www.lexandro.co.uk is owned by and operated by Lex & Ro Limited (“LEX+RO”, “we”, “us”, “our”).
Registered in England and Wales
Registration no. 11154367
Data collected and methods of data collection
We may collect the following information:
- Your contact information, e.g name, address, telephone number and email address
- Information about the products you have purchased
- Information about your recent online activity, related to transactions even if they have not been completed
- Your purchase information, such as credit card details. We do not store or process your card details ourselves, they are processed and stored via one of our contracted third-party service providers. We encrypt your payment card details in your browser and securely transfer this data to our relevant third-party payment provider to process a payment.
- Navigation and click–stream data, time and duration of your visit, products viewed or searched for, items in your basket, basket abandonment, information from cookies or web beacons
We may use your data for profiling and for automated decision-making to enable us to deliver you curated, targeted content and recommendations.
Contact us to opt out of marketing communications or processing of your data by email at email@example.com.
It may take a short time for any changes to become effective. You can see your personal details held by us by logging in to your account. You may also contact us directly to find out this information or to amend any details. Your email address and password are required to view your personal details online. You are responsible for keeping your password confidential.
We also collect data automatically as you use the website, or from third parties:
- Access stored information when you log in,
- Carry information from page to page of our website,
- Store site preferences and the items in your shopping basket,
- Identify whether you have visited our website previously,
- Monitor the number of visits that you make to our website, where you browse and what you have purchased, and to offer you tailored content.
Web beacons work in a similar way to cookies and allow us to monitor the behaviour of our site users.
The following data may be automatically collected every time you visit the website regardless of whether you are logged in: computer and connection information, browser information, operating system and platform details and time of access. We may use an IP address to identify you and to gather broad demographic information about you, which we will use to assist in the detection of fraud, to help identify problems, to administer the website and for marketing purposes.
If you have provided us with an email address, we will be able to associate this email address back to your previous browsing and purchase experiences. If you log in, then in addition, we will be able to associate your log in with your billing addresses, delivery addresses and your payment details.
To prevent and detect fraud, we may also obtain details of your credit history from credit reference agencies.
What is your information used for?
The main purposes for which we collect and store your personal information are as follows:
- Order processing
- Delivery of products
- Payment authorisation and billing
- Promoting our offers and products
- Improving the website and our service to you
We will contact you with marketing information where relevant if you have opted to receive such communications. We may on occasion send out postal marketing for the purpose of growing our sales which is in our legitimate interests and we will rely on you to let us know if you do not want to receive this by opting out of marketing (see above). You can unsubscribe from emails by clicking on the unsubscribe link, or you can contact us on the details above.
Use of your information by third parties
We will not sell your personal information to third parties. However, we do share customer and browsing information with third parties as described below. We may share your personal information with third parties as is necessary to process your order, for example, to banks, credit card companies and carriers. These carefully selected third parties may be in countries outside the UK. We may form contracts with other companies to provide certain services, including credit card processing, shipping, name and address verification, database management profiling and segmentation, market research and promotions management. We provide these companies with only the information they need to perform their services. These companies are prohibited by contract from using this information for their own marketing purposes or from sharing this information with anyone other than LEX+RO.
Our payment providers, Stripe (UK Transactions) part of Shopify, are Level 1 PCI DSS compliant. All card data is transacted securely by Stripe (UK Transactions) part of Shopify and no card data is held by LEX+RO.
To protect against the fraudulent use of credit cards, we carry out security checks on orders. These can take various forms and may involve contacting you by telephone before your order is processed.
LEX+RO may disclose your personal information if necessary to comply with regulations or law or to assist with law enforcement, to enforce the terms under which you trade with us, to protect our property and other rights.
Our website may contain links to third parties’ websites. LEX+RO assumes no responsibility for the privacy practices or the content of those websites.
Subject access requests
You have the right to see what personal data we hold about you. To obtain a copy of the personal information we hold about you, please contact us on the details below. Please note that we reserve the right to charge a fee of up to £10 for any such request. We will respond within 30 days.
Sending information via the internet is never completely secure. We do our best to protect your personal data, however, we cannot guarantee the security of your data. We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who will only process your personal data on our instructions and are subject to a duty of confidentiality.
Internet based transfers
Your data may be transferred outside of EU, however, our suppliers are under contract to keep details of any transfers to countries outside of the EEA and to ensure an adequate level of protection for any personal data that is transferred outside the European Economic Area, the EU.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. We will keep data for a maximum of 8 years. Once deleted, we retain just enough information about the individual to ensure that any restriction is respected in future. Records are destroyed to an appropriate standard once a disposal decision has been made.
If you have any questions or concerns, please contact LEX+RO by email at firstname.lastname@example.org.