SINFUL PRIVACY POLICY
1. Our role as a data controller
Sinful ApS ("Sinful", "we", "our", "us") is the data controller for the processing of the personal data we collect and process about you when you visit our website ("www.sinful.co.uk") and make a purchase, or are otherwise in contact with us.
Below you can find information about how we collect and handle your personal information, including the purposes of the processing, the security of the information you share with us, and the rights you have.
If you have any questions about our processing of personal data, or if you wish to exercise your rights, you can always contact us here, and we will answer you as soon as possible:
Sinful / Mcompany, Unit 1, Station Court, Station Lane, Hethersett NR9 3AY
VAT: UK 373 2745 85
Mail: service@sinful.co.uk
Phone: 0330 808 5261
2. Types of personal data we collect and for what purposes
We collect and process different types of personal data depending on the activity we perform. Below you can see what information we collect, for what purposes it is processed and with what legal basis in the General Data Protection Regulation (GDPR).
Information about your user behaviour on our site
- General personal data: IP address, cookie ID, pages visited, website interactions, network location, device, purchase history
- Purpose: Improvement of the website, customization of content, statistics & analysis, and marketing based on user interests and preferences
- Legal basis: Consent (Article 6(1)(a)) or our legitimate interest in being able to improve the user experience (Article 6(1)(f))
Sinful uses cookies in accordance with Sinful cookie policy when you visit sinful.co.uk. You can read our cookie policy under “change cookie consent” on our website.
Information collected in connection with purchases
- General personal data: Name, address, e-mail address, telephone number, payment information, purchase history, IP address
- Purpose: To carry out sales, delivery of goods, handling billing and customer service, collecting and evaluating user reviews, payment and invoicing, and to prevent fraud
- Legal basis: Performance of a contract (Article 6(1)(b)) and/or our legitimate interest in being able to assess your shopping experience (Article 6(1)(f))
Information collected for newsletters and general marketing
- General personal data: Name, email address, demographic information, interests, purchase history (for targeted marketing)
- Purpose: To provide newsletters, marketing campaigns and offers based on your interests and preferences. In addition, we may send you push notifications when participating in live shopping. Based on your behavior on www.sinful.co.uk as well as information about you and your purchases, we may send you relevant and targeted product recommendations
- Legal basis: Consent (Article 6(1)(a)) and/or legitimate interest in placing similar products on the market (Article 6(1)(f))
Information collected for Customer Care
- General personal data: Name, email address, phone number, purchase history, description of your request
- Purpose: Handling customer inquiries, problem solving, support, and improving customer satisfaction
- Legal basis: Performance of contract (Article 6(1)(b)) and/or legitimate interest in being able to support incoming requests (Article 6(1)(f))
Information collected in contests or promotions
- General personal data: Name, email address, any additional information required by the competition or promotion
- Purpose: To administer competitions or promotions, contact with winners and deliver prizes
- Legal basis: Consent (Article 6(1)(a)) and performance of contract (Article 6(1)(b))
Information collected in cooperation agreements
- General personal data: Name, address, email address, phone number, social media profile information
- Purpose: Establishment and administration of cooperation agreements with private individuals for marketing purposes, including product reviews or sponsored posts
- Legal basis: Performance of contract (Article 6(1)(b))
Interaction on social media accounts
- General personal data: User's name, comments, shares, "likes" or other interactions on our social media accounts
- Purpose: To increase user engagement, answer questions or comments, market, run contests, or share information
- Legal basis: Legitimate interest in being able to interact with users (Article 6(1)(f))
Currently, we can be found on the following social media: Facebook, Instagram, TikTok, LinkedIn. These parties may also process your data for their own purposes. You can read more about their respective data policies by clicking on the links above.
Information obtained in connection with surveys
- General personal data: Name, email address, answers to questions
- Purpose: To collect feedback, market research or customer satisfaction analyses
- Legal basis: Consent (Article 6(1)(a) and Article 9(2)(a)) if the questionnaire contains sensitive information
Information collected from marketplace purchases on amazon
- General personal data: Name, address, land, e-mail address and telephone number.
- Purpose: to manage and fulfill orders by dispatching goods directly from our own warehouse, where the marketplace does not manage the delivery from their central warehouse.
- Legal basis: Performance of a contract (Article 6(1)(b)) and/or our legitimate interest to improve customer experience by optimizing internal processes (Article 6(1)(f)).
In order to fulfil the above purposes, we gain access to your personal data, when your order gives rise to delivery from our own warehouse. We therefore only process personal data when instructed to by Amazon in accordance with our own personal data policy.
3. Recipients of personal data
Sinful will, under certain circumstances, transfer and/or disclose your personal data to third parties if necessary to fulfill the purpose for which the personal data was collected. In the event that we allow others to process information about you on our behalf, we will enter into a written data processing agreement with the data processor. Some of the following recipients also works as independent data controllers. We transfer and disclose the information to, among others, the following categories of recipients:
- Shipping companies and logistics providers, with the purpose of fulfilling your delivery request
- External payment providers or providers of financing solutions, for the purpose of being able to complete your purchase (e.g. Altapay, ViaBill, Klarna)
- IT and system suppliers who handle the technical operation and support of our website and systems, send out marketing and support our customer service function
- External advisors, including auditors, lawyers or other advisors
- Business partners, including e.g. suppliers of goods and services
- Providers of review platforms and questionnaires, e.g. Trustpilot
- Public authorities, if required
In some cases, we disclose the personal data to a number of recipients outside the EU (third countries) if the recipients are located outside the EU. The transfer of personal data to our data processors (or joint controllers) in third countries is ensured through valid transfer guarantees using the EU Commission's Standard Contractual Clauses and any additional safeguards. Some data processors have obtained certification through the EU-U.S. Data Privacy Framework, which serves as the legal basis for the transfer of personal data from the EU to the United States.
