PRIVACY POLICY

This privacy policy was last updated on: 23/04/2021

PURPOSE OF THIS PRIVACY POLICY

This privacy policy aims to give you information on how we collect and process your personal data through your use of this website, including any data you may provide through this website when you sign up to our newsletter or purchase a product or service or take part in a competition.

This website is not intended for children and we do not knowingly collect data relating to children.

It is important that you read this privacy policy together with any other privacy policy or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy policy supplements other notices and privacy policies and is not intended to override them.

CONTROLLER

J.Carter Sporting Club Ltd is the controller and responsible for your personal data (collectively referred to as "Castore", "we", "us" or "our" in this privacy policy).

We have appointed a data privacy manager who is responsible for overseeing questions in relation to this privacy policy. If you have any questions about this privacy policy, including any requests to exercise your legal rights, please contact the data privacy manager using the details set out below.

ABOUT US

Castore (the website “www.castore.com”) is operated by J.Carter Sporting Club Ltd (“we”, “us” and “our”) is a limited company registered in England with company number 09670915, and VAT number GB 220 5568 30. Our registered office is Tempest Building, 12 Tithebarn St, Liverpool, L2 2DT. For the purposes of applicable data protection laws, including the EU General Data Protection Regulation (“GDPR”) (as amended or superseded) Castore is the “controller” of the personal information collected through the site, by phone, e-mail or other communication, with our Customer Services team, or in any Castore store. This means that Castore decides why and how your personal information is processed. 

OUR CONTACT DETAILS

Please contact our Customer Services team via email at concierge@castore.co.uk if you would like to discuss this with us or have any questions, comments or suggestions relating to this policy.

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK regulator for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance. 

YOUR PRIVACY IS IMPORTANT TO US

At Castore we take your privacy very seriously and are committed to protecting the privacy and security of our customers. We fully appreciate and respect the importance of data protection and online security.

This Privacy Policy outlines how your personal information is treated and forms part of our terms and conditions. This Policy explains:

CHANGES TO THE PRIVACY POLICY AND YOUR DUTY TO INFORM US OF CHANGES

If we make any material changes to this Privacy Policy we will notify you by, for example, adding a statement to the homepage of the site or sending you an e-mail regarding the update.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

THIRD-PARTY LINKS

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit. 

THE DATA WE COLLECT ABOUT YOU

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, use, store and transfer different kinds of personal data about you, as set out in the following section, entitled “How do we collect information from you”.

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.

We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.  We ask that you do not provide such information to us. 

IF YOU FAIL TO PROVIDE PERSONAL DATA

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

HOW DO WE COLLECT INFORMATION FROM YOU?

  1. INFORMATION WE COLLECT WHEN YOU VISIT OUR SITE 

We will collect personal information that you provide to us when you:

We may also collect information about you from service providers and other third parties that provide information to us, such as Business Partners (as defined below), advertising networks, public sources, social media platforms and networks.

Any personal information you provide to us in the ways listed above is voluntary. However, if you do not provide this information to us, we may be unable to provide products and services to you or interact or communicate with you effectively.

We will also collect certain information automatically when you visit our site, in particular:

We may also combine information that we receive from the various sources and make inferences from the information to create a profile about you reflecting your preferences and characteristics.

  1. INFORMATION WE COLLECT WHEN YOU PURCHASE OUR PRODUCTS ONLINE OR INSTORE.
  1. INFORMATION WE COLLECT WHEN YOU CONTACT US

We will collect personal information about you when you contact us by telephone, e-mail, online chat function or via social media. We may monitor, record and store such communication with you as needed and, for training and/or quality purposes.

  1. INFORMATION WE COLLECT IF YOU APPLY FOR A JOB WITH US

You may be able to apply for a job with us through our site, in-store or through third party websites such as LinkedIn. The personal information we collect about you may include your name, contact details, employment history, and any information set out in your CV, with personal information being shared with third-party agencies as part of Castore and J.Carter Sporting Club Ltd background checks.

HOW WE USE YOUR INFORMATION

European data protection laws require us to have a specific legal reason (also known as a ‘lawful basis’) and purpose to use your personal information. We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  1. Where we need to perform the contract we are about to enter into or have entered into with you.
  2. Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  3. Where we need to comply with a legal obligation.

Go to the Glossary to find out more about the types of lawful basis that we will rely on to process your personal data.

Generally, we do not rely on consent as a legal basis for processing your personal data although we will get your consent before sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.

  1. WE WILL PROCESS YOUR PERSONAL DATA AS PART OF THE PERFORMANCE OF OUR CONTRACT WITH YOU

When we perform the following activities, we will need to process your personal data for the Performance of Our Contract with you.

  1. WHERE WE HAVE A LEGITIMATE INTEREST IN USING YOUR PERSONAL INFORMATION:

When we process your personal data in the following ways, our lawful basis for doing so is because we have a Legitimate Interest in doing so, i.e. it is necessary for us to promote our business, brand and products and services.

To contact you by post, email, or text message marketing communications about our products and services in accordance with the preferences you select when you sign up to receive updates or purchase products. You can change your preferences via the unsubscribe link on any communication from us, or by withdrawing your consent by email us at concierge@castore.co.uk.

Some of this information may be identifiable to you because you have logged in to your account, or because we have collected details of your IP address or the device that you have used to access the website. The geographic region and location which your device reports to us will also be collected so we can improve the customer experience.

