IntroductionHere at Ralph & Russo (“We”), the protection of your data and your privacy is central to our customer experience; we see this as a fundamental and integral pillar of the luxury retail experience and to have a trusting and intimate relationship with each of our clients – online and off-line. We are committed to protecting and respecting your privacy and appreciate that you do not want the personal information that you entrust us with, to be distributed indiscriminately. For this reason, we want to be clear with you, the client, in relation to what data we collect; how we collect your data; how that data is used; and the ways you can manage the way we collect and use your personal data.
The steps taken to ensure that we are respecting the above are outlined in this policy. We would encourage you to read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
You must be at least 16 years old to use the Site and Applications. If you are under 16 or a minor in your country or state of residence, please ask your parent or legal guardian to provide their information for you.
Our PositionThe Ralph & Russo website is owned by Ralph & Russo Ltd.
For the purposes of the Data Protection Act 1998 and the General Data Protection Regulation 2016, we (Ralph & Russo Ltd) are the data controller, and Shopify’s Irish Affiliate, Shopify International Ltd, acts as our data processor. The data controller is responsible for ensuring that your data is held securely, that you are given accurate information about how your data is used, and that your rights regarding your data are respected.
Ralph & Russo, along with Shopify will ensure that all information protection and customer legislation standards are met when handing any of your personal information.
What is GDPR?The General Data Protection Regulations, (GDPR), apply from 25 May 2018, creating consistent data protection rules across Europe. It applies to companies that are based in the EU and global companies that process personal data about individuals who are based in the EU. At Ralph & Russo, we shall ensure that we do not just observe the requirements of the GDPR for those users based in the EU, but that we adopt the GDPR principles of transparency, control and accountability for all our users across the globe.
The GDPR gives our Users certain rights when using our Services, which include the right to:
- be informed
- withdraw consent
- restrict processing
- data portability
- Process data lawfully, fairly and in a transparent manner
- Collect data for specified, explicit and legitimate purposes (mostly to provide services to you)
- Never sell or pass your data onto anyone else
- Ensure your data is processed and stored securely and is kept up-to-date
- Have access to the data stored on you
- Be able to correct any inaccuracies in the data
- Be able to erase your data and restrict its processing where it doesn't conflict with obligations to regulatory bodies, e.g. HMRC
- Know that as technology changes we will constantly review and update our processes to
- ensure we're always protecting your data
What is our legal basis for processing your personal data?Under the law we must have a legitimate reason for using your personal data. We may not collect, store or use data about you where there isn’t a legitimate reason for doing so. We have broken this into 3 sections:
- Necessary for the performance of a contract
- Legitimate Interest
- Information delivered to us with your consent
Processing your personal dataPerformance of a contract
Ralph & Russo or one of our third party partners will collect and use a variety of different information about you to ensure that we can continue to provide you with the luxury retail experience and fulfil the services agreed to complete our obligations to you and any obligations to any regulatory bodies.
Most of the data we collect form you is necessary to allow us to fulfil our contract with you or to enter into a contract with you, for example, when you make a purchase we need you to provide us with your billing, shipping and contact details when you make a purchase on ralphandrusso.com which allows us to process your payment, send you an order confirmation and then dispatch your purchased item(s).
The processing of your personal data by Ralph & Russo or a third party may be undertaken if we have a legitimate interest to do so. In our case this includes:
- where we have a legitimate interest to use your data, provided that proper care is taken in relation to your rights and interests
- For the purposes of providing our customers with information about our services and other relevant marketing material as well as to monitor usage in order to improve those services from time to time.
- Ensuring that any data is stored and transferred securely and in a way that protects against the unlawful use, destruction or loss of your personal data.
- Sharing your personal information as part of a business sale, re-organisation or similar transaction.
- We use data to ensure that the content of our website is presented to you and your device as effectively as possible
- To ensure that our marketing communications are relevant to your interests If this is our reason for using your data, we must make sure that our interests do not override yours and that you are entitled to object to this use of your data
Where we process your personal data by relying on your consent to do so, we shall ensure that such consent is:
- freely given by you i.e. when you submit a ‘Contact Us’ form on our website.
- specific with regards to what processing we wish to undertake so that you are fully informed;
- unambiguous and given by a clear affirmative action.
Please refer to the privacy policies of the social media platforms for information about how they collect and use your personal information.
What information could we collect?Information provided by you:
This is the information that you give to us, examples include:
- Filling in any forms on the website i.e. enquiry forms, call back requests, request an appointment; contact us
- Corresponding with us by phone, e-mail, live chat, entering one of our boutiques or any other direct customer touch point links
- My account registrations
- Marketing subscriptions
- Checkout information (giving us your shipping and billing details)
- Information you provide to our Customer Relation Managers when visiting our retail destinations.
Information we collect about youWe also collect data regarding each of your visits to our websites and to our boutiques. We will automatically collect the following information;
- Technical information about your visit which may include*
- The internet Protocol (IP Address)
- Browser Type
- Version of Browser
- Device Used (mobile, tablet etc)
- Version of Device (model of mobile or tablet)
- Operating System Landing Page Uniform Resource Locators (URL)
- Click stream through and from our website (including date and time)
- Dwell time
- Number of pages visited
- Page interaction information (scrolling, clicks and mouse overs)
- Page response times
- Download errors
- Methods used to browse away from the page
- Geographical Location (city and country)
- Time Zone Setting
- Information you submit during your visit:
- Any name, e-mail address, or phone numbers used to contact us
- Details outlined in any online form submission i.e. enquiry forms, call back requests, request an appointment; contact us Information from surveys that we may, from time to time, run on the site or in our boutiques for research purposes [should you choose to respond to / participate]
- When you make a purchase online or in our retail boutiques, we will collect necessary information about you to ensure we can fulfil your order or chosen service for example your billing and shipping address
- When visiting our retail boutiques CCTV is in operation and this information is recorded and stored for a given amount of time.
- When you call our Client Care team, your call will be recorded for training and fraud prevention purposes. These recordings are held for 12 months, at which point they are deleted.
- We may from time to time offer services and referral programmes and other such initiatives (for example, ‘Send a Hint’) that invite you to provide us with the contact details of someone who is known to you and may find our products or services to be of interest. We will only use those contact details for the purpose of the relevant initiative (never for general marketing purposes). In these instances it is your responsibility to ensure that you have the referees permission. By submitting their details, you confirm that you have their permission and must not provide us with the details of anyone from whom you do not have such permissions. We reserve the right to identify you as the person who has made the referral in the message that is sent to them.
You are under no obligation to provide any such information. However, if you should choose to withhold requested information, we may not be able to provide you with certain services.
How do we use the personal data / information that we may collect?We collect and process your personal data for the following purposes:
- When you make a purchase from ralphandrusso.com we ask you for the personal data necessary to allow us to carry out the obligations arising from contracts entered into between you and us (i.e. processing an order). This includes taking payment, any related anti-fraud checks if you choose to pay by credit / debit card, billing, shipping and delivery of the product and possible handling of return. Using this information allows us to provide you with the information, products and services that you request from us
- When you register to ralphandrusso.com we will collect the data necessary to ensure that we can recognise you on return visits and provide you with the services that Ralph & Russo have to offer our registered users (such as Wish List, Waiting List, and access to additional areas of ralphandrusso.com)
- To remind you of products you have placed in your basket on the Website, but have not purchased
- When you visit ralphandrusso.com we will aggregate and use your anonymised data regarding your user journey and use of the website to help us improve the website and our promotion of the website. This will include data about your location; language used to browse the site; how you came to our website; the date and time of your visit; number of visits; products you viewed / searched for / and added to basket; page response time; download errors; length of visits to certain pages; pages interaction data (such as scrolls, clicks, mouse overs) and methods used to browse away from the page
- If you have purchased from ralphandrusso.com, we will aggregate and anonymise this data in order to profile, analyse and build an understanding of the clients who purchase with us; what they buy; size ranges bought into; shipping location; and gain a general understanding of the interests and preference of our key customer audiences. This allows us to deliver and consistently improve our product range, and range of services available to our clients
- We will aggregate and anonymise all of the data that has been submitted via all of the contact touch points on our website to analyse and understand our clients needs and develop any services that may be required
