DSM Privacy Notice
This website (the “Website”) and our store at 18-22 Haymarket, London, SW1Y 4DG (the “Store”) are owned and operated by Dover Street Market International (DSMI) Ltd., Third Floor, 13 Charles II Street, London SW1Y 4QU (“we”, “us”, or “our”).
We are committed to protecting and respecting the privacy of our customers, both when you use this Website to make purchases and when you purchase items from our Store. This privacy notice sets out how we may use the personal data that we collect from you or that you provide to us in the course of you using our Website or visiting our Store.
Please read the following carefully to understand how we will use your personal data.
What data do we collect about you?
When you use our Website or when you make a purchase in Store we may collect certain data about you, such as:
Basic contact information
If you decide to register for an account on our Website or when in Store, then we will collect the following information during the sign up process which will form part of your account:
- your name
- email address
- telephone number
- date of birth
- address during the sign-up process and retain this information as part of our records.
If you setup an account on our Website you will provide us with your chosen username (this will be the email address which you use when you sign up) and a password which you will be able to change.
You may provide us with further information or edit your existing information during the course of using your account through the Website.
You may also provide us with additional contact information (e.g. your mobile number) if you contact our customer support team.
Your payment details
If you wish to make a purchase on the Website using your credit/ debit card then you will need to provide us with your credit/debit card information. When you make a purchase in Store for over £100 and your payment card is signature only, we may take a copy of an identification document (e.g. passport, driving licence) for protect us from credit card chargebacks.
Technical information about your device and Website usage
When you use our Website we will collect certain technical information including:
- Details about your device including IP address, device type, operating system, platform, location data, the browser type and version (including any plug-ins you may be using) and your time zone setting.
- Information relating to your use of the Website, including telephone number, date of birth and address page response times, the pages of our Website that you visit, methods used to browse away from the page and any download errors.
Records of how you use our services
We will keep a record of the products you have bought from us and any returns that you have made. We will also record how you have interacted with any marketing campaigns we have sent you, for example whether you have read emails, used discount codes or entered any competitions.
Records of communications you have with us
If you contact us with a question or to provide feedback, for instance, we will keep a record of your communications with us through email or telephone (although we don’t record your calls).
Other information that you provide to us voluntarily
This may include data that you provide to us if you enter a competition or prize draw on our Website or the details of any feedback that you provide to one of our online surveys or focus groups.
DSM Client Account
When you make a purchase in our Store, you will have the opportunity to sign up to our DSM Client Account. If you choose to sign up, we will ask you to provide your full name, email address, postal address, telephone number and date of birth. We will create a profile for you and also record details of any transactions you make with us. Where you consent, we will use this information to send you information via email, post, telephone or SMS (which includes WhatsApp messenger) about offers that may be of interest to you.
A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer's hard drive.
We use the following cookies:
- Essential cookies. These are cookies that are required for the operation of our Website. They include, for example, cookies that enable you to log into secure areas of our Website, use a shopping basket or make use of e-billing services.
- Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our Website when they are using it. This helps us to improve the way our Website works, for example, by ensuring that users are finding what they are looking for easily.
- Functionality cookies. These are used to recognise you when you return to our Website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
You block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our Website.
Except for essential cookies, all cookies will expire after 2 years, although most of our cookies are session cookies which means that they will only last for as long as your browser is open.
For what purposes do we use data about you, and on what legal basis?
We use your data for various purposes, including:
- to set up and manage your account with us;
- to facilitate your use of our Website;
- to communicate with you in relation to your use of the Website, products you have purchased in Store and to provide you with customer support;
- for internal management, administrative and organisational reasons;
- to share information with our suppliers and other third parties where required;
- to send offers, promotions or other marketing which we think you may like; and
- to perform data analytics and benchmarking.
In order to use your data we must have a legal basis for doing so. The legal bases that we rely upon are explained further in the “find out more” section below. We will only use your data where it is necessary for:
- the performance of an agreement to which you are a party;
- compliance with a legal obligation to which we are subject; or
- a legitimate business interest that is not overridden by your interests, rights and freedoms,
where none of the above applies, we will request your consent (which we will ask for before we process the data).
The table below sets out further information about the purposes for which we use data about you, with the corresponding methods of collection and legal basis that we rely upon for its use.
Method of collection and legal basis for processing
To setup and manage an account with us
Method of collection
This information will be provided by you directly when you first setup an account with us and then during the course of using our services.
To facilitate your use of our Website
Method of collection
This information will be provided by you directly when you first setup an account with us and then collected by us during the course of you using our services. We may also collect certain information indirectly from your device or web browser, for more information on the cookies we use please see our Cookies Policy.
Necessary for the performance of the contract between you and us in relation to the sale of our products to you and in all other cases it is necessary to fulfil our legitimate business interests
To communicate with you
Method of collection
This information is collected when we communicate with you or you communicate with us.
Necessary for the performance of the contract between you and us in relation to the sale of our products to you. In all other cases it is necessary to fulfil our legitimate business interests to respond to communications that you send to us and to inform you of relevant information in relation to the services that we provide.
Internal management, administrative and organisational reasons
Method of collection
This information is collected from you both directly and indirectly.
It is our legitimate business interest to improve our services and defend ourselves against legal claims
To share information with service providers
Method of collection
This may include any of the information we hold about you, whether collected by direct or indirect means.
It is our legitimate business interest to share your data with trusted third parties who provide us with services relevant to our provision of the Website, including customer support, information technology, payments, marketing, data analysis, research and surveys. In some circumstances we will do this because is it necessary for the performance of the contract between you and us in relation to the sale of our products to you, for example our delivery partners.
