Welcome to Ilinka Collection’s Privacy and Cookies Policy (Policy).
We respect your privacy and is committed to protecting your personal data. This Policy will inform you as to how we look after your personal data when you visit and use our Site (defined below) and tell you about your privacy rights and how the law protects you. References to “we”, “us”, or “our” in this Policy mean Ilinka Collection.
We ask that you read this Policy carefully. This Policy is divided into the following sections:
Section 2: Cookies Policy
Ilinka Design Studio Limited operates an e-commerce website (hereafter, the Site) where you can browse and purchase our range of handmade, bespoke bed linen and other textile products of high quality. For more information see our story
As such, we collect and use the personal data of three categories of data subjects: 1. Visitors to our Site; 2. Customers with accounts and guest accounts on the Site; and 3. Those individuals who sign up to receive our newsletter.
Our Site is not intended for use by children, and we do not knowingly collect data relating to children. If you are under the age of 18, you must not use our Site.
We collect, use and are responsible for certain personal data about you. When we do so we are regulated under the UK GDPR (consisting of the UK Data Protection Act 2018, as amended and updated in light of the UK’s departure from the European Union) and the EU GDPR (the General Data Protection Regulation (EU) 2016/79, as amended from time to time), as applicable based on your location in the United Kingdom or the European Union and we are responsible as ‘controller’ of that personal data for the purposes of those laws.
Throughout the Site, we may link to other websites owned and operated by certain trusted third parties to make additional products and services available to you, or provide external services. These other third party websites may also gather information about you in accordance with their own separate privacy policies. For privacy information relating to these other third party websites, please consult their privacy policies as appropriate.
If you have any questions about this Policy or our privacy or tracking practices, please contact us using the following details:
Full Name of Legal Entity: Ilinka Collection Ltd
Postal Address: Acre House, 11/15 William Road, London, United Kingdom, NW1 3ER
You have the right to make a complaint at any time to your local supervisory authority. If you are based in the United Kingdom, then this will be the Information Commissioner’s Office (the ICO), who is the UK regulator for data protection issues. For more information, please visit www.ico.org.uk. If you are based in the European Union, please consult the following website to find out the details of your local supervisory authority, https://edpb.europa.eu/about-edpb/board/members_en. We would, however, appreciate the chance to respond to your query and deal with your concerns before you approach a supervisory authority.
We collect personal data about you when you access our Site, create an account with us, purchase products via our Site, contact us, send us feedback, post material to our Site, sell and offer products for sale on our Site and complete customer surveys or participate in competitions via our Site.
We collect this personal data from you either directly, such as when you create an account with us, contact us or sell or purchase products via our Site or indirectly, such as your browsing activity while on our website (see Section 2 - Cookies Policy below for more information on the cookies we use).
The personal data we collect about you depends on the particular activities carried out through our Site.
If you create an account (or guest account) on the Site to purchase products, we collect the following personal data:
If you are a visitor to the Site, but do not have an account or have not purchased any products via the Site, we only collect the following personal data about you:
We use this personal data to:
We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific Site feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Policy.
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
When we process your personal data, we are required to have a lawful basis for doing so. There are various different lawful bases on which we may rely, depending on what personal data we process and why. Please see the below for more information on the lawful basis that we may rely on:
For further details on when we collect personal data, the type of data we collect as well as the lawful basis we rely on, please read the following table:
|Purpose for processing your personal data||Type of data||Lawful basis for processing including basis of legitimate interest|
|To create an account for you as a customer on the Site.|
|Performance of a contract with you|
To process and deliver your order including: (a) Manage payments, fees and charges
(b) Collect and recover money owed to us
(e) Marketing and Communications
(a) Performance of a contract with you
(b) Necessary for our legitimate interests (to recover debts due to us)
(b) Asking you to leave a review or take a survey
(d) Marketing and Communications
(a) Performance of a contract with you
(b) Necessary to comply with a legal obligation
(c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)
|To enable you to partake in a prize draw, competition or complete a survey|
(e) Marketing and Communications
(a) Performance of a contract with you
(b) Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business)
|To administer and protect our business and the Site (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)|
|(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise) (b) Necessary to comply with a legal obligation|
|To deliver relevant Site content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you|
(e) Marketing and Communications
|Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy|
|To use data analytics to improve our Site, products/services, marketing, customer relationships and experiences|
|Necessary for our legitimate interests (to define types of customers for our products and services, to keep our Site updated and relevant, to develop our business and to inform our marketing strategy)|
|To make suggestions and recommendations to you about goods or services that may be of interest to you|
(f) Marketing and Communications
|Necessary for our legitimate interests (to develop our products/services and grow our business)|
This data sharing enables us to ensure orders are fulfilled and products are dispatched accordingly. This also allows us to recover the sums for the products owed by you. We will also share your personal data with our fulfilment and logistics partners for the purposes of fulfilling the orders you place and delivering the products to you at the address or location you designate in your order.
