- Privacy Policy
UPDATED 5/7/2024
Trish McEvoy, Ltd. (“the Company,” “we,” “us,” or “our”) is committed to protecting and respecting your privacy
This Privacy Policy sets out the basis on which any data, including Personal Data, we collect from or about you, or that you provide to us, will be processed by us and any 3rd parties we use.
Please read the following carefully to understand our practices regarding your Personal Data and how we will treat it. If at any time you wish to ask any additional questions about our security & operational procedures concerning your Personal Data please get in touch using the details below.
1. INTRODUCTION
This privacy notice provides you with details of how we collect and process your Personal Data through your use of our website, trishmcevoy.com (“Our Site”), including any information you may provide through Our Site when you purchase a product, set up an account or agree to other specific marketing.
By providing us with your Personal Data, you warrant to us that you are over 13 years of age. If you are 13 years old or younger, please do not provide us any Personal Data on or through your use of Our Site.
This Policy sets out the obligations of the Company, which is registered in the State of New York, with a principal place of business at 430 Commerce Blvd., Carlstadt, NJ 07072 and all companies in the Group of Companies of which the Company forms part (“the Group”), including Trish McEvoy UK Limited a Company registered in England and Wales under number 03203073 (“UK Co”) regarding the Group’s obligations as a Data Controller.
Our details:
Full name of legal entity: Trish McEvoy Ltd.
Email address: dataprivacy@tmcos.com
Postal address:
Information Officer, Trish McEvoy
430 Commerce Blvd.
Carlstadt, NJ 07072 USA
We collect and process most of your Personal Data at the above location or through our service providers under the conditions detailed in this document.
In the EU, if you are not happy with any aspect of how we collect and use your Personal Data, please address your concerns to the supervisory authority of the Member State of your residence. In the UK, this is the Information Commissioner’s Office, (www.ico.org.uk). We should be grateful if you would contact us first if you do have a complaint however so that we can try to resolve it for you.
It is very important that the information we hold about you is accurate and up to date. Please let us know if at any time your Personal Data changes by emailing us at customerservice@trishmcevoy.com or by logging into the secure personal account area of Our Site and changing your details and preferences.
2. WHAT PERSONAL DATA DO WE COLLECT ABOUT YOU
Personal Data means any information capable of identifying an individual. It does not include anonymized data.
We may collect and process certain types of Personal Data about you as follows:
- “Identity Data” may include your first name, last name, and unique identifier placed when you first access Our Site or register for an account with us. For more details on our use of Cookies, please see our Cookie Policy
- “Contact Data” may include your billing address, delivery address, work and/or personal email address and where required, contact telephone numbers.
- “Technical Data” may include your login data, internet protocol addresses, browser type and version, browser plug-in types and versions, time zone setting and location, operating system and platform and other technology on the devices you use to access this site.
- “Account Data” may include name, address, email, purchase history, and month of birth.
- “Credit & Debit Card Data”: means information users provide when order products from us.
- “Usage Data” may include information about how you use our website, products and services including where you interact with content on Our Site.
- “Marketing and Communications Data” may include your first name, last name, email address, mobile and other contact numbers as provided by you when you create an account or purchase goods through the site, and your preferences in receiving marketing communications from us.
We may also process “Aggregated Anonymized Data” from your Personal Data but this data does not reveal your identity and as such in itself, is not Personal Data.
3. HOW WE COLLECT YOUR PERSONAL DATA
We collect data about you through a variety of different methods including:
- Directly: You may provide data by filling in forms on Our Site or by communicating with us by post, phone, and email or otherwise, including when you:
- Register for an account via Our Site;
- Place an order;
- Request marketing be sent to you;
- Provide us with feedback;
- Attend an event; and/or
- Call our Customer Service team.
- Indirectly: As you use Our Site, we may automatically collect Technical Data about your equipment, browsing actions and usage patterns. We collect this data by using cookies, server logs and similar technologies. We may also receive Technical Data about you if you visit other websites that use our cookies. Please see our full cookie policy for further details.
- From third parties or publicly available sources: We may receive Personal Data about you from various third parties and public sources as set out below.
- Technical Data from the following parties:
- analytics providers such as Google based outside the EU;
- advertising & Social networks such as, Facebook, Instagram, Twitter, LinkedIn and YouTube based inside and outside the EU; and
- search information providers such as Google based inside and outside the EU; and/or
- Browser and site usage history provided via cookies when visiting Our Site.
We partner with Rakuten Advertising, who may collect personal information when you interact with our site. The collection and use of this information is subject to the privacy policy located at https://rakutenadvertising.com/legal-notices/services-privacy-policy/. You can opt out of it here https://rakutenadvertising.com/legal-notices/services-privacy-rights-request-form/
4. HOW WE USE YOUR PERSONAL DATA
We will only use your Personal Data for lawful and legitimate purposes as described in this Privacy Policy, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. The most common uses of your Personal Data are where we need to perform certain actions that you initiate, such as when you order a product or register on Our Site, where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests and where we need to comply with a legal or regulatory obligation.
If we need to use your Personal Data for a purpose unrelated to the purpose for which we collected the data, we will notify you and explain the legal basis for processing. You have several rights over use of your Personal Data), including the right to object to our processing your Personal Data for an incompatible purpose. We may process your Personal Data without your knowledge or consent when required or permitted by law.
5. PURPOSES FOR PROCESSING YOUR PERSONAL DATA
The following describes the purposes for which and the legal basis on which we will process your Personal. We may process your Personal Data in reliance on more than one legal basis, depending on the specific purpose for which we are using your Personal Data. Please email us at dataprivacy@mcos.com if you need more details in addition to the described basis has been set out below.
The following describes the purposes for which and the legal basis on which we will process your Personal. We may process your Personal Data in reliance on more than one legal basis, depending on the specific purpose for which we are using your Personal Data. Please email us at dataprivacy@mcos.com if you need more details in addition to the described basis has been set out below.
We will process Usage Data about your use of Our Site and services. Usage Data may include your Internet Protocol address, geographical location, browser plug-in types and version, operating system, referral source, length of visit, page views and website navigation paths, login data, time zone setting and location, as well as information about the timing, frequency and pattern of your use of Our Site and service. Usage Data is derived from the use of unique identifiers called cookies placed on your browser when you first access Our Site or register for an account with us. Usage Data may be processed to analyze your use of Our Site and services. . If you refuse our cookie policy, we will not collect usage data. For more details on our use of Cookies, please see our Cookie Policy.
We will process Contact Data to operate our website, provide our services, ensure the security of Our Site and services, maintain back-ups of our databases, and communicate with you. The legal basis for this processing is the performance of as service you initiate, such as fulfilling an order placed through Our Site.
We will process Account Data, which may include your name, address, email, purchase history, and month of birth, is collected when you set up an account for the purpose of receiving goods and services purchased from Our Site and our keeping proper records of those transactions. The legal basis for this processing is the performance of a contract between you and us.
We will process Credit & Debit Card Data when you order products from us. But note, we do not collect or possess any of your as this is completed securely by our 3rd party payment processor, and as such, we do not obtain or retain any user Credit & Debit Card Data.The legal basis for this processing is the performance of a contract between you and us.
We will process information contained in or relating to any communication that you send to us ("Correspondence Data"), which may include the communication content and metadata associated with the communication. Our Site will generate the metadata associated with communications made using contact forms available on Our Site. Correspondence Data may be processed for the purposes of communicating with you and record keeping. The legal basis for this processing is the proper administration of Our Site and business, and support to our website visitors and customers.
We will process Marketing and Communications Data to send you marketing messages regarding new products, personal appearances and events as emails, texts or calls The legal basis for this processing is consent, which you grant when providing this information and can be withdrawn at any time by updating your account preferences on Our Site, or by choosing to unsubscribe through the use of a link appearing in the footer of all email marketing communications, or replying STOP or END to a text message, or by contacting custsvc@tmcos.com
Where you opt out of receiving our marketing communications, this will not apply to Personal Data provided to us as a result of a product/service purchase, warranty registration, product/service experience or other transactions where we are obliged to hold or process that information for a lawful purpose.
We may also process “Aggregated Anonymized Data” from your Personal Data but this data does not reveal your identity and as such in itself, is not Personal Data.
6. DISCLOSURE OF YOUR PERSONAL DATA
We do not share your Personal Data with third parties other than as strictly necessary to comply with a legal obligation or to fulfil a contract with you such as delivering goods or products ordered via Our Site or via our customer service team. If we do wish to share your Personal Data outside of these reasons will obtain your express opt-in consent beforehand.
