PRIVACY AND COOKIE POLICY
We ask that you read this privacy policy carefully as it contains important information on who we are, how and why we collect, store, use and share personal information, your rights in relation to your personal information and on how to contact us and supervisory authorities in the event you have a complaint.
This privacy policy is divided into the following sections:
Who we are Our website Our collection and use of your personal information Transfer of your information out of the EEA Cookies and similar technologies Marketing Your rights Keeping your personal information secure How to complain Changes to this website privacy policy How to contact us
This privacy policy is divided into the following sections:
Who we are
This website is operated by Tom & Co. Ltd. whose registered address is 59 Lafone Street, London SE1 2LX and company number 07557895, trading as Tom & Co.
We collect, use and are responsible for certain personal information about you. When we do so we are regulated under the Data Protection Act 2018 and the General Data Protection Regulation which applies across the European Union (including in the United Kingdom) and we are responsible as ‘controller’ of that personal information for the purposes of those laws.
We collect, use and are responsible for certain personal information about you. When we do so we are regulated under the Data Protection Act 2018 and the General Data Protection Regulation which applies across the European Union (including in the United Kingdom) and we are responsible as ‘controller’ of that personal information for the purposes of those laws.
Our website
This privacy policy relates to your use of our website, https://www.tomandco.co.uk.
Our collection and use of your personal information
We collect personal information about you when you access our website, register with us, contact us, send us feedback, send us a job application,enquire about our services via our website, post material to our website or to us, complete customer surveys or participate in competitions or sign up to our mailing list.
We collect this personal information from you either directly, such as when you sign up to our mailing list or buy products via our website or indirectly, such as your browsing activity while on our website (see ‘Cookies’ below).
The personal information we collect about you depends on the particular activities carried out through our website. This information includes:
your name, address and contact details details of any feedback you give us by phone, email, post or via social media information about the services we provide to you
We collect this personal information from you either directly, such as when you sign up to our mailing list or buy products via our website or indirectly, such as your browsing activity while on our website (see ‘Cookies’ below).
The personal information we collect about you depends on the particular activities carried out through our website. This information includes:
We use this personal information to:
verify your identity provide services to you respond to correspondence you send to us send marketing material to you customise our website and its content to your particular preferences notify you of any changes to our website or to our services that may affect you screen for potential risk and fraud improve our services
This website is not intended for use by children and we do not knowingly collect or use personal information relating to children.
We will not typically ask you for sensitive information or ‘special categories of data’ such as information about your ethnicity or health information, unless you are an employee. We will always ensure we have a lawful basis for processing this information namely through seeking your consent.
Information from third parties
Occasionally we may receive information about you from other sources (such as credit reference agencies) which will be added to the information already held about you in order for us to help supply our services and products to you.
We will not typically ask you for sensitive information or ‘special categories of data’ such as information about your ethnicity or health information, unless you are an employee. We will always ensure we have a lawful basis for processing this information namely through seeking your consent.
Information from third parties
Occasionally we may receive information about you from other sources (such as credit reference agencies) which will be added to the information already held about you in order for us to help supply our services and products to you.
Our legal basis for processing your personal information
When we use your personal information, we are required to have a legal basis for doing so. There are various different legal bases on which we may rely, depending on what personal information we process and why.
The legal bases we may rely on include:
consent: where you have given us clear consent for us to process your personal information for a specific purpose contract: where our use of your personal information is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract legal obligation: where our use of your personal information is necessary for us to comply with the law (not including contractual obligations) legitimate interests: where our use of your personal information is necessary for our legitimate interests or the legitimate interests of a third party (unless there is a good reason to protect your personal information, which overrides our legitimate interests)
When we use your personal information, we are required to have a legal basis for doing so. There are various different legal bases on which we may rely, depending on what personal information we process and why.
The legal bases we may rely on include:
Who we share your personal information with
We routinely share personal data such as your name and delivery address details with our third-party suppliers. This data sharing enables them to despatch the goods you ordered directly to you. Some of those third-party recipients may be based outside the European Economic Area — for further information including on how we safeguard your personal data when this occurs, see ‘Transfer of your information out of the EEA’.
