Our privacy policy

Nifty Limited (trading as Nifty Fashion & Trends) is a company registered in England and Wales, Reg Company Number: 8423240 (Collective referred to as “Nifty”, “We” “Us” in this policy) For the purpose of the Data Protection Act 1998 (the Act), and Article 12 of the General Data Protection Regulations (GDPR) coming into force in May 2018 the data controller is Nifty Limited, 8 Verson Close, Epsom, Surrey, KT19 9LF, United Kingdom.
Maintaining the security of your data is a high priority at Nifty Limited, and we are committed to respect your privacy rights and want to be transparent about what data we collect about you and how we use it. This policy applies when you visit our website and shares information with you on how we use your data, what we collect, how we ensure privacy is maintained and your legal rights relating to your personal Data.


What Personal Data Do We Collect

Nifty may collect the following information about you:

This list is not exhaustive and we may collect additional information under specific instances. Some of the above data is collected directly, for example if you email our customer services team or create a order. Other personal data is collected indirectly, for example through your browsing and shopping on our site. We may also collect personal data from third parties who have your permission to pass your details to us, or from publicly available sources.


How We Collect Information About You

When you visit our website we may automatically collect information about your computer, including your ip address, information about your visit, your browsing history, and how you use our website. This information is combined with other information for example, completing contact forms or when you order, we need to have your name, e-mail address, card number and card expiry date. Without this information we will not be able to process your request or notify you of acceptance of your order. A contact telephone number may also be required so that we may contact you urgently if there is a problem with your order.


How We Use Your Personal Information

We use personal information about you for the following purposes:

General:

Marketing:

Profiling:

We may analyse your information to create a profile of your interests, preferences and purchase history so that we can contact you or provide you on your visit with more relevant products and information that would be interesting for you. We may source additional information from 3rd parties to enhance this.

If you would like to know more about this process then please contact service@niftyfashion.co.uk


Security Of Your Data

We follow a tight security procedure as required under UK Data Protection Legislation (the Data Protection Act 1998) and in Article 32(1)GDPR to protect the information that we store about you from unauthorised access. Our secure payment is via the highly respected and secure Klarna online payment system and information between you and us is 256 bit encrypted. We perform daily malware scans and restrict data access and have an internal confidentiality policy  as follows:
Within Nifty Limited we protect your privacy in 4 ways:
1. Access to customer account information is limited to those who need access for the performance of their job
2. We use full login and password controls on our sales control system
3. All full and part-time employees are required to sign a confidentiality clause as part of their terms of employment with the company
4. Confidentiality and database access controls are reviewed periodically and updated as required to further protect your personal data


3rd Party Data Access

As with many businesses Nifty relies on a number of core service providers who held fulfill our promise to you when you place an order, these may include our delivery partners such as Royal Mail and Amazon Fulfillment (FBA), our payment gateway and others within IT infrastructure and marketing services to help our business run smoothly and create a good experience for you.

Nifty Limited may use the services of third parties to collect and use anonymous information about User visits to and interactions with our website through the use of technologies such as cookies, as set out above, to personalise advertisements for goods and services. To learn more, or to opt-out of receiving advertisements tailored to your interests by our third party partners, visit the European Interactive Digital Advertising Alliance at http://youronlinechoices.eu.

Where data is shared with third parties we aim to ensure that this transfer is as secure as possible, we will conduct an audit of this process and potential impact on you plus we require all 3rd parties we work with to have a contract which outlines their compliance with appropriate data protection laws and that the use of the data is only used in relation to the purpose it is meant. Such as:

Amazon FBA: In order to trigger deliveries via FBA we have integrated with Amazon to pass encrypted customer data (name and address) to them to provide the onward delivery service. Amazon only uses the data to fulfill the function provided to them. To view more about how they protect this data please review their privacy policy.

Google: Our advertising partner which enables us to provide personalised advertising to you when you leave our website. They do not collect any personalisable information, focusing on your browsing visit to the site, the products you viewed and whether you bought or not. To find out more about how Google serves advertising and how they collect information please see their privacy policy.

Plentymarkets: An ERP (order and content management) system that provides the UI and interface to all data collected as outlined in the section above "What Personal Data We Collect". To find out more about how they secure data please see their privacy policy.


Your Rights

If, for any reason, you are unsure about the personal and account information we are holding in your name, please contact our customer service team. They will happily review your file and update the records if required whether this is simply updating incorrect or out-of-date information or opting out of communications. You can contact our customer service team by email.
 
