CODE: TMGIFTS WITH $100 PURCHASE / COMPLIMENTARY SHIPPING ON ORDERS OVER $50


PRIVACY POLICY:

 

UPDATED 10/5/2018

Trish McEvoy Ltd (“We, us or our”) are committed to protecting and respecting your privacy and as a commitment to this we are now compliant with the Europe-wide General Data Protection Regulation (EU 2016/679)

This Privacy Policy (together with our Terms of Use and any other documents referred to on it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us and any 3rd parties we use. 

Please read the following carefully to understand our practices regarding your personal data and how we will treat it. If at any time you wish to ask any additional questions about our security & operational procedures concerning your personal data please get in touch using the details below.

1.    INTRODUCTION

This privacy notice provides you with details of how we collect and process your personal data through your use of “Our Site” www.trishmcevoy.com , including any information you may provide through Our Site when you purchase a product, set up an account or agree to other specific marketing

By providing us with your personal data, you warrant to us that you are over 13 years of age. If you are 13 years old or younger, please do not provide us any personal data on or through your use of Our Site.

This Policy sets out the obligations of Trish McEvoy Ltd, a company registered in the State of New York, whose registered office address is at 430 Commerce Blvd., Carlstadt, NJ 07072 (“the Company”) and all companies in the Group of Companies of which the Company forms part (“the Group”), including Trish McEvoy UK Limited a Company registered in England and Wales under number 03203073 (“UK Co”) regarding the Group’s obligations as a Data Controller.

 

Our full details are:

Full name of legal entity:  Trish McEvoy Ltd.

Email address: dataprivacy@tmcos.com

Postal address: Information Officer, Trish McEvoy. 430 Commerce Blvd., Carlstadt, NJ 07072 USA

We collect and process most of your personal data at the above location or through our service providers under the conditions detailed below in section 6.

In the EU, if you are not happy with any aspect of how we collect and use your personal data, please address your concerns to the supervisory authority of the Member State of your residence. In the UK, this is the Information Commissioner’s Office, (www.ico.org.uk).  We should be grateful if you would contact us first if you do have a complaint however so that we can try to resolve it for you.

In the United States, you have the right to complain to the Department of Commerce, Federal Communications Commission or Better Business Bureau. It is very important that the information we hold about you is accurate and up to date. Please let us know if at any time your personal data changes by emailing us at custsvc@tmcos.com or by logging into the secure personal account area of Our Site and changing your details and preferences.

 

2.    WHAT PERSONAL DATA DO WE COLLECT ABOUT YOU

Personal data means any information capable of identifying an individual. It does not include anonymized data.

We may collect and process certain types of personal data about you as follows:

Identity Data may include your first name, last name, and unique identifier placed when you first access Our Site or register for an account with us. For more details on our use of Cookies, please see our Cookie Policy

https://www.trishmcevoy.com/t-cookie-policy.aspx

      Contact Data may include your billing address, delivery address, work and/or personal email address and where required, contact telephone numbers.

      Technical Data may include your login data, internet protocol addresses, browser type and version, browser plug-in types and versions, time zone setting and location, operating system and platform and other technology on the devices you use to access this site.

      Account Data may include name, address, email, purchase history, and month of birth.

      Credit & Debit Card Data: authorizations when you order products from us -we do not collect or process any of your bank details this is completed securely via our 3rd party payment processor

https://www.paypal.com/us/webapps/mpp/ua/payflowgatewaypp-full

      Usage Data may include information about how you use our website, products and services including where you interact with content on Our Site.

      Marketing and Communications Data may include your preferences in receiving marketing communications from us. 

We may also process Aggregated Anonymized Data from your personal data but this data does not reveal your identity and as such in itself, is not personal data.

Special Category Data

We do not collect any Special Category Data about you. Special Category Data refers to data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data.

Where we are required to collect personal data under the terms of the contract between us when you purchase via Our Site and you do not provide us with that personal data when requested, we may not be able to perform the contract (for example, to complete a sale, fulfil delivery orders to you). If you do not provide us with the requested personal data, we may have to cancel a product or service you have ordered but if we do, we will notify you at the time.

3.    HOW WE COLLECT YOUR PERSONAL DATA 

We collect data about you through a variety of different methods including:

Directly: You may provide data by filling in forms on Our Site or by communicating with us by post, phone, and email or otherwise, including when you:

      Register for an account via Our Site;

      place an order

      request additional marketing be sent to you;

      provide us with feedback.

      attend an event

      Call our Customer Service team

Indirectly: As you use Our Site, we may automatically collect Technical Data about your equipment, browsing actions and usage patterns. We collect this data by using cookies, server logs and similar technologies. We may also receive Technical Data about you if you visit other websites that use our cookies. Please see our full cookie policy at https://www.trishmcevoy.com/t-cookie-policy.aspx for further details. 

