V10 12th June 2020
2. Data protection controller
3. Data we collect
4. Promotional communications
5. Personalizing and improving our service
6. Sharing data with others
7. Transfer of data to the us
8. Business Transfers
10. Website data
12. Website security
13. Storage period
14. Your rights
Like all other online retailers, Long Tall Sally collects personal information, so we can get to know you and make your shopping experience better.
Throughout this document we refer to Data Protection Legislation which means the Data Protection Act 2018 which incorporates the General Data Protection Regulation (GDPR), the Privacy and Electronic Communications (EC Directive) Regulations 2003 and any legislation implemented in connection with the General Data Protection Regulation which is the governing legislation that regulates data protection across the EEA. This includes any replacement legislation coming into effect from time to time.
Prefer to download and print? Just click this [PDF].
It only seems fair, that as we have your data, you have ours too. Long Tall Sally Ltd Is the data controller. We manage the data we collect on you and can be contacted by:
Email at :
Write to us :
Data Protection Officer
Long Tall Sally
The Lansdowne Building
2 Lansdowne Road
Call us :
UK Freephone 0800 107 8826
From outside the UK +44 207 1111 595
When you shop at longtallsally.com, by phone or catalogue, we collect data so we can send the right order to the right person at the right address. This type of information is necessary to fulfil our contract with you.
This data includes:
- • the items you ordered including size, colour, price .
- • your delivery and billing address
- • your contact details (telephone numbers are optional but handy if the courier can’t find you or if there’s a query with your order)
- • your payment details
We use the following established companies to safely and securely process payments. Further details on their privacy policies may be found by clicking on the link beneath their names:
We also collect some optional information like your birthday, clothes and shoe size to provide you with a more personal service.
We want to keep you up to date with all things tall, so unless you tell us otherwise, we’ll send you catalogues, special offers and promotions by post and email.
Like all other retailers, we track email engagement using specific metrics, e.g. open rate, click through rate and links clicked. This data is “pseudonymised”. In plain English, that means it’s recorded separately to your personal data.
Under data protection law, it’s considered legitimate business interest for us to use customers’ data for direct marketing, but we appreciate not everyone wants that, so there are different ways to unsubscribe:
- • update your customer preferences in My Account
- • click the Unsubscribe link in our promotional emails
- • email us at [email protected] with your name, address and account number.
In addition to sending you promotional communication, we rely on legitimate interest to process your personal data to carry out market research, improving our product range and services, and learning more about your likes and dislikes so we can let you know about products you will be interested in.
The data we’ve collected will only be passed on if it’s for legal purposes, our legitimate interest, or if you’ve expressly consented to it.
To make certain services available to you, we may need to share your personal data with some of our partners. These include IT, delivery and marketing service providers. These third parties are carefully selected and contractually bound to put in place the proper measures to protect customers’ data. Rest assured we monitor them regularly.
These partners do change from time to time.
Facebook Custom Audiences
We pass your personal information and order history to our email service provider so they can send you service and marketing emails. If you do not wish to receive marketing emails you can opt out in your account
In the course of providing their services, some companies may transfer personal data to the US. In order to do so, they are certified to the EU-US Privacy Shield, which is an agreement that commits the US companies to maintaining high standards of personal data protection.
The following companies may send personal data to the US, and are all subscribed to the Privacy Shield (on which you may find more information here):
- • Microsoft
- • MotionPoint
- • New Relic
In connection with any business reorganisation, restructuring, merger or sale, or other transfer of assets, we will transfer data (including personal data) as necessary, provided that the General Privacy Notice/Policy for the receiving party agrees to respect your personal data in a manner that is consistent with applicable data protection laws. We will continue to ensure the confidentiality of any personal data and give notice should any personal data become subject to a different privacy notice.
From time to time we run competitions and collect your contact information to register your entry and so we can inform you if you win. Unless you have provided these details elsewhere for other purposes, we will only use this information for the competition, and once it is closed will erase your personal data, unless you give us your consent to use your data to for promotional communications.
Every time you visit our website, the data your browser transmits is collected. Data includes:
- • The IP address of the device
- • The date and time you visited
- • The website address you came from
- • The website address you visited
- • Details of the browser and operating system
- • Online identifiers (e.g. device identifiers, session IDs)
Access data is anonymous and tells us nothing about you as a person. We use it to track usage patterns e.g. mobile versus desktop visits, before archiving after 30 days.
How do I manage my cookies?
You can use this link to manage your cookie preferences for our website at any time. Please click here.
What are cookies?
When the internet was first created, websites were stateless. That is, the website didn't know when someone visited a website whether they had just arrived at the site or were browsing from another page on the site. Obviously, this made it pretty impossible for functionality such as baskets and checkouts. A solution known as cookies was developed. A cookie is a very small text file which a website can save onto your computer and which is then sent back to the website each time you visit it to enable the website to tailor it's services and provide functionality such as shopping baskets and checkouts. Cookies can be set to expire after the session (when you close your browser) or at a predetermined date in the future.
Why are we explaining all this?
The following types of cookies are used on longtallsally.com:
These are used to enable functionality across the site, including. customer preference management, onsite chat, language translations and customer referral capabilities.
These enable us to understand how our customers use the site and how our infrastructure supports our customer base. This information is used to improve our website, make our marketing more relevant and help us plan for our busy periods.
We use targeting cookies to track our customers interest in products, and to tailor ads based on their browsing behaviour.
You’ve entrusted your data to us, so we have a legal duty to look after it - one we don’t take lightly. That’s why we:
- • Implemented a new security solution to filter our website traffic and block threats in real-time
- • Use a 3rd party security provider to regularly scan our site for any vulnerabilities
- • Update our site/infrastructure on a regular basis with fixes and updates to prevent breaches
- • use a fully verified 3rd party SSL certificate to encrypt data securely between browser and all pages on the website
- • Removed support for any browsers using the insecure TLS 1.0 & 1.1 security mechanisms
- • Restricted access to our customer data and audit where changes are made to it by the LTS team
We won’t retain your data for longer than necessary for the purposes laid out in this policy. Different retention periods apply for different types of data, however the longest we will normally hold any personal data is seven years.
You have the following rights surrounding access and control of your personal data:
- • the right to ask for a copy of personal data that we hold about you;
- • the right to request that we delete personal data held about you;
- • the right to ask us to update and correct any out-of-date or incorrect personal data that we hold about you;
- • the right to opt out of any marketing communications that we may send you, and to object to us holding your personal data if we have no legitimate reasons to do so
- • where we ask for your consent to use your personal data, you have the right to later withdraw your consent, which does not affect the lawfulness of the data processed until that point
If you wish to exercise any of the above rights, please contact using the details in point 2 above.
If you feel that your personal data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.
You can contact them by calling 0303 123 1113, or visit www.ico.org.uk/concerns or write to:
Information Commissioner's Office,
We’ll update this policy when our website changes or to keep abreast of legal requirements.
Version 10, last updated June 2020.