Stance Privacy Notice

Stance Privacy Notice

 

Data we collect and how we collect it

 

At Stance we collect data directly from individuals and we never purchase or acquire data outside of the public domain. We collect, process and store data of employees, prospective employees, partners, customers of Stance and 3rd party suppliers.

 

We never collect sensitive or special category data other than to satisfy additional laws outside of data protection such as employment law or when you give it to us directly.

 

Here is a useful table:

 

Data

Stance Customers

Partners

3rd Party Suppliers

Name

Address

Email

Phone number

Purchase history

 

 

IP Address*

 

*when visiting our website

 

Data we collect for employment purposes can be found within our employee contracts and full data protection policy. This notice relates directly to customers of Stance.

 

Customers of Stance = customers who visit the Stance website, receive marketing via email or SMS and place orders with us

3rd Parties = suppliers of goods or services to Stance

Employee = someone who works for Stance

Prospective employee = someone who has applied for or has been approached directly by Stance for a vacant job role

 

Your Privacy Choices and Rights

 

Your choices

 

You can choose not to provide us with personal data. If you choose to do this, you can continue to use the Stance website(s) and browse its pages, but we will not be able to process transactions or continue a relationship without personal data.

 

You can block cookies by activating a setting on our cookie banner allowing you to refuse cookies. You can also delete cookies through your browser settings. If you turn off cookies, you can continue to use the Stance website(s) and browse its pages. See the cookie section below for further detail.

 

You can opt out from marketing by clicking the unsubscribe option in any of our marketing communications. 

 

Your rights

 

You can exercise your rights by sending us an email at help@stance.eu.com

 

You have the right to access information we hold about you. This includes the right to ask us supplementary information about:

  • the categories of data we’re processing
  • the purposes of data processing
  • the categories of third parties to whom the data may be disclosed
  • how long the data will be stored (or the criteria used to determine that period)
  • your other rights regarding our use of your data

 

We will provide you with the information within one month of your request, unless doing so would adversely affect the rights and freedoms of other (e.g. another person’s confidentiality or intellectual property rights). We’ll tell you if we can’t meet your request for that reason.

 

You have the right to make us correct any inaccurate personal data about you.

 

You can object to us using your data for profiling you or making automated decisions about you

 

We may use your data to determine whether we should let you know information that might be relevant to you (for example, tailoring emails or social media advertising to you based on your behaviour).

 

You have the right to port your data to another service. We will give you a copy of your data in CSV format so that you can provide it to another service.

 

If you ask us and it is technically possible, we will directly transfer the data to the other service for you. We will not do so to the extent that this involves disclosing data about any other individual.

 

You have the right to be ‘forgotten’ by us. You can do this by asking us to erase any personal data we hold about you, if it is no longer necessary for us to hold the data for purposes of your relationship with Stance or any other law.

 

You have the right to lodge a complaint regarding our use of your data, please tell us first, so we have a chance to address your concerns. If we fail in this, you can address any complaint to the UK Information Commissioner’s Office, either by calling their helpline or as directed on their website at www.ico.org.uk.

 

These rights apply to all of the data categories listed in the ‘Data we collect and how we collect it’ section

 

Security

 

We do everything we can to ensure the security of your data.

 

In today’s data driven and connected world the security of your data is more important than ever. We recognise this and have implemented security to keep your data safe.

 

All staff are bound by confidentiality and will never disclose or share your data unless authorised to do so.

 

Stance’s data protection role

 

Stance is a controller in relation to your data, we are not a processor or a sub processor of any other brand or company. As a controller we use 3rd parties to process data, please see below in the 3rd parties section.

 

Where is your data stored?

 

Like most companies Stance utilises 3rd parties to provide services to our customers and to store data. A list of the 3rd parties who process personal data is listed below.

 

These 3rd parties will be based in the UK, EEA and in some cases outside of the both the UK and EEA.

 

Stance conducts thorough reviews of all of its 3rd parties, including data protection agreements, where possible to ensure that every possible safeguard is in place and that the data is secure. Should there be a possibility that data could be exposed to a high level of risk a Data Protection Impact Assessment will be completed and will be available upon request.

 

3rd parties

 

Stance works with a number of 3rd parties to offer ecommerce solutions in order to be able to offer online shopping to our customers, most of which do not process customer data in any way, below is a list of those who have access to or process your data and a brief description of what they do.

 

 

3rd Party

Brief Description

vvast

vvast manages the full ecommerce solution for Stance in the UK and EEA. When you shop online with Stance, vvast will process and fulfil your order. For more information please click here vvast

Amazon/AWS

Amazon market place and AWS data storage solutions

Brightpearl

Digital operations platform that integrates with Shopify

Divaaco

Analysis of brand trading and product purchasing for future optimisation

Experian

Marketing Services Provider

Facebook Group

Advertising of brand products via lookalike audiences, cookies/pixels and custom audiences

Google

Analytics via cookie/pixel information

Hectic Numbers

vvast’s sister company who provide trade reporting to Stance

Klaviyo

Marketing via brand website sign up

Mention Me

Customer recommendation tool

Nosto

Product recommendation tool

Paypal

Payment processor. Stance does not share data with Paypal, you will be re-directed to Paypal when using this service

Power BI (Microsoft)

Business Intelligence platform to analyse trading and product trends

RIF

Warehouse, stock and delivery fulfilment

Shiptheory

Shipping integration and label printing

Shopify

The platform that Stance UK and EU websites is built upon

Stitch Data (Talend)

A tool to move data securely from Brightpearl to Power BI via AWS for trade analysis

Stripe

Payment processor

Trustpilot

Customer review platform

Upward Comms

Contact center and fulfillment

Zendesk

Customer services platform

 

Marketing

 

Stance would love to keep in touch with you and when you sign up to receive marketing and open an account with us we will send you emails, SMS messages (where you have submitted your phone number) and will also display customised Facebook advertising when you log in to your Facebook profile.

 

These messages will be Stance specific, we do not sell your data or share it with other brands for advertising purposes, your data is used only to promote Stance goods and offers when signing up to marketing.

 

Our marketing messages are sent via Klaviyo, a specialist ecommerce marketing tool. You can opt out of marketing at any time by clicking the unsubscribe link in your emails and SMS messages or by contacting us directly.

 

There will be occasions when Stance sends administrative messages such as order updates, these messages are not deemed to be marketing and cannot be opted out of.

 

Marketing and administration emails that you receive from Stance will contain a tracking pixel. This pixel lets us know things such as the open rates and click rates of our email campaigns.

 

The pixel also lets us know if an email has not been delivered so that we are able to update our records and keep them current.

 

When we analyse the data we do so from an aggregated perspective, meaning that we report upon an overall number of open rates and click rates.

 

We use Klaviyo to send our marketing and administration emails and you can find out more about how Klaviyo secures your data by following this link: https://www.klaviyo.com/legal

 

We will share your data with the Marketing Services Providers listed below, who will use it for a variety of direct marketing purposes.

 

Marketing Services Providers carry out data profiling. They will combine your data with data they get from other sources (including public sources) and use it to create “predictive models”. Marketing Services Providers use these models to try to predict behaviour and preferences (e.g. how likely you are to buy a holiday online or take a particular type of holiday) or likely circumstances (e.g. whether you are eligible for a particular credit card). 

 

Marketing Services Providers will also try to match and then link your data with data that they receive about you from other sources, to make sure that the data they hold about you is correct (e.g. to check whether you have recently moved address). 

 

They share your data, including the profiled data they have created about you, primarily to:

 

-        help organisations better understand the likely characteristics of their customers (and find others like them); 

-        improve the relevancy and appropriateness of an organisation’s marketing to its customers (e.g. offers, its products and services); and 

-        help them communicate with their customers more effectively offline and online. This may mean that you receive tailored advertising via direct mail or when you visit a website. 

 

To understand more about the use of your data by Marketing Services Providers, and to find out how to exercise your data protection rights in relation to their use of your data (including how to opt-out), please click through to the websites of the companies below:

 

Experian Ltd - https://www.experian.co.uk/marketing-services/consumer-information-portal

 

Payment processing

 

Stance does not collect your payment details or process them in any way. Our payment platform is powered by Stripe via Shopify Payments. The use of Paypal is user defined based on a direct relationship with either or both companies, all data processed by Paypal is done by you as a customer with no processing from Stance.

 

To understand more about Stripe please click here Stripe

 

How long is your data stored?

 

Once per year we perform a full cleanse of data to ensure that we are only processing the data of those individuals who have an ongoing and active relationship with Stance.

 

As part of our Record of Processing Activities we have defined the length of time we store all of our data, should your data be due for deletion it will be erased during the yearly data cleanse.

 

To understand data retention in relation to your data please feel free to contact us at help@stance.eu.com

 

Cookies

 

To further improve your shopping experience, we store information about you using cookies which are files sent by us to your computer or other access device which we can access when you visit our site at some point in the future.  The cookies we use enable us to save your bag for later, track the opening of our emails, for example. We use a number of different cookies on our site. If you do not know what cookies are or how to control or delete them then we recommend that you visit http://www.aboutcookies.org for detailed guidance.

 

The list below describes the cookies we use on this site and what we use them for.

 

There are four main types of cookies we store – here’s how and why we use them.

 

(1) Site functionality cookies (necessary) – these cookies allow you to navigate the site and use our features, such as “Add to Bag” and “Save for Later”.

 

(2) Site analytics cookies – these cookies allow us to measure and analyse how our customers use the site, to improve both its functionality and your shopping experience.

 

(3) Customer preference cookies – when you are browsing or shopping on Stance Europe, these cookies will remember your preferences (like your language or location), so we can make your shopping experience as seamless as possible, and more personal to you.

 

(4) Targeting or advertising cookies – these cookies are used to deliver ads relevant to you. They also limit the number of times that you see an ad and help us measure the effectiveness of our marketing campaigns.

 

You can manage your cookie preferences via the cookie banner.

 

First Party Cookies

 

These are cookies that are set by this website directly.

 

We use Persistent Basket Cookie to remember what you have put into your shopping basket over an extended period of time. This Cookie only stores basic data about your basket strictly for use by our website.  The cookie has an expiration of 90 days to 24 months.

 

We use a session cookie to remember your log in for you if you are a registered user and we deem these as being strictly necessary to the working of the website. If these are disabled then various functionality on the site will be broken.

 

Third Party Cookies

 

Our website may also use a website recording service which may record mouse clicks, mouse movements, page scrolling and any text keyed into website forms. Data collected by this service is used to improve our website usability. The information collected is stored and is used for aggregated and statistical reporting, and is not shared with anybody else.

 

Governing Law

 

  1. The terms and conditions shall be governed by and construed in accordance with the laws of England and you irrevocably submit to the exclusive jurisdiction of the courts of England and Wales

 

We use a number of different cookies on our site. If you do not know what cookies are or how to control or delete them then we recommend that you visit http://www.aboutcookies.org for detailed guidance.

 

Further Information:

 

More information on session cookies and what they are used for can be found here, All About Cookies 

 

Cookie

Domain

Description

Duration

Type

_shopify_fs

.stance.eu.com

This cookie is associated with Shopify's analytics suite.

11 months 29 days 23 hours 59 minutes

Analytics

secure_customer_sig

stance.eu.com

This cookie is set by the website built on the Shopify platform and is used in connection with customer login.

11 months 29 days 23 hours 59 minutes

Necessary

_shopify_country

stance.eu.com

This cookie is used to store and evaluate the preferred country settings opted by the visitor.

29 minutes

Performance

cart_currency

stance.eu.com

This is an essential cookie for the secure checkout and payment function on the website. This cookie is provided by shopify.com.

13 days 23 hours 59 minutes

Necessary

_orig_referrer

.stance.eu.com

This cookie is set by the website built on the Shopify platform and is used in association with the shopping cart.

13 days 23 hours 59 minutes

Necessary

_landing_page

.stance.eu.com

This cookie is set by the website built on the Shopify platform and is used to track landing pages.

13 days 23 hours 59 minutes

Analytics

_y

.stance.eu.com

This cookie is associated with Shopify's analytics suite.

11 months 29 days 23 hours 59 minutes

Analytics

_s

.stance.eu.com

This cookie is associated with Shopify's analytics suite.

29 minutes

Analytics

_shopify_y

.stance.eu.com

This cookie is associated with Shopify's analytics suite.

11 months 29 days 23 hours 59 minutes

Analytics

_shopify_s

.stance.eu.com

This cookie is associated with Shopify's analytics suite.

29 minutes

Analytics

nostojs

stance.eu.com

Nosto cookie to track customer page impressions and offer an improved customer experience

3 years 11 months 28 days 23 hours 59 minutes

Other

_gcl_au

.stance.eu.com

This cookie is used by Google Analytics to understand user interaction with the website.

