Personal data is collected by Life In The Cocoon Ltd (‘COCOON’) whose address is 3a, Leinster Square, London, United Kingdom, W2 4PL. For the purposes of the General Data Protection Regulation (Regulation (EU) 2016/679, the ‘GDPR’ and the UK’s Data Protection Act 2018), as applicable, amended and replaced from time to time (‘Data Protection Law’), COCOON is the data controller. Any references to ‘the site’ relate to www.cocoonclub.co.uk
Please read this notice carefully to understand how we will respect and manage your personal data. By visiting our website, or by providing us with any information about yourself, you are accepting and agreeing to the practices described in this notice.
- Data that can be collected about you
COCOON collects and processes the following data: email, title, surname, date of birth, country, password, profile picture, addresses, phone number(s), IP address, login and navigation data, order history, transactions, complaints, incidents, delivery information, correspondence on our site. For bank details, see paragraph 10 of this notice.
The obligatory or optional nature of the data to be provided is indicated to you during the collection by an asterisk denoting obligatory information. We may not be able to provide our products or services if you do not provide information that we need.
Some data is collected automatically because of your use of or actions on the site (see the section on cookies and pixels at paragraph 5 below).
We collect the information that you provide us, especially when you:
- create your customer account;
- complete a transaction on the site;
- browse the site and consult products;
- participate in a lottery or a contest;
- contact our customer service;
- use the chat facility on the site;
- accept the installation of certain cookies.
- Recipients of the data
We will not:
- sell or rent your data to third parties
- share your data with third parties for marketing purposes
Your data may be shared with third parties only in the following circumstances:
- to the extent necessary to enable us to fulfil your orders and execute our services;
- if we or a substantial part of our assets are acquired by a third party, in which case personal data held by us may be one of the transferred assets;
- if we are obliged to do so by law or competent authority;
- to the extent necessary to protect the rights, property or safety of COCOON, our suppliers, our customers or others.
The main purpose of collecting your personal data is to offer you a safe, optimal, efficient and personalised experience. We may use your personal data to:
- provide our products and services and those of our partners when COCOON acts as agent;
- manage the relationship with our customers and prospects;
- manage membership relations
- resolve any problems and disputes;
- perform statistics and studies to personalise, evaluate and improve our services and contents;
- inform you about our services and those of our partner companies, by targeted marketing and/or promotional offers;
- track user behaviour via Google Analytics;
- prevent, detect and investigate all potentially prohibited and illegal activities and enforce our general conditions of sale and use;
- comply with our legal and regulatory obligations.
Data Protection Law requires us to fulfil at least one “legal ground” for processing data that contains personally identifiable information, currently set out in Article 6 of the GDPR. The grounds applicable to the personal data to which this notice relates to are:
- Where the processing is necessary for us to perform a contract that you are party to, or to take steps at your request prior to entering a contract;
- Where the processing is necessary for compliance with a legal obligation to which we are subject;
- Where processing is necessary for the purposes of our legitimate interests or the legitimate interests of a third party (provided that your fundamental rights and freedoms are not overridden). Our legitimate interests comprise the management, marketing and promotion of our business, products and services, the administration of your participation in the COCOON community, and the recruitment and management of staff.
If more than one of the above grounds apply to the processing of data in question, the applicable ground will be the first one listed.
- Cookies and Pixels
If you register to receive email updates from us, each email may collect:
- Information about you, using industry standard technologies including pixels which will track email opens (if you have images enabled in your email client/mailbox). This is the standard approach for measuring open and click rates, and is used by all email platforms in the market.
- All links in emails are proxied through a link redirection service that records data for each link clicked. This can lead to a set of events which may include:
- Event type (delivery, bounce, open, click, spam complaint, unsubscribe)
- Email address of the recipient (which you will have provided)
- IP address of the recipient (in the case of open and click)
- GEO location based on IP address (city level) (in the case of open and click)
- Device type (e.g. mobile/computer/tablet) and browser (e.g. chrome/safari/firefox).
If you do not want this information to be collectable, you should disable and not open images in your email application.
