Legal

Terms of Service.

Last updated: 1 January 2025  |  Effective: 1 January 2025

Contents

1. Who We Are 2. What Data We Collect 3. How We Use Your Data 4. Legal Basis 5. Sharing Your Data 6. Cookies 7. Data Retention 8. Your Rights 9. International Transfers 10. Security 11. Children's Privacy 12. Changes to This Policy 13. Contact Us

This Privacy Policy explains how ONEWAY 91ST STREET ("we", "us", "our") collects, uses, stores, and protects your personal data when you use our website at oneway91ststreet.co.uk or purchase our products. We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the EU General Data Protection Regulation (EU GDPR 2016/679) where applicable.

1. Who We Are

ONEWAY 91ST STREET is an online clothing retailer operating from the United Kingdom.

Data Controller: ONEWAY 91ST STREET
Registered in: England & Wales
Company Number: [INSERT COMPANY NUMBER]
Registered Address: [INSERT YOUR REGISTERED ADDRESS]
Email: privacy@oneway91ststreet.co.uk

If you have any questions about how we handle your data, you may contact us at the address above.

2. What Personal Data We Collect

We collect the following categories of personal data:

  • Identity Data: First name, last name.
  • Contact Data: Email address, telephone number, billing and delivery addresses.
  • Transaction Data: Details of products purchased, order history, payment amount, and payment method (we do not store full card numbers).
  • Technical Data: Internet Protocol (IP) address, browser type and version, time zone setting, browser plug-in types and versions, operating system, device information, and other technology identifiers on the devices you use to access our website.
  • Usage Data: Information about how you use our website, products, and services, including pages visited and links clicked.
  • Marketing and Communications Data: Your preferences in receiving marketing from us, and your communication preferences.
  • Profile Data: Account username and password (if you create an account), purchase history, and any wishlists or saved items.

We do not collect Special Category Data (such as health data, racial or ethnic origin, or biometric data) and we do not knowingly collect data from individuals under the age of 13.

3. How We Use Your Personal Data

We use your personal data for the following purposes:

  • To fulfil your order: Processing and delivering your purchases, sending order confirmations, and managing returns and refunds.
  • To manage payments: Processing payments securely through our payment partners.
  • To create and manage your account: If you register on our website, we use your data to manage your account.
  • To communicate with you: Responding to your enquiries, providing customer support, and sending service notifications such as shipping updates.
  • To send marketing communications: Sending you newsletters, promotional offers, and new product alerts, where you have given your consent to do so. You may opt out at any time.
  • To improve our website and services: Analysing how our website is used to help us improve it, personalise your experience, and develop new features.
  • To comply with legal obligations: Such as tax, accounting, and fraud prevention requirements.
  • To prevent fraud: Detecting, investigating, and preventing fraudulent transactions and other illegal activities.

4. Legal Basis for Processing

We process your personal data under the following legal bases:

  • Contract (Article 6(1)(b) UK/EU GDPR): Processing is necessary to fulfil your order and our contractual obligations to you.
  • Legal Obligation (Article 6(1)(c)): Processing is necessary to comply with UK law (e.g., financial record-keeping under HMRC requirements).
  • Legitimate Interests (Article 6(1)(f)): We may process data where it is in our legitimate interests and not overridden by your rights, such as fraud prevention, website security, and business analytics.
  • Consent (Article 6(1)(a)): For marketing emails and non-essential cookies, we will ask for your explicit consent. You may withdraw consent at any time without affecting the lawfulness of prior processing.

5. Sharing Your Personal Data

We do not sell your personal data to third parties. We may share your data with:

  • Payment processors (e.g., Stripe, PayPal) to process transactions securely. These providers act as data processors under contractual obligations.
  • Courier and logistics companies (e.g., Royal Mail, DHL, DPD) to deliver your orders.
  • Email marketing platforms (e.g., Mailchimp, Klaviyo) to send newsletters and order communications, where you have opted in.
  • Website analytics providers (e.g., Google Analytics) to help us understand website usage. We use anonymised or pseudonymised data where possible.
  • Cloud hosting and IT service providers who store and process data on our behalf under data processing agreements.
  • Legal and regulatory authorities where we are required to do so by law, court order, or to protect our rights.

