Privacy Policy

 

Our aim is for you to feel comfortable on our website. The protection of your privacy and your personal rights are therefore important to us. Therefore, we would like to ask you to carefully read the following summary about how our website works. You can rely on transparent and fair data processing and we strive to handle your data carefully and responsibly.

 

The following Privacy Policy is intended to inform you about how we use your personal data. In doing so, we adhere to the strict provisions of the UK`s Data Protection Act (PDA) as well as the requirements of the General Data Protection Regulation (GDPR).

 

Our Principles:

Jack & Co respects your right to privacy and is committed to the following key principles:

 

  • We protect your privacy and aim to provide you with a service that is tailored to your needs.
  • Personal data is collected for specific purposes based on your consent or a legitimate interest when you contact us.
  • You have the right to information and access to your personal data at any time and may request its correction or deletion.
  • We do not sell your personal data to third parties. However, if necessary and if explicitly mentioned afterwards or if you have consented, we may share your data with group companies, brand licensees, partners and other service providers. In this case, their own privacy policies may also apply.
  • We take all reasonable measures to ensure the security and protection of your data from misuse.

 

We are pleased that you are visiting and using our website, online store, and social media presences. We hope that during your visit you will learn more interesting facts about Jack & Co, the history of our brands and our products and services.

 

This Privacy Policy explains how and for what purposes we use information collected about you through our website.

 

Jack & Co respects your right to privacy when you use our website or when you contact us. By using our website or providing us with personal information, you accept the practices described in this Privacy Policy. If you do not agree with this privacy policy, we recommend that you do not use or visit our website or provide any personal data.

 

Jack & Co reserves the right to change this privacy policy at any time. You should therefore check it regularly for changes. Changes will become effective upon their posting on this website, and we will notify you appropriately of any material changes.

 

Scope of the processing of personal data

As a matter of principle, we only collect and use personal data from you insofar as this is necessary to provide a functional website and our content and services, e.g. when you register on our website or log in to an existing customer account or when you order products. The collection and use of your personal data regularly only takes place with your consent. An exception applies in cases where prior consent is not possible for actual reasons and the processing of the data is permitted by legal regulations. Personal data are processed by us only as necessary and for the purpose of providing a functional and user-friendly website, including its contents and the services offered there.

 

In accordance with the DPA and the GDPR,

 

  • "personal data" is any information relating to an identified or identifiable living individual. Various pieces of information that together can lead to the identification of a specific person also constitute personal data. Personal data that have been anonymised, encrypted or pseudonymised, but can be used to re-identify an individual, remain personal data and fall within the scope of the regulations. Personal data that have been anonymised in such a way that the data subject cannot be identified or can no longer be identified are no longer considered personal data. For the data to be truly anonymised, the anonymisation must be irreversible.

 

  • "processing" means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

 

Security

The security of your personal data is a high priority for us. We therefore protect your data stored with us by technical and organisational measures in order to effectively prevent loss or misuse by third parties. In particular, our employees who process personal data are bound to data secrecy and must comply with it. To protect your personal data, it is transmitted in encrypted form; for example, we use SSL=Secure Socket Layer for communication via your Internet browser. You can recognise this by the lock symbol that your browser displays when an SSL connection is established. In order to ensure the permanent protection of your data, the technical security measures are regularly checked and, if necessary, adapted to the state of the art. These principles also apply to companies that process and use data on our behalf and in accordance with our instructions.

 

Rights of users and persons concerned and the legal bases of processing

If you are a UK Citisen or resident of the EU in the UK, you are entitled to the following rights under the conditions specified in each of the articles:

 

You have a number of ‘Data Subject Rights’ below is some information on what they are and how you can exercise them. There is more information on each right on the Information Commissioners (ICO) website, and you can simply follow the links provided to learn more.

 

 

Where the processing of your personal information is based on consent, you have the right to withdraw that consent without detriment at any time by contacting us.

 

The above rights may be limited in some circumstances, for example, if fulfilling your request would reveal personal information about another person, if you ask us to delete information which we are required to have by law, or if we have compelling legitimate interests to keep it. We will let you know if that is the case and will then only use your information for these purposes. You may also be unable to continue using our services if you want us to stop processing your personal information.

 

We encourage you to get in touch if you have any concerns with how we collect or use your personal information. You do however also have the right to lodge a complaint directly with the ICO, their contact details can be found on their website.

