Choosing to shop with us means you’ve placed trust in us to handle your personal data responsibly. In sharing your personal data we hope you in return benefit from a tailored and convenient shopping experience. With trust comes responsibility and we take this responsibility very seriously.

This privacy policy helps you to understand how we use your personal data and who we share it with. It applies if you shop on our websites, use our apps, shop in our stores or if you otherwise share your personal data with us; for example if you contact us with a query or where you tell us that you would like to receive marketing communications from us.

We change the terms of this privacy policy from time to time and you should check it regularly. The last updated date is shown at the beginning of the document. If we make any material changes we will take steps to bring it to your attention.

Information We Collect

We collect and use the data that you provide to us directly, for example; when you register for an account; we use cookies and other similar technologies to collect data from your devices when you interact with our advertising or use our website (you can find out more information in the “Cookie Policy” section below); we keep records when you speak to our customer service teams; we use CCTV in our stores for security monitoring and market research purposes; we take personal data from a number of third parties to help us manage your account and improve your shopping experience.

Personal InfoTo process any orders that you place with us and to facilitate any returns Lawful basis: Contract

  • We take payment details to process payment for any credit or debit card orders you place with us. We share these details with our chosen payment processors.
  • We use your account data plus your chosen delivery address details to; deliver your purchases and keep you informed of their status, and to process any returns including (where appropriate) collecting the item from you.
  • Additionally, where you consent our chosen payment processors may store your payment card details at your request to speed up your checkout in the future.

rmation:

  • Name, email address, phone number, shipping, and billing address.
  • Payment details (processed securely via third-party payment gateways).
  • Account details, including login credentials if you create an account with us.

Non-PersonalTo provide you with access to an account Lawful basis: Contract Information:

To register an account with us we capture data such as your name, contact and delivery information, and a password to protect your account (account data). We use the same data on an ongoing basis to manage and provide secure access to your account, and provide you with the services you request.

To provide customer service to you Lawful basis: Legitimate Interest in providing customer support

We record calls and and keep correspondence (customer service records) when you contact our customer service teams or interact with us on social media. Using these customer service records is necessary to manage your queries or complaints effectively, for quality monitoring, for the defence of any claims and to continually improve our services.

We may use automated machine learning systems to generate responses when you communicate with our customer contact centres. This helps us to resolve common queries quickly, provide you with a more efficient service and reduce the average response time for our customers.

We use artificial intelligence technologies, including automated systems, chatbots and other machine learning models, to enhance and improve efficiency for our customer service interactions.

To offer and manage any credit we provide to you Lawful basis: Contract/Legitimate Interest in ensuring product suitability and managing debts

  • When you apply for and use credit with us we will use your account data to make searches with third parties who will give us data about you, such as your financial history. We do this as it is necessary to assess your creditworthiness and product suitability.
  • We use purchase and payment history, along with your account data on a cyclical basis as it is necessary to manage your credit facility with us.
  • We use your account data, purchase history, payment history and third party data as it is necessary to collect and recover money that is owed to us (debt recovery) should your account fall into arrears. Please see the section on “third parties we share data with and receive data from” below for more information.

To personalise and improve your experience when you shop Lawful basis: Consent/Legitimate Interest in providing relevant and personalised experiences when you shop with us

  • We keep a record of how you interact with our website or app and any marketing you are exposed to. We use this data, along with purchase history across the NEXT Group, demographics, account data and third party data. We do this so we can create a profile about you, which helps us to tailor your shopping experience, to show you products and offers from across our brands that we think you will be most interested in, and find ways to improve our stores, apps and websites.
  • We use your account data, information about the devices you use to access our sites and your interactions with us to operate personalised features across our websites, apps and communication.
  • In our stores we use CCTV footage for market research purposes so that we can best arrange our stores and stock the ranges our customers will be most interested in.
  • We record your purchases made in one of our stores using tokenised data from your payment card. Your payment card(s) have a unique tokenised reference number and this is used to match it to your profile.
  • We will send you a receipt by email if you have requested this when you shop in one of our stores

