Privacy Policy

Strolling 4 Shoes- Privacy Policy Effective Date: 12/01/2020

1 GDPR06 V1.0 Jan 2020

Strolling 4 Shoes Privacy Notice provides a framework of understanding about the personal data that is collected by

Strolling 4 Shoes, 35 Main Street, Cockermouth, Cumbria, CA13 9LE (as applicable, hereinafter each separately and/or

jointly called the “Data Controller”). Personal data collected by the Data Controller will be controlled and processed in

accordance with the terms of this Privacy Notice.

Strolling 4 Shoes provide shoes, handbags and accessories from retail shops around the UK and via this online ecommerce


This Privacy Notice describes the types of personal data or personal information we collect, how we use the information,

how we process and protect the information we collect, for how long we store it, with whom we share it, to whom we

transfer it and the rights that individuals can exercise regarding our use of their personal data. We also describe how you

can contact us about our privacy practices and to exercise your rights. In general, our privacy practices conform with law

and regulation, including where applicable the provisions of the European Union’s General Data Protection Regulation

(GDPR) and the UK Data Protection Act 2018.

Information We Collect

We may collect personal data about you in a variety of ways, through phone; by website enquiries, online orders, through

enquiries by email in connection with our interactions with clients. We may collect a selection of personal data dependant

on the nature of the relationship, including, but not limited to:

• contact information (such as name, postal address, email address and telephone number);

• contact history, personal correspondence;

• contact details for newsletters and competitions;

• personal history;

• feedback;

• purchase history;

• other information you may provide to us, such as in surveys or through the "Contact Us" feature on our Sites.

In addition, we may collect information you provide to us about other individuals, such as information related to

emergency contacts.

We are aware that some information we collect will be classed as sensitive and will protect the information in the correct

manner and to GDPR standards.

How We Use the Information We Collect

The Data Controller collects and uses the data gathered for the following purposes:

• providing retail services;

• providing and delivering products;

• processing payments;

• responding to individuals' inquiries and claims;

• responding to feedback;

• sending out newsletters and information about competitions;

• operating, evaluating and improving our business (including developing, enhancing, analysing and improving

our services; managing our communications; performing data analytics; and performing accounting, auditing

and other internal functions);

• protecting against, identifying and seeking to prevent fraud and other unlawful activity, claims and other

liabilities; and

• complying with and enforcing applicable legal requirements, relevant industry standards, contractual

obligations and our policies.

All processing will be carried out based on adequate legal grounds which may fall into several categories, including:

• consent or explicit consent from the data subject, where required by applicable law and including all relevant

laws relating to children and their data protection rights;

• to ensure that we comply with a statutory or contractual requirement, or a requirement necessary to enter

into a contract or

• it is essential and necessary for the legitimate interest of the Data Controller, as described in more detail

below (e.g. allowing access to a website in order to provide the services offered).

Strolling 4 Shoes- Privacy Policy Effective Date: 12/01/2020

2 GDPR06 V1.0 Jan 2020

We also may use the information in other ways for which we provide specific notice at or prior to the time of collection.

Legitimate Interest

The Data Controller may process personal data for certain legitimate business purposes, which includes some or all of the


• where the process enables us to enhance, modify, personalise or otherwise improve our

services/communications for the benefit of our clients, candidates and associates;

• to identify and prevent fraud;

• to enhance security of our network and information systems;

Whenever we process data for these purposes, we will ensure that we keep your rights in high regard and take account of

these rights. You have the right to object to such processing and may do so by contacting us as described below. Please

bear in mind that if you exercise your right to object, this may affect our ability to carry out and deliver services to you for

your benefit.

How We Process and Protect Personal Information

We process the personal data we collect, also by automated means, for the purposes defined above and for a specific

period, which complies with our internal retention policy, in order to ensure that the personal data are not kept longer

than necessary.

We maintain administrative, technical and physical safeguards designed to protect the personal data you provide against

accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. In order to ensure adequate

security and confidentiality of the personal data, we may apply the following security measures as appropriate:

• Encryption of data in transit;

• Strong user authentication controls;

• Hardened network infrastructure; and

• Network monitoring solutions.

