Privacy Policy
Stephen Millership Online Shop Privacy Policy
This Privacy Policy is issued by Star Editions Limited (with its registered office at Gascoyne House Moseleys Farm Business Centre, Fornham All Saints, Bury St Edmunds, Suffolk, United Kingdom, IP28 6JY and company number 6628133) together with its subsidiaries (together “Star Editions”, “us”, “we” or “our”). We are the data controller of any personal information we collect about you and we are responsible for the website [stephenmillership.com] (this “Website”) operated by us under licence from Stephen Millership. All products on this Website are manufactured and fulfilled by Star Editions, under a licence from Stephen Millership.
This Privacy Policy sets out how Star Editions process your personal data when accessing this Website, signing up to mailing lists, purchasing products, or otherwise engaging with us.
1. Introduction
This Privacy Policy explains who we are, why and how we process personal data collected through your use of this Website or otherwise through your interaction with Star Editions, what rights you have and how to get in touch with us if you need to. For ease of reference, we have divided this Privacy Policy into the following sections:
- Introduction
- Geographic scope
- Children
- What personal data do we collect?
- How do we collect your personal data?
- How and why do we use and share your personal data?
- For how long do we keep your personal data?
- Security
- Your rights
- International data transfers
- Contact details
We will update this Privacy Policy at any time to reflect changes to our business or changes in the law. Where these changes are significant, we may decide it is appropriate to let users of the Website know. However, it is overall your responsibility to check this Privacy Policy before each use of this Website – for ease of reference the top of this Privacy Policy indicates the date on which it was last updated.
2. Geographic scope
This Website is operated in the United Kingdom and is intended for users located in the UK and EU.
3. Children
Please note that this Website is an online product shopping platform directed to adults only (including parents and/or guardians). We do not knowingly collect personal data about children under the age of 13. We anticipate only collecting data from parents and guardians purchasing products for and on behalf of their children. In any event, our terms of sale stipulate that you must be over 18 to order products from this Website.
If you are under the age of 13, you may only use our Website and submit personal information if you have the consent of, and are supervised by, a parent or guardian. If we believe a child using this Website is under 13 we will not process any personal information of that child without the verifiable consent of the parent or guardian. If, as a parent or guardian, you believe we have collected personal data about your child, you may contact us to review the data and request that we cease processing data about your child.
4. What personal data do we collect?
What is personal data?
Where this Privacy Policy refers to ‘personal data’ it is referring to data about you from which you could be identified. The types of personal data we collect from you may include:
- Basic details like your name, date of birth and gender.
- Contact details like your e-mail address, phone number, delivery address and shipping address if you are purchasing products or services from us.
- Transaction data like details about payments you have made to us and the products or services you have purchased.
- Technical data about your browsing actions and interactions with this Website. We collect this information by using cookies and other similar technologies.
- Usage data about how you use our Website.
- Marketing and communications data which includes your preferences in receiving marketing from us and third parties.
5. How do we collect your personal data?
Direct interactions
When you use and interact with this Website, you may provide us with certain personal data, such as when requesting marketing to be sent to you, buying products, contacting us, or reporting a problem with the Website. When you do these things we may collect, store and use the personal data that you disclose to us, in accordance with this Privacy Policy.
Automated technologies or interactions
We also collect information about you when you visit and interact with our Website through the use of technologies such as cookies. The following are examples of information we may collect:
- information about your device, browser or operating system;
- your IP address;
- information about links that you click and pages you view on our Website;
- length of visits to certain pages;
- subjects you viewed or searched for;
- page response times;
- records of download errors and/or broken links;
- page interaction information (such as details of your scrolling, clicks, and mouse-overs);
- methods used to browse away from the page; and
- the full Uniform Resource Locators (URL) clickstream to, through and from this Website (including date and time).
6. How and why do we use and share your personal data?
Lawful basis for processing your information
We will only use your personal data when the law allows us to. Most commonly we will use personal data in the following circumstances:
- Where you have asked us to do so, or consented to us doing so;
- Where we need to do so in order to perform a contract we have entered into with you;
- Where it is necessary for our legitimate interests (or those of a third party) and your fundamental rights do not override those interests; and
- Where we need to comply with a legal or regulatory obligation.
Here are some examples about how we may use the information we collect about you and the lawful basis we rely on to do so. We have also identified what our legitimate interests are where appropriate. Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data.
Activity |
Examples of the types of personal data we may collect |
Lawful basis for processing |
To manage our relationship with you including notifying you of any changes to the Website or services provided on the Website or dealing with any enquiries made by you. |
Basic, Contact and Marketing and communications data. |
Performance of a contract with you Necessary to comply with a legal obligation Necessary for our legitimate interests (to keep our records updated, manage the operation of the Website and study how users use our products & services) |
To send you marketing communications, news, information about giveaways and to keep you up-to-date about our or Stephen Millership products and services which we think will interest you. |
Basic, Contact and Marketing and communications data. |
Necessary for our legitimate interests (to develop our business/brand and improve our marketing strategy) |
To allow you to attend an event or so that you can enter a competition or prize draw. |
Basic, Contact and Marketing and communications data. |
Necessary for our legitimate interests (to develop our business/brand and improve our marketing strategy) |
To administer and protect our business and the Website (including fraud prevention and detection, troubleshooting, data analysis and system testing.) |
Basic, Contact, Usage and Technical data. |
Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise) |
To deliver relevant Website content and advertisements to you. |
Basic, Contact, Marketing and communications and Technical data. |
Necessary for our legitimate interests (to study how customers use our products/ services, to develop them, to grow our business and to inform our marketing strategy) |
To use data analytics to improve our Website, services, marketing, customer relationships and experiences. |
Technical and Usage data. |
Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy) |
To enable us to comply with any legal or regulatory requirements and otherwise any relevant regulator or competent authority. |
Any personal data. |
To comply with our legal obligations. |
Marketing
Where you have given your consent, or where we have an alternative lawful basis, you may receive marketing communications from us.
You can unsubscribe (or ‘opt out’) from marketing emails at any time by clicking on the unsubscribe link at the bottom of any marketing email. You may also contact us directly if you do not wish to receive any marketing materials from us.
Sharing your personal data
Depending on how and why you provide us with your personal data, we may share it in the following ways where appropriate:
- with any company within the Star Editions group of companies including Star Editions’ parent company, subsidiaries, affiliates, or joint ventures;
- with selected third parties who we sub-contract to provide various services (such as for marketing purposes) and/or aspects of the Website’s functionality;
- with analytics and search engine providers that assist us in the improvement and optimisation of our Website as described above;
- if we were to sell or buy any business or assets, in which case we might disclose your personal data to the prospective seller or buyer of such business or assets as part of that sale;
- if Star Editions or substantially all of its assets are acquired by a third party, in which case personal data held by us about you will be one of the transferred assets;
- if the Website was to be run in future by a replacement licensee appointed by Stephen Millership, in which case your personal data might be transferred to the new licensee;
- if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or if we are asked to provide your details to a lawful authority in order to aid in a criminal or legal investigation; and
- in order to enforce or apply our terms and conditions (including our terms of sale or Website terms of use); or to protect the rights, property, or safety of our business, our customers, our staff, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction where appropriate.
Shopify
This Website is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you. Your personal data, including information about your payment details (such as credit card information and bank account details), is stored through Shopify’s data storage, databases and the general Shopify application. Neither Star Editions nor Stephen Millership processes any payments, including but not limited to credit or debit cards, and neither party has access to this information.
For more information you should also read Shopify’s Terms of Services or Privacy Policy.
Links to third party sites
Where we provide links to third party websites, plug-ins and applications that are not affiliated with us, such sites are out of our control and are not covered by this Privacy Policy. If you access third party sites using the links provided, the operators of these sites may collect personal data from you that could be used by them, in accordance with their own privacy policies. Please check these policies before you submit any personal data to those websites.
7. For how long do we keep your personal data?
We will hold your personal information on our systems only for as long as required to provide you with the services you have requested but also for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
In some circumstances you can ask us to delete your data: see ‘Your rights’ below for further information.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research, demographic, analytical or statistical purposes in which case we may use this information indefinitely.
8. Security
Star Editions takes the protection of personal data seriously. We have put in place appropriate security measures to prevent personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed, including use of secure servers and passwords. In circumstances where we have given you a password that enables you to access certain parts of our Website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Despite these precautions, and although we will do our best to protect your personal data, Star Editions cannot guarantee the security of information transmitted over the Internet or that unauthorised persons will not obtain access to personal data. In the event of an actual or suspected data breach, we have put in place procedures to deal with this and will notify you and any applicable regulator of a breach where required to do so.
