At Labyrinth Technology Limited (“LABYRINTH TECHNOLOGY” or “we”) are committed to protecting your privacy. There are various ways that you might interact with LABYRINTH TECHNOLOGY and the information you provide when doing so allows us to improve our service.
LABYRINTH TECHNOLOGY is a company registered in England and Wales under company number 04326900 whose registered office is at Highbanks, Ferry Road, Surlingham, NR14 7AR. We are registered as a data controller with the Information Commissioner’s office and our registration number is ZA525071.
www.LabyrinthIT.com and www.LabyrinthIT.store are owned and operated by LABYRINTH TECHNOLOGY.
What information we collect and why we collect it.
How we use that information.
How we protect that information.
How we share information collected.
LABYRINTH TECHNOLOGY is not intended for or directed at children under the age of 16 years. As such, this Site is designed for adult user interaction. We do not intentionally collect personally identifiable information from children under the age of 16.
What information we collect and why we collect it:
Information you give us. This is information about you that you give us by filling in forms on our Sites or by corresponding with us by phone, e-mail or otherwise. It includes information you provide when you register to use our Sites, subscribe to our service, search for a product, place an order on our Sites, enter a competition, promotion or survey and/or when you report a problem with our Sites. The information you give us may include your name, address, e-mail address and phone number, financial and credit card information, personal description and photograph.
Information we collect about you. With regard to each of your visits to our Sites we will automatically collect the following information:
Technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform.
Information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our Sites (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call our customer service number.
Information we receive from other sources. This is information we receive about you if you use any of the other services we provide. In this case we will have informed you when we collected that data if we intend to share those data internally and combine it with data collected on our Sites. We will also have told you for what purpose we will share and combine your data. We are working closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies). We will notify you when we receive information about you from them and the purposes for which we intend to use that information.
We do not collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data) and nor do we collect any information about criminal convictions and offences.
How We Use Information
We will only use your personal information if we have a legal basis for doing so. The purpose for which we use and process your information and the legal basis on which we carry out each type of processing is explained below.
Purposes For Which We Will Process The Information
We use collected data to: provide and improve our products and services, provide a personalised experience, contact you, provide you with customer services and to provide personalised marketing.
Data is processed for services and payments, customer support and fulfilment to enable us to perform our contract with you.
Data is used to provide you with information and materials that you request from us, to personalise our services, plus our Sites, to you, the user.
We process data to update you on services and products and benefits we offer and to inform you of changes to our policies, other terms and conditions and other administrative information plus to administer our Sites for you and your computer, mobile device or other item of hardware through which you access our Sites and to keep our Sites safe and secure.
Data is used to measure or understand the effectiveness of any marketing we provide to you and others, and to deliver relevant marketing to you.
Data is used to enforce the terms and conditions and any contracts entered into with you.
If you do not wish to provide us with your personal data and processing such data is necessary for the performance of a contract with you and to fulfil our contractual obligations to you, we may not be able to perform our obligations under the contract between us.
We will process your personal data where necessary to perform any contract we have or are putting in place with you (e.g. a contract to provide you with our products or services).
We may need to process your personal data to comply with a legal obligation to which we are subject (e.g. where necessary to comply with tax or accounting requirements).
Your personal data will be used on the legal basis of our legitimate interest in a number of circumstances, including to provide you a personalised experience, to provide you with personalised marketing which includes seasonal campaigns via email and SMS messaging and for our business management and reporting purposes. As explained further below, you have the right to opt out of all marketing at any time.
In other circumstances, we may separately ask for your consent to process your personal data (e.g. where we propose to provide your data to our carefully selected third party partners, for them to market to you). Where you provide consent, you can withdraw your consent at any time, but without affecting the lawfulness of processing based on consent before its withdrawal. You can update your details or change your privacy preferences by contacting us as provided in “Contacting LABYRINTH TECHNOLOGY” below.
Note that we may process your personal data for more than one lawful ground if the data is used for several purposes. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been used.
Any payment transactions will be encrypted by Big Commerce and Stripe as our data processors.
We do not store your credit card data at any point. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.
PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. We will only send you our electronic marketing materials where it is in our legitimate interests to do so, in accordance with applicable data protection legislation (or where we have otherwise separately obtained your consent).
We may share your information with third parties including Facebook, Twitter, Instagram, Experian, Yahoo, Google and Bing in order to improve your experience and service. Generally, we do not rely on consent as a legal basis for processing your personal data although we will seek your consent before third party direct marketing communications are sent to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.
You can ask us to stop sending you marketing messages at any time by logging into the online customer portal and checking or unchecking relevant boxes to adjust your marketing preferences or by following the opt-out links on any marketing message sent to you or by contacting us at any time using the details provided below.
Change of purpose
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you in a timely manner and we will explain the legal basis which allows us to do so.
Disclosure Of Your Personal Data To Third Parties
Internal third parties
We may share your personal information with our group companies, affiliates, subsidiaries, subsidiaries and affiliates, licensees, distributors or contractors as necessary to carry out the purposes for which the information was supplied or collected (i.e. to provide the services and products you have requested from us).
External third parties
Your personal information will also be shared with our third-party service providers and business partners who assist with the running our Sites, our business, our services and products including hosting providers, email service providers and SMS providers. Our third-party service providers and business partners are subject to security and confidentiality obligations and are only permitted to process your personal information for specified purposes and in accordance with our instructions. External third parties include (without limitation):
Business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you. This includes Spotify Inc. who supply the online e-commerce platform that allows us to sell our products and services to you on the Sites and distributors we use to deliver products to you.
Advertisers and advertising networks that require the data to select and serve relevant adverts to you and others. We do not disclose information about identifiable individuals to our advertisers, but we will provide them with aggregate information about our users (for example, we may inform them that 500 men aged under 30 have clicked on their advertisement on any given day). We may also use such aggregate information to help advertisers reach the kind of audience they want to target (for example, women in SW1). We may make use of the personal data we have collected from you to enable us to comply with our advertisers’ wishes by displaying their advertisement to that target audience.
Analytics and search engine providers that assist us in the improvement and optimisation of our Sites.
Credit reference agencies for the purpose of assessing your credit score where this is a condition of us entering into a contract with you.
We may link to or show content from third party websites as a service to you but will not share personal data without your prior consent. These third-party websites are operated by companies that are outside of our control, and your activities at those third-party websites will be governed by the policies and practices of those third parties. We encourage you to review the privacy policies of these third parties before disclosing any information to them, as we are not responsible for the privacy policies of those websites.
In addition, we may disclose information about you when we believe, in good faith, that:
Such use or disclosure is reasonably necessary to enforce or apply the terms of any of our user agreements.
Such use or disclosure is reasonably necessary to in the event that we become involved in a business divestiture, change of control, sale, merger, or acquisition of all or a part of our business, in which case we may disclose or transfer your personal information to the prospective seller or buyer of such business or assets.
Such use or disclosure is reasonably necessary if all or substantially all of our assets are acquired by a third party, in which case personal information held by it about its customers will be one of the transferred assets.
Such use or disclosure is reasonably necessary to protect the vital interests of a person; and to enforce or apply our terms and conditions or to establish, exercise or defend the rights of LABYRINTH TECHNOLOGY our staff, customers or others.
Security of Your Personal Data
The security of your personal information is important to us. We follow generally accepted industry standards to protect the personal information submitted to us, both during transmission and once we receive it.
We use appropriate measures to safeguard personally identifiable information, which measures are appropriate to the type of information maintained and follow applicable laws regarding the safeguarding of any such information under our control. In addition, in some areas of our Sites, they may use encryption technology to enhance information privacy and help prevent loss, misuse, or alteration of the information under our control. We also employ industry-standard measures and processes for detecting and responding to inappropriate attempts to breach our systems.
