Effective Date: 27 July 2023
We take care to protect the privacy of our customers and users of our products that communicate (online or offline) with us, in store, events, over the phone, through our mobile applications, websites and social media platforms.
We have therefore developed this Policy to inform you of the data we collect, what we do with your information, what we do to keep it secure as well as the rights and choices you have over your personal information.
Throughout this document we refer to Data Protection Legislation means the Data Protection Act 2018 (“DPA 2018”), United Kingdom General Data Protection Regulation (“UK GDPR”), the Privacy and Electronic Communications (EC Directive) Regulations 2003 and any legislation implemented in connection with the aforementioned legislation. Where data is processed by a controller or processor established in the European Union or comprises the data of people in the European Union, it also includes the EU General Data Protection Regulation (“EU GDPR”). This includes any replacement legislation coming into effect from time to time.
2. Who we are
TM Lewin Shirtmaker Limited is the data controller for the personal information we process, unless otherwise stated.
We are registered with the Information Commissioner’s Office (the ICO) with registration number ZB331675.
3. How to contact us and our data protection officer and EU representative
You can contact us either by phone, email or post. Our main trading/postal address:
Suite 1, 7th Floor 50 Broadway,
Our Data Protection Officer is:
Leylands Business Park
4. The information we collect
We only collect personal information that we know we will genuinely use and in accordance with the Data Protection Legislation. The type of personal information that we will collect on you, and you voluntarily provide to us on this website may include some or all of the following:
- Your name
- Address (including country)
- Telephone number
- Email address
- Order and purchase information and any specific delivery notes
- Payment details
- Account information when you register an account with us
- When you communicate to us via ticketing request, phone or email, which can include any documents you may include in such communications
- Your marketing and billing preferences
- Sizing, height and other body measurements
- Transcripts through our live chat facility
- Photos or videos
- Traffic data, location data, website statistics and other customary website data
5. Our lawful bases
The lawful basis for processing your data is based on:
- Your specific consent (e.g. for marketing communications which you are free to withdraw your consent at any time)
- Performance of a contract (e.g. for selling and delivering orders and purchases)
- Compliance with a legal or regulatory obligations (e.g. for requirements of the Financial Conduct Authority, Anti Money Laundering Regulations, accounting and taxation purposes and reporting requirements)
- Our legitimate interests (e.g. for marketing communications which you are free to opt out of receiving at any time or to improve our customer service, improve our website and improve our relationships with customers, suppliers and third party vendors)
6. How we use your information
We may process your information on the following lawful bases and for the following purposes (including but not limited to):
- If you have an account with these companies and consent to cookies being placed on your device, your personal data may be shared with them so that they can serve you personalised advertisements when you are using their platforms or apps. Depending on the processing activity Meta or Google will be acting as a data controller and in some circumstances joint controller with us.
Performance of contract:
- To help manage your online account
- To contact you, following your enquiry, reply to any questions, suggestions, issues or complaints you have contacted us about
- Make available our products and services to you
- Process your orders
- Take payment from you or give you a refund
- To power our security measures and services so you can safely access our website and mobile apps
- Help answer your questions and solve any issues you have (please note we may record calls for training and monitoring purposes)
It is in our legitimate interest to keep you updated on our products and services in order to maintain high levels of engagement with you so we can provide you with the best products and develop our brand. We may process your data for the following purposes to do this:
- Personalise your shopping experience, for example we may provide you with details of products that match a product, which you may have purchased or enquired about previously
- Help us understand more about you as a customer, the products and services you consume, so we can serve you better
- Contact you about products and services from us
- Provide you with online advertising and promotions
- Carry out our marketing function
- For any competitions we may carry out
- To carry out any of the above activities in connection with any other brands owned or operated by TM Lewin Shirtmaker Limited and any of their related companies (including parent and subsidiary undertakings of TM Lewin Shirtmaker Limited).