To send you offers, promotions or other marketing
Method of collection
Your contact details will be collected when you first setup an account with us and may be updated (along with your preferences) from time to time.
We will obtain your consent to send marketing.
If we send you a marketing email or SMS, it will include details on how to unsubscribe from receiving similar marketing messages in the future.
You can also manage your information and update your marketing preferences through the Website by using the ‘My Account’ section or, if your details were collected in Store, by contacting firstname.lastname@example.org or on +44 (0)20 7758 8180. Please allow up to 48 hours for any opt out request to be processed. We may continue to send you relevant service messages about your account and our services if you have unsubscribed from emails or SMS.
To perform data analytics and benchmarking
Method of collection
This information is collected across your interactions with the Website and in relation to the purchases you make in Store.
It is our legitimate business interest to improve our website and services for our customers improved experience.
In some instances, we may intend to use your data in ways that are not described above. However, we will seek to inform you before doing so.
Who do we share your data with, and for what purposes?
We may share your data with:
We may share your personal data with our affiliates around the world in order to provide you with the best access to our Stores and services wherever you may be. For example, if you purchased a product in our London Store, but lived in New York, and have consented to marketing we would pass your details to our New York Store so that you can be invited to special events at our New York Store.
Web development agencies
We will only share your personal data with our web development agencies if you are experiencing technical difficulties and we needed their help to fix an isolated incident.
Payment service providers
We use certain third parties such as payment processors (and POS (point of sale) system providers for in Store purchases) to administer and process payments to and from you.
Warehousing and fulfilment providers
We will share your data with our warehousing and fulfilment providers so that they may dispatch and deliver your purchased products.
We make use of certain IT providers to support our business, including for services such as customer support. We will share your data with our customer marketing service providers so that they may send you emails and SMS messages about products and offers that may be of interest to you, these emails and messages will all be from us and we don’t sell your data to third parties.
To comply with legal or regulatory requests
If we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation, we may share your personal data with a regulator or law enforcement agency, for example the police or HMRC.
If you would like to receive a full list of our suppliers and other third parties who we share your data with then you can get in touch with us at email@example.com.
Where might data about you be sent?
We use a cloud based platform to store your data, which may involve use of geographically distributed data centres.
As with any multinational organisation, we are often required to transfer data internationally. Accordingly, data about you may be transferred globally (if your data is collected within the European Union, this means that your data may be transferred outside of it). This includes transfers that have been identified in the previous section: Who do we share your data with and for what purposes.
When using data as described in this notice, data about you may be transferred either within or outside the country or territory where it was collected, including to a country, territory or international organisation that may not have UK and/or EU equivalent data protection standards.
For example, we may transfer your personal data to our suppliers based outside the European Union. In all cases, the transfer will be on the basis of a European Commission adequacy decision or we will implement adequate measures, for example the EU Model Contracts, and including appropriate security measures, for the protection of personal data in those countries, territories or international organisations in accordance with applicable data protection laws. If you would like more information about any of the data transfer measures on which we rely please get in touch with us at firstname.lastname@example.org.
How do we protect data about you?
We implement appropriate technical and organisational measures to protect personal data that we hold from unauthorised disclosure, use, alteration or destruction. Where appropriate, we use encryption and other technologies that can assist in securing the data you provide. We also limit access to your personal data to those employees, agents or contractors who have a business need to access it. We require our service providers to comply with strict data privacy requirements.
How long will data about you be kept?
The period for which we may retain data about you will depend on the purposes for which the data was collected, whether you have requested the deletion of the data, and whether any legal obligations require the retention of the data (for example, for regulatory compliance). We will not retain data about you for longer than is necessary to fulfil the purposes for which the data was collected. Details of retention periods for different aspects of your personal data are available in our retention policy which you can request from us by contacting us at email@example.com.
What rights and options do you have?
As a result of us collecting and processing your personal data, you have the following legal rights:
- to access personal data held about you;
- to request us to make any changes to your personal data if it is inaccurate or incomplete;
- to request your personal data is erased where we do not have a compelling reason to continue to process such data in certain circumstances;
- to receive your personal data provided to us as a data controller in a structured, commonly used and machine-readable format where our processing of the data is carried out by automated means and is based on: (i) your consent; (ii) our necessity for performance of a contract to which you are a party; or (iii) steps taken at your request prior to entering into a contract with us;
- to object to, or restrict, our processing of your personal data in certain circumstances;
- if we use your personal data for direct marketing, to ask us to stop and we will comply with your request;
- if we use your personal data on the basis of having a legitimate interest, to object to our use of it for those purposes, giving an explanation of your particular situation, and we will consider your objection;
- to object to, and not be subject to a decision which is based solely on, automated processing (including profiling), which produces legal effects or could significantly affect you; and
- to lodge a complaint with a data protection supervisory body, which at present is the Information Commissioner’s Office.
To exercise any of your rights set out above please contact us at firstname.lastname@example.org.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer where your request is particularly complex, in such cases, we will keep you updated on timescales. Such requests will be responded to free of charge, but a small administration fee may apply where requests are excessive.
Who should you contact with questions?
For the purpose of data protection legislation in the UK, the data controller is Dover Street Market International (DSMI) Ltd., with our registered address at Third Floor, 13 Charles II Street, London SW1Y 4QU.
If you have any questions, or wish to exercise any of your rights, please contact us at email@example.com or on +44 (0)20 7758 8180.
If your country has a data protection authority, you have a right to contact it with any questions or concerns. If we cannot resolve your questions or concerns, you also have the right to seek judicial remedy before a national court.
Changes to this notice
We may update this notice (and any supplemental privacy notice), from time to time. We will notify you of the changes where required by law to do so.
Last modified May 2018.