No method of transmission over the Internet, or method of electronic storage, can be 100% secure. Therefore, we cannot guarantee the absolute security of your information. The Internet by its nature is a public forum, and we encourage you to use caution when disclosing information online. Often, you are in the best situation to protect yourself online. You are responsible for protecting your username and password from third party access, and for selecting passwords that are secure.
If you have any questions about security on this Site, you can contact us as provided in “Contacting LABYRINTH TECHNOLOGY” below.
Data Retention: How Long Do We Keep Your Personal Data
We will only retain your personal information for as long as necessary to fulfil the purposes for which we collected it, or as necessary to satisfy any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. Details of retention periods for different aspects of your personal data are available in our retention policy which you can request from us by contacting us.
Subject to certain limitations, you have rights under data protection laws in relation to your personal data. These include the right to:
Request access to your personal data – (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. Note that we may refuse to comply with a request for access if the request is manifestly unfounded or excessive, or repetitive in nature.
Request correction of your personal data – this enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us. Note that we may refuse to comply with a request for correction if the request is manifestly unfounded or excessive, or repetitive in nature.
Request erasure of your personal data – this enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note that we may refuse a request for erasure, for example, where the processing is necessary to comply with a legal obligation or necessary for the establishment, exercise or defence of legal claims.
Request restriction of processing your personal data – this enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it. Note that we may refuse to comply with a request for restriction if the request is manifestly unfounded or excessive, or repetitive in nature.
Request transfer of your personal data – we will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies where your personal data is processed by us with your consent or for the performance of a contract and when processing is carried out by automated means.
Right to withdraw consent – you can withdraw your consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.
Object to our processing of your personal information – You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal information which is based on our legitimate interests. Where you object on this ground, we shall no longer process your personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
Exercising Your Rights
If you wish to exercise any of the rights set out above, including withdrawing consent, please contact us giving us specific details regarding which right you choose to exercise.
No fee usually required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
In order to improve our Sites, we may use small files commonly known as “cookies”. Cookies are a technology that can be used to help personalize your use of a website. A cookie is a small amount of data which often includes a unique identifier that is sent to your computer or mobile phone (your “device”) from our Sites and is stored on your device’s browser or hard drive. The cookies we use on our Sites won’t collect personally identifiable information about you and we won’t disclose information stored in cookies that we place on your device to third parties.
To enable us to assess the effectiveness and usefulness of our Sites, and to give you the best user experience, we collect and store information such as pages viewed by you, your domain names and similar information. Our Sites make use of anonymous cookies for the purposes of:
Completion and support of Site activity.
Site and system administration.
Research and development.
Anonymous user analysis, user profiling, and decision-making.
You can find more information about how to do manage cookies for all the commonly used internet browsers by visiting www.allaboutcookies.org. This website will also explain how you can delete cookies which are already stored on your device.
What is a cookie?
Cookies are small files of letters and numbers that are downloaded onto your computer or mobile or other handheld device when you access certain websites. Cookies allow a website to recognise a user’s device and help your browser navigate through the website by allowing you to log in automatically or remembering settings you selected during earlier visits (among other functions). Cookies do not harm your computer. If you would like to learn more about cookies in general you can visit www.allaboutcookies.org
Strictly Functional Cookies: for technical purposes essential for the operation of this website and / or your use of it, such as keeping track of your current shopping session and enabling you to proceed to checkout and pay for products;
Measurement and Analytics Cookies: to collect statistical information about how visitors use this website, calculate views, analyse popular products by quantifying clicks. This is so we can improve the way this website works and measure the success of competitions and campaigns;
Personalisation Cookies: to distinguish you from other users of this website, so we can personalise your shopping experience and allow us to improve your use of the website. These help ensure all that is displayed on our site is more relevant to your interests and so we can remember choices you make (such as your user name, language or the country you are in)
Marketing Cookies: to ensure the marketing content that you receive on sites other than our own is relevant and reflects the interests you have shown when browsing on our site.
