Privacy Policy
UPDATED 4/2/2020
Trish McEvoy Ltd (“We, us or our”) are committed to protecting and respecting your privacy and as a commitment to this we are now compliant with the Europe-wide General Data Protection Regulation (EU 2016/679)
This Privacy Policy (together with our Terms of Use and any other documents referred to on it) sets out the basis on which any Personal Data we collect from you, or that you provide to us, will be processed by us and any 3rd parties we use.
Please read the following carefully to understand our practices regarding your Personal Data and how we will treat it. If at any time you wish to ask any additional questions about our security & operational procedures concerning your Personal Data please get in touch using the details below.
- INTRODUCTION
This privacy notice provides you with details of how we collect and process your Personal Data through your use of “Our Site”, including any information you may provide through Our Site when you purchase a product, set up an account or agree to other specific marketing
By providing us with your Personal Data, you warrant to us that you are over 13 years of age. If you are 13 years old or younger, please do not provide us any Personal Data on or through your use of Our Site.
This Policy sets out the obligations of Trish McEvoy Ltd, a company registered in the State of New York, whose registered office address is at 430 Commerce Blvd., Carlstadt, NJ 07072 (“the Company”) and all companies in the Group of Companies of which the Company forms part (“the Group”), including Trish McEvoy UK Limited a Company registered in England and Wales under number 03203073 (“UK Co”) regarding the Group’s obligations as a Data Controller.
Our details:
Full name of legal entity: Trish McEvoy Ltd.
Email address: dataprivacy@tmcos.com
Postal address:
Information Officer, Trish McEvoy
430 Commerce Blvd.
Carlstadt, NJ 07072 USA
We collect and process most of your Personal Data at the above location or through our service providers under the conditions detailed in this document.
In the EU, if you are not happy with any aspect of how we collect and use your Personal Data, please address your concerns to the supervisory authority of the Member State of your residence. In the UK, this is the Information Commissioner’s Office, (www.ico.org.uk). We should be grateful if you would contact us first if you do have a complaint however so that we can try to resolve it for you.
In the United States, you have the right to complain to the Department of Commerce, Federal Communications Commission or Better Business Bureau. It is very important that the information we hold about you is accurate and up to date. Please let us know if at any time your Personal Data changes by emailing us at custsvc@tmcos.com or by logging into the secure personal account area of Our Site and changing your details and preferences.
- WHAT PERSONAL DATA DO WE COLLECT ABOUT YOU
Personal Data means any information capable of identifying an individual. It does not include anonymized data.
We may collect and process certain types of Personal Data about you as follows:
- Identity Data may include your first name, last name, and unique identifier placed when you first access Our Site or register for an account with us. For more details on our use of Cookies, please see our Cookie Policy
- Contact Data may include your billing address, delivery address, work and/or personal email address and where required, contact telephone numbers.
- Technical Data may include your login data, internet protocol addresses, browser type and version, browser plug-in types and versions, time zone setting and location, operating system and platform and other technology on the devices you use to access this site.
- Account Data may include name, address, email, purchase history, and month of birth.
- Credit & Debit Card Data: authorizations when you order products from us -we do not collect or process any of your bank details this is completed securely via our 3rd party payment processor; see https://www.paypal.com/us/webapps/mpp/ua/payflowgatewaypp-full
- Usage Data may include information about how you use our website, products and services including where you interact with content on Our Site.
- Marketing and Communications Data may include your preferences in receiving marketing communications from us.
We may also process Aggregated Anonymized Data from your Personal Data but this data does not reveal your identity and as such in itself, is not Personal Data.
Where we are required to collect Personal Data under the terms of the contract between you and us when you purchase via Our Site and you do not provide us with that Personal Data when requested, we may not be able to perform the contract (for example, to complete a sale, fulfill delivery orders to you). If you do not provide us with the requested Personal Data, we may have to cancel a product or service you have ordered but if we do, we will notify you at the time.
- HOW WE COLLECT YOUR PERSONAL DATA
We collect data about you through a variety of different methods including:
Directly: You may provide data by filling in forms on Our Site or by communicating with us by post, phone, and email or otherwise, including when you:
Register for an account via Our Site;
Place an order;
Request additional marketing be sent to you;
Provide us with feedback;
Attend an event; and/or
Call our Customer Service team.
