Privacy Policy

Your privacy is very important to us. We are committed to protecting your personal data and giving you ways to manage your marketing choices at any time.

La Redoute operates worldwide. As part of our business in the UK, we offer customers an e-commerce service accessible from our website www.laredoute.co.uk, a mobile site m.laredoute.co.uk and an iOS and Android-compatible smartphone and tablet app.

To provide goods and services, we collect information about you. Data collection takes place on our website, on our mobile apps, by phone, by email, by webchat, through social media websites (e.g. Facebook), through written correspondence (e.g. paper orders, letters) and through other media we may use from time to time as technology develops. We may also obtain data from third parties (e.g. credit reference agencies, such as Equifax, if you have or apply for a LR Pay Account) or public sources (e.g. electoral register).

This Privacy Notice is intended to provide you with detailed information about use of your data.

LRUK (Retail) Limited, which trades as La Redoute in the UK and is a member of La Redoute Group, is, as at the edition date of this notice, the “controller” in respect of your personal data for the purposes of UK GDPR, which is the EU General Data Protection Regulation (GDPR) No. 2016/679 of 27 April 2016 (referred to below as EU GDPR) as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018 and is amended by The Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019 (referred to below as UK GDPR).

When we collect personal data from you, we may state that certain information is mandatory (e.g. your name and address when placing an order on our website). If you do not provide mandatory information, this may prevent us from doing what we need to do.

Contents

You will find the following information below:

1. Who collects personal data?

As explained above, the company collecting your personal data is LRUK (Retail) Limited, which is a member of La Redoute Group. La Redoute Group’s main establishment is as follows:

La Redoute, a simplified joint-stock company with a share capital of €353,490,250, registered with the Lille-Metropole Trade and Companies Register under number 477 180 186, whose head office is located at 110 rue de Blanchemaille in Roubaix (59100), France.

You can find out more about La Redoute here: www.laredoute-corporate.com

2. How the law protects you

2.1 Lawful reasons for processing

Your privacy is protected by law. Under data protection law, we are allowed to use your personal data only if we have a lawful reason. We must have one or more of the following lawful reasons:

  • To perform a contract or to take steps at your request prior to entering into a contract (e.g. to process and fulfil an order for goods, or to open and manage an LR Pay Account)

  • Where we are required to do so to comply with our legal obligations (e.g. to keep records)

  • Where it is in our legitimate interests or those of a third party

  • Where you have consented

A “legitimate interest” is where there is a business, commercial or other reason to use your information but it should not unfairly go against what is right and best for you. Examples of legitimate interests may include fraud prevention, direct marketing and sharing data within a corporate group (like La Redoute) and the concept is recognised as covering other processing, such as sharing of consumer credit account data (e.g. LR Pay Account data) with credit reference agencies.

2.2 Our processing & reasons

We collect and record personal data to carry out the following processing:

Why do we use your personal data? What are our reasons?

  • Customer accounts, shopping carts, orders and wish lists

  • Performance of our contract with customers

  • Our legitimate interest in providing a place to manage accounts

  • Managing payment and credit transactions, including, if you have an LR Pay account, producing and sending you statements, handling payments and debt recovery

  • Performance of our contract with customers

  • Complying with legal obligations

  • Carrying out a basic credit eligibility search with credit reference agencies if you decide to check if you’re eligible for an LR Pay account (this will not affect your credit file)

  • Your consent

  • Carrying out a credit search with credit reference agencies if you apply for an LR Pay account (we may also ask you to provide access to limited “Open Banking” data to help us identify you and for affordability)

  • Complying with legal obligations

  • Our legitimate interest

  • Performance of our contract with customers or taking steps at their request pre-contract

  • Your consent to us accessing bank data securely via Open Banking

  • If you have a La Redoute credit account (e.g. LR Pay), sharing data with credit reference agencies on an ongoing basis about how you manage your account

  • Our legitimate interest in sharing account management data

  • Managing delivery and returns operations

  • Performance of our contract with customers

  • Customer relationship management (phone/chat/email/letters/social), order follow-up, after-sales service, product returns and refunds

  • Performance of our contract with customers or taking steps at their request pre-contract

  • Provision of an online communities

  • Our legitimate interest in offering innovative solutions to customers

  • Recording of exchanges between customer service and customers by phone, email, chat, social and other methods for service improvement, fraud prevention and compliance with legal requirements

  • Our legitimate interest in improving our customer services

  • Our legitimate interest in seeking to prevent fraud

  • Complying with legal obligations

  • Customer satisfaction management (collection of customer reviews on products and customer service performance)

  • Our legitimate interest in improving products and services

  • Detecting, investigating, reporting and seeking to prevent financial crime (e.g. fraud during payment processing for orders placed)