      Third parties or publicly available sources: We may receive personal data about you from various third parties and public sources as set out below

      Technical Data from the following parties:

      analytics providers such as Google based outside the EU;

      advertising & Social networks such as, Facebook, Instagram, Twitter, LinkedIn and YouTube  based inside and outside the EU; and

      search information providers such as Google based inside and outside the EU.

      Browser and site usage history provided via cookies when visiting Our Site

4.    HOW WE USE YOUR PERSONAL DATA

 

We will only use your personal data when legally permitted. The most common uses of your personal data are:

      Where we need to perform the contract between us for example when you order a product or register on the site

      Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

      Where we need to comply with a legal or regulatory obligation. 

 Purposes for processing your personal data

Set out below is a description of the purposes for which we intend to use your personal data and the legal basis on which we will process such personal data. We have also explained what our legitimate interests are where relevant.

We may process your personal data in reliance on more than one legal basis, depending on the specific purpose for which we are using your personal data. Please email us at dataprivacy@mcos.com if you need more details in addition to the described basis has been set out below.

·         Usage Data may include a unique identifier placed when you first access Our Site or register for an account with us and other information about your visit such as login data, internet protocol addresses, browser type and version, browser plug-in types and versions, time zone setting and location, operating system and platform and other technology on the devices you use to access this site. For more details on our use of Cookies, please see our Cookie Policy

https://www.trishmcevoy.com/t-cookie-policy.aspx

·         Contact Data may include your first name and last name, billing address, delivery address, work and/or personal email address and where required, contact telephone numbers.

·         Account Data may include name, address, email, purchase history, and month of birth.

·         Credit & Debit Card Data: authorizations when you order products from us -we do not collect or process any of your bank details this is completed securely via our 3rd party payment processor

https://www.paypal.com/us/webapps/mpp/ua/payflowgatewaypp-full

·         Correspondence Data may include your name and email as provided by you when you fill in a contact form or communicate with us.

·         Marketing and Communications Data may include your first name, last name, email, mobile or other phone numbers and month of birth and can be changed in your account preferences for receiving marketing communications from us.

 

How we process your personal data and our lawful basis for doing so

 

We may process data about your use of our website and services ("usage data"). The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the usage data is the cookies used on our site. This usage data may be processed for the purposes of analyzing the use of the website and services. The legal basis for this processing is consent, which you provide by either accepting or rejecting our cookie policy, which is presented to you on your first visit to our site. If you refuse our cookie policy, we will not collect usage data.

We may process contact data ("contact data"). The contact data may include your name, email address, delivery address, and contact telephone numbers. The contact data may be processed for the purposes of operating our website, providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with you. The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract for example to fulfill an order through the website.

We may process your personal data that are provided in the course of the use of our services ("account data"). The account data may include name, address, email, purchase history, and month of birth.  The source of the account data is you when setting up an account and the purpose of supplying the purchased goods and services and keeping proper records of those transactions. The account data may be processed for the purposes of providing our services and fulfilling orders made by you via our site. The legal basis for this processing is the performance of a contract between you and us.

We may process limited credit & Debit Card data (“Credit & Debit Card Data”) this data will only include a unique identifier, linked to your account with us, and the authorization that the payment has been taken by our 3rd party Payment Provider, when you order products from us -we do not collect or process any of your bank details this is completed securely via our 3rd party payment processor

https://www.paypal.com/us/webapps/mpp/ua/payflowgatewaypp-full  

The legal basis for this processing is the performance of a contract between you and us. 

We may process information contained in or relating to any communication that you send to us ("correspondence data"). The correspondence data may include the communication content and metadata associated with the communication. Our website will generate the metadata associated with communications made using the website contact forms. The correspondence data may be processed for the purposes of communicating with you and record keeping. The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business, and support to website visitors and customers.

We may process Marketing and Communications Data. This data may include your first name, last name, email address, mobile and other contact numbers as provided by you when you set create an account or purchase goods through the site. This data may be processed for sending you marketing messages regarding new products, personal appearances and events as emails, texts or calls based on the preferences you set when providing your details.  The legal basis for this processing is consent, which you can withdraw at any time by updating your account preferences on the website or by choosing to unsubscribe on the footer of all such messaging or by contacting custsvc@tmcos.com.

Marketing communications 

You will only receive marketing communications from us if you have:

      requested information from us or previously purchased goods or services from us; or

      if you provided us with your details and ticked the box at the point of entry of your details for us to send you marketing communications, this includes your spoken choice when asked verbally at the “Point Of Sale” in any of our partner retailers and

      in each case, you have not opted out of receiving that marketing. 

We do not share your personal data with third parties other than as strictly necessary to comply with a legal obligation or to fulfil a contract with you such as delivering goods or products ordered via the website or via our customer service team.  If we do wish to share your personal data outside of these reasons will get your express opt-in consent before we share your personal data with any third party for any purpose.

You have the right to withdraw consent to receive marketing communications from us at any time by emailing us at custsvc@tmcos.com, by using the unsubscribe link provided in every email communication we send, or by unchecking the marketing email box within your account info section of the website.

Where you opt out of receiving our marketing communications, this will not apply to personal data provided to us as a result of a product/service purchase, warranty registration, product/service experience or other transactions where we are obliged to hold or process that information for a Lawful purpose.

Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.

If we need to use your personal data for a purpose unrelated to the purpose for which we collected the data, we will notify you and we will explain the legal basis for processing.  You have several rights over use of your personal data (see section 5 below), including the right to object to our processing your personal data for an incompatible purpose. 

We may process your personal data without your knowledge or consent where this is required or permitted by law.

5.    YOUR RIGHTS

The GDPR gives you specific rights regarding the use of your personal data (Rights as a Data Subject). These include the right to:

      Request access to your personal data.

      Request correction of your personal data.

      Request erasure of your personal data.

      Object to processing of your personal data.

      Request restriction of processing of your personal data.

      Request transfer of your personal data. And:

      Right not to be the subject of automated decision making or profiling.

You can read more about these rights at:

https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/

If you wish to exercise any of the rights set out above, please email us at: 

dataprivacy@tmcos.com

You do not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request under certain circumstances and we will inform you of our reasons for doing so and within the required time of 30 days from the initial request being received via dataprivacy@tmcos.com

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response

We try to respond to all legitimate requests within 30 days. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

6.  DISCLOSURES OF YOUR PERSONAL DATA

We require all third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the GDPR and provide guarantees in writing that they have the appropriate technical & organizational measures in place to safeguard your personal data and your Rights as a Data Subject (see above). We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions. Your Rights as a Data Subject will be protected at all times.

We may have to share your personal data with the parties set out below for the purposes set out in paragraph 4 above:

      Service providers including delivery, courier and postal services who provide delivery to you under contract with us and on our instructions.

      Professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.

      HM Revenue & Customs, regulators and other authorities based in the United Kingdom and other relevant jurisdictions who require reporting of processing activities in certain circumstances.

      Third parties to whom we sell, transfer, or merge parts of our business or our assets.

      Employees & Contractors who are compliant with our IT Security Policy and access control procedures.

 

7.  INTERNATIONAL TRANSFERS

We do need to share your personal data with service providers, which involves transferring your data outside the European Economic Area (EEA).

Countries outside of the EEA do not always offer the same levels of protection to your personal data, so European law has prohibited transfers of personal data outside of the EEA unless the transfer meets certain criteria.

Some of our third parties service providers are based outside the EEA so their processing of your personal data will involve a transfer of data outside the EEA to service providers and vendors we use to provide Our Site and services who are all located in the USA which, by virtue of the EU-US Privacy Shield is recognized by the European Commission as having adequate levels of protection for your personal data.

Whenever we transfer your personal data out of the EEA, we do our best to ensure a similar degree of security of data by ensuring at least one of the following safeguards is implemented:

      We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission; or

      Where we use certain service providers, we may use specific contracts or codes of conduct or certification mechanisms approved by the European Commission which give personal data the same protection it has in Europe; or

      Where we use providers based in the United States, we may transfer data to them if they are part of the EU-US Privacy Shield, which requires them to provide similar protection to personal data shared between the Europe and the US, or they are also GDPR compliant and have adequate security and organizational measures in place to keep your personal data secure and to honor your Rights as a Data Subject.

If none of the above safeguards is available, we may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.

Please email us at dataprivacy@tmcos.com if you want further information on the specific mechanisms and security measures used by us when transferring your personal data out of the EEA.

8. DATA SECURITY

We have put in place appropriate technical and organizational measures and Data Controller/Data Processing or Joint Controller Agreements, to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed by any of our suppliers or contacts or employees. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know such data. They will only process your personal data on our instructions and are subject to the same provisions under the GDPR.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

9. DATA RETENTION

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

By law, we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for seven years after they cease being customers, for tax reporting and audit purposes.

In some circumstances, you can ask us to delete your data: See section 5 for further information.

In some circumstances we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

If you wish to know more about the specifics of our data retention policies please contact dataprivacy@tmcos.com

10. THIRD-PARTY LINKS

This website may include links to third-party websites. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

11. COOKIES

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, this may affect your use of Our Site and if you block cookies at a browser level, you may find other sites that you visit may not work correctly. For more information about the cookies we use, please see https://www.trishmcevoy.com/t-cookie-policy.aspx