Privacy Notice

Your privacy is very important to us and we are committed to protecting your personal data. We promise to secure your data and to give you ways to manage and review your marketing choices at any time.

La Redoute operates worldwide. As part of our business in the UK, we offer customers an e-commerce service accessible from our website www.laredoute.co.uk, a mobile site m.laredoute.co.uk and an iOS and Android-compatible smartphone and tablet app.

To provide goods and services, we collect information about you. Data collection takes place on our website, on our mobile apps, by phone, by email, by webchat, through social media websites (e.g. Facebook), through written correspondence (e.g. paper orders, letters) and through other media we may use from time to time as technology develops. We may also obtain data from third parties (e.g. credit reference agencies, such as Equifax, if you have or apply for a La Redoute Credit Account) or public sources (e.g. electoral register).

This Privacy Notice is intended to provide you with detailed information about use of your data.

LRUK (Retail) Limited, which trades as La Redoute in the UK and is a member of La Redoute Group, is, as at the edition date of this notice, the “controller” in respect of your personal data for the purposes of UK GDPR, which is the EU General Data Protection Regulation (GDPR) No. 2016/679 of 27 April 2016 (referred to below as EU GDPR) as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018 and is amended by The Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019 (referred to below as UK GDPR).

When we collect personal data from you, we may state that certain information is mandatory (e.g. your name and address when placing an order on our website). Obviously, if you do not provide mandatory information, this may prevent us from doing what we need to do.

Contents

You will find the following information below:

1. Who collects personal data?

As explained above, the company collecting your personal data is LRUK (Retail) Limited, which is a member of La Redoute Group. La Redoute Group’s main establishment is as follows:

La Redoute, a simplified joint-stock company with a share capital of €353,490,250, registered with the Lille-Metropole Trade and Companies Register under number 477 180 186, whose head office is located at 110 rue de Blanchemaille in Roubaix (59100), France.

You can find out more about La Redoute here: www.laredoute-corporate.com

2. How the law protects you

2.1 Lawful reasons for processing

Your privacy is protected by law. Under data protection law, we are allowed to use your personal data only if we have a lawful reason. We must have one or more of the following lawful reasons:

  • To perform a contract or to take steps at your request prior to entering into a contract (e.g. to process and fulfil an order for goods, or to open and manage a La Redoute credit account)
  • Where we are required to do so to comply with our legal obligations (e.g. to keep records)
  • Where it is in our legitimate interests or those of a third party
  • Where you have consented

A “legitimate interest” is where there is a business, commercial or other reason to use your information but it should not unfairly go against what is right and best for you. Examples of legitimate interests may include fraud prevention, direct marketing and sharing data within a corporate group (like La Redoute) and the concept is recognised as covering other processing, such as sharing of consumer credit account data with credit reference agencies.

2.2 Our processing & reasons

We collect and record personal data to carry out the following processing:

What we use personal data for: Our reasons:

Customer account, shopping cart and managing orders

Legitimate interests

Managing payment and credit transactions, including, if you have a La Redoute credit account, producing and sending you statements, handling payments and debt recovery

Contract performance

Managing our delivery and returns operations

Contract performance

Managing customer services (phone/chat/email/ letters/social), order queries, returns and refunds

Contract performance

Recording conversations with customer services by phone, email, webchat or social media for the purposes of improving our customer services, fraud prevention and legal compliance

Legitimate interests
To comply with our legal obligations

Customer satisfaction management (collection of customer reviews on products and customer service performance)

Legitimate interests

Statistics, analytics, selection and segmentation of customers to improve knowledge of customers, how they use our products and services and their changing needs

Contract performance
Legitimate interests

Sending targeted marketing promotions by email, mobile notification, social network, other websites or via other media as technology develops

Legitimate interests
Consent

Personalising our sites (mobile and desktop) and applications to customers

Consent

Measuring visits to our sites (mobile and desktop) and mobile applications

Consent

Providing sharing tools on social networks

Consent

Detecting, investigating, reporting and seeking to prevent financial crime (e.g. fraud during payment processing for orders placed)

Legitimate interests
To comply with our legal obligations

Running competitions (e.g. prize draws)

Legitimate interests

Sharing data with commercial partners supporting our operations (e.g. parcel couriers, printers)

Contract performance
Legitimate interests

Sharing data with other organisations so they can market their products and services to you

Consent

Carrying out a credit search with credit reference agencies if you open a La Redoute Credit Account. We may also ask you to provide access to limited “Open Banking” data to help us to check identity.