We work with the following suppliers located in the United States for the stated purposes:
Twilio, Inc.
- Purpose: Sending order confirmation
- Information: Name, address, email, purchase history, order number
Klaviyo, Inc.
- Purpose: Sending newsletters
- Information: Name, email, demographic information, interests, purchase history (for targeted marketing)
Emailable, LLC
- Purpose: Cleanup and verify email lists
- Information: E-mail
Vimeo, Inc.
- Purpose: Product videos
- Information: IP address, browser, operating system, video navigation, time spent on the site
Google, LLC (if you consent to cookies)
- Purpose: Optimization, advertising and analysis
- Information: Cookie ID, session ID, order number, user agent, device information, product ID
Meta Inc. (if you consent to cookies)
- Purpose: Advertising, analysis and statistics
- Information: Actions taken on the site, browser ID, order value
Microsoft (if you consent to cookies)
- Purpose: Tracking, analysis of user behavior and targeted advertising
- Information: IP address, cookie ID, session ID, user agent, device information
4. Your rights
When we process your personal data, you have several rights under the General Data Protection Regulation. You can exercise these rights by contacting us at service@sinful.co.uk.
Right of access
You have the right to access the information we have registered and process about you. You can receive a copy by email of the personal information we have registered and process about you. We only send the information associated with the email you request access from, cf. Article 15 of the General Data Protection Regulation.
Right to rectification
You have the right to demand that we rectify any inaccurate personal data concerning you. You must make us aware of which information is incorrect, cf. Article 16 of the General Data Protection Regulation.
Right to erasure
In certain cases, you have the right to have all, or part of your personal data deleted by us before our set deletion deadline has been reached, cf. Article 17 of the General Data Protection Regulation.
The deletion will take place retroactively.
Right to restriction of processing
If you believe that the information we process about you is incorrect, you have the right, cf. Article 18 of the General Data Protection Regulation, in certain cases to have the processing of your personal data limited so that it only consists of storage.
Right to data portability
In certain cases, you have the right to receive a machine-readable copy of the personal data you have provided to us, just as you have the right to transfer personal data about yourself to another data controller, cf. Article 20 of the General Data Protection Regulation.
Right to object
You have the right to object to the processing of your personal data that we carry out for the purpose of direct marketing, including profiling, segmentation and analysis, and which serves the purpose of making our communication and marketing relevant to you, cf. Article 21 of the General Data Protection Regulation.
Right to withdraw consent
You have the right to withdraw your consent to direct marketing, such as newsletters or participation in competitions. If you wish to withdraw your consent, you must contact us in writing at service@sinful.co.uk.
A withdrawal of your consent does not apply to the processing carried out prior to the withdrawal.
Right to complain
You have the right to lodge a complaint to an official supervisory authority, if you believe your rights have been breached. For the UK, the authority is the Information Commissioner's Office, the ICO. You can find their contact details here.
5. Retention period
As a data controller, we have a responsibility not to store your information longer than necessary. We delete your information when it is no longer needed for the purpose for which it was collected:
- Information collected in connection with purchases will be deleted after 5 years in accordance with the Bookkeeping Act's requirements for storage of accounting records.
- Information about your user behavior will be deleted in accordance with our cookie policy, in which the specific storage periods are specified.
- Information collected at the time of payment will be deleted after 5 years in accordance with the Bookkeeping Act's requirements for storage of accounting records.
- Information about your consent collected for newsletters or other marketing will be deleted no later than 2 years after you have withdrawn the consent.
- Information collected for customer service will be deleted no later than 3 years after your inquiry.
- Information collected through competitions or promotions will typically be deleted when the winner is announced or when the campaign has been completed.
- Information about cooperation agreements will be deleted no later than 5 years after the collaboration has ended, as we are obliged to store the information in accordance with the Bookkeeping Act's requirements for storage of accounting records.
- Information obtained in connection with surveys will be deleted when data on responses has been collected and the survey has been discontinued.
- Interaction on our social media takes place on your own initiative and will generally not be deleted.
6. Security
We have taken all necessary measures to protect your personal information from accidental loss, alteration, misuse, or unauthorized access. We have implemented security measures to ensure that your information remains secure and confidential. These initiatives have been implemented both by ourselves - but also by our data processors.
Access to your personal information is limited to employees who need it to perform their work. We ensure that only the relevant people have access to your personal data and thus protect your information from unauthorized access.
7. Changes to the privacy policy
Our privacy policy is updated regularly. You can always find the latest version on our website: https://www.sinful.co.uk/privacy-policy.
8. Cookie Policy
You can read our cookie policy under “change cookie consent” on our website.
9. Version
This is version 5 of our personal data policy updated on September 26 2024.