1. WHO ARE YOU? 

 1.1. We are Luke Irwin Rugs Limited trading as ‘Luke Irwin’ (we, us, our). We design, manufacture and sell handmade bespoke rugs (our Services). Our rug showroom is at 20-22 Pimlico Road, London, SW1 1W 8LJ and our registered address is at c/o Blick Rothenburg, 1st Floor, 7 – 10 Chandos Street, London, SW1W 8LJ. Our company number is: 07344940.

 

2. WHAT IS THIS NOTICE? 

2.1. From time to time we may need to process Personal Data (that is information about someone who can be identified from the data) in connection with our business and our Services. This Personal Data may be about you or other people. This notice explains how we will use the Personal Data we hold.  

 2.2. As part of our Services we may transfer Personal Data to other people. We’ve set out a list of who we might transfer Personal Data to at paragraph 7. This notice only deals with our use of Personal Data. Recipients not bound by this privacy notice.  If you click on a link that takes you away from our website, this privacy notice shall not apply. 

2.3. We might need to change this privacy notice from time to time. If we do, we let you know. So please do keep an eye on our notice before giving us any Personal Data. 

 2.4. All of the defined terms in this notice are explained in paragraph 14 below. If you have any questions about this notice, feel free to send us an email to shop@lukeirwin.com.  

  

 3. WHO DO YOU HOLD PERSONAL DATA ABOUT? 

3.1. We hold Personal Data about the following groups of people (Data Subjects): 

DATA SUBJECTS	DESCRIPTION
Customers	Anyone who has purchased any goods or services from us. If the Customer is a business, this might also include any individual from that business which we were dealing with for the purposes of facilitating the contract.
Prospective Customers	Anyone we think may be interested in purchasing goods or services from us. If the Prospective Customer is a business, this might also include key contacts from that business.

 

 4. ARE YOU A CONTROLLER OR A PROCESSOR? 

4.1. We are a Controller in respect of: 

 a) Customer Data: any Personal Data which we hold about our Customers; and 

 b) Prospective Customer Data: any Personal Data which we hold about our Prospective Customers. 

This means we make decisions about what data to collect (in respect of those groups of Data Subjects) and how to use it. 

 

 5. WHERE DO YOU COLLECT PERSONAL DATA FROM? 

5.1. We might collect Personal Data in the following ways: 

CUSTOMER DATA 

Source	Types of Data Collected
Directly from our interactions with Customers	This might include information about:  Contact details for our Customer (including name, address, email and telephone number)  Payment details when we are taking a payment  Details about your delivery address or collection preferences  Records of transactions   Information about their business  Information about their marketing preferences  Complaints, concerns, opinions or responses to surveys we have sent you  Any details you provide us with when you call us.
Information automatically collected from use of our website	This might include:  Traffic and usage Data (information about how you used our website, links you clicked on and websites visited before and after).   Technical Data (such as information about the device you used to access our website).    We do this using cookies. For more information on the cookies we use, please click here.
Research carried out by our sales team from publicly available sources	Contact and Identity data  Information about your business  Information about your interests

 

PROSPECTIVE CUSTOMER DATA 

Source	Types of Data Collected
Directly from our interactions with Prospective Customers	This might include information about:  Contact details for our Prospective Customer (including name, address, email and telephone number)  Information about their business
Information automatically collected from use of our website	This might include:  Traffic and usage Data (information about how you used our website, links you clicked on and websites visited before and after).   Technical Data (such as information about the device you used to access our website).    We do this using cookies. For more information on the cookies we use, please click here.
Research carried out by our sales team from publicly available sources	Contact and Identity data  Information about your business  Information about your interests

 We do not anticipate that any of the Personal Data which we collect and store will include Special Categories of Personal Data. Special Categories of Personal Data includes details about an individual’s race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about health and genetic and biometric data. 

General 

We may also collect, use and share Aggregated Data such as statistical or demographic data which we collect from interactions with you. Aggregated Data may be derived from Personal Data but since it cannot be used to identify an individual, it is not Personal Data. 