Some of these third party recipients may be based outside the United Kingdom and European Economic Area — for further information including on how we safeguard your personal data when this occurs, see ‘Transfer of your information out of the UK and EEA’ below.
We will share personal data with law enforcement or other authorities if required by applicable law.
Where we do share your data with third parties, we will always ensure that such third parties are bound by a contract setting out how they are authorised to process data on our behalf and which contains provisions regarding data security and confidentiality, as required by applicable privacy laws.
We may transfer your personal data to the following which are located outside the United Kingdom (UK) and European Economic Area (EEA). Where we transfer your personal data outside of the UK and the EEA, we will only do so for the purposes mentioned in this Policy and any contract that we have entered into with you or the entity that you are representing. Countries outside of the UK and the EEA do not have the same data protection laws as the UK and EEA. Therefore, when making such a transfer of data, we will always rely on a safeguard mechanism under the UK GDPR and/or the EU GDPR. We will only transfer your personal data to a country which the European Commission or the UK authorities have given a formal adequacy decision/regulation that confirms this third-country provides an adequate level of data protection similar to those which apply in the UK and EEA. If the third-country does not have an adequacy decision awarded to it, any transfer of your personal information will be subject to entering into the European Commission’s Standard Contractual Clauses (the SCCs) which are designed to help safeguard your privacy rights and give you remedies in the unlikely event of a misuse of your personal data.
Transfers of personal data from the UK to the EEA shall be done on the basis of the adequacy regulation awarded to the European Union by the UK pursuant to the withdrawal of the UK from the European Union. Transfers of personal data from the EEA to the UK shall be done on the basis of: (a) the right to freely transfer personal pursuant to the bridge period agreed between the UK and the EU, currently set to expire four months after the withdrawal of the UK from the European Union on 31 December 2020; and (b) thereafter, either on the basis of an adequacy decision awarded by the European Commission to the UK, and notwithstanding this, by entering into the SCCs for any such transfers of personal data.
If you would like further information please contact us using the details provided at the start of this Policy. We will not otherwise transfer your personal data outside of the UK and the EEA or to any organisation (or subordinate bodies) governed by public international law or which is set up under any agreement between two or more countries.
We would like to send you information about the Site, our services, the products on sale and any special offers, which may be of interest to you. Where we have your consent or it is in our legitimate interests to do so, we may do this by post, email, telephone, text message (SMS) or automated call.
We will ask whether you would like us to send you marketing messages when you provide consent to such marketing, or where you have purchased products from us.
If you have previously agreed to being contacted in this way, you can unsubscribe at any time by:
—contacting us using the detail provided at the beginning of this Policy; —using the ‘unsubscribe’ link in emails; or —updating your marketing preferences on our Site within your account.
Under the UK GDPR and the EU GDPR, you have a number of important rights free of charge. In summary, those include rights to: - fair processing of information and transparency over how we use your use personal data - access to your personal data and to certain other supplementary information that this Policy is already designed to address - require us to correct any mistakes in your personal data which we hold - require the erasure of personal data concerning you in certain situations - receive the personal data concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations - object at any time to processing of personal data concerning you for direct marketing - object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you - object in certain other situations to our continued processing of your personal data - otherwise restrict our processing of your personal data in certain circumstances
For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation.
If you would like to exercise any of those rights, please email or write to us using the details provided at the beginning of this Policy.
We will require information from you to allow us to identify you. We will endeavour to respond to all requests with 30 days of receipt.
We have appropriate security measures in place to prevent personal data from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal data to those who have a genuine business need to know it. Those processing your personal data will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
This Policy was last updated on 29/12/2021. We may change this Policy from time to time, when we do, we will update this Policy on the Site. It is your responsibility to ensure you are always up to date of the latest policy in force.
For example, we may monitor how many times you visit the Site, which pages you go to, traffic data, location data and the originating domain name of your internet service provider.
This information helps us to grow our business and provide more tailored content for you. Some of this data will be aggregated or statistical, which means that we will not be able to identify you individually.
For further information on cookies generally, including how to control and manage them, visit the guidance on cookies published by the UK Information Commissioner’s Office, www.aboutcookies.org or www.allaboutcookies.org.
The table below provides more information about the cookies we use and why:
|The cookies we use||Name||Purpose||Whether cookie is essential for us to provide you with a service that you have requested and whether we will seek your consent before we place the cookie|
|Univesal Analytics (Google)||_ga, _gid||Used to distinguish users||Yes, essential (we will therefore not request your consent before placing this cookie)|
If you do not want to accept any cookies, you may be able to change your browser settings so that cookies (including those which are essential to the services requested) are not accepted. If you do this, please be aware that you may lose some of the functionality of our Site.
For further information about cookies and how to disable them please go to the guidance on cookies published by the UK Information Commissioner’s Office, www.aboutcookies.org or www.allaboutcookies.org.