Privacy Policy

Your privacy is important to us. This privacy policy describes the online information practices which we Apollo Trading UG (“we”, “our”) employ in relation to the information which you, our customers (“you”, “your”), provide when using the www.caspianmonarque.com site (“Website”).

It is important that you read this privacy policy together with any other notice which we may provide you on specific occasions when we are collecting or processing your personal information, so that you are fully aware of how and why we are using your information, and the legal rights that you have.

The Information we collect

As part of you using our Website and during the course of us providing products and/or services to you, we may collect, use, store and transfer the following types of information about you:

How and when do we collect your personal information?

We collect the majority of the personal information that we process about you directly from you when you provide this information to us by:

We may also collect technical information when you access and interact with the Website (see the section below on “How do we use cookies?”)

We do not collect data from people under the age of 16 and we will delete such data if we are informed we hold it.

Information from other sources

We may also receive personal information about you from various third parties that we engage in order to assist us with providing products and/or services to you, including:

If we request that you do so and you fail to provide information to us, we may be prevented from exercising our rights and obligation and, in particular, we may be prevented from providing the products and/or services that you have asked us to provide. For example, if you fail to provide us with your full address details, it may not be possible for us to fulfil your delivery, or if you fail to provide us with your payment details then we will not be able to process payments for our products and cannot therefore supply them to you.

How we use your personal information

We use your personal information for the following purposes:

By law, when processing your personal information we are required to have a ‘legal basis’ to do so. A legal basis is essentially a legal justification for processing your personal information. The legal basis we use to process your personal information will generally be one or more of the following:

Sometimes we may ask for your consent to use your information for particular purposes (e.g. to send you marketing communications). Where we do so, this consent will be our legal basis for our use of the information. You can withdraw your consent at any time and we will then stop processing your information for that purpose. If you wish to withdraw your consent, then please contact us using the details at the end of this notice.

For more information on the specific legal basis we are relying on in relation to any of the individual processing activities we have highlighted above, please contact us using the contact details at the end of this notice.

How do we use your personal information for marketing purposes?

If you are an existing customer or you have consented to receiving marketing communications by [email, web or text] we may send you information on any offers, events or news about our products and/or services that we believe may be of interest to you. Please note, if you do not choose to receive this information, we will be unable to keep you informed of any offers, events or news regarding our products and services.

We may also send you information on any offers, events or news about our products and/or services that we believe may be of interest to you by post.

If you agree to us doing so, we may also use Google Customer Match. This service matches a list of email addresses we hold to users signed in with Google in order to allow the display of personalised advertising on your internet browser.

You can ask us to stop sending you marketing messages (whether by email, web, text or post) or using Google Customer Match at any time by sending a request to

Automated decision-making

We want to ensure you enjoy the best experience of all Caspian Monarque has to offer, whether it be the shopping experience you have on our website or through our communications with you. We believe sharing timely and relevant information with you, provides a more tailored, and so better, experience. We achieve this by combining all the data we have about you; how you’ve previously used our website, the products you’ve purchased and how you’ve responded to our direct communications. This enables us to showcase to you a more relevant set of products on our website & share news of the most relevant products, offers and events. The data privacy law allows this as part of our legitimate interest in understanding our customers and our promise to provide the highest levels of service.

If you wish to change how we use your data, please contact us using the contact details at the end of this notice. Please note that if you choose not to share your personal details with us, or refuse certain contact permissions, we might not be able to provide some of the services you’ve asked for.

When do we share your personal information?

We only share your personal information with our other offices, our agents or third parties where necessary so that they can assist us in providing products and/or services to you.

Where we share your personal information with third parties who process your information on our behalf, they will only process your information on our instructions and we will remain responsible for ensuring that it is protected and processed lawfully.

Where we share your personal information with third parties who process it for their own purposes (such as government bodies), those third parties will have their own legal obligations to protect your information and you will have legal rights that you can enforce directly against them.

In particular, we may share your personal information with third parties for the following purposes:

In some circumstances, you will receive notice before we share your personal information with third parties and you will have the opportunity to choose not to share your information.If you would like further information about the third parties with whom we share your personal information then please contact us on the details at the end of this notice.

International transfers

In some instances, we (or the third parties that we share your personal information with) may transfer, process, hold or allow access to your personal information outside the European Economic Area (“EEA”). Where this occurs, we will put adequate safeguards in place to ensure that your personal information is protected in a manner that is consistent with how it would be protected under EU data protection laws.

In most cases, the safeguards that we put in place will be either:

If you would like further details in relation to the countries to which your personal information is currently transferred, and the safeguards that are in place in relation to the transfer, then please contact us on the details at the end of this notice.

