1. Who we are

1. This website www.creedfragrances.co.uk is owned and run by The Orange Square Company Limited (“Orange Square”, “the company” or “We”).  For the purpose of data protection law, the controller is The Orange Square Company Limited of 16th Floor, 200 Aldersgate Street, London EC1A 4HD. For further information about Orange Square, and the different divisions and brands within it, please email customerservices@creedfragrances.co.uk.
   
   
2. This Privacy Notice explains the types of personal information we collect, how we use that information, who we share it with, and how we protect that information. Making sure your personal information is secure is very important to us. We are committed to protecting and safeguarding your personal data. When we collect and use your personal information we are subject to the UK data protection laws. 

This website is not intended for children and we do not knowingly collect data relating to children.

2. What information do we collect from you?

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include anonymised data, which is data that can no longer be associated with you.  

We may collect, use, store and transfer different types of personal information about you as detailed below:

1. Identity Data includes first name, last name, title, date of birth and gender.
   
   
2. Contact Data includes email address, billing address, delivery address and telephone numbers.
   
   
3. Financial Data includes bank account and payment card details.
   
   
4. Transaction Data includes details about payments to and from you and other details of products you have purchased from us. 
   
   
5. Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
   
   
6. Service Data includes purchases or orders made by you, your interests, preferences, feedback and survey responses. 
   
   
7. Usage Data includes information about how you use our website and products.
   
   
8. Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.

We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

Information we collect about you:

We use different methods to collect information from and about you:

1. Direct interactions. You may choose to provide personal information to us, for example by filling in forms on our website or at one of our stores or counters, entering competitions and prize draws, creating an account on our website or via a mobile app, contributing on one of our social platforms, or contacting us by email, phone, live chat, or otherwise.
   
   
2. Automated technologies or interactions. When you visit our site we may use cookies and other technologies to automatically collect the following information:
   
   
1. Technical information, including your IP address, your login information, browser type and version, device identifier, location and time zone setting, browser plug-in types and versions, operating system and platform, page response times, and download errors;
   
   
2. Information about your visit, including the websites you visit before and after our site and products you viewed or searched for;
   
   
3. Length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.
   
   
4. Details about the types of services we provide to you.
   
   Please see our cookie policy for further details. 
   
   
3. Third parties or publicly available sources. We also work closely with third parties (including, for example, business partners, e-commerce partners, sub-contractors in technical, payment and delivery services, marketing service providers, advertising networks and search engine providers) and may receive personal data about you from them as necessary to provide and promote our products. We may also receive information about you from credit reference agencies when assessing your credit score is a condition of us entering into a contract with you. We may also collect information about you from publicly available sources, including publicly available content on social media.
   
   
4. Emails that we send as part of our marketing programmes use clear gifs (web beacons). These tell us whether the email has been opened. Web beacons can be turned off by not “enabling images” in an email.
   
   
5. If you are using one of our mobile apps, we may also collect information about the way you use our app.

3. How and why we use your personal information

Under data protection law, we can only use your personal data if we have a lawful basis for doing so, which includes:

1. Contract: where our use of your personal data is necessary to fulfil a contract we have with you, or because you have asked us to take specific steps before entering into a contract.
   
   
2. Legal obligation: where our use of your personal data is necessary for us to comply with the law (not including contractual obligations).
   
   
3. Legitimate interests: where our use of your personal data is necessary for our legitimate interests or the legitimate interests of a third party (unless there is a good reason to protect your personal data which overrides our legitimate interests).
   
   
4. Consent: where you have given us clear consent for us to process your personal data for a specific purpose.

The table below explains what we use your personal data for and why, as well as what our legitimate interests are where we are relying on our legitimate interests as the lawful basis to process your personal data:

 

Purpose/Activity	Type of data	Lawful basis for processing, including basis of legitimate interest and any additional processing conditions.
To register you as a new customer.	(a)   Identity   (b)   Contact	(a)   Performance of a contract with you
To process and deliver your order of products, including:   (a)   Manage payments, fees and charges   (b)   Collect and recover money owed to us	(a)   Identity   (b)   Contact   (c)    Financial   (d)   Transaction   (e)   Marketing and communications	(a)   Performance of a contract with you;   (b)   Necessary for our legitimate interests (to recover debts due to us)
To manage our relationship with you which will include:   (a)   Notifying you about changes to our terms or privacy policy   (b)   Asking you to leave a review or take a survey	(a)   Identity   (b)   Contact   (c)    Profile   (d)   Marketing and communications	(a)   Performance of a contract with you;   (b)   Necessary to comply with a legal obligation;   (c)    Necessary for our legitimate interests (to keep our records updated and to study how customers use our products)
To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)	(a)   Identity   (b)   Contact   (c)    Technical	(a)   Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise);   (b)   Necessary to comply with a legal obligation
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you	(a)   Identity   (b)   Contact   (c)    Profile   (d)   Usage   (e)   Marketing and communications   (f)     Technical	(a)   Necessary for our legitimate interests (to study how customers use our products, to develop them, to grow our business and inform our marketing strategy
To use data analytics to improve our website, services, marketing, customer relationships and experiences	(a)   Technical   (b)   Usage	(a)   Necessary for our legitimate interests (to define types of customers for our products, to keep our website updated and relevant, to develop our business and to inform our marketing strategy); OR   (b)   Consent
To make suggestions and recommendations to you about products that may be of interest to you	(a)   Identity   (b)   Contact   (c)    Technical   (d)   Usage   (e)   Profile   (f)     Marketing and communications	(a)   Necessary for our legitimate interests (to develop our products and grow our business); OR   (b)   Consent
To enable you to partake in a prize draw, competition or complete a survey	a)     Identity   b)     Contact   c)      Profile   d)     Usage   e)     Marketing and Communications	(a)   Performance of a contract with you;   (b)   Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business)

 

4. Direct Marketing

1. We may use your personal data to send you updates (by email, text message, telephone or post) about our services, including newsletters, exclusive offers, promotions, information about new products and free samples.
   
   
2. You will receive marketing communications from us if you expressly opted-in to receive them (in which case we rely on your consent) or if we are able to rely on our legitimate interests for example because you have purchased goods or services from us or requested specific details about our products and you have not opted out of receiving the marketing.
   
   
3. We may ask you to confirm or update your marketing preferences if there are changes in the law, regulation, or the structure of our business.
   
   
4. We may also analyse your Identity, Contact, Technical, Usage and Profile Data to form a view which products, services and offers may be of interest to you so that we can then send you relevant marketing communications.

Third-party Marketing

We will get your express consent before we share your personal data with any third party for their own direct marketing purposes.

Opting Out of Marketing

You can ask us to stop sending you marketing communications at any time by following the opt-out links within any marketing communication sent to you or by contacting us using the contact details at the end of this privacy policy.

If you do opt-out of receiving marketing communications, you will still receive service-related communications that are essential for administrative or customer service purposes for example relating to your order, updates to our Terms and Conditions, and checking that your contact details are correct.

5. Do we share your personal information?

We may share your personal information with the third parties set out below for the purposes listed in the above ‘how and why we use your personal information’ section. 

We may share your personal information with our group companies, which means our subsidiaries, and our ultimate holding company and its subsidiaries, so that they can assist us in providing and promoting our products to you. Our group companies include Fontaine Limited based in the UK, Kering Beauté SAS based in France and International Cosmetics & Perfumes Inc based in the US. Please email enquiries@orangesquare.uk.com for further details.

We may also share your personal information with:

1. Business partners, such as subcontractors in technical, payment, fulfilment and delivery services and other relevant third parties for the purpose of the performance of our contract that we hold with you (e.g., to deliver a product to you).
   
   
2. Credit reference agencies for the purpose of actively preventing and detecting crime, fraud and corruption as well as assessing your credit score and verifying your details where this is a condition of entering into a contract with you.
   
   
3. Advertising, marketing, digital and social media agencies, and social media networks, to help us to deliver advertising, marketing, and campaigns, to analyse their effectiveness, and to manage your contact and questions.
   
   
4. Analytics and search engine providers that assist us in the improvement and optimisation of our site.
   
   
5. IT service providers that we use to run our business.
   
   
6. Data analysis providers, such as Experian.
   
   
7. Fraud prevention solution providers, such as Riskified.
   
   
8. Professional service firms such as auditors and law firms.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

We may also disclose your personal information to third parties:

1. In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
   
   
2. If The Orange Square Company or a part of its assets are acquired by a third party, in which case personal data held by it about its customers relating to those assets will be one of the transferred assets.
   
   
3. If we have a duty to disclose your personal information in order to comply with any legal obligation, or if we need to do so in order to enforce or apply our terms of use and other agreements; or to protect the rights, property, or safety of The Orange Square Company, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
   
   
4. In other circumstances if we have your consent or we are permitted to do so by law. 

6. Where do we store and process your personal information?

To provide services to you, it is sometimes necessary for us to share your personal data outside the UK, for example with our service providers or our group companies noted above that are located outside the UK.

Transfers of personal data outside of the UK are subject to special rules under UK data protection law. This is because non-UK countries do not have the same data protection laws as the UK.

We will ensure that any transfer of personal data outside of the UK, complies with data protection laws and that all personal data will be secure.