Indirectly: As you use Our Site, we may automatically collect Technical Data about your equipment, browsing actions and usage patterns. We collect this data by using cookies, server logs and similar technologies. We may also receive Technical Data about you if you visit other websites that use our cookies. Please see our full cookie policy for further details.
From third parties or publicly available sources: We may receive Personal Data about you from various third parties and public sources as set out below
Technical Data from the following parties:
analytics providers such as Google based outside the EU;
advertising & Social networks such as, Facebook, Instagram, Twitter, LinkedIn and YouTube based inside and outside the EU; and
search information providers such as Google based inside and outside the EU; and/or
Browser and site usage history provided via cookies when visiting Our Site.
We partner with Rakuten Advertising, who may collect personal information when you interact with our site. The collection and use of this information is subject to the privacy policy located at https://rakutenadvertising.com/legal-notices/services-privacy-policy/. You can opt out of it here https://rakutenadvertising.com/legal-notices/services-privacy-rights-request-form/
- HOW WE USE YOUR PERSONAL DATA
We will only use your Personal Data when legally permitted. The most common uses of your Personal Data are where we need to perform the contract between you and us for example when you order a product or register on the site where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests and where we need to comply with a legal or regulatory obligation.
- PURPOSES FOR PROCESSING YOUR PERSONAL DATA
Set out below is a description of the purposes for which we intend to use your Personal Data and the legal basis on which we will process such Personal Data. We have also explained what our legitimate interests are where relevant.
We may process your Personal Data in reliance on more than one legal basis, depending on the specific purpose for which we are using your Personal Data. Please email us at dataprivacy@mcos.com if you need more details in addition to the described basis has been set out below.
Usage Data may include a unique identifier placed when you first access Our Site or register for an account with us and other information about your visit such as login data, internet protocol addresses, browser type and version, browser plug-in types and versions, time zone setting and location, operating system and platform and other technology on the devices you use to access this site. For more details on our use of Cookies, please see our Cookie Policy
Contact Data may include your first name and last name, billing address, delivery address, work and/or personal email address and where required, contact telephone numbers.
Account Data may include name, address, email, purchase history, and month of birth.
Credit & Debit Card Data: authorizations when you order products from us -we do not collect or process any of your bank details this is completed securely via our 3rd party payment processor
https://www.paypal.com/us/webapps/mpp/ua/payflowgatewaypp-full
Correspondence Data may include your name and email as provided by you when you fill in a contact form or communicate with us.
Marketing and Communications Data may include your first name, last name, email, mobile or other phone numbers and month of birth and can be changed in your account preferences for receiving marketing communications from us.
How we process your Personal Data and our lawful basis for doing so:
We may process data about your use of our website and services ("usage data"). The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the usage data is the cookies used on our site. This usage data may be processed for the purposes of analyzing the use of the website and services. The legal basis for this processing is consent, which you provide by either accepting or rejecting our cookie policy, which is presented to you on your first visit to our site. If you refuse our cookie policy, we will not collect usage data.
We may process contact data ("contact data"). The contact data may include your name, email address, delivery address, and contact telephone numbers. The contact data may be processed for the purposes of operating our website, providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with you. The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract for example to fulfill an order through the website.
We may process your Personal Data that are provided in the course of the use of our services ("account data"). The account data may include name, address, email, purchase history, and month of birth. The source of the account data is you when setting up an account and the purpose of supplying the purchased goods and services and keeping proper records of those transactions. The account data may be processed for the purposes of providing our services and fulfilling orders made by you via our site. The legal basis for this processing is the performance of a contract between you and us.
We may process limited credit & Debit Card data (“Credit & Debit Card Data”) this data will only include a unique identifier, linked to your account with us, and the authorization that the payment has been taken by our 3rd party Payment Provider, when you order products from us -we do not collect or process any of your bank details this is completed securely via our 3rd party payment processor, see https://www.paypal.com/us/webapps/mpp/ua/payflowgatewaypp-full
The legal basis for this processing is the performance of a contract between you and us.
We may process information contained in or relating to any communication that you send to us ("correspondence data"). The correspondence data may include the communication content and metadata associated with the communication. Our website will generate the metadata associated with communications made using the website contact forms. The correspondence data may be processed for the purposes of communicating with you and record keeping. The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business, and support to website visitors and customers.