To comply with our legal obligations
Legitimate interests
Contract performance

If you have a La Redoute Credit Account, sharing data with credit reference agencies on an ongoing basis about how you manage your account

Legitimate interests

Complying with our legal obligations, e.g. record-keeping requirements

To comply with our legal obligations

Responding to retail and financial services claims and complaints and seeking to resolve them

Contract performance
To comply with our legal obligations
Legal claims

3. Who we share your data with

We share your data within La Redoute Group and we may share with public bodies, suppliers and partners. Organisations we may share data with include:

Public bodies:

  • HM Revenue & Customs, regulators (e.g. Financial Conduct Authority (FCA)) and other authorities
  • Fraud prevention agencies
  • Police (e.g. fraud)
  • Customs (if applicable, e.g. Channel Isles)

Supplier & sub-contractor examples:

  • parcel couriers for deliveries and returns
  • warehousing services
  • customer contact centre services
  • communication services (e.g. phone, email, webchat, call recordings)
  • handling post
  • secure payment processing
  • detection and investigation of financial crime
  • anti-fraud services
  • debt collection services
  • printing and mailing services (e.g. direct mail, credit account statements)
  • customising content of websites and applications
  • maintenance and development of our websites, applications and information systems
  • collection of customer reviews
  • sending electronic marketing (e.g. email, SMS)

Other organisations:

  • Credit reference agencies
  • Organisations that may have introduced you to us (e.g. if you have agreed an organisation, such as your mobile phone network, can share your data with us for marketing purposes)
  • Organisations you ask us to share your data with (e.g. see data portability at section 5.1 below)

Partners for marketing:

La Redoute UK does not currently share data with third parties for marketing purposes (e.g. with banks, travel companies or other retailers so they can promote their products and services to you) but this is something we may like to do in future and we may ask if you will agree to this (e.g. when you register with us).

Group changes:

As can be seen from news reports, changes to companies are common (e.g. reorganisations, business sales). If we or our wider corporate group are subject to a change, your data may be shared with other organisations. If there is a future sale, transfer, reorganisation or merger, your data may be shared with others but only if they agree to keep it private and safe.

4. Automated decisions, credit referencing & fraud prevention

4.1 Automated Decisions

Like many organisations, we sometimes use automated decisions based on personal data we hold or we are allowed to obtain from third parties. This helps us to make quick, fair, efficient and correct decisions based on what we know.

If you apply for a La Redoute Credit Account, we, like other lenders, use a credit scoring system as part of the process of deciding whether to approve your application and setting your credit limit. The process uses past data to try to predict how you are likely to manage your account and repay credit. Data sources used include the following:

  • information you provide when you apply for credit with us
  • credit reference agency data
  • data we already hold (if any), including data from former group companies, Vertbaudet and Daxon

Credit scoring provides an overall assessment and is used to make responsible lending decisions. We also use it to make decisions when you have a La Redoute Credit Account, e.g. when deciding whether to increase or decrease credit limits.

An automated decision may result in us declining a credit application or offering a lower credit limit. If you apply for credit and are dissatisfied with the result, you have the right to seek an explanation and request that a person manually reviews the decision. You can also ask that we do not make a decision based solely on the automated score generated by our credit scoring system.

We regularly test our credit scoring model to ensure it is working appropriately and accurately.

We may also monitor customer accounts using automated means for fraud detection and crime prevention.

4.2 Credit reference agencies

If you apply for a La Redoute Credit Account, we, like other lenders, carry out credit and identity checks and we may use credit reference agencies (referred to below as CRAs) to help us. We may also use CRAs from time to time if you are an existing credit customers, e.g. when deciding whether to increase the credit limit on your account from time to time.