Third party cookies: used by third parties to collect data when you are on our website and sometimes when you are on other websites. We do not receive their data. They can be used for any of the above reasons but are mainly used to help provide behavioural targeted advertising to you online. These also enable us to fulfil our contractual obligations to third parties, for example to pay a partner if you have made a purchase on this website by following a link from their website.
Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual. Without these cookies online adverts you encounter will be less relevant to you and your interests.
Third party cookies
Some cookies may be set by third parties when you visit this website. Generally, these third party cookies do not collect personal data from which the third party would be able to identify individual customers.
These third parties may be suppliers who partner with us to deliver our website, companies that participate with us in affiliate marketing programmes and other third parties who deliver products that enhance the user experience and consequently assist generating sales. Data from these cookies is collected directly by those third parties and not by us. These cookies are controlled by the third parties, who must ensure they comply with their legal obligations when using cookies and collecting your information, including by making their privacy policies available to you and allowing you to change your mind. Please check the third-party websites for more information about these cookies and how to manage them. If not specified in the preceding sections, third-party applications used and where to find their privacy policies are listed below.
Information we collect from you about your browsing behaviour
We collect, store and use information about your visits to our Sites and about your computer, tablet, mobile or other device through which you access our Sites. This includes the following information:
General non-personal information pertaining to users of our Sites technical information, including the Internet protocol (IP) address, source domain names, specific web pages, length of time spent, and pages accessed, browser type, internet service provider, device identifier, your login information, time zone setting, browser plug-in types and versions, operating system and platform, and geographical location.
Information about your visits and use of our Sites, including the full Uniform Resource Locators (URL), clickstream to, through and from our Sites, pages you viewed and searched for, page response times, length of visits to certain pages, referral source/exit pages, page interaction information (such as scrolling, clicks and mouse-overs), and website navigation and search terms used.
We use “Google Analytics” on our Sites. This cookie provides us with a visitor count and an understanding of how visitors move around and use our Sites. We can then use this information to improve navigability on our Sites generally. The cookies we use on our Sites won’t collect personally identifiable information about you and we won’t disclose information stored in cookies that we place on your device to third parties.
We are obliged by Google Analytics to state the following:
IP Addresses and Aggregate Information
An Internet Protocol (“IP”) address is associated with your computer’s connection to the internet. We may use your IP address to help diagnose problems with our server, to administer our Sites and to maintain contact with you as you navigate through our Sites. Your computer’s IP address also may be used to provide you with information based upon your navigation through our Sites.
Aggregate information is used to measure the visitors’ interest in, and use of, various areas of our Sites and the various programs that we administer. We will rely upon aggregate information, which is information that does not identify you, such as statistical and navigational information. With this aggregate information, we may undertake statistical and other summary analyses of the visitors’ behaviours and characteristics. Although we may share this aggregate information with third parties, none of this information will allow anyone to identify you, or to determine anything else personal about you.
Social Media and Online Engagement
We occasionally use a variety of new technologies and social media options to communicate and interact with customers, potential customers, employees and potential employees. Our Sites and applications include popular social networking and media sites, open source software communities and more. To better engage the public in ongoing dialog, certain of our businesses use certain third-party platforms including, but not limited to, Facebook, Twitter and LinkedIn. Third-Party Websites and Applications (TPWA) are Web-based technologies that are not exclusively operated or controlled by us. When interacting on those websites, you may reveal certain personal information to us or to third parties. Other than when used by our employees for the purpose of responding to a specific message or request, we will not use, share, or retain your personal information.
You have the right to make a complaint at any time with a supervisory authority, in particular in the EU (or EEA) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner (www.ico.org.uk).
If we receive formal written complaints, we will follow up with the person making the complaint. We work with the appropriate regulatory authorities to resolve any complaints that cannot be resolved directly. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
Contacting LABYRINTH TECHNOLOGY
By Post: Labyrinth Technology, 38 Lombard Street, London, EC3V 9BS