We may process Marketing and Communications Data. This data may include your first name, last name, email address, mobile and other contact numbers as provided by you when you set create an account or purchase goods through the site. This data may be processed for sending you marketing messages regarding new products, personal appearances and events as emails, texts or calls based on the preferences you set when providing your details. The legal basis for this processing is consent, which you can withdraw at any time by updating your account preferences on the website or by choosing to unsubscribe on the footer of all such messaging or by contacting custsvc@tmcos.com.
Marketing communications: You will only receive marketing communications from us if you have: requested information from us or previously purchased goods or services from us; or if you provided us with your details and ticked the box at the point of entry of your details for us to send you marketing communications, this includes your spoken choice when asked verbally at the “Point Of Sale” in any of our partner retailers and in each case, you have not opted out of receiving that marketing.
We do not share your Personal Data with third parties other than as strictly necessary to comply with a legal obligation or to fulfil a contract with you such as delivering goods or products ordered via the website or via our customer service team. If we do wish to share your Personal Data outside of these reasons will get your express opt-in consent before we share your Personal Data with any third party for any purpose.
You have the right to withdraw consent to receive marketing communications from us at any time by emailing us at custsvc@tmcos.com, by using the unsubscribe link provided in every email communication we send, or by unchecking the marketing email box within your account info section of the website.
Where you opt out of receiving our marketing communications, this will not apply to Personal Data provided to us as a result of a product/service purchase, warranty registration, product/service experience or other transactions where we are obliged to hold or process that information for a Lawful purpose.
Change of purpose: We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
If we need to use your Personal Data for a purpose unrelated to the purpose for which we collected the data, we will notify you and we will explain the legal basis for processing. You have several rights over use of your Personal Data (see section 5 below), including the right to object to our processing your Personal Data for an incompatible purpose.
We may process your Personal Data without your knowledge or consent where this is required or permitted by law.
We do not sell your personal information.
- YOUR RIGHTS UNDER GDPR (If Applicable)
The GDPR gives you specific rights regarding the use of your Personal Data (Rights as a Data Subject).
These include the right to:
Request access to your Personal Data.
Request correction of your Personal Data.
Request erasure of your Personal Data.
Object to processing of your Personal Data.
Request restriction of processing of your Personal Data.
Request transfer of your Personal Data. And:
Right not to be the subject of automated decision making or profiling.
You can read more about these rights at:
See https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
If you wish to exercise any of the rights set out above, please email us at:
dataprivacy@tmcos.com
You do not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request under certain circumstances and we will inform you of our reasons for doing so and within the required time of 30 days from the initial request being received via dataprivacy@tmcos.com
We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response
We try to respond to all legitimate requests within 30 days. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
DISCLOSURES OF YOUR PERSONAL DATA
We require all third parties to whom we transfer your data to respect the security of your Personal Data and to treat it in accordance with the GDPR and provide guarantees in writing that they have the appropriate technical & organizational measures in place to safeguard your Personal Data and your Rights as a Data Subject (see above). We only allow such third parties to process your Personal Data for specified purposes and in accordance with our instructions. Your Rights as a Data Subject will be protected at all times.
We may have to share your Personal Data with the parties set out below for the purposes set forth herein:
Service providers including delivery, courier and postal services who provide delivery to you under contract with us and on our instructions.
Professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
HM Revenue & Customs, regulators and other authorities based in the United Kingdom and other relevant jurisdictions who require reporting of processing activities in certain circumstances.
Third parties to whom we sell, transfer, or merge parts of our business or our assets.
Employees & Contractors who are compliant with our IT Security Policy and access control procedures.
SPECIAL CATEGORY DATA: We do not collect any Special Category Data about you. Special Category Data refers to data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data.
INTERNATIONAL TRANSFERS
We do need to share your Personal Data with service providers, which involves transferring your data outside the European Economic Area (EEA). Countries outside of the EEA do not always offer the same levels of protection to your Personal Data, so European law has prohibited transfers of Personal Data outside of the EEA unless the transfer meets certain criteria.