We will share your information with CRAs and they will give us information about you. The data we exchange can include:

  • Name, address, date of birth
  • Credit application
  • Account details
  • Financial situation and history
  • Public information, e.g. information from the electoral register
  • Limited “Open Banking” data for identity checks (but only where we specifically ask you if you will allow us to check this data via CRAs and you agree)

We may use this data to:

  • Assess your creditworthiness and whether you are able to afford repayments
  • Check the accuracy of information you have provided (including identity)
  • Help to detect and prevent financial crime, e.g. fraud and money-laundering
  • Manage your La Redoute Credit Account
  • Trace and recover debts

We continue to share data with CRAs for as long as you are a credit customer, including:

  • Details of payments and whether you repay in full and on time
  • Arrears and default information
  • Following account closure, that the account has been closed and settled (if that is the case)

The CRAs may share the above data with other organisations.

When we ask a CRA about you, the CRA will note this on your credit file. This is called a credit search. Other lenders may see this and we may see credit searches from other lenders.

If you tell us you have a spouse, partner or civil partner or other financial associate, we may link your records together. You should therefore make sure you discuss this with them, and share this information with them, before making the credit application with us. CRAs also link records together and links remain on credit files until a successful application is made to the CRAs to break the link.

You can find out more about the CRAs on their websites in the Credit Reference Agency Information Notice (known as the CRAIN). This includes details about:

  • Who the CRAs are
  • Their role as fraud prevention agencies
  • The data they hold and how they use it (including Open Banking data)
  • How they share personal information
  • How long they keep data
  • Your data protection rights

Links to the CRAINs for the three main CRAs:

4.3 Fraud prevention

We may work with other organisations to help confirm your identify and prevent fraud. Your data can only be used if we have a proper reason. It must be necessary either to comply with the law or because there is a legitimate interest (see section 2 above).

We or fraud prevention organisations may allow law enforcement agencies to access your data. This is to support their duty to detect, investigate, prevent and prosecute crime.

These are some of the kinds of personal information that we may use:

  • Name, address, date of birth
  • Previous address history
  • Contact details, e.g. email, phone
  • Financial data
  • Data relating to your account
  • Employment details
  • Data identifying computers/devices you use to connect to the internet, e.g. Internet Protocol (IP) address

The data we have for you is made up of what you tell us, and data we collect when you interact with us or from third parties we work with.

We and fraud prevention organisations may process your data in systems that look for fraud by studying patterns in the data. We may identify that an account is being used in a suspicious or unusual way.

If we decide there is a risk of fraud, we may stop activity on your account or block access to it.

5. Your rights

5.1 Your rights under data protection laws

Under Articles 14 to 22 of UK GDPR, you have the following rights:

Right of access:
You can request a copy of the data we hold about you.

Right of rectification:
You can query any data we hold about you that you think is inaccurate or incomplete.

Right to object to processing, or to ask us to delete, remove or stop using your data:
This is often referred to as the “right to be forgotten”. It is not an absolute right to demand that organisations stop using or delete your data. An organisation may be entitled to keep and continue to use the data (e.g. to comply with a legal obligation to retain records, or so that the organisation can handle complaints and show that it treated you fairly in any period that the law gives you to lodge a complaint or legal claim).

Right to limit processing:
It may sometimes be possible to restrict processing of data so that it can only be used for certain purposes (e.g. legal claims or to exercise legal rights). In such circumstances, we would not use or share the data in other ways while processing is restricted. You can ask us to restrict the use of your data: if it is inaccurate; if it has been used unlawfully but you do not want us to delete it; if it is not relevant any more but you want us to keep it for use in legal claims; if you have already asked us to stop using it but you are waiting for us to tell you if we are allowed to keep using it.

Right to object to profiling:
As explained in section 4.1 in relation to credit scoring systems, if you apply for credit and are not satisfied with the result, you have the right to seek an explanation and request that a person manually reviews the decision. You can also ask us not to make decisions based solely on automated decision-making systems.

In relation to marketing profiling (selecting you for specific promotions and making recommendations), you can also object to this but then offers and recommendations you receive may be less relevant and no longer targeted to your interests.

Right to portability:
This right entitles individuals to ask organisations to transfer their data to another organisation (e.g. you wish to move from one social media service to another; from one music streaming service to another; from one bank to another). It seems unlikely to us that you would want to move the data we hold (e.g. your purchase history with us or details of your account transactions) to another organisation but you have the right to ask.