When we transfer your Personal Data to a third party, we require such third party to respect the security of your Personal Data, treat it in accordance with the terms of this Privacy Policy, and provide guarantees in writing that they have the appropriate technical & organizational measures in place to safeguard your Personal Data. We only allow such third parties to process your Personal Data for specified purposes and in accordance with our instructions.
We may have to share your Personal Data with the categories of parties identified below for the stated purposes:
- Service providers including delivery, courier and postal services that deliver ordered products to you.
- Professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
- When and where relevant, HM Revenue & Customs, regulators and other authorities based in the United Kingdom and other relevant jurisdictions who require reporting of processing activities in certain circumstances.
- Third parties with whom we enter into agreements to consider certain corporate business transactions, such as mergers or acquisitions, and to those parties that may succeed or acquire us, in which case Personal Data may be an asset of the Company and lawfully transferred to such successor or acquirer.
- Employees & Contractors who are compliant with our IT Security Policy and access control procedures.
- As a general matter, we do not sell your Personal Data to any third party for any reason.
7. YOUR RIGHTS UNDER GDPR (If Applicable)
The GDPR gives residents of the European Economic Area (EEA) specific rights regarding our use of their Personal Data (Rights as a Data Subject).
These include the right to:
- Request access to your Personal Data.
- Request correction of your Personal Data.
- Request erasure of your Personal Data.
- Object to processing of your Personal Data.
- Request restriction of processing of your Personal Data.
- Request transfer of your Personal Data. And:
- Right not to be the subject of automated decision making or profiling.
If you wish to exercise any of the rights set out above, please email us at the email address above. You do not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request under certain circumstances and we will inform you of our reasons for doing so and within the required time of 30 days from the initial request being received at the email address above.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to expedite our response.
We try to respond to all legitimate requests within 30 days. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
SPECIAL CATEGORY DATA: We do not collect any Special Category Data about you. Special Category Data refers to data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data.
INTERNATIONAL TRANSFERS
We do need to share your Personal Data with service providers, which involves transferring your data outside the EEA. Countries outside of the EEA may not provide the same levels of protection to your Personal Data, so European law has prohibited transfers of Personal Data outside of the EEA unless the transfer meets certain criteria.
Some of our third parties service providers are based outside the EEA so their processing of your Personal Data will involve a transfer of data outside the EEA to service providers and vendors we use to provide Our Site and services who are all located in the USA which, by virtue of the EU-US Data Privacy Framework, is recognized by the European Commission as having adequate levels of protection for your Personal Data.
Whenever we transfer your Personal Data out of the EEA, we do our best to ensure a similar degree of security of data by ensuring at least one of the following safeguards is implemented:
We will only transfer your Personal Data to countries that have been deemed to provide an adequate level of protection for Personal Data by the European Commission or where we use certain service providers, in which case we may use specific contracts or codes of conduct or certification mechanisms approved by the European Commission that give Personal Data the same protection it has in the EEA; or where we use providers based in the United States, we may transfer data to them if they are part of the EU-US Data Privacy Framework, which requires them to provide similar protection to Personal Data shared between the Europe and the US, or they are also GDPR compliant and have adequate security and organizational measures in place to keep your Personal Data secure and to honor your Rights as a Data Subject.
If none of the above safeguards is available, we may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.
Please email us at dataprivacy@tmcos.com if you want further information on the specific mechanisms and security measures used by us when transferring your Personal Data out of the EEA.
8. DATA SECURITY
We have put in place appropriate technical and organizational measures and Data Protection, Data Controller/Data Processing or Joint Controller Agreements, intended to protect your Personal Data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed by any of our suppliers or contacts or employees. In addition, we limit access to your Personal Data to only those employees, agents, contractors and other third parties who have a business need to know such data. They will only process your Personal Data on our instructions and are prohibited from using this information for any purpose not specifically authorized by us.
We have put in place procedures to deal with any suspected Personal Data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
9. U.S. Residents Rights
You are entitled to access your Personal Data and to have it amended, updated, or deleted and request that your Personal Data not be sold to third parties.
Right of Access and Update
You may exercise your right to access your Personal Data and obtain:
- a description of the categories of personal information and sources of such personal information we have collected within the past year;
- a description of the business purpose for which we have collected such personal information;
- a description of the specific pieces of personal information we have collected within the past year; and
- information on each third-party company to whom we have disclosed, within the past year, personal information pertaining to you for direct marketing purposes
To obtain such information, please contact us via the contact information provided above. In making such request, please provide us with your name and the email address about which you are requesting information. In order to verify your identity, we may require email verification from the email address we have in our records for you. You may be required to provide more information in order for us to assist you. We will answer your request within 45 days from our receipt provided your request is complete and accurate.
If you would like to update your information, you can contact us by sending a request in writing to the email address above. When making a request to update your information, please provide the name and email address associated with the account. The email address you provide must match the email address we have on file for you. We will answer your request within a reasonable business period from receipt, provided that this request is complete and accurate. You may be required to provide additional information in order for us to process your request.
You may, on legitimate grounds, object to the processing of your personal information. Such objection may, however, prohibit us from providing the requested service.
Deleting Your Account
You can delete your account and information we keep about you (subject to certain legitimate business and legal exemptions noted below) at any time by contacting us using the information above. To properly delete your account, you must provide the name under which the account was opened as well as the email address you used to create the account (names are similar, so we must have your email address to permanently delete your account). In order to verify your identity, we may require email verification from the email address we have in our records for you.
If you are part of any loyalty program or have a credit balance on your account, and you request your account be deleted, you will lose all access to your balance and any loyalty benefits permanently, and they cannot be restored.
We may deny your request to have your Personal Data deleted for one or more of the following reasons:
- Complete your transaction;
- Provide you an ordered good or service;
- Perform a contract between us and you;
- Protect your security and prosecute those responsible for breaching it;
- Fix our system in the case of a bug;
- Protect the free speech rights of you or other users;
- Comply with a legal obligation; or
- Make other internal and lawful uses of the information that are compatible with the context in which you provided it.
We retain your information for as long as it is necessary for legitimate business purposes. We consider your continuing to receive commercial emails from us to be an ongoing relationship with you that allows your account to remain active. We consider any loyalty credits or credit balances to represent an ongoing relationship with you that allows your account to remain active.
If you are a California Resident, California Civil Code Section 1798.83 permits you to request information regarding the disclosure of your Personal Data to third parties for the third parties’ direct marketing purposes. To make such a request, please send an email to the email address above. Pursuant to California Civil Code Section 1798.83(c)(2), we do not share your PI with third parties’ direct marketing use without your consent.
10. DATA RETENTION
We will only retain your Personal Data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.
By law, we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for seven years after they cease being customers, for tax reporting and audit purposes.
In some circumstances, you can ask us to delete your data: See section 9 for further information.
In some circumstances, we may anonymize your Personal Data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
If you wish to know more about the specifics of our data retention policies, please contact us at the email address above.
11. THIRD-PARTY LINKS
Our Site may include links to third-party websites. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
12. DO-NOT-TRACK SIGNAL
Because a browser’s do-not-track signal does not often reflect the preference of our consumers, Our Site does not respond to it. You may, however, elect not to receive marketing messages and/or have certain cookies placed on your browser, as discussed above.
13. CHILDREN’S ACCESS
Our Site is a general audience website, intended for adult use only. We do not market to and do not knowingly collect any personally identifiable information from children under the age of 13. If you are based in the European Economic Area, you may only use our Site if you are over the age at which you can provide consent to data processing under the laws of your country. If you become aware of any person under the age of 13 who has provided personal information to us on the Site or otherwise, please notify us at the email address above.
14. COOKIES
You can set your browser to refuse all or some browser cookies or to alert you when websites set or access cookies. If you disable or refuse cookies, this may affect your use of Our Site and if you block cookies at a browser level, you may find other sites that you visit may not work correctly. For more information about the cookies we use, please see our cookie policy.
15. PRIVACY POLICY CHANGES
We reserve the right, at our sole discretion, to change, modify, add, or remove any portion of this Privacy Policy, in whole or in part, at any time. If our information practices change, we will post an updated policy on Our Site. You can tell if the policy has changed by checking the effective date that appears at the top of this policy. We shall not apply changes in our policy retroactively to information collected from you under a prior policy if, in the reasonable exercise of our discretion, we determine that the changes substantively affect your rights, unless we have given you notice of the changes of the policy and an opportunity to opt out. We will provide this notice to you by email if we have a current email address for you and otherwise by posting notice of the change prominently on the home page of Our Site. Otherwise, by using Our Site you agree to be bound by any such revisions and should therefore periodically visit the page to determine the then current terms of use and privacy policy to which you are bound.