of trust in us and we promise you that we have always been and will continue to be committed to ensuring that your privacy is protected. You share and let us use personal information to enable you to enjoy a more streamlined and convenient shopping experience on our website.
This Privacy & Cookies Policy explains how we will use the personal information you give us. It explains your data protection rights, including how you can opt-out of some uses of your personal information. We hope the following sections will answer any questions you have but if not, please do get in touch with us.
This Privacy & Cookies Policy applies if you use any of our products and services. This policy also applies if you contact us or we contact you about our services, whether by telephone, email or via third party digital platforms (including websites or social media platforms).
Policy last updated on 24th May 2018.
1. Who We Are and What We Collect
2. How We Use Your Personal Information
3. When We Share Your Personal Information
4. Security, Data Retention and International Data Transfer
5. Your Choices and Rights
6. Cookies and Similar Technologies
7. Updates and How to Contact Us
8. How To Complain
This section details the types of personal data we collect and who we are. We collect information from you when you visit and browse our website, register for our services, make purchases using our services, participate in prize draws and competitions, and when you communicate with us.
At times we also receive information from third parties to help us better understand our customers. However, this Privacy & Cookies Policy does not cover any third-party websites, apps or services you use or access from our website or services.
1.1 Who We Are
When you shop with melburyandappleton.co.uk you submit your personal information to Thomas Peck Ltd. which is known as the data controller, as the melburyandappleton.co.uk website is 100% owned by Thomas Peck Ltd.
We will treat all information submitted by you in accordance with the terms of this Privacy & Cookies Policy (as updated and amended from time to time) and in strict compliance with UK and EU data protection legislation. We respect your privacy and will always work to keep your data safe and private.
1.2 Third-Party Apps, Websites and Services
1.3 What We Collect
The information we gather from customers through our website, products and services, or receive in any other way, helps us to improve the goods and services we offer. This includes tailoring the information we share with you to help to ensure that it's relevant, useful and timely.
We gather that useful information in several key ways:
a) When you place an order with us, we ask for information such as your name, email address, billing and delivery address, telephone number. We require this information to understand your needs and provide you with a better service, in particular for the following reasons:
- To process your order and obtain payment
- To arrange for the delivery of your order
- For internal record keeping that we are required by law to hold
- We may use the information to improve our products and services
- We may periodically send promotional emails about new products, special offers or other information which we think you may find interesting using the email address which you have provided
- From time to time, we may also use your information to contact you for market research purposes. We may contact you by email, phone, or mail. We may use the information to customise the website according to your interests
b) You will be asked for your debit or credit card details in order to process your payment. However this information is not entered into our website and we do not see or store it. Our Payment Service Provider is Sage Pay, the largest independent payment service provider (PSP) in the UK and Ireland. Sage Pay provides a secure payment gateway (Level 1 PCI DSS), processing payments for thousands of online businesses, including ours. It is Sage Pay’s utmost priority to ensure that transaction data is handled in a safe and secure way. Sage Pay uses a range secure methods such as fraud screening, I.P address blocking and 3D secure. Once on the Sage Pay systems, all sensitive data is secured using the same internationally recognised 256-bit encryption standards.
c) We keep a record of electronic communications you receive from us. We also record interactions you have with our electronic communications. For example, whether an email has been opened and if you have clicked on any links within that email.
d) When we contact you or you take part in competitions, surveys or questionnaires about our products and services, we may collect your feedback and contributions. This includes direct messages you may send us through social media channels.
e) We keep a record of your purchases with us (for example, what you bought and when) and how you browse and engage with our website. This helps us to improve your experience, assist you more efficiently if you have any questions or concerns about your order, and promote certain products, services and offers.
f) We will keep a record of any email or “live chat” correspondence you send us. This helps us provide you with better customer service, and to improve the experience of our customers overall. Telephone messages you might leave for us will be stored for monitoring and quality control purposes.
We only ever use personal information as is necessary, to provide you with the services you request and expect, or to prevent the misuse of our services. We also use your personal information for our own legitimate interests. This allows us to improve our products, better understand customer preferences, and to market products or services you may like. With your consent, we may send you certain promotional communications we feel are relevant. We may also use your personal data to comply with law when required. All the information we collect through our website, products, services, and correspondence with you, is used by us to operate and improve the services we offer you. We will only use your personal information for:
2.1 Purposes Necessary To Fulfil A Contract with You.
- To deliver our services, including dealing with orders and accounts for the supply of our goods, products and services and to help you shop with us.
- Enabling third parties to carry out technical, logistical or other functions on our behalf.
- Enabling a debt collection agency to collect payment from you should that be necessary.
- Preventing and detecting fraud or abuses of our website or services.
- Responding to and resolving complaints.
2.2 Our legitimate interests
- To personalise and improve your experience.
- To remember your choices and preferences in order to keep our website running smoothly. e.g. we will remember your order in case your shopping session is interrupted.
- To ask for your feedback on our products, website, and other services and activities which third parties may carry out on our behalf, including the use of surveys.
- To develop new products and services.
- To use the information collected about how people use our services. This is done in conjunction with feedback provided directly to us to troubleshoot and identify trends, usage, activity patterns, and to help us improve the quality of our service. For example, we may analyse customer shopping habits to determine how best to offer relevant product pairing.
- We use personal data (which may be in an anonymised and aggregated format in some instances) to help plan and manage our business activities such as deciding when to promote different products and services or selecting which products to stock.
- To inform you about products and services that may interest you.
- We may use shopping history and preferences to develop and serve you relevant advertising on our website and on third-party platforms (such as Facebook and Google). At the same time, we analyse how customers engage with our marketing and our products so we can understand whether our campaigns are effective.
- To advertise our services on other third-party websites and use personal data to help provide advertising that is most relevant to you. For example, we share information about the customer segments we are interested in reaching with advertising partners (such as Google, Facebook and Bing), so they can focus on showing ads to those who are most likely to be interested in our services.
- To protect our legal rights and business interests.
- To use personal data to protect the rights, property, or safety of Melbury & Appleton and Thomas Peck Ltd, our customers or others. For example, we use your data (such as your name, household information, ip address and details of failed payments and orders placed with us) to assist in monitoring for fraudulent transactions and failed payments.
- We also use personal data in connection with legal claims, compliance, regulatory and audit functions, and disclosures in connection with the acquisition, merger or sale of a business.
2.3 Purposes for which you have provided us with your consent.
- To send you electronic marketing. By electronic marketing we mean marketing by email, telephone, SMS, push notifications and web advertising to inform you about the products and services we offer. This includes events, prize draws, competitions, gifts, vouchers, coupons, surveys, special offers and promotions.
- To show you web advertising. By 'web advertising' we mean digital marketing that we intentionally send or display to you on third-party online platforms or websites. For example, you may see advertising for Melbury & Appleton products and services on other websites you visit, or social media and other platforms you use (eg, Facebook and Google). These have been shown to you because we believed it would be relevant to your interests.
- To use User Generated Content, that is content created by you, and shared publicly (on social media for example) and which may promote or showcase our brand or products.
2.4 Fulfilling our legal obligations.
- To allow us to comply with any requirements imposed on us by law or court order, including disclosure to law or tax enforcement agencies or authorities or pursuant to legal proceedings, including the issuing of product recalls.
- To maintaining records to meet regulatory and tax requirements.
- To collect and recover money that is owed to us.
- To investigate fraudulent activities.
- To help us defend legal claims or to exercise legal rights.
- To contacting customers in connection with product recalls or other similar product quality issues.
- To comply with our legal obligations in connection with the sale of age restricted products.
We only share your personal data as required for the purposes set out in this Privacy & Cookies Policy to third parties who assist us with the provision of our services, to send related promotional communications to you, and to assist us in preventing the fraudulent use of our services.
Protecting information about our customers is very important to us. However, there are circumstances where it is necessary for us to share personal information, for example, to provide our customers with a delivery service. Whenever we use or disclose your information, we put in place measures to keep it secure. We make sure it is protected as far as reasonably possible.
The circumstances where we share some of your information with others are:
We employ other companies or individuals and may work in partnership with selected third parties to perform any of the functions listed above (in "2. How We Use Your Personal Information") on our behalf. We only share information that allows them to provide their services to us or to facilitate them providing their services to you.
- Companies to analyse customer information to help us better understand how you use our services, and to tailor products, services and offers that may be relevant for you.
- Companies who host and run our website
- Companies who provide order management systems for us
- Companies who provide warehousing and order fulfilment services for us
- Companies who provide marketing and advertising assistance (including management of email marketing operations, and services that deploy advertising on the internet or social media platforms, such as Facebook and Google) as well as analysis of the effectiveness of our advertising campaigns.
- Payment card processors to process credit and debit card payments.
- External companies to provide the post or courier delivery services selected by customers.
- Companies who provide accounting services for us
- Companies that help us track and record the way you navigate our website, so that we can understand your online experience and use it to improve our services and offer a personalised experience.
- Companies that help us to run surveys and get your feedback on our products and services.
- Other companies that help us provide our website improving functionality so that we can provide you with a high-quality experience whenever you shop with us.
3.2 Business Transfer
If Melbury & Appleton or Thomas Peck Ltd is ever sold or its assets are purchased by another company it would typically be part of such a transaction for customer information to form part of the business assets being transferred. However, the information will remain subject to the obligations as outlined in this Privacy & Cookies Policy.
3.3 Research Companies
We may share personal details in a secure way to allow research companies and feedback providers to contact you directly on our behalf, in order to capture your opinions on our products and services and our website. We may ask these research companies to analyse the results so that we can better understand your online experience, which will help us to improve our services. We provide them with only the information they need to perform their function. This may take the form of a survey, where you may be asked to review a product or service you've bought.
We release account and other personal information when we believe release is appropriate to comply with the law, to enforce the Terms & Conditions, or to protect the rights, property or safety of the Thomas Peck Ltd, our employees or customers, our business partners or others. For example, we may engage agents including debt collection agencies to assist us to process elements of the orders you place with us, or who assist us in the service we provide to you. In these instances, we provide them with only the information they need to perform their function.
3.5 Fraud Prevention
Where we have reason to suspect fraud or any other criminal offence, we may share your data (such as your name, household information, details of failed payments and your orders placed with us) with crime prevention agencies and certain third parties for the purpose of detecting and preventing crime. Such third parties may include business partners, law enforcement bodies, providers of fraud prevention and detection services, and recipients of fraud prevention and detection services. If we think there is a risk of fraud, we may suspend activity on your account or refuse access to your account and/or cancel an order.
We take the security of your personal information seriously and employ technical and organisational measures to protect the integrity and privacy of your personal information. We only retain your personal information for clearly established periods.
4.1 Our Security
Our website uses Secure Socket Layer (SSL) encryption technology to ensure that your information is protected. Our web pages will start with https and a padlock will be displayed in front of the web page name to show that we always encrypt the information that you send us.
We maintain and enforce physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of your personal information. However, whilst we take appropriate technical and organisational measures to safeguard your personal data, please note that we cannot guarantee the security of any personal data that you transfer over the internet to us.
Our security procedures mean that we may occasionally request proof of identity before we disclose personal information to you, including in relation to a subject access request.
4.2 Payment Security
We are committed to ensuring the protection of your payment card details and are compliant with the Payment Card Industry's Data Security Standard (PCI-DSS). Payments made via our sites are processed and managed by specialist payment card companies which are not part of Thomas Peck Ltd. We can only access the last four digits of your payment card number, the card type and the card expiry date. The full payment card number is never stored on any of our systems and is only stored and processed by our payment card processing provider, Sage Pay.
Sage Pay use 3D Secure to provide additional fraud protection and to protect your payment card from unauthorised use. During the checkout process, you may be asked by 3D Secure to provide your Verified by Visa, Mastercard Secure Code or American Express Safe Key password.
4.3 Personal Security and Identity Fraud
Using public wifi networks can be risky, and hackers may try to capture your online transactions and personal details. You should only connect to networks that you trust. If you use a shared computer, make sure that you log out once you have finished using the website.
Criminals and fraudsters create authentic looking but false or "spoof" websites and send phishing emails to steal confidential information. These emails pretend to be from a legitimate company and try to trick a person into giving away their personal details (such as user names and passwords) so that security details can be updated or passwords changed.
We will never ask you to provide your personal details via email. If you receive an email like this that claims to be from us and contains an embedded link and a request for you to enter any personal details, treat it as suspicious and do not enter any personal information, even if the page appears legitimate. If you suspect that your account details are subject to such fraudulent activities, please let us know directly through our website.
4.4 Data Retention
We retain your personal information for as long as you are a customer and we need it in order to fulfil the purposes described above. After you stop being a customer, we may keep your data for a certain period of time, after which we take steps to delete your personal information or hold it in a form which no longer identifies you (as we may still need to use your data in an anonymised format for research and other business purposes).
We may keep your personal information for a number of reasons after you have stopped being a customer. This includes: to respond to any questions or complaints, for legal, regulatory or technical reasons, for research and analytics, to investigate fraudulent activities, and to show that we treated you fairly.
If you'd like to know more information about how long we keep your personal information, you'll find more details below.
4.5 Keeping your information
We will keep your personal information for as long as you are a customer of Thomas Peck Ltd and for a period of time afterwards if you stop doing so.
Here are our time periods for retaining customer information:
• Customers that have registered but never shopped: we keep your personal information for eight years after the date of first registration.
• Customers that have not shopped for an extended period of time: we keep your personal information for eight years after the date of your last shop.
• Customers who have asked for their accounts to be closed: we keep your personal information for eight years after the date your account was closed.
• Telephone Message: we delete message recordings after eight years unless we need the data to investigate fraud, to respond to questions or complaints or for legal reasons.
• Customer account notes: after eight years we delete notes made unless we need the data to investigate fraud, to respond to questions and complaints, or for legal reasons.
4.6 Sending information outside the European Economic Area
Our operations are based in the UK and the personal data that we collect from you is mainly processed, stored and used within the UK and other countries in the European Economic Area (EEA). However, in order to offer you the best service we can provide, we also work with service providers from other parts of the world. This means that the data we collect sometimes needs to be transferred, stored and used by companies operating outside the European Economic Area who work for us or one of our service providers. We want you to know that we have taken steps to ensure there is an appropriate level of security for the processing carried out in these countries, such that data is protected in the same way as if it was being used within the EEA.
You can find out more about the above data protection safeguards on the European Commission Justice website.
For more information on how we safeguard transfers of your personal information, please contact us at email@example.com
You have certain rights in the information we hold about you, including the right to:
a) Object to our use of your personal information.
b) Request a copy of it, update it or to have it deleted.
These rights may be limited in some circumstances.
5.1 Requesting access to your personal data
You have the right to access a copy of the personal information we hold about you. You have the right to request that this information is provided in a machine readable format in the event that you wish it to be transferred to yourself.
5.2 What if you want us to stop using your personal information?
You can also object to certain processing activities which use your personal information, in particular where the processing is based on our legitimate interests. You can ask us to delete, remove, or stop using your personal information if there is no need for us to keep it. You can also ask us to restrict the use of your personal information in certain circumstances. These rights are known as the right to erasure and the right to restrict processing. We will keep a note of your name if you ask for your personal data to be erased. You will also need to use a different email address if you decide to re-register as a customer with us as your old email address will no longer be valid.
There may be reasons why the above rights may be limited in some circumstances. For example, we can refuse to provide information if fulfilling your request would reveal personal information about another person, if you ask us to delete information which we are required to have by law, have compelling legitimate interests to keep, or need to access in order to exercise our legal obligations. In such situations, we would only use your information for these purposes and not use or share your information in other ways. We will always ensure your privacy is protected and data will always be retained in accordance with the Data retention section of this policy.
You may be unable to continue using our services if you require us to stop using your personal information, since this information is necessary for us to accurately fulfil and provide our services.
5.3 How to withdraw your consent
Where we have asked for your consent, you may withdraw consent at any time, but this will not affect any processing that has already taken place.