 

The legal bases for processing are listed below and at least one of these must apply whenever we process personal data:

  • Consent: the individual has given clear consent to process personal data for a specific purpose.
  • Contract: the processing is necessary for a contract or because you have asked us to take specific steps before entering into a contract.
  • Legal obligation: the processing is necessary for us to comply with the law (not including contractual obligations).
  • Vital interests: the processing is necessary to protect someone’s life.
  • Public task: the processing is necessary for us to perform a task in the public interest or for official functions, and the task or function has a clear basis in law.
  • Legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect your personal data which overrides those legitimate interests.

 

Purposes of processing and legal basis

We collect, process and use your personal data for the following purposes:

  • Establishment and performance of contractual relationships;
  • Sending newsletters;
  • Marketing measures;
  • Customer satisfaction surveys and analyses;
  • Product evaluations;
  • Customer service and customer support;
  • To process orders for our online range of goods.

 

Duration of storage and routine deletion of personal data

We process and store your personal data only for the period of time required to fulfil the purpose of storage or if this has been provided for, in laws or regulations. After the purpose has ceased to exist or has been fulfilled, your personal data will be deleted or blocked.

 

In the case of blocking, deletion will take place as soon as legal, statutory or contractual retention periods do not conflict with this, there is no reason to assume that deletion would impair your interests worthy of protection and deletion would not cause a disproportionately high expense due to the special nature of the storage.

 

Collection of general data and information, so-called log files

If you visit our website for information purposes only, without providing personal data via registration or in any other way, only the Internet connection data that your browser transmits to our server will be processed. Our website collects a series of general data and information with each call, which is temporarily stored in log files of a server. A log file is created in the course of an automatic protocol of the processing computer system. The following can be recorded:

 

  • Access to the website (date, time and frequency)
  • How you arrived at the website (previous page, hyperlink etc.)
  • Amount of data sent
  • Which browser and browser version you are using
  • The operating system you are using
  • Which internet service provider you use
  • Your IP address, which your Internet access provider assigns to your computer when you connect to the Internet

 

The legal basis for this data processing is the provision of a contractual measure, as the collection and storage of this data is necessary for the operation of the website in order to ensure the functionality of the website and to deliver the content of our website correctly.

 

In addition, the data serve us to optimise our website and to ensure the security of our IT systems and the processing is based in this respect on our legitimate interest. For this reason, the data is stored for a maximum of 7 days as a technical precaution.

 

We also use this data for the purposes of advertising, market research and to design our services to meet your needs by creating and evaluating user profiles under pseudonyms, but only if you have not exercised your right to object to this use of your data (see information on the right to object under "Your rights").

 

Cookies

When you visit our website, we may store information on your computer or device in the form of cookies. Cookies are small files that are transferred from an Internet server to your browser and stored on its hard disk. Only the internet protocol address is stored, no personal data.

 

This information, which is stored in the cookies, allows us to automatically recognise you the next time you visit our website, making it easier for you to use. The legal basis for the use of cookies is our legitimate interest. If you want to learn more about the cookies we use please read our Cookie Policy and if you want to learn more about Cookies in general please visit All About Cookies.

 

Sending information

We use your data for sending information ordered by you about our offer and other promotions from us to the e-mail address provided by you.

 

  1. a) Newsletter registration on our website

On our website there is the possibility to subscribe to a free newsletter. When you register for the newsletter, the data from the input mask is transmitted to us, i.e. at least your e-mail address. The registration is carried out by means of the so-called double opt-in procedure.

 

After registration, you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that no one can register with other people's e-mail addresses. For the processing of the data, your consent is obtained during the registration process and reference is made to this data protection notice. If you register for our newsletter, which informs you about our latest products and services, the personal data you provide in this context (such as name, address and e-mail address) will be processed by us for the purpose of sending you the newsletter.

 

  1. b) Dispatch due to the sale of goods

If you purchase goods or services on our website, we may send you information on our own similar goods to your specified e-mail address even without your consent. The legal basis for this data processing is our legitimate interest, because advertising related products and services by way of direct advertising represents a legitimate interest for us as the provider of this website. You may object to the processing of your personal data for the purpose of direct advertising at any time. We will then refrain from further processing for such purposes. You can send us your objection as described below. In addition, you can object to the sending of such newsletters at any time in the future without giving reasons by unsubscribing via the unsubscribe link at the end of each newsletter or by contacting us in any other way.

 

We would like you to enjoy reading our e-mails. Therefore, we try to only include content that you are likely to be interested in. We therefore measure and store opening and click-through rates in your usage profile, i.e. whether and when you open our emails, which content of the emails you click on and when, as well as whether and why our emails could possibly not be delivered. We also use this data for statistical purposes. In particular, this serves our legitimate interest to evaluate the performance of the individual newsletter campaigns and to define optimisation measures in order to make the newsletter as attractive and suitable as possible for you. The legal basis for the processing is therefore our legitimate interest.