We will share personal information with a third party who acquires substantially of Tom & Co. Limited’s assets, in which case the personal data shall be one of the acquired assets.
We will share personal information with law enforcement or other authorities if required by applicable law.
We will not share your personal information with any other third party.
We routinely share personal data such as your name and delivery address details with our third-party suppliers. This data sharing enables them to despatch the goods you ordered directly to you. Some of those third-party recipients may be based outside the European Economic Area — for further information including on how we safeguard your personal data when this occurs, see ‘Transfer of your information out of the EEA’.
We will share personal information with a third party who acquires substantially of Tom & Co. Limited’s assets, in which case the personal data shall be one of the acquired assets.
We will share personal information with law enforcement or other authorities if required by applicable law.
We will not share your personal information with any other third party.
Transfer of your information out of the EEA
We will make reasonable efforts to ensure that your data is not transferred outside the European Economic Area (EEA). Where we use data servers that may transfer data out of the EEA we will take steps to ensure adequate protections are in place to ensure the security of your information and give you remedies in the unlikely event of a security breach.
All information you provide to us is stored with secure data processors for the purposes of storing your data, accounting purposes and social media purposes for example. A copy of your information is also stored securely on our internal server and computers where access is restricted.
Please note that any processors we utilise that may transfer your data to the US, comply with the EU-US Privacy Shield Framework, which is a mechanism that ensures compliance with EU data protection requirements when transferring personal data from the European Union to the United States. You can learn more about Privacy Shield here: https://www.privacyshield.gov/welcome
While we will use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data that are transferred from you or to you via the internet. If you have any particular concerns about your information, please contact us using our contact details at the bottom of this policy.
All information you provide to us is stored with secure data processors for the purposes of storing your data, accounting purposes and social media purposes for example. A copy of your information is also stored securely on our internal server and computers where access is restricted.
Please note that any processors we utilise that may transfer your data to the US, comply with the EU-US Privacy Shield Framework, which is a mechanism that ensures compliance with EU data protection requirements when transferring personal data from the European Union to the United States. You can learn more about Privacy Shield here: https://www.privacyshield.gov/welcome
While we will use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data that are transferred from you or to you via the internet. If you have any particular concerns about your information, please contact us using our contact details at the bottom of this policy.
Cookies and other tracking technologies
A cookie is a small text file which is placed onto your device (eg computer, smartphone or other electronic device) when you use our website. We use cookies, web beacons, action tags and single-pixel gifs on our website. These help us recognise you and your device and store some information about your preferences or past actions.
The information we obtain from the use of cookies will not usually contain your personal data. Although we may obtain information about your device such as your IP address, your browser and/or
other internet log information, this will not usually identify you personally. In certain circumstances we may collect personal information about you—but only where you voluntarily provide it (eg by completing an online form) or where you purchase goods or services from us.
In most cases we will need your consent in order to use cookies on this Website. The exception is where the cookie is essential in order for us to provide you with a service you have requested (eg to enable you to put items in your shopping basket and use the check-out process).
The information we obtain from the use of cookies will not usually contain your personal data. Although we may obtain information about your device such as your IP address, your browser and/or
other internet log information, this will not usually identify you personally. In certain circumstances we may collect personal information about you—but only where you voluntarily provide it (eg by completing an online form) or where you purchase goods or services from us.
In most cases we will need your consent in order to use cookies on this Website. The exception is where the cookie is essential in order for us to provide you with a service you have requested (eg to enable you to put items in your shopping basket and use the check-out process).
Third party cookies
We work with third-party suppliers who may also set cookies on the Website which, for example, we may use to display video content. These third-party suppliers are responsible for the cookies they set on our Website. If you want further information, please go to the website for the relevant third party. You will find additional information in the table below.
Description of cookies and similar technologies
The cookies that we utilise on our Website are placed to fulfil such functions as allowing visitors to share content with a range of networking and sharing platforms, analysing how you use the Website and giving you a better more personalized experience
We work with third-party suppliers who may also set cookies on the Website which, for example, we may use to display video content. These third-party suppliers are responsible for the cookies they set on our Website. If you want further information, please go to the website for the relevant third party. You will find additional information in the table below.
Description of cookies and similar technologies
The cookies that we utilise on our Website are placed to fulfil such functions as allowing visitors to share content with a range of networking and sharing platforms, analysing how you use the Website and giving you a better more personalized experience
Cookies on our Website
| Cookie | Description | Duration | Type |
|---|---|---|---|
| _ga | This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors. | 2 years | Analytics |
| _gcl_au | This cookie is used to store and track conversions. | 5 months | Analytics |
| _gid | This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report. The data collected includes the number visitors, the source where they have come from, and the pages viisted in an anonymous form. | 1 day | Analytics |
| _hjAbsoluteSessionInProgress | This cookie is used to detect the first pageview session of a user. This is a True/False flag set by the cookie. | 30 minutes | Tracking and analytics |
| _hjFirstSeen | This is set to identify a new user’s first session. It stores a true/false value, indicating whether this was the first time Hotjar saw this user. It is used by Recording filters to identify new user sessions. | 30 minutes | Tracking and analytics |
| _hjTLDTest | When the Hotjar script executes we try to determine the most generic cookie path we should use, instead of the page hostname. This is done so that cookies can be shared across subdomains (where applicable). To determine this, we try to store the _hjTLDTest cookie for different URL substring alternatives until it fails. After this check, the cookie is removed. | 1 day | Tracking and analytics |
| _hjid | This cookie is set by Hotjar. This cookie is set when the customer first lands on a page with the Hotjar script. It is used to persist the random user ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID. | 11 months | Tracking and analytics |
Marketing
Marketing We would like to send you information about our products and services, competitions and special offers, which may be of interest to you. Where we have your consent or it is in our legitimate interests to do so, we may do this by post, email, telephone, text message (SMS) or automated call.
We will only ask whether you would like us to send you marketing messages when you tick the relevant boxes in our online forms.
If you have previously agreed to being contacted in this way, you can unsubscribe at any time by contacting us at info@tomanco.co.uk
We will only ask whether you would like us to send you marketing messages when you tick the relevant boxes in our online forms.
If you have previously agreed to being contacted in this way, you can unsubscribe at any time by contacting us at info@tomanco.co.uk
Your rights
Under the General Data Protection Regulation you have a number of important rights free of charge. In summary, those include rights to:
access to your personal information and to certain other supplementary information that this Privacy Notice is already designed to address require us to correct any mistakes in your information which we hold require the erasure of personal information concerning you in certain situations receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations object at any time to processing of personal information concerning you for direct marketing object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you object in certain other situations to our continued processing of your personal information otherwise restrict our processing of your personal information in certain circumstances
For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals rights under the General Data Protection Regulation.
If you would like to exercise any of those rights, please:
email or write to us at info@tomandco.co.uk or 59 Lafone Street, London, SE1 2LX. let us have enough information to identify you let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill), and let us know the information to which your request relates
For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals rights under the General Data Protection Regulation.
If you would like to exercise any of those rights, please:
Keeping your personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
How to complain
We hope that we can resolve any query or concern you raise about our use of your information.
The General Data Protection Regulation also gives you the right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone: 0303 123 1113.
The General Data Protection Regulation also gives you the right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone: 0303 123 1113.
Changes to this website privacy policy
This website privacy policy was last updated in February 2021.
We may change this website privacy policy from time to time, when we do we will inform you via email.
We may change this website privacy policy from time to time, when we do we will inform you via email.
How to contact us
Please contact us if you have any questions about this privacy notice or the information, we hold about you. If you wish to contact us, please email or write to us info@tomandco.co.uk 59 Lafone Street, London, SE1 2LX.