This website is not intended for children and we do not knowingly collect data relating to children.
Castore (the website “www.castore.com”) is operated by J.Carter Sporting Club Ltd (“we”, “us” and “our”) is a limited company registered in England with company number 09670915, and VAT number GB 220 5568 30. Our registered office is Tempest Building, 12 Tithebarn St, Liverpool, L2 2DT. For the purposes of applicable data protection laws, including the EU General Data Protection Regulation (“GDPR”) (as amended or superseded) Castore is the “controller” of the personal information collected through the site, by phone, e-mail or other communication, with our Customer Services team, or in any Castore store. This means that Castore decides why and how your personal information is processed.
OUR CONTACT DETAILS
Please contact our Customer Services team via email at email@example.com if you would like to discuss this with us or have any questions, comments or suggestions relating to this policy.
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK regulator for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
YOUR PRIVACY IS IMPORTANT TO US
At Castore we take your privacy very seriously and are committed to protecting the privacy and security of our customers. We fully appreciate and respect the importance of data protection and online security.
- What information we collect when you use the Castore website (“www.castore.com”), when you communicate with us, or when you visit one of our stores (as the case may be).
- How we use your information.
- How we share your information.
- How long we keep your information and how it is stored.
- Our approach to sensitive personal information.
- What options you have to control your information.
- The rights you may have in relation to your personal information.
- How we communicate changes to this Policy.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
THE DATA WE COLLECT ABOUT YOU
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you, as set out in the following section, entitled “How do we collect information from you”.
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences. We ask that you do not provide such information to us.
IF YOU FAIL TO PROVIDE PERSONAL DATA
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
HOW DO WE COLLECT INFORMATION FROM YOU?
- INFORMATION WE COLLECT WHEN YOU VISIT OUR SITE
We will collect personal information that you provide to us when you:
- Visit our website.
- Create an account on our site.
- Place an order through our site.
- Fill in forms on our site, for example to leave feedback, enter a competition or respond to a survey.
- Subscribe to our mailing list.
- Contact us via telephone or email.
- Interact with us on our social media channels.
We may also collect information about you from service providers and other third parties that provide information to us, such as Business Partners (as defined below), advertising networks, public sources, social media platforms and networks.
Any personal information you provide to us in the ways listed above is voluntary. However, if you do not provide this information to us, we may be unable to provide products and services to you or interact or communicate with you effectively.
We will also collect certain information automatically when you visit our site, in particular:
- We record details of the resources that you access to visit our site (for example, URL addresses, traffic data etc.).
- We record information about the type of device you have used to visit our Site, your device settings, and the cause of any system errors. Your device manufacturer or operating system provider will have further details on what information your device makes available.
We may also combine information that we receive from the various sources and make inferences from the information to create a profile about you reflecting your preferences and characteristics.
- INFORMATION WE COLLECT WHEN YOU PURCHASE OUR PRODUCTS ONLINE OR INSTORE.
- For any type of purchase, we will collect your name, email address, billing and shipping address, telephone number, credit card numbers, and other payment information. We will keep your shopping history (what you bought, what you viewed, when and where you bought it and how you paid for it) if we can relate the purchase to your account. This information may also be used as part of fraud checks or flags raised about your transactions, payment card refusals and complaints.
- If you purchase an item or gift card or ask us to deliver your purchase to someone else, we will collect the recipient’s name, postal address and email address to send the item or gift card to the recipient. If you ask us to do so, we also may use this information to notify the recipient of your gift before it arrives.
- INFORMATION WE COLLECT WHEN YOU CONTACT US
We will collect personal information about you when you contact us by telephone, e-mail, online chat function or via social media. We may monitor, record and store such communication with you as needed and, for training and/or quality purposes.
- INFORMATION WE COLLECT IF YOU APPLY FOR A JOB WITH US
You may be able to apply for a job with us through our site, in-store or through third party websites such as LinkedIn. The personal information we collect about you may include your name, contact details, employment history, and any information set out in your CV, with personal information being shared with third-party agencies as part of Castore and J.Carter Sporting Club Ltd background checks.
HOW WE USE YOUR INFORMATION
European data protection laws require us to have a specific legal reason (also known as a ‘lawful basis’) and purpose to use your personal information. We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where we need to perform the contract we are about to enter into or have entered into with you.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal obligation.
Go to the Glossary to find out more about the types of lawful basis that we will rely on to process your personal data.
Generally, we do not rely on consent as a legal basis for processing your personal data although we will get your consent before sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.
- WE WILL PROCESS YOUR PERSONAL DATA AS PART OF THE PERFORMANCE OF OUR CONTRACT WITH YOU
When we perform the following activities, we will need to process your personal data for the Performance of Our Contract with you.
- To provide you with an account on our site, If you choose to sign up for one.
