Privacy Policy
Updated:
Introduction
We take care to protect the privacy of our customers and users of our products that communicate (online or offline) with us, in store, events, over the phone, through our mobile applications, websites and social media platforms.
We have therefore developed this Policy to inform you of the data we collect, what we do with your information, what we do to keep it secure as well as the rights and choices you have over your personal information.
Throughout this document we refer to Data Protection Legislation means the Data Protection Act 2018 (“DPA 2018”), United Kingdom General Data Protection Regulation (“UK GDPR”), the Privacy and Electronic Communications (EC Directive) Regulations 2003 and any legislation implemented in connection with the aforementioned legislation. Where data is processed by a controller or processor established in the European Union or comprises the data of people in the European Union, it also includes the EU General Data Protection Regulation (“EU GDPR”), The Privacy Act 1988, California Consumer Privacy Act (“CCPA”). This includes any replacement legislation coming into effect from time to time.
As we operate on a global scale, in addition to the above legislation, other data protection legislation may be relevant to our data processing activities and therefore, we will process your personal data in accordance with applicable legislation.
Who we are
TM Lewin Shirtmaker Limited (referred to as “T.M. Lewin”, “we, “our” or “us”), is committed to protecting the privacy and security of your personal information. We are incorporated in England & Wales with registered office Suite 1, 3rd Floor 11 - 12 St James's Square, London, United Kingdom, SW1Y 4LB (company number: 14029791). The terms of this privacy policy (“Policy”) also cover data collected by other related companies to TM Lewin Shirtmaker Limited (including parent and subsidiary undertakings) and any data previously collected by T.M. Lewin & Sons Limited or Trendbold Limited.
TM Lewin Shirtmaker Limited is the data controller for the personal information we process, unless otherwise stated.
We are registered with the Information Commissioner’s Office (the ICO) with registration number ZB331675.
How to contact us
You can contact us either by phone, email or post.
Our main trading/postal address:
Suite 1, 3rd Floor 11 - 12 St James's Square,
London,
United Kingdom,
SW1Y 4LB
Email: customer.services@tmlewin.co.uk
How to contact our data protection officer and EU representative
Our Data Protection Officer is:
Evalian Limited
West Lodge
Leylands Business Park
Winchester
Hampshire
SO21 1TH
Email: DPO@tmlewin.co.uk
Website: https://evalian.co.uk/
EU Representatives:
Email: euDPO@tmlewin.co.uk
The information we collect
We only collect personal information that we know we will genuinely use and in accordance with the Data Protection Legislation. The type of personal information that we will collect on you, and you voluntarily provide to us on this website may include some or all of the following:
- Your name
- Address (including country)
- Telephone number
- Email address
- Order and purchase information and any specific delivery notes
- Payment details
- Account information when you register an account with us
- When you communicate to us via ticketing request, phone or email, which can include any documents you may include in such communications
- Your marketing and billing preferences
- Gender
- Sizing, height and other body measurements
- Transcripts through our live chat facility
- Photos or videos
- Traffic data, location data, website statistics and other customary website data
Our lawful bases
The lawful basis for processing your data is based on:
- Your specific consent (e.g. for marketing communications which you are free to withdraw your consent at any time)
- Performance of a contract (e.g. for selling and delivering orders and purchases)
- Compliance with a legal or regulatory obligations (e.g. for requirements of the Financial Conduct Authority, Anti Money Laundering Regulations, accounting and taxation purposes and reporting requirements)
- Our legitimate interests (e.g. for marketing communications which you are free to opt out of receiving at any time or to improve our customer service, improve our website and improve our relationships with customers, suppliers and third party vendors)
How we use your information
We may process your information on the following lawful bases and for the following purposes (including but not limited to):
- If you have an account with these companies and consent to cookies being placed on your device, your personal data may be shared with them so that they can serve you personalised advertisements when you are using their platforms or apps. Depending on the processing activity Meta or Google will be acting as a data controller and in some circumstances joint controller with us.
