Updated: 1 February 2022
“Personal Information”, is any information that enables us to identify you, directly or indirectly, such as your email address, name, shipping and billing address, telephone number, company name, credit card information, any form of identification number, or one or more factors specific to your physical, physiological, mental, economic, genetic, cultural or social identity.
For the purposes of the EU General Data Protection Regulation 2016/679 (the “GDPR”), the FINNEY company from which you have purchased products and/or services, or with which you have entered into communications, or which has otherwise collected your Personal Information is the controller of your Personal information.
FINNEY INC LTD: c/o Julie Symes, YMU, 180 Great Portland St W1W 5QZ UK
PERSONAL INFORMATION WE COLLECT
When you visit the Site, we automatically collect certain information about your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device. Additionally, as you browse the Site, we collect information about the individual web pages or products that you view, what websites or search terms referred you to the Site, and information about how you interact with the Site. We refer to this automatically collected information as “Device Information”.
Our website is operated by FINNEY. Throughout the site, the terms “we”, “us” and “our” refer to FINNEY. We are a UK and UK based business. If you’re in the European Economic Area (EEA), for purposes of European data protection law, the data controller of your personal information is FINNEY INC LTD in the UK.
We collect Device Information using the following technologies: - “Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org. - “Log files” track actions occurring on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps. - “Web beacons”, “tags”, and “pixels” are electronic files used to record information about how you browse the Site.
Additionally, when you make a purchase or attempt to make a purchase through the Site, we collect certain information from you, including your name, billing address, shipping address, payment information (including credit card numbers), email address, and phone number. We refer to this information as “Order Information”.
HOW DO WE USE YOUR PERSONAL INFORMATION?
We use the Order Information that we collect generally to fulfil any orders placed through the Site (including processing your payment information, arranging for shipping, and providing you with invoices and/or order confirmations). Additionally, we use this Order Information to:
- Communicate with you;
- Screen our orders for potential risk or fraud; and
- When in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services.
We use the Device Information that we collect to help us screen for potential risk and fraud (in particular, your IP address), and more generally to improve and optimize our Site (for example, by generating analytics about how our customers browse and interact with the Site, and to assess the success of our marketing and advertising campaigns).
WHAT INFORMATION DO WE USE?
When we provide the Services, we collect or receive information in a few different ways. In many cases, you can choose what information to provide, although some information is required, for example, in order to make a purchase.
Information you provide to us:
Personal details and contact information: This includes information such as name, contact information (including mobile telephone number) and any personal information required for creating an account with us or engaging with our Services.
Account and user information: This includes information which you provide us when you register for certain customer services or participate in one of our online contests.
Sales and marketing related information: This includes information such as products purchased, your marketing preferences, telephone number, email address and information about how you interact with our marketing materials.
Payment and transactional information: When you purchase an item from us, you provide our payment processor with your payment information. This includes information such as billing and payment card details, payment receipts and shipping details. We use a trusted third-party payment provider and as such, FINNEY does not collect payment card information.
Customer support information: You may provide us with additional information if you email or call us. Additional information may include details of administrative, technical and support communications with us and any personal information contained in complaints or concerns you submit to us.
Automatically collected information:
Log Data: We automatically collect certain log data when you interact with our Services or visit our website on your computer or other device, including IP address, browser information and the web pages that you have requested on our website.
If you choose not to provide us with certain information, we might not be able to provide you all (or any) of the Services.
WHAT DO WE USE YOUR INFORMATION FOR?
We use the information we have to help us provide, operate, improve, understand, customize, support, and market our Services. Specifically, any of the personal information we collect from you may be used in the following ways:
Where it is necessary to perform our contractual obligations with you, we process your information to:
Process transactions: In order to process customer orders, track shipments, and fulfil deliveries and process payments and to fulfil our contracts with you and with our business partners and suppliers, we process your personal information.
Create and administer accounts and registrations: When you create an account with us or register for our products or services, we process your personal information in order to create and administer your accounts and registrations.
Where it is in furtherance of our legitimate interests and those of others, provided those legitimate interests are not overridden by your rights or interests, we process your personal information to:
Operate, improve and evaluate our business: We use your information to operate our services and provide our products and to improve the efficiency of our operations including enhancing and improving our services, providing customer support, managing our communications, analysing our services and performing our contracts with third parties. For example, we will retain and evaluate information on your recent visits to our website and how you move around different sections of our website for analytics purposes to understand how people use our website so that we can make it more intuitive. We continually strive to improve our website offerings based on the information and feedback we receive from you.
Communicate with you: We use your information to communicate with you about our Services and to let you know about our terms and policies and other important updates. If you do not object to us using your personal information, we may provide you with marketing information for our products and services. It is in our legitimate interests to promote and market our products and services.
Personalize your experience: We use your information to help us to better respond to your individual needs. For example, we will retain your shopping history and use details of the products you have previously purchased to make suggestions to you for other products which we believe you will also be interested in.
Advertising: We monitor and analyse your interactions with our Services and third parties’ online services so we can tailor our advertising to what we think will interest you using the information we hold about you.
Support safety and security: It is in our legitimate interests to use your information to prevent unlawful activities and misuse of our goods and services, to protect the safety and security of our customers and personnel, to protect our property, to deter crime and to investigate any security incidents or accidents.
Legal proceedings: We process your information if necessary to defend our interests in legal proceedings.
In certain circumstances, we also use your personal information based upon consent you have given us (which you may revoke at any time) or if we believe it is appropriate to comply with the law.
DO WE SHARE YOUR INFORMATION?
Yes. We keep your information private. We do not sell, trade, or otherwise transfer to outside parties your information.
However, to provide the Services, we share your information with affiliates, public authorities and our trusted third parties. For example:
Affiliates: We may share your information with affiliates, who may in turn share information with us, for the provision of our Services and products in accordance with this Policy.
Service providers: We work with third-party service providers to help us operate, provide, improve, understand, customize, support, and market our Services. When we share your information with third-party service providers, we require them to use your information on our behalf in accordance with our instructions and terms.
Analytics: We work with Google Analytics which collects information such as how often users visit our website, what pages they visit when they do so, and what other sites they used prior to coming to the website. You may opt-out of Google Analytics tracking with the Google Analytics opt-out browser add-on.
Professional advisers: We share your information with our professional advisers like lawyers where necessary, such as in connection with the establishment, exercise or defence of legal claims.
We may share some or all of your information in connection with, or during negotiation of, any merger, financing, acquisition or dissolution, transaction or proceeding involving sale, transfer, divestiture, or disclosure of all or a portion of our business or assets. In the event of insolvency, bankruptcy, or receivership, information may also be transferred as a business asset.
For legal and safety reasons, we may provide information to a third party if we believe in good faith that we are required to so for legal reasons or that this is necessary to prevent harm or injury to our users, members of the public, our staff, or ourselves, or if we need to do so to defend our legal rights or to enforce our Terms of Service.
Note: If at any time you would like to unsubscribe from receiving future emails, we include detailed unsubscribe instructions at the bottom of each email.
Like most international business, we operate globally. As a result, your information can be disclosed and transferred to a country outside of the EEA in order for us to provide our Services. Some of these countries may not have the same levels of data protection as are present in the EEA.
In certain cases, we use a legal mechanism known as “standard contractual clauses” to protect personal information that is transferred outside the EEA. Standard contractual clauses refer to contracts between companies transferring personal information that contain standard commitments approved by the European Commission protecting the privacy and security of the information transferred.
Alternatively, we will transfer personal information to a country which is deemed to have adequate protections in place pursuant to adequacy decisions issued by the European Commission. To access the current list of countries for which there is an adequacy decision in place, click here.
To learn more or to request a copy of any standard contractual clauses which may relate to your personal information you can contact us.
Your Personal Information may be processed by us in the United States, where laws regarding data protection may be less stringent than the laws in your country. By using this Site and by providing any Personal Information to the Site, all users, including without limitation users in Canada, the UK and the European Union, acknowledge FINNEY’s collection and processing of such Personal Information in the United States.
When disclosing Personal Information from the EU and the UK to a third party (e.g. our shipping agents) located in a country not recognized by the European Commission as ensuring an adequate level of protection (e.g., the United States), we will take appropriate steps to safeguard such Personal Information, such as by implementing the European Commission-approved Standard Contractual Clauses, this includes where FINNEY INC USA. receives Personal Information in the US from FINNEY INC Ltd. in the UK.