All third-party service providers are required to take appropriate security measures to protect your personal data and are only permitted to process it for specified purposes.

6. Cookies

We use cookies and similar tracking technologies on our website. Cookies are small text files stored on your device that help us provide you with a better experience.

We use the following types of cookies:

  • Strictly Necessary Cookies: Required for the website to function, including shopping cart cookies and session management. These cannot be disabled.
  • Performance & Analytics Cookies: We use tools such as Google Analytics to collect anonymised information about how visitors use our site. This helps us improve our website.
  • Functional Cookies: These remember your preferences such as language, region, and items in your wishlist.
  • Targeting / Marketing Cookies: Where you consent, these cookies are used to show you relevant advertising on third-party platforms such as Instagram, TikTok, and Google.

You can manage or withdraw your consent to non-essential cookies via our cookie banner or by adjusting your browser settings. Please note that disabling certain cookies may affect the functionality of our website.

For more information, see the ICO's guide on cookies.

7. Data Retention

We retain your personal data only for as long as necessary for the purposes for which it was collected, and in accordance with our legal obligations:

  • Order and transaction data: Retained for 7 years to comply with HMRC financial record-keeping obligations.
  • Customer account data: Retained for as long as your account is active. If you close your account, we will delete your data within 90 days unless we are legally required to retain it.
  • Marketing preferences: Retained until you withdraw your consent or request deletion.
  • Technical and analytics data: Typically retained for up to 26 months (as per Google Analytics standard retention).

8. Your Rights Under UK/EU GDPR

Under data protection law, you have the following rights:

  • Right to Access (Subject Access Request): You have the right to request a copy of the personal data we hold about you.
  • Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal data.
  • Right to Erasure ("Right to be Forgotten"): You have the right to request that we delete your personal data in certain circumstances.
  • Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data in certain circumstances.
  • Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
  • Right to Object: You have the right to object to the processing of your personal data based on legitimate interests or for direct marketing purposes.
  • Rights in Relation to Automated Decision-Making: You have rights relating to automated decision-making and profiling, including the right not to be subject to a decision based solely on automated processing.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.

To exercise any of these rights, please contact us at: privacy@oneway91ststreet.co.uk. We will respond within 30 days.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection:

For EU residents, you may also contact your local Data Protection Authority.

9. International Data Transfers

Some of our third-party service providers may be located outside the United Kingdom or European Economic Area (EEA). Where we transfer your personal data to countries that do not offer an equivalent level of data protection, we ensure that appropriate safeguards are in place, such as:

  • Standard Contractual Clauses (SCCs) approved by the UK ICO or European Commission.
  • UK Adequacy Regulations (for transfers from the UK).
  • Binding Corporate Rules (BCRs) where applicable.

10. Security of Your Data

We have implemented appropriate technical and organisational security measures to protect your personal data against accidental loss, unauthorised access, use, alteration, or disclosure. These include:

  • SSL/TLS encryption for all data transmitted through our website (HTTPS).
  • Secure, encrypted storage of sensitive data.
  • Access controls to limit who within our organisation can access your data.
  • Use of PCI-DSS compliant payment processors; we never store raw card numbers.
  • Regular reviews of our security practices.

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the ICO within 72 hours and, where required, notify you directly.

11. Children's Privacy

Our website and services are not directed to children under the age of 13. We do not knowingly collect personal data from children under 13. If we become aware that a child under 13 has provided us with personal data, we will take steps to delete it promptly.

For users aged 13–17, we recommend parental supervision when shopping online.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. The most current version will always be available on our website with the effective date at the top.

If we make material changes, we will notify you by email (if you have an account with us) or by displaying a prominent notice on our website.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us:

ONEWAY 91ST STREET
Data Protection Enquiries
[Registered Address], United Kingdom
Email: privacy@oneway91ststreet.co.uk

Disclaimer: This Privacy Policy is provided as a template and for informational purposes. It should be reviewed and adapted by a qualified legal professional before being published. ONEWAY 91ST STREET is responsible for ensuring compliance with all applicable data protection laws.