Privacy Policy
Cosmoss Privacy Policy
You know us as COSMOSS, but our legal name is Cosmoss Group Limited ("we", "our", "us" or "COSMOSS"). We are committed to protecting the privacy of all users of our website www.cosmossbykatemoss.com (the "Site"). Please read this privacy policy that explains how we use and protect your personal information. We are the "controller" of the information we process, unless otherwise stated.
1. Contact details
1.1 If you have any queries or requests about this privacy policy or how we handle your information more generally, you can get in touch by contacting our general Customer Care team at: [email protected].
2. How we collect your information
2.1 We collect your information when you interact with us or use our services, such as when you use our Site to place an order. We also look at how visitors use our Site, to help us improve our services and optimise customer experience.
2.2 We collect information:
(a) when you create an account with us or you change your account settings;
(b) when you place an order with us and during the order process (including for payment and order delivery);
(c) through your interactions with us, such as when you request information or support or to receive marketing, information about our initiatives or other communications from us by email, phone, post or SMS;
(d) when you leave product reviews on our site;
(e) when you browse or use our Site (before and after you create an account with us).
2.3 We also collect information from third party sites, such as advertising and social media platforms.
3. Information we collect from you
3.1 As part of our commitment to the privacy of our customers and visitors to our Site more generally, we want to be clear about the sorts of information we will collect from you.
3.2 When you visit the Site or make an order through the Site, including any partner’s website we work with to provide delivery services, you are asked for information about yourself including your name, contact details, delivery address, order details, and payment information such as credit or debit card details. We will also collect information from you when you contact us on our Site.
3.3 We collect information about your use of the Site and information about you from any messages you post to the Site or when you contact us or provide us with feedback, including via email, post, phone or online review. If you contact us by phone, we may record and make notes about the call, including for training and service improvement purposes.
3.4 We collect information from your mobile device or computer, such as its operating system, the device and connection type and the IP address from which you are accessing our Site. We also collect technical information about your use of our Site through a mobile device, for example, carrier, location data and performance data such as mobile payment methods, interaction with other retail technology. Unless you have elected to remain anonymous through your device and/or platform settings, this information may be collected and used by us automatically if you use the Site on your mobile device(s) through your mobile's browser or otherwise.
3.5 Where we need to collect information by law, or under the terms of a contract we have with you, and you fail to provide that information, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with our services). In this case, we may have to cancel our service to you but we will notify you if this is the case at the time.
4. Use of your information
4.1 We will only process your information if there is a reason for doing so, and if that reason is permitted by law.
4.2 Where we need to provide you with the products you have ordered and/or to enter into a contract with you, we use your information to:
(a) enable us to provide you with access to the relevant parts of the Site (we collect necessary cookies from your device);
(b) supply the products you have ordered (we collect your name, contact details, delivery address and order details);
(c) enable us to collect payment from you (e.g., we collect your credit or debit card information); and
(d) contact you where necessary concerning our services, such as to resolve issues you may have with your order (we collect the information listed above and any additional information we may need to resolve your issue).
4.3 We also process your information where we have a legitimate interest for doing so, which are to:
(a) personalise our Site, including to make it easier and faster for you to place orders;
(b) improve the effectiveness and quality of the ordering and delivery process that our customers can expect from us in the future;
(c) tailor content that we or our partners display to you, for example so that we make sure you see the advertising which is most relevant to you, based on characteristics determined by us;
(d) enable our customer support team to help you with any enquiries or complaints in the most efficient way possible and to provide a positive customer experience;
(e) contact you for your views and feedback on our Site or our partners’ services and/or products and to notify you if there are any important changes or developments to the Site, including letting you know that we are operating in a new area, where you have asked us to do so;
(f) send you information by post about our products, promotions and initiatives (if you do not want to receive these, you can let us know by getting in touch (Please see Section 1 ‘Contact Details’));
(g) analyse your activity on the Site so that we can administer, support, improve and develop our business and for statistical and analytical purposes and to help us to prevent fraud; and
(h) detect, investigate, report and seek to prevent fraud or crime.
4.4 We also process your information to enforce our contractual terms with you and any other agreement, to ensure compliance with our internal policies and procedures and for the exercise or defence of legal claims and to protect the rights of COSMOSS, our partners, or others (including to prevent fraud).
4.5 If you submit comments and feedback regarding the Site or our products, we may use such comments and feedback on the Site and in any marketing or advertising materials. We will only identify you for this purpose by your first name and last initial which you provide us with and such comments and feedback may be displayed publicly on the Site.
4.6 We will also analyse data about your use of the Site to create profiles relating to you and for you. This means that we may make certain assumptions about what you may be interested in and use this, for example, to send you more tailored marketing communications, to present you with partners that we think you will prefer, or to let you know about special offers or products which we think you may be interested in. This activity is referred to as profiling. You have certain rights in relation to this type of processing. Please see Section 10 ‘Your rights’ for more details.
4.7 We may also use your information to comply with any legal obligation or regulatory requirement to which we are subject.
5. Cookies
5.1 You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of the Site may become inaccessible or not function properly. For more information about the cookies we use, and how to set or amend your cookie preferences, please see our Cookie Policy.
6. Marketing
6.1 Where you have given your consent or where we have a legitimate interest for doing so (and are permitted to do so by law) we will use your information to let you know about our other products or services, or initiatives that may be of interest to you and we may contact you to do so by email.
6.2 We use online advertising to keep you aware of what we’re up to and to help you see and find our products.
6.3 For more information on our use of advertising technologies and cookies, please see our Cookie Policy.
6.4 You can ask us or third parties to stop sending you marketing messages at any time your marketing preferences by following the opt-out links on any marketing message sent to you.