  • Performance of the contract between a Client and La Redoute

  • Our legitimate interest in seeking to prevent fraud

  • Complying with legal obligations

  • Statistics, analytics, profiling, selection and segmentation of customers to improve our knowledge of our customers, how they use our products and services and to understand their changing needs

  • Our legitimate interest in knowing our customers better and adapting our offers (subject to any objections submitted by customers under data protection laws)

  • Sending targeted marketing promotions electronically (email, mobile notifications, SMS)

  • Your consent

  • Where the law allows us to send marketing without your consent (e.g. you have bought similar products from us and have not opted out of this marketing)

  • Display advertising on digital media (advertising inserts on third-party sites; advertising inserts on social networks) and measurement of the performance of advertisements

  • Our legitimate interest in online identification of customers (subject to any objections submitted by customers under data protection laws)

  • Your consent to our use of cookies, tags and similar technologies for displaying advertisements

  • Sending targeted commercial offers by post

 

  • Our legitimate interest in sending advertisements by post (subject to any objections submitted by customers under data protection laws)

  • Personalising our sites (mobile and desktop) and applications to customers 

  • Your consent

  • Measuring visits to our sites (mobile and desktop) and applications

  • Your consent

  • Providing sharing tools on social networks

  • Your consent

  • Running competitions (e.g. prize draws)

  • Our legitimate interest in making promotional offers

  • Sharing information with business partners (e.g. couriers, payment processors, printers)

  • Performance of our contract with customers (e.g. sharing information with couriers to they can handle deliveries and returns for us; with payment processors so that they can handle payments)

  • Sharing information with business partners so that they can market their products/services to you

  • Your consent

  • Enriching our customer databases with third-party partners

 

  • Our legitimate interest in having accurate and up-to-date data and improving customer knowledge

  • Providing accessibility tools to help people with disabilities

  • Your consent

  • Complying with legal obligations

  • Security of websites and mobile applications

 

  • Our legitimate interest in ensuring security and confidentiality of data

  • Sharing data with administrative authorities and law enforcement

  • Complying with legal obligations

  • Judicial and administrative requests

  • Product and service testing with consumer panelists

 

  • Our legitimate interest in improving our products and services using consumer feedback

  • Identifying social media trends from publicly available content on these networks 

  • Our legitimate interest in identifying market trends on its products

  • Complying with our legal obligations (e.g. record-keeping requirements)

  • Complying with legal obligations

  • Responding to retail and financial services claims and complaints and seeking to resolve them

  • Performance of our contract with customers

  • Complying with legal obligations

  • Defending legal claims

3. Who we share your data with

We share your data within La Redoute Group and, as a member of Galeries Lafayette Group, we may share within that group. We may also share with public bodies, suppliers and partners. Organisations we may share data with include:

Public bodies:

  • HM Revenue & Customs, regulators (e.g. Financial Conduct Authority (FCA)) and other authorities

  • Fraud prevention agencies

  • Police (e.g. fraud)

  • Customs (if applicable, e.g. Channel Isles)

Supplier & sub-contractor examples:

  • parcel couriers for deliveries and returns

  • warehousing services

  • customer contact centre services

  • communication services (e.g. phone, email, webchat, call recordings)

  • handling post

  • secure payment processing

  • detection and investigation of financial crime

  • anti-fraud services

  • debt collection services

  • printing and mailing services (e.g. direct mail, credit account statements)

  • customising content of websites and applications

  • insight and analytics services (e.g. so we can send relevant marketing and better understand customers)

  • digital advertising and content personalisation so we can provide marketing tailored to you and your interests

  • product suppliers that deliver directly to our customers

  • maintenance and development of our websites, applications and information systems

  • collection of customer reviews

  • sending electronic marketing (e.g. email, SMS)

Other organisations:

  • Credit reference agencies

  • Organisations that may have introduced you to us (e.g. if you have agreed an organisation, such as your mobile phone network, can share your data with us for marketing purposes)

  • Organisations you ask us to share your data with (e.g. see data portability at section 5.1 below)

Partners for marketing:

La Redoute UK does not currently share data with third parties for marketing purposes (e.g. with banks, travel companies or other retailers so they can promote their products and services to you) but this is something we may like to do in future and we may ask if you will agree to this (e.g. when you register with us).

Group changes:

As can be seen from news reports, changes to companies are common (e.g. reorganisations, business sales). If we or our wider corporate group are subject to a change, your data may be shared with other organisations. If there is a future sale, transfer, reorganisation or merger, your data may be shared with others but only if they agree to keep it private and safe.

4. Automated decisions, credit referencing & fraud prevention

4.1 Automated Decisions

Like many organisations, we sometimes use automated decisions based on personal data we hold or we are allowed to obtain from third parties. This helps us to make quick, fair, efficient and correct decisions based on what we know.

