Privacy Policy for Cosyfeet
Cosyfeet is a trading name of Foot Shop Ltd whose registered address is The Tanyard, Leigh Road, STREET, Somerset, BA16 0HR. Company Registration number 1686089. VAT registration number 436 9410 41.
You can trust Cosyfeet to ensure we keep your data safe because your privacy and security is extremely important to us. All information that you share with us will be used in accordance with this privacy policy and we will share with you all data held if you request that of us. We may process your business information for carefully considered and specific purposes which are in our interest and enable us to enhance the services we provide, but which we believe also benefit our customers. See below for more details.
Under the GDPR definition, Cosyfeet uses “Legitimate Business Use” as the basis for processing your data. This does not affect any of your rights under the regulation and you have the right to object to us processing your data in this way.
General Data Protection Regulation and What It Means To You
The GDPR (EU) 2016/679 (or ‘GDPR’) will ensure that you have right on how and with whom your data is used and stored. Under GDPR you will have fundamental right to:
- be processed lawfully, fairly and in a transparent manner
- be forgotten
- not be profiled or to limit profiling
- not have your data passed to someone else
- see a copy of all data stored by us
- object
- data portability
- lodge a complaint with a supervisory authority by contacting the Information Commissioner’s Office (ICO)
We will comply with all the above rights but please note that if you have claimed VAT relief on your purchases we are required to keep this information for 7 years after the purchase to comply with HMRC VAT regulations. In addition to this, other data relating to financial transactions may need to be held to comply with financial regulations.
Under these circumstances your data will be moved to a separate part of our customer database, obfuscated (if appropriate) and will not be available to marketing or customer services.
You will be informed of any instances where we have not been able to comply with a specific data request and why.
What data do we collect about you?
- We collect your personal data such as your name, address, your date of birth (if you want to give it to us), telephone number and email address.
- We will ask if you are the end user, a relative or a carer for the end user.
- We also store details of what you have purchased from us, goods you have returned to us and whether you are entitled to VAT relief, which will also contain the medical reason for allowing VAT relief.
- All payment card details are encrypted ahead of transmission to payment processors.
- The last 4 digits of your PAN and the card expiry date are visible within our system, which is allowed under the PCI DSS 3.2 (Please see the section on Payment Processing for more information).
- We collect personal information when you order, sign up for email offers, share information about our products or visit to our website via e-mails, online forms and contact us pages, as well as some tracking information (please see ‘Use of Cookies’).
We may also receive personal data from third parties or other sources.
How do we ensure your data is safe?
PCI DSS 3.2 Compliance |
Our systems are secured by firewalls and other security measures that meet accepted industry standards and are regularly tested to ensure they meet standards set by the PCI DSS Security Council. Our websites & external internet connections are tested monthly by Trustwave Holdings, Inc., an Approved Scanning Vendor (ASV) and Qualified Security Assessor Company (QSA-C). |
https://www.trustwave.com |
SSL |
All connections to our web sites are encrypted and are verified by Cloudflare. We do not store any payment card information online beyond that which is permitted under the PCI DSS 3.2. |
https://www.Cloudflare.com |
NCSC Cyber Essentials |
Cosyfeet is working towards Cyber Essentials accreditation from the UK National Cyber Security Centre. |
https://www.ncsc.gov.uk/cyberessentials/overview |
Payment Processing
Cosyfeet follows industry best practices with our customer cardholder data, using technologies such as strong encryption, payment card tokenisation & obfuscation.
CyberSource |
Card transactions via our website (WEB) & over the phone (MOTO) are handled by our payment processor, CyberSource, a secure card processing company, owned and operated by Visa. We use 3D Secure (also known as Verified by Visa and MasterCard SecureCode) to keep you safe online and protect your existing card account against unauthorised use when you shop with us. |
https://www.cybersource.com
CyberSource are fully PCI DSS 3.2 compliant. Link |
PayPal |
We also accept payment via PayPal to provide an alternative way to purchase without giving us your card details. |
https://www.paypal.com/uk/home
PayPal are fully PCI DSS 3.2 compliant. Link |
Lloyds Bank Cardnet |
Payments taken in our retail shop are handled by Lloyds Bank Cardnet, who work with First Data to process the transactions. Card transactions are sent directly to the processor using Chip & PIN machines provided by First Data. No data from these transactions is recorded on our EPOS machines & merchant slips are stored securely and destroyed when they are no longer required. |
https://www.lloydsbank.com/business/take-payments-with-cardnet.html
First Data are fully Payment Card Industry (PCI) DSS 3.2 compliant. Link |
Please Note: Cosyfeet does not operate any of the stores in our stockist network (https://www.cosyfeet.com/stockists) and is not liable for the security of their systems or processing practices.
Why we collect this data and what we do with it
Under Legitimate Business Use, we use the data to contact you via our mailing and email programmes and to keep you up to date on new products, competitions and prize draws that we run from time to time. We may also send you information via SMS.
We will profile your data by using your name, address and purchasing history to keep our offers and mailings relevant to you and your requirements.
You can update your preferences for mail, email, SMS and third parties when you place an order or by contacting us directly.
How long do we keep this data?
Those who do not go on to purchase from us will be removed from our systems 6 months after their most recent catalogue request or from when they set up an account over the phone.
Data from existing or previous customers will be kept indefinitely, to honour our 'No Quibble Guarantee'.
Data Backups
Cosyfeet uses industry standard backup technologies to protect sensitive customer data against loss, theft or disaster.
All data backups are stored within the European Economic Area & are retained for 30 days.
Who do we pass your data to?
We will pass your data to 3rd parties that we think will be of interest to you. We process personal data based on the implied consent you grant us at the time we collect your data.
You can update your preferences by contacting us directly.
What is the purpose of sharing personal information?
We use specific companies to analyse personal data to create customer profiles which helps us identify potential future customers. They also pool and analyse this data to understand what our customers like to buy. Using those results, we tailor our communications to customers based on what should be of interest to them. For example, if you most frequently buy socks, we will send you communications focused on socks, with offers if applicable, which gives you a more personalised experience.
Which Third Parties do we share personal information with and what data do we share?
The personal information we share may include your full name, address, last purchase date and order value.
Epsilon Abacus (registered as Epsilon International UK Ltd)
Registered Address:
67 Broad Street, Teddington, Middlesex, TW11 8QZ
The above may share your information with companies who offer products or services that they have identified as likely to be of interest to you. These companies may contact you via postal mail only.
The participating retailers and charities are active in the clothing, collectables, food & wine, gardening, gadgets & entertainment, health & beauty, household goods, home interiors and travel categories. They share information on what their customers have purchased.
They pool and analyse this data to understand what consumers like to buy. Based on the resultant insights, retailers can tailor their communications, sending offers by post that should be of interest to the individual.
Experian Limited
Registered Address:
Sir John Peace Building, Experian Way, NG2 Business Park, Nottingham, NG80 1ZZ
The above may share your information with companies who offer products or services that they have identified as likely to be of interest to you. These companies may contact you via postal mail only.
The participating retailers are active in the clothing, food & wine, gardening, gadgets & entertainment, health & beauty, household goods, and home interiors categories. They share information on what their customers have purchased.
They pool and analyse this data to understand what consumers like to buy. Based on the resultant insights, retailers can tailor their communications, sending offers by post that should be of interest to the individual.
Transactis
Registered Address:
Green Heys, Walford Road, Ross on Wye, HR9 5DB
The above may share your information with companies who offer products or services that they have identified as likely to be of interest to you. These companies may contact you via postal mail only.
The participating retailers are active in the clothing, food & wine, gardening, gadgets & entertainment, health & beauty, household goods, and home interiors categories. They share information on what their customers have purchased.
Transactis pools and analyses this data to understand what consumers like to buy. Based on the resultant insights, retailers can tailor their communications, sending offers by post that should be of interest to the individual.
Other companies that we send data to produce mailings, emails, offer data cleansing services and to gather feedback. All these companies do not pass your data to anyone else and will delete your data once processed.
Company | Reason |
dotdigital Limited Registered Address: No. 1 London Bridge, London, SE1 9BG |
Email Marketing, abandoned cart & Processing |
AFD Registered Address: Mountain View Innovation Centre, Jurby Road, Lezayre, Ramsey, ISLE OF MAN, IM7 2DZ |
Address Cleansing, Deduplication & Suppression |
Edit Agency T/A Wood for Trees Limited Registered Address: 20 Manvers Street, Bath, BA1 1JW Web: https://edit.co.uk/ |
Data Profiling & Processing, Marketing Off-site Disaster Recovery |
Feefo Holdings Limited Registered Address: Heath Farm, Heath Road East, Petersfield, GU31 4HT |
Third-Party Customer Reviews To opt out of emails you will need to go direct to Feefo |
Google LLC Registered Address: 1600 Amphitheatre Parkway, Mountain View, California, 94043, USA |
Data Profiling & Advertising |
Sub2Tech Registered Address: Sub2 Technologies, 115 Baker St, London, W1U 6RT |
Data Profiling & Advertising, Marketing |
Adalyser Registered Address: Manchester Business Park, 3000 Aviator Way, Manchester, M22 5TG |
An analytics platform that is used to measure response to TV advertising. |
The Pixel Registered Address: Unit 5.19 Paintworks, Bath Road, Bristol, BS4 3EH |
Website development, hosting & management |
Response Solutions Registered address: 4575 Via Royale, Suite 110, Fort Myers, FL 33919 |
Profiling, direct mail and email marketing |
Mention-Me Ltd
Registered Address: 20-22 Wenlock Road, London, N1 7GU
Web: https://www.mention-me.com
Operation of a refer-a-friend program
Company | Reason |
Ballard Direct Registered Address: 7000 West Palmetto Park Rd., Suite 210, Boca Raton, FL 33433 |
Mailings to customers in the USA. |
Epsilon Data Management, LLC Registered Address: 11030 CirclePoint Road, Suite 110, Westminster, CO 80020 |
Data Profiling & Marketing |
Path2Response, LLC Registered Address: 390 Interlocken Crescent Ste 350, Broomfield, CO 80021 |
Data Profiling & Marketing |
Wiland, Inc. Registered Address: 7420 E Dry Creek Parkway, Niwot, CO 80503 |
Data Profiling & Marketing |
Choreograph LLC Registered Address: 3 World Trade Center, 175 Greenwich Street, New York, NY 10007 |
Data Profiling & Marketing |
For customers in the USA - to opt out, please click here
We share relevant personal data with the following delivery and fulfilment partners (where appropriate) to ensure you receive our products and services:
- Parcel Force - https://www.parcelforce.com/
- Royal Mail - https://www.royalmail.com/
- DPD (UK) - https://www.dpd.co.uk/
- UPS - https://www.ups.com/gb/en/Home.page
- Home Supplies - https://www.homesupplies-direct.co.uk/
- TOPRO - https://www.topromobility.co.uk/
- The Helping Hand Company - https://www.helpinghand.co.uk/
- Foam for Home - https://www.foamforhome.co.uk/
Disclosures
We will only disclose data when obliged to disclose personal data by law, or the disclosure is ‘necessary’ for purposes of national security, taxation and criminal investigation, or we have your consent, and to the following:
- Other companies within our Group of companies.
- Suppliers we engage to process data on our behalf: Epsilon Abacus, Transactis, Wood for Trees Ltd & Experian Limited
- Successors in title to our business.
Use of Personal Information
We process personal information collected via our websites and mail order for the purposes of:
- Providing information about products and services
- Providing and personalising our services
- Dealing with your enquiries and requests
- Administering orders and accounts relating to our suppliers or customers
- Trading in personal information (selling, hiring or exchanging information) - Abacus UK, Transactis & Experian Limited
- Conducting market research
Data Capture Information
We will send you information according to the preferences you submitted via our order form/data capture form/contact us page.
If you would like to change these preferences at any point, please contact us using the details at the end of this document.
Other Websites
Our website may contain links to other websites that are outside our control and are not covered by this Privacy Policy. If you access other sites using the links provided, the operators of these sites may collect information from you that will be used by them in accordance with their privacy policy, which may differ from ours.
Subject Access Requests
You have the right to see what personal data we hold about you.
To obtain a copy of the personal information we hold about you, please write to our Data Officer using the details at the end of this document.
