Privacy Policy

Sweaty Betty Foundation
Privacy Policy

(Fair Processing Notice)

July 2021

Introduction


About Sweaty Betty Foundation and this Privacy Policy

Sweaty Betty Foundation is a charity registered in England and Wales with charity number 1193601 and having its registered office at Sweaty Betty Fulham Green, 69-79 Fulham High Street, London SW6 3JW (referred to in this Policy as “Sweaty Betty Foundation”, “we, “us” and “our”). We are a “data controller” of your information for the purposes of the Data Protection Act 2018 and the EU General Data Protection Regulation (GDPR) (together the Data Protection Laws) (i.e. we are responsible for, and control the processing of, your personal information). We will use your personal data fairly, lawfully and in a transparent manner, and in accordance with the Data Protection Laws.

Controller, Data Subject, Processor and Processing shall have the respective meanings given to them in applicable Data Protection Laws from time to time (and related expressions, including process, processed, and processes shall be construed accordingly) and international organisation shall have the meaning given to it in the GDPR;

This Privacy Policy outlines how Sweaty Betty Foundation will use, store and share your personal data, and supplements any other fair processing or privacy notices provided to you.

This policy applies to any personal data that we collect about you when you:

  • Visit our website www.sweatybetty.foundation.org (our “website”)
  • Contact us, for example by telephone, livechat, email, post or through submitting a form on our website
  • Make a donation through our Just Giving page and Justgiving transfer your data to us in accordance with their own privacy policy
  • Interact with our digital content on your computer or mobile device
  • Sign up to receive email newsletters

Sweaty Betty Foundation takes the privacy and security of your personal data very seriously. We will only use your personal data for any purpose that is necessary to fulfil our commitments to you, comply with regulation or to fulfil an activity that you have consented to participate in. 

At Sweaty Betty Foundation we believe it is important to share with you why we capture some data about you and the circumstances when we might be required to share it with third parties to deliver our services and comply with regulations.

Once we have your data, if at any time you wish to change your communication preferences you can email foundation@sweatybetty.com or privacy@sweatybetty.com. If you require information on any of your rights in regards to the use of your Personal Data please see the section ‘Your Rights’ toward the end of this Policy.

We will at all times seek to comply with the requirements of the Data Protection Laws in respect of all data that we collect from you, including ensuring that your personal information given to us is kept appropriately secure and is processed lawfully



Data Collection and How We Use It

When you interact with our digital content on your computer or mobile device, we will collect certain personal information from you necessary to perform our services. To learn more, please see below what personal information we collect and what we use it for.  


1. Personalised experience

In order to offer you a personalised and relevant experience on our Website. 

We may collect information about your browsing history, including the pages you visit and the content you are looking at. We do this to help us analyse how users use the website (including behaviour patterns), to understand more about our website users and to assist us in improving your online experience. 

You can opt out of a personalised experience at any time by emailing privacy@sweatybetty.com.


2. Information about your device

We may also collect information on how you access our digital content and services and the type of device and internet browser you are using. This includes information relating to your device type, your IP address and your visit source (i.e. a website from which you visited our Website). This information helps us ensure we are able to provide effective technical services to enable you to access the right content from where you are located in a format appropriate to the device you are using and to troubleshoot any issues you may have if you report them to us. 


3. Location information

We use your active location information (i.e. that relating to your mobile phone physical location or the IP address from which you access our Website) to ensure you are directed to the relevant. Website for the country you are residing in to ensure the right information is presented to you. We do not use your location information for any other purposes. 


4. How we will use your personal information

We use your information (i) for research about our ’ supporters’ We use your information (i) for research about our ’ supporters’ behaviour and services generally; (ii) to develop and improve our services; (iii) to administer and improve our website to ensure that content is presented in the most effective manner; (iv) to notify you about changes to our activities; and (v) to provide customer support. By analysing and monitoring your personal data we can enhance the customer experience and be more relevant with our marketing and communication. 

You can opt out at any time and from specific methods of marketing. Please see the ‘How Do I Unsubscribe From Communication?’ section below. Alternatively, you can email privacy@sweatybetty.com.


Legitimate business interests

We use your personal information as set out in this Policy for the legitimate interests of our business to enable us to:

  • Provide you with information about our activities  which may be of interest to you
  • Develop and improve our activities for you and others
  • Understand you better and enhance your experience with Sweaty Betty Foundation
  • Analyse and monitor your personal data so we can be more relevant with our marketing and communication
  • Carry out research to understand our website visitors and other ‘supporters’ behaviour, how they use our website and services so we can develop and improve our products and services for you and others 
  • We are required to carry out a balancing test of our legitimate business interests in using your personal data outlined above against your interests and rights under the Data Protection Laws. As a result of our balancing test, which is detailed below, we have determined, acting reasonably and considering the circumstances, that we are able to process your personal data in accordance with the Data Protection Laws on the basis that we have a legitimate business interest. 

Basis for using your information

Why we use it

Basis for using your information

Legitimate interest

We have a legitimate business interest in processing your information as we wish to:

  • Provide you with information about our products, services, competitions, sales and special offers which may be of interest to you.
  • Develop and improve our products and services for you and others.
  • Understand you better and enhance your experience with Sweaty Betty.
  • Analyse and monitor your personal data so we can be more relevant with our marketing and communication.
  • Carry out research to understand our website visitors and other customers’ behaviour, how they use our website and services so we can develop and improve our products and services for you and others.
  • Record details from calls to our Customer Care Team in order to enable us to provide a better service to our customers and for quality assurance purposes.
  • Record details if you contact us via our Website using our live chat service in order to ensure a high level of customer service in terms of understanding any issues you may have faced with ordering from our Website.
Basis for using your information

Necessity

We consider that it is reasonably necessary for us to process your personal data for the purposes of our legitimate interests outlined above as we process your personal data only so far as is necessary to achieve the purposes outlined above and as explained in this privacy policy.

Basis for using your information

Impact of processing

We consider that it is reasonable for us to process your personal data for the purposes of our legitimate interests outlined above as the processing of your personal data for these purposes does not unreasonably intrude on your privacy.

Consent

We may, on occasion, send you marketing messages by email and post about us, our products, events, promotions and services where you have not unsubscribed and where you have purchased similar goods or services from us or where you have otherwise consented. You can opt out at any time and from specific methods of marketing. Please see the ‘How Do I Unsubscribe From Communication?’ section below. Alternatively, you can email privacy@sweatybetty.com.



California Residents: Your Privacy Rights

NOTICE OF COLLECTION OF PERSONAL INFORMATION AND PRIVACY POLICY UNDER THE CALIFORNIA CONSUMER PRIVACY ACT (CCPA)

This Notice and Privacy Policy applies only to the collection of This Notice and Privacy Policy applies only to the collection of personal information from California residents on and from January 1, 2020. This Notice supplements our privacy notices to provide California residents with information and rights required by the California Consumer Privacy Act (CCPA). 


1. Our Approach to Privacy

This Notice and Privacy Policy describes the categories of personal information we collect, the business purposes for which we collect, use and share your personal information, with whom we share it, and your rights in personal information. We also describe how you can contact us about our privacy practices. 

For purposes of this Notice and Privacy Policy, we refer to personal information according to the following definition given in the CCPA: “personal information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with you or your household. Personal information does not include publicly available information, information that is de-identified or aggregate consumer information, or information or rights that are outside the scope of the CCPA. By accessing our website, purchasing our products, using our services or submitting personal information to us, you consent to the collection, use and sharing of such information as set forth in this Privacy Policy, as it may be updated from time to time. 


2. The Categories of Personal Information We Collect

When you  interact with our digital content on your computer or mobile device, sign up to receive email newsletters call customer care, or send us an inquiry, we will collect certain personal information from you necessary to perform our services. 

We collect the following categories of personal information:

Identifiers: This may include contact information that you directly provide to us in order to communicate with you or fulfil your order such as your name, postal address, phone numbers, social media handle and e-mail address, as well as information we collect indirectly when you visit our websites, such as your IP address, customer number and device identifier.

Customer Information Under California Civil Code §1798.80(e): This information comprises any information that identifies, relates to, describes or is capable of being associated with you in our records. When you register for an account with us we will collect personal information from you, which in addition to contact information, may and your preferences relating to what and how we may communicate with you. We may also obtain personal information about you as a result of authentication or identity checks (for example in connection with our standard fraud checks through our service providers when you make a purchase on our Website). We use your customer information to identify you as a customer, to process your order, to enable us to deliver products and services, to process payments, to update our records, and to generally manage your account with us. If we are not able to obtain this information we may not be able to provide services to you or respond to your queries. 

Commercial Information: This information may include your purchases and transaction history. 

