If at any time you are concerned or have questions about how we might be handling your data, please reach out to our Data Protection Officer at firstname.lastname@example.org
Baby Mori Ltd (“MORI”, "We", “Us” and “Our”) remain fully committed to the protection of your privacy at all times. The information contained in this policy has been published to inform you of the way in which any Personal Data (as defined below) you provide us with or we collect from you will be used. Please read this information carefully so that you understand how we treat such Personal Data. We will collect, store, use and disclose Personal Data in accordance with all applicable laws relating to the protection of Personal Data.
The information we collect and how we use it
In order to fulfil your order and any future customer service requests, we need to know certain personal data collected at the time of order. The information we hold will consist of but not be limited to the following: Title; Name; Address; Mailing Preference flags such as ‘Do not mail’; Products purchased from us in the past, including their cost; Telephone number, if offered to us (this will only be used for matters relating to your order); Email address; Where we believe you heard about us from. Credit card details are encrypted after data entry and are not stored on our systems after use. We do not collect any Special Category Data (sensitive data) such as race, religion, biometrics or health data. It is our policy that your information is private and confidential. Accordingly, the personal information you provide to us is stored in a secure location, and is accessible only by designated staff. We also collect data because it is necessary for the pursuit of our legitimate interests. Our legitimate interests are set out below:
- Direct Marketing
- Understanding our customers’ wishes and shopping preferences
- Improving our service and our products
How we use your information for Direct Marketing & how to manage your marketing preferences
1) Marketing by us, Baby Mori Ltd.
When you choose not to opt out of 1st party marketing, we may collect your email address, name and order details so that we can tailor our communications with you and send you relevant offers and news via email or, sometimes, by posting you our latest catalogue. If at any time you wish to opt out of receiving our catalogues and/or emails, email us at email@example.com. We also advertise on digital platforms, such as Facebook, Google and Twitter. We use these platforms to reach you and people like you with relevant, targeted offers and updates from MORI. To turn off targeted ads on any of these platforms, please see the individual privacy settings for each.
2) Marketing by other companies
We work with data pool company Epsilon Abacus (registered as Epsilon International UK Ltd). This data pool helps retailers to share information on what their customers buy. The participating retailers are active in clothing, collectibles, food & wine, gardening, gadgets & entertainment, health & beauty, household goods, and home interiors categories. This pooled information is analysed to understand consumer's wider buying patterns. From this information, customers are sent tailored postal marketing containing suitable offers from retailers that should be of interest to them based on what they like to buy. We do not share email addresses for the purposes of data pooling. If you do not wish to have your order data with us included in these data pools, you can opt out of 3rd party marketing at any time by emailing us at firstname.lastname@example.org. If you would like to stop all unsolicited postal communications, we suggest that you register with the Mailing Preference Service (MPS). MPS is a free service set up in 1983 and funded by the direct mail industry to enable consumers to have their names and home addresses in the UK removed from lists used by the industry. It is actively supported by the Royal Mail and all directly involved trade associations and fully supported by the Information Commissioner’s Office (ICO). For more information, or if you wish to register with the MPS, please visit their website at www.mpsonline.org.uk
How we use your information to understand our customers’ wishes and shopping preferences
Our communications are designed to tell you about the benefits we can offer so that you have access to our best deals. We use the information we have about you to tailor the content and try to ensure that the offers are as relevant to you as possible. Under the Data Protection Legislation, this might qualify as profiling. If you do not wish us to use your data for this purpose, please email us at email@example.com.
How we use your information to improve our service and our products
We use Zendesk for customer service, which means that, if you raise a customer service ticket with us or return any item, we store your contact and order details in Zendesk. This data is archived after 120 days and this archive is cleared every 24 months. If at any time you wish this information to be removed, erased or not used in any such way, please make this clear in the feedback you provide us with, or email us at firstname.lastname@example.org. We may, from time to time, send you a quick survey about your experiences with us or more broadly about your shopping behaviour. We store this information against your profile so we can better understand our customers and use this insight to improve our service and products.
We work with the following data processors in order to carry out our marketing activities. From time to time we may use other legally compliant data processors as required. These processors will hold data for no longer than is required to complete the analysis before securely deleting it. All data is only accessible to select, authorised individuals.
Ometria: We use Ometria to send emails to our customers. We delete your Ometria profile 24 months after the last time you opened an email from us, or the last time you visited our website (https://babymori.com), whichever is later. Your Ometria profile also includes your child’s age if you provide it, their sizing information, how you found our website, and information about your orders with us, but does not include your shipping or billing address. This enables us to tailor our communications with you.
ILG UK: To process each of your orders, we send your order data to our fulfilment partner, ILG UK. In order to process returns and other customer service requests, ILG UK holds your order data securely and deletes it 24 months after the order has been fulfilled.
Shopify Inc: They host our store. To manage your order and any future customer service requests, we collect and store the details you provide at the point of booking. They provide us with the online e-commerce platform that allows us to sell our products and services to you. Your order data is stored in Shopify’s data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall.
Print Strategy Europe Ltd (PSE): They receive your name, address and mailing preference details so they can mail out our catalogues for us through Royal Mail and any other recognised mail carrier. Data is shared via secure file transfer protocol and is not stored here for longer than is required to complete the printing process. If you opt out of receiving catalogues by returning your catalogue to the address printed on its reverse, PSE processes your address and stores it in a password-protected file in cloud storage to which we have access, so we can ensure your marketing preferences are updated.
Epsilon Abacus (registered as Epsilon International UK Ltd): They receive your name, address, mailing preferences and purchase history for the purpose of sharing in the Abacus Alliance. For more information on how Epsilon Abacus use the data, see above.
Facebook: If you do not wish to see targeted ads on Facebook, you can update your preferences on Facebook by clicking on the Ads section within Settings on Facebook. Facebook matches email address, marketing preferences and purchase history for the purpose of audience selection for our advertising campaigns on Facebook and Instagram.
Google Ads: They match your email address, marketing preferences and purchase history for the purpose of audience selection for our advertising campaigns on Google Search and Display Networks. For information on how Google ensures GDPR and other data protection law compliance, see here: https://privacy.google.com/businesses/compliance
Twitter, Criteo and Mention Me: They match your email address, marketing preferences and purchase history for the purpose of audience selection for our advertising campaigns on their respective platforms.
How long we keep your data
To serve our customers in the best possible manner and to continue to inform you about new products and services, we retain customer data for seven years after the last purchase date, or until you exercise your right to deletion as described below in the YOUR RIGHTS section.
You retain at all times the right to access or amend or delete any Personal Data we hold about you or to exercise your right of data portability or to object to, or restrict, the purposes for which your Personal Data is processed on certain grounds. You may also modify your marketing preferences at any time by emailing us at email@example.com. You may exercise this right by making a request in accordance with Data Protection Laws, by emailing firstname.lastname@example.org.
You have the right to access your information
You the right to access information held about you. Your right of access can be exercised by making a request to us verbally or in writing. We will deal with your request and provide details of the information we hold about you within 28 day.
You have the right to lodge a complaint
If you are not satisfied with the service we provide with regard to the protection of your Data you are entitled to contact the Information Commissioner’s Office Helpline: 0303 123 1113.
You have the right to ask us what personal data we hold about you.
If at any time you wish to exercise this right, you can email us at email@example.com. To protect your privacy and security we may need to verify your identity before sharing this information.
You have the right to ask us to update or amend any out-of-date or incorrect data.
If at any time you wish to amend your data, you can email us at firstname.lastname@example.org. To protect your privacy and security we may need to verify your identity before making amendments. If you wish to update your marketing preferences at any time, you email us at email@example.com
You have the right to ask us to delete the data we hold about you.
If at any time you wish to exercise this right you can email us at firstname.lastname@example.org. To protect your privacy and security we may need to verify your identity before deleting your data.
We will seek to act in the best interests of our customers and will not abuse our position of data controller. We wish to be as clear and transparent as possible and uphold any requests for data disclosure or amendment as soon as possible. Due to the nature of data and catalogue printing, when an amendment is made to data it may take up to six weeks for it to become effective, although we will do everything possible to ensure this time delay is kept to a minimum.
Disclosure of your information
We never disclose your information except in accordance with this Policy and with all applicable laws relating to the protection of Personal Data, including the EU Data Protection Directive 95/46/EC, the EU General Data Protection Regulation 2016/679, the EU ePrivacy Directive 2002/58/EC as amended by Directive 2009/136/EC, as amended or superseded from time to time, and any national implementing legislation (“Data Protection Laws”).
Credit Card Security
We take the security of our customers’ data very seriously and this includes credit card information. On our website at checkout, you are taken to a secure page and should always see a closed padlock beside the URL address or at the top/bottom of your browser window. If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only for as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers. To learn more, you may also want to read Shopify’s Terms of Service or Privacy Statement.
IP Addresses and Cookies.
MORI may use your IP address to help diagnose problems with its server, and to administer the Site. Your IP address is used to help identify you and to gather broad demographic information. IP addresses are also used to provide an audit trail in the case of any attempted illegal or unauthorized use of the Site.
There are four main types of cookies – here’s how and why we use them.
(1) Site functionality cookies – these cookies allow you to navigate the site and use our features, such as “Add to Bag”.
(2) Site analytics cookies – these cookies allow us to measure and analyse how our customers use the site, to improve both its functionality and your shopping experience.
(3) Customer preference cookies – when you are browsing or shopping on MORI, these cookies will remember your preferences (like your language or location), so we can make your shopping experience as seamless as possible, and more personal to you.
(4) Targeting or advertising cookies – these cookies are used to deliver ads relevant to you. They also limit the number of times that you see an ad and help us measure the effectiveness of our marketing campaigns.
By using our site, you agree to us placing these sorts of cookies on your device and accessing them when you visit the site in the future. If you want to delete any cookies that are already on your computer, the “help” section in your browser should provide instructions on how to locate the file or directory that stores cookies. Further information about cookies can be found at https://ico.org.uk/for-organisations/guide-to-pecr/cookies-and-similar-technologies/ . Please note that by deleting or disabling future cookies, your user experience may be affected and you might not be able to take advantage of certain functions of our site.
If at any time we make a change to this policy, we will update this page to reflect such change. We may email you to notify you of changes but recommend you check this page periodically to ensure you remain happy with the latest version.
Questions, Comments and Getting in Touch