How Long We Store Data We Collect

We store in our systems the personal data we collect in a way that allows the identification of the data subjects for no

longer than it is necessary in light of the purposes for which the data was collected, or for which that data is further


We determine this specific period by considering:

• The necessity to retain the personal data collected, in order to offer services established with the user;

• The legal requirement to retain records of sessions;

• The legitimate interest of the Data Controller, as described in the purposes above; and

• The existence of specific legal obligations that make the processing and related storage necessary for specific

period of times. (i.e. HMRC records will be stored for 7 years)

Information We Share

We do not disclose personal data that we collect about you, except as described in this Privacy Notice or in separate

notices provided in connection with activities. We may share personal data with vendors who perform services on our

behalf based on our instructions. We do not authorize these vendors to use or disclose the information except as necessary

to perform services on our behalf or comply with legal requirements.

In addition, we may disclose personal data about you (i) if we are required to do so by law or legal process; (ii) to law

enforcement authorities or other government officials based on a lawful disclosure request; and (iii) when we believe

disclosure is necessary or appropriate to prevent physical harm or financial loss, or in connection with an investigation of

suspected or actual fraudulent or illegal activity. We also reserve the right to transfer personal data we have about you in

the event we sell or transfer all or a portion of our business or assets (including in the event of a reorganization, dissolution

or liquidation).

Strolling 4 Shoes- Privacy Policy Effective Date: 12/01/2020

3 GDPR06 V1.0 Jan 2020

Data Transfers

We also may transfer the personal data we collect about you to countries outside of the country in which the information

originally was collected. Those countries may not have the same data protection laws as the country in which you initially

provided the personal data. When we transfer your information to other countries, we will protect that data as described

in this Privacy Notice and such transfers will be in compliance with applicable law.

When we transfer personal data from within the European Union to countries or international organizations that are based

outside the European Union the transfer takes place based on: -

• An adequacy decision by the European Commission; or

• In the absence of an adequacy decision, other legally permitted grounds: (a) a legally binding and

enforceable instrument between public authorities or bodies; (b) binding corporate rules; or (c) standard

data protection clauses (formerly called the Model Clauses) promulgated by the Commission.

Your Rights as a Data Subject

When authorised by applicable law, a data subject may exercise certain specific rights, such as:

• Right of access: A data subject may access his or her personal data in order to verify that his or her personal

data is processed in accordance with law.

• Right to rectification: A data subject may request the rectification of any inaccurate or incomplete data held

about him or her, in order to protect the accuracy of such information and to adapt it to the data processing.

• Right to erasure: A data subject may request that the Data Controller erases information about him or her

and to no longer process that data.

• Right to restriction of processing: A data subject may request that the Data Controller restricts the processing

of his or her data.

• Right to data portability: A data subject may request data portability, meaning that the data subject can

receive the originally provided personal data in a structured and commonly used format or that the data

subject can request the transfer of the data to another data controller.

• Right to object: A data subject who provide a Data Controller with personal data may object, at any time, to

the data processing on several grounds as set out under GDPR without needing to justify his or her decision.

• Right not to be subject of automated individual decision-making: A data subject may request not to be

subject to a decision based solely on automated processing, including profiling, if such profiling produces a

legal effect concerning the data subject or similarly significantly affects him or her.

• Right to lodge a complaint with a supervisory authority: Every data subject has the right to lodge a complaint

with an applicable supervisory authority; in particular in the EU Member State of his or her habitual

residence, place of work or place of the alleged infringement if the data subject considers that the processing

of personal data relating to him or her infringes GDPR.

Whenever data processing is based on consent as described under Article 7 of the GDPR, the data subject may withdraw

his or her consent at any time. If you require more information about the processing of your personal data, please refer to

the How to Contact Us section below.

Updates to Our Privacy Notice

This Privacy Notice (including any addenda) may be updated periodically to reflect changes in our privacy practices and

legal updates. For significant changes, we will notify you by posting a prominent notice on our website indicating at the top

of each notice when it was most recently updated.

How to Contact Us

If you have any questions or comments about this Privacy Notice, or if you would like to exercise your rights, please email: