Stance Privacy Notice
Stance Privacy Notice
Data we collect and how we collect it
At Stance we collect data directly from individuals and we never purchase or acquire data outside of the public domain. We collect, process and store data of employees, prospective employees, partners, customers of Stance and 3rd party suppliers.
We never collect sensitive or special category data other than to satisfy additional laws outside of data protection such as employment law or when you give it to us directly.
Here is a useful table:
Data |
Stance Customers |
Partners |
3rd Party Suppliers |
Name |
✓ | ✓ | ✓ |
Address |
✓ | ✓ | ✓ |
|
✓ | ✓ | ✓ |
Phone number |
✓ | ✓ | ✓ |
Purchase history |
✓ |
|
|
IP Address* |
✓ | ✓ | ✓ |
*when visiting our website
Data we collect for employment purposes can be found within our employee contracts and full data protection policy. This notice relates directly to customers of Stance.
Customers of Stance = customers who visit the Stance website, receive marketing via email or SMS and place orders with us
3rd Parties = suppliers of goods or services to Stance
Employee = someone who works for Stance
Prospective employee = someone who has applied for or has been approached directly by Stance for a vacant job role
Your Privacy Choices and Rights
Your choices
You can choose not to provide us with personal data. If you choose to do this, you can continue to use the Stance website(s) and browse its pages, but we will not be able to process transactions or continue a relationship without personal data.
You can block cookies by activating a setting on our cookie banner allowing you to refuse cookies. You can also delete cookies through your browser settings. If you turn off cookies, you can continue to use the Stance website(s) and browse its pages. See the cookie section below for further detail.
You can opt out from marketing by clicking the unsubscribe option in any of our marketing communications.
Your rights
You can exercise your rights by sending us an email at help@stance.eu.com
You have the right to access information we hold about you. This includes the right to ask us supplementary information about:
- the categories of data we’re processing
- the purposes of data processing
- the categories of third parties to whom the data may be disclosed
- how long the data will be stored (or the criteria used to determine that period)
- your other rights regarding our use of your data
We will provide you with the information within one month of your request, unless doing so would adversely affect the rights and freedoms of other (e.g. another person’s confidentiality or intellectual property rights). We’ll tell you if we can’t meet your request for that reason.
You have the right to make us correct any inaccurate personal data about you.
You can object to us using your data for profiling you or making automated decisions about you
We may use your data to determine whether we should let you know information that might be relevant to you (for example, tailoring emails or social media advertising to you based on your behaviour).
You have the right to port your data to another service. We will give you a copy of your data in CSV format so that you can provide it to another service.
If you ask us and it is technically possible, we will directly transfer the data to the other service for you. We will not do so to the extent that this involves disclosing data about any other individual.
You have the right to be ‘forgotten’ by us. You can do this by asking us to erase any personal data we hold about you, if it is no longer necessary for us to hold the data for purposes of your relationship with Stance or any other law.
You have the right to lodge a complaint regarding our use of your data, please tell us first, so we have a chance to address your concerns. If we fail in this, you can address any complaint to the UK Information Commissioner’s Office, either by calling their helpline or as directed on their website at www.ico.org.uk.
These rights apply to all of the data categories listed in the ‘Data we collect and how we collect it’ section
Security
We do everything we can to ensure the security of your data.
In today’s data driven and connected world the security of your data is more important than ever. We recognise this and have implemented security to keep your data safe.
All staff are bound by confidentiality and will never disclose or share your data unless authorised to do so.
Stance’s data protection role
Stance is a controller in relation to your data, we are not a processor or a sub processor of any other brand or company. As a controller we use 3rd parties to process data, please see below in the 3rd parties section.
Where is your data stored?
Like most companies Stance utilises 3rd parties to provide services to our customers and to store data. A list of the 3rd parties who process personal data is listed below.
These 3rd parties will be based in the UK, EEA and in some cases outside of the both the UK and EEA.
Stance conducts thorough reviews of all of its 3rd parties, including data protection agreements, where possible to ensure that every possible safeguard is in place and that the data is secure. Should there be a possibility that data could be exposed to a high level of risk a Data Protection Impact Assessment will be completed and will be available upon request.
3rd parties
Stance works with a number of 3rd parties to offer ecommerce solutions in order to be able to offer online shopping to our customers, most of which do not process customer data in any way, below is a list of those who have access to or process your data and a brief description of what they do.
3rd Party |
Brief Description |
vvast |
vvast manages the full ecommerce solution for Stance in the UK and EEA. When you shop online with Stance, vvast will process and fulfil your order. For more information please click here vvast |
Amazon/AWS |
Amazon market place and AWS data storage solutions |
Brightpearl |
Digital operations platform that integrates with Shopify |
Divaaco |
Analysis of brand trading and product purchasing for future optimisation |
Experian |
Marketing Services Provider |
Facebook Group |
Advertising of brand products via lookalike audiences, cookies/pixels and custom audiences |
|
Analytics via cookie/pixel information |
Hectic Numbers |
vvast’s sister company who provide trade reporting to Stance |
Klaviyo |
Marketing via brand website sign up |
Mention Me |
Customer recommendation tool |
Nosto |
Product recommendation tool |
Paypal |
Payment processor. Stance does not share data with Paypal, you will be re-directed to Paypal when using this service |
Power BI (Microsoft) |
Business Intelligence platform to analyse trading and product trends |
RIF |
Warehouse, stock and delivery fulfilment |
Shiptheory |
Shipping integration and label printing |
Shopify |
The platform that Stance UK and EU websites is built upon |
Stitch Data (Talend) |
A tool to move data securely from Brightpearl to Power BI via AWS for trade analysis |
Stripe |
Payment processor |
Trustpilot |
Customer review platform |
Upward Comms |
Contact center and fulfillment |
Zendesk |
Customer services platform |
Marketing
Stance would love to keep in touch with you and when you sign up to receive marketing and open an account with us we will send you emails, SMS messages (where you have submitted your phone number) and will also display customised Facebook advertising when you log in to your Facebook profile.
These messages will be Stance specific, we do not sell your data or share it with other brands for advertising purposes, your data is used only to promote Stance goods and offers when signing up to marketing.
Our marketing messages are sent via Klaviyo, a specialist ecommerce marketing tool. You can opt out of marketing at any time by clicking the unsubscribe link in your emails and SMS messages or by contacting us directly.
There will be occasions when Stance sends administrative messages such as order updates, these messages are not deemed to be marketing and cannot be opted out of.
Marketing and administration emails that you receive from Stance will contain a tracking pixel. This pixel lets us know things such as the open rates and click rates of our email campaigns.
The pixel also lets us know if an email has not been delivered so that we are able to update our records and keep them current.
When we analyse the data we do so from an aggregated perspective, meaning that we report upon an overall number of open rates and click rates.
We use Klaviyo to send our marketing and administration emails and you can find out more about how Klaviyo secures your data by following this link: https://www.klaviyo.com/legal
We will share your data with the Marketing Services Providers listed below, who will use it for a variety of direct marketing purposes.
Marketing Services Providers carry out data profiling. They will combine your data with data they get from other sources (including public sources) and use it to create “predictive models”. Marketing Services Providers use these models to try to predict behaviour and preferences (e.g. how likely you are to buy a holiday online or take a particular type of holiday) or likely circumstances (e.g. whether you are eligible for a particular credit card).
Marketing Services Providers will also try to match and then link your data with data that they receive about you from other sources, to make sure that the data they hold about you is correct (e.g. to check whether you have recently moved address).
They share your data, including the profiled data they have created about you, primarily to:
- help organisations better understand the likely characteristics of their customers (and find others like them);
- improve the relevancy and appropriateness of an organisation’s marketing to its customers (e.g. offers, its products and services); and
- help them communicate with their customers more effectively offline and online. This may mean that you receive tailored advertising via direct mail or when you visit a website.
To understand more about the use of your data by Marketing Services Providers, and to find out how to exercise your data protection rights in relation to their use of your data (including how to opt-out), please click through to the websites of the companies below:
Experian Ltd - https://www.experian.co.uk/marketing-services/consumer-information-portal
Payment processing
Stance does not collect your payment details or process them in any way. Our payment platform is powered by Stripe via Shopify Payments. The use of Paypal is user defined based on a direct relationship with either or both companies, all data processed by Paypal is done by you as a customer with no processing from Stance.
To understand more about Stripe please click here Stripe
How long is your data stored?
Once per year we perform a full cleanse of data to ensure that we are only processing the data of those individuals who have an ongoing and active relationship with Stance.
As part of our Record of Processing Activities we have defined the length of time we store all of our data, should your data be due for deletion it will be erased during the yearly data cleanse.
To understand data retention in relation to your data please feel free to contact us at help@stance.eu.com
Cookies
To further improve your shopping experience, we store information about you using cookies which are files sent by us to your computer or other access device which we can access when you visit our site at some point in the future. The cookies we use enable us to save your bag for later, track the opening of our emails, for example. We use a number of different cookies on our site. If you do not know what cookies are or how to control or delete them then we recommend that you visit http://www.aboutcookies.org for detailed guidance.
The list below describes the cookies we use on this site and what we use them for.
There are four main types of cookies we store – here’s how and why we use them.
(1) Site functionality cookies (necessary) – these cookies allow you to navigate the site and use our features, such as “Add to Bag” and “Save for Later”.
(2) Site analytics cookies – these cookies allow us to measure and analyse how our customers use the site, to improve both its functionality and your shopping experience.
(3) Customer preference cookies – when you are browsing or shopping on Stance Europe, these cookies will remember your preferences (like your language or location), so we can make your shopping experience as seamless as possible, and more personal to you.
(4) Targeting or advertising cookies – these cookies are used to deliver ads relevant to you. They also limit the number of times that you see an ad and help us measure the effectiveness of our marketing campaigns.
You can manage your cookie preferences via the cookie banner.
First Party Cookies
These are cookies that are set by this website directly.
We use Persistent Basket Cookie to remember what you have put into your shopping basket over an extended period of time. This Cookie only stores basic data about your basket strictly for use by our website. The cookie has an expiration of 90 days to 24 months.
We use a session cookie to remember your log in for you if you are a registered user and we deem these as being strictly necessary to the working of the website. If these are disabled then various functionality on the site will be broken.
Third Party Cookies
Our website may also use a website recording service which may record mouse clicks, mouse movements, page scrolling and any text keyed into website forms. Data collected by this service is used to improve our website usability. The information collected is stored and is used for aggregated and statistical reporting, and is not shared with anybody else.
Governing Law
- The terms and conditions shall be governed by and construed in accordance with the laws of England and you irrevocably submit to the exclusive jurisdiction of the courts of England and Wales
We use a number of different cookies on our site. If you do not know what cookies are or how to control or delete them then we recommend that you visit http://www.aboutcookies.org for detailed guidance.
Further Information:
More information on session cookies and what they are used for can be found here, All About Cookies
Cookie |
Domain |
Description |
Duration |
Type |
_shopify_fs |
.stance.eu.com |
This cookie is associated with Shopify's analytics suite. |
11 months 29 days 23 hours 59 minutes |
Analytics |
secure_customer_sig |
stance.eu.com |
This cookie is set by the website built on the Shopify platform and is used in connection with customer login. |
11 months 29 days 23 hours 59 minutes |
Necessary |
_shopify_country |
stance.eu.com |
This cookie is used to store and evaluate the preferred country settings opted by the visitor. |
29 minutes |
Performance |
cart_currency |
stance.eu.com |
This is an essential cookie for the secure checkout and payment function on the website. This cookie is provided by shopify.com. |
13 days 23 hours 59 minutes |
Necessary |
_orig_referrer |
.stance.eu.com |
This cookie is set by the website built on the Shopify platform and is used in association with the shopping cart. |
13 days 23 hours 59 minutes |
Necessary |
_landing_page |
.stance.eu.com |
This cookie is set by the website built on the Shopify platform and is used to track landing pages. |
13 days 23 hours 59 minutes |
Analytics |
_y |
.stance.eu.com |
This cookie is associated with Shopify's analytics suite. |
11 months 29 days 23 hours 59 minutes |
Analytics |
_s |
.stance.eu.com |
This cookie is associated with Shopify's analytics suite. |
29 minutes |
Analytics |
_shopify_y |
.stance.eu.com |
This cookie is associated with Shopify's analytics suite. |
11 months 29 days 23 hours 59 minutes |
Analytics |
_shopify_s |
.stance.eu.com |
This cookie is associated with Shopify's analytics suite. |
29 minutes |
Analytics |
nostojs |
stance.eu.com |
Nosto cookie to track customer page impressions and offer an improved customer experience |
3 years 11 months 28 days 23 hours 59 minutes |
Other |
_gcl_au |
.stance.eu.com |
This cookie is used by Google Analytics to understand user interaction with the website. |