- Fraud protection and detection to protect you from fraudsters and crime
- To comply with applicable data protection and information security laws
7. Who we will share your information with
- In order to fulfil our promised delivery and contract to you, we will need to supply your data to our warehouse and our chosen courier or collection depot for your delivery
- With other departments or other members within the TM Lewin group to help answer any queries or complaints
- Goods and manufacturing partners who may help with product orders
- Other associated discount providers (e.g. Uni Days who operate student discounts)
- If the law or a public authority says we must share the personal data
- If we need to share personal data in order to establish, exercise or defend our legal rights (this includes providing personal data to others for the purposes of preventing fraud and reducing credit risk)
- From time to time, employ the services of other parties for dealing with certain processes necessary for the operation of our website
- We may analyse your personal information to create a profile of your interests and preferences so that we can contact you with information relevant to you.
- We may share this information to other related companies or associates in our group, and to external agencies (including marketing and advertising agencies) connected to our platform.
- We may make use of additional information about you when it is available from external sources (such as Experian or Personicx data) to help us do this effectively. This may include our agencies who help us analyse our trends, purchase patterns and performance.
- We may use the above information, including those provided by external agencies for marketing purposes.
- We use third party payment merchants such as Amazon Pay and PayPal to help with online payments.
- We may share your data with social media and digital platforms such as Meta and Google.
We use data processors who are third parties who provide elements of services for us and we have Data Processor Agreements in place with them. This means that they cannot do anything with your personal information unless we have agreed with them to do so in accordance with the Data Processor Agreement. They will not share your personal information with any organisation apart from us or further sub-processors who must comply with our Data Processor Agreement. They will hold your personal data securely and retain it for the period we instruct in accordance with the terms of the Data Processor Agreement.
8. Marketing and web adverts
We work with carefully selected websites to serve up adverts to personalise your online experience even more.
When you have bought products from us, we will send you marketing emails to promote our products and inform you of any new products or offers. You may opt-out of receiving these emails, either by utilising the account option online or by clicking the unsubscribe link in any email you receive from us. You can also contact us directly as set out above in this Policy.
We may send you mail to promote our products and inform you of any new products or offers. We will do so on the basis of our legitimate interest. You may opt-out of receiving these emails by contacting us directly as set out above in this Policy.
We may call you to promote our products and inform you of any new products or offers. We will do so on the basis of our legitimate interest. You may opt-out of receiving these calls by contacting us directly as set out above in this Policy.
You may be served with web adverts for TM Lewin products and services when using other websites which include social media platforms. We believe that these web adverts may be of interest to you as they relate to products you have viewed whilst browsing on websites via your computer or other devices.
9. Digital, social media platforms and marketing partners.
We may share your personal data mostly in the form of hashed mobile numbers, email addresses and IP addresses with certain social media, digital platforms and marketing partners including but not limited to Meta and Google to allow us to display advertisements of our products/offers to you through their platforms.
If you have an account with these companies and consent to cookies being placed on your device, your personal data may be shared with them so that they can serve you personalised advertisements when you are using their platforms or apps. Depending on the processing activity Meta or Google will be acting as a data controller and in some circumstances joint controller with us.
If you would like further information on how Meta or Google use your personal data, how to exercise your data subject rights and their legal basis for processing, please refer to their privacy notice at
You have the right to opt out of data shares or processing with social media, digital platforms and collaboration partners. To exercise your right to object you can email firstname.lastname@example.org
We like to ensure that your right to object data shares with social media, digital platforms and marketing preferences are at all times taken in consideration and respected. To opt out of personalised web adverts from social media or digital platforms please refer to their privacy notice.
10. Giving your reviews and sharing your thoughts
It is in our legitimate interests to hear our customer reviews on our products and purchases they have made. When you have made a purchase we would like to send to you via email a short survey to give us feedback. These are completely optional and you do not need to complete them if you prefer not to. We utilise a third party company called Yotpo to help carry out these surveys. If you prefer not to receive surveys in the future you can unsubscribe in the opt out links in the survey emails.
11. Your rights over your information
You have a number of rights under the Data Protection Legislation. In order to exercise your rights, please contact us using the information set out above.
11.1.1 The right to be informed about our collection and use of personal data
You have the right to be informed about how we process your personal data. We ensure we do this by providing you with our external privacy notice published on our website. These are regularly reviewed and updated to ensure they are accurate and reflect our data processing activities.