To inform you about products and services that may interest you Lawful basis: Consent

  • We use technologies such as cookies within digital marketing networks, ad exchanges and social media networks such as Facebook’s Custom Audience to get relevant marketing messages across to you and other customers. We share aggregated and anonymised data about the customer segments we are interested in reaching with advertising partners, so they can focus on showing adverts to those who are most likely to be interested in our products, services and offers, and to prevent them showing you irrelevant or repetitive advertisements.
  • We share limited data with selected suppliers to enable them to identify new prospective customers on our behalf and to prevent us repeatedly advertising products or services you have already bought.
  • We receive data on how you interact with our adverts and content on third party websites and social media platforms (such as Google or Facebook) which it is necessary to use to tailor and personalise the products and services that are displayed to you.

To personalise and engage with you on social media Lawful basis: Consent/Legitimate Interest to personalise the marketing and services we provide to you

  • We use your personal data to engage with you on social media.
  • We place targeted advertising in social media. You may receive advertising based on data about you that we have provided to a social media platform, or allowed it to collect using cookies on our website or code in our applications (or a combination of the two). For some of our marketing campaigns, we may use this data to exclude you from receiving advertising, if we believe it will not be relevant to you.
  • You may also receive advertising because, at our request, the platform has identified you as falling within a group whose attributes we have selected or a group that has similar attributes to the individuals whose details it has received from us (or a combination of the two).
  • We view statistical data and reports regarding your interactions with the pages and accounts we administer on social media platforms.
  • To find out more, please refer to the information provided in the help pages of the platforms on which you receive advertising from us. Please also see the section below for further information regarding our use of social media, including specific platforms and the arrangements we have in place with them

To keep in touch with you Lawful basis: Consent/Contract

  • When you agree to receive marketing we will keep you up to date with news of products and services including store events, offers, promotions and sale data. We may send you marketing via email, SMS or post, depending on your preferences. You can unsubscribe from marketing at any time through the “my account” or using the link in every email that we send to you.
  • If you enter or apply for a prize draw or competition we will collect your contact details so that we can inform you if you are a winner.
  • Where we are permitted to market to you without consent, we will update you on the latest similar products and services sold on our websites or in our stores that we think you will be interested in.
  • When we send you communications we use records of how you interact with our website and any other marketing we have sent to you, along with purchase history, to personalise the marketing we send you so it is relevant and interesting.
  • When we respond to any communications and queries from you if you contact us via any of our customer contact channels, including when we interact with you through the chat function on our websites or apps.
  • We use your account data to notify you about important service messages, such as material changes to this policy, product recalls or information about your account.

To ensure the Website and the services we offer you operate properly Lawful basis: Consent

  • We use cookies and other similar technologies to keep track of your preferences when using our site.
  • We use cookies and similar technologies to help us understand how you use the site, this allows us to optimise your shopping experience and continually improve our site

To develop and improve our products, range and services Lawful basis: Legitimate Interest in understanding our customers’ needs and behaviours to provide a better experience

  • We share insights about our customers (in an anonymised and aggregated format) with the companies whose products we sell. This is necessary to help them better understand the different profiles of our customers, focusing on those who buy their products or are interested in them.
  • We may contact you to take part in customer satisfaction surveys, if you respond we collect your feedback and contributions (customer feedback). We use this data to develop the services we offer.
  • We work with data providers that specialise in consumer profiling, such as Experian and Merkle. These organisations provide demographic or other data as it is necessary to help us better understand customers’ demographics, lifestyles or shopping behaviours, usually linked to the areas where people live. This helps us to understand our customers better and provide products and services that people will want to purchase.
  • experian.co.us/privacy/privacy-policies
  • merkle.com/privacy
  • When we send you electronic communications, such as emails, we capture whether the message has been opened, if you have clicked on any links within that message and the device you used. We do this because we want to make sure that our communications are useful for you, so if you don’t open them or don’t click on any links in them, we know we need to improve our services.
  • We use data about how you browse and engage with our website to improve our websites.
  • We use all data, including third party data in the development of new products, services and systems to ensure they work as expected and will be useful to our customers.

To prevent and detect crime and other incidents Lawful basis: Legitimate Interest in keeping our customers and staff safe, reducing theft and fraud

  • When you shop in our stores we use CCTV for the prevention and detection of crime, for operational efficiency and analytics purposes or for the protection of our staff, customers and products. This includes for the investigation of accidents, incidents, criminal activities and breaches of our policies.
  • Our employees may wear body-worn devices to protect themselves in limited circumstances. These devices record both audio and video and are only activated in high risk situations where it is necessary such as aggressive behaviour and/or when there is a threat of violence.
  • When you register an account, apply for credit or contact our customer contact centres we use your account, application and purchase history data as they are necessary to confirm your identity.
  • We use device identifiers, IP addresses and account numbers in fraud prevention and investigation, as they are necessary to maintain network and data security.

To fulfil our legal obligations Lawful basis: Legal obligation

  • We use your data to ensure we comply with any requirements imposed on us by law or court order, including disclosure to law or tax enforcement agencies and authorities or pursuant to legal proceedings.
  • We use your account data, order history and payment history to assist in monitoring for fraudulent transactions or suspected money laundering.
  • We maintain a record of any health and safety incidents that occur in our stores or in our premises. We will share data with regulatory and other official bodies if they make formal requests.
  • We will maintain records to meet regulatory and tax requirements.
  • We will use your account data to contact you in connection with product recalls or other similar product quality issues and to comply with our legal obligations in connection with the sale of age restricted products

Who we are

When we say “we”, “our” or “us” in this policy we are referring to the companies that make up the ton clothing store Group. This privacy policy applies to the following companies:

The company named within the T&Cs on the website or app is the data controller of your personal data, which means we are responsible for deciding how and why your personal data is used. We are also responsible for making sure it is kept safe, secure and handled legally.

We sometimes work with other organisations in connection with some of the processing activities described in this privacy policy, such as social media platforms. Where that information is collected and sent to other organisations for processing that is for a common purpose, we will be making decisions together in relation to that particular processing and will be ‘joint data controllers’ with the organisations involved. As joint data controllers, we and the other organisations involved in making these decisions will be jointly responsible to you under data protection laws for this processing.

We operate to the highest standards when protecting your personal data and respecting your privacy. If you have any questions about your personal data, or how we use it, you can contact our Data Protection Officer via email at tonclothingstores@online or by writing to our registered office at the following addresses:

USA registered address: Data Protection Officer, 4880 E 29Th street Apt 6202 Tucson AZ 85711

Your rights

You have a number of “Data Subject Rights”, we have explained below what they are and how you can exercise them. You can read more about these rights on the UK Information Commissioner’s Office website or on your local Data Protection Authority website.

  • Right of access –You have the right to request a copy of the personal data that we hold about you.
  • Right to rectification –If you think any of your personal data that we hold is inaccurate, you have the right to request it is updated. We may ask you for evidence to show it is inaccurate.
  • Right to erasure– (also known as the right to be forgotten) – You have the right to request that we delete your personal data that we hold. This right is not absolute and only applies in certain circumstances.
  • Right to restriction of processing–You have the right to request we restrict or suppress the personal data we hold about you.
  • Right to data portability –You have the right to ask us to electronically transfer your personal data to another organisation in certain circumstances.
  • Rights with regards to automated decision making, including profiling – You have the right not to be subject to a decision that is based solely on automated processing if the decision affects your legal rights or other equally important matters and to object to profiling in certain situations, including for direct marketing.
  • Right to withdraw Consent – Where we are relying on your consent for processing you can withdraw or change your consent at any time.

