Privacy notice - By Appointment App

BY APPOINTMENT ONLY APP – PRIVACY NOTICE

CONSENT TO INSTALLATION OF THE APP

Under data protection laws, we are required to provide you with certain information about who we are, how we process your personal data and for what purposes, and your rights in relation to your personal data. This information is set out below and it is important that you read it.

Our “By Appointment Only” mobile app (App) allows shoppers to book appointments with retail outlets (Stores) by booking time slots to visit individual Stores or joining virtual queues to gain access.

How you can withdraw consent: If you uninstall the App and wish to withdraw consent to our use of your personal data please contact us at support@byappointment.app but that will not affect the lawfulness of any processing carried out before you withdraw your consent.

INTRODUCTION

This Privacy Notice and our App Terms of Use (Terms) apply to your use of:

our App once you have downloaded a copy of the App onto a mobile telephone or handheld device (Device); and
the services accessible through the App (Service).

This Privacy Notice sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Our App is not intended for children and we do not knowingly collect data relating to children. Please read the following carefully to understand our practices regarding your personal data and how we will treat it.

WHO WE ARE

We are By Appointment Only Limited, a company registered in England with company number 12613551, whose registered office is at Unit 12, Talina Centre, 23a Bagleys Lane, London SW6 2BW. We are the data controller and responsible for your personal data.

CONTACTING US

Our contact details are as follows:

Postal address: Unit 12, Talina Centre, 23a Bagleys Lane, London SW6 2BW

Email: info@byappointment.app
Telephone: +44 20 7886 8620

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. This can be done using the live chat function at www.ico.org.uk, by telephoning 0303 123 1113 or by post:

Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.

CHANGES TO THIS PRIVACY NOTICE

We keep this Privacy Notice under regular review. The last version was updated on 23^rd June 2020 and we will notify you of any changes to it by SMS OR by email OR when you next start the App.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during our relationship with you by contacting us by any of the means described above. Our App contains links to and from the websites of the Stores and our other brand partners. Please note that these websites and any services that may be accessible through them have their own privacy policies and that we do not accept any responsibility or liability for these policies or for any personal data that may be collected through these websites or services. Please check these policies before you submit any personal data to these websites or use these services.

THE DATA WE COLLECT ABOUT YOU

We may collect, use, store and transfer different kinds of personal data about you as follows:

Name
Gender
Age range or date of birth.
Photograph
Postcode
Email address.
Mobile number.
Data about your Device (the type of Device you use, a unique device identifier (for example, your Device’s IMEI number), the MAC address of the Device’s wireless network interface, mobile network information, your mobile operating system, the type of mobile browser you use and time zone setting).
Information about your usage of the App and the Service, including the Stores which you are interested in/book appointments to visit.
Location data.
Your marketing preferences (for receiving communications from Stores and our other brand partners).

We also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific feature of the App. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Notice.

We do not collect any Special Categories of Personal Data about you (this includes information about your health, race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

HOW IS YOUR PERSONAL DATA COLLECTED?

We collect personal data when you:

download and register for the App;
book appointments to visit Stores using the App;
correspond with us (for example, by email, telephone or live chat);
report a problem with the App or the Service. If you contact us, we will keep a record of that correspondence; and
provide us with your marketing preferences;

Information we collect about you and your device. Each time you use our App we will automatically collect personal data about your Device and your usage of the App. We collect this data using cookies and other similar technologies. Please see our Cookie Policy for further details.

Location Data. We also use GPS technology to determine your current location. If and when you seek to use the location-based elements of the Service App You can withdraw your consent at any time by turning off the location services settings for the App on your Device.

COOKIES

We use cookies to distinguish you from other users of the App and to remember your preferences. This helps us to provide you with a good experience when you use the App and allows us to improve the Service. For detailed information on the cookies we use, the purposes for which we use them and how you can exercise your choices regarding our use of your cookies, see our Cookie Policy.

HOW WE USE YOUR PERSONAL DATA

We will only use your personal data when the law allows us to do so. Most commonly we will use your personal data in the following circumstances:

Where you have consented before the processing.
Where we need to perform a contract we are about to enter or have entered with you.
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
Where we need to comply with a legal or regulatory obligation (including where we need to establish, pursue or defend legal claims).

We will only send you our direct marketing communications by email or text if we have your consent. You have the right to withdraw that consent at any time by contacting us by contacting us by any of the means described above.

We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.

PURPOSES FOR WHICH WE WILL USE YOUR PERSONAL DATA

Purpose/activity	Type of data	Lawful basis for processing
To install the App and register you as a new App user	Data relating to your identity, contact details and Device	Your consent
To administer the App and our business and services	Data relating to your identity, contact details and Device	Performance of a contract with you Necessary for our legitimate interests (to keep records updated and to analyse how customers use the App and the Service) Necessary to comply with legal obligations (to inform you of any changes to the Terms of Use for the App)
To manage our relationship with you including: notifying you of changes to the App or the Service; responding to your questions or requests for additional information; providing you with information that you have specifically requested or that we have asked if you would like to receive; dealing with enquiries and complaints made by or about you relating to us, the App or the Service	Data relating to your identity, contact details, Device and marketing preferences	Performance of a contract with you Necessary for our legitimate interests (to keep records updated and to analyse how customers use the App and the Service) Necessary to comply with legal obligations (to inform you of any changes to the Terms of Use for the App)
To manage and run competitions, offers and surveys	Data relating to your identity, contact details, Device and marketing preferences	Performance of a contract with you Necessary for our legitimate interests (to analyse how customers use the App and the Service, and to develop them and grow our business)
To conduct internal research and analysis so that we can see how the App and the Service are being used, understand how we can improve them and decide our marketing strategies	Data relating to your identity, contact details, Device, location and marketing preferences	Performance of a contract with you Necessary for our legitimate interests (to analyse how customers use the App and the Service, and to develop them and grow our business)
To administer and protect our business and this App including troubleshooting, data analysis, system testing, verifying compliance with the Terms of Use for the App, monitoring and analysing the use of accounts to prevent, investigate and/or report security incidents or crime	Data relating to your identity, contact details and Device	Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security and prevention of fraud)
To understand your interests and preferences so we can tailor the content, offers and promotions available on the App to better match your interests and preferences	Data relating to your identity, contact details, Device, location and marketing preferences	Consent Necessary for our legitimate interests (to develop our products/Services and grow our business)
To protect the rights, property or safety of us, our customers or others	Data relating to your identity, contact details, Device and location	Necessary to comply with legal obligations

DISCLOSURES OF YOUR PERSONAL DATA

We may share your personal data with the third parties set out below for the following purposes:

Stores and our other partners: The Stores that use our App may access limited personal data about you through their use of the App, for the purpose of administering your appointment or your position in a virtual queue. This data will be limited to your first name, last name, photo (if provided) and the date and time of your appointment with the relevant Store(s).

Separately, we may ask for your consent to disclose your personal data to the Stores, the other brands you express an interest in visiting and the designer outlet centres that host the Stores, so that they may provide you with marketing information about their businesses, offers and promotions in line with the interests you have expressed. It is entirely up to you whether you give this consent – if you do so these third parties will ask you to re-confirm your consent. The third party will not use your personal data for marketing unless you have provided this two-step consent. If you subsequently wish to withdraw your consent please contact the relevant third party directly.

Media agencies and their advertising partners: So that they run targeted marketing campaigns.

Third party service providers: So that they can perform functions on our behalf in relation to the purposes set out in this Policy (for example, website hosting, social media analysis providers, marketing

email service providers, data analysts, website developers, app developers).

Purchaser of our business: Any third party to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Notice.

To government and similar authorities: If we are compelled to do so by government and law enforcement authorities or otherwise as required or permitted by law, including but not limited to in response to court orders and subpoenas. We also disclose user information when we have reason to believe that someone is causing injury to or interference with our rights or property, other users of our site, or anyone else that could be harmed by such activities. Additionally, we cooperate with law enforcement inquiries and other third parties to enforce laws, intellectual property rights and other rights.

To our professional advisors: To enforce or apply the Terms of Use for our App or to protect the rights, property, or safety of our company, our customers or others.

To our hosting providers and IT support companies: our App is hosted in the cloud, currently with Microsoft Azure, who host all user data on servers within the EEA.

We also share information about the users of the App in an anonymous or aggregate form with third parties including advertisers, business partners, and sponsors, to understand customer trends and patterns and manage and improve our business relationships.

INTERNATIONAL TRANSFERS

We do not transfer your personal data outside the European Economic Area (EEA).

DATA SECURITY

Much of the information you provide to us will be transmitted electronically, e.g. information provided via the App or by email. We would remind you that information transmitted via the internet is not completely secure and although we will do our best to protect any information transmitted in this way, we cannot guarantee its complete security.

All information you provide to us is stored on our secure servers. Where we have given you (or where you have chosen) a password that enables you to access the App, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Once we have received your information, we will use strict procedures and security features to try to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way.

In addition, we limit access to your personal data to those staff, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

DATA RETENTION

We will retain the information you give us, the information we collect through your use of your Device and your location data for so long as the App is installed on your Device.

In the event that you do not use the App for a period of 24 months then we will treat the account as expired and your personal data may be deleted.

In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

We retain personal information used to send you direct marketing for as long as we can lawfully market to you. Where we no longer have grounds to market to you (e.g. because you opt-out) or the details we hold are no longer up-to-date (e.g. the email address we hold is invalid) we will delete personal information we hold about you from our marketing database but retain some information on a ‘suppression list’ on an ongoing basis so we can manage your preferences going forward.

YOUR LEGAL RIGHTS

Under certain circumstances you have the following rights under data protection laws in relation to your personal data.

Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.

Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:

if you want us to establish the data’s accuracy;
where our use of the data is unlawful but you do not want us to erase it;
where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.