Collection of Information by Third-Party Sites

Our Website may contain links to other websites whose information practices may be different to ours. You should consult the privacy notices of those third party sites as we have no control over information that is submitted to, collected, or processed by them.

How do we use cookies?

A cookie is a text-only string of information that a website transfers to the cookie file of the browser on your computer’s hard disk so that the website can remember who you are. A cookie will typically contain the name of the domain from which the cookie has come, the “lifetime” of the cookie, and a value, usually a randomly generated unique number. When you visit our Website we send you a cookie.

Cookies may be used in the following ways (the cookies we use are set out in the table below):

Purpose Supplier Expiration Cookie
Analytics
This cookie name is associated with Google Universal Analytics – which is a significant update to Google’s more commonly used analytics service. By default it is set to expire after 2 years, although this is customisable by website owners. Google Analytics 1 day _gid
Performance
Inspectlet uses cookies to keep track of session information. These cookies are needed to accurately understand how visitors are navigating your website. Inspectlet (3rd party) 1 year __insp_slim
Inspectlet uses cookies to keep track of session information. These cookies are needed to accurately understand how visitors are navigating your website. Inspectlet (3rd party) 1 year __insp_norec_sess
Inspectlet uses cookies to keep track of session information. These cookies are needed to accurately understand how visitors are navigating your website. Inspectlet (3rd party) 1 year __insp_identity
Inspectlet uses cookies to keep track of session information. These cookies are needed to accurately understand how visitors are navigating your website. Inspectlet (3rd party) 1 year __insp_targlpt
Inspectlet uses cookies to keep track of session information. These cookies are needed to accurately understand how visitors are navigating your website. Inspectlet (3rd party) 1 year __insp_targlpu
Inspectlet uses cookies to keep track of session information. These cookies are needed to accurately understand how visitors are navigating your website. Inspectlet (3rd party) 1 year __insp_nv
Inspectlet uses cookies to keep track of session information. These cookies are needed to accurately understand how visitors are navigating your website. Inspectlet (3rd party) 1 year __insp_wid
Inspectlet uses cookies to keep track of session information. These cookies are needed to accurately understand how visitors are navigating your website. Inspectlet (3rd party) long-term cookie that contains random ID assigned to visitor __insp_uid
Inspectlet uses cookies to keep track of session information. These cookies are needed to accurately understand how visitors are navigating your website. Inspectlet (3rd party) 1 year __insp_slim
SLI provide the software for the ‘search’ function on our site. When you visit the search box at the top of our site and put in your search term, they will manage this process. They provide us with all search related data – such as what the most popular search terms are. SLI Systems Timestamp of last search, expiry 6 months SLI4_1336870857
SLI provide the software for the ‘search’ function on our site. When you visit the search box at the top of our site and put in your search term, they will manage this process. They provide us with all search related data – such as what the most popular search terms are. SLI Systems Unique id for the user, expiry 2 years SLIBeacon_1336870857
We use this cookie to keep track of guest user preferences until such time as they decide to create an account on the website. Spree eCommerce 20 years guest_token
Measuring anonymous click behaviour on the website and traffic to the website in order to improve user experience on the website. Snowplow (3rd party) Maximum 2 years _sp_id.5768
The “__cfduid” cookie is set by the CloudFlare service to identify trusted web traffic. It does not correspond to any user id in the web application, nor does the cookie store any personally identifiable information. CloudFlare 5 years __cfduid
Generic
Implied Consent EU Cookie Law Banner 10 years eu_cookie_banner
Used to store the most recently visted category page. Helpful when generating breadcrumbs that are more accurate to the users journey. 31 days last_category_visited

You can accept or decline “cookies” by modifying the setting in your browser. Please note that if you disable “cookies” you may not be able to use all the features of our Website.

How do we keep your information secure?

We employ security measures to prevent unauthorized access to information that we collect online and through POS. We use a secure online order form for all purchases made via the Website. All data transmitted via this form (including credit card details) is 128bit encrypted so it is transmitted securely. To verify this, when placing an order using the Website a padlock will appear in your browser. It is normally in the status bar, towards the right hand side, in the address bar of your browser window. You can double click this padlock to verify that the secure certificate has been issued to the Website.

Our security is certified by the certificate provider Verisign.

Please note that email correspondence with us is in free format text and cannot be encrypted. Accordingly please do not send any sensitive information such as credit card details or passwords via email.

We use computer safeguards such as firewalls and data encryption, and we enforce physical access controls to our buildings and files to keep this data safe. We only authorise access to employees who need it to carry out their job responsibilities.