It is worth noting also that, under UK GDPR if an organisation that is processing your data detects a breach of data security that could create a high risk to your rights, then that organisation may be required to notify you of the breach so you are aware of it. In such circumstances, the organisation would also be required to notify the relevant supervisory authority.

5.2 How to exercise your rights

You can exercise your rights in the following ways:

By post to the following address:
Data Protection Officer
La Redoute UK
2 Holdsworth Street
Bradford
West Yorkshire
BD1 4AH

Please include surname, first name, address, email and, if possible, your customer reference to help us to process your request efficiently.

By calling us on 033 0303 0199 and submitting your request.

We may require proof of identity before fulfilling any request.

We will contact you to acknowledge receipt of your request and we will then answer fully within one month. In some cases, we may extend this period by up to 2 months.

By clicking here and submitting your request. 

5.3 Consequences of exercising the right of opposition to marketing profiling

In relation to marketing profiling (selecting you for specific promotions and making recommendations), you may continue to receive marketing promotions but they may be less relevant and no longer targeted to your interests.

5.4 Withdrawal of consent

Where we are processing your data based on your consent (see section 2 above), you may withdraw your consent at any time by contacting us at the above address or by informing us by phone or other means we may provide (e.g. by clicking “unsubscribe” at the bottom of an email or replying “STOP LR” to an SMS).

5.5 What if you are not satisfied with the response you receive from us?

If you try to exercise your rights and we do not reply or you do not think our response is satisfactory, you can complain to the UK’s data protection supervisory authority (www.ico.org.uk).

6. Overseas data transfers

Your personal data may be transmitted for the purposes set out in this notice to organisations located in countries outside the UK, including EU and non-EU countries. UK GDPR is based on EU GDPR with some changes. Both UK GDPR and EU GDPR provide a high level of protection for personal data. Other members of La Redoute Group within the EU provide a range of services to us, including hosting our website and other IT and business services.

When carrying out transfers outside the UK, we will implement procedures to secure such transfers.

You can find out more information about transfers outside the UK from the UK’s data protection supervisory authority (www.ico.org.uk).

7. How long will my data be kept?

As explained in section 2 above, processing of data is not necessarily based on consent and an organisation may have lawful reasons for continuing to process your data even if you would prefer them to stop and delete it (e.g. to comply with record-keeping requirements or to be able to handle a future complaint).

Like other organisations, we have certain data retention rules we work to that take account of the different reasons why we might wish to retain data. We use 3 main categories:

  • Prospective customers that register with us but have not ordered yet.
  • Customers that have, or have had, a La Redoute Credit Account.
  • Customers that have not had a La Redoute Credit Account and have paid by other means, e.g. credit card.

For prospective customers, the starting point for data retention is the creation of an account.

For La Redoute Credit Accounts, the starting point is when an application is made for an account and data is kept after the credit relationship ends (e.g. so we can handle any future queries or complaints).

For customers that have not had a La Redoute Credit Account but have ordered paying by other means, the retention period continues beyond the last order (e.g. so we can handle any future product complaints).

Data retention periods may be different if customers stay subscribed to loyalty/marketing programmes.

8. What security measures are taken to protect my data?

8.1 General rules

As a data “controller” under data protection laws, we take measures to preserve the security and confidentiality of data, and, in particular, to prevent data from being distorted, damaged or unauthorised third parties having access to data.

We have deployed a robust security system to ensure a high level of security of data collected and to detect data breaches. This includes physical security for the buildings housing our systems, also IT system security to prevent external access to your data, and having secure copies of your data.

When using sub-contractors, we require them to comply with data protection laws.

8.2 Rules applicable to bank data, credit cards, debit cards, PayPal and Klarna

To ensure payment security, we use the services of a payment service provider certified by the Payment Card Industry in relation to data security (PCI-DSS). This standard is an international security standard whose objectives are to ensure the confidentiality and integrity of cardholder data, and therefore secure the protection of card and transaction data.

When you place an order for payment by credit or debit card with us, our order taking system connects in real time with Stripe (https://stripe.com/gb) systems which collect your data and carry out various checks to avoid abuse and fraud. The data is stored on Stripe’s servers, and your card details are not transmitted to us or our servers at any time. Similarly, when you place an order for payment by PayPal or Klarna, our systems connect in real time with Stripe's systems and they securely share information with PayPal or Klarna (as appropriate).

So that you do not have to enter your details every time you place an order, you can choose, by ticking the box provided, to have credit and debit cards associated with your online account saved and stored securely by Stripe. You can consult the list of your saved cards (in hidden mode) and delete them if you wish in the “My Cards” section of "My Account". Deleted cards no longer appear in your account for future orders.

To be able to debit your account during invoicing or to credit it following a return, Stripe keep bank data associated with the transaction as long as it is needed to process the payment transaction (payment after ordering the goods) and to handle any subsequent claim (returns, disputes).

If you choose to save your payment details (e.g. credit card), they will automatically be deactivated when the relevant card expires and will need to be updated with new details.

9. What should I know about data collected by social networks?

La Redoute offers you the option to use social networks to improve our commercial relationship and offer you targeted advertising offers through these networks.

If you use social networks to communicate and interact with us (including Facebook Messenger, Facebook Connect, and the Facebook, Instagram or Twitter “share” buttons) it is likely that this will involve a data exchange between La Redoute and the social network.

For example, if you are connected to Facebook on your computer and you visit a page of the La Redoute site, Facebook is likely to collect this information. Likewise, if you click on the "tweet" button on a La Redoute site page, Twitter will collect this information.

We recommend that you consult the personal data management policies of the various social networks you use to know the personal data that may be transmitted and what it will be used for.

10. Minors under 16 years

Users must be 16 years old or more to create an account on our websites and make purchases.

You may have the option to provide information about children from time to time (e.g. when creating your account) but you should only do so if you are the parent or are otherwise authorised to agree to this.

11. Marketing

11.1 Principles

We use your contact details to send targeted marketing by email, post, text (SMS), mobile notification, on social networks or third-party websites. We will comply with the rules applicable to each channel.

11.2 Electronic marketing (by email, sms, & phone)

The Privacy & Electronic Communications Regulations 2003 permit electronic marketing (email, SMS, phone) to existing customers for similar products and services without consent as long as customers are given an easy means to refuse (opt-out), e.g. by clicking an “unsubscribe” link or texting “BLOCK”.

Otherwise, your consent is required before we can market to you by electronic means. We seek your consent at various points, e.g. our online banners asking if you would like to sign up to newsletters.

We may ask you to consent to the following:

  • to receive La Redoute offers (e.g. newsletters) by email
  • to receive offers from partners we may share your details with (but see section 3 above)
  • to receive La Redoute offers by text message (SMS)

You can opt-out of marketing easily at any time e.g. :

  • Email: by clicking the “unsubscribe” link on each email
  • Texts (SMS): by replying “BLOCK”
  • All: By speaking with a customer services adviser or by contacting us at the address in section 5.2.

11.3 Marketing by post

We have a legitimate interest (see section 2) in sending you marketing by post but, if you ask us not to, we won’t. You can opt-out of marketing by post at any time by speaking with our customer services team or writing to us at the address in section 5.2.

Please note that, if you have been pre-selected to receive a marketing publication by post before you opt-out, you may still receive that publication. It can take a few weeks for an opt-out request to be effective.

11.4 Email retargeting

After browsing our site, you may receive an email even though you have not provided your email address to us. How is this possible?

We, like many other retailers, use the services of companies that identify internet users who have already visited our website and send them personalised emails.

These companies use cookies to distinguish users and then customise the adverts they receive based on their online browsing history.

Who collected my email address?

This processing involves our commercial partners that have already collected your email address from other sources, as well as your consent to authorise the sending of advertising.

You have the right to object this type of processing.

11.5 Notification on mobile applications (apps)

When you first open the La Redoute mobile application on your smartphone, you are asked to allow us to send you mobile or “push” notifications. If you agree, we may send you offers through these notifications.

You can disable these notifications at any time in the settings of your smartphone.

12. Cookies, Tags & Trackers

When using our online services, information relating to the navigation of your device (computer, tablet, smartphone, etc.), may be recorded in "cookies" files placed on your device, subject to any choices you have expressed about cookies. You can set your browser settings to reject cookies but please bear in mind that, if you do this, certain personalised features of our site cannot be provided to you.

12.1 What is a cookie, tag, or tracker?

The term "cookie" refers to several technologies that make it possible to perform online browsing tracking or behavioural analysis of website users. These technologies are multiple and constantly evolving. There are, in particular, cookies, tags, pixels and JavaScript code.

A cookie is a small text file saved by the browser of your computer, tablet or smartphone which keeps limited user data to facilitate browsing and allow certain features, e.g. online shopping baskets and personal recommendations based on what you have viewed. These tracking pixels are small image files within the content of the site that allow us and the third party to understand which parts of the site are visited and whether particular content is of interest. This approach does not save any data on your device.

La Redoute, like other retailers, also uses tracking pixels within its marketing emails to identify whether they have been opened and help decide if customers are likely to be interested in further emails. We do this to avoid sending unwanted emails. The technology may also provide other information, e.g. about the time, location and operating system of devices used to read emails. You can opt-out of email marketing at any time via My Account or using the other methods set out in section 11.2 above.

You can find out more about cookies generally here:
https://www.aboutcookies.org/

La Redoute and our third party providers also sometimes set tracking pixels within web pages to follow your use of the site.

12.2 Why do we use cookies, tags & trackers?

The cookies, tags, and trackers we use on our site and mobile applications (apps) allow us:

  • to establish visitor statistics, volumes and use of the various elements of our services. As such, we use cookies to measure the audience for our site
  • to adapt site presentation to the type of device used (e.g. tablet)
  • to adapt site presentation based on user preferences, e.g. interests chosen (fashion, kids, home, etc.)
  • to memorise information relating to a form that you have filled in on our site (registration or access to your account, subscribed service, contents of your shopping basket, etc.)
  • to allow you to access reserved and personal areas of our site (e.g. My Account, through login information)
  • to implement security measures (e.g. when you are asked to log back into your account after a period)
  • to share information with advertisers on other websites to offer you relevant advertising in line with your interests. As such, we use advertising cookies
  • to share information on social networks. As such, we use cookies to share on these networks

You can find out more about the cookies we use by clicking here: La Redoute Cookies.

12.3 How to configure cookies, tags & trackers

La Redoute collects your prior consent to the use of advertising, audience measurement and social network sharing cookies in accordance with data protection law.

At any time, you can express and modify your wishes in terms of cookies, by the means described below.

Configuration of your web browsing software
You can set your web browsing software so that cookies are saved in your device or, on the contrary, are blocked ‒ either systematically or depending on their source. You may also configure your web browsing software so that you are prompted each time to allow or block cookies before a cookie can be saved to your device.

How do you implement your preference based on the browser you use?
To manage cookies and your preferences, each browser is configured in a different way. It is described in your browser's help menu, which will explain to you how to modify your cookies preferences:

Configuration of your smartphone operating system
You can control the use of cookies on your smartphone in the operating system rules.

Configuration of cookies with a tool proposed by La Redoute
In order to comply with data protection law, La Redoute uses a tool allowing the user to set the use of cookies when connecting to the www.laredoute.co.uk site.

Click here to configure cookie usage.

Opposition list to manage the use of cookies
You have the option to object to the storing of cookies by visiting the website http://www.youronlinechoices.com/uk/your-ad-choices

13. Who is the data protection officer (DPO)?

13.1 What duties do data protection officers have?

The role of the data protection officer (DPO) within La Redoute is to ensure compliance with the regulations and rules described in this document. Our DPO is based in France and leads a team with representatives in each country, including the UK.

Our DPO is responsible for establishing a record of processing of personal data in each country and ensuring compliance of such processing with the data protection law.

Our DPO ensures awareness of our teams about data protection and is responsible for managing responses to customers that choose to exercise their rights as set out in section 5 above.

13.2 How can I contact your data protection officer?

You can contact the data protection officer at dpo@redoute.co.uk

You can find out more about data protection and your rights via the UK’s data protection supervisory authority (www.ico.org.uk).

14. Changes to this notice

If we change or replace this Notice, we will notify you by updating our websites.

Edition date: 18 August 2023