Privacy Policy
Your privacy is important to us. This privacy policy describes the online information practices which we Apollo Trading UG (“we”, “our”) employ in relation to the information which you, our customers (“you”, “your”), provide when using the www.caspianmonarque.com site (“Website”).
It is important that you read this privacy policy together with any other notice which we may provide you on specific occasions when we are collecting or processing your personal information, so that you are fully aware of how and why we are using your information, and the legal rights that you have.
The Information we collect
As part of you using our Website and during the course of us providing products and/or services to you, we may collect, use, store and transfer the following types of information about you:
- Identity information including your first name, last name, marital status, title and gender.
- Contact information including your address, e-mail address and telephone numbers.
- Financial information including bank details and credit/ debit card information.
- Technical information including your IP address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and other technology on the devices you use to access our website.
- Profile information including your username and password.
- Communications information including your correspondence with us and any feedback that you provide us with.
How and when do we collect your personal information?
We collect the majority of the personal information that we process about you directly from you when you provide this information to us by:
- registering on the Website for an online account or otherwise contact us to obtain information relating to us or our products and/or services
- placing orders on the Website
- updating the “Your Online Account”, “Your Address Book” or “Your Order Details” section of the Website
- communicating with us by phone, e-mail or otherwise, or when you complete a questionnaire or competition entry form
- subscribing to our e-newsletter
We may also collect technical information when you access and interact with the Website (see the section below on “How do we use cookies?”)
We do not collect data from people under the age of 16 and we will delete such data if we are informed we hold it.
Information from other sources
We may also receive personal information about you from various third parties that we engage in order to assist us with providing products and/or services to you, including:
- delivery and address information from our carriers who deliver products to you
- marketing information from marketing companies who send customer communications and direct marketing materials on our behalf
- data analytics information from companies that provide us with data analytics services
- information on your account, payment and credit history, including information from credit bureaus and sources we use to process payments
If we request that you do so and you fail to provide information to us, we may be prevented from exercising our rights and obligation and, in particular, we may be prevented from providing the products and/or services that you have asked us to provide. For example, if you fail to provide us with your full address details, it may not be possible for us to fulfil your delivery, or if you fail to provide us with your payment details then we will not be able to process payments for our products and cannot therefore supply them to you.
How we use your personal information
We use your personal information for the following purposes:
- to register you as a new customer
- to respond to your enquiries and complaints, and to manage our relationship with you
- to handle orders, deliver items and process payments
- to communicate with you about updates, orders, products, services and promotional offers
- to update our records and maintain any online account you may have with us
- to administer and protect our business and this site, including to prevent or detect fraud or abuses of our Website
- for market research, reporting, analysis and modelling so as to improve the products and services we provide
- to comply with our financial record keeping obligations
- to use data analytics to improve our website, products, services and user experiences
- to enable third parties to carry out technical, logistical or other functions on our behalf
By law, when processing your personal information we are required to have a ‘legal basis’ to do so. A legal basis is essentially a legal justification for processing your personal information. The legal basis we use to process your personal information will generally be one or more of the following:
- to enable us to perform the contracts that we have with you to supply you with products and/or services
- where it is necessary for our legitimate interests in administering and managing our relationship with you, providing you with products and/or services, and running our business lawfully and effectively
- to enable us to comply with a legal or regulatory obligation
Sometimes we may ask for your consent to use your information for particular purposes (e.g. to send you marketing communications). Where we do so, this consent will be our legal basis for our use of the information. You can withdraw your consent at any time and we will then stop processing your information for that purpose. If you wish to withdraw your consent, then please contact us using the details at the end of this notice.
For more information on the specific legal basis we are relying on in relation to any of the individual processing activities we have highlighted above, please contact us using the contact details at the end of this notice.
How do we use your personal information for marketing purposes?
If you are an existing customer or you have consented to receiving marketing communications by [email, web or text] we may send you information on any offers, events or news about our products and/or services that we believe may be of interest to you. Please note, if you do not choose to receive this information, we will be unable to keep you informed of any offers, events or news regarding our products and services.
We may also send you information on any offers, events or news about our products and/or services that we believe may be of interest to you by post.
If you agree to us doing so, we may also use Google Customer Match. This service matches a list of email addresses we hold to users signed in with Google in order to allow the display of personalised advertising on your internet browser.
You can ask us to stop sending you marketing messages (whether by email, web, text or post) or using Google Customer Match at any time by sending a request to [email protected]
Automated decision-making
We want to ensure you enjoy the best experience of all Caspian Monarque has to offer, whether it be the shopping experience you have on our website or through our communications with you. We believe sharing timely and relevant information with you, provides a more tailored, and so better, experience. We achieve this by combining all the data we have about you; how you’ve previously used our website, the products you’ve purchased and how you’ve responded to our direct communications. This enables us to showcase to you a more relevant set of products on our website & share news of the most relevant products, offers and events. The data privacy law allows this as part of our legitimate interest in understanding our customers and our promise to provide the highest levels of service.
If you wish to change how we use your data, please contact us using the contact details at the end of this notice. Please note that if you choose not to share your personal details with us, or refuse certain contact permissions, we might not be able to provide some of the services you’ve asked for.
When do we share your personal information?
We only share your personal information with our other offices, our agents or third parties where necessary so that they can assist us in providing products and/or services to you.
Where we share your personal information with third parties who process your information on our behalf, they will only process your information on our instructions and we will remain responsible for ensuring that it is protected and processed lawfully.
Where we share your personal information with third parties who process it for their own purposes (such as government bodies), those third parties will have their own legal obligations to protect your information and you will have legal rights that you can enforce directly against them.
In particular, we may share your personal information with third parties for the following purposes:
- we may need to share your personal information to other companies who we engage to perform functions on our behalf including; fulfilling orders, delivering packages, sending customer communications, analysing data, processing payments and providing customer services. They will have access to personal information needed to perform their functions, but may not use it for other purposes
- if we sell, transfer or merge parts of our business or our assets, or seek to acquire another business or merge with them, we may share your personal information with the other party to the transaction
- where it is necessary to prevent fraud or reduce credit risk, we may share your personal information with other companies and organisations
- where requested or if we consider that it is reasonably required, we may share your personal information with government bodies, regulatory bodies or law enforcement organisations so that they can carry out their legal functions
In some circumstances, you will receive notice before we share your personal information with third parties and you will have the opportunity to choose not to share your information.If you would like further information about the third parties with whom we share your personal information then please contact us on the details at the end of this notice.
International transfers
In some instances, we (or the third parties that we share your personal information with) may transfer, process, hold or allow access to your personal information outside the European Economic Area (“EEA”). Where this occurs, we will put adequate safeguards in place to ensure that your personal information is protected in a manner that is consistent with how it would be protected under EU data protection laws.
In most cases, the safeguards that we put in place will be either:
- a decision by the European Commission that the country to which the data is being transferred provides an adequate level or protection
- we will put in place a contract with the recipient of your personal information which contains the model clauses that have been approved by the European Commission
If you would like further details in relation to the countries to which your personal information is currently transferred, and the safeguards that are in place in relation to the transfer, then please contact us on the details at the end of this notice.
Collection of Information by Third-Party Sites
Our Website may contain links to other websites whose information practices may be different to ours. You should consult the privacy notices of those third party sites as we have no control over information that is submitted to, collected, or processed by them.
How do we use cookies?
A cookie is a text-only string of information that a website transfers to the cookie file of the browser on your computer’s hard disk so that the website can remember who you are. A cookie will typically contain the name of the domain from which the cookie has come, the “lifetime” of the cookie, and a value, usually a randomly generated unique number. When you visit our Website we send you a cookie.
Cookies may be used in the following ways (the cookies we use are set out in the table below):
| Purpose | Supplier | Expiration | Cookie |
|---|---|---|---|
| Analytics | |||
| This cookie name is associated with Google Universal Analytics – which is a significant update to Google’s more commonly used analytics service. By default it is set to expire after 2 years, although this is customisable by website owners. | Google Analytics | 1 day | _gid |
| Performance | |||
| Inspectlet uses cookies to keep track of session information. These cookies are needed to accurately understand how visitors are navigating your website. | Inspectlet (3rd party) | 1 year | __insp_slim |
| Inspectlet uses cookies to keep track of session information. These cookies are needed to accurately understand how visitors are navigating your website. | Inspectlet (3rd party) | 1 year | __insp_norec_sess |
| Inspectlet uses cookies to keep track of session information. These cookies are needed to accurately understand how visitors are navigating your website. | Inspectlet (3rd party) | 1 year | __insp_identity |
| Inspectlet uses cookies to keep track of session information. These cookies are needed to accurately understand how visitors are navigating your website. | Inspectlet (3rd party) | 1 year | __insp_targlpt |
| Inspectlet uses cookies to keep track of session information. These cookies are needed to accurately understand how visitors are navigating your website. | Inspectlet (3rd party) | 1 year | __insp_targlpu |
| Inspectlet uses cookies to keep track of session information. These cookies are needed to accurately understand how visitors are navigating your website. | Inspectlet (3rd party) | 1 year | __insp_nv |
| Inspectlet uses cookies to keep track of session information. These cookies are needed to accurately understand how visitors are navigating your website. | Inspectlet (3rd party) | 1 year | __insp_wid |
| Inspectlet uses cookies to keep track of session information. These cookies are needed to accurately understand how visitors are navigating your website. | Inspectlet (3rd party) | long-term cookie that contains random ID assigned to visitor | __insp_uid |
| Inspectlet uses cookies to keep track of session information. These cookies are needed to accurately understand how visitors are navigating your website. | Inspectlet (3rd party) | 1 year | __insp_slim |
| SLI provide the software for the ‘search’ function on our site. When you visit the search box at the top of our site and put in your search term, they will manage this process. They provide us with all search related data – such as what the most popular search terms are. | SLI Systems | Timestamp of last search, expiry 6 months | SLI4_1336870857 |
| SLI provide the software for the ‘search’ function on our site. When you visit the search box at the top of our site and put in your search term, they will manage this process. They provide us with all search related data – such as what the most popular search terms are. | SLI Systems | Unique id for the user, expiry 2 years | SLIBeacon_1336870857 |
| We use this cookie to keep track of guest user preferences until such time as they decide to create an account on the website. | Spree eCommerce | 20 years | guest_token |
| Measuring anonymous click behaviour on the website and traffic to the website in order to improve user experience on the website. | Snowplow (3rd party) | Maximum 2 years | _sp_id.5768 |
| The “__cfduid” cookie is set by the CloudFlare service to identify trusted web traffic. It does not correspond to any user id in the web application, nor does the cookie store any personally identifiable information. | CloudFlare | 5 years | __cfduid |
| Generic | |||
| Implied Consent EU Cookie Law Banner | 10 years | eu_cookie_banner | |
| Used to store the most recently visted category page. Helpful when generating breadcrumbs that are more accurate to the users journey. | 31 days | last_category_visited | |
You can accept or decline “cookies” by modifying the setting in your browser. Please note that if you disable “cookies” you may not be able to use all the features of our Website.
How do we keep your information secure?
We employ security measures to prevent unauthorized access to information that we collect online and through POS. We use a secure online order form for all purchases made via the Website. All data transmitted via this form (including credit card details) is 128bit encrypted so it is transmitted securely. To verify this, when placing an order using the Website a padlock will appear in your browser. It is normally in the status bar, towards the right hand side, in the address bar of your browser window. You can double click this padlock to verify that the secure certificate has been issued to the Website.
Our security is certified by the certificate provider Verisign.
Please note that email correspondence with us is in free format text and cannot be encrypted. Accordingly please do not send any sensitive information such as credit card details or passwords via email.
We use computer safeguards such as firewalls and data encryption, and we enforce physical access controls to our buildings and files to keep this data safe. We only authorise access to employees who need it to carry out their job responsibilities.
- We protect the security of your information while it is being transmitted by encrypting it using Secure Sockets Layer (SSL)
- We enforce physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of personal data. We may occasionally ask for proof of identity before we share your personal data with you
Data retention
We employ security measures to prevent unauthorized access to information that we collect online and through POS. We use a secure online order form for all purchases made via the Website. All data transmitted via this form (including credit card details) is 128bit encrypted so it is transmitted securely. To verify this, when placing an order using the Website a padlock will appear in your browser. It is normally in the status bar, towards the right hand side, in the address bar of your browser window. You can double click this padlock to verify that the secure certificate has been issued to the Website
Details of the retention period for different aspects of your personal information are available in our data retention policy, detailed in the table below and covering all key databases held by Apollo Trading UG.
