Sweaty Betty Foundation
(Fair Processing Notice)
Sweaty Betty Foundation is a charity registered in England and Wales with charity number 1193601 and having its registered office at Sweaty Betty Fulham Green, 69-79 Fulham High Street, London SW6 3JW (referred to in this Policy as “Sweaty Betty Foundation”, “we, “us” and “our”). We are a “data controller” of your information for the purposes of the Data Protection Act 2018 and the EU General Data Protection Regulation (GDPR) (together the Data Protection Laws) (i.e. we are responsible for, and control the processing of, your personal information). We will use your personal data fairly, lawfully and in a transparent manner, and in accordance with the Data Protection Laws.
Controller, Data Subject, Processor and Processing shall have the respective meanings given to them in applicable Data Protection Laws from time to time (and related expressions, including process, processed, and processes shall be construed accordingly) and international organisation shall have the meaning given to it in the GDPR;
This policy applies to any personal data that we collect about you when you:
- Visit our website www.sweatybetty.foundation.org (our “website”)
- Contact us, for example by telephone, livechat, email, post or through submitting a form on our website
- Interact with our digital content on your computer or mobile device
- Sign up to receive email newsletters
Sweaty Betty Foundation takes the privacy and security of your personal data very seriously. We will only use your personal data for any purpose that is necessary to fulfil our commitments to you, comply with regulation or to fulfil an activity that you have consented to participate in.
At Sweaty Betty Foundation we believe it is important to share with you why we capture some data about you and the circumstances when we might be required to share it with third parties to deliver our services and comply with regulations.
Once we have your data, if at any time you wish to change your communication preferences you can email email@example.com or firstname.lastname@example.org. If you require information on any of your rights in regards to the use of your Personal Data please see the section ‘Your Rights’ toward the end of this Policy.
We will at all times seek to comply with the requirements of the Data Protection Laws in respect of all data that we collect from you, including ensuring that your personal information given to us is kept appropriately secure and is processed lawfully
Data Collection and How We Use It
When you interact with our digital content on your computer or mobile device, we will collect certain personal information from you necessary to perform our services. To learn more, please see below what personal information we collect and what we use it for.
1. Personalised experience
In order to offer you a personalised and relevant experience on our Website.
We may collect information about your browsing history, including the pages you visit and the content you are looking at. We do this to help us analyse how users use the website (including behaviour patterns), to understand more about our website users and to assist us in improving your online experience.
You can opt out of a personalised experience at any time by emailing email@example.com.
2. Information about your device
We may also collect information on how you access our digital content and services and the type of device and internet browser you are using. This includes information relating to your device type, your IP address and your visit source (i.e. a website from which you visited our Website). This information helps us ensure we are able to provide effective technical services to enable you to access the right content from where you are located in a format appropriate to the device you are using and to troubleshoot any issues you may have if you report them to us.
3. Location information
We use your active location information (i.e. that relating to your mobile phone physical location or the IP address from which you access our Website) to ensure you are directed to the relevant. Website for the country you are residing in to ensure the right
information is presented to you. We do not use your location information for any other purposes.
4. How we will use your personal information
We use your information (i) for research about our ’ supporters’ We use your information (i) for research about our
’ supporters’ behaviour and services generally; (ii) to develop and improve our services; (iii) to administer and improve our website to ensure that content is presented in the most effective manner; (iv) to notify you about changes to our activities; and (v) to provide customer support. By analysing and monitoring your personal data we can enhance the customer experience and be more relevant with our marketing and communication.
You can opt out at any time and from specific methods of marketing. Please see the ‘How Do I Unsubscribe From Communication?’ section below. Alternatively, you can email firstname.lastname@example.org.
Legitimate business interests
We use your personal information as set out in this Policy for the legitimate interests of our business to enable us to:
- Provide you with information about our activities which may be of interest to you
- Develop and improve our activities for you and others
- Understand you better and enhance your experience with Sweaty Betty Foundation
- Analyse and monitor your personal data so we can be more relevant with our marketing and communication
- Carry out research to understand our website visitors and other ‘supporters’ behaviour, how they use our website and services so we can develop and improve our products and services for you and others
- We are required to carry out a balancing test of our legitimate business interests in using your personal data outlined above against your interests and rights under the Data Protection Laws. As a result of our balancing test, which is detailed below, we have determined, acting reasonably and considering the circumstances, that we are able to process your personal data in accordance with the Data Protection Laws on the basis that we have a legitimate business interest.