 

 6. HOW WILL YOU USE THE PERSONAL DATA YOU HOLD AND WHAT IS YOUR LAWFUL BASIS FOR DOING SO? 

CUSTOMER DATA 

 i) We hold and process Customer Data as a Controller, which means we must have a ‘lawful basis’ for doing so. We have set out how we use Customer Data along with our lawful basis in the table below.  

 ii) Anywhere we are relying on legitimate interest we believe that such processing is necessary for the purposes of our legitimate interest, which in this case is to function as a business. We consider such use goes no further than the Data Subject would reasonable expect; is likely to align with the Data Subject’s interests (by enabling us to provide a sustainable business model) and is unlikely to be detrimental to the fundamental rights and freedoms of the Data Subject. 

PURPOSE/  ACTIVITY	DESCRIPTION	LAWFUL BASIS
To provide our services to you	Recording your name and contact details, processing payment information and delivery of goods/services. Contacting you with any changes to the delivery details or dates.	Necessary for the performance of the contract for the provision of our services or taking steps necessary to enter into a contract.
Administration and Dispute Resolution	For example we may need to retain details of your transaction to process refunds or returns or to deal with any disputes or queries you might have. We may also need to retain records of transactions for our own accounting purposes.	Legitimate Interest
Profiling	We may use details we collect for profiling purposes to help us make sure we are targeting the right people in any marketing we carry out.	Legitimate Interest
Marketing	rom time to time, we may use your information to contact you for market research or promotional purposes.    We may contact you by email, phone or post. Such marketing may take the form of our newsletter, our brochure or events to upcoming events or new product releases.    You may ask us to stop at any time.    We may also use aggregate data to carry out market research from time to time.	Legitimate Interest    Consent

 

 PROSPECTIVE CUSTOMER DATA 

 i) We hold and process Prospective Customer Data as a Controller, which means we must have a ‘lawful basis’ for doing so. We have set out how we use Prospective Customer Data along with our lawful basis in the table below.  

 ii) Anywhere we are relying on legitimate interest we believe that such processing is necessary for the purposes of our legitimate interest, which in this case is to function as a business. We consider such use goes no further than the Data Subject would reasonable expect; is likely to align with the Data Subject’s interests (by enabling us to provide a sustainable business model) and is unlikely to be detrimental to the fundamental rights and freedoms of the Data Subject. 

 

PURPOSE/  ACTIVITY	DESCRIPTION	LAWFUL BASIS
Providing requested information	To send you information about our goods, services and prices along with any quotes you’ve requested.	Consent
Profiling	We may use details we collect for profiling purposes to help us make sure we are targeting the right people in any marketing we carry out.	Legitimate Interest
Marketing	From time to time, we may use your information to contact you for market research or promotional purposes.    We may contact you by email, phone or post. Such marketing may take the form of our newsletter, our brochure or events to upcoming events or information about new collections.    You may ask us to stop at any time.    We may also use aggregate data to carry out market research from time to time.	Consent

 

 7. WILL YOU DISCLOSE PERSONAL DATA TO ANYONE ELSE? 

7.1 We may disclose Personal Data to third parties in the following instances: 

DATA SUBJECT GROUP	TYPES OF DATA TRANSFERRED	RECIPIENT	REASON FOR TRANSFER
Customer Data	Name, delivery address and any other details relating to the delivery	Our internal delivery team or a third party delivery service	To deliver goods in accordance with our contract.
Customer Data and Prospective Customer Data	Name and contact details	To our third party marketing management software service (currently provided by Mailchimp)	To send out marketing communications and record marketing preferences.
Customer Data	Payment details	Our third party payment provider (as at the date of drafting, provided by Stripe).	Facilitate payment
Customer data	Transaction details	Our third party transaction software provider (as at the date of drafting,  provided by Shopify)	Facilitate transaction
Customer Data and Prospective Customer Data	All data held digitally	We use a third party host service provider (as at the date of drafting, Site5)	Digital infrastructure

 

 7.2 We may also disclose personal Data in the following circumstances: 

• To our licensors, employees and third parties who are contracted to help us to fulfil our contract with you. Any such parties contracted by us will be subject to strict contractual requirements only to use your Personal Data in accordance with our privacy notice.

 

• If we sell or buy any business or assets. We will never sell Personal Data as a sole asset. 

 

• If we are under a duty to disclose or share Personal Data in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements or to protect the operation of our website, or the rights, property, or safety of us, our customers, or others. 

If you have any questions about who your data might be transferred to please send us an email at shop@lukeirwin.com.   