For the avoidance of doubt, FINNEY does not rely upon the now invalidated U.S. Department of Commerce Privacy Shield Framework in order to receive EU Personal Information in the U.S. For further details, please contact us at firstname.lastname@example.org
HOW DO WE PROTECT YOUR PERSONAL INFORMATION?
We implement a variety of security measures to maintain the safety of your information when you place an order or enter, submit, or access your information.
We use a secure server. All supplied sensitive/credit information is transmitted via Secure Socket Layer (SSL) technology and then encrypted into our payment gateway provider’s database only to be accessible by those authorized with special access rights to such systems and who are required to keep the information confidential. After a transaction, your private information (credit cards, social security numbers, financials, etc.) will not be stored on our servers.
MANAGING AND DELETING YOUR PERSONAL INFORMATION
If you want to correct or update the personal information we have collected or request deletion of your account, please contact us. Please play your part in keeping your information secure by choosing a strong password and by keeping your login details secret.
We keep your information for as long as necessary in light of the purposes it was originally collected or lawfully further processed. We generally store your information for the duration of your account with us. We do this to provide you with our Service. We may use third party service providers to store and maintain such data. We require all such third-party services providers to have suitable measures in place with respect to the security of your information.
We retain your verification-related information for a reasonable period of time, even if you do not complete all verification steps, to assist with future verifications and to prevent abuse of our verification processes. If you decide not to verify the account and would like us to delete the verification information you provided, contact us.
If you reside in certain territories, including the EEA, you benefit from a number of rights in relation to your information. While some of these rights apply generally, certain rights apply only in certain limited cases. We describe these rights below in a summary format but mandated applicable law shall govern.
Access and Porting: You can access much of your information by logging into your account. Where legally required, we can provide your information upon your request. Note that, in accordance with applicable law, information will not be provided where doing so would adversely affect the rights (including the intellectual property rights) of others.
Change, Restrict, Limit, Delete: You can also change, restrict, limit or delete much of your information by contacting us. We may retain certain information as required and permitted by applicable law. Object: If we process your information based on our legitimate interests explained above, or in the public interest, you can object to this processing in certain circumstances. In such cases, we will cease processing your information unless we have compelling legitimate grounds to continue processing or where it is needed for legal reasons.
Revoke consent: Where you have previously provided your consent, you have the right to withdraw your consent to the processing of your information at any time. For example, you can withdraw your consent to email marketing by following the link provided in a marketing email. You can also revoke any consent you have provided by contacting us. If you withdraw your consent to the use of your information for purposes set out in this Policy, you may not have access to all (or any) of our Services, and we might not be able to provide you all (or any) of the Services. In certain cases, we may continue to process your information after you have withdrawn consent if we have a legal basis to do so or if your withdrawal of consent was limited to certain processing activities.
Complain. If you reside in the EEA, should you wish to raise a concern about our use of your information (and without prejudice to any other rights you may have) you have the statutory right to do so with your local data protection authority.
If you have any questions about your rights, please email us at email@example.com.
GIFTS: if you are purchasing a gift for someone, and you give us that person’s information for shipping, we are relying on you to make sure you have the right (and consent if needed) to provide to us the recipient’s information.
SHARING YOUR PERSONAL INFORMATION
We share your Personal Information with third parties to help us use your Personal Information, as described above. For example, we use Shopify to power our online store--you can read more about how Shopify uses your Personal Information here: https://www.shopify.com/legal/privacy.
We also use Google Analytics to help us understand how our customers use the Site -- you can read more about how Google uses your Personal Information here: https://www.google.com/intl/en/policies/privacy/.
You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
Finally, we may also share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.
As described above, we use your Personal Information to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work. You can opt out of targeted advertising by using the links below:
- Facebook: https://www.facebook.com/settings/?tab=ads
- Google: https://www.google.com/settings/ads/anonymous
- Bing: https://advertise.bingads.microsoft.com/en-us/resources/policies/personalized-ads
Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at: http://optout.aboutads.info/.DO NOT TRACK
Please note that we do not alter our Site’s data collection and use practices when we see a Do Not Track signal from your browser.
When you place an order through the Site, we will maintain your Order Information for our records unless and until you ask us to delete this information.
CALIFORNIA ONLINE PRIVACY PROTECTION ACT COMPLIANCE
Because we value your privacy, we have taken the necessary precautions to be in compliance with the California Online Privacy Protection Act. We therefore will not distribute your personal information to outside parties without your consent.
As part of the California Online Privacy Protection Act, all users of our site may make any changes to their information at any time by emailing us at firstname.lastname@example.org if you are a California resident, you also have the additional rights, and we are sharing with you the following additional information about our practices:
we do not collect: any state or government issued identifiers (such as social security numbers, passport numbers, drivers’ license numbers, employment or employment related information, health information, sex or sexual orientation, veteran’s status, religion, political affiliations, biometric data, geolocation data, sensory information, education history or other “sensitive” information.
no inferences drawn: we do not profile you based on the information we collect as to any psychological trends, intelligence, aptitudes or behaviour.
if you are a California resident, we also use personal information to:
process your request to change your information;
process your request to access your information;
process your request to be forgotten; and
verify who you are before we will process these requests
in the last twelve (12) months, we have not sold your personal information: if we ever do consider selling personal information, we will first provide to you notice, and afford to you an opportunity to opt out.
your rights and choices:
the California consumer privacy act (“ccpa”) provides consumers (California residents) with specific rights regarding their personal information. this section describes your ccpa rights and explains how to exercise those rights.
access to specific information and data portability rights: you have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. once we receive and confirm your verifiable consumer request, we will disclose to you:
the categories of personal information we collected about you;
the categories of sources for the personal information we collected about you;
our business or commercial purpose for collecting that personal information;
the categories of third parties with whom we share that personal information;
the specific pieces of personal information we collected about you (also called a data portability request); and
if we disclosed your personal information for a business purpose, the disclosures we made, the purpose for the disclosure, and identifying the personal information categories that each category of recipient obtained.
deletion request rights (the right to be forgotten): you have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
complete the transaction for which we collected the personal information, provide a service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you;
detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
comply with the California electronic communications privacy act (cal. penal code § 1546 et. seq.); enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us;
comply with a legal obligation; and/or
make other internal and lawful uses of that information that are compatible with the context in which you provided it.
exercising access, data portability, and deletion rights: to exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by emailing email@example.com.
or writing to us at FINNEY legals, c/o YMU, 180 great Portland St, London WIW 5QZ
Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. you may also make a verifiable consumer request on behalf of your minor child (anyone under the age of 18 in California).
Please note that you may only make a verifiable consumer request for access or data portability twice within a 12-month period. the verifiable consumer request must:
provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.
Making a verifiable consumer request does not require you to create an account with us.
We will only use personal information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request.
Response timing and format (meaning how we deliver the response): we endeavour to respond to you with respect to a verifiable consumer request within forty-five (45) days of its receipt. if we require more time, we will inform you of the reason and extension period in writing. we will deliver our written response by mail or electronically, at your option.
Any disclosures we provide will only cover the twelve (12) month period preceding the verifiable consumer request's receipt. the response we provide will also explain the reasons we cannot comply with a request, if applicable. for data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
we do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. if we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
non-discrimination: we will not discriminate against you for exercising any of your ccpa rights. unless permitted by the ccpa, we will not:
deny you goods or services;
charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties;
provide you a different level or quality of goods or services; or
suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
Other California privacy rights: California’s "shine the light" law (civil code section § 1798.83) permits users of our website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. to make such a request, please send an email to firstname.lastname@example.org
contact information: https://finney-co.com/pages/contact.
when contacting us, please indicate that you are a California resident. by contacting us based on the information herein, you represent that you are a “consumer” as defined in section 17014 of title 18 of the California code of regulations.
EU, SWISS AND EEA SITE VISITORS
To the extent that we have not already explained above how we collect, use, and disclose your information that we receive from the EU, European Economic Area ("EEA"), and Switzerland, we provide more information here.
Consent: we will expressly ask for your consent if and when you choose to register for an account or if you opt-in to receive our newsletters. if you choose to grant your consent, the information you provide to us at the point of collection will be transferred to us, our servers, and our third-party processors here in the United States. if you did consent to receive advertisements and/or newsletters, you can opt out https://finney-co.com/pages/contact. note that before we cancel an account, we may need to verify your identity first.