2 months 28 days 23 hours 59 minutes

Analytics

NOSTO_SESSION

connect.nosto.com

Nosto cookie to track customer page impressions and offer an improved customer experience

7 hours 59 minutes

Other

MUID

.bing.com

Used by Microsoft as a unique identifier. The cookie is set by embedded Microsoft scripts. The purpose of this cookie is to synchronize the ID across many different Microsoft domains to enable user tracking.

1 years 23 days 23 hours 59 minutes

Advertisement

2c.cId

stance.eu.com

Nosto cookie to identify browsers between their visits to the site. Each browser is given a unique random identifier created by Nosto. Information about the browser's behavior on the site is then stored into Nosto's service as a customer profile under this identifier. The purpose and usage of this cookie is very similar to how web analytics tools, such as Google Analytics, work.

3 years 11 months 28 days 23 hours 59 minutes

Other

shopify_pay_redirect

stance.eu.com

This cookie is used by a website using the Shopify platform and is used in enabling secure payment and checkout from the e-commerce store.

59 minutes

Necessary

__kla_id

stance.eu.com

This cookie tracks when you click through a Stance email to our website

1 years 11 months 28 days 23 hours 59 minutes

Other

_shopify_sa_t

.stance.eu.com

This cookie is set by Shopify and is used for analytics relating to marketing and referrals.

29 minutes

Analytics

_shopify_sa_p

.stance.eu.com

This cookie is set by Shopify and is used for analytics relating to marketing and referrals.

29 minutes

Analytics

_ga

.stance.eu.com

This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.

1 years 11 months 28 days 23 hours 59 minutes

Analytics

_gid

.stance.eu.com

This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visited in an anonymous form.

23 hours 59 minutes

Analytics

_uetsid

.stance.eu.com

These cookies are used to collect analytical information about how visitors use the website. This information is used to compile report and improve site.

23 hours 59 minutes

Analytics

_uetvid

.stance.eu.com

This is a cookie utilised by Microsoft Bing Ads and is a tracking cookie. It allows us to engage with a user that has previously visited our website.

16 days 5 hours 59 minutes

Other

_ga_5GE0TR6RDZ

.stance.eu.com

Google Analytics cookie to distinguish users

1 years 11 months 28 days 23 hours 59 minutes

Other

_gat

.stance.eu.com

This cookie is installed by Google Universal Analytics to throttle the request rate to limit the collection of data on high traffic sites.

1 minute

Performance

_fbp

.stance.eu.com

This cookie is set by Facebook to deliver advertisements when customers are on Facebook or a digital platform powered by Facebook advertising after visiting this website.

2 months 28 days 23 hours 59 minutes

Advertisement

fr

.facebook.com

The cookie is set by Facebook to show relevant advertisements to the users and measure and improve the advertisements. The cookie also tracks the behaviour of the user across the web on sites that have Facebook pixel or Facebook social plugin.

2 months 28 days 23 hours 59 minutes

Advertisement

__cfduid

.shop.app

The cookie is used by cdn services like CloudFare to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It does not correspond to any user ID in the web application and does not store any personally identifiable information.

29 days 23 hours 59 minutes

Necessary

_pay_session

.shop.app

The domain of this cookie is owned by Shopify. This cookie is used for enabling secure checkout and payment function on the website.

1 minute

Necessary

NOSTO_ERRORS

connect.nosto.com

Nosto cookie to track customer page impressions and offer an improved customer experience

past

Other

NOSTO_FLASH

connect.nosto.com

Nosto cookie to track customer page impressions and offer an improved customer experience

past

Other

 

Breaches

 

Should a breach of your data occur that is likely to result in the harm to the rights and freedoms on an individual or group of individuals Stance will notify those involved within 72 hours along with the ICO, where applicable.

 

Additional information

 

Stance has not appointed a statutory Data Protection Officer as we are not required to by law, however, we have the use of a dedicated Privacy and Compliance Manager to manage our compliance with all applicable UK/EU Data Protection laws via vvast, who manage our ecommerce solutions.

 

A Record of Processing Activities (ROPA), in which the lawful basis for processing all of Stance customer data in the UK and EU is listed is maintained. Wherever Legitimate Interests is relied upon an impact assessment has been created which is available upon demand to those who’s data is included.

 

If you would like to speak to a human in regard to your data please feel free to email us at help@stance.eu.com and we will be happy to talk further.