Internet and electronic history: Information regarding your use of our Websites collected through use of cookies and tracking technologies. We collect information on how you access our digital content and services and the type of device and internet browser you are using. Cookies are useful because they allow a website visitor to recognize a user’s device. Cookies do lots of different jobs, like letting you navigate between pages efficiently, remembering your preferences, and generally improve the user experience. They can also help to ensure that the advertising you see online are more relevant to you and your interests. We also permit our advertising partners to use third party cookies on our website so that you can see online advertising tailored to your interests. For additional information about cookies and other technologies which are used on our Website, and how to opt out of cookies, please see our Cookie Policy

In the past twelve (12) months, we have collected the following categories of personal information: Identifiers, Customer Information under section 1798.80(e) of the California Civil Code, Commercial Information and Internet History. 


3. We Collect Your Personal Information To Fulfill Your Orders and For Other Legitimate Business Purposes

We collect and use your personal information for providing you with information you have requested or pursuant to a contract, to market you products, to respond to your inquiries or requests, for security purposes and for other lawful business purposes as specified below. 

Legitimate business interests

  • Provide you with information about our which may be of interest to you
  • Understand you better and enhance your experience with Sweaty Betty Gather research about our ’ supporters’ behavior
  • Analyze and monitor your personal data so we can be more relevant with our marketing and communication
  • Administer and improve our website to ensure that content is presented in the most effective manner
  • Carry out research to understand our website visitors and other customers’ behavior, how they use our website and services so we can develop and improve our products and services for you and others
  • Detect security incidents, and protect against malicious, deceptive, fraudulent, or illegal activity


4. Sharing of Your Personal Information

We do not sell your personal information to third parties.


Service Providers

In certain circumstances we may share your personal information with carefully selected partners or service providers who perform functions on our behalf such as:

  • Data management on our behalf.
  • Website hosting services.
  • Assisting Sweaty Betty Foundation with analyzing our  supporter data in order to better understand, profile and monitor customer patterns so we can consistently improve our products and services and understand what may be of interest to you and other customers. 

In each case, we will only provide these partners or service providers with the information which they need to carry out their services. They will not be permitted to use the information for other purposes and will be bound by the same duty of care as us regarding data privacy. They will only be allowed to use your information in the way in which we instruct them and as permitted by applicable Data Protection Laws. 

We may also share aggregated or anonymised information that does not identify you with partners or service providers.


Financial institutions and payment processing partners

Payments on our Website are made through our payment solutions providers. You will be providing credit or debit card information directly to our providers who process payment details in a secure manner.


Third parties

In certain circumstances we may disclose personal information relating to you to third parties in order to conform to any requirements of law, to comply with any legal process, and/or to protect and defend the rights and property of Sweaty Betty.

In the past twelve (12) months, we have shared the following categories of personal information: Identifiers, Customer Information under section 1798.80(e) of the California Civil Code, Commercial Information and Internet History. 


5. Your Rights in Personal Information

Under the California Consumer Privacy Act, you have the following rights in personal information held by us: 

  • You have the right to request that we disclose the personal information we collect, use, disclose and share. You may request (i) the categories of personal information that we have collected about you; (ii) the categories of sources from which the personal information is collected; (iii) the business or commercial purpose for collecting or sharing personal information; (iv) the categories of third parties with whom we share your personal information; and (v) the specific pieces of personal information that we have collected about you.
  • You have the right to receive your personal information in a portable format that allows you to transmit the information to another entity.
  • You have the right to request deletion of personal information under certain circumstances. For example, we may not be required to delete personal information if we need to retain the information to complete the transaction for which the personal information was collected, perform on a contract with us, or to comply with a legal obligation.
  • You have the right not to receive discriminatory treatment for the exercise of any of these rights. We will not discriminate against you because you have exercised your rights.

You may submit verifiable requests concerning any of your rights by contacting us by telephone or email (See the How to Contact Us section below). We will use reasonable methods for verifying that the person making a request to know, data portability or a request to delete is the individual about whom we have collected personal information. This may involve, depending on the nature of the request, confirming that the email address provided corresponds with our records concerning the individual. Additional reasonable measures may also be required to verify the identity of the person making the request depending on the circumstances. For online requests to delete, you will be required to submit the request to delete, and then separately confirm that you want your personal information deleted. To the extent that you wish to use an authorized agent to make requests concerning the rights set forth above, you will need to provide us either with a power of attorney or, alternatively, with written authorization to communicate with your authorized agent. 

We will (i) confirm receipt of requests to know, data portability or to delete within 10 days of the request; and (ii) generally respond to requests to know, data portability or to delete within 45 days of the request. If we need additional time to respond to your request beyond the 45 days, we will provide you with notice explaining the reasons we need more time, and we will then take up to an additional 45 days to respond to your request.

You can exercise your right and choices either by using the specific links provided in this page (see below) or by contacting us as specified in the section How to Contact Us.

To unsubscribe from communications, please see the information at our web page – “How do I unsubscribe”


6. Third Party Links and Websites

Our Website may from time to time contain links to other websites not controlled by us. You will know when the link is taking you to another website as a new window will pop up. If you click on any of the links to such websites from our Website, you should review that website’s privacy statements or policies and terms and conditions carefully as your use of those websites may be subject to them. 


How to Contact Us

If you wish to exercise any of your rights under the CCPA, or have any questions about the way in which your information is being collected or used which are not answered by this Privacy Policy and/or any complaints please contact us via our website https://www.sweatybetty.com/contact-us  or if you prefer you can email privacy@sweatybetty.com so that we can do our very best to sort out the problem. 


7. Access by Persons with Disabilities

Persons with disabilities who need assistance accessing this policy may contact us as provided for in section 12, and depending on your individual needs, the company will grant reasonable requests to furnish this policy in an alternative format. 


8. Children

We do not knowingly collect personal information from children under the age of 13. If you are under 13, please do not give us any personal information. We do not sell any personal information, including the personal information of minors under 16 years of age. 

This policy was last updated on March 30, 2021. 



How Do I Unsubscribe From Communication? 

You can opt out of marketing communication such as email newsletters from Sweaty Betty Foundation at any time. All you need to do is contact foundation@sweatybetty.com to change your communication preferences.  You can do that either as indicated in the particular communication, e.g. by using the unsubscribe link which is included on all emails. 

If you choose to opt out of marketing emails, this can take up to two weeks for the change to flow through our systems. 

You can opt out of a personalised web experience at any time. Please see ‘Your Rights’ section below. Alternatively, you can email privacy@sweatybetty.com



Your Personal Information and How Long We Keep It 

We will only keep your information as long as you continue to receive newsletters from us or otherwise as required for our business operations records or by law. This information will be kept secure at all times and only used for the legitimate purpose we require it or that you have consented to. After the stated period of time expires, we will anonymise all of your personal data, however some order information will be stored as an unknown customer. 

Where information is entered but not completed, such as in adding items to your shopping basket but not completing checkout, we will delete this data after 30 days for a Guest User and 60 days for an Account Holder. 



Cookies and How We Use Them 

We use cookies, local storage and other similar technologies which may place codes on or access information from and/or about your device to elevate your user experience and the quality of our Website and service. This includes remembering what you have added to your basket, your wish list and what you have browsed. We will also recognise you when you visit our Website and where you have visited from.



Other People Who Might Use Your Information 

In certain circumstances we may share your information with carefully selected partners or service providers who perform functions as a Data Processor on our behalf such as: 

  • Data management on our behalf. 
  • Handling our order dispatch service and other deliveries. 
  • Website hosting services. 
  • Assisting Sweaty Betty Foundation with analysing our  supporter data in order to better understand, profile and monitor customer patterns so we can consistently improve our products and services and understand what may be of interest to you and other customers. 
  • Other support services. 

In each case, we will only provide these partners or service providers with the information which they need to carry out their services. They will not be permitted to use the information for other purposes and will be bound by the same duty of care as us regarding data privacy. They will only be allowed to use your information in the way in which we instruct them and as permitted by the Data Protection Laws. 

We may also share aggregated or anonymised information that does not identify you with partners or service providers. 


Legal disclosures 

In certain circumstances we may disclose personal information relating to you to third parties in order to conform to any requirements of law, to comply with any legal process, for the purposes of obtaining legal advice, for the purposes of credit risk reduction, to prevent and detect fraud and/or to protect and defend the rights and property of Sweaty Betty. 


Business or process change partners 

In the event that we or a part of our business undergo re-organisation or are sold to a third party, any personal information we hold about you may be transferred and/or disclosed to that re-organised entity or third party. 


Overseas transfers of data 

The personal information that you provide through our Website is processed within the European Economic Area (EEA). We may transfer information that we collect from you to our affiliated companies, partners and service providers who assist Sweaty Betty in delivering and promoting its products and services and to selected service providers/Data Processors who perform functions on our behalf, based in countries outside of the EEA or your country of residence and this information may be stored and processed in such countries which may not be countries that the European Commission has deemed to have adequate security in place. We have therefore incorporated the European Commission approved clauses into our agreement with such partners and service providers to ensure the security of your personal data. A copy of the European Commission approved model clauses is available here: http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32010D0087&from=en Whether the personal information you provide to us is processed by us, our affiliated companies, partners or services providers within the EEA or outside of it, we will take steps to ensure that your personal information will be afforded the same level of protection required of us under and in accordance with this Privacy Policy and applicable data protection laws and in accordance with current legally recognised data transfer mechanisms. We transfer such data as we deliver our products globally and work across the world and work with a number of world-wide partners to deliver our products. Additionally, our partners may change over time. We always strive to have appropriate safeguards in place with each of our suppliers. 



Security Statement 

Although we do our best to protect your personal data when we have received it, we cannot guarantee the security of your data whilst being submitted to us and any transmission is at your own risk. We do however use security features to try to prevent unauthorised access wherever possible. Personal information provided to Sweaty Betty Foundation via our Website and online credit card transactions are transmitted through a secure server using Secure Socket Layering (SSL), encryption technology. When the letters “http” in the URL change to “https,” the “s” indicates you are in a secure area employing SSL; also, your browser may give you a pop-up message that you are about to enter a secure area or display a padlock image. 

Our Website uses this encryption technology to protect your information during data transport. SSL encrypts ordering information such as your name, address and credit card number. Our Customer Care team and stores also operate over a private, secure network.  

Sweaty Betty Foundation shall at all times maintain appropriate physical, electronic, managerial and organisational measures to safeguard and secure Personal Data against accidental, unauthorised or unlawful loss, unauthorised modification, disclosure or access that is determined to be appropriate to the risk. All our employees and data processors who have access to, and are associated with the processing of personal information, are required to respect the confidentiality of the personal information of all users of our services. 

Personal Data stored about you is held securely with appropriate measures in place to reduce the risk of a malicious attempt to access or misuse your data. We will delete your data when we have no further legitimate use for it in line with our storage policy and as specified above. 



Your Rights

You have the following rights in respect of the information we hold about you: 

  • The right to request information about and a copy of your information which we hold. If you would like a copy of some or all of it please: |

    a. Email privacy@sweatybetty.com 

    b. Let us know what information you want a copy of, including
    any account or reference numbers you have, if you have them. 

    c. We may ask you for personal information to verify your identity.


  • The right to correct any mistakes in your information (if it is not accurate or not complete). If you would like us to do this please: 

    d. Email privacy@sweatybetty.com 

    e. Let us have enough information to identify you (e.g. account number, user name, registration details); and 

    f. Let us know what information is incorrect and what it should be replaced with 


  • In certain circumstances, the right to delete your information. If you would like us to do this please email privacy@sweatybetty.com
  • In certain circumstances, the right to restrict the processing of your information. If you would like us to do this or would like more information please email privacy@sweatybetty.com
  • In certain circumstances, the right for you to obtain and re-use the information we hold about you with other service providers. If you would like to do this or you would like more information please email privacy@sweatybetty.com
  • Where we are processing your personal data on the basis of our legitimate business interests the right in specific circumstances to object to certain types of processing. If you would like to do this or you would like more information please email privacy@sweatybetty.com
  • The right not to be subject to a decision based solely on automated processing. If you would like to do this or would like more information please email privacy@sweatybetty.com
  • The right to withdraw your consent where we are relying on it to process your personal data. If you would like to do this or would like more information please email privacy@sweatybetty.com

It may take up to 14 days to ensure your request to invoke any of your rights is fully actioned. Sweaty Betty reserves the right where we are entitled to do so to charge a reasonable administration fee to cover the cost of fulfilling a request to exercise any of these rights. Any fee applicable to the performance of an action will be advised to you at the point of making a request. 



Changes To This Privacy Policy 

We may update this Privacy Policy from time to time. The amended Privacy Policy will be posted on our Website. Please check this page regularly for changes to this Privacy Policy. 



Contacting Sweaty Betty 

If you have any questions about the way in which your information is being collected or used which are not answered by this Privacy Policy and/or any complaints please write to us:

Sweaty Betty Foundation at Sweaty Betty Support Office, Fulham Green 69 – 79 Fulham High Street, London SW6 3JW or email foundation@sweatybetty.com

You can also contact the Information Commissioner’s Office at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF www.ico.org.uk

This Policy was last reviewed and updated in March 2021.