Purchases: if you choose to purchase our products through this site, our third-party payment processor will receive your payment information and related transaction information. However, if you do want to make a purchase, you will need to consent to provide payment information, shipping information, and points of contact. Our third-party service providers help us to process your payments and to detect and prevent fraud. As, we discuss in this policy above, these third parties have agreed to process your information in accordance with the general data protection regulation (“GDPR”), but it is your choice whether or not to proceed with a purchase through this site.
Your rights as EU, EEA and Swiss residents: this site also provides you with information about our procedures to help ensure that your information is reliable for its intended use, accurate, complete, and current, and we include links to those resources.
Third party transfers: as we explained above, we may transfer information to our third-party agents (“processors”, under GDPR) or service providers who perform functions on our behalf as described in this policy. these third-party providers have agreed to treat your information in accordance with GDPR (whether with standard contractual clauses or data transfer agreements), and our agreements limit their use of your data to the specified services provided on our behalf. we take reasonable and appropriate steps to ensure that third-party agents and service providers process your information in accordance with this agreement.
Security: we maintain reasonable and appropriate security measures to protect your information from loss, misuse, unauthorized access, disclosure, alteration, or destruction in accordance with GDPR.
Accessing, correcting and/or deleting your information: you may have the right to access the information that we hold about you and to request that we correct, amend, or delete it if it is inaccurate or processed in violation of the GDPR, including if we exceeded your consented use of your information. please contact us here: https://finney-co.com/pages/contact.
Retention and destruction: if you do not otherwise request sooner, we have processes in place to delete your information when we no longer need it and are not required by law to continue to retain it.
When we do not honour your requests: these access rights may not apply in some cases, including where providing access is unreasonably burdensome or expensive under the circumstances or where it would violate the rights of someone other than the individual requesting access. we may also decline your request for erasure (the right to be forgotten) if we need to keep that information to establish, exercise or defend against legal claims.
If you would like to request access to, correction, amendment, or deletion of your information, or direct any questions or complaints about the use or disclosure of your information, you can submit a written request to the contact information provided below.
Verification: we may request specific information from you to confirm your identity. in some circumstances we may charge a reasonable fee for access to your information.
Response time: we will respond to your verified requests in a reasonable timeframe, and in any event in less than 30 days.
Complaints: if we did not use your information as you consented, or if we did not honour your lawful requests, and you are resident in the EEA and you believe we are unlawfully processing your information, you also have the right to complain to your local data protection supervisory authority. you can find their contact details here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm
for all users of our site, regardless of where you are located, we have implemented reasonable measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. all information you provide to us is stored on our servers behind firewalls.
The safety and security of your information also depends on you. where we have given you (or where you have chosen) a password for access to certain parts of our website, you are responsible for keeping this password confidential. we ask you not to share your password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. although we do use reasonable measures intended to protect your personal information, we cannot guarantee the security of your personal information transmitted to our website. to the fullest extent allowed by law, any transmission of personal information is at your own risk. except where the law mandates otherwise, we are not responsible for circumvention of any privacy settings or security measures contained on this site.
CHILDRENS ONLINE PRIVACY PROTECTION ACT COMPLIANCE
Our services are intended for general audiences, and are not intended for anyone under 13, anyone under 16 in the EEA or anyone under the minimum age to use the services in the jurisdiction where they reside.
Check here to confirm what your EU member state requires:
We are in compliance with the requirements of coppa (children’s online privacy protection act). we do not collect any information from anyone under 13 years of age. our website, products and services are all directed to people who are at least 13 years old or older.
Only if required by law will we ask for your actual date of birth and except as required by law, you are not obligated to provide this information. if you are under 18 you need your parent or guardian to consent to register an account with us.
Parent/guardian right of access: your parent and/or your legal guardian has the right to ask about the information we have collected about you. we will ask that person making the request to verify that they are in fact your parent or legal guardian before we provide them your information. we will also collect the contact information for the person requesting this information so we can respond to the request.
For more information about children’s online privacy, please visit (for children in the US.), the federal trade commission’s resource page: https://www.consumer.ftc.gov/articles/0031-protecting-your-childs-privacy-online.
We do not knowingly collect information about children under that age of 13. if a parent or legal guardian believes that we have been provided with information about their child under the age of 13, please contact us at: email@example.com.
for more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by email at firstname.lastname@example.org or by mail using the details provided below:
[re: privacy compliance officer]
c/o YMU, 180 Great Portland St
London W1W 5QZ