This Notice explains in detail the types of personal data Luck and Luck may collect about you when you interact with us. It also explains how we’ll use, store and handle that data, and keep it safe.
We know that there’s a lot of information here, but we want you to be fully informed about your rights and how you can control the manner in which we use the data we collect from you and how you can check it, amend it and delete it if you wish.
We hope the following sections will answer any questions you have but if not, please do get in touch with us.
We will update this Privacy Notice from time to time so if you have any concerns about the data we ask you for you can always check the latest version which will be available on our website. The date of the last update will always be shown at the beginning of the notice.
2. Who is Luck and Luck?
Luck and Luck is a partnership formed in 2010 between Matthew and Holly Luck for the purposes of selling party goods and associated products to members of the public in the UK or overseas. All sales are currently online and we have no retail premises. Our head office and fulfillment centre is at the following address:-
Any questions regarding this Privacy Notice or concerning the way your personal data has or is being handled by us should be sent to the above address by post, email or phone.
3. Explaining the legal bases we rely on
The law on data protection requires us to explain the legal justification we have for collecting and processing your personal data. Luck and Luck relies on the following four bases:-
Consent – an example of this is when you opt-in to receive email newsletters or special offers. You can easily withdraw this consent at any time either by contacting us or by “unsubscribing” from any of the email messages we send you.
Contractual obligations – when you order from us you are asked to accept our Terms and Conditions and these establish a contract between you and Luck and Luck. Our part of the deal is to pack and deliver the goods you have ordered and for this we need a delivery address, a means of communicating with you electronically (phone or email or both) and payment for the goods.
Legal compliance – for example when we make a sale we have to raise a VAT invoice for the transaction which will have the name and address of our customer on it. We have to keep this accounting information for up to six years after the date of the sale. Please note however we are not required to hold any credit card (or Paypal) details and neither do we want to. When you place your order this information goes directly to the payment services provider (PSP) we use (Klarna or Paypal) who arrange the transfer of money from your account to ours. We never see this information ourselves except when you place your order by telephone and in this case we send the information to our PSP on your behalf and destroy the information immediately afterwards.
Legitimate interest – Under certain circumstances businesses may send marketing information or offers to previous customers provided the goods being promoted are similar in nature to those previously purchased and that such communications do not materially impact the rights, freedom or interests of the recipients.
In the case of marketing sent electronically (email marketing) businesses also have to give customers the opportunity to opt-out of any such marketing activity. Therefore when you place an order with Luck and Luck and we ask you for an email address you will see a tick box and an explanation that if you tick the box we won’t send you marketing newsletters and/or offers. If the experience of ordering from us is entirely satisfactory (we are sure it will be!) and you want to place a further order a few months later you may decide you do want to receive newsletters and special offers from us by email. If on this occasion you do not tick the “opt-out” box your original choice will be updated and we will start to send you email marketing communications. We will make a record of your marketing email preference each time you place an order.
4. When do we collect your personal data?
We only collect personal data from you when you give it to us by interacting with our website (www.luckandluck.co.uk), when you engage with us on social media or by speaking to us on the telephone.
Here are some examples of when we might collect personal data from you. The legal basis we rely on when doing this is shown in brackets:-
When you create an online account with us (consent).
When placing an order online using an account or as a guest (contractual obligation, legal compliance and legitimate interest).
When you request a catalogue (consent).
When you sign up for our newsletter (consent).
When you sign up for our blog (consent).
When you contact us by any means (including our Chat Line) with queries, complaints etc (contractual obligation and/or consent).
When you enter prize draws or competitions (consent and you may have to give further consent for your personal information to be passed on to the company offering the prize for the competition).
When you comment on or review our products and services (consent and legitimate interest).
We do collect other information from or about you but it is not personal information and on its own cannot easily be traced back to you. Examples are:-
• Your computer’s IP address
• Tracking your movements on our website
5. What sort of personal data do we ask you for?
Your name & address details
Your email address.
Your payment card information to pay for your order. This information goes straight to our Payment Service Providers (Klarna or Paypal). We do not see this information and neither do we store it.
Optionally your landline or mobile phone number if you choose to give it to us.
Optionally the dates of birth of your children if you choose to give us this data
6. What sort additional data do we collect from you?
We collect technical information about your internet connection and the browser you use, the pages you visited while on our site and the search terms you used. This helps us to improve our site in order to give the best possible online experience to all our users.