| Ref | Type of Data | Details | Purpose of data | Review Period | Retention Period or Criteria |
|---|---|---|---|---|---|
| 1 | Personal Details | Eg Name, Address, Title, Gender | To support email and whitemail marketing, customer reporting and analytics | 12 months | 5 years |
| 2 | Contact Details | Eg Billing Address, Delivery address, email address and phone number | To support email marketing & customer reporting | 12 months | 5 years |
| 3 | Image Data | Eg CCTV images, photographs if taken during an event and you have not objected to this | For security and PR | 12 months | 5 years |
| 4 | Financial | Eg Payment card details | To provide financial information with regard to purchases as well as to support fraud prevention | 12 months | 7 years |
| 5 | Transactional Data | Eg order information, product purchased, total cost, payment information, billing and delivery information | To support transactional queries, customer and product reporting & analytics | 36 months | 7 years |
| 6 | Technical Data | Eg Internet Protocol (IP) address, login data, browser type and version, time-zone setting and location, browser plug in types and versions, operating system and platform and other technology devices used to access the website, geographical location, length of visit, number of pages viewed | To support online reporting & analytics as well as operational information | 12 months | 5 years |
| 7 | Profile Data | Eg Order history, preferences, feedback on survey and response | To support reporting, analytics and personalisation of marketing activity | 12 months | 5 years |
| 8 | Marketing Data | Eg Preferences in receiving marketing and communications | To support marketing activity | 12 months | 3 years |
| 9 | Instore Data | Eg products purchased, amount spent, payment information | To support transactional queries, customer and product reporting & analytics | 12 months | 7 years |
Your legal rights
You have the following rights in relation to the personal information that we hold about you:
- The right to request access to your personal information (commonly known as a “data subject access request”). This enables you to request a copy of the personal information we hold about you and to check we are processing it lawfully.
- The right to request correction of the personal information we hold about you. This enables you to request that we correct any incomplete or inaccurate information that we hold about you.
- The right to request erasure of your personal information in some circumstances. This enables you to request that we erase your personal information where there is no good reason for us continuing to process it.
- The right to object to us processing your personal information. This enables you to object to us processing your personal information where we are relying on a legitimate interest and it impacts on your fundamental rights and freedoms.
- The right to restrict our processing of your personal information. This enables you to ask us to suspend the processing of your personal information in certain circumstances.
- The right to data portability. In certain circumstance this enables you to request that we provide you, or a third party, with a copy of the personal information that you provided to us in a structured, commonly used, machine-readable format.
For more information on your legal rights or if you would like to exercise these rights, please contact us on the contact details at the end of this notice.
Integration of Novalnet / Full payment service provider
The controller in charge of processing has integrated components of Novalnet AG into this website. Novalnet AG is a full payment service provider which handles payment processing, among other things. If the data subject selects a payment method during the order process in our online shop, data of this person are sent automatically to Novalnet AG. By choosing a payment option, the data subject agrees to the transmission of personal data for the purposes of payment. As a rule, the personal data sent to Novalnet include the first name, surname, address, gender, e-mail address, IP address and possibly date of birth, tel. no., mobile no. and other data as required for payment processing. The conclusion of a purchase contract also requires personal data that relate to the respective order. This includes, but is not limited to, the exchange of payment information such as bank details, card number, expiry date and CVC code, data on goods and services, and prices. Data transmission is intended in particular for verification of identity, payment administration and fraud prevention. The controller will transmit personal data to Novalnet AG particularly if there is a legitimate interest in transmission. The personal data exchanged between Novalnet AG and the controller may be sent by Novalnet AG to credit agencies. This transmission is for the purposes of verifying identity and creditworthiness. Novalnet AG will also share the personal data with service providers or subcontractors if so required to fulfil the contractual obligations or if the data must be processed. The data subject has the option to revoke consent for the handling of personal data at any time with Novalnet AG. This will have no effect on personal data that must be processed, used or transmitted for (contractual) payment processing
GDPR
As a data subject, you have the following rights: • You have a right of information regarding your personal data that the controller processes (Art. 15 GDPR), • You have the right to rectification of the data pertaining to you if these were stored incorrectly or incompletely (Art. 16 GDPR), • You have the right to erasure (Art. 17 GDPR), • You have the right to restriction of processing of your personal data (Art. 18 GDPR), • You have the right to data portability (Art. 20 GDPR), • You have a right to objection to the processing of your personal data (Art. 21 GDPR), • You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you (Art. 22 GDPR), • You have the right to file a complaint with a supervisory authority if you suspect a breach of data protection laws (Art. 77 GDPR). The supervisory authority for your regular place of residence, work or place of alleged breach will be responsible for this
Revisions to this Privacy Statement
We reserve the right to revise this privacy policy or any part of it from time to time. Please review the privacy policy periodically for changes. This privacy policy was last updated on 22nd May 2018
Unless stated otherwise, our current privacy policy applies from time to time to all information that we have about you
It is important that the personal information we hold about you is accurate and up-to-date. Please keep us informed of any changes to your personal information
How to Contact us
If you have any questions or concerns about this privacy policy, would like further details on any of the information contained in this notice, or to exercise any of your legal rights please contact us by email at [email protected]
Whilst we would appreciate the opportunity to deal with your concerns before you do so, if you are unhappy with how we have used your personal information you have the right to lodge a complaint at any time with a supervisory authority. The supervisory authority in the UK is the Information Commissioner’s Office (ICO).