We are Iconix Brand Group, Inc., a group of companies that includes Iconix Brand UK Ltd (company number 08294383), Diamond Icon Ltd (company number 08319211) (each with registered office at 29-31 Dale Street, Manchester, M1 1EY, United Kingdom), Iconix Europe LLC (company number FC034782), Lee Cooper Brands (Management Services) Ltd (company number 07111576) (each with registered office at The Aircraft Factory, Floor 3.1, 100 Cambridge Grove, London, England, W6 0LE, United Kingdom) and such other entities as are in our group and processing the Personal Data of EEA Data Subjects from time to time (“we“, “us“, “our” and “ourselves“).
This policy was last updated on 25 May 2018.
You can contact us with any queries about this policy or how we use your Personal Information by writing to us at Data Protection Manager, c/o Iconix Brand UK Ltd, 29-31 Dale Street, Manchester, M1 1EY, United Kingdom or firstname.lastname@example.org. You can also contact our data protection manager at email@example.com.
2. INFORMATION COLLECTED
We collect Personal Information about you when:
|Collection Method||Personal Information Collected|
|You enter into a contract with us.||Name, title, phone number (if provided), email address, business address and bank details (if provided).|
|You provide your contact details to us whether through your business card or otherwise.||Name, title, phone number, email address, business address and online identifiers (as provided).|
|Every time you email us your details or correspond with us in other ways.||Name, email address, address and any other Personal Information contained in such communication(s).|
You should ensure that any Personal Information you provide to us is true, accurate, current and complete. Please let us know if any of your Personal Information changes by using the contact details above.
3. WHAT WE DO WITH YOUR PERSONAL INFORMATION
|Personal Data||Purpose of Processing||Lawful Basis|
|Name, title, phone number (if provided), email address and address.||To communicate with you in respect of our business relationship.||Our performance of our contract with you.|
|Name, email address, phone number and any other Personal Information contained in your enquiry/request.||To deal with your enquiries and requests.||Necessary for our legitimate interests of providing high quality service to you and dealing with your requests.|
|Name and email address.||To send you our marketing updates by email.||Necessary for our legitimate interests of communicating with you about our brands.|
We only keep your Personal Information for as long as is necessary and you have the right (in certain circumstances) to request that we delete such information.
We will only use your Personal Information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your Personal Information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your Personal Information without your knowledge or consent where this is required or permitted by law.
We may contact you by email and/or SMS with information about products and services that are similar to those we have previously provided to you.
You may ask us at any time not to use your Personal Information for marketing purposes by contacting us at firstname.lastname@example.org
If you wish to unsubscribe from emails and/or other communications sent by us, you may do so at any time by clicking on the “unsubscribe” link that appears in our email messages or by contacting us at email@example.com.
5. DISCLOSURE OF YOUR PERSONAL INFORMATION
We may share or transfer your Personal Information and non-personally identifiable information to:
- Our group companies (and to our/their successors in title) who may be based overseas and who we need to share your Personal Information with in order to perform our contract to provide products/services to you and (in respect of aggregated data) to improve the business performance of our group;
- Our third party licensees who may be based overseas and who we need to share your Personal Information with in order to perform our contract to provide products/services to you;
- Third parties that provide services to us and/or who we engage to process Personal Information on our behalf (please see below for further details);
- Third parties if we buy or sell any company or assets;
- Our professional advisers including lawyers, bankers, auditors and insurers who provide professional services to us (or our group companies); and
- HM Revenue & Customs and other regulatory authorities (to the extent required by law or regulation).
We may share or transfer your Personal Information to the following categories of third party service providers/processors:
- Our IT service provider (who is based in the United States);
- Our email storage system/server provider (which is hosted in the United States);
- Our CMS application providers;
- Our payment processors;
- Our secure shredding providers; and
- Our marketing agencies.
We will not disclose your Personal Information to any other third parties except when:
- We believe in good faith that, amongst other things, disclosure is necessary to lessen or prevent:
- A serious and imminent threat to your life, health or safety; or
- A serious threat to public health or public safety; or
- Unlawful activity has been, is being or may be engaged in; in such circumstances we may use or disclose your Personal Information as a necessary part of our investigation of the matter or in reporting our concern to relevant persons or authorities; or
- Enforcing or applying our Website Terms or any other agreements or to protect our rights or the rights of a third party; or
- Required or authorised by or under law (including, without limitation, Sarbanes Oxley Act audits),
In each case, we shall only disclose such Personal Information as is necessary to satisfy the purpose of such disclosure.