- To fulfil any order that you place with us.
- To collect payment from you.
- To provide you with a receipt if you ask us to send this to you electronically.
- To protect and defend our legal rights and interests.
- WHERE WE HAVE A LEGITIMATE INTEREST IN USING YOUR PERSONAL INFORMATION:
When we process your personal data in the following ways, our lawful basis for doing so is because we have a Legitimate Interest in doing so, i.e. it is necessary for us to promote our business, brand and products and services.
To contact you by post, email, or text message marketing communications about our products and services in accordance with the preferences you select when you sign up to receive updates or purchase products. You can change your preferences via the unsubscribe link on any communication from us, or by withdrawing your consent by email us at firstname.lastname@example.org.
- To deliver tailored advertising (including via social media) to personalise our marketing communications based on your attributes; and any preferences we have observed, such as the types of offers that interest you, or the areas of our website that you visit.
- To administer and monitor our site, including to ensure that content is presented in the most effective manner for you and for your device, and to allow you to participate in interactive features when you choose to.
Some of this information may be identifiable to you because you have logged in to your account, or because we have collected details of your IP address or the device that you have used to access the website. The geographic region and location which your device reports to us will also be collected so we can improve the customer experience.
- WHERE THE PROCESSING IS REQUIRED FOR US TO COMPLY WITH OUR LEGAL OBLIGATIONS:
- To comply with a request from you in connection with the exercise of your data protection rights (for example where you have asked us not to contact you for marketing purposes, we will keep a record of this on our suppression lists in order to be able to comply with our legal obligations).
- To keep a record of the data protection rights that you have exercised, and which relate to our processing of your personal information.
We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising.
- Promotional offers from us
We may use your personal data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing).
You will receive marketing communications from us if you have requested information from us or purchased goods or services from us and you have not opted out of receiving that marketing.
- Third-party marketing
We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.
- Opting out
You have the option to unsubscribe from our e-mails through the unsubscribe link at the bottom of every e-mail we send to you. You also have the option to unsubscribe from our text messaging by following the instructions in the text message or contacting the Customer Services team.
If you want to change the details that you have registered with us or would like to amend your marketing preferences or unsubscribe altogether, this can be changed in the “My Profile” section of our Site or by contacting our Customer Services team.
You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you.
Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product/service purchase, warranty registration, product/service experience or other transactions.
- Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
WHO WE WILL SHARE YOUR INFORMATION WITH
We will share your personal data with our service providers, business partners, our parent company and affiliated entities. We have in place an agreement with our service providers (including our parent company J.Carter Sporting Club Ltd) which restricts how they are able to process your personal information and requires them to keep it secure. Every external company we work with has a contract with us which clearly sets out our expectations and requirements in handling personal information and obligates them to meet these standards and those contained in the General Data Protection Regulation (GDPR).
- We share your information with our core service providers and third-party platforms as required for our business to function; for example, picking, packaging and processing orders, fulfilling deliveries, customer support, fraud detection, credit risk reduction checks, IT systems support, and internal audits.
- If you choose to provide feedback on your transaction, we will share your information with third-party feedback sites who will capture your feedback on transactions which we use to enhance our customer service.
- Your information may be processed by a third-party in order to maintain the functionality of our site and database.
- In the event that you are logged into your account and add items to your basket but do not complete a transaction, Klaviyo will automatically send you an e-mail to remind you that there are items in your basket.
- If you have created an account and have updated your date of birth on your profile, Klaviyo will automatically send you an e-mail with a birthday incentive.
- Whilst you are a member of our mailing list, we may share your information with trusted non-core service providers, such as marketing partners we have carefully selected to deliver incentives to participate in offers, polls, surveys, analysis or research, all of which assist us in enhancing the service to our customers. Please note they are not permitted to use your information after you unsubscribe.
- We may share any of your personal data with a prospective purchaser or purchaser of any part of our business, or otherwise in connection with a sale, merger, change of control, bankruptcy, or similar transaction on the basis of our legitimate interests and the interests of our purchaser, so that they can appropriately value the business and assess any risks and continue doing business with you after the acquisition.
- We may share your personal information: (a) as required by law or legal process; (b) to investigate suspected fraud, harassment, or other violations of any law, rule, or regulation; (c) to investigate suspected violations of any terms or policies applicable to the website or the services provided by us or our third-party providers or affiliates; or (d) where we reasonably conclude that it is necessary for defending, exercising or establishing our legal rights.
- Business Partners. If you have consented, we may share your personal information with third parties for their own purposes (“Business Partners”) (or their service providers), such as for marketing purposes. In many cases, such sharing is related to our operation of the website, such as sharing your personal information with a Business Partner when you purchase that Business Partner's merchandise from us. You may contact us to opt out of such sharing in some cases. However, we do not control how Business Partners use and share your information once they receive it. You will need to contact such Business Partners directly for information about their privacy practices or to exercise rights you may have (including if you would like to opt-out of receiving future emails from a Business Partner).