Basis for using your information
Why we use it
We have a legitimate business interest in processing your information as we wish to:
- Provide you with information about our products, services, competitions, sales and special offers which may be of interest to you.
- Develop and improve our products and services for you and others.
- Understand you better and enhance your experience with Sweaty Betty.
- Analyse and monitor your personal data so we can be more relevant with our marketing and communication.
- Carry out research to understand our website visitors and other customers’ behaviour, how they use our website and services so we can develop and improve our products and services for you and others.
- Record details from calls to our Customer Care Team in order to enable us to provide a better service to our customers and for quality assurance purposes.
- Record details if you contact us via our Website using our live chat service in order to ensure a high level of customer service in terms of understanding any issues you may have faced with ordering from our Website.
Impact of processing
We consider that it is reasonable for us to process your personal data for the purposes of our legitimate interests outlined above as the processing of your personal data for these purposes does not unreasonably intrude on your privacy.
We may, on occasion, send you marketing messages by email and post about us, our products, events, promotions and services where you have not unsubscribed and where you have purchased similar goods or services from us or where you have otherwise consented. You can opt out at any time and from specific methods of marketing. Please see the ‘How Do I Unsubscribe From Communication?’ section below. Alternatively, you can email email@example.com.
California Residents: Your Privacy Rights
1. Our Approach to Privacy
2. The Categories of Personal Information We Collect
We collect the following categories of personal information:
Identifiers: This may include contact information that you directly provide to us in order to communicate with you or fulfil your order such as your name, postal address, phone numbers, social media handle and e-mail address, as well as information we collect indirectly when you visit our websites, such as your IP address, customer number and device identifier.
Customer Information Under California Civil Code §1798.80(e): This information comprises any information that identifies, relates to, describes or is capable of being associated with you in our records. When you register for an account with us we will collect personal information from you, which in addition to contact information, may
Commercial Information: This information may include your purchases and transaction history.
In the past twelve (12) months, we have collected the following categories of personal information: Identifiers, Customer Information under section 1798.80(e) of the California Civil Code, Commercial Information and Internet History.
3. We Collect Your Personal Information To Fulfill Your Orders and For Other Legitimate Business Purposes
We collect and use your personal information for providing you with information you have requested or pursuant to a contract, to market you products, to respond to your inquiries or requests, for security purposes and for other lawful business purposes as specified below.
Legitimate business interests
- Provide you with information about our which may be of interest to you
- Understand you better and enhance your experience with Sweaty Betty Gather research about our ’ supporters’ behavior
- Analyze and monitor your personal data so we can be more relevant with our marketing and communication
- Administer and improve our website to ensure that content is presented in the most effective manner
- Carry out research to understand our website visitors and other customers’ behavior, how they use our website and services so we can develop and improve our products and services for you and others
- Detect security incidents, and protect against malicious, deceptive, fraudulent, or illegal activity
4. Sharing of Your Personal Information
We do not sell your personal information to third parties.
In certain circumstances we may share your personal information with carefully selected partners or service providers who perform functions on our behalf such as:
- Data management on our behalf.
- Website hosting services.
- Assisting Sweaty Betty Foundation with analyzing our supporter data in order to better understand, profile and monitor customer patterns so we can consistently improve our products and services and understand what may be of interest to you and other customers.
In each case, we will only provide these partners or service providers with the information which they need to carry out their services. They will not be permitted to use the information for other purposes and will be bound by the same duty of care as us regarding data privacy. They will only be allowed to use your information in the way in which we instruct them and as permitted by applicable Data Protection Laws.
We may also share aggregated or anonymised information that does not identify you with partners or service providers.
Financial institutions and payment processing partners
Payments on our Website are made through our payment solutions providers. You will be providing credit or debit card information directly to our providers who process payment details in a secure manner.
In certain circumstances we may disclose personal information relating to you to third parties in order to conform to any requirements of law, to comply with any legal process, and/or to protect and defend the rights and property of Sweaty Betty.
In the past twelve (12) months, we have shared the following categories of personal information: Identifiers, Customer Information under section 1798.80(e) of the California Civil Code, Commercial Information and Internet History.
5. Your Rights in Personal Information
Under the California Consumer Privacy Act, you have the following rights in personal information held by us:
- You have the right to request that we disclose the personal information we collect, use, disclose and share. You may request (i) the categories of personal information that we have collected about you; (ii) the categories of sources from which the personal information is collected; (iii) the business or commercial purpose for collecting or sharing personal information; (iv) the categories of third parties with whom we share your personal information; and (v) the specific pieces of personal information that we have collected about you.
- You have the right to receive your personal information in a portable format that allows you to transmit the information to another entity.
- You have the right to request deletion of personal information under certain circumstances. For example, we may not be required to delete personal information if we need to retain the information to complete the transaction for which the personal information was collected, perform on a contract with us, or to comply with a legal obligation.
- You have the right not to receive discriminatory treatment for the exercise of any of these rights. We will not discriminate against you because you have exercised your rights.
You may submit verifiable requests concerning any of your rights by contacting us by telephone or email (See the How to Contact Us section below). We will use reasonable methods for verifying that the person making a request to know, data portability or a request to delete is the individual about whom we have collected personal information. This may involve, depending on the nature of the request, confirming that the email address provided corresponds with our records concerning the individual. Additional reasonable measures may also be required to verify the identity of the person making the request depending on the circumstances. For online requests to delete, you will be required to submit the request to delete, and then separately confirm that you want your personal information deleted. To the extent that you wish to use an authorized agent to make requests concerning the rights set forth above, you will need to provide us either with a power of attorney or, alternatively, with written authorization to communicate with your authorized agent.
We will (i) confirm receipt of requests to know, data portability or to delete within 10 days of the request; and (ii) generally respond to requests to know, data portability or to delete within 45 days of the request. If we need additional time to respond to your request beyond the 45 days, we will provide you with notice explaining the reasons we need more time, and we will then take up to an additional 45 days to respond to your request.
You can exercise your right and choices either by using the specific links provided in this page (see below) or by contacting us as specified in the section How to Contact Us.
To unsubscribe from communications, please see the information at our web page – “How do I unsubscribe”
6. Third Party Links and Websites
Our Website may from time to time contain links to other websites not controlled by us. You will know when the link is taking you to another website as a new window will pop up. If you click on any of the links to such websites from our Website, you should review that website’s privacy statements or policies and terms and conditions carefully as your use of those websites may be subject to them.
How to Contact Us
7. Access by Persons with Disabilities
Persons with disabilities who need assistance accessing this policy may contact us as provided for in section 12, and depending on your individual needs, the company will grant reasonable requests to furnish this policy in an alternative format.
We do not knowingly collect personal information from children under the age of 13. If you are under 13, please do not give us any personal information. We do not sell any personal information, including the personal information of minors under 16 years of age.
This policy was last updated on March 30, 2021.
How Do I Unsubscribe From Communication?
You can opt out of marketing communication such as email newsletters from Sweaty Betty Foundation at any time. All you need to do is contact firstname.lastname@example.org to change your communication preferences.
If you choose to opt out of marketing emails, this can take up to two weeks for the change to flow through our systems.
You can opt out of a personalised web experience at any time. Please see ‘Your Rights’ section below. Alternatively, you can email email@example.com.
Your Personal Information and How Long We Keep It
We will only keep your information as long as you continue to receive newsletters from us or otherwise as required for our business operations records or by law. This information will be kept secure at all times and only used for the legitimate purpose we require it or that you have consented to. After the stated period of time expires, we will anonymise all of your personal data, however some order information will be stored as an unknown customer.
Where information is entered but not completed, such as in adding items to your shopping basket but not completing checkout, we will delete this data after 30 days for a Guest User and 60 days for an Account Holder.
Cookies and How We Use Them
Other People Who Might Use Your Information
In certain circumstances we may share your information with carefully selected partners or service providers who perform functions as a Data Processor on our behalf such as:
- Data management on our behalf.
- Handling our order dispatch service and other deliveries.