 

 8. WHAT SECURITY PROCEDURES DO YOU HAVE IN PLACE?  

 8.1. It is our policy to ensure that all Personal Data held by us is handled correctly and appropriately according to the nature of the information, the risk associated with mishandling the data, including the damage that could be caused to an individual as a result of loss, corruption and/or accidental disclosure of any such data, and in accordance with any applicable legal requirements. 

 8.2. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online. 

 

  9.WHERE DO YOU STORE THE PERSONAL DATA YOU COLLECT? 

9.1 For our EU customers we only use servers in the EU. Our current host servers are provided by Site5 whose servers are based in the UK.  

9.2 If you are based outside the EEA and would like further information about where we hold your data, please contact us by email: shop@lukeirwin.com.    

 

 10. FOR HOW LONG DO YOU STORE PERSONAL DATA? 

Customer Data 

 10.1. Our retention policies for Customer Data are as follows: 

 a) we may store data related to transactions along with card machine receipts for up to 7 years to ensure that we have sufficient records from an accounting and tax perspective. Card details taken at the time of purchase are not stored; 

 b) we may archive data relating to negotiations, contracts agreed, payments made, disputes raised and your use of our software for up 6 years to protect ourselves in the event of a dispute arising between you and us; 

c) owing to the lifecycle of luxury rugs and the fact that most of our Customers will only make such purchases a number of times over a long period, for this reason we may retain data which is held for marketing purposes for up to 10 years from the date of last purchase (subject to our Customers’ rights to ask us to delete, stop processing for marketing purposes or update such data); 

 d) we may store aggregate data without limitation (on the basis that no individual can be identified from the data). 

 

Prospective Customer Data 

10.2. Our retention policies for Prospective Customer Data are as follows: 

a) we may archive data relating to negotiations, contracts agreed, payments made, disputes raised and your use of our software for up 6 years to protect ourselves in the event of a dispute arising between you and us; 

 b) owing to the lifecycle of luxury rugs and the fact that most of our Customers will only make such purchases a number of times over a long period, for this reason we may retain data which is held for marketing purposes for up to 5 years from the date the individual is entered on to our marketing database (subject to our Customers’ rights to ask us to delete, stop processing for marketing purposes or update such data); 

c) we may store aggregate data without limitation (on the basis that no individual can be identified from the data). 

 

 11. WHAT RIGHTS DOES A DATA SUBJECT HAVE ABOUT THE PERSONAL DATA WE COLLECT AND HOLD? 

 

11.1Data Subjects have the following rights in respect of Personal Data relating to them which can be enforced against whoever is the Controller.  

 a) Right to be informed: the right to be informed about what Personal Data the Controller collects and stores about you and how it’s used. 

b) Right of access: the right to request a copy of the Personal Data held, as well as confirmation of: 

i) the purposes of the processing; 

ii) the categories of personal data concerned; 

iii) the recipients to whom the personal data has/will be disclosed; 

iv) for how long it will be stored; and 

v) if data wasn’t collected directly from the Data Subject, information about the source. 

 c) Right of rectification: the right to require the Controller to correct any Personal Data held about the Data Subject which is inaccurate or incomplete. 

 d) Right to be forgotten: in certain circumstances, the right to have the Personal Data held about the Data Subject erased from the Controller’s records.  

e) Right to restriction of processing: the right to request the Controller to restrict the processing carried out in respect of Personal Data relating to the Data Subject. You might want to do this, for instance, if you think the data held by the Controller is inaccurate and you would like to restrict processing the data has been reviewed and updated if necessary. 

 f) Right of portability: the right to have the Personal Data held by the Controller about the Data Subject transferred to another organisation, to the extent it was provided in a structured, commonly used and machine-readable format. 

 g) Right to object to direct marketing: the right to object where processing is carried out for direct marketing purposes (including profiling in connection with that purpose). 

h) Right to object to automated processing: the right not to be subject to a decision based solely on automated processing (including profiling) which produces legal effects (or other similar significant effects) on the Data Subject. 

11.2 If you want to avail of any of these rights, you should contact us immediately at shop@lukeirwin.com.  If we are not the Controller, we will need to transfer your request to the Controller – but we will only do so with your consent. If you do contact us with a request, we will also need evidence that you are who you say you are to ensure compliance with data protection legislation. 

 

 12. WHAT HAPPENS IF I NO LONGER WANT YOU TO PROCESS PERSONAL DATA ABOUT ME?  

12.1 We will comply with any request from a Subject to delete the data we hold about them unless we have reasons for lawfully retaining  that data. For example, we may need to keep certain details in order to fulfil an order placed (unless you are cancelling that order) or we may need to keep certain information for our own internal records to keep us right from an accounting perspective or in case there is ever a dispute between you and us in respect of any transactions. 