2 months 28 days 23 hours 59 minutes |
Analytics |
NOSTO_SESSION |
connect.nosto.com |
Nosto cookie to track customer page impressions and offer an improved customer experience |
7 hours 59 minutes |
Other |
MUID |
.bing.com |
Used by Microsoft as a unique identifier. The cookie is set by embedded Microsoft scripts. The purpose of this cookie is to synchronize the ID across many different Microsoft domains to enable user tracking. |
1 years 23 days 23 hours 59 minutes |
Advertisement |
2c.cId |
stance.eu.com |
Nosto cookie to identify browsers between their visits to the site. Each browser is given a unique random identifier created by Nosto. Information about the browser's behavior on the site is then stored into Nosto's service as a customer profile under this identifier. The purpose and usage of this cookie is very similar to how web analytics tools, such as Google Analytics, work. |
3 years 11 months 28 days 23 hours 59 minutes |
Other |
shopify_pay_redirect |
stance.eu.com |
This cookie is used by a website using the Shopify platform and is used in enabling secure payment and checkout from the e-commerce store. |
59 minutes |
Necessary |
__kla_id |
stance.eu.com |
This cookie tracks when you click through a Stance email to our website |
1 years 11 months 28 days 23 hours 59 minutes |
Other |
_shopify_sa_t |
.stance.eu.com |
This cookie is set by Shopify and is used for analytics relating to marketing and referrals. |
29 minutes |
Analytics |
_shopify_sa_p |
.stance.eu.com |
This cookie is set by Shopify and is used for analytics relating to marketing and referrals. |
29 minutes |
Analytics |
_ga |
.stance.eu.com |
This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors. |
1 years 11 months 28 days 23 hours 59 minutes |
Analytics |
_gid |
.stance.eu.com |
This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visited in an anonymous form. |
23 hours 59 minutes |
Analytics |
_uetsid |
.stance.eu.com |
These cookies are used to collect analytical information about how visitors use the website. This information is used to compile report and improve site. |
23 hours 59 minutes |
Analytics |
_uetvid |
.stance.eu.com |
This is a cookie utilised by Microsoft Bing Ads and is a tracking cookie. It allows us to engage with a user that has previously visited our website. |
16 days 5 hours 59 minutes |
Other |
_ga_5GE0TR6RDZ |
.stance.eu.com |
Google Analytics cookie to distinguish users |
1 years 11 months 28 days 23 hours 59 minutes |
Other |
_gat |
.stance.eu.com |
This cookie is installed by Google Universal Analytics to throttle the request rate to limit the collection of data on high traffic sites. |
1 minute |
Performance |
_fbp |
.stance.eu.com |
This cookie is set by Facebook to deliver advertisements when customers are on Facebook or a digital platform powered by Facebook advertising after visiting this website. |
2 months 28 days 23 hours 59 minutes |
Advertisement |
fr |
.facebook.com |
The cookie is set by Facebook to show relevant advertisements to the users and measure and improve the advertisements. The cookie also tracks the behaviour of the user across the web on sites that have Facebook pixel or Facebook social plugin. |
2 months 28 days 23 hours 59 minutes |
Advertisement |
__cfduid |
.shop.app |
The cookie is used by cdn services like CloudFare to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It does not correspond to any user ID in the web application and does not store any personally identifiable information. |
29 days 23 hours 59 minutes |
Necessary |
_pay_session |
.shop.app |
The domain of this cookie is owned by Shopify. This cookie is used for enabling secure checkout and payment function on the website. |
1 minute |
Necessary |
NOSTO_ERRORS |
connect.nosto.com |
Nosto cookie to track customer page impressions and offer an improved customer experience |
past |
Other |
NOSTO_FLASH |
connect.nosto.com |
Nosto cookie to track customer page impressions and offer an improved customer experience |
past |
Other |
Breaches
Should a breach of your data occur that is likely to result in the harm to the rights and freedoms on an individual or group of individuals Stance will notify those involved within 72 hours along with the ICO, where applicable.
Additional information
Stance has not appointed a statutory Data Protection Officer as we are not required to by law, however, we have the use of a dedicated Privacy and Compliance Manager to manage our compliance with all applicable UK/EU Data Protection laws via vvast, who manage our ecommerce solutions.
A Record of Processing Activities (ROPA), in which the lawful basis for processing all of Stance customer data in the UK and EU is listed is maintained. Wherever Legitimate Interests is relied upon an impact assessment has been created which is available upon demand to those who’s data is included.
If you would like to speak to a human in regard to your data please feel free to email us at help@stance.eu.com and we will be happy to talk further.