York Limited is a company registered in Gibraltar under registration number 00889 which is collectively referred to as "M&S", "we" “Marks and Spencer’ or "us" in this policy.
Maintaining the security of your data is a priority at M&S, and we are committed to respecting your privacy rights. We pledge to handle your data fairly and legally at all times. M&S is also dedicated to being transparent about what data we collect about you and how we use it.
This policy, which applies whether you visit our stores, shop with us online or otherwise engage with us provides you with information about:
- how we use your data
- what personal data we collect;
- how we ensure your privacy is maintained; and
- your legal rights relating to your personal data.
How we use your data
Use of your personal data
- to provide goods and services to you;
- to make a tailored website available to you;
- to manage your registered account(s) that you hold with us;
- to verify your identity;
- for crime and fraud detection and related purposes;
- with your agreement, to contact you electronically about promotional offers and products and services which we think might be of interest to you;
- for promotional and marketing purposes and to tailor and personalise products and services;
- to train and manage our people and develop products and services;
- for customer insight and marketing research purposes – to better understand your needs;
- to enable York Limited to manage customer service interactions (including refunds) with you; and
- where we have the legal right or duty to use or disclose your information (for example in relation to an investigation by a public authority in a legal dispute)
What personal data we collect
We may collect the following information about you
- your name/ date of birth/ gender;
- Contact details and postal address including billing information delivery addresses, telephone numbers and email address;
- Purchases and orders made by you;
- Online browsing activities on our website;
- your password;
- when you make an order or purchase with us your payment card details;
- your communication and marketing preferences;
- your location;
- your preferences, feedback and survey responses;
This list is not exhaustive and, in specific circumstances we may need to collect additional data for the purposes set out in this policy.
How we protect your data
We are committed to keeping your personal records safe and secure using a combination of data encryption, cyber security and internal policy control measures.
What can you do to help protect your data
We will never ask you to confirm bank account or credit card information via email. If you receive an email claiming to be from us asking you to do so, please ignore it and do not respond.
If you are using a computing device in a public location, we recommend that you always log out and close the website browser when you complete an online session.
In addition, we recommend that you take the following security measures as good practice;
- keep your account passwords private;
- Use at least 8 characters when creating a password with a combination of letters, numbers and special characters. Do not use dictionary words, your name, email address or other personal information that can be easily obtained in your password;
- change your password regularly;
- avoid using the same password across multiple online accounts;
You have the following rights;
- the right to ask for a copy of personal data that we hold about you (the right of access);
- the right (in certain circumstances) to request that we delete personal data held on you; where we no longer have any legal reason to retain it (the right of erasure or to be forgotten);
- the right to ask us to update and correct any out of date or incorrect personal data that we hold about you (the right of rectification);
- the right to opt out of any marketing communications that we may send you and to object to us using/ holding your personal data if we have no legitimate reasons to do so (the right to object);
- the right (in certain circumstances) to ask to ‘restrict processing of data’; which means that we would need to secure and retain the data for your benefit but not otherwise use it (the right to restrict processing); and
- the right (in certain circumstances) to ask us to supply the personal data we hold about you in a structured machine- readable format and/ or to provide a copy of that data in such a format to another organisation (the right to data portability).
If you wish to exersice any of the above rights, please contact us using the contact details set out below.
Legal basis for using data
We collect and use personal data because it is necessary for complying with our legal obligations and the pursuit of legitimate interests such as;
- exercising our rights under a contract of sale of goods and services to our customers;
- protecting customers, employees and other individuals and maintaining their safety, health and welfare;
- promoting, marketing, advertising and improving our products and services;
- handling customer contact, queries and complaints or disputes (including managing refunds);
- managing insurance claims by customers;
- effectively detecting and handling fraud and other crime or anti-social behaviour, including working with law enforcement agencies;
- fulfilling our duties to our customers, employees and other stakeholders;
- managing corporate transactions, including selling or transferring any parts of the business to third parties, acquiring new businesses, entering in to mergers or business restructuring activities
If you have any questions that are not answered here please contact us on; +350 200 75857
This policy was last updated in April 2020.