 

Of course, you can unsubscribe from receiving our information at any time, i.e. revoke your consent with effect for the future or object to data processing. For this purpose, you will find a corresponding unsubscribe link in every mail or newsletter and can confirm the unsubscription on our website. You can also contact us for a cancellation at any time.

 

Contacting us, registration or placing orders

 

  1. a) Contacting us

When you contact us, the data you provide will be stored by us based on the provision of a contractual matter, insofar as it is necessary to answer your questions. The contact is logged in order to be able to prove the contact in accordance with the legal requirements. We delete the data accruing in this context when the respective conversation with you has ended and the facts concerned have been conclusively clarified.

 

  1. b) Registration

On our website, we offer you the opportunity to register by providing personal data. The data is entered in an input mask and transmitted to us and stored. Registration is necessary in order to set up your customer account, which you can use to place orders and services. The processing of the data for this registration thus serves the fulfillment of the contract of use or the implementation of pre-contractual measures and is based on the provision of a contractual matter. You can delete your customer account at any time on our website.

 

  1. c) Storage of data in the user account

For the conclusion and processing of contracts, we require contact details, such as name, delivery and billing address and e-mail address, as well as information on the type of payment method you have chosen, depending on the individual case. You can store this data in your user account. In addition, we use your data to maintain our customer database so that only accurate data is stored there. In order to avoid typing errors and to ensure that the items you have ordered reach you, we check the completeness and accuracy of your address when you enter it.

 

Following your order, you will receive a corresponding order confirmation as well as further documents, which we are obliged to provide in order to fulfil our legal information obligations for an effective conclusion of a contract with you. The processing of your data is therefore necessary for the conclusion of the contract with you and is therefore based on the provision of a contractual matter.

 

  1. d) Guest order

You have the option to place your orders as a guest. If you choose this order type, you do not have to register before placing an order. Please note that you will have to enter your data again for each subsequent order.

 

We collect, process and use the information you provide in the context of a guest order for the purpose of executing the contract in accordance with the provision of a contractual matter. We store the information you provide for the period of processing and handling your order. Afterwards, your data will be deleted unless you decide to activate your customer account within 14 days after placing your order. Data that we are required to store due to legal, statutory or contractual retention obligations will be blocked instead of being deleted to prevent it being used for other purposes.

 

  1. f) Order confirmation/dispatch confirmation

In order to process the contract and provide you with our services, for example the web shop or to send you a package for which a fee is charged, we use your contact details to send you registration confirmations, customer service information, order confirmations, contract documents or payment processing information. We are obliged to send you these documents in order to comply with our legal information obligations for an effective conclusion of a contract with you. The processing of your data is therefore necessary for the conclusion of the contract with you and is based on the provision of a contractual matter.

 

  1. g) Other

Based on a legal obligation and our legitimate interest, we use and store your personal data and technical information to the extent necessary to prevent or prosecute misuse or other illegal behaviour on our website, e.g. to maintain data security in the event of attacks on our IT systems. This also takes place insofar as we are legally obliged to do so, for example due to official or court orders, and for the exercise of our rights and claims as well as for legal defence.

 

Live chat

On this website, anonymised data is collected and stored using technologies provided by tawk.to, for the purpose of web analytics and to operate the live chat system used to respond to live support requests. Usage profiles can be created from this anonymised data under a pseudonym. Cookies can be used for this purpose. Cookies are small text files that are stored locally in the cache of the site visitor's Internet browser. The cookies enable the recognition of the Internet browser. Insofar as the information collected in this way has a personal reference, the processing is carried out in accordance with our legitimate interest in effective customer service and the statistical analysis of user behaviour for optimisation purposes.

 

When you send a data subject access request

The legal basis for the processing of your personal data in the context of handling your data subject access request is our legal obligation and the legal basis for the subsequent documentation of t data subject access request is both our legitimate interest and our legal obligation.

The purpose of processing your personal data in the context of processing data when you send a data subject access request is to respond to your request. The subsequent documentation of the data subject access request serves to fulfil the legally required accountability.

 

Your personal data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of the processing of a data subject access request, this is three years after the end of the respective process.

 

You have the possibility at any time to object to the processing of your personal data in the context of the processing of a data subject access request for the future. In this case, however, we will not be able to further process your request. The documentation of the legally compliant processing of the respective data subject access request is mandatory. Consequently, there is no possibility for you to object.

 

Legal defence and enforcement of our rights

The legal basis for the processing of your personal data in the context of legal defence and enforcement of our rights is our legitimate interest.