Some of our third parties service providers are based outside the EEA so their processing of your Personal Data will involve a transfer of data outside the EEA to service providers and vendors we use to provide Our Site and services who are all located in the USA which, by virtue of the EU-US Privacy Shield is recognized by the European Commission as having adequate levels of protection for your Personal Data.
Whenever we transfer your Personal Data out of the EEA, we do our best to ensure a similar degree of security of data by ensuring at least one of the following safeguards is implemented:
We will only transfer your Personal Data to countries that have been deemed to provide an adequate level of protection for Personal Data by the European Commission; or where we use certain service providers, we may use specific contracts or codes of conduct or certification mechanisms approved by the European Commission which give Personal Data the same protection it has in Europe; or where we use providers based in the United States, we may transfer data to them if they are part of the EU-US Privacy Shield, which requires them to provide similar protection to Personal Data shared between the Europe and the US, or they are also GDPR compliant and have adequate security and organizational measures in place to keep your Personal Data secure and to honor your Rights as a Data Subject.
If none of the above safeguards is available, we may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.
Please email us at dataprivacy@tmcos.com if you want further information on the specific mechanisms and security measures used by us when transferring your Personal Data out of the EEA.
DATA SECURITY
We have put in place appropriate technical and organizational measures and Data Controller/Data Processing or Joint Controller Agreements, to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed by any of our suppliers or contacts or employees. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know such data. They will only process your Personal Data on our instructions and are subject to the same provisions under the GDPR.
We have put in place procedures to deal with any suspected Personal Data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
- California Residents: Your Rights under CCPA
The California Consumer Privacy Act (“CCPA”) provides California residents with the additional rights listed below, subject to certain exceptions. This section applies only to those California residents to whom the CCPA applies (“California Resident” or “You”) and does not apply to any Personal Information, as defined in the CCPA (“PI”), that is excepted from the CCPA. All capitalized words in this section have the definitions given to them in the CCPA unless noted.
California Residents have the right to:
- Request disclosure of our data Collection and sales practices in connection with you, including the categories of PI we have collected, the source of that PI, our use of that PI and, if the disclosed or Sold to third parties, the categories of PI disclosed or Sold to third parties and the categories of third parties to whom such PI was disclosed or Sold;
- Request a copy of the specific PI collected about you during the 12 months before your request made under the previous paragraph;
- Have such PI deleted (with exceptions);
- Request that your PI not be Sold to third parties, if applicable (Right to Opt Out); and
- Not be discriminated against because you exercised any of these rights.
Right to Request and Right to Know. You have the right to know and what PI we have Collected about you over the past 12 months, and the right to request that PI, including:
- The categories of PI we have collected about you;
- The categories of sources from which the PI is collected;
- The Business purpose or Commercial purpose for Collection of your PI;
- The categories of Third parties with whom we have shared your PI; and
- The specific PI we have Collected about you.
You may exercise the Right to Request no more than twice a year.
Categories of Information We Collect.
|
|
Category |
Source |
|
1 |
Identifiers (such as contact information, government IDs, cookies, etc.) |
A, B, C |
|
2 |
Information protected against security breaches (such as your name and financial account, driver’s license, social security number, user name and password, health/medical information) |
[NOT COLLECTED] |
|
3 |
Protected classification information (like race, gender, ethnicity, etc.) |
[NOT COLLECTED] |
|
4 |
Commercial information |
[NOT COLLECTED] |
|
5 |
Internet/electronic activity |
A, B, C |
|
6 |
Geolocation |
[NOT COLLECTED] |
|
7 |
Audio/video data |
[NOT COLLECTED] |
|
8 |
Professional or employment related information |
[NOT COLLECTED] |
|
9 |
Education information |
[NOT COLLECTED] |
|
10 |
Biometrics |
[NOT COLLECTED] |
|
11 |
Inferences from the foregoing |
A, B, C |
Key to Sources:
|
|
Source: |
|
A |
Individual submitting the information |
|
B |
Third party from whom we receive the information |
|
C |
Observing activities and recording the information (i.e., through cookies) |
We collect Personal Information for one or more of the following commercial and business purposes:
- Providing you with our products and services;
- Auditing related to a current interaction with the consumer and concurrent transactions, including, but not limited to, counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with laws and other standards;
- Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity;
- Performing services on behalf of the business, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing advertising or marketing services, providing analytic services, or providing similar services on behalf of the business;
- Debugging to identify and repair errors that impair existing intended functionality;
- Short-term, transient use, provided the personal information is not disclosed to another third party and is not used to build a profile about a consumer or otherwise alter an individual consumer’s experience outside the current interaction, including, but not limited to, the contextual customization of ads shown as part of the same interaction;
- Undertaking internal research for technological development and demonstration; and
- Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by the company, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by the business.