The above rights may be limited in some circumstances, for example, if fulfilling your request would reveal personal data about another person, if you ask us to delete data which we are required to have by law, or if we have compelling legitimate interests to keep it. We will let you know if that is the case and will then only use your data for these purposes. You may also be unable to continue using our services if you want us to stop processing your personal data.

If you have any general questions or want to exercise any of your rights, please see the “how you can get in touch” section of this privacy policy. In order to maintain the security of our customers’ personal details, we may need to request proof of identity before we disclose personal data to you in response to any request.

We encourage you to get in touch if you have any concerns with how we collect or use your personal data. You have the right to lodge a complaint directly with a Data Protection Authority. The Data Protection Authority in the USA, where we are based, is the Information Commissioner’s Office (ICO), you can contact the ICO here: ico.org.us/make-a-complaint. Our main supervisory authority in the EU is the Data Protection Commission (DPC) based in the Republic of Ireland, you can contact the DPC here: forms.dataprotection.ie/contact

The lawful bases we use to process data

We will only ever process your information if we have a lawful basis to do so. The lawful bases we rely on are:

  • Contract – This is where we process your data to fulfil a contractual arrangement we have made with you or because you have asked us to carry out a service before entering into a contract.
  • Consent –This is where we have asked you to provide permission to process your data for a particular purpose.
  • Legitimate Interests – This is where we rely on our interests as a basis for processing. Generally this is to provide you with the best products and services in the most secure and appropriate way, but not where our interests are overridden by your interests.
  • Legal Obligation –This is where we have a statutory or other legal obligation to process the data, such as to comply with regulatory requirements and/or requests.
  • Vital interests –This is where the processing of personal data is necessary to protect someone’s life.

How long we keep your data for

We keep your personal data as long as you are a customer of ours and generally for up to 7 years afterwards to comply with legal requirements. During that time we take steps to remove any personal data as soon as we no longer need it.

We consider you a customer:

  • as long as you hold an open credit account,
  • for 2 years from the point you last made a purchase from our website using a non-credit account, or
  • during any time we are managing a customer service request from you.

We keep CCTV footage on our systems for up to 30 days, it is then deleted. Where accidents, incidents, criminal activities or breaches of our policies are recorded CCTV footage will be kept for longer, however only as long as necessary.

Keeping your personal data secure

If you use any third party apps, websites or services to access our services, your usage is subject to the relevant third party’s terms and conditions, cookies policy, and privacy policy. For example, if you interact with us on social media, your use is subject to the terms and conditions and privacy policies of the relevant social media platform (Facebook, X etc.). The same applies if you use third party services, like Amazon’s Alexa. In certain cases we may be required to share your personal data, in relation to transactions and usage of the services, with the relevant third party.

How We Use Your Information

We use your data to:

  • Process and fulfill orders efficiently.
  • Provide customer support and improve our services.
  • Send promotional offers, newsletters, and important updates (you can opt out anytime).
  • Enhance user experience through analytics and targeted advertising.
  • Comply with legal obligations and prevent fraudulent activities.

Data Security

We take security seriously and implement industry-standard measures to protect your data. However, no method of transmission over the Internet is 100% secure. We encourage users to protect their accounts with strong passwords.

Third party apps, websites and services

We do not sell, trade, or rent your personal information. However, we may share data with:

  • Payment processors for transaction processing.
  • Shipping providers to deliver orders.
  • Marketing and analytics services to improve user experience.
  • Law enforcement if required by legal authorities.

Is Ton Clothing Store PCI compliant

Yes, Ton Clothing Store is certified Level 1 PCI DSS compliant. We are very serious about securely hosting your store and have invested significant time and money to certify our solution is PCI compliant. From annual on-site assessments validating compliance to continuous risk management, we work hard to keep our shopping cart and ecommerce hosting secure.