Right of Access – in accordance with Article 15 GDPR, you are entitled to obtain information, free of charge, about your saved data, where applicable, has a right to the correction, blocking, deleting of data (Article 5 (1 d), e) Article 12 and 17-19 GDPR). On Request BAM shall inform the user in line with Valid Law in Writing of the User’s personal data (after appropriate security check to prove identity) we have saved. To request information that we may hold on you please email rightofaccess@bambooclothing.co.uk with the subject line “Right of Access Request”. We will have 21 days (unless complex this can then be extended for 2 months)  to respond to your request and will provide it in a common electronic format (CSV)

Right to lodge a complaint –  In accordance to Article 77 GDPR. You have the right to complain to a supervisory body if you feel your data is being misused. Contact the ICO (Information Commissioners Office) for more information. We would hope that you would discuss with us any concerns so that we could look to rectify before it gets this far.

Right to Data Portability – In accordance to article 20 GDPR. You have the right to receive the personal data concerning yourself which you have provided to BAM as the data controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.

Right to be Forgotten – In accordance with Article 17 GDPR, You have a right for your data to be forgotten and erased (anonymised personal data) from our systems. if you would like this to happen please email goodbye@bambooclothing.co.uk with the Subject Line “Right to be Forgotten Request”. We will need to confirm your identity before doing this and we will be extremely sorry to see you go. Please note under some circumstances we may be able to refuse this request for example the HMRC requires companies to keep records of VAT for up to 6 years.

Please note that the data cleansing process is total and we will have no records of your previous interaction. This is specific interest to rules following the Right to be Forgotten, which in turn may mean that we can legally acquire your data from opted-in sources at a later date with no knowledge that you were once a previous customer.

Please note, as advised by the ICO an Audit log comprising of just a name, plus the date the request came in, is kept for any access requests.  A name on its own is not classed as personal identifiable information.

Cookies & Cookie policy

Our cookies do not contain any personal information about you and are used only to determine your browser and user preferences for our site. We believe that this can greatly assist us in providing you with the service that you desire and to enhance your browsing experience. However, if you prefer, your browser software should enable you not to accept cookies. You should still be able to use our site without cookies enabled. 

Nifty uses cookies (not the eating kind) like all websites to make our site nifty fashion.co.uk work properly, we sometimes place small data files (called cookies) on your device.

Our cookies help us:

We do not use cookies to:

What are cookies?
A cookie is a small text file that a website saves on your computer or mobile device when you visit the site. It enables the website to remember your actions and preferences (such as login, language, font size and other display preferences) over a period of time, so you don’t have to keep re-entering them whenever you come back to the site or browse from one page to another. to find out more please visit http://www.allaboutcookies.org/

The Types of Cookies we use?
There are two types of cookies, firstly session cookies and persistent cookies. Session cookies are created temporarily in your browser's subfolder while you are visiting a website. Once you leave the site, the session cookie is deleted. On the other hand, persistent cookie files remain in your browser's subfolder and are activated again once you visit the website that created that particular cookie. A persistent cookie remains in the browser's subfolder for the duration period set within the cookie's file, these could be from a few hours and days, to months and years depending on its purpose.

First Party Cookies:
These are set by our website and enable you to shop our site such as making our shopping basket and checkout pages work, and sees whether you are logged in or not. There is o way to remove these cookies other than not using our site.

3rd party cookies:
These are cookies which are provided by software and services which enable us to offer enhancements and improvements to our website, or continue to market effectively to you when you leave, such as Google or Facebook. Disabling these cookies will likely break the functions offered by these third parties.

How to control cookies:
You can control and/or delete cookies as you wish – for details, see aboutcookies.org. You can delete all cookies that are already on your computer and you can set most browsers to prevent them from being placed. If you do this, however, you may have to manually adjust some preferences every time you visit a site and some services and functionalities may not work. 

Legal Basis for Nifty processing Customer Data

General:
Nifty collects and uses customers’ personal data because it is necessary for the purposes of complying with our duties and exercising our rights under a contract for the sale of goods to a customer; or complying with our legal obligations. In general, we only rely on our legitimate interest or permission (e.g. when you tick a box to receive our Newsletters) as a legal basis for processing in relation to sending direct marketing communications to customers via post, email or text messages. Customers have the right to withdraw consent at any time. Where consent is the only legal basis for processing we will cease to process data after consent is withdrawn.

Our Legitimate Interests: 

It is necessary for the legitimate interests of Nifty to process customer data as follows:

Data Retention Policy

Any information relating to your account (including order history, communications and correspondence records) is kept while you are still an active customer.  If you have not bought within 6 years all data will be safely destroyed.  We hold very little paper records but any relevant materials will be shredded. Electronic data sets will be deleted or anonymised from master sources and backups. An automated process to identify, alert and process these deletions is in place.

Please note that the data cleansing process is total and we will have no records of your previous interaction. This is specific interest to rules following the Right to be Forgotten, which in turn may mean that we can legally acquire your data from opted in sources at a later data with no knowledge that you were once previous customer.

External Links

Please note that within our website are a number of external links to other websites and companies, if you click on these  then you will be subject to that 3rd parties privacy policies and not Nifty.


This page was last updated: 18/05/2018