We collect and use your data strictly in accordance with the provisions of the UK`s Data Protection Act 2018 and Regulation (EU) 2016/679 (General Data Protection Regulation). We feel particularly committed to the confidentiality of your personal data and therefore work strictly within the limits set by the legal requirements.
We collect personal data on a voluntary basis, where we are able to do so and also only share this data with third parties where you expressly consented to it.. We ensure a high level of security for particularly confidential data, such as in payment transactions or with regard to your enquiries to us, by using SSL encryption.
However, we would like to take this opportunity to point out the general dangers of Internet use over which we have no control. Especially in e-mail traffic, your data is not secure without further precautions and may be collected by third parties under certain circumstances.
Data protection information
Person responsible for the processing of your personal data:
Charlotte Moulder (Sole Trader) trading as NOTSOBASICLONDON
By using our website, you agree that NOTSOBASICLONDON, as the operator of this website, collects, processes and uses the data listed below in the manner described.
Data Subject Rights
You have a number of ‘Data Subject Rights’ below is some information on what they are and how you can exercise them. There is more information on each right on the Information Commissioners (ICO) website and you can simply follow the links provided to learn more.
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
Where the processing of your personal information is based on consent, you have the right to withdraw that consent without detriment at any time by contacting us.
The above rights may be limited in some circumstances, for example, if fulfilling your request would reveal personal information about another person, if you ask us to delete information which we are required to have by law, or if we have compelling legitimate interests to keep it. We will let you know if that is the case and will then only use your information for these purposes. You may also be unable to continue using our services if you want us to stop processing your personal information.
We encourage you to get in touch if you have any concerns with how we collect or use your personal information. You do however also have the right to lodge a complaint directly with the ICO, their contact details can be found on their website.
What are the relevant legal bases for processing your data?
The following informs you about the legal basis of us processing your data and unless the legal basis is not specifically mentioned, the following applies:
Consent – This is where we have asked you to provide explicit permission to process your data for a particular purpose.
Contract – This is where we process your information to fulfil a contractual arrangement we have made with you.
Answering your business enquiries – This is where we process your information to reply to your messages, e-mails, posts, calls, etc.
Legitimate Interests – This is where we rely on our interests as a reason for processing, generally this is to provide you with the best products and service in the most secure and appropriate way. Of course, before relying on any of those legitimate interests we balance them against your interests and make sure they are compelling enough and will not cause any unwarranted harm.
Legal Obligation – This is where we have a statutory or other legal obligation to process the information, such as for the investigation of crime.
Vital interests – This is where we process your information for communications about security, privacy and performance improvements of our services. Or for establishing, exercising or defending our legal rights.
Data collected by the system and protection of your privacy
When you access this website, the browser used on your terminal device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until it is automatically deleted:
- IP address of the requesting computer,
- Date and time of access,
- name and URL of the file accessed,
- website from which access was made (referrer URL),
- the browser used and, if applicable, the operating system of your computer as well as the name of your access provider.
The aforementioned data is processed by us for the following purposes:
- Ensuring a smooth connection set-up of the website,
- Ensuring a comfortable use of our website,
- evaluating system security and stability, and
- for other administrative purposes.
The legal basis for the data processing is our legitimate interest follows from the data collection purposes listed above. In no case do we use the collected data for the purpose of drawing conclusions about your person.
Further personal information is only collected if you provide it voluntarily, for example in the context of an enquiry or registration. Depending on the area concerned, NOTSOBASICLONDON uses the personal data provided by you to answer your enquiries, to process your order and for the purpose of technical administration of the websites. In detail, the use in the respective areas follows as follows:
When you place an order in our online shop, we store the following information in order to fulfil the contract concluded between you and NOTSOBASICLONDON or to carry out pre-contractual measures:
Order without setting up a customer account
When placing an order in the online shop, all data necessary for execution and processing are requested by means of mandatory fields: Your full name, your e-mail address, your address if necessary. Your data will only be used to process your order.