6.5 We may still contact you through email where you have opted out of direct marketing with service communications, including, but not limited to, correspondence providing information about your order, service interruption and delivery safety.
7. Retention of your information
7.1 We will only retain your information for as long as reasonably necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your information for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
7.2 When determining the appropriate retention periods, we will take into account factors including:
(b) legal obligation(s) under applicable law to retain information for a certain period of time;
(c) statute of limitations under applicable law(s);
(d) our legitimate interests for retaining the information (please see Section 4 ‘Use of your information’);
(e) whether there is an actual or potential dispute; and
(f) guidelines issued by relevant data protection authorities.
7.3 Otherwise, we securely erase your information where we no longer require it for the purposes we collected it for.
8. Sharing your information
8.1 We are very careful and transparent about who else your information is shared with.
8.2 We share your information with our other group companies only where necessary for the purposes set out in Section 4 - ‘Use of your information’ above.
8.3 We share your information with third party service providers that provide services on our behalf. The types of third party service providers whom we share your information with include for example:
(a) payment providers (including online payment providers and fraud detection providers);
(b) IT service providers (including cloud providers, web hosts and email providers);
(c) logistics providers (including address verification services and delivery providers);
(d) insurance companies;
(e) customer support providers (including, but not limited to, companies that assist us to provide customer or technical support); and
(f) marketing and advertising partners.
8.4 We share your information when we promote a programme or offer a service or product in conjunction with a third-party business partner. We will share your information with that partner to assist in marketing or to provide the associated product or service. In most of those cases, the programme or offer will include the name of the third-party business partner, either alone or with ours. An example of such a business partner relationship would be a partner that we partner with for providing delivery services.
8.5 If you submit comments and feedback regarding the Site, our products, and our partners we may share such comments and feedback with our partners. In addition, and if you consent to it, we may share health information about you with our partners, for example if you report any specific allergies.
8.6 We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy and applicable laws when it is transferred to third parties.
8.7 If our business enters into a joint venture with, purchases or is sold to or merged with another business entity, your information may be disclosed or transferred to the target company, our new business partners or owners or their advisors.
8.8 We may also share your information:
(b) in order to enforce our contractual terms with you and any other agreement;
(c) to protect our rights or those of our partners or others, including to prevent fraud; and
(d) with such third parties as we reasonably consider necessary in order to prevent crime, e.g. the police or for health and safety purposes.
8.9 In some cases the information we collect from you might be processed outside the United Kingdom or the European Economic Area (EEA), such as the United States and the countries in which COSMOSS operates. These countries may not have the same protections for your information as the UK or EEA has. To the extent these countries have not been lawfully recognised as providing an adequate level of data protection, we will ensure that the information that is processed by us and our suppliers outside of the UK or EEA is protected in the same way as it would be if it was processed within the UK or the EEA. We ensure to use an appropriate data transfer mechanism, such as reliance on the protections set out in approved standard contractual clauses.
8.10 Please contact us using the contact details above for further information on the specific mechanism used by us when transferring your information.
9. Security
9.1 We adopt robust technologies and policies to protect your information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
9.2 We have implemented procedures to deal with any data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
9.3 Unfortunately, the transmission of information via the internet is not completely secure. Although we will take steps to protect your information, we cannot guarantee the security of your information transmitted to the Site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
9.4 When you open an account you may create a password, or other secure login method and also provide payment card details. You must use a unique password and keep any password you create, or other secure login method, secret in order to help prevent others from accessing your account.
10. Your rights
10.1 Under certain circumstances, you have rights under data protection law in relation to the information we hold about you.
10.2 These include:
(a) The right of access. This is also known as a “data subject access request”. You have the right to receive a copy of the information we hold about you and to check that we are lawfully processing it.
(b) The right to rectification. You are entitled to have any incomplete or inaccurate information we hold about you corrected, though we may need to verify the accuracy of the new information you provide to us.
(c) The right to erasure. This is also known as “the right to be forgotten” which enables you to request the deletion or removal of certain of the information that we hold about you where there is no good reason for us continuing to process it. This right is not absolute and only applies in certain circumstances.
(d) The right to restrict processing. You have the right to block or suppress further use of your information in certain circumstances. When processing is restricted, we may still have a lawful reason to store your information, but we will not use it further.
(e) The right to data portability. You have the right to receive your information in a structured, commonly used and machine-readable format which you can transfer to another service provider or other third party. This right is not absolute and only applies in certain circumstances.
(f) The right to withdraw consent. Where we rely on consent to use your information, you have the right to withdraw that consent at any time. Withdrawing consent will not, however, make unlawful our use of your information before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain services to you.
(g) The right to object to processing. You have the right to object to certain types of processing of your information, including processing for direct marketing purposes and profiling. You can object by changing your marketing preferences and disabling cookies as set out in our Cookie Policy and Section 6 ‘Marketing’ or by contacting us.
10.3 You have the right not to be subject to a decision based solely on automated processing of your information.
10.4 To exercise any of these rights, please contact us in writing at [email protected].
10.5 If you are unhappy with how we have handled your information you can contact your local data protection authority. In the UK, this is the Information Commissioner’s Office. We would, however, really appreciate the chance to deal with your concerns before you approach your local data protection authority and so we please ask that you contact us first.
11. Changes to our Privacy Policy
11.1 We update this privacy policy from time to time, so remember to check back in every so often, in case anything has changed and, where appropriate, we may notify you of the changes, for example by email or push notification.
11.2 This privacy policy was last updated: 01.09.2022.