Your social media username if you interact with us through those channels and this allows us to respond to your comments, questions and feedback.
Tracking your movements when using our website and how you react to our marketing emails.
Buying information such as order value and products purchased.
7. How do we use your personal data?
The personal data we ask you for is primarily used to fulfill our contract with you so we can deliver the goods you have ordered from us.
We ask you for your name and home address so we can:-
Deliver your order to you or to your delivery address if different
Check the viability of the payment method you have used and to prevent fraudulent transactions.
Create an record for you in our order management system and account for the sale of goods to you for tax and VAT purposes.
Once or twice a year send you a copy of our latest party catalogue unless you ask us to cease. You can do this here or at any time in the future by emailing firstname.lastname@example.org.
We ask you for your email address so we can:-
Get in touch with you about your order where necessary
Acknowledge receipt of your order and advise you when it has left us giving you details of the shipment allowing you to track its progress.
Ask the delivery service to advise you when your order will be delivered.
Tell you when any refund you have asked for has been actioned.
Stay in touch with you after subscribing to our newsletter or placing an order unless you ask us not to. These emails usually take the form of:-
Advise of free offers or periods of free delivery
Arrival of new product ranges
Arrival of seasonal ranges such as Christmas, Easter, Halloween, Summer etc
Issue of a new edition of our catalogue
Stay in touch with you after signing up for our blog. These emails usually take the form of:-
RSS blog updates
Send you feedback requests to help us improve our products and services. These emails do not include any promotional content.
Every marketing email we send you gives you the opportunity to “unsubscribe” from further email marketing messages.
We ask you for payment information to allow our payment services provider to manage the payment of your order and advise us when it is complete. We never see or store this information ourselves.
Optionally we ask you for your phone number so we can:-
Get in touch with you about your order where necessary
Ask the delivery service to send you SMS messages about the delivery of your order (mobile phones only of course)
Optionally we ask you for the dates of birth of your children so we can send you a party catalogue or an email tailored to the child’s age a few weeks before the birthday. No correspondence is sent to the children themselves.
Personal information you Consent to give us.
Of course if you sign up for a newsletter or other service by giving us your email address we will use the address for that purpose until you ask us to cease. Every communication sent to you as a result of giving this “consent” will provide you with the opportunity to unsubscribe.
We might have to use your home address or email address to send you communications required by law or which are necessary to inform you about changes to the services we provide you. For example, updates to this Privacy Notice or product recall notices. These “service” messages will not include any promotional content and do not require prior consent when sent by email or text message.
8. How we protect your personal data
We know how much data security matters to all our customers. With this in mind we will treat your data with the utmost care and take all appropriate steps to protect it.
We secure access to all transactional areas of our website using ‘https’ technology.
Access to your personal data is password-protected, and sensitive data such as payment card information is secured by SSL encryption when it is sent to our Payment Service Providers.
Our network partners regularly monitor our IT systems for possible vulnerabilities and attacks
9. How long will we keep your personal data?
Whenever we collect or process your personal data, we’ll only keep it for as long as is necessary for the purpose for which it was collected.
At the end of that retention period, your data will either be deleted completely or rendered anonymous so that it can be used in a non-identifiable way for statistical analysis and business planning.
By way of example when you place an order we’ll keep the personal data you give us for up to six years so we can comply with HMRC tax and VAT obligations. Email addresses will cease to be used for marketing purposes two years after your last interaction with us or earlier if you choose to unsubscribe. If you unsubscribe your email address will go onto a suppression list so we can comply with your requirements. Email addresses on suppression lists will be kept for the life of the business.
10. Who do we share your personal data with?
We often have to pass your personal data to trusted third parties but only for the purposes of processing your order (fulfilling our contract with you) keeping in touch with you by direct marketing or providing you with additional facilities on our website.
We never sell, rent or pass your data to other companies for their marketing purposes. The only exception to this rule is if you enter a competition organised by us and the prize is offered by another company that company may expect to have access to your information for marketing purposes and to fulfill the prize. In this case you will be specifically informed at the time you enter the competition
Where we need to share your data with other companies we only provide them with the personal information they need to carry out specific services. We will have an agreement with them to ensure:-
They too comply with the requirements or equivalent standards of the General Data Protection Regulations even if they are operating outside Europe.
