Menu
Search Search Search
Liquid error (sections/header line 689): Could not find asset snippets/mega-search.liquid

UK GDPR PRIVACY POLICY

Version: June 2025

Introduction

At Marli New York Store in London, we are committed to protecting the personal data of our customers, employees, and suppliers while complying with relevant data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. These laws govern how personal information is used by organisations, including businesses and government departments. For more information about UK GDPR and related legislation, please visit:

This Privacy Policy explains how we collect, use, and protect your personal data in accordance with these laws.

1. We collect the following types of personal data:

  • Contact information: name, email address, phone number, and postal address
  • Purchase history: details of transactions, including items purchased and payment methods
  • Payment information: credit/debit card numbers, expiration dates, and security codes (processed securely through our payment gateway)
  • Marketing preferences: communication channels and frequency

We do not collect any special categories of personal data about you. This includes details about race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offenses.

We do not knowingly collect data relating to children.

2. Where we collect your personal information from

We collect personal data in the following ways:

Data You Provide Directly:

  • When you register to purchase goods from us.
  • When you interact with us by phone, in-store, or via email.
  • When you sign up for promotions, events, or newsletters.
  • When you provide feedback.

Data We Collect Automatically:

  • Payment and transaction details.
  • Profile and usage data (e.g., browsing behavior, IP addresses) collected via cookies and tracking technologies (see our Privacy Policy).

Data from Third Parties:

  • Social networks.
  • Public information sources (e.g., Companies House).
  • Agents or contractors working on our behalf (e.g., CRM partners, newsletter distributors, online payment gateways).
  • Referrals from friends.

3. We use your personal data for the following purposes:

We can only use your personal information if we have a valid legal reason to do so, and we must inform you of the specific legal basis for each instance. Below is a table outlining the personal data we collect from you and the legal grounds for each use.

In certain situations, we may process your personal information if we have a legitimate business or commercial reason to do so, as long as it does not override your rights. We will always inform you of the specific legitimate interest that applies.

Purpose

Processing transactions and fulfilling orders

Customer service and support

Sending marketing communications

Complying with tax or legal obligations

Website analytics and improving services

Fraud prevention and security

Personalised advertising

Legal Basis

Performance of a contract (GDPR Art. 6(1)(b))

Legitimate interests (GDPR Art. 6(1)(f))

Consent (GDPR Art. 6(1)(a))

Compliance with legal obligations (GDPR Art. 6(1)(c))

Legitimate interests (GDPR Art. 6(1)(f))

Legitimate interests (GDPR Art. 6(1)(f))

Legitimate interests (GDPR Art. 6(1)(f))

Additionally examples may include:

Consent (GDPR Art. 6(1)(a)): For example, when you agree to receive marketing emails from us. You can withdraw your consent at any time, such as by clicking the "unsubscribe" link in an email or contacting us directly.

Performance of a contract (GDPR Art. 6(1)(b)): For instance, when you purchase products or services from us, we need to use your contact and payment details to process your order and deliver the products or services.

Compliance with the law (GDPR Art. 6(1)(c)): In certain situations, we may be required by law to use or store your personal data. For example, we may need to retain payment information for tax purposes or to handle VAT issues.

Legitimate interests (GDPR Art. 6(1)(f)): When it is necessary for us to understand our customers, promote our products, and efficiently manage our services, both online and offline, globally. Some examples of when we rely on legitimate interests include:

  • Analysing content views on our services to understand usage patterns and improve our offerings.
  • Conducting marketing analysis to better understand your preferences, so we can tailor our marketing to you. This includes promoting our own products and services based on your browsing and purchasing behaviors.
  • Displaying personalised ads based on your interests by creating audience segments. These segments help us target relevant advertisements to you, even on third-party websites like social media platforms.
  • Managing internal administrative tasks, such as accounting and record-keeping, and informing you about any changes to our services.
  • Collecting and logging IP addresses to improve our services and monitor usage.
  • Personalising your experience (e.g. remembering your settings and recognising you on different devices when you sign in).
  • Log Information: We collect information that web browsers, mobile devices, and servers typically make available, such as the browser type, IP address, unique device identifiers, language preference, referring site, the date and time of access, operating system, and mobile network information. We collect log information when you use our Services in order to assess the performance of our systems.
  • Location Information: We may determine the approximate location of your device from your IP address. We collect and use this information to, for example, calculate how many people visit our Services from certain geographic regions.
  • Enabling social media or email sharing of our content.
  • Responding to your inquiries and resolving any complaints.
  • Ensuring the security and integrity of our services, preventing fraud, and ensuring that the services are used in accordance with our terms of use.

4. We share your personal data with:

  • Our payment gateway providers (for secure payment processing)
  • Our delivery partners (for order fulfillment)
  •  Our marketing service providers (for targeted communications)
  • Agents and advisers that we use
  • External service providers (acting as data processors) that provide applications/functionality, data processing or IT services to us (for example, we use third parties to support us in storing processed data)

You can find details of how these third parties use your personal information by looking at their privacy policies, all of which should be available on the relevant websites, or on request.

We require all organisations with whom we share your data to uphold the security of your personal information and comply with legal requirements. Our service providers are not permitted to use your data for their own purposes; they may only process it for specific purposes and in line with our instructions.

5. You have the right to:

  • Be informed about how your data is being used
  • Access your personal data
  • Rectify inaccuracies or incomplete data
  • Erase your personal data (in certain circumstances)
  • Restrict processing of your personal data
  • Object to processing for direct marketing purposes
  • Data portability (request your data in a structured format).
  • Withdraw consent at any time

You have the right to request a copy of the personal information we hold about you by submitting a written request, known as a data subject access request. We aim to respond within one month, but if more time is needed, we will notify you and keep you informed.

If you believe any information, we hold about you is incorrect or incomplete, you have the right to request a correction. Please contact us, and we will take reasonable steps to verify and update the information if necessary.

You may withdraw your consent for us to use your personal information at any time by contacting us. However, withdrawing consent may affect our ability to provide certain products or services.

If we process your personal data based on legitimate interest, you can request that we stop for reasons specific to your situation. We will comply unless we have a compelling legitimate reason to continue processing your data.

6. Automated Decision-Making & Profiling:

We use automated processes for:

  • Personalised marketing: Displaying targeted ads based on browsing and purchase history.
  • Fraud detection: Identifying suspicious transactions.

You have the right to opt-out of automated decision-making or request human intervention.

7. Data Retention:

Your data will be retained for the duration of your contract, as required by us to fulfil our contractual obligations. Following the end of any contract term, we retain your information for a period of 7 years for business analysis purposes.

In certain situations, we may anonymise your personal data so that it can no longer be linked to you. This allows us to use the information for research or statistical purposes indefinitely without further notice. 

We always aim to minimise the amount of personal data we hold. Unless we have received a specific request from you to erase any of your data before our usual retention periods expire, we will destroy/erase with an expired retention period as soon as the retention period has expired.

8. Security Measures:

We take reasonable measures to protect your personal data from unauthorised access, disclosure, alteration, or destruction. These measures include encryption, secure servers, and access controls.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator (including the ICO) of a breach where we are legally required to do so.

9. Failing to provide personal data

If we are required by law or the terms of our contract to collect personal data and you do not provide it when requested, we may be unable to fulfill our contract with you (for example, to supply goods or services). In such cases, we may need to cancel a product or service you have with us, but we will inform you if this becomes necessary.

Additionally, we share information with law enforcement or in response to legal requests.

10. Transferring your personal information outside the EEA

The European Economic Area (EEA) includes EU member states, as well as Iceland, Liechtenstein, and Norway. If we transfer your personal information outside the EEA, we are required to inform you.

We collaborate with carefully selected and trusted third parties, sharing only the necessary information they require to perform their specific services. These third parties are permitted to use your personal information solely for providing services or products to us.

In some cases, sharing your information with these third parties may involve transferring your personal data outside the UK. When this occurs, we implement safeguards to ensure your data receives the same level of protection as it would in the UK. Therefore, transferring data only to countries with an adequacy decision confirming sufficient protection or using standard contractual clauses to uphold data security.

11. Marketing

We may use your personal information to inform you about relevant products and upcoming offers. We will only send you marketing messages if we have your consent or a legitimate interest to do so.

You can opt out of receiving marketing messages at any time by contacting us or using the unsubscribe links included in our communications.

We do not share your personal data with third parties for their marketing purposes. Opting out of marketing messages will not affect the personal data you have provided as part of a purchase, service request, or any other transaction with us.

12. Third party links (if applicable)

Our website may contain links to third-party websites, plug-ins, and applications. By clicking on these links or enabling such connections, third parties may collect or share your data. We do not oversee these external websites and are not responsible for their privacy practices. Once you leave our site, we recommend reviewing the privacy policy of each website you visit.

13. Complaints process

If you have concerns about how we handle your data, you can:

  • Contact Us First – We aim to resolve issues directly. Contact info@marlinewyork.com
  • Escalate to the ICO – If unresolved, you may file a complaint with the Information Commissioner's Office (ICO): www.ico.org.uk

14. Contact Us

If you have any questions or concerns about this Privacy Policy or how we handle your personal data, please contact us at info@marlinewyork.com

By using our services or providing us with your personal data, you acknowledge that you have read and understood this Privacy Policy.

This policy will be regularly reviewed and may be updated from time to time.

×
In the bag
Cart
0

Your cart is currently empty.

Continue shopping

×
See All Results