- When you register to receive our marketing communications (such as our newsletter) we will use the information pertinent to your subscription requests in order to deliver this service. Should you wish to stop receiving these communications, you can unsubscribe at any time using the link on the bottom of your e-mail, or by contacting our Client Care team, or by altering your marketing preferences in your My Account space
- If you are an existing customer, to contact you via electronic means (e-mail or SMS), with information about goods and services similar those which were the subject of a previous sale or negotiation of a sale with you
- to communicate with you including to notify you about legal and regulatory body obligations and any changes that may be applicable to you
- We analyse contact data, purchase history, web browsing data and other behavioural data collated through programmes such as Google Analytics and Social Media Platforms to tailor our marketing communications, web site presentation and internet advertising to meet your preferences
- To offer an enhanced customer experience and service, including by ensuring we personalise the Site and Application and (if applicable) Ralph & Russo’s updates relating to products, services and events to make them more relevant to our customers’ specific preferences
- When you contact our Client Care team, we will use the personal data you provide and that we have collected to respond to your requests for help, information or processing a telephone order
- When you contact our Client Care team, your telephone conversation will be recorded for training purposes
- When you call our Client Care team, your voice may be recorded over the phone and stored for 12 months
- When you make a purchase in one of our retail boutiques and you request for specific alterations to be made, or for your item to be shipped to a specific location, we will ask you for the personal data necessary to allow us to fulfil the execution of these services
- For your safety and for the prevention and detection of crime, we have CCTV in operation in our retail spaces. Please be aware that if we are requested to provide CCTV images of you or any other personal information relating to you by the police or any other regulatory or government authority investigating suspected illegal activities, we are obliged to do so
- To analyse the footfall in Ralph & Russo boutiques and at Ralph & Russo promotions or events for internal reporting purposes and to ensure adequate and appropriate product and resources
- Our retail experience is by nature a very personal experience. For us to deliver the best possible customer experience in our retail boutiques you may be required to share additional personal information about yourself with our Client Relation Managers. This is so that we can tailor your shopping experience to provide you with recommendations, sketches, mannequins, products, services that may be relevant to your requests and preferences. We understand that as part of this process, you may share some very intimate and sensitive information about your personal measurements, circumstances, events, festivals, family, holidays etc that are important to you. Ralph & Russo will always ensure that we have your consent to use this sensitive information as part of our client facing relationship
- The level and content of the information that you provide to our Client Relation Managers and the communications that you receive as part of the Ralph & Russo retail / Private Client experience is always set and agreed to by you. You can discuss these arrangements and change them at any time by speaking to your dedicated Client Relation Manager. Please note, that at this time any personal arrangements are not part of the Ralph & Russo general marketing communications and cannot be managed through your online My Account
- From time to time, Ralph & Russo may decide to run a competition, prize draw, offers, give-away, offers and hold events. When you participate in competition, prize draw, offer give-away, offers or attend an event hosted by Ralph & Russo, either through Ralph & Russo or indirectly through one of our third-party partners, we will collect information about you. This information will be used to administer our competitions, prize draws, offers, give away, and manage our events. This includes managing your registration and selecting and contacting prize winners. It also means that your safety is accounted for during our events. If you provide the personal information of another customer for one of our events, we will assume you have the consent of any named individuals to provide their personal information for these purposes. Full details explaining the conditions of any competitions, prize draws, offers, give-aways, offers events we are holding will be clearly linked on our website, registration form, or documentation pertaining to each individual event – it is important that you read this documentation before registering or attending an event. Your information will be deleted shortly after the promotion or event has finished, unless you have signed up to receive marketing communications from us
Who will process your data?The Ralph & Russo online boutique is hosted by Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you. Your data is stored through Shopify’s data storage, databases and the general application. They store your data on a secure server behind a firewall. In relation to any personal data (as defined in the GDPR), and where a client is located in the European Economic Area, any Personal Data will be processed by Shopify’s Irish Affiliate, Shopify International Ltd behalf of Ralph & Russo. From time to time, Shopify may use sub processors to process any Personal Data. Shopify’s use of any specific Sub-processor to process any Personal Data will be in compliance with Data Protection Legislation and will be governed by a contract between Shopify and the sub-processor.
Taking into account the state of the art technologies, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Ralph & Russo agrees that Shopify’s implementation of the following technical and organisational measures ensure a level of security appropriate to the risk of the processing. Shopify shall implement and maintain the following technical and organisational security safeguards for the Processing of Personal Data:
- Physical Access Control: Data Processor shall take reasonable measures to prevent physical access by unauthorised persons to facilities where Personal Data is processed. Safeguards implemented at data processing facilities may include security personnel, alarm systems, access control systems, and video/CCTV surveillance
- System Access Control: Data Processor shall take reasonable measures to prevent unauthorised access to systems processing Personal Data. Safeguards implemented may include multi-factor authentication, change management processes, and system-level logging
- Data Access Control: Data Processor shall take reasonable measures to allow for Personal Data to be accessed and/or managed by authorised personnel only and protect against Personal Data being read, modified, or removed without authorisation. Any personnel who has access to Personal Data will be subject to confidentiality obligations that restrict their ability to disclose any Personal Data
- Data Transmission Control: Data Processor shall take reasonable measures to prevent the disclosure of Personal Data during transmission. Safeguards implemented may include encryption
- Data Availability Control: Data Processor shall take reasonable measures to protect against accidental destruction or loss of Personal Data. Safeguards implemented may include regular backups of critical data, restoration testing of data backups, replication of data backups across multiple sites, and disaster recovery plans
- Data Segregation Control: Data Processor shall take reasonable measures to segregate Customer data on a per Customer basis. Safeguards implemented may include application-level controls for logical separation of data
Under some circumstances we may be required to disclose or share your data without your consent, for example if we are required by the police, the courts or for other legal reasons. Your data may be transmitted to the police, judicial and administrative authorities, in accordance with the law, for the investigation and prosecution of crimes, the prevention of and protection from threats to public security, to allow Ralph & Russo Ltd to ascertain, exercise or defend a right in court, as well as for other reasons related to the protection of the rights and freedoms of others.
How long do we keep your data?Ralph & Russo will not retain your personal data for longer than is deemed necessary to fulfil the purpose for which you provided that personal data, unless the law permits or requires that we retain it for longer. Although it is not possible for us to always specify in advance how long this may be for.
We may have to continue to store and process your data and contact you directly relating to the completion of that service if it is necessary for our compliance with certain legal obligations.
The retention period varies depending on the purpose and the jurisdiction of the business entity in which a contract is formed. For example, the data collected during your purchase of goods on ralphandrusso.com are retained in accordance with local tax laws (7 years in the UK), whilst the data retained to allow us to continue our marketing communications are retained until you unsubscribe.
When you give us your consent to send you marketing communications, you can withdraw your consent at any time. We will consider your consent to be current for five years from your last interaction with any email that we send you.
When we use personal data for market research and satisfaction surveys, we will keep the data until you ask us to stop.
When you contact our Client Care team, we will keep any additional personal data you provide that is specific to your inquiry for as long as you remain an active customer of ralphandrusso.com.
When you contact our Client Care team,, we will keep the call recording for 12 months. Credit card details are not recorded as part of the call.
When you visit our retail locations, we reserve the right to use CCTV for your safety and for the prevention and detection of crime. Our CCTV service is handled by a third party partner. CCTV recordings are help up to 6 months.
How do we store and protect your data?We place great importance on the security of all personally identifiable information associated with all Ralph & Russo clients. We have security measures in place to attempt to protect against the loss, misuse and alteration of personal information under our control. All information you provide to us is stored on secure servers and we use strict procedures and security features to try and prevent unauthorised access.
All payment details that you provide to us will be encrypted using secure sockets layer (SSL) technology before they are submitted to us over the internet.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Our technical and internal security and privacy policies are periodically reviewed and enhanced as necessary and only authorised personnel have access to personal information.
The data that we collect from you may be transferred to, and stored at, a destination outside of the European Economic Area ("EEA") including the US and Canada. From time to time personal data may be transferred, viewed and processed outside of the EEA. It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers outside of the EEA. The US and other non-EEA countries do not have similar data protection laws to the EEA, and you should be aware in particular that the law and practice in the United States in respect of law enforcement authority access to data is significantly different from Europe.
Where we transfer your information we will take all reasonable steps to ensure that your privacy rights continue to be protected and that any such transfers will be completed in compliance with the relevant Data Protection legislation.