- Website hosting services.
- Assisting Sweaty Betty Foundation with analysing our
- Other support services.
In each case, we will only provide these partners or service providers with the information which they need to carry out their services. They will not be permitted to use the information for other purposes and will be bound by the same duty of care as us regarding data privacy. They will only be allowed to use your information in the way in which we instruct them and as permitted by the Data Protection Laws.
We may also share aggregated or anonymised information that does not identify you with partners or service providers.
In certain circumstances we may disclose personal information relating to you to third parties in order to conform to any requirements of law, to comply with any legal process, for the purposes of obtaining legal advice, for the purposes of credit risk reduction, to prevent and detect fraud and/or to protect and defend the rights and property of Sweaty Betty.
Business or process change partners
In the event that we or a part of our business undergo re-organisation or are sold to a third party, any personal information we hold about you may be transferred and/or disclosed to that re-organised entity or third party.
Overseas transfers of data
Although we do our best to protect your personal data when we have received it, we cannot guarantee the security of your data whilst being submitted to us and any transmission is at your own risk. We do however use security features to try to prevent unauthorised access wherever possible. Personal information provided to Sweaty Betty Foundation via our Website and online credit card transactions are transmitted through a secure server using Secure Socket Layering (SSL), encryption technology. When the letters “http” in the URL change to “https,” the “s” indicates you are in a secure area employing SSL; also, your browser may give you a pop-up message that you are about to enter a secure area or display a padlock image.
Our Website uses this encryption technology to protect your information during data transport. SSL encrypts ordering information such as your name, address and credit card number. Our Customer Care team and stores also operate over a private, secure network.
Sweaty Betty Foundation shall at all times maintain appropriate physical, electronic, managerial and organisational measures to safeguard and secure Personal Data against accidental, unauthorised or unlawful loss, unauthorised modification, disclosure or access that is determined to be appropriate to the risk. All our employees and data processors who have access to, and are associated with the processing of personal information, are required to respect the confidentiality of the personal information of all users of our services.
Personal Data stored about you is held securely with appropriate measures in place to reduce the risk of a malicious attempt to access or misuse your data. We will delete your data when we have no further legitimate use for it in line with our storage policy and as specified above.
You have the following rights in respect of the information we hold about you:
- The right to request information about and a copy of your information which we hold. If you would like a copy of some or all of it please: |
a. Email firstname.lastname@example.org
b. Let us know what information you want a copy of, including
any account or reference numbers you have, if you have them.
c. We may ask you for personal information to verify your identity.
- The right to correct any mistakes in your information (if it is not accurate or not complete). If you would like us to do this please:
d. Email email@example.com
e. Let us have enough information to identify you (e.g. account number, user name, registration details); and
f. Let us know what information is incorrect and what it should be replaced with
- In certain circumstances, the right to delete your information. If you would like us to do this please email firstname.lastname@example.org.
- In certain circumstances, the right to restrict the processing of your information. If you would like us to do this or would like more information please email email@example.com.
- In certain circumstances, the right for you to obtain and re-use the information we hold about you with other service providers. If you would like to do this or you would like more information please email firstname.lastname@example.org.
- Where we are processing your personal data on the basis of our legitimate business interests the right in specific circumstances to object to certain types of processing. If you would like to do this or you would like more information please email email@example.com.
- The right not to be subject to a decision based solely on automated processing. If you would like to do this or would like more information please email firstname.lastname@example.org.
- The right to withdraw your consent where we are relying on it to process your personal data. If you would like to do this or would like more information please email email@example.com.
It may take up to 14 days to ensure your request to invoke any of your rights is fully actioned. Sweaty Betty reserves the right where we are entitled to do so to charge a reasonable administration fee to cover the cost of fulfilling a request to exercise any of these rights. Any fee applicable to the performance of an action will be advised to you at the point of making a request.
Contacting Sweaty Betty
Sweaty Betty Foundation at Sweaty Betty Support Office, Fulham Green 69 – 79 Fulham High Street, London SW6 3JW or email firstname.lastname@example.org.
You can also contact the Information Commissioner’s Office at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF www.ico.org.uk.
This Policy was last reviewed and updated in March 2021.