9. Your rights
As a data subject you have certain rights in relation to your personal data. Below, we have described the various rights that you have as well as how you can exercise them. These rights can be exercised by contacting us – see the “Contact Details” section below.
Right of Access
You have a right to request access to the personal data that we hold which relates to you. Please note that this right entitles you to receive a copy of the personal data that we hold about you. It is not a right to request personal data about other people, or a right to request specific documents from us that do not relate to your personal data.
Your right to rectification and erasure
You have a right to request that we correct personal data that we hold about you which you believe is incorrect or inaccurate. You may also ask us to erase personal data if you do not believe that we need to continue retaining it.
Please note that we may ask you to verify any new data that you provide to us and may take our own steps to check that the new data you have supplied us with is right. Further, we are not always obliged to erase personal data when asked to do so; if for any reason we believe that we have a good legal reason to continue processing personal data that you ask us to erase we will tell you what that reason is at the time we respond to the request.
Your right to restrict processing
Where we process your personal data on the basis of a legitimate interest, you are entitled to ask us to stop processing it if you feel that our continuing to do so impacts on your fundamental rights and freedoms or if you feel that those legitimate interests are not valid.
You are also entitled to ask us to stop processing your personal data: (a) if you dispute the accuracy of that personal data and want us verify that data's accuracy; (b) where it has been established that our use of the data is unlawful but you do not want us to erase it; (c) where we no longer need to process your personal data (and would otherwise dispose of it) but you wish for us to continue storing it in order to enable you to establish, exercise or defend legal claims.
Please note that if for any reason we believe that we have a good legal reason to continue processing personal data that you ask us to stop processing, we will explain that reason, either at the time we first respond to the request or after we have had the opportunity to consider and investigate it.
Your right to portability
Under certain circumstances, where you wish to transfer certain personal data that we hold about you, which is processed by automated means, to a third party, you may be entitled to write to us and ask us to provide it to you in a commonly used machine-readable format.
Your right to object to processing
You may be entitled to object to processing of your personal data where we rely on legitimate interest for processing that personal data. Where applicable, we will comply with your request unless we have a compelling overriding legitimate interest for processing or we need to continue processing your personal data to establish, exercise or defend a legal claim.
Your right to withdraw consent
Where our processing of your data is on the basis of consent, you can withdraw this consent at any time. This would not affect the lawfulness of the processing based on consent prior to the withdrawal.
Exercising your rights
When you write to us making a request to exercise your rights, we may ask for copies of relevant ID documents to help us to verify identity.
It will help us to process your request if you clearly state which right you wish to exercise, what personal data it is that is of particular concern to you and, where relevant, why it is that you are exercising it. The clearer and more specific the request, the faster and more efficiently we can deal with that request. If insufficient information is provided then there may be a delay in actioning the request until additional information is provided (and where this is the case we will endeavour to tell you).
Please note that all the rights mentioned in this section are not absolute and we may be entitled to refuse requests, wholly or partly, where exceptions under the applicable law apply. For example, we may refuse to comply with a request if it is manifestly unfounded or excessive.
10. International data transfers
We do not intend to transfer your data outside the EEA or the UK, though we may use service providers from time to time which processes your data outside these jurisdictions. Where we transfer your data to a service provider that is processing your data outside of the EEA or the UK (as relevant), we seek to ensure that appropriate safeguards are in place to make sure that your personal data is held securely and that your rights as a data subject are upheld.
11. Contact Details
If you have any queries regarding this Privacy Policy or if you wish to exercise any of your rights set out above, please contact us by emailing hello@stephenmillership.com and marking it for the attention of our Data Protection Officer, Robin O’List. Our postal address is Star Editions, Stanley House, Masterlord Village, West Road, Ipswich, Suffolk, IP3 9SX, UK if you wish to mail your query to us.
Whilst we would prefer that you direct any complaints or queries you have to us first, you may also lodge a complaint to the supervisory authority applicable in your country about the way we process your personal data. For those in the UK, the relevant supervisory authority is the Information Commissioner’s Office.