By submitting information via the Site, you agree to this storing, processing and/or transfer.
Whilst Ralph & Russo will do the best to protect your personal data, it is unfortunate that the transmission of information via the internet is not completely secure. It is for this reason that we can not guarantee the security of your data transmitted to our website or via e-mail (we strongly advise you not to send any payment details via e-mail); any transmission is at your own risk.
It is advisable to close your browser when you have finished your user session to help ensure others do not access your personal information if you use a shared computer or a computer in a public place.
PaymentIf you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.
PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
For more insight, you may also want to read Shopify's Terms of Service here or Privacy Statement here.
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed. If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
Who do we disclose your information to?You agree that we have the right to share your personal information with:
- Selected third parties
- We may disclose your personal information to any of our affiliates, or to our agents or contractors who assist us in providing the services we offer through the Site, processing transactions, fulfilling requests for information, receiving and sending communications, updating marketing lists, analysing data, providing support services or in other tasks, from time to time. Service providers (for example, IT services), business partners, suppliers and sub-contractors for the performance of any contract we enter into with you (such as, but not limited to, Website operations, payment services, shipments, fraud investigations, bill collection, and affiliate and rewards programs)
- analytics and search engine providers that assist us in the improvement and optimisation of the Website
- credit reference agencies for assessing your credit score (for the purposes of credit risk reduction) where this is a condition of us entering into a contract with you. The agencies will record details of any search. This information may be used by other subscribers for similar purposes. At all times where we disclose your information for the purposes of credit risk reduction and fraud prevention we will take all steps reasonably necessary to help ensure that it remains secure
- any financial reference agencies for assessing suitability where this is a condition of us entering into a contract with you
- We will disclose your personal information to third parties such as our couriers
- If we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets
- We may share your information with other companies and organisations for identity verification and fraud protection purposes to the extent permitted by applicable laws
- Public Forums: The Site may, from time to time, make chat rooms, message boards, news groups and/or other public forums available to its users. Any information that is disclosed in these areas becomes public information and you should exercise caution when using these and never disclose your personal information
What are your rights regarding your personal data?You have the right to ask us not to process your personal data for marketing purposes. We will inform you (before collecting your data) if we intend to use your data for such purposes. We will never disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us at firstname.lastname@example.org or unsubscribing with immediate effect at the bottom of our marketing emails.
Under the law you have the right to ask Ralph & Russo:
- What personal data of yours we are processing, where that data came from and how we are using that data
- To update, correct or supplement the data we hold about you
- Stop using your data until any corrections have been verified and corrected
- Withdraw consent for processing for a specified purpose
- To delete or erase your data from our systems
- Limit or oppose our processing of your data
- To, where technically possible to supply the personal data we hold about you in an easy readable electronic format, or transfer that data direct to a third party nominated by you
- give you a description of it
- tell you why we are holding it
- tell you who it could be shared with
- tell you how long we will keep the data
- if the data was not provided by you, we will give you any available information such as the source of the data
- tell you if the data has been used for automated decision making
- tell you if the data is stored outside of the European Economic Area, and if so what safeguards are in place to protect your personal data
- let you have a concise and clear copy of the data
- what data we’ll need to continue to hold
- how we will process it
- the instances we will need to contact you
- why we need to do so, e.g. to complete your tax return, comply with a request or law from HMRC
- when we can delete your data
If you believe that the processing of your personal data has been carried out unlawfully, you can file a complaint with the supervisory authority responsible for compliance with the rules on personal data protection in your jurisdiction. In the UK, the complaint should be presented to the Information Commissioner's Office (https://ico.org.uk/).
If you ask us to stop processing your personal information in a certain way or erase your personal information, and this type of processing or information is needed to facilitate your use of the Website or is required to enable us to provide you with a service (such as to manage your online account), you may not be able to use the Website or the service as you did before.
The rights mentioned above do not extend to non-personal data.
How can you protect your children?Protecting the safety of children when they use the Internet is very important to us. We do not knowingly collect personal information from children under the age of 16 or equivalent minimum age depending on jurisdiction.
If we become aware that we have inadvertently received personal information from a child under the age of 16 or equivalent minimum age depending on jurisdiction, we will delete such information from our records.