- We work with Epsilon Abacus (registered as Epsilon International UK Ltd), a company that manages the Abacus Alliance on behalf of UK retailers. The participating retailers are active in the clothing, collectables, food & wine, gardening, gadgets & entertainment, health & beauty, household goods, and home interiors categories. They share information on what their customers buy. Epsilon Abacus analyses this pooled information to understand consumer’s wider buying patterns. From this information, retailers can tailor their communications, sending people suitable offers that should be of interest to them, based on what they like to buy.
We may also share your name, address, email address and transaction history with data selection analysts, data segmentation and ranking agencies, email marketing agencies and prospect modelling agencies. This is to help us analyse our customer base, identify potential new customers, and to target our marketing in a way that is most relevant for our customers. In all instances, we provide them with only the information they need to perform their function.
We will also use services offered by Google, Facebook, Twitter, Instagram and other social media platforms to better tailor our marketing communications and for targeted advertising, where you have consented to receive marketing communications. This means that we may share details of existing customers with third parties to create ‘lookalike’ audiences. We do this to build a better picture of the type of individuals who may be interested in our products and focus our marketing activity on those individuals. This marketing activity may occur on one of our sites or on other websites that you may visit including social media sites.
We receive insights from Facebook about the effectiveness of our advertising campaigns which you experience on our site and social channels. This helps to better target our advertising.
If you would like more information about how your personal information may be transmitted, and the safeguards applied, please contact email@example.com. You may have the right to object to your personal information being used in this way (see “EXCERCISING YOUR RIGHTS” below).
Many of our external third parties are based outside the UK so their processing of your personal data will involve a transfer of data outside the UK.
Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data.
- Where we use certain service providers, we may use specific contracts approved for use in the UK which give personal data the same protection it has in the UK.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
HOW LONG WE KEEP YOUR INFORMATION
We will only retain your personal information for the purposes set out in the policy and for as long as we have a legal or business requirement to do so. By law, different retention periods apply for to different types of records and data, however the longest we will normally hold any personal data is 7 years from the date of your last transaction. Our Data Retention Period has been determined to cover contractual and legal requirements, credit risk, fraud detection and customer service periods, as well as to cover regulatory requirements, and the resolution of disputes or fraud prevention.
HOW WE STORE YOUR INFORMATION
Your information may be processed by our staff or by the staff of our suppliers to the extent necessary to fulfil your order. By submitting your personal information to us, you agree to the transfer of your personal information, its storage and processing.
We will keep the data which we collect from you on a secure server. Any information you give us relating to credit card details is handled by a PCI DSS compliant third party and encrypted using secure server technology. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access and require our suppliers to do the same.
How is the data collected in-store stored?
Where we have given you a password (or where you have chosen one) to access certain parts of this site. It is your responsibility for keeping this password confidential. We ask that you do not share your password with anyone.
YOUR LEGAL RIGHTS
Under certain circumstances, you have rights under data protection laws in relation to your personal data. Please click on the links below to find out more about these rights:
- Request access to your personal data.
If you wish to exercise any of the rights set out above, please contact us.
No fee usually required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
EXERCISING YOUR RIGHTS
Please contact us if you have any concern about how your personal information is processed at firstname.lastname@example.org and we will try to resolve your concerns. You have certain rights in relation to personal information that we hold about you, including the right to request access to your personal information that we hold about you, including the right to request access to your personal information, to request that it is erased, that its processing is restricted, or that any inaccurate personal information is rectified. You may also have the right to object to the processing of your personal information, or in some circumstances to obtain a copy of the personal information in a machine read-able format and will always have a right at any time to withdraw any consent you have given to us. You have the right to object or withdraw your consent (as applicable) to any use we make of your personal information for direct marketing purposes.
You have the option to unsubscribe from our emails through the unsubscribe link at the bottom of every e-mail we send to you. You also have the option to unsubscribe form our text messaging by following the instructions in the text message or contacting the Customer Service team at email@example.com. If you want to change the details that you have registered with us or would like to amend your marketing preferences or unsubscribe altogether, this can be changed in the “My Profile” section of our Site or by contacting our Customer Services team at firstname.lastname@example.org.
“Legitimate Interest” means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.
“Performance of Our Contract” with you means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
“Comply with a Legal Obligation” means processing your personal data where it is necessary for compliance with a legal obligation that we are subject to.
YOUR LEGAL RIGHTS
You have the right to:
- Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
- Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
- Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
- Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
- If you want us to establish the data's accuracy.
- Where our use of the data is unlawful but you do not want us to erase it.
- Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
- You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.