 

The purpose of processing your personal data in the context of legal defence and enforcement of our rights is the defence against unjustified claims and the legal enforcement and assertion of claims and rights. Your personal data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected.

 

The processing of your personal data in the context of legal defence and enforcement is mandatory for legal defence and enforcement of our rights. Consequently, there is no possibility for you to object.

 

Disclosure of personal data to third parties

Your personal data will only be passed on if there is a legal obligation to do so or to service providers and partner companies that have been carefully selected in advance and are contractually obliged to comply with the requirements of data protection law.

 

  1. a) Disclosure within affiliated companies pursuant to the provision of a contractual matter

We pass on your personal data for the conclusion and processing of contracts for offers on our website to affiliated companies. This is particularly necessary so that you can use all our offers. If you contact a store or our customer hotline with questions, complaints or returns as well as other complaints, they will also receive access to your order data in order to be able to process your request.

 

b)Disclosure to service providers

For the operation and optimisation of our website and our services and for the processing of contracts, various service companies work for us, e.g. for central IT services or the hosting of our website, for the payment and delivery of products or for the dispatch of newsletters, to whom we pass on the data required for the fulfilment of the task (e.g. name, address).

 

Some of these companies act for us by way of commissioned processing and may therefore use the data provided exclusively in accordance with our instructions. In this case, we are legally responsible for appropriate data protection precautions at the companies we commission. We therefore agree on specific data security measures with these companies and monitor them regularly.

 

In contrast to order processing, in the following cases we transmit data to third parties for their own use in order to process the contract:

 

  • In the case of delivery of goods to logistics companies and the postal service provider specified when the order was placed.
  • In the case of payment for goods to the payment service provider specified when the order was placed.

 

We do not collect or store any payment transaction information such as credit card numbers or bank details during the payment process. You only provide this information directly to the respective payment service provider.

 

  1. c) Disclosure to other third parties

We will disclose your data to third parties or government agencies within the framework of existing data protection laws if we are legally obliged to do so, e.g. due to official or court orders, or if we are entitled to do so, e.g. because this is necessary for the prosecution of criminal offences or for the exercise and enforcement of our rights and claims.

 

Data transfer to third countries

If we use service providers in third countries, we take additional measures to ensure an adequate level of data protection for the transfer of personal data and thus ensure that the transfer is generally permissible and that the special requirements for a transfer to a third country are met (e.g. by concluding standard contracts and additional guarantees, supplementary technical and organisational measures such as encryption or anonymisation).

 

Payment services

We integrate payment services from third-party companies on our services. When you make a purchase from us, your payment data (e.g. name, payment amount, account details, credit card number) is processed by the payment service provider for the purpose of payment processing. For these transactions, the respective contract and data protection provisions of the respective providers apply. The payment service providers are used on the basis of contract processing and in the interest of a smooth, convenient and secure payment process. Insofar as your consent is requested for certain actions, consent is the legal basis for data processing; consents can be revoked at any time for the future.

 

The data processed by the payment services include the payment data mentioned above. The information is necessary to carry out the transactions. However, the customer data entered is only processed by the payment service providers and stored by them. Furthermore, we cannot exclude that data of the payment service provider is transmitted to credit agencies. This transmission is intended, for example, to check identity and creditworthiness. In this regard, we refer to the terms and conditions and privacy policies of the respective payment service providers.

 

Encrypted payment transactions

If there is an obligation to transmit your payment data to us (e.g. account number in the case of direct debit authorisation) after the conclusion of a fee-based contract, this data is required for payment processing.

 

Payment transactions via the common means of payment (Visa/MasterCard, direct debit) are made exclusively via an encrypted SSL or TLS connection. You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

 

With encrypted communication, your payment data that you transmit to us cannot be read by third parties.

 

Data processing for the purpose of fraud prevention and optimisation of our payment processes

Where applicable, we provide our service providers with further data, which they use together with the data necessary for the processing of the payment as our processors for the purpose of fraud prevention and optimisation of our payment processes (e.g. invoicing, processing of contested payments, accounting support). This serves to protect our legitimate interests in our protection against fraud or in efficient payment management, which outweigh our interests in the context of a balancing of interests.

 

Shopify

We use the store system of the service provider Shopify International Limited ("Shopify"), for the purpose of hosting and displaying the online store on the basis of processing on our behalf. All data collected on our website is processed on Shopify's servers. As part of Shopify's services, data may also be transferred to Shopify Inc, 150 Elgin St, Ottawa, ON K2P 1L4, Canada, Shopify Data Processing (USA) Inc, Shopify Payments (USA) Inc or Shopify 

(USA) Inc as part of further processing on our behalf. In the event that data is transferred to Shopify Inc. in Canada, the appropriate level of data protection is guaranteed by adequacy decision of the European Commission. Further processing on servers other than the aforementioned of Shopify will only take place within the framework communicated below.