If we collect any additional PI for any other purpose, we will notify you of that purpose at the time we collect the PI for that purpose.
If we disclose PI for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that PI confidential and not use it for any purpose except performing the contract. We share PI with the following categories of Third parties: payment processors and shipment vendors, business consultants, and other service providers. We do not sell PI.
Right to Opt Out. We do not Sell PI. If we do engage in an activity determined to be a Sale of your PI, you have the right to direct us to not Sell your PI. You can do so by clicking on the “Do Not Sell My Information Link” found at the bottom footer of our sites or by clicking here.
Right to Delete. You have the right to request that we delete the PI we have Collected from you (and direct our service providers to do the same). There are a number of exceptions, however, that include, but are not limited to, when the PI is necessary for us or a Third party to do any of the following:
- Complete your transaction;
- Provide you a good or service;
- Perform a contract between us and you;
- Protect your security and prosecute those responsible for breaching it;
- Fix our system in the case of a bug;
- Protect the free speech rights of you or other users;
- Comply with the California Electronic Communications Privacy Act;
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interests that adheres to all other applicable ethics and privacy laws;
- Comply with a legal obligation; or
- Make other internal and lawful uses of the information that are compatible with the context in which you provided it.
Other Rights. You can request certain information about our disclosure of PI to third parties for their own direct marketing purposes during the preceding calendar year. This request is free and may be made once a year. You also have the right not to be discriminated against for exercising any of the rights listed above.
If you are a California Resident, California Civil Code Section 1798.83 permits you to request information regarding the disclosure of your PI to third parties for the third parties’ direct marketing purposes. To make such a request, please send an email to dataprivacy@tmcos.com. Pursuant to California Civil Code Section 1798.83(c)(2), we do not share your PI with third parties’ direct marketing use without your consent.
Exercising Your California Privacy Rights. To request access to or deletion of your PI, or to exercise any other data rights under California law, please contact us using one of the following methods:
Email: You may email us at dataprivacy@tmcos.com to exercise your California rights. Please include your full name, email address, and other identifying information such that we will be able to verify your identity, along with why you are writing, so that we can properly process your request. We are only able to handle your request if you provide the requested information needed to verify your identity.
Mail: Send a letter to:
Information Officer
Trish McEvoy
430 Commerce Blvd.
Carlstadt, NJ 07072 USA
Please include your full name, email address, and other identifying information such that we will be able to verify your identity, along with why you are writing, so that we can properly process your request. We are only able to handle your request if you provide the requested information needed to verify your identity.
Before we take any action on any request exercising a CCPA right, we must reasonably verify your identity. If we attempt to, but cannot do so, we will not be obligated to you under the CCPA. We will reach out to you by the method of communication through which you reached out to us, and let know that we are unable to verify your identity.
Any subsequent interaction with the Site after a request for deletion, or deletion, of PI will require new requests for action on your data.
Response Timing and Format. We aim to respond to a consumer request for access or deletion within 45 days of receiving that request. If we require more time, we will inform you of the reason and extension period in writing.
- DATA RETENTION
We will only retain your Personal Data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.
By law, we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for seven years after they cease being customers, for tax reporting and audit purposes.
In some circumstances, you can ask us to delete your data: See section 5 for further information.
In some circumstances, we may anonymize your Personal Data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
If you wish to know more about the specifics of our data retention policies please contact dataprivacy@tmcos.com
THIRD-PARTY LINKS
This website may include links to third-party websites. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
COOKIES
You can set your browser to refuse all or some browser cookies or to alert you when websites set or access cookies. If you disable or refuse cookies, this may affect your use of Our Site and if you block cookies at a browser level, you may find other sites that you visit may not work correctly. For more information about the cookies we use, please see our cookie policy.