Performance of contract
- To help manage your online account
- To contact you, following your enquiry, reply to any questions, suggestions, issues or complaints you have contacted us about
- Make available our products and services to you
- Process your orders
- Take payment from you or give you a refund
- To power our security measures and services so you can safely access our website and mobile apps
- Help answer your questions and solve any issues you have (please note we may record calls for training and monitoring purposes)
Consent
- Contact you about products and services from us
Legitimate interests
It is in our legitimate interest to keep you updated on our products and services in order to maintain high levels of engagement with you so we can provide you with the best products and develop our brand. We may process your data for the following purposes to do this:
- Personalise your shopping experience, for example we may provide you with details of products that match a product, which you may have purchased or enquired about previously
- Help us understand more about you as a customer, the products and services you consume, so we can serve you better
- Provide you with online advertising and promotions
- Carry out our marketing function
- For any competitions we may carry out
- To carry out any of the above activities in connection with any other brands owned or operated by TM Lewin Shirtmaker Limited and any of their related companies (including parent and subsidiary undertakings of TM Lewin Shirtmaker Limited).
Legal obligation
- Fraud protection and detection to protect you from fraudsters and crime
- To comply with applicable data protection and information security laws
Who we will share your information with
- In order to fulfil our promised delivery and contract to you, we will need to supply your data to our warehouse and our chosen courier or collection depot for your delivery
- With other departments or other members within the TM Lewin group to help answer any queries or complaints
- Goods and manufacturing partners who may help with product orders
- Other associated discount providers (e.g. Uni Days who operate student discounts)
- If the law or a public authority says we must share the personal data
- If we need to share personal data in order to establish, exercise or defend our legal rights (this includes providing personal data to others for the purposes of preventing fraud and reducing credit risk)
- From time to time, employ the services of other parties for dealing with certain processes necessary for the operation of our website
- We may analyse your personal information to create a profile of your interests and preferences so that we can contact you with information relevant to you.
- We may share this information to other related companies or associates in our group, and to external agencies (including marketing and advertising agencies) connected to our platform.
- We may make use of additional information about you when it is available from external sources (such as Experian or Personicx data) to help us do this effectively. This may include our agencies who help us analyse our trends, purchase patterns and performance.
- We may use the above information, including those provided by external agencies for marketing purposes.
- We use third party payment merchants such as Amazon Pay and PayPal to help with online payments.
- We may share your data with social media and digital platforms such as Meta and Google.
We use data processors who are third parties who provide elements of services for us and we have Data Processor Agreements in place with them. This means that they cannot do anything with your personal information unless we have agreed with them to do so in accordance with the Data Processor Agreement. They will not share your personal information with any organisation apart from us or further sub-processors who must comply with our Data Processor Agreement. They will hold your personal data securely and retain it for the period we instruct in accordance with the terms of the Data Processor Agreement.
Marketing and web adverts
We work with carefully selected websites to serve up adverts to personalise your online experience even more.
Email marketing
When you have provided your consent to receive marketing emails from us, we will send you marketing emails to promote our products and inform you of any new products or offers. You may opt-out of receiving these emails, either by utilising the account option online or by clicking the unsubscribe link in any email you receive from us. You can also contact us directly as set out above in this Policy.
Postal marketing
We may send you mail to promote our products and inform you of any new products or offers. We will do so on the basis of our legitimate interest. You may opt-out of receiving these emails by contacting us directly as set out above in this Policy.
Telemarketing
We may call you to promote our products and inform you of any new products or offers. We will do so on the basis of our legitimate interest. You may opt-out of receiving these calls by contacting us directly as set out above in this Policy.
Web adverts
You may be served with web adverts for TM Lewin products and services when using other websites which include social media platforms. We believe that these web adverts may be of interest to you as they relate to products you have viewed whilst browsing on websites via your computer or other devices.
We provide these advertisements via digital marketing partners using cookies and similar technologies which are placed on your computer or other devices (please refer to our cookie policy for more information). If you do not wish for cookies to be placed on your computer, these can be removed at any time and is explained further in our cookies policy.