Customer account / registration
It is also possible for you to register for your purchase at NOTSOBASICLONDON. For this purpose, you can choose a password together with your e-mail address, both of which will enable you to log in more easily without having to enter your data again when you make a purchase at a later date. NOTSOBASICLONDON stores the data you enter to set up a customer account through which your orders are recorded, executed and processed. NOTSOBASICLONDON will hold your data for further orders as long as you maintain your registration. You have the right to access, correct or delete your registration data at any time.
Secure data transmission
The transmission of your personal information during an order transaction in the online shop is encrypted using industry standard Secure Socket Layer (“SSL”) technology, (SSL encryption version 3).
Credit card information
Any credit card information you provide will not be stored by NOTSOBASICLONDON, but will be encrypted and collected directly from the payment service provider via hypertext transfer protocol secure (“https”).
We send newsletters, e-mails and other electronic notifications with promotional information via ConvertKit and only with the consent of the recipients or a legal permission. Apart from that, our newsletters contain information about our products, offers, promotions and NOTSOBASICLONDON . Registration for our newsletter takes place in a so-called double opt-in procedure. This means that after registration you will receive an e-mail in which you are asked to confirm your registration. This confirmation is necessary so that no one can register with other email addresses. The registrations for the newsletter are logged in order to be able to prove the registration process in accordance with the legal requirements.
If you contact us via Social Media, Contact Form, Chat , Messanger or e-mail the data you provide will be stored so that your message can be forwarded to the correct contact person. This is done in accordance with our legitimate interest to process your request. Your data provided will not be used for any other purposes, in particular not for advertising.
Blog and Profile Data
Within the Blog you may be able to display certain profile information, share certain details, engage with others, exchange knowledge and insights, post and view relevant content. Content and data is publicly viewable. You have choices about the information on your profile. You don’t have to provide additional information on your profile; however, profile information helps you to get more from our Services,. It’s your choice whether to include sensitive information on your profile and to make that sensitive information public. Please do not post or add personal data to your profile that you would not want to be available. The legal basis for the storage is our legitimate interest.
General technical organisational measures
The NOTSOBASICLONDON website is behind a software firewall to prevent access from other networks connected to the Internet. In addition, only employees who need the information to perform a specific job are granted access to personally identifiable information. These employees are trained in security and privacy practices and treat your information confidentially.
When do we disclose your Personal Data?
We may share your information with organisations that help us provide the services described in this policy and who may process such data on our behalf and in accordance with this policy, to support our online offer and our services. If you wish to learn more about how the relevant provider process your personal data, please follow the link embedded in the above mentioned providers name.
Typically and unless otherwise stated in this policy, data may be shared on the basis of our contractual and pre-contractual obligations, in accordance with Art. 6 para. 1 lit. b) GDPR. Equally, if you have consented to it, or where there we have a legal obligation to do so or on the basis of our legitimate interests (e.g. when using agents, hosting providers, tax, business and legal advisors, customer care, accounting, billing and similar services that allow us to perform our contractual obligations, administrative tasks and duties efficiently and effectively). If we commission third parties to process data on the basis of a so-called “processing agreement”.
In relation to meta data obtained about you, we may share a cookie identifier and IP data with analytic service providers to assist us in the improvement and optimisation of our website which is subject to our Cookies Policy.
We may also disclose information in other circumstances such as when you agree to it or if the law, a Court order, a legal obligation or regulatory authority ask us to. If the purpose is the prevention of fraud or crime or if it is necessary to protect and defend our right, property or personal safety of our staff, the website and its users.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, the data processed by us will be deleted or restricted in their processing. If the data is not deleted because they are required for other and legally permissible purposes, their processing is restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.
Online presence in social media
We maintain online presences within social media on the basis of our legitimate interests, we maintain online presences within social networks and platforms in order to be able to communicate with the customers, interested parties and users active there and to inform them about our services there. When calling up the respective networks and platforms, the terms and conditions and data processing guidelines of their respective operators apply.
Unless otherwise stated, we process the data of users if they communicate with us within the social networks and platforms, e.g. write posts on our online presences or send us messages.
Social Media Functions and Widgets
Within our online offer, functions and widgets of Facebook, Instagram and Pinterest are integrated. When you click on or use any of those functions and widgets, your browser establishes a direct connection to Facebook, Instagram and Pinterest. The function or widget then transmits log data to Facebook, Instagram and Pinterest. This log data may contain your IP address, the address of the visited websites, type and settings of the browser, date and time of the request, your usage of Facebook, Instagram and Pinterest ,as well as cookies. Those may also include the display of our post, the link to our profile, the possibility to interact with the posts and functions, as well as to measure users reach (so-called conversion measurement).
Google will use this information on our behalf for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. In doing so, pseudonymous user profiles can be created from the processed data.
We only use Google Analytics with IP anonymisation activated. This means that the IP address of the user is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
The IP address transmitted by the user’s browser will not be merged with other data from Google. Users can prevent the storage of cookies by setting their browser software accordingly; users can also prevent the collection of the data generated by the cookie and related to their use of the online offer to Google as well as the processing of this data by Google by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
For more information on Google’s use of data, settings and opt-out options, please visit Google’s websites: https://www.google.com/intl/en/policies/privacy/partners (“Data use by Google when you use our partners’ websites or apps”), https://policies.google.com/technologies/ads (“Data use for advertising purposes”), https://adssettings.google.com/authenticated (“Manage the information Google uses to serve you ads”).
Facebook Custom Audiences
Facebook Custom Audiences enables us to use existing datasets to compile groups and lists of users based on certain criteria in order to provide users with information and advertisements, tailored to their interests and preferences, on Facebook’s services. Before transmission to Facebook, the data is irreversibly encrypted in the form of hash values on our computers; Facebook can compare these against its user databases. You can opt out of this form of advertising by changing the settings at the Facebook settings page.
Facebook Lookalike Audiences
Facebook Lookalike Audiences enables us to use existing datasets to compile groups and lists of users based on certain criteria in order to provide users with similar interests and preferences with relevant information on Facebook’s services. Before transmission to Facebook, the data is irreversibly encrypted in the form of hash values (encrypted numeric values) on our computers. You can opt out of this form of advertising by changing the settings on the Facebook settings page.
Integration Of Services And Contents Of Third Parties
We use within our online offer on the basis of our legitimate interests, content or services offered by third-party providers in order to integrate their content and services.
This always requires that the third-party providers of this content are aware of your IP address, since the content or service could not send to your browser without the IP address. The IP address is thus required for the display of this content and we endeavor to use providers that only use your IP address for the delivery of the content or services. However, Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online offer, as well as be linked to such information from other sources.
Hosting and Content Delivery Networks (CDN)
This website is hosted by an external service provider (Cloudflare and WordPress). The personal data collected on this website is stored on Cloudflare and WordPress ‘s servers. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, contractual data, contact data, names, website accesses and other data generated via a website.
Cloudflare and WordPress is used for the purpose of fulfilling the contract with our potential and existing visitors and users and in the interest of a secure, fast and efficient provision of our online offer by a professional provider.
Cloudflare and WordPress will only process your data to the extent necessary to fulfill its service obligations and follow our instructions regarding this data.
Advertisers and third parties also may collect information about your activity on our sites and applications, on devices associated with you, and on third-party sites and applications using tracking technologies. Tracking data collected by these advertisers and third parties is used to decide which ads you see both on our sites and applications and on third-party sites and applications. You can opt out on the Digital Advertising Alliance (DAA) if you wish not to receive targeted advertising. You may also be able to choose to control targeted advertising on other websites and platforms that you visit. In addition, you may also choose to control targeted advertising you receive within applications by using the settings and controls on your devices.
Mediavine Programmatic Advertising
For information regarding data collection by Mediavine ad partners including how to opt out of data collection, please click here
We may transfer your personal information outside the European Economic Area (EEA). For example, our Websites are hosted on servers within Europe and the United States of America, and our third party service providers operate around the world. We will only transfer your personal information outside the EEA if adequate protection measures are in place. To ensure that your personal information does receive an adequate level of protection outside the EEA we use the following protection measures:
- Transferring to countries approved by the ICO/European Commission.
- Using model contractual clauses and standard contractual clauses approved by the ICO/European Commission.
Further details in respect of protective measures used outside of the EEA are available on request.
The Supervisory Authority
The Information Commissioner’s Office (ICO) in the UK is the for us relevant authority in matters of data protection. You have the right to make a complaint at any time to the ICO (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us.