You can ask us to stop sending you marketing messages by contacting us at any time or you can opt out of receiving our marketing communications. This is an option when you place an order with us or at any time after that simply by doing one of the following:
a) Clicking on the unsubscribe link contained in marketing emails.
b) Emailing us at firstname.lastname@example.org if you wish to opt out of any electronic marketing.
If you decide to opt out or unsubscribe it could take up to 72 hours to process the update through our systems. We may also ask you to confirm or update your marketing preferences, if there are changes in the law, regulation, or the structure of our business.
5.4 Letting us know if your personal information is incorrect
If the information we hold about you is wrong or incomplete, then let us know what needs updating and we'll correct it. This is your right. Email us at email@example.com
When you use our website we use our own and third-party cookies and similar technologies (such as pixels and tracking URLs) to identify your device. This enables us to personalise and improve your customer experience and, where appropriate, serve you relevant advertisements. All these technologies are together referred to in this policy as “cookies”.
Without certain cookies, it would be very difficult for a website to allow a visitor to fill up a shopping trolley.
Here are the types of cookies we use on our website, and the purposes for which they are used:
- Strictly necessary cookies. These cookies are essential in order to enable you to move around our website and use its features, including accessing secure areas. Without these cookies, any services on our website you wish to access cannot be provided.
- Analytical/performance cookies. These cookies collect information about how you and other visitors use our website. This can be anything like which pages you go to most often, and if you get error messages from web pages. We use data from these cookies to help test designs and to ensure a consistent look and feel is maintained on your visit to our website. We also use third-party web analytics software on our website (such as Google Analytics).
- Functionality cookies. These cookies allow our website to remember choices you make (such as your currency or the region you are in) and provide enhanced, more personal features. These cookies can also be used to remember settings such as changes you have made to text size, fonts and other parts of web pages that you can customise.
- Targeting cookies. These cookies are used to deliver adverts more relevant to you and your interests. They are also used to limit the number of times you see an advertisement, as well as help measure the effectiveness of an advertising campaign. They are usually placed by third parties (such as advertising networks or platforms) with the website operator's permission. They remember that you have visited a website and this information is shared with the advertiser. We have enabled Google Analytics Data Collection for Advertising Features, including Remarketing and Advertising Reporting Features. These features enable us to make use of data from users who have chosen to allow Google to associate their web and app browsing history with their Google account in order to personalise the ads we may show in Google Search and Display Advertising. This helps us provide more relevant messaging to our users. This also provides us with demographic and interest information at an aggregate level that helps us to understand our users better.
- Social media extensions: These technologies allow you to share what you've been doing on our website on social media, such as Facebook and Twitter. For example, by clicking the Facebook ‘Like' icons that may appear on our product pages. Although we enable these tools to be displayed on our website so that you may interact with them, if you choose to do so, they are not within our control. Please refer to the relevant third party privacy policies for how these functionalities work.
6.2 Managing cookies
To find out more about cookies please visit: www.allaboutcookies.org or see www.youronlinechoices.eu which contains further information about behavioural advertising and online privacy.
To opt-out of Google Analytics for Display Advertising and customize Google Display Network ads please go to https://www.google.com/settings/ads or Google Analytics' currently available opt-outs for the web.
If you have any questions about this Privacy & Cookies Policy, would like to make a complaint, or find out how we notify you of any changes to the Privacy & Cookies Policy, further details can be found in this section.
7.1 Updates and Changes to Our Privacy & Cookies Policy
You may change your personal information retained by us at any time. Simply email us at firstname.lastname@example.org
We may change the terms of this Privacy & Cookies Policy from time to time and you should check it regularly. The date on which the Privacy & Cookies Policy was most recently amended will be displayed at the beginning of the policy.
7.2 Contact us
If you have questions about your personal information and our Privacy & Cookies Policy, or wish to exercise any of your rights described in this policy, please email us at: email@example.com
If you are not satisfied with the way we have dealt with your concerns, you have the right to complain to the Information Commissioner's Office. Please go to https://ico.org.uk/concerns/ to find out more or write to:
Information Commissioner's Office
Tel: 0303 123 1113