Rights
Regardless of the country of your residency, Footshop Ltd provides you with the following rights regarding personal information:
- The right of access: Your right to obtain confirmation as to whether or not personal data is being processed, as well as access to the personal data along with details regarding the nature of processing.
- The right of rectification: Your right to obtain the rectification of inaccurate personal data.
- The right of portability: Your right to receive the personal data provided to us, in a structured, commonly used and machine-readable format.
- The right to be forgotten / right of erasure: Your right to erase your personal data. If we are not able to satisfy the request to be forgotten for legitimate business reasons, we will notify you in writing. Data will be removed from our Live database(s) as soon as possible. It will also leave our system backup rotation within 30 days. Please note that exercising your ‘Right to be Forgotten’ will void your entitlement to our ‘No Quibble Guarantee’ unless you can provide proof of purchase.
- The right to restrict processing: Your right for your data to be effectively ‘frozen’; stored and not further processed.
- The right to object: Your right to object to how your personal data is processed including your right to object to our profiling of you as outlined in this privacy policy.
You can submit your rights servicing request to: privacy@cosyfeet.com.
We will endeavour to honour requests as quickly as possible.
Internet-based Transfers
Given that the Internet is a global environment, using it to collect and process personal data necessarily involves the transmission of data on an international basis. This means for instance that data you pass to us may be processed outside the European Economic Area, although the data will always be held securely and in line with the requirements of UK data protection legislation. By communicating electronically with us, you acknowledge and agree to our processing of personal data in this way.
Use of Cookies
A cookie is a small piece of information sent by a web server to a web browser, which enables the server to collect information from the browser.
Find out more about cookies on www.allaboutcookies.org.
We use cookies to identify you when you visit this website and to keep track of your browsing patterns and build up a demographic profile.
Our use of cookies also allows registered users to be presented with a personalised version of the site, carry out e-commerce transactions and have access to information about their account.
Most browsers will allow you to turn off cookies. If you want to know how to do this, please see your browser help documents or follow instructions on www.allaboutcookies.org.
Please note, turning off certain cookies means you won’t be able to access your account or checkout. You will need to call us on 01458 447275 to place your order.
We use the following cookies on our site:
Cookie | Who owns this data | How long this data is kept for | Is this a first party or a third party cookie? | Data collected by the cookie |
__ar_v4 | .www.cosyfeet.com | 6 Years 9 Months | First Party | Unspecified |
_te_ | .www.cosyfeet.com | 1 Year | First Party | Unspecified |
currency | .www.cosyfeet.com | 1 Month | First Party | Remembers currency selected |
frontend_cid | .www.cosyfeet.com | 1 Month | First Party | Magento preset cookie |
nocache | .www.cosyfeet.com | 1 Month | First Party | Unspecified |
_ga | .cosyfeet.com | 2 years | First Party | Google analytics |
_gali | .cosyfeet.com | 0 seconds | First Party | Google analytics |
_gid | .cosyfeet.com | 1 day | First Party | Google analytics |
_gat | .cosyfeet.com | 1 minute | First Party | Google analytics (used to control request rate) |
_utma | .cosyfeet.com | 2 years | First Party | Google analytics |
_utmb | .cosyfeet.com | 2 years | First Party | Google analytics |
_utmc | .cosyfeet.com | 2 years | First Party | Google analytics |
_utmz | .cosyfeet.com | 2 years | First Party | Google analytics |
frontend | .cosyfeet.com | 4 days | First Party | Magento preset cookie |
civicCookieControl | .cosyfeet.com | 0 seconds | First Party | Used to control the 'Cookie Control' banner |
_uetsid | .cosyfeet.com | 30 minutes | First Party | Unspecified |