11.1.2 Right to Access Your Personal Information
You have the right to access the personal information that we hold about you in many circumstances, by making a request. This is sometimes termed ‘Subject Access Request’. If we agree that we are obliged to provide personal information to you (or someone else on your behalf), we will provide it to you or them free of charge and aim to do so within 1 month from when your identity has been confirmed.
We may ask for proof of identity and sufficient information about your interactions with us to enable us to locate your personal information.
11.1.3 Right to Correction Your Personal Information
If any of the personal information we hold about you is inaccurate, incomplete or out of date, you may ask us to correct it.
11.1.4 Right to Object
You have the right to object to us processing your personal information for particular purposes. If you object to us processing your personal data for marketing purposes and ask us to stop, we will honour your request.
11.1.5 Right to Restriction
You have the right to ask us to restrict the processing of your personal data in certain circumstances.
11.1.6 Right to Erasure
You have the right to have your personal data erased in certain circumstances.
11.1.7 Right to Portability
The right to portability gives you the right to receive the personal data you have provided to us in a structured, commonly used and machine readable format. It also gives you the right to request that we transmit this data directly to another controller.
11.1.8 Automated decision-making
You have the right not to be subject to decisions made solely by automated processing which result in legal or other similarly significant effects. We do not use such automated decisions.
11.1.9 Right to complain
If you are concerned about the way in which we process your personal data, you have a right to lodge a complaint with the relevant supervisory authority that regulates data protection and privacy matters in your area. However, we hope that you would consider raising any issue or complaint you have with us first. Your satisfaction is extremely important to us, and we will always do our very best to solve any problems you may have.
The Information Commissioner's Office is the supervisory authority in the UK. You can access them here https://ico.org.uk/for-the-public.
If you are based anywhere else within the European Union (or European Economic Area) a list of supervisory authorities can be found here https://edpb.europa.eu/about-edpb/board/members_en.
12. Transfers of personal data outside the UK / EEA
We may transfer data that we collect from you to locations outside of the UK and European Economic Area (EEA) for processing and storing. Also, it may be processed by staff operating outside the EEA who work for us or for one of our suppliers. For example, such staff maybe engaged in the processing and concluding of your order, the processing of your payment details and the provision of support services. Where we transfer your information outside of the UK/EEA we will ensure safeguards are in place to ensure it remains secure and adequately protected. We do this by ensuring that:
- Your personal data will only be transferred to and processed in a country which has adequacy status as determined by the European Commission or UK Government (whichever is applicable); or
- We enter into an International Data Transfer Agreement (“IDTA”) or IDT Addendum or Standard Contractual Clauses (“SCCs”) with the receiving organisation and adopt supplementary measures, where necessary. A copy of the IDTA can be found here international-data-transfer-agreement.pdf (ico.org.uk) A copy of the SCCs can be found here Standard Contractual Clauses (SCCs).
13. How long we keep your information
We retain a record of your personal information in order to provide you with a high quality and consistent service. We will always retain your personal information in accordance with the Data Protection Legislation and all other applicable laws and regulations. As such, we will only retain your data as long as necessary to fulfil the purpose it was collected for. We do hold certain types of personal information for the below period of time – by way of an example:
Purchases – We will maintain order information for 7 years since last purchase or otherwise in accordance with relevant tax and accounting legislation.
Data security is of great importance to TM Lewin Shirtmaker Limited and to protect your data we have put in place appropriate technical and organisational security measures to safeguard and secure your collected data.
We take security measures to protect your information including:
- Implementing access controls to our information technology
- We use appropriate procedures and technical security measures (including strict encryption, anonymisation and archiving techniques) to safeguard your information across all our computer systems, networks, websites, offices and stores
- Advising you never to enter your account number or password into an email or after following a link from an email
All payment details are fully anonymised in our internal systems, and we utilise the Stripe and/or Ingenico payment systems to provide a secure payment portal.
16. Links to other websites
17. What happens if our business changes hands?
18. Changes to our privacy notice
We may change this privacy notice from time to time (for example, if the law changes). We recommend that you check this privacy notice regularly to keep up to date.