We will not sell or rent your Personal Information to third parties without your consent. We require all third parties to respect the security of your Personal Information and to treat it in accordance with the law. We do not allow our third party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
6. TRANSFERS OF YOUR PERSONAL INFORMATION OUTSIDE THE EUROPEAN ECONOMIC AREA
- The country to which the Personal Information is being transferred has been deemed to provide an adequate level of protection for Personal Information by the European Commission.
- We may use specific contracts (or certification schemes) approved by the European Commission which give Personal Information the same protection it has in Europe.
- Where Personal Information is being transferred to the US, we may transfer Personal Information to them if they are part of the EU-U.S. Privacy Shield Framework, which requires them to provide similar protection to Personal Information shared between the EU and the US.
If you would like further information about the measures we take to protect your Personal Information when it is transferred outside of the EEA, please contact us using the details set out above.
7. COOKIES AND OTHER TRACKING TECHNOLOGIES
8. SECURITY OF INFORMATION
We take reasonable steps to preserve the security of your Personal Information, both online and offline. All your Personal Information is stored on our secure servers (some of which are located outside of the EEA, please see section 6 above).
Once we have received your Personal Information we will use strict procedures and security features to try to prevent unauthorised access (including virus/spam/malware protection software, technical and physical security measures and confidential waste disposal). We also ensure that access to your Personal Information is limited only to those employees, agents, contractors, licensees and other partners who have a business need to know such information and they will only process your Personal Information on our instructions and subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected Personal Information breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
9. RETENTION OF PERSONAL INFORMATION
We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements.
To determine our retention periods, we have considered the amount, nature and sensitivity of your Personal Information, the potential risk of harm from unauthorised use or disclosure of your Personal Information, the purposes for which we process your Personal Information and whether we can achieve those purposes through other means, and the applicable legal requirements.
We keep basic Personal Information relating to a contract for seven years after the contract terminates.
Where you have provided your Personal Information to sign up for our newsletter, or create an account with us, we will retain your information for such time as you wish to continue receiving such newsletter/holding an account with us or, if earlier, you have not engaged with us for at least 2 years.
Where you have provided your Personal Information in the course of completing any market research, survey or competition, we will retain your Personal Information for 12 months.
Where you provide your Personal Information to us in the course of making an enquiry, we will retain such Personal Information for 12 months.
In some circumstances, you may be able to ask us to delete your Personal Information (please see section 15).
11. DATA PROTECTION INFORMATION AND YOUR LEGAL RIGHTS
In the UK, the General Data Protection Regulation and Data Protection Bill (along with any applicable e-privacy laws and regulations) provide the framework for the safety and security of personal data and the uses to which such personal data is put. The Information Commissioner is the UK's supervisory authority for data protection issues and was set up to protect personal information and provide information to individuals and organisations. Please see www.ico.gov.uk for more information.
You have the following rights in respect of your Personal Information:
- A right to request access to the Personal Information we are holding about you;
- A right to request that your Personal Information be rectified;
- A right (in certain circumstances) to object to the processing of your Personal Information;
- A right (in certain circumstances) to request deletion of your Personal Information;
- A right (in certain circumstances) to restrict our processing of your Personal Information;
- A right (in certain circumstances) to portability of your Personal Information; and
- A right to withdraw your consent to our processing of your Personal Information.
To exercise any of these rights, please contact us at Data Protection Manager, c/o Iconix Brand UK Ltd, 29-31 Dale Street, Manchester, M1 1EY, United Kingdom or firstname.lastname@example.org. To enable us to comply with your request, we may require proof of your identity or additional information to confirm your right to make the request or to help us respond to your request more quickly. We try to respond to all legitimate requests within one month of receipt but occasionally it may take us longer if the request is particularly complex or involves a large volume of Personal Information.
If you have a complaint about how we have used your Personal Information you have the right to complain to the Information Commissioner’s Office, although we request that you contact us first before escalating your complaint.