civicCookieControl | .www.cosyfeet.com | 0 seconds | First Party | Used to control the 'Cookie Control' banner |
__atuvc | www.cosyfeet.com | 2 years | First Party | Unspecified |
__atuvs | www.cosyfeet.com | 30 minutes | First Party | Unspecified |
civicCookieControl | www.cosyfeet.com | 3 months | First Party | Unspecified |
allow_mailshot | www.cosyfeet.com | 2 years | First Party | Used to save checkout preferences |
billing:city | www.cosyfeet.com | 2 years | First Party | Used to save checkout preferences |
billing:company | www.cosyfeet.com | 2 years | First Party | Used to save checkout preferences |
billing:email | www.cosyfeet.com | 2 years | First Party | Used to save checkout preferences |
billing:firstname | www.cosyfeet.com | 2 years | First Party | Used to save checkout preferences |
billing:lastname | www.cosyfeet.com | 2 years | First Party | Used to save checkout preferences |
billing:postcode | www.cosyfeet.com | 2 years | First Party | Used to save checkout preferences |
billing:prefix | www.cosyfeet.com | 2 years | First Party | Used to save checkout preferences |
billing:region | www.cosyfeet.com | 2 years | First Party | Used to save checkout preferences |
billing:street1 | www.cosyfeet.com | 2 years | First Party | Unspecified |
billing:street2 | www.cosyfeet.com | 2 years | First Party | Used to save checkout preferences |
billing:telephone | www.cosyfeet.com | 2 years | First Party | Used to save checkout preferences |
current_quote_id | www.cosyfeet.com | 2 years | First Party | Used to store items in basket |
id_accept_terms | www.cosyfeet.com | 2 years | First Party | Used to save checkout preferences |
new_registrant_name_other[*] | www.cosyfeet.com | 2 years | First Party | Used to save checkout preferences |
new_registration_id_* | www.cosyfeet.com | 2 years | First Party | Used to save checkout preferences |
loc | .addthis.com | 2 years | Third Party | Geolocation, used to help publishers know approximately where people sharing information are located. (State level) |
di2 | .addthis.com | 2 years | Third Party | Maintenance cookies that help manage expiration for other cookies |
ssc | .addthis.com | 2 years | Third Party | Recording user sharing and social activity |
uvc | .addthis.com | 2 years | Third Party | Recording user sharing and social activity |
uid | .addthis.com | 2 years | Third Party | Uniquely assigned machine-generated user ID |
bt2 | .addthis.com | 8 months 13 days | Third Party | User interest modeling |
um | .addthis.com | 2 years | Third Party | Unspecified |
vc | .addthis.com | 2 years | Third Party | Unspecified |
MR | .bat.bing.com | 6 months 3 days | Third Party | Bing tracking cookie |
MUID | .bing.com | 13 months | Third Party | Bing tracking cookie |
IDE | .doubleclick.net | 2 years | Third Party | Google Ads tracking cookie |
id | .doubleclick.net | 2 years | Third Party | Google Ads tracking cookie |
test_cookie | .doubleclick.net | 1 hour 15 minutes | Third Party | Google Ads tracking cookie |
_ga | .feefo.com | 2 years | Third Party | Feefo Google analytics |
_gid | .feefo.com | 2 years 1 day | Third Party | Feefo Google analytics |
APISID | .google.co.uk | 2 years | Third Party | Unspecified |
CONSENT | .google.co.uk | 21 years | Third Party | Unspecified |
HSID | .google.co.uk | 2 years | Third Party | Unspecified |
NID | .google.co.uk | 6 months | Third Party | Unspecified |
SAPISID | .google.co.uk | 2 years | Third Party | Unspecified |
SID | .google.co.uk | 2 years | Third Party | Unspecified |
SSID | .google.co.uk | 2 years | Third Party | Unspecified |
NID | .google.com | 6 months 3 days | Third Party | Unspecified |
AID | .googleadservices.com | 18 months | Third Party | Google Ads tracking cookie |
MUIDB | bat.bing.com | 2 years | Third Party | Unspecified |
ups | s7.addthis.com | 2 years | Third Party | Unspecified |
DV | www.google.co.uk | 10 minutes | Third Party | Unspecified |
OTZ | www.google.com | 0 seconds | Third Party | Unspecified |
KHcl0EuY7AKSMgfvHl7J5E7hPtK | .paypal.com | 20 years | Third Party | Used when using Paypal payment method |
LANG | .paypal.com | 9 hours | Third Party | |
X-PP-ADS | .paypal.com | 1 year | Third Party | |
X-PP-K | .paypal.com | 1 month | Third Party | |
X-PP-SILOVER | .paypal.com | 30 minutes | Third Party | |
