This policy applies to data collected by (we) It’s A Monthly Thing (including our family of brands; Pink Parcel, Cosmopolitan x Pink Parcel, Betty and Betty For Schools) and Hearst.
1. What information do we collect?
Information you provide to us
We may collect or process various information that you provide to us, including:
- Personal details, including name, address, email address, phone number.
- Purchase-related information, including payment details, delivery details, product choice and date of birth, product feedback and purchase intentions.
- Employment-related information, including job preferences, work history and information provided on applications submitted to us online.
Information we collect about you
When you visit our website we may automatically collect information which allows us to recognise you, your preferences (including products you have looked at and added to your basket) and how you use this website. This information may include:
- Technical information, including the IP address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform.
- Information about your visit, including the pages you have visited, products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number.
Information we receive from other sources
We are also working closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers) and may receive information about you from them.
What if I am under 13?
If you are aged under 13, please get your guardian’s permission before you provide any personal information to Cosmopolitan x Pink Parcel.
In accordance with the Children’s Online Privacy Protection Act (COPPA), we do not knowingly collect or store any personal information about children under age 13, and our company websites are not designed to collect personal information from children under age 13. We ask purchasers to confirm if they are over 13 to restrict those who are younger from accessing certain features. For more information, please review our Special Note to Parents.
2. How we use your information
We will use the information we collect about you in the following ways:
To process your order
- To provide goods and services to you.
- To process and keep you updated about your order.
- To provide you with pre- and post-sales service.
- To notify you about changes to our service.
- To manage any account(s) you hold with us.
- To verify your identity to enable us to manage customer service interactions with you.
To improve the service we provide
- To show you content on our website and in our emails that is most relevant to you based on the information you have given us and the purchases you have made.
- To help us improve the technical capabilities of our website, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- To allow you to participate in interactive features of our service, when you choose to do so.
- As part of our efforts to keep our site safe and secure;
- Where we have a legal right or duty to use or disclose your information (for example in relation to an investigation by a public authority or in a legal dispute).
- For crime and fraud prevention, detection and related purposes;
For direct marketing
- To ensure you are kept up to date with the latest from Cosmopolitan x Pink Parcel, we use personal data for marketing purposes and may send you postal mail, texts and/or emails to update you on the latest offers and events. We may also show you online media communications through external social media platforms such as Facebook and Instagram and external digital advertisers such as Google. You have the right to opt out of receiving promotional communications at any time, by:
- informing us that you wish to change your marketing preferences by contacting our customer support team at email@example.com;
- making use of the “unsubscribe” link in emails; and/or
- contacting our Data Protection Officer via email at firstname.lastname@example.org
This may not stop service messages such as order updates.
- We may collect data directly from you, as well as analysing your browsing and purchasing activity online and your responses to marketing communications. The results of this analysis, together with other demographic data, allow us to ensure that we contact you with information on products, services, events and offers that are tailored and relevant to you. To do so, we use software and other technology for automated decision making. We may do this to decide what marketing communications are suitable for you and this activity is based on our legitimate interests to develop and improve our products and services. You have the right to opt out of any automated processing, including profiling, at any time by:
- informing us that you wish to opt out of automated processing by contacting our customer support team at email@example.com; and/or
- contacting our Data Protection Officer via email to firstname.lastname@example.org.
- To measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you.
- To make suggestions and recommendations to you about goods or services that may interest you.
- To identify and contact competition winners.
- To provide you, or permit selected third parties to provide you, with information about goods or services we feel may interest you. If you are an existing customer, we will only contact you with information about goods and services similar to those which were the subject of a previous sale or negotiations of a sale to you. If you are a new customer, and where we permit selected third parties to use your data, we (or they) will contact you only if you have consented to this. If you do not want us to use your data in this way, or to pass your details on to third parties for marketing purposes, please email us at email@example.com . We may pass information about you between our subsidiary brands.
3. How we share and disclose the information
We have partnered with certain trusted third parties in order to provide our service to you and to help us better understand your preferences. We may need to share your personal information with some of these service partners, however, we will only allow these third parties to handle your personal information when they have confirmed that they apply appropriate data protection and security controls. We also impose contractual obligations on service providers relating to data protection and security, which mean they can only use your information to provide services to us and to you, and for no other purposes. We may provide outside companies with aggregated and anonymised information and analytics about our customers but that would never identify you and we will never sell or rent your personal information to other organisations for any purposes.