  1. WHERE THE PROCESSING IS REQUIRED FOR US TO COMPLY WITH OUR LEGAL OBLIGATIONS:

 

MARKETING

We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising.

  1. Promotional offers from us

We may use your personal data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing).

You will receive marketing communications from us if you have requested information from us or purchased goods or services from us and you have not opted out of receiving that marketing.

  1. Third-party marketing

We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.

  1. Opting out

You have the option to unsubscribe from our e-mails through the unsubscribe link at the bottom of every e-mail we send to you. You also have the option to unsubscribe from our text messaging by following the instructions in the text message or contacting the Customer Services team.

If you want to change the details that you have registered with us or would like to amend your marketing preferences or unsubscribe altogether, this can be changed in the “My Profile” section of our Site or by contacting our Customer Services team.

You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you.

Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product/service purchase, warranty registration, product/service experience or other transactions.

  1. Cookies

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. For more information about the cookies we use, please see our Cookie Policy.

  1. Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

WHO WE WILL SHARE YOUR INFORMATION WITH

We will share your personal data with our service providers, business partners, our parent company and affiliated entities. We have in place an agreement with our service providers (including our parent company J.Carter Sporting Club Ltd) which restricts how they are able to process your personal information and requires them to keep it secure. Every external company we work with has a contract with us which clearly sets out our expectations and requirements in handling personal information and obligates them to meet these standards and those contained in the General Data Protection Regulation (GDPR).

We will also use services offered by Google, Facebook, Twitter, Instagram and other social media platforms to better tailor our marketing communications and for targeted advertising, where you have consented to receive marketing communications. This means that we may share details of existing customers with third parties to create ‘lookalike’ audiences. We do this to build a better picture of the type of individuals who may be interested in our products and focus our marketing activity on those individuals. This marketing activity may occur on one of our sites or on other websites that you may visit including social media sites.

We receive insights from Facebook about the effectiveness of our advertising campaigns which you experience on our site and social channels. This helps to better target our advertising.

If you would like more information about how your personal information may be transmitted, and the safeguards applied, please contact concierge@castore.co.uk. You may have the right to object to your personal information being used in this way (see “EXCERCISING YOUR RIGHTS” below). 

INTERNATIONAL TRANSFERS

Many of our external third parties are based outside the UK so their processing of your personal data will involve a transfer of data outside the UK.

Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  1. We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data.
  2. Where we use certain service providers, we may use specific contracts approved for use in the UK which give personal data the same protection it has in the UK.

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK.

DATA SECURITY

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

HOW LONG WE KEEP YOUR INFORMATION

We will only retain your personal information for the purposes set out in the policy and for as long as we have a legal or business requirement to do so.  By law, different retention periods apply for to different types of records and data, however the longest we will normally hold any personal data is 7 years from the date of your last transaction. Our Data Retention Period has been determined to cover contractual and legal requirements, credit risk, fraud detection and customer service periods, as well as to cover regulatory requirements, and the resolution of disputes or fraud prevention.

HOW WE STORE YOUR INFORMATION

Your information may be processed by our staff or by the staff of our suppliers to the extent necessary to fulfil your order. By submitting your personal information to us, you agree to the transfer of your personal information, its storage and processing.

We will keep the data which we collect from you on a secure server. Any information you give us relating to credit card details is handled by a PCI DSS compliant third party and encrypted using secure server technology. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access and require our suppliers to do the same.

How is the data collected in-store stored?

Where we have given you a password (or where you have chosen one) to access certain parts of this site. It is your responsibility for keeping this password confidential. We ask that you do not share your password with anyone.

YOUR LEGAL RIGHTS

Under certain circumstances, you have rights under data protection laws in relation to your personal data. Please click on the links below to find out more about these rights:

 If you wish to exercise any of the rights set out above, please contact us.

No fee usually required

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Time limit to respond

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated. 

EXERCISING YOUR RIGHTS

Please contact us if you have any concern about how your personal information is processed at concierge@castore.co.uk and we will try to resolve your concerns. You have certain rights in relation to personal information that we hold about you, including the right to request access to your personal information that we hold about you, including the right to request access to your personal information, to request that it is erased, that its processing is restricted, or that any inaccurate personal information is rectified. You may also have the right to object to the processing of your personal information, or in some circumstances to obtain a copy of the personal information in a machine read-able format and will always have a right at any time to withdraw any consent you have given to us. You have the right to object or withdraw your consent (as applicable) to any use we make of your personal information for direct marketing purposes.

You have the option to unsubscribe from our emails through the unsubscribe link at the bottom of every e-mail we send to you. You also have the option to unsubscribe form our text messaging by following the instructions in the text message or contacting the Customer Service team at concierge@castore.co.uk. If you want to change the details that you have registered with us or would like to amend your marketing preferences or unsubscribe altogether, this can be changed in the “My Profile” section of our Site or by contacting our Customer Services team at concierge@castore.co.uk.

GLOSSARY

LAWFUL BASIS

“Legitimate Interest” means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.

“Performance of Our Contract” with you means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.

“Comply with a Legal Obligation” means processing your personal data where it is necessary for compliance with a legal obligation that we are subject to.

YOUR LEGAL RIGHTS

You have the right to: