This Privacy Policy describes the personal data we collect, use, and otherwise process about you in connection with your relationship with Harvey Nichols as a customer or potential customer. It also explains what your legal rights are in relation to your personal data and how you can exercise them. For example, how you can request a copy of the personal data we hold about you.

Please take the time to read this Privacy Policy; it is an important document and is intended to assist you in making informed decisions when using the Sites, Stores, and our Services. Please read it in conjunction with our Website Terms of Use.

The Sites, Stores, and our Services are made available by various companies in the Harvey Nichols group of companies, including our third-party licensee, DICKSON CONCEPT (RETAIL) LIMITED (each a “Group Company”).

Where this Privacy Policy refers to "Harvey Nichols", “we”, "us” or “our”, this means one or more of the Group Companies that provide the Site, Store, or Service to you.

Unless stated otherwise, each Group Company is an independent controller of your personal data.

United Kingdom

• Harvey Nichols.Com Limited (company no: 03869510) is responsible for:

• making the Sites available to you;

• fulfilling orders made via the Sites on behalf of other Group Companies, including our Group Companies located outside the United Kingdom [including on behalf of Harvey Nichols (Hong Kong) Limited];

• performing marketing activities on behalf of other Group Companies;

• providing you with the information set out in this Privacy Policy; and

• giving effect to your individual rights on behalf of other Group Companies.

• Harvey Nichols and Company Limited (company no: 01774537), operates the Harvey Nichols store in Knightsbridge.

Other Group Company controllers of your personal information located in the United Kingdom are:

• Harvey Nichols Restaurants Limited (company no: 03114510) which operates the stand-alone restaurant in London;

• Harvey Nichols Beauty Bazaar Limited (company no: 07855506), which operates the Beauty Bazaar store in Liverpool;

• Harvey Nichols (Own Brand) Stores Ltd (company no: 04079425), which operates the Harvey Nichols stores in Birmingham and Bristol; and

• Harvey Nichols Regional Stores Limited (company no: 04351230), which operates the Harvey Nichols stores in Edinburgh, Manchester, and Leeds.

• Harvey Nichols Pension Scheme, which administers the Defined Benefit Scheme of the Harvey Nichols Group.

Each of these UK Group Companies is established under the laws of England and has its registered office at 361-365 Chiswick High Road, London, W4 4HS.

Republic of Ireland

• Harvey Nichols (Dublin) Limited (company no: 388458) operates our Store in Dublin, which is established under the laws of the Republic of Ireland with its registered office at Dundrum Town Centre, Sandyford Road, Dublin 16, D16 W0C0, Ireland.

Hong Kong

Our third-party licensee, DICKSON CONCEPT (RETAIL) LIMITED is a joint controller of your personal data with Harvey Nichols.Com Limited.

DICKSON CONCEPT (RETAIL) LIMITED (company no: 0224937) operates our Site in Hong Kong.  It is a company established under the laws of Hong Kong with its registered office at 4/F, East Ocean Centre, 98 Granville Road, Tsim Sha Tsui East, Kowloon, Hong Kong.

As the UK is no longer part of the EU, we have appointed an EU representative for our customers who are based in the EU.

Our EU representative is Dave Harkin, and his contact details are as follows:

Harvey Nichols

Dundrum Town Centre

Sandyford Road

Dublin 16

D16 W0C0

Ireland

Tel: +353 (0)1 513 5533

Please continue to contact us at [email protected] in the first instance.

If you have any questions about this Privacy Policy, or want to exercise any of your legal rights, you can contact us by:

• sending an email to [email protected]

• calling us on +44 (020) 7201 8088

• writing to us at: 361-365 Chiswick High Road, Chiswick, London, W4 4HS

We use your personal data for the following purposes:

Fulfilment of our Services

We collect and maintain personal data that you submit to us for the purposes of supplying Services (including goods that you have ordered) that you have requested from us via our Sites or in our Stores. We may collect and process your personal data whether you are interacting with us, on your own behalf or on behalf of any organisation that you represent.

The personal data we process may include your name and contact information (such as email address, postal address and telephone number) and your payment information (where applicable). We process this information so that we can fulfil the supply of the Services, maintain our user databases and to keep a record of how our Services are being used.

If you attend one of our Stores, we will process personal data about you which you volunteer in connection with the purpose of your visit and any enquiries you may have. Some Services we offer are also subject to separate terms and conditions which will apply to your use of such Services.

In light of the Covid-19 pandemic and UK Government guidance in relation to the NHS Test and Trace service, we will collect full names, contact numbers and/or email addresses of guests or a primary guest for group bookings, who attend our restaurants as part of the usual reservation process. To the extent that we do not already retain this information, this information will be stored on a secure system for 21 days, after which it will be deleted. Your personal data will only be shared with the NHS if relevant.

We also have security measures in place at our Stores, including CCTV. There are signs in place showing that CCTV is in operation. The images captured are securely stored and only accessed on a need-to-know basis (e.g. to look into an incident). CCTV recordings are typically automatically overwritten after a short period of time unless an issue is identified that requires investigation (such as a theft).

          Who we share your personal data with for this purpose

          We will share your personal data with the following categories of third parties:

·                     Credit card companies and other payment providers – to help us process payments and refunds;

·                     Delivery and courier companies – to deliver products and process returns;

·                     Third party IT service providers – to provide and help us run, manage and backup our internal IT systems. Such third parties may include, for example, providers of information technology, cloud-based software as a service providers, identity management, website hosting and management, data analysis, data back-up, security and storage services.

·                     Cross-border solution provider – to fulfil international orders and facilitate customer enquiries.

·                     Tax-free service providers and HM Revenue & Customs – in relation to tax free rebates;

·                     Marketplace companies – to fulfil customer orders

·                     Concierge service providers – to enable us to provide the Services.

          Our legal basis for processing

It is necessary for us to use your personal data to perform our obligations in accordance with any contract that we may have with you, or it is in our legitimate interest or a third party’s legitimate interest to use personal data in such a way to ensure that we provide the Services requested by you and others in an effective and efficient way.

When you use one of our Sites (including our App)

We collect and maintain personal data that you submit to us during your use of our Sites in the following ways:

o        Registering for, and accessing, your Harvey Nichols’ accounts

When you register for a Harvey Nichols online account, or you apply to join our REWARDS programme, we will ask you to provide us with some personal details so we can open your account.

We will ask you for your first and last names, email address, and telephone number. We will also ask you to create a password.

We will use your personal data to process your application for a Harvey Nichols online account, our REWARDS programme, or both. Once you are registered, we will process your email address and password to identify you when you log in to your account and the secure areas of our Sites. We will also process your login information so we can administer your account and contact you about your account.

Your access to and use of our Sites, including any secure member’s area, is always subject to our Terms of Use.

                        Who we share your personal data with for this purpose

We will share your personal data with third party organisations that provide applications/functionality, data processing and/or IT services. Please see the “Fulfilment of our Services, including use of our Sites” section for further details.

                        Our legal basis for processing

It is necessary for us to use your personal data to perform our obligations in accordance with any contract that we may have with you, or it is in our legitimate interest or a third party’s legitimate interest to use personal data in such a way to ensure that we provide the Services requested by you and others in an effective and efficient way.

o        Linking to social media sites

If you click on one of the social media links on our Sites or otherwise interact with our social media accounts such as Facebook or Instagram (including interacting with any ‘like’ or similar embedded features on our Sites or social media accounts), we and the relevant social media platform may receive information relating to such interaction and may share your personal data in connection with this purpose.

                        Our legal basis for processing

It is necessary for us to use your personal data to perform our obligations in accordance with any contract that we may have with you, or it is in our legitimate interest or a third party’s legitimate interest to use personal data in such a way to ensure that we provide the Site and services from the Site to you and others in an effective and efficient way.

                        Who we share your personal data with for this purpose

Except with the relevant social media platform, we will not share your personal data with any third parties for this purpose. Please note Harvey Nichols is not responsible for the use of your personal data by the relevant social media platform. Please see the privacy notice of the relevant social media platform for further information about how and why they collect and use your personal data.

o        To ensure that our Harvey Nichols app functions properly and to provide you with in-app features

When you use our Harvey Nichols app, to ensure that the app can operate and provide its features to you, the provider of your phone may collect technical data. The data is automatically collected and transmitted to us from your mobile device during your use of the app and may include: (i) device name (e.g. “Apple iPhone 11” or “Samsung Galaxy S9”); (ii) operating system and version; (iii) system language; (iv) general device data, such as voice and regional settings; (v) IP address of the terminal; (vi) date and time of use; and (vii) application ID to identify your installation of the app (“Usage Data”).

To improve our service, our app may send error messages to us in the event of a crash (e.g. after the app has unexpectedly quit because of a program error or has stopped responding to your input). The error messages contain the above Usage Data, as well as information about which part of the app’s software code has caused the error.

When you open our Harvey Nichols app for the first time, you will be asked if the app is allowed to send push notifications. If you allow this feature, we will send you push notifications, for example, to provide you with details of rewards that are available to you. Such push notifications are controlled by the software components of your operating system (so-called “tokens”). You can configure and turn our push notifications off via your device settings at any time.

If you permit location settings via the app, you will be asked if the app is allowed to access your location. If you allow this feature, we will determine your location to provide you with site-specific functions of the app, such as showing you Stores that are close to you. You can configure and turn off location settings via your device settings at any time.

If other features of the app require access to your camera or photo and videos, you will be asked if you want to use this function and provide such access before using it for the first time. If you allow any such function, you can use the corresponding function to perform the desired action on the app, such as barcode scanning. You can enable or disable access to these functions at any time via your device settings.

                        Who we share your personal data with for this purpose

We will share your personal data with third party organisations that provide applications/functionality, data processing and/or IT services. Please see the “Fulfilment of our Services, including use of our Sites” section for further details.

                        Our legal basis for processing

It is in our legitimate interests to use the Usage Data and send error messages (if applicable) in such a way to secure the Rewards by Harvey Nichols app’s functionality, detect errors, resolve them, and to help us to detect and prevent cyberattacks.

We rely on consent where you have enabled features such as push notifications, location, camera, or photo and video upload functions, as it will be your choice to receive such notification or allow us access to this information.

o   To analyse purchasing behaviours when using our Harvey Nichols app

When using our Harvey Nichols app, we will analyse your purchases and purchasing behaviours to help personalise your REWARDS experience (if you are a member of the REWARDS programme) by understanding the types of products you like to buy and what products to suggest to you.

Who we share your personal data with for this purpose

We will share your personal data with third party organisations that provide applications/functionality, data processing and/or IT services.

Our legal basis for processing

It is within our legitimate interests to use your personal data for this purpose as it allows us to improve your user experience by understanding which products are likely to be of interest to you.  

When you enquire about, or make a purchase from an in-store concession

Where you enquire about or make a purchase from an in-store concession, the concession may collect personal data about you directly for their own purposes. We are not responsible for such collection and processing of your personal data by the concession, which is the legal responsibility of the applicable concessions. To find out more about how and why a concession processes your personal data, please see the privacy policy of the relevant concession.

We sometimes obtain information about you or your purchases from concessions.

             Our legal basis for processing

It is necessary for us to use your personal data to perform our obligations in accordance with any contract that we may have with you, or it is in our legitimate interest or a third party’s legitimate interest to use personal data in such a way to ensure that we provide the Services requested by you and others in an effective and efficient way.

When we host and manage an event

From time to time, we may organise events for our customers e.g. for the launch of a new brand or an in-store promotion. We may process your name and contact information (including email address, postal address, and telephone number) to communicate with you about such events where you have specifically requested to receive information about them, or where we have another lawful basis for sending this information to you.

If you attend one of our events, we may use your personal data to record your attendance at the event and for related record-keeping purposes and, if relevant, we may collect and process any dietary requirements you may have. You may also feature in photographs taken at our events and such photographs may be published.

            Who we share your personal data with for this purpose

When we run events, we will share your personal data with third-party services providers that are assisting us with the operation and administration of that event.

If we are running an event in partnership with other organisations, we will share your personal data with such organisations for use in relation to the event. We are not responsible for the third party’s use of your personal data. To find out more about how and why the third party processes your personal data, please see the privacy policy of the relevant third party.

            Our legal basis for processing

It is in our legitimate interest or a third party’s legitimate interest to use personal data in such a way to ensure that we provide the Services requested by you and others in an effective and efficient way.

To respond to your enquiries and provide you with good customer service

Our Sites feature a “Contact Us” page which invites you to submit general enquiries about our Sites and our Services by email telephone or post.

When you make an enquiry, we will collect and process your name, contact information (including email address, postal address, and/or telephone number) and any other personal data you volunteer that is relevant to your enquiry. We use this information to manage and respond to your enquiries and requests.

We also record (including voice recordings of telephone conversations) and use the information referred to above to train our personnel so that they can effectively deal with enquiries.

             Who we share your personal data with for this purpose

We will share your personal data with third party organisations that provide applications/functionality, data processing and/or IT services. Please see the “Fulfilment of our Services, including use of our Sites” section for further details.

             Our legal basis for processing

It is in our legitimate interest to use your personal data in the ways described above to ensure that we can help you with your enquiry and provide a good standard of service to you.

When we ask you to complete a survey or provide feedback

From time to we will contact you to invite you to provide feedback about us or our Sites and Services in the form of online, postal, or in-Store surveys. We will collect and process your name and contact details (including email address, postal address and telephone number, as applicable) and any other personal data you choose to volunteer in your survey response or other feedback.

Where we market to you via email (where we have a lawful right to do so), we will maintain an online panel containing your contact details which we will use for this purpose. Where we do not have a right to market to you via email, you may still be contacted for this purpose.

We use the information that we collect via surveys to help us improve the quality of service provided by our personnel. We also use other feedback that you provide to us to monitor and improve the quality of our Sites, our Stores and our Services and to assist with the selection of future product and service lines and the training of our personnel.

You can also voluntarily provide feedback by contacting our Customer Service team. Please see “Customer service and general enquiries” for more information.

             Who we share your personal data with for this purpose

We use third party service providers that specialise in customer relationship management to assist us with customer surveys and feedback requests.

             Our legal basis for processing

It is in our legitimate business interests to use the personal data you provide to us in your feedback for the purposes described above.

When we run prize draws, competitions, and other promotions

From time to time, we may run prize draws, competitions, and other promotions on our Sites, in our Stores and/or on our social media accounts. For the purposes of administering such draws, competitions, and promotions, we may process your name, contact details (including email address, postal address and/or telephone number), social media handle (if relevant), payment details (if relevant) and any other personal data volunteered by you in your prize draw, competition, or promotion entry.

Our prize draw, competition and promotions may be subject to separate terms and conditions which you may be required to accept as a condition of entry.

             Who we share your personal data with for this purpose

We share your personal data with specialist suppliers who assist us in administering our prize draws, competitions, and other promotions.

             Our legal basis for processing

It is necessary for us to use your personal data to perform our obligations in accordance with any contract that we may have with you (e.g. the terms and conditions applicable to the promotion to which you may be asked to agree as a condition of entry) or it is in our legitimate interest to use your personal data to enable you to participate in any prize draws, competitions, and other promotions.

Insight and Analysis

We analyse your contact details with other personal data that we observe about you from your interactions with our Sites, our email communications and/or with our Services, such as the products and services you have purchased or viewed, or from your use of our in-Store wifi.

Where you have given your consent (where lawfully required), we use cookies, log files and other technologies to collect personal data from the device and software that you use to access the Sites. This includes the following:

·         an IP address to monitor Sites traffic and volume;

·         a session ID to track usage statistics on our Sites;

·         information regarding your personal or professional interests, demographics, buying habits, experiences with our products and contact preferences.

Our Sites (including our apps) contain cookies, web beacons, and pixel tags (“Tags”). Tags allow us to track receipt of an e-mail to you, to count users that have visited a web page or opened an e-mail and collect other types of aggregate information. If you click on an e-mail that contains a Tag, your contact information may subsequently be cross-referenced to the source e-mail and/or the relevant Tag.

In some of our e-mail messages, we use a “click-through URL” linked to certain websites administered by us or on our behalf. We may track click-through data to assist in determining interest in particular topics and measure the effectiveness of these communications.

            Please see our Cookie Policy for further information.

This information is used to create profiles and insights about our visitors’ browsing and shopping habits and the shopping habits of our other customers.

By using this information, we can measure the effectiveness of our content and how visitors use our Sites and our Services. This allows us to learn what pages of our Sites are most attractive to our visitors, which parts of our Sites are the most interesting and what kind features and functionalities our visitors like to see.

We also use this information to help us with the selection of future product and service lines, websites design and to remember your preferences (such as brands that you shop and whether you shop online or instore).

We also use this information for marketing purposes (please see the “Marketing Activities” section below for further details).

            Who we share your personal data with for this purpose

We share your personal data with a variety of third party service providers to assist us with customer insight analytics. Where these providers collect your personal data using Tags, these providers are described in our Cookie Policy.

            Our legal basis for processing

Where your personal data is truly anonymised, we do not require a legal basis to use it as the information will no longer constitute personal data that is regulated under data protection laws. However, our collection and use of such anonymised personal data may be subject to other laws where your consent is required. Please see our Cookie Policy for further details.

Where your personal data is not in an anonymous form, it is in our legitimate interest to use your personal data in such a way to ensure that we provide the very best products and services to you and our other customers.

Where we use Tags to obtain your personal data, we shall rely on your consent.

We will only use your location data for customer insight purposes where we have your consent to do so.

Refer-a-friend scheme

We operate a refer-a-friend scheme (available here). If you refer a friend to us, we will collect your name and email address. You will then be prompted to contact your friend via a number of channels, including email and social media, to provide a referral link, or you can provide your name or referral link to your friend directly.

Please only share a referral invitation with friends who you know would be happy to receive it.

If you are a friend that has received an email from someone inviting you to use Harvey Nichols, we will not receive any of your personal data unless and until you use our Site or our Services.   

Who we share your personal data with for this purpose

Our refer-a-friend scheme is operated by Mention Me, a third-party service provider.

Our legal basis for processing

It is within our legitimate interests to use your personal data for this purpose. If you are a friend that has received an email from someone inviting you to use Harvey Nichols, we do not require a legal basis for this purpose as we will not receive any of your personal data unless and until you use our Site or our Services.

Marketing activities

            We carry out the following marketing activities using your personal data:

o        Postal marketing

We use your name and postal address to send you (or the organisation you represent) marketing communications by post. Our postal marketing communications will include press releases and information on the Services we provide, as well as general information about our organisation, our Sites, Stores, the Services we provide and the events and promotions we offer from time to time.

Our postal marketing will include personalised and non-personalised postal marketing. Personalised marketing is marketing which has been specifically tailored to you. For example, our personalised postal marketing will feature services, events, offers and/or promotions that we think are most likely to appeal to you. Non-personalised marketing is marketing about our services, events, offers and/or promotions generally and is not tailored to any particular individual. 

Where we are sending you personalised postal marketing, we also use information that we observe about you from your interactions with our Sites, with our email communications to you, with our Stores and/or with our Services in order to decide what sort of personalised marketing communications to send you. Please see the “Insight and Analysis” section above for more details about the personal data collected and how it is collected.

Who we share your personal data with for this purpose

We share your personal data with a variety of third party postal providers who assist us in delivering our postal marketing campaigns to you.

Our legal basis for processing

Where your personal data is truly anonymised, we do not require a legal basis to use it as the personal data will no longer constitute personal data that is regulated under data protection laws. However, our collection and use of such anonymised information may be subject to other laws where your consent is required. Please see our Cookie Policy for further details.

Where your personal data is not in an anonymous form, such as your postal address, it is in our legitimate interest to use your personal data for postal marketing.

o        Email and SMS/MMS marketing

We use your name and email address to send you (or the organisation you represent) marketing communications by email. We use your mobile telephone number to send you marketing communications by SMS/MMS. Our email and SMS/MMS marketing communications will include press releases and information on events and campaigns coming up, as well as general information about our organisation, our Sites, our Stores, the Services we provide and the events and promotions we offer from time to time. Members can also subscribe to receive special deal alerts by email.

Our email and SMS/MMS marketing will include personalised and non-personalised email marketing. Personalised marketing is marketing which has been specifically tailored to you. For example, our personalised email marketing will feature services, events, offers and/or promotions that we think are most likely to appeal to you. Non-personalised marketing is marketing about our services, events, offers and/or promotions generally and is not tailored to any particular individual. 

Where we send you personalised email or SMS/MMS marketing, we also use information that we observe about you from your interactions with our Sites, with our Stores and/or with our Services in order to decide what sort of personalised marketing communications to send you. Please see the “Insight and Analysis” section above for more details about the personal data collected and how it is collected.

Who we share your personal data with for this purpose

We share personal data with specialist suppliers who assist us in managing our marketing database and sending out our email marketing communications and membership-related communications.

Our legal basis for processing

Where your personal data is truly anonymised, we do not require a legal basis to use it as the personal data will no longer constitute personal data that is regulated under data protection laws. However, our collection and use of such anonymised personal data may be subject to other laws where your consent is required. Please see our Cookie Policy for further details.

Where your personal data is not in an anonymous form, it is in our legitimate interest to use your personal data for marketing purposes.

We will only send you marketing communications via email where you have consented to receive such marketing communications, or where you have signed up to or purchased goods or services from us and you have not opted out of receiving marketing from us about similar goods or services.

o        Online personalised advertisi

We use cookies and similar technologies on our website and app, and in our emails. Cookies are text files that gather small amounts of information, which your computer or mobile device stores when you visit a website or use an app.

We use cookies to do many different things, like letting you navigate between pages efficiently, remembering your preferences, and generally improving your online experience. They can also make sure that the ads you see online are more relevant to you and your interests. We also use similar technologies such as pixel tags and JavaScript for these purposes.

We also use cookies in some of our emails to help us understand how you interact with our emails, and to help us improve our future email communications. These cookies also help us make sure that the ads you see online are more relevant to you and your interests.

Our Cookie Policy provides more detailed information about the cookies we use and how you can manage them.

Our website and app contain links to third party websites and services. Please be aware that when you click on a link to go from our Sites to another website, or you request a service from a third party, this Privacy Policy will no longer apply.

Our website contains links to third party websites and services

When you use a link to go from our Sites to another website or you request a service from a third party, this Privacy Policy no longer applies.

Your browsing and interactions on any other websites, or your dealings with any other third party service provider, is subject to that website’s or third party service provider’s own rules and policies. For example, our website invites you to connect with us on social media platforms such as Facebook and Instagram. When you click on the links we provide to such platforms, you will be transferred from our website to the relevant platform and the privacy policy (and other terms and conditions) of that platform will apply to you.

          We do not monitor, control, or endorse the privacy practices of any third parties.

We encourage you to become familiar with the privacy practices of every website you visit, or third party service provider that you use, in connection with your interaction with us and to contact them if you have any questions about their respective privacy policies and practices.

This Privacy Policy applies solely to personal data collected by us through our Sites, the supply of our Services and/or in connection with our business operations and does not apply to these third party websites and third party service providers.

When downloading the Harvey Nichols app you will interact with a third party App Store

To download and install the app from an App Store (such as Google Play or the Apple AppStore), you must first register with the provider of the respective App Store for a user account and enter into that App Store’s user agreement. We have no influence on the terms of such user agreement and are not a party to such user agreement.

When downloading and installing the app, certain information is transmitted to the respective provider of the App Store (e.g. Google or Apple) including your username, your email address and the customer number of your account, the time of download and the individual device code and, in the case of in-app purchases, your payment information. We have no influence on, and are not responsible for downloading and installing the app on your mobile device (e.g. your iPhone or Android).

We will only share your personal data with others when we are legally permitted to do so. When we share your personal data with others, we put in place contractual arrangements and security mechanisms to protect the personal data shared and to comply with our data protection, confidentiality and security standards and obligations. 

Please see the “What personal data we collect and how we use it” section for specific examples of how we share your personal data. In addition to the examples in this section, we may also share your personal data with Group Companies in connection with the relevant purpose (please see the “About us” section for further information).

While we have made every effort to provide these examples, please note that these are non‑exhaustive and there may be circumstances where we need to share personal data with other third parties to operate our Sites and Stores and to provide our Services.

Sometimes we will need to transfer your personal data to countries other than your own. Some of these countries may not provide the same level of protection to your personal data as provided in your own country. If we transfer your personal data outside the United Kingdom or the European Economic Area (EEA), we will only make that transfer if:

·         the recipient country ensures an adequate level of protection for your personal data; or

·         the recipient or recipient country is subject to an approved certification mechanism or code of conduct with binding and enforceable commitments which amount to appropriate safeguards for your personal data, or we have put in place appropriate safeguards to protect your personal data, such as a contract with the person or entity receiving your personal data which incorporates specific provisions as directed by the European Commission; or

·         the transfer is permitted by applicable laws; or

·         you explicitly consent to the transfer.

Where this is the case, we have procedures in place to ensure that your personal data receives the same level of protection as if it were being processed in the UK.

If you have any questions about how we protect your data outside of the UK, please contact us at [email protected].

We only keep your personal data for as long as is necessary to fulfil the purpose for which it was collected, or to comply with any legal, regulatory, or reporting obligation or to defend or take legal action.

We have a company retention policy in place which specifies how long we will retain your personal data for. We actively review the personal data we hold and delete it securely, or in some cases anonymise it, when there is no longer a legal, business or customer need for it to be retained.

If your personal data is only used for a short period of time (e.g. for a specific event or marketing campaign), we will not retain it for any longer than the period for which it is used by us.

If you have opted out of receiving marketing communications from us, we will need to retain certain personal data on a suppression list indefinitely so that we know not to send you further marketing communications in the future.

We are committed to keeping your personal data safe, and we implement appropriate technical and organisational measures to protect it against any unauthorised or unlawful processing and against any accidental loss, destruction, or damage.

Unfortunately, the transmission of personal data via the internet is not completely secure. Although we do our best to protect your personal data, we cannot guarantee the security of your personal data on transmission via the internet.

All our employees and data processors (i.e. those who process your personal data on our behalf), who have access to, and are associated with the processing of personal data, are obliged to respect the confidentiality of the personal data of all our customers.

Where you have chosen a password which enables you to access certain parts of our website or app (e.g. your your Harvey Nichols account), you are responsible for keeping this password confidential. Please to not share your password with anyone else.

Our products and services are aimed at customers who are aged 16 or over.

We do not knowingly collect personal data from children under the age of 16, and we encourage all parents and legal guardians to supervise their children’s use of the internet.

Customers need to be aged 16 or over to join the Harvey Nichols REWARDS programme.

We want to ensure that you know what your legal rights are in relation to your personal data.

If you wish to exercise any of the rights outlined below, please contact us using the details set out at How to contact us.

We will endeavour to respond to all requests without delay, and in any event within one month of receiving your request. There may be circumstances when we need to extend the time limit for responding to a request. We will tell you if this is the case and keep you informed

Before responding to a request, we may be required to ask for further information and/or proof of identity.

Please keep in mind that there are exceptions to the rights outlined below and although we will always try to respond to your satisfaction, there may be situations where we are unable to do so.

Ø    Your right to access your personal data

You have the right to request a copy of the personal data we hold about you.

Ø    Your right to edit and update your personal data

You have the right to request that your personal data is rectified if it is inaccurate or incomplete.

Ø    Your right to request to have your personal data erased

You have the right to request that your personal data is erased. However, this is not an absolute right, and it only applies in certain circumstances. For example, the law may require us to keep some types of personal data for a specific period.

We will review each request on a case-by-case basis.

Ø    Your right to restrict the processing of your personal data

You have the right to request the restriction or suppression of your personal data. However, this is not an absolute right, and it only applies in certain circumstances.

When processing is restricted, we will continue to store your personal data, but we will not use it.

Ø    Your right to data portability

You have the right to request that we transfer your personal data from one organisation to another or give it to you. This right only applies to personal data that you have provided to us and is held electronically.

Ø    Your right to object to your personal data being used

You have the right to object to the processing of your personal data at any time.

We will stop this processing if:

·                     we are relying on our own or someone else’s legitimate interests to process your personal data, and we cannot demonstrate compelling legal grounds to continue processing; or

·                     we are processing your personal data for the purposes of direct marketing.

Ø    Your rights in relation to automated decision-making and profiling

You have the right not to be subject to a decision when it is based on automatic processing, including profiling, and it produces an adverse legal effect or significantly affects you.

Ø    Your right to withdraw consent

If we rely on your consent as our legal basis for processing your personal data, you have the right to withdraw that consent at any time.

Ø    Your right to lodge a complaint with the supervisory authority

If you have a concern about any aspect of our privacy practices, or you believe that your data protection or privacy rights have been infringed, you have the right to complain to the Information Commissioner’s Office (ICO). The ICO is the UK’s independent body established to uphold information rights.

You can find details about how to do this on the ICO website at https://ico.org.uk/concerns/ or by calling their helpline on 0303 123 1113.

If you are a resident of California, the California Consumer Privacy Act (CCPA) gives you certain legal rights in relation to your personal information:

·         The right to request access to your personal information (known as a ‘request to know’)

·         The right to request that your personal information is deleted (known as a ‘request to delete’)

We process all requests via email. If you would like to make a request, please contact us using the email address, [email protected].

We will acknowledge receipt of your request within 10 business days and provide a full response within 45 calendar days.

Verifying your identity

Before we can process your request, we will need to verify your identity. This is so we can be sure that the person making the request is the same person about whom we have collected personal information.

As we are a retail business, we keep records of purchases made by our customers. Depending on the nature of your request, we will ask for information such as your first and last names, email address, the last item you purchased from us, the date of your last purchase from us, and the transaction amount of your most recent purchase.

If, however, we are unable to verify your identity from the information already maintained by us, we may request additional information from you.  This information shall only be used for the purposes of verifying your identity, and we will delete any new personal information collected for this purpose as soon as practical after processing your request.

Requests to know

If you have made a request to know, and your identity has been verified, we will provide you with the following (for the 12-month period preceding your request):

·         The categories of personal information we have collected about you

·         The categories of sources from which the personal information was collected

·         The specific pieces of personal information we have collected about you

·         The business or commercial purpose for collecting or selling any personal information

·         The purposes for which the information we collected will be used

·         The categories of third parties with whom we share personal information

·         The categories of personal information that were sold or disclosed for a business purpose, together with the categories of third parties to whom personal information was sold or disclosed.

Requests to delete

If you have made a request to delete, and your identity has been verified, we will delete all personal information we have collected about you, subject to certain exceptions. For example, we may be required to keep some of your personal information to comply with our legal obligations.

We will also ask our third-party service providers to delete any personal information they hold about you.

Selling your personal information

We do not sell the personal information of our customers.

Discrimination

We do not discriminate against California residents who exercise any of their rights described in this Privacy Policy.

We regularly review this Privacy Policy to ensure that we are always being transparent about the ways in which we use your personal data, and that is accurately reflects our business practice, applicable laws, and regulations.

The most up to date Privacy Policy will always be available on our website, and we therefore encourage you to review this page every so often.