The types of companies with whom we share data in order to provide and promote our goods and services are listed below:
External Service Provider: businesses that help us to provide a better experience personalised to you including providers of intelligence tools and social media platforms, providers of website hosting, marketing and advertising services and organisers of discount and loyalty schemes.
Reason for Sharing your data: we want to understand you and your needs as a customer, to help us deliver a the best customer journey possible. We aim to do this by tailoring your experience and reaching you on the channels that you enjoy using.
External Service Provider: businesses that help us provide our goods and services to you including providers of ecommerce platforms and payment, logistics, delivery, courier and returns management services.
Reason for Sharing your data: these providers make it possible for us to supply our products and services to you.
Other third parties
We may also share your data with:
- other companies within our groups.
- credit reference agencies where necessary for card payments.
- governmental bodies, regulators, law enforcement agencies, courts/tribunals and insurers where we are required to do so.
- to purchasers, investors, funders and advisers if we sell our business or assets or restructure whether by merger, re-organisation or otherwise.
- our legal and other professional advisers, including our auditors.
- to comply with our legal obligations and the administration of justice.
- to exercise our legal rights (for example in court cases). For the prevention, detection, investigation of crime or prosecution of offenders and/or for the protection of our employees and customers.
4. How do we store the information
Once we have received your information, we will use strict procedures and security features to prevent unauthorised access and keep your data secure:
- For the purposes of IT hosting and maintenance information is located on servers within the European Union.
- We have a Data Protection regime in place to oversee the effective and secure processing of your personal data.
- No third parties have access to your personal data unless the law allows them to do so.
- Any payment transactions will be encrypted.
- Your password enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
5. How long we will store the data
We are required under UK tax law to keep your basic personal data (name, address, contact details) for a minimum of 6 years after which time it will be destroyed. Any information we use for marketing purposes will be kept for up to 2 years if you are not a current customer of Cosmopolitan x Pink Parcel. If you are a current customer of Cosmopolitan x Pink Parcel we will hold your data for marketing purposes for as long as is needed to fulfil that contract.
6. How to obtain information about adequacy of international transfers
On occasion your personal information might be shared outside of the European Economic Area (the EEA) in order to deliver our products and services to you. The reason for this will normally be that service providers or you are not located the EEA. Specific data protection laws are associated with transferring data outside of the EEA and we will make sure that if your personal information is transferred outside of the EEA, this process is secure and compliant with data protection law.
7. How can you request the data we hold
You can view, correct or update the personal contact information you provide to IAMT and Hearst in your account at anytime.
If at any point you believe the information we process on you is incorrect you can request to see this information and even have it corrected or deleted. If you wish to raise a complaint on how we have handled your personal data or to withdraw your consent to marketing communications or profiling, you can contact our Data Protection Officer who will investigate the matter.
If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the Information Commissioner’s Office (ICO).
8. Your Rights
You have the following rights:
- The right to be informed about our processing or your personal data which is the aim of this notice.
- The right to request access to personal data we hold about you at any time.
- The right to ask us to update and correct any out-of-date or incorrect personal data that we hold about you.
- The right to object to processing of your personal data and/ or to withdraw any consent you have given us and to opt out of any marketing communications that we may send you.
- The right to prevent processing that is likely to cause damage or distress to you or anyone else.
- The certain rights in relation to automated decision making including profiling.
- The right to request that we erase your personal data in certain circumstances (the right to be forgotten) for example when the data are no longer necessary for the purpose for which we collected them.
- The right to have your personal data provided to you by us in a structured, commonly used and machine-readable format and transmitted to another data controller. this is known as the right to data portability.
If you wish to exercise any of the above rights, you can always contact our Data Protection Officer using the email address specified below.
You have the right to lodge a complaint with the Information Commissioner’s Office at Wycliffe House, Water Lane, Wilmslow, SK9 5AF, United Kingdom if you believe we have not handled your personal data in accordance with the law. Further information, including contact details, is available at https://ico.org.uk.
9. Contact us
10. Special Note to Parents
At IAMT and Hearst we recognize the need to provide further privacy protections with respect to personal information we may collect from children on our sites and applications. On some of the features on our sites we ask the user to confirm they are 13 or over. For example, marketing communications that are intended for under 13's. We do not knowingly collect personal information from children in connection with those features. When we intend to collect personal information from children, we take additional steps to protect children’s privacy, including:
- Limiting our collection of personal information from children to no more than is reasonably necessary to participate in an online activity; and
- Giving all users access or the ability to request access to personal information we have collected and the ability to request that the personal information be changed or deleted, and to seek the authorisation or consent from the holder of parental responsibility over the child.