_ga | .paypal.com | 2 years | Third Party | |
consumer_display | .paypal.com | 2 years | Third Party | |
cookie_check | .paypal.com | 10 years | Third Party | |
feel_cookie | .paypal.com | 2 years | Third Party | |
login_email | .paypal.com | 6 months | Third Party | |
navlns | .paypal.com | 2 years | Third Party | |
s_pers | .paypal.com | 2 years | Third Party | |
ts | .paypal.com | 3 years | Third Party | |
tsrce | .paypal.com | 1 day | Third Party | |
ui_experience | .paypal.com | 6 months | Third Party | |
x-csrf-jwt | .paypal.com | 1 week | Third Party | |
x-pp-p | .paypal.com | 1 year | Third Party | |
x-pp-s | .paypal.com | When the browsing session ends | Third Party | |
44907 | www.paypal.com | 3 months | Third Party | |
47364 | www.paypal.com | 30 minutes | Third Party | |
AKDC | www.paypal.com | 30 minutes | Third Party | |
KHcl0EuY7AKSMgfvHl7J5E7hPtK | www.paypal.com | 20 years | Third Party | |
X-PP-SILOVER | www.paypal.com | 0 seconds | Third Party | |
X-PP-SILOVER | www.paypal.com | 0 seconds | Third Party | |
akavpau_ppsd | www.paypal.com | When the browsing session ends | Third Party | |
ectoken | www.paypal.com | Indefinitely | Third Party | |
nsid | www.paypal.com | When the browsing session ends | Third Party | |
xppcts | www.paypal.com | 5 minutes | Third Party | |
aw_pop*. | www.cosyfeet.com | 1 hour | First Party | Used when visiting the website to control alerts |
aw_popup_closed_* | www.cosyfeet.com | When the browsing session ends | First Party | |
current_popid | www.cosyfeet.com | When the browsing session ends | First Party | |
firstvisittime | www.cosyfeet.com | 99 years | First Party | |
session-set | www.cosyfeet.com | 20 years | First Party | |
__adal_ca | www.adalyser.com | 6 months | First Party | Traffic source / campaign data - Store which advertising campaign drove a user to visit |
__adal_cw | www.adalyser.com | 7 days | First Party | Visit timestamp - Tie back conversion events to earlier visits |
__adal_id | www.adalyser.com | 2 Years | First Party | Uniquely identify a device |
mm_id | .mention-me.com | 5 Years | Third Party | This is our tracking ID which serves to identify any unique browser using our flow |
redirecttoflow | .mention-me.com | 5 Years | Third Party | Used to make a redirect to our site seamless for certain customer journeys |
mm_analytics | .mention-me.com | 5 Years | Third Party | Used to track your status through the checkout process |
mm_allocation | .mention-me.com | 5 Years | Third Party | Used to keep track of which offers you are participating in order to give you a more consistent experience |
mm_offer_frequency | .mention-me.com | 5 Years | Third Party | Used to keep track of how many times you have seen an offer so that we can limit how many times you see it |
mm_overlay_suppressed | .mention-me.com | 5 Years | Third Party | Used to suppress a corner peel promotion if the ‘x’ is clicked |
mm_conversion_message_suppressed | .mention-me.com | 5 Years | Third Party | Used to suppress a conversion message if the ‘x’ is clicked |
California Privacy Act - CCPA
California law permits residents of California to request certain details about the personal information that we have collected and how that information is shared with third parties for direct marketing purposes. Under the law, a business must either provide this information or permit California residents to opt out of this type of sharing. We permit California residents or authorised agents of California residents to opt out of having their information shared with third parties for direct marketing purposes. Consumers will not receive discriminatory treatment for the exercise of these privacy rights. Click here for more information and to make a request
Contacting Us Regarding this Privacy Policy
You may ask us at any point not to share your information with third Parties, by contacting us by email at privacy@cosyfeet.com
If you wish to speak to someone over the phone regarding any issues, concerns or comments about this document, please call us on 01458 447275.
Alternatively, you can also write to our Data Officer at:
Nick Brine, Data Officer,
Cosyfeet,
Unit 5, The Tanyard,
Leigh Road,
Street,
Somerset
BA16 0HR.
Amendments
Please note that this privacy policy is subject to change from time to time.
It was last updated on 23/08/2023.