As a result, when we transfer personal data outside of the UK we will ensure that the transfer complies with data protection laws by following one of the below steps:

1. Confirming that the recipient is located in a country which has been recognised as having an adequate level of protection for personal data.
   
   
2. Putting in place safeguards (such as approved standard contractual clauses) so that you have enforceable rights and effective legal remedies.
   
   
3. Confirming that a specific exception applies under data protection law.

For more information about our international transfers, please contact us using the information below.

7. Links to third party sites and social login.

Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

We may also offer you the opportunity to use social login. If you choose to use social login, please be aware that the social platform will share your profile information with us. The information that is shared will depend on your social platform settings. You can find out more by reviewing the privacy notice for the social login provider that you use.

8. Cookies

A cookie is a small text file which is placed onto your device (e.g. computer, smartphone or other electronic device) when you use our website. We use cookies on our website. Cookies help us recognise you and your device and store some information about your use of our website. Please see our Cookies Policy for further details.

9. Social Media and user generated content.

Some of our sites and apps allow users to submit their own content. Please remember that any content submitted to our sites and apps or to one of our social platforms can be viewed by the public, and you should take that into account when sharing any personal information e.g. financial information or address details via these platforms.

10. Data Security

We have put in place appropriate security measures to prevent your personal information from being accidently lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

11. Data Retention

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes.

12. Your Choices

If you choose not to give your personal information:

If you choose not to give your personal information that we request when you wish to make a purchase, it may delay or stop us from being able to provide you with the products or services that you have requested.

13. Controlling your personal data and your legal rights

It’s important that you are able to control your personal data and you have the following rights, which you can exercise free of charge, as follows:-

1. Access to your information – You have the right to request a copy of the personal information about you that we hold.
   
   
2. Correcting your information – We want to make sure that your personal information is accurate, complete and up to date and you may ask us to correct any personal information about you that you believe does not meet these standards.
   
   
3. Deletion of your information – You have the right to ask us to delete personal information about you where:
   
   a.  You consider that we no longer require the information for the purposes for which it was obtained.
   b.  We are using that information with your consent and you have withdrawn your consent – see Withdrawing consent to using your information below.
   c.  You have validly objected to our use of your personal information – see Objecting to how we may use your information below.
   d. Our use of your personal information is contrary to law or our other legal obligations.
   
   
4. Objecting to how we may use your information – You have the right at any time to require us to stop using your personal information for direct marketing purposes. In addition, where we use your personal information to perform tasks carried out in the public interest or pursuant to the legitimate interests of us or a third party then, if you ask us to, we will stop using that personal information unless there are overriding legitimate grounds to continue.
   
   
5. Restricting how we may use your information – in some cases, you may ask us to restrict how we use your personal information. This right might apply, for example, where we are checking the accuracy of personal information about you that we hold or assessing the validity of any objection you have made to our use of your information.  The right might also apply where this is no longer a basis for using your personal information, but you don’t want us to delete the data. Where this right to validly exercised, we may only use the relevant personal information with your consent, for legal claims or where there are other public interest grounds to do so.
   
   
6. Portability – if we process personal information that you provide to us on the basis of consent or because it is necessary for the performance of a contract to which you are party, and in either case that processing is carried out by automated means, then you have the right to have that personal information transmitted to you in a machine readable format. Where technically feasible, you also have the right to have that personal information transmitted directly to another controller.
   
   
7. Automated processing – if we use your personal information on an automated basis to make decisions which significantly affect you, you have the right to ask that the decision be reviewed by an individual to whom you may make representations and contest the decision. This right only applies where we use your information with your consent or as part of a contractual relationship with you.
   
   
8. Withdrawing consent using your information – Where we use your personal information with your consent you may withdraw that consent at any time, and we will stop using your personal information for the purpose(s) for which consent was given.

Please contact us in any of the ways set out in the Contact information and further advice section if you wish to exercise any of these rights.

14. Contact information and further advice

If you have any questions or concerns about how we treat your personal information, or would like to request a copy of the personal information we hold about you, please contact us at DataProtection@creedfragrances.co.uk or by writing to us at:

Data Protection Officer

The Orange Square Company

16th Floor

200 Aldersgate Street

London

EC1A 4HD

15. Complaints

We seek to resolve directly all complaints about how we handle personal information but you also have the right to lodge a complaint with the Information Commissioner’s Office. The Information Commissioner’s Office can be contacted as follows:

1. Online: https://ico.org.uk/global/contact-us/email/
2. By phone: 0303 123 1113
3. By post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF

16. Your duty to inform us of changes

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

17. Changes To Our Privacy Policy

Any changes we may make to our Privacy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our Privacy.

 

DataProtection@creedfragrances.co.uk

 

This privacy statement was last updated in July 2024.