They only use your data for the purposes we specify in our agreement with them.
They only retain your data for as long as is necessary after which it will be deleted.
Obvious examples of the kind of third parties we work with are:-
• Operational companies such as delivery couriers who need your name and address to deliver your order and your email address to inform you when the delivery is due.
• Payment Service Providers (PSPs) who receive the credit card or Paypal details you provide when placing an order. Luck and Luck never see these details but the PSPs will use them to transfer payment from your account to ours and to perform credit checking against lists of known fraudulently used cards.
• IT companies who support our website and other business systems. Our customer lists and records are usually held within the systems to which they have access.
• Direct marketing companies who help us manage our electronic and postal communications with you and keep records of your email preferences.
• Address management companies to ensure your details are up to date and accurate and that you haven’t listed with any suppression service.
Less obvious examples of how your personal data might be passed to other companies:-
• When you use our Chat Line the email address you use for the chat gets passed to EKM in the UK which we use to manage this service. While the “chat” itself is directly with our own Customer Service staff the transcript of it alongside your name and email address is made by EKM who will send the copy of the transcript to you if you request it. EKM is not allowed to use any of this data for any other purpose.
• If another business were to buy or otherwise acquire part or all of the assets of Luck and Luck then the personal data held by Luck and Luck about its customers could be transferred as one of the assets. If this were to happen, your personal data would be transferred to the new owner under the terms of this Privacy Notice. During the process of purchase or acquisition Luck and Luck customer data might be shared with the interested party under the terms of this Privacy Notice for the purposes of the evaluation of the customer data as a whole.
• We may be required to disclose your personal data to the police or other enforcement or regulatory body. These requests are assessed on a case-by-case basis and if faced with them we will take the privacy of our customers into consideration. This may include exchanging information with other companies or organisations for the purposes of fraud protection and credit risk reduction
11. Where your personal data might be processed
At Luck and Luck we keep a schedule of all the customer personal data we hold showing where it is held and how it is transferred from one area to another. By far the majority of such data is held on our own servers in the UK or on the servers of our IT partners also in the UK.
Sometimes we will need to share your personal data with third parties and suppliers outside the UK and even outside the EEC . An obvious example of this are when you place an order with us and you live in the USA. Your name and delivery information will have to be passed at some stage to a courier in the USA to deliver your order. A less obvious example is the one given in Section 9 (above) concerning the use of our Chat Line.
The GDPR covers the processing of data within the EEC but where the data goes outside the EEC we ask our service partners in those countries to apply the same standards to the processing of that data as is required by the GDPR.
12. How can you stop the use of your personal data for direct marketing?
The marketing material we send to enquirers and previous customers mostly consists of email newsletters and special offers. We also send copies of our party catalogue to previous customers on the anniversary of a previous purchase and to anyone else who asks for it.
If you are receiving marketing information and want to stop it or you want to prevent it from the outset you can take any of the following actions and we will comply with your request:-
Tick the “opt-out” box when placing an order to prevent newsletters and special offers being sent to you by email. This is next to the point where we ask you for your email address.
Click the ‘unsubscribe’ link in any marketing email communication we send you which should stop the emails immediately or you can unsubscribe from email marketing here if you wish.
Ask us not to mail you copies of our printed catalogue by clicking here or at any time in the future by emailing email@example.com. Alternatively return any unwanted catalogue to us at our expense using the contact details shown on the inside back cover of any of our recent catalogues.
Write to Customer Services at the address in section 2 above.
13. What rights do you have over your personal data held by Luck and Luck?
You have the right to request:
Access to the personal data we hold about you.
The correction of your personal data when incorrect, out of date or incomplete.
The deletion of any personal data we hold about you provided we do not need it for other legitimate purpose eg. the invoices we raise to you for tax and VAT purposes and our marketing suppression lists.
That we stop using your personal data for direct marketing (see Section 12)
The withdrawal of any consent you may have previously given us to use or process your personal data
To carry out any of these requests please contact Customer Services using the details in section 2 above. To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make regarding your personal data.
If, in the unlikely event you should feel that your personal data has not been handled correctly by Luck and Luck you can lodge a formal complaint with the Information Commissioner’s Office (ICO) whose website can be found at www.ico.org.uk.
14. Terms and Conditions
To view our Terms and conditions click Here