Data retention

We employ security measures to prevent unauthorized access to information that we collect online and through POS. We use a secure online order form for all purchases made via the Website. All data transmitted via this form (including credit card details) is 128bit encrypted so it is transmitted securely. To verify this, when placing an order using the Website a padlock will appear in your browser. It is normally in the status bar, towards the right hand side, in the address bar of your browser window. You can double click this padlock to verify that the secure certificate has been issued to the Website

Details of the retention period for different aspects of your personal information are available in our data retention policy, detailed in the table below and covering all key databases held by Apollo Trading UG.

Ref Type of Data Details Purpose of data Review Period Retention Period or Criteria
1 Personal Details Eg Name, Address, Title, Gender To support email and whitemail marketing, customer reporting and analytics 12 months 5 years
2 Contact Details Eg Billing Address, Delivery address, email address and phone number To support email marketing & customer reporting 12 months 5 years
3 Image Data Eg CCTV images, photographs if taken during an event and you have not objected to this For security and PR 12 months 5 years
4 Financial Eg Payment card details To provide financial information with regard to purchases as well as to support fraud prevention 12 months 7 years
5 Transactional Data Eg order information, product purchased, total cost, payment information, billing and delivery information To support transactional queries, customer and product reporting & analytics 36 months 7 years
6 Technical Data Eg Internet Protocol (IP) address, login data, browser type and version, time-zone setting and location, browser plug in types and versions, operating system and platform and other technology devices used to access the website, geographical location, length of visit, number of pages viewed To support online reporting & analytics as well as operational information 12 months 5 years
7 Profile Data Eg Order history, preferences, feedback on survey and response To support reporting, analytics and personalisation of marketing activity 12 months 5 years
8 Marketing Data Eg Preferences in receiving marketing and communications To support marketing activity 12 months 3 years
9 Instore Data Eg products purchased, amount spent, payment information To support transactional queries, customer and product reporting & analytics 12 months 7 years

Your legal rights

You have the following rights in relation to the personal information that we hold about you:

For more information on your legal rights or if you would like to exercise these rights, please contact us on the contact details at the end of this notice.

Integration of Novalnet / Full payment service provider

The controller in charge of processing has integrated components of Novalnet AG into this website. Novalnet AG is a full payment service provider which handles payment processing, among other things. If the data subject selects a payment method during the order process in our online shop, data of this person are sent automatically to Novalnet AG. By choosing a payment option, the data subject agrees to the transmission of personal data for the purposes of payment. As a rule, the personal data sent to Novalnet include the first name, surname, address, gender, e-mail address, IP address and possibly date of birth, tel. no., mobile no. and other data as required for payment processing. The conclusion of a purchase contract also requires personal data that relate to the respective order. This includes, but is not limited to, the exchange of payment information such as bank details, card number, expiry date and CVC code, data on goods and services, and prices. Data transmission is intended in particular for verification of identity, payment administration and fraud prevention. The controller will transmit personal data to Novalnet AG particularly if there is a legitimate interest in transmission. The personal data exchanged between Novalnet AG and the controller may be sent by Novalnet AG to credit agencies. This transmission is for the purposes of verifying identity and creditworthiness. Novalnet AG will also share the personal data with service providers or subcontractors if so required to fulfil the contractual obligations or if the data must be processed. The data subject has the option to revoke consent for the handling of personal data at any time with Novalnet AG. This will have no effect on personal data that must be processed, used or transmitted for (contractual) payment processing

GDPR

As a data subject, you have the following rights: • You have a right of information regarding your personal data that the controller processes (Art. 15 GDPR), • You have the right to rectification of the data pertaining to you if these were stored incorrectly or incompletely (Art. 16 GDPR), • You have the right to erasure (Art. 17 GDPR), • You have the right to restriction of processing of your personal data (Art. 18 GDPR), • You have the right to data portability (Art. 20 GDPR), • You have a right to objection to the processing of your personal data (Art. 21 GDPR), • You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you (Art. 22 GDPR), • You have the right to file a complaint with a supervisory authority if you suspect a breach of data protection laws (Art. 77 GDPR). The supervisory authority for your regular place of residence, work or place of alleged breach will be responsible for this

Revisions to this Privacy Statement

We reserve the right to revise this privacy policy or any part of it from time to time. Please review the privacy policy periodically for changes. This privacy policy was last updated on 22nd May 2018

Unless stated otherwise, our current privacy policy applies from time to time to all information that we have about you

It is important that the personal information we hold about you is accurate and up-to-date. Please keep us informed of any changes to your personal information

How to Contact us

If you have any questions or concerns about this privacy policy, would like further details on any of the information contained in this notice, or to exercise any of your legal rights please contact us by email at

Whilst we would appreciate the opportunity to deal with your concerns before you do so, if you are unhappy with how we have used your personal information you have the right to lodge a complaint at any time with a supervisory authority. The supervisory authority in the UK is the Information Commissioner’s Office (ICO).