12.3 If we are holding Personal Data about you and using that data for marketing purposes or for any other activities based on your consent, you may notify us at any time that you no longer want us to process Personal Data about you for particular purposes or for any purposes whatsoever and we will stop processing your Personal Data for that purpose. This will not affect your ability to receive our Services. 

 

 13. WHO DO I COMPLAIN TO IF I’M NOT HAPPY WITH HOW YOU PROCESS PERSONAL DATA ABOUT ME? 

13.1If you have any questions or concerns about how we are using Personal Data about you, please contact our Data Protection Officer immediately at our registered address (see paragraph 1.1 above) or by email to shop@lukeirwin.com.   

13.2If you wish to make a complaint about how we have handled Personal Data about you, you may lodge a complaint with the Information Commissioner’s Office by following this link: https://ico.org.uk/concerns/.  

 

 14. WHAT DO ALL OF THE DEFINED TERMS IN THIS PRIVACY NOTICE MEAN? 

14.1 Throughout this notice you’ll see a lot of defined terms (which you can recognise because they’re capitalised). Where possible, we’ve tried to define them as we go, but we thought it might be useful to have a glossary at the end for you. Anywhere in this notice you see the following terms, they’ll have the following meanings: 

Controller is a legal term set out in the General Data Protection Regulation (GDPR), it means the party responsible for deciding what Personal Data to collect and how to use it; 

Data Subject means the individual who can be identified from the Personal Data; 

Personal Data means data which can be used to identify a living individual. This could be a name and address or it could be a number of details which when taken together make it possible to work out who the information is about. It also includes information about the identifiable individual; 

Processor is another legal term set out in the GDPR, it means the party who has agreed to process Personal Data on behalf of the Controller; and 

Special Categories of Personal Data means details about an individual’s race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about health and genetic and biometric data. 

Last updated: 16-05-2018 

Cookies Policy

COOKIES POLICY OF LUKE IRWIN RUGS LIMITED  

We use cookies as part of our website (“Site”) . This policy sets out what cookies are, what cookies we use and why. 

 1.WHAT IS A COOKIE? 

 1.1. A cookie is a small text file containing anonymous information (letters and numbers) which acts as an identifier that will be sent by our server to your computer or mobile device when you use our Site .  

 1.2. By allowing us to identify you, your user experience will be improved. For instance, our Site will be able to remember your preferred settings, user name and preferences, saving you time each time you log in. 

 2. TYPES OF COOKIE 

 2.1. In our provision of services to you, we use both ‘essential’ and ‘non-essential’ cookies. 

2.1.1. ESSENTIAL COOKIES 

Some cookies are required to perform essential functions on our Site. We use essential cookies for the purposes such as: 

• to enable you to access private information for the duration of your visit; 
• for the administration of our services; and 
• to improve those services provided by us to you. 

2.1.2. NON-ESSENTIAL COOKIES 

The table below explains the non-essential cookies we use and why 

Owner Cookie	Cookie Name	Cookie Description
Google Analytics	_utma	This keeps track of the number of times a visitor has been to the site, when their first visit was, and when their last visit occurred.
Google Analytics	_utmb	This creates a timestamp of the exact moment when a visitor enters site.
Google Analytics	_utmc	This creates a timestamp of the exact moment when a visitor leaves the site.
Google Analytics	_utmv	This is used for reporting in Google Analytics classifying the visitor.
Google Analytics	_utmz	This is set by Google Maps when you load a map of our location.

Please note that third parties (including for example, advertising networks and providers of external services) may also use cookies over which we have no control. Any such cookies are likely to be analytical or targeting cookies. 

 3. BLOCKING COOKIES 

3.1. By using our Site, you are consenting to our use of these non-essential cookies. If you do not consent to our using non-essential cookies you may opt to block the cookies by using the appropriate setting on your browser. For more information on how to disable cookies please see: www.allaboutcookies.org.  

 3.2. Please note that blocking cookies could affect some of the services provided on our Site. 

4. CHANGES TO OUR COOKIES POLICY 

 4.1. Any changes we may make to our cookies policy in the future will be posted on this page. 

5. CONTACT 

 5.1. Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to shop@lukeirwin.com.