Digital, social media platforms and marketing partners.
We may share your personal data mostly in the form of hashed mobile numbers, email addresses and IP addresses with certain social media, digital platforms and marketing partners including but not limited to Meta and Google to allow us to display advertisements of our products/offers to you through their platforms.
If you have an account with these companies and consent to cookies being placed on your device, your personal data may be shared with them so that they can serve you personalised advertisements when you are using their platforms or apps. Depending on the processing activity Meta or Google will be acting as a data controller and in some circumstances joint controller with us.
If you would like further information on how Meta or Google use your personal data, how to exercise your data subject rights and their legal basis for processing, please refer to their privacy notice at
Meta: https://www.facebook.com/about/privacy
Google: https://policies.google.com/privacy
Opting out
You have the right to opt out of data shares or processing with social media, digital platforms and collaboration partners. To exercise your right to object you can email customer.services@tmlewin.co.uk
We like to ensure that your right to object data shares with social media, digital platforms and marketing preferences are at all times taken in consideration and respected. To opt out of personalised web adverts from social media or digital platforms please refer to their privacy notice.
Giving your reviews and sharing your thoughts
It is in our legitimate interests to hear our customer reviews on our products and purchases they have made. When you have made a purchase we would like to send to you via email a short survey to give us feedback. These are completely optional and you do not need to complete them if you prefer not to. We utilise a third party company called Yotpo to help carry out these surveys. If you prefer not to receive surveys in the future you can unsubscribe in the opt out links in the survey emails.
Your rights over your information
You have a number of rights in respect of your personal data. The specific rights available to you depend on your country of residence. If you are in the European Economic Area or UK, please refer to Section 13 of this Privacy Policy. If you are a resident of California, please refer to Section 15 of this Policy.
If you live in Australia, you have the right to request access to or correction of the personal data we hold about you and the right to stop receiving unwanted direct marketing. You can also make a complaint about us to the Office of the Australian Information Commissioner if you think we have mishandled your personal data.
You can exercise your rights or complain to us about how we use your personal data by contacting us using the information set out above.
UK/EU GDPR Specific Processing
The right to be informed about our collection and use of personal data
You have the right to be informed about how we process your personal data. We ensure we do this by providing you with our external privacy notice published on our website. These are regularly reviewed and updated to ensure they are accurate and reflect our data processing activities.
Right to Access Your Personal Information
You have the right to access the personal information that we hold about you in many circumstances, by making a request. This is sometimes termed ‘Subject Access Request’. If we agree that we are obliged to provide personal information to you (or someone else on your behalf), we will provide it to you or them free of charge and aim to do so within 1 month from when your identity has been confirmed.
We may ask for proof of identity and sufficient information about your interactions with us to enable us to locate your personal information.
Right to Correction Your Personal Information
If any of the personal information we hold about you is inaccurate, incomplete or out of date, you may ask us to correct it.
Right to Object
You have the right to object to us processing your personal information for particular purposes. If you object to us processing your personal data for marketing purposes and ask us to stop, we will honour your request.
Right to Restriction
You have the right to ask us to restrict the processing of your personal data in certain circumstances.
Right to Erasure
You have the right to have your personal data erased in certain circumstances.
Right to Portability
The right to portability gives you the right to receive the personal data you have provided to us in a structured, commonly used and machine readable format. It also gives you the right to request that we transmit this data directly to another controller.
Automated decision-making
You have the right not to be subject to decisions made solely by automated processing which result in legal or other similarly significant effects. We do not use such automated decisions.
Right to complain
If you are concerned about the way in which we process your personal data, you have a right to lodge a complaint with the relevant supervisory authority that regulates data protection and privacy matters in your area. However, we hope that you would consider raising any issue or complaint you have with us first. Your satisfaction is extremely important to us, and we will always do our very best to solve any problems you may have.
The Information Commissioner's Office is the supervisory authority in the UK. You can access them here https://ico.org.uk/for-the-public.
If you are based anywhere else within the European Union (or European Economic Area) a list of supervisory authorities can be found here https://edpb.europa.eu/about-edpb/board/members_en.
Transfers of personal data outside the UK / EEA
We may transfer data that we collect from you to locations outside of the UK and European Economic Area (EEA) for processing and storing. Also, it may be processed by staff operating outside the EEA who work for us or for one of our suppliers. For example, such staff maybe engaged in the processing and concluding of your order, the processing of your payment details and the provision of support services. Where we transfer your information outside of the UK/EEA we will ensure safeguards are in place to ensure it remains secure and adequately protected. We do this by ensuring that:
- Your personal data will only be transferred to and processed in a country which has adequacy status as determined by the European Commission or UK Government (whichever is applicable); or
- We enter into an International Data Transfer Agreement (“IDTA”) or IDT Addendum or Standard Contractual Clauses (“SCCs”) with the receiving organisation and adopt supplementary measures, where necessary. A copy of the IDTA can be found here international-data-transfer-agreement.pdf (ico.org.uk) A copy of the SCCs can be found here Standard Contractual Clauses (SCCs).
Californian Specific Processing
If you are a resident of California, this Privacy Policy applies as follows:
- TM Lewin does not sell your personal data within the meaning of the CCPA.
- You have the following rights in respect of your Personal Data to the extent required by the CCPA:
- You have the right to disclosure of specific information to you about the collection and use of your personal data over the last 12 months.
- You have the right to request that your personal data is deleted, subject to certain exceptions.
- You have the right not to be discriminated against for exercising your rights under the CCPA.
- To exercise your rights in respect of your personal data you can contact us using the contact details above.
- The Service does not respond to‘Do Not Track’
- California Business and Professions Code Section 22581 allows California residents under the age of 18 who are registered users of online sites, services or applications to request and obtain removal of content or information they have publicly posted. If this applies to you, please contact us using the contact details above. We will action your request to the extent required by law.
- California Civil Code Section 1798.83 (California's ‘Shine the Light’ law) enables California residents with an established business relationship with us to request information once a year about the sharing of their personal data with third parties for direct marketing purposes. If this applies to you, please contact us using the details provided above.
How long we keep your information
We retain a record of your personal information in order to provide you with a high quality and consistent service. We will always retain your personal information in accordance with the Data Protection Legislation and all other applicable laws and regulations. As such, we will only retain your data as long as necessary to fulfil the purpose it was collected for. We do hold certain types of personal information for the below period of time – by way of an example:
Purchases – We will maintain order information for 7 years since last purchase or otherwise in accordance with relevant tax and accounting legislation.
Cookies
Our website uses cookies. Please refer to our separate cookies policy to understand how we use cookies and how you can change your consent and preferences
Security
Data security is of great importance to TM Lewin Shirtmaker Limited and to protect your data we have put in place appropriate technical and organisational security measures to safeguard and secure your collected data.
We take security measures to protect your information including:
- Implementing access controls to our information technology
- We use appropriate procedures and technical security measures (including strict encryption, anonymisation and archiving techniques) to safeguard your information across all our computer systems, networks, websites, offices and stores
- Advising you never to enter your account number or password into an email or after following a link from an email
All payment details are fully anonymised in our internal systems, and we utilise the Stripe and/or Ingenico payment systems to provide a secure payment portal.16. Links to other websites
Our website may contain links to other third-party websites and are not affiliated with us. These websites may have their own privacy policy available. We are not responsible for any content of these websites.
What happens if our business changes hands?
We may, from time to time, expand or reduce our business and this may involve the sale and/or the transfer of control of all or part of our business. Any personal data that you have provided will, where it is relevant to any part of our business that is being transferred, be transferred along with that part and the new owner or newly controlling party will, under the terms of this Privacy Policy, be permitted to use that data only for the purposes for which it was originally collected by us.
Changes to our privacy notice
We may change this privacy notice from time to time (for example, if the law changes). We recommend that you check this privacy notice regularly to keep up to date.