Your privacy is important to us:
- How we use your information;
- How we share your information;
- How long we keep your information and how it is stored;
- Our approach to sensitive personal information;
- What options you have to control your information;
- The rights you may have in relation to your personal information; and
- How we communicate changes to this Policy.
Please contact our Customer Services team if you would like to discuss this with us or have any questions, comments or suggestions relating to this Policy.
This Site is run by Bombshell Limited (“Bombshell”/”we”/”us”/”our”). For the purposes of applicable data protection laws, including the EU General Data Protection Regulation (“GDPR”) (as amended or superseded) Bombshell is the “controller” of the personal information collected through the Site, by phone, email or other communication, or with our Customer Services team. This means that Bombshell decides why and how your personal information is processed.
Our Website is free for you to browse through and read. We will only collect personal information that you provide to us when you:
- Create an account on our Site
- Place an order through our Site
- Fill in forms on our site, for example to leave feedback, enter a Prize Draw or Competition, or respond to a survey
- Contact us, send us an email or offer feedback
- Subscribe to our mailing list
Any personal information you provide to us in the ways listed above is voluntary. However, if you do not provide this information to us, we may be unable to provide products and services to you or interact or communicate with you effectively.
If you are a child under 16 and want to receive Bombshell news, we ask that a parent or guardian register. By this we mean that a parent or guardian can register on your behalf using their details. We ask this so that as a child, your personal details are protected, and also to ensure that you have parental consent to take part. Bombshell does not ask a person under 16 for more personal information as a condition of participation than is necessary for a given promotion.
We will also collect certain information automatically when you visit our Site, in particular:
- We record details of the resources that you access to visit our Site (for example, URL addresses, traffic data etc.); and
- We record information about the type of device you have used to visit our Site, your device settings, and the cause of any system errors. Your device manufacturer or operating system provider will have further details on what information your device makes available.
Information we collect when you contact us:
We will collect personal information about you when you contact us by telephone, email, online chat function or via social media. We may monitor, record and store such communication with you as needed and, in particular, for training and/or quality purposes.
Information we collect if you apply for a job with us:
You may be able to apply for a job with us through our Site or through third-party websites such as LinkedIn. The personal information we collect about you may include your name, contact details, employment history, and any information set out in your CV.
Your information may be processed by our staff or by the staff of our suppliers to the extent necessary to fulfil your order. By submitting your personal information to us, you agree to the transfer of your personal information, its storage and processing.
We will keep the data which we collect from you on a secure server. Any information you give us relating to credit card details is handled by a PCI DSS compliant third party and encrypted using secure server technology. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access and require our suppliers to do the same.
Where we have given you a password (or where you have chosen one) to access certain parts of this Site, you are responsible for keeping this password confidential. We ask that you do not share a password with anyone.
How long we keep your information:
We retain the information you provide for the following periods;
For as long as you are subscribed to receive marketing information and, afterwards, indefinitely in our suppression lists to ensure that you do not receive such information;
For as long as your account is being used and for a period of three years after the date you cease to use your account, after which period we will anonymise the personal information on file by deleting the personal information and allocating a personally unidentifiable unique reference ID and store the remaining information for a period of five years (“Data Retention Period”). After this time it will be permanently deleted from all systems and back-ups. If you wish to set up an account after this period this will be treated as a new account and your transaction history will not be available; and
In the case of any contact you may have with our Customer Care team, for as long as is necessary to provide support-related reports and trend analysis. Our Data Retention Period has been determined to cover contractual and legal requirements, credit risk, fraud detection and customer service periods, as well as to cover regulatory requirements, and the resolution of disputes or fraud prevention.
Sensitive personal information:
We do not seek to collect sensitive personal information (i.e. information relating to race or ethnic origin, political opinions, religious or other beliefs, trade union membership, physical or mental health, sexual orientation or criminal records). We ask that you do not provide such information to us.
Rights you may have:
You may have certain rights in relation to personal information that we hold about you. These include the right to request access to your personal information, to request that it is erased, that its processing is restricted, or that any inaccurate personal information is rectified. You may also have the right to object to the processing of your personal information, or in some circumstances to obtain a copy of the personal information in a machine readable format and will always have a right at any time to withdraw any consent you have given to us.
In particular, you have the right to object or withdraw your consent (as applicable) to any use we make of your personal information for direct marketing purposes. You have the option to unsubscribe from our emails through a link at the bottom of every email we send to you.
If you want to change the details that you have registered with us, or would like to amend your marketing preferences or unsubscribe altogether, this can be changed in the “My Account” section of our Site or by contacting our Customer Services team.
We share your information with our core service providers and third party platforms as required for our business to function; for example, picking, packaging and processing orders, fulfilling deliveries, customer support, fraud detection, credit risk reduction checks, IT systems support, and internal audits.
If you choose to provide feedback on your transaction, we will share your information with Loox, a third party feedback site who will capture your feedback on transactions which we use to enhance our customer service.
Your information may be processed by a third party in order to test, enhance or maintain the functionality of our Site.
In the event that you add items to your bag or browse an item but do not complete a transaction, Klaviyo will automatically send you an email to remind you that there are items in your bag.
We also use services offered by Google, Facebook, Instagram and other similar social media platforms to better tailor our marketing communications and for targeted advertising. As part of this process, some personal information, such as your email address, is provided to the relevant third party, however for security purposes this data is “hashed” prior to being shared. Hashing is a process of identity masking or “pseudonymisation” which means we do not disclose your e-mail but still enables linking between your social media presence and our Site. Your personal information will be transmitted to countries outside of the EEA, including the United States. If you would like more information about how your personal information may be transmitted, and the safeguards applied, please contact firstname.lastname@example.org. You may have the right to object to your personal information being used in this way (see “Rights you may have” below).
We receive insights from Facebook about the effectiveness of our advertising campaigns which you experience on our Site and social channels. This helps to better target our advertising.
Every external company we work with adheres to our same expectations and requirements in handling personal information and obligates them to meet these standards and those contained in the GDPR.
Our policy is to allow users to unsubscribe from our regular emails and SMS at any time. You can do this by clicking the link at the bottom of every email and SMS, sending an email to email@example.com requesting your information be removed from the mailing list.
If you have asked us to stop sending emails, and this hasn’t happened, it may be because the email address to which we are sending them is not the same as the address you sent your request from. Please check the address we are using and include this information in your request. The easiest way to do this is to return to us the whole of the unwanted email. The address we are sending to is included within the message.
Bombshell (and those people or companies employed by Bombshell who help make this Website, its content and certain affiliated companies) will process the information you tell us in order to respond to your feedback – like responding to problems, improving our services and gearing what we do to suit your requirements further.
Data protection laws require us to have a specific legal reason (also known as a ‘lawful basis’) and purpose to use your personal information.
The ways we use your personal information and the legal reasons which we have for doing so are as follows:
For the performance of a contract between you and us;
To provide you with an account on our Site, if you choose to sign up for one;
To fulfil any order that you place with us;
To collect payment from you;
To provide personal styling advice, if so requested;
To administer any competitions you have entered;
To provide you with a receipt, if you ask us to send this to you electronically; and
To protect and defend our legal rights and interests.
Where we have a legitimate interest in using your personal information:
Processing necessary for us to promote our business, brands and products and services
To contact you by email with marketing about our products and services after we presented you with an option on our Site to opt-out (e.g. using a tick box when placing an order or making a sales enquiry) which you declined to take. This marketing will relate only to products and services similar to those you are purchasing or enquiring after;
To deliver tailored advertising (including via social media);
To tailor and personalise our marketing communications based on your attributes and preferences; and
To administer and monitor our Site, including to ensure that content is presented in the most effective manner for you and for your device, and to allow you to participate in interactive features when you choose to.
Processing necessary for us to respond to changing market conditions and the needs of our visitors and customers
To analyse any feedback that you provide on our services, and to improve our services; and
Processing necessary to conduct recruitment activities and staff our business
To review and assess any job application that you submit to us.
To contact you by post following completion of an online order. And to contact you by email or text message or WhatsApp message with marketing communications about our products, services, events and promotions where you opted-in to receiving these (e.g. by actively ticking a box). This includes marketing information that we send to you in our e-mail newsletter to which you have signed up by inserting your e-mail address;
To contact you by email or text message to refresh your marketing preferences; and
Where the processing is required for us to comply with our legal obligations:
To comply with a request from you in connection with the exercise of your data protection rights (for example where you have asked us not to contact you for marketing purposes or your subscription has expired, we will keep a record of this on our suppression lists in order to be able to comply with our legal obligations); and
To keep a record of the data protection rights that you have exercised and which relate to our processing of your personal information.
Cookies and similar technologies we use on this website:
A cookie is a small text file placed on your computer by websites you visit. The cookies we use are unique to your Bombshell account. Cookies don’t tell us who you are, however they do allow us to recognise your device and remember your preferences or actions.
This website also uses technologies such as web beacons and pixels. These are other technologies that store information in your browser or device, using local shared objects or local storage.
Strictly Necessary Cookies – these cookies are required for the operation of our website. They will, for example, allow you to navigate the site, add items to your shopping basket and purchase them.
Site Analytics – to measure and analyse how customers use our website and respond to marketing, to improve your shopping experience and to improve the overall functionality of our website.
Deleting or blocking cookies and other technologies:
The cookies described above may be either “session cookies”, which means they are temporary and are automatically deleted from your computer or device when you close your browser, or they may be “persistent cookies”, which last until their expiry date or until you or your browser delete them. By law, we are required to ask your permission before storing non-essential cookies on your computer. If you choose to block or delete cookies or similar technologies used on our website, it may prevent the website from functioning properly or at all.
You may refuse to accept cookies by altering the settings on your internet browser. Generally, this can be done by visiting the “Settings” menu in your browser. You can also visit the EU-based Your Online Choices website, which will show you the cookies and similar technologies currently in use on your browser, and allow you to opt-out of these. By continuing to use our site and our cookies policy, you agree to the cookies outlined being placed on your device.
Advertising cookies and similar technologies:
Changes to cookies policy:
We may change this Cookies Policy from time to time. In some cases, we may provide you with additional notice such as adding a statement to the homepage of the website or sending you an email with the update. Please check this Cookies Policy regularly to stay informed about our information practices and the ways you can help protect your privacy.
We will use our best efforts to be sure that third parties who work with us as our agents to make this Website and its contents available to you, and to fulfil your orders and requests, agree to protect personal information that they must access in order to serve our Website and our visitors. We limit access to personal information about you to employees who we believe reasonably need to come into contact with that information to provide products or services to you or in order to do their jobs.
We may offer links to other websites we use and recommend. However, we are not responsible for the content or information collection policies of websites operated by other companies. If you visit another website, we advise you to review their privacy and other policies.