 

Newsletter Analysis

The newsletters contain a so-called "web beacon", i.e., a pixel file that is retrieved when the newsletter is opened. When you open the newsletter, technical information such as your browser and system information, IP address and the time of opening are collected. This data and information is used to technically improve our service based on your reading behaviour. This also includes recording when an email or newsletter was opened and whether a link was clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. It is not our intention to observe individual users. The statistical collection and evaluation of the data serves us to recognise the reading habits of our users and thus to better adapt our content to the users. This also serves to send users different content according to the interest of our users.

 

The legal basis for statistical collection and analysis is our legitimate interest. We are interested in using a user-friendly and secure newsletter system that serves our business interests and meets the expectations of our users.

 

You can object to the statistical collection and analysis by unsubscribing from the newsletter. Unfortunately, a separate revocation of the statistical evaluation is not possible.

 

Analysis of our website

We use programs on our website to measure the reach of our website and to analyse user behaviour. For this purpose, we use cookies and comparable technologies.

 

Shopify Statistics

We use the Shopify Statistics feature on our website. This allows us to measure the reach of our website and provides us with statistical analysis of visitor behaviour on our website. The data is processed on servers of Shopify, which we have commissioned with the processing.

 

The legal basis for the data processing in connection with the Shopify statistics function is our legitimate interest in the analysis of user behaviour on our website and the possible design according to requirements. You can object to this processing at any time in the cookie settings.

 

Google Analytics

We use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter "Google", on our website. Google Analytics uses cookies, which are text files placed on your computer, to help the website analyse how users use the site.

 

The information generated by these cookies, such as the time, place and frequency of your web site visit, including your IP address, is transmitted to Google in the USA and stored there. We use Google Analytics with the addition "_gat._anonymiseIp" on our website. In this case, your IP address will already be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area and thus anonymised.

 

Google will use this information for the purpose of evaluating your use of our website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf.

 

Google will not, according to its own information, associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

 

Furthermore, Google offers a deactivation add-on for the most common browsers, which gives you more control over what data is collected by Google about the websites you visit. The add-on tells the JavaScript (ga.js) of Google Analytics that no information about the website visit should be transmitted to Google Analytics. However, the Google Analytics browser deactivation add-on does not prevent information from being transmitted to us or to other web analytics services we may use. For more information on how to install the browser add-on, please click on the following link.

 

If you visit our site via a mobile device (smartphone or tablet), you must click this link instead to prevent tracking by Google Analytics within this website in the future. This is also possible as an alternative to the above browser add-on. By clicking the link, an opt-out cookie will be set in your browser that is only valid for this browser and domain. If you delete the cookies in this browser, the opt-out cookie will also be deleted, so you will have to click the link again.

 

If you have consented to your web and app browsing history being linked to your Google Account by Google and to information from your Google Account being used to personalise ads, Google will use your data together with Google Analytics data to create targeting lists for cross-device re-marketing. To do this, Google Analytics first collects your Google-authenticated ID on our website, which is linked to your Google Account (i.e. personal data). Google Analytics will then temporarily link your ID to your Google Analytics data in order to optimise our targeting.

 

If you do not agree to this, you can turn this off by making the appropriate settings in the "My Account" section of your Google account.

 

Klaviyo e-mail systems

We use the services of Klaviyo, Inc (Klaviyo) to analyse user behaviour in our online shop for our own advertising and market research purposes. Klaviyo also uses cookies and can link your behaviour in our web shop with your data if you have registered for our newsletter, created a customer account or gone through an order process in our web shop.

 

Automated decision-making

We do not use automated decision-making or profiling.

 

Accuracy

It is important that the data we hold about you is accurate and current, therefore please keep us informed of any changes to your personal data.

 

Children Data

Our website is not intended for children, and we do not knowingly collect data relating to children. If you become aware that your Child has provided us with Personal Data, without parental consent, please contact us, and we take the necessary steps to remove that information from our server.

 

External Links

Our website contains links to the online offers of other providers. We hereby point out that we have no influence on the content of the linked online offers and the compliance with data protection regulations by their providers.

 

Changes and updates to the privacy policy

We kindly ask you to regularly inform yourself about the content of our privacy policy. We will amend the privacy policy as soon as changes to the data processing activities we carry out make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g., consent) or other individual notification.

 

Concerns and Contact

If you have any concerns about a possible compromise of your privacy or misuse of your personal data on our part, or any other questions or comments, you can contact us.