- Data storage
The data that we collect from you will be stored on our servers or those of our service providers. It will not be transferred to, and stored at, a destination outside the UK or European Economic Area ("EEA") unless:
- to a processor acting on our behalf which either (i) is within the UK or EEA, or (ii) is in a country that the UK or European Union has decided has adequate data protection laws in place, or (iii) has provided appropriate data protection safeguards of the sort approved by the UK or European Union and which provide effective rights and remedies for you; or
- you have given consent to us transferring data about you to third parties outside the UK or EEA.
Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted via the internet; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Personal data will be kept:
(i) for customer data (paying members) for purposes of management and furtherance of the commercial relationship: until three years after the last transaction;
(ii) for account data of users (registered) on the site: as long as the account is not deleted or stopped by you;
(iii) for any other data, for so long as is necessary for the purposes set out this notice. The criteria that we will use in determining this will include our legal obligations, good industry practice and the guidance from relevant UK authorities.
At the end of the aforementioned period(s), the data are deleted unless they are required to be kept for any legal or regulatory reason.
- Special categories of personal data
If you provide us with any special categories of personal data, you expressly consent (and you hereby do) to us processing that data for the purposes set out in paragraph 4 above. Under special categories of personal data, article 9 of the GDPR refers to information such as racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health, sex life or sexual orientation or genetic or biometric data or personal data relating to criminal convictions and offences. If you do not want us to process any such categories, please do not provide it to us.
- Your rights under Data Protection Law.
You have various rights under Data Protection Law. These include:
- the right to ask us not to process your personal data for direct marketing purposes, even if you have given consent;
- the right to withdraw any consent you may have given for our processing of your data – if you exercise this right, we will be required to stop such processing if consent is the sole lawful ground on which we are processing that data;
- the right to ask us for access to the data we hold about you (see paragraph 9 below for further details);
- the right to ask us to rectify any data that we hold about you that is inaccurate or incomplete;
- the right to ask us to delete your data in certain circumstances;
- the right to ask us to restrict our processing of your data in certain circumstances;
- the right to object to our processing of your data in certain circumstances;
- the right to require us to give you the data we hold about you in a structured, commonly used and machine-readable format so that you can provide the data to another data controller.
You can exercise any of the rights set out above, free of charge, by contacting us at email@example.com. If we require any more information from you in order to process the request, we will ask this from you following your request. We will usually require you at least to provide documentation verifying your identity.
If you submit unfounded or excessive requests to exercise any of these rights, we reserve the right to decline your request or make a reasonable charge for fulfilling your request.
You also have the right to lodge a complaint with the Information Commissioner’s Office (www.ico.org.uk) if you are concerned that we are not respecting your rights under Data Protection Law. The Information Commissioner’s Office is the authority in the UK which is responsible for overseeing the application of, and enforcing, Data Protection Law.
- Accessing your data
You have the right to obtain from COCOON a confirmation as to whether we are processing (including holding) personal data about you.
If we are processing personal data about you, you are entitled to be provided with:
- information as to the purposes for which we process the data;
- information as to the categories of the data that we are processing;
- information as to the recipients or categories of recipients to whom the data has or will be disclosed;
- information as to the envisaged period for which we will store the data, or if that has not been determined, the basis on which that period will be determined;
- a copy of the data (should you request further copies, we may make a reasonable charge which will inform you of at the time). Please note that this right is subject to the rights of others in relation to their own or someone else’s personal data.
Please contact us as set out at paragraph 8 in order to exercise any of these rights should you wish to do so.
- Banking data and order analysis system
Your payment details are kept securely by our payment processing provider, Stripe. Stripe are an independent payment processor, and we do not have access to your payment details. Please see stripe.com for details of how Stripe processes personal data.
Your payment details are kept securely so you do not have to re-enter them for every new transaction. We also use your registered payment details to process recurring payments in accordance with our Terms and Conditions.
The occurrence of an unpaid transaction due to the fraudulent use of a payment method will result in the registration of contact details related to the fraudulent transaction within a payment incident file recorded us or our third party payment facilitator(s). An irregular declaration or an anomaly may also be the subject of specific treatment (especially for fraud detection purposes).
- Other websites
Our website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
- Changes to this privacy notice
Any changes we make to our privacy notice in the future will be posted on this page and, where appropriate, we will notify you by e-mail. Please ensure you review this privacy notice frequently to see any updates or changes.
If you have any questions, comments and requests regarding this privacy notice, please email them to firstname.lastname@example.org.