If you apply for an LR Pay Account, we, like other lenders, use a credit scoring system as part of the process of deciding whether to approve your application and setting your credit limit. The process uses past data to try to predict how you are likely to manage your account and repay credit. Data sources used include the following:

  • information you provide when you apply for credit with us

  • credit reference agency data

  • data we already hold (if any)

Credit scoring provides an overall assessment and is used to make responsible lending decisions. We also use it to make decisions when you have an LR Pay Account, e.g. when deciding whether to increase or decrease credit limits.

An automated decision may result in us declining a credit application or offering a lower credit limit. If you apply for credit and are dissatisfied with the result, you have the right to seek an explanation and request that a person manually reviews the decision. You can also ask that we do not make a decision based solely on the automated score generated by our credit scoring system.

We regularly test our credit scoring model to ensure it is working appropriately and accurately.

We may also monitor customer accounts using automated means for fraud detection and crime prevention.

4.2 Credit reference agencies

If you apply for an LR Pay Account, we, like other lenders, carry out credit and identity checks and we may use credit reference agencies (referred to below as CRAs) to help us. We may also use CRAs from time to time if you are an existing credit customer, e.g. when deciding whether to increase the credit limit on your account from time to time.

We will share your information with CRAs and they will give us information about you. The data we exchange can include:

  • Name, address, date of birth

  • Credit application

  • Account details

  • Financial situation and history

  • Public information, e.g. information from the electoral register

  • “Open Banking” data (but only where we specifically ask you if you will allow us to check this data via CRAs and you agree). You can find out more about Open Banking here, www.openbanking.org.uk

We may use this data to:

  • Assess your creditworthiness and whether you are able to afford repayments

  • Check the accuracy of information you have provided (including identity)

  • Help to detect and prevent financial crime, e.g. fraud and money-laundering

  • Manage your LR Pay Account

  • Trace and recover debts

We continue to share data with CRAs for as long as you are a credit customer, including:

  • Details of payments and whether you repay in full and on time

  • Arrears and default information

  • Following account closure, that the account has been closed and settled (if that is the case)

The CRAs may share the above data with other organisations.

When we ask a CRA about you, the CRA will note this on your credit file. This is called a credit search. Other lenders may see this and we may see credit searches from other lenders.

If you tell us you have a spouse, partner or civil partner or other financial associate, we may link your records together. You should therefore make sure you discuss this with them, and share this information with them, before making the credit application with us. CRAs also link records together and links remain on credit files until a successful application is made to the CRAs to break the link.

You can find out more about the CRAs on their websites in the Credit Reference Agency Information Notice (known as the CRAIN). This includes details about:

  • Who the CRAs are

  • Their role as fraud prevention agencies

  • The data they hold and how they use it (including Open Banking data)

  • How they share personal information

  • How long they keep data

  • Your data protection rights

Links to the CRAINs for the three main CRAs:

  • Equifax: www.equifax.co.uk/crain

  • TransUnion: www.transunion.co.uk/legal/privacy-centre?#pc-credit-reference

  • Experian: www.experian.co.uk/crain/index.html

4.3 Fraud prevention

We may work with other organisations (e.g. CRAs, payment processors) to help confirm your identify and prevent fraud. Your data can only be used if we have a proper reason. It must be necessary either to comply with the law or because there is a legitimate interest (see section 2 above).

We and organisations we work with may allow law enforcement agencies to access your data. This is to support their duty to detect, investigate, prevent and prosecute crime.

These are some of the kinds of personal information that we may use:

  • Name, address, date of birth

  • Previous address history

  • Contact details, e.g. email, phone

  • Financial data

  • Data relating to your account

  • Employment details

  • Device identifier (e.g. IP address)

  • Order history, order amount

  • Website browsing data

The data we have for you is made up of what you tell us, and data we collect when you interact with us or from third parties we work with.

We and organisations we work with may process your data in systems that look for fraud by studying patterns in the data, including using automated profiling. We may identify that an account is being used in a suspicious or unusual way.

If we decide there is a risk of fraud, we may stop activity on your account or block access to it.

5. Your rights

5.1 Your rights under data protection laws

You have the following rights under UK GDPR or the Data Protection Act 2018:

Right of access:
You can request a copy of the data we hold about you.

Right of rectification:
You can query any data we hold about you that you think is inaccurate or incomplete.

Right to object to processing, or to ask us to delete, remove or stop using your data:
This is often referred to as the “right to be forgotten”. It is not an absolute right to demand that organisations stop using or delete your data. An organisation may be entitled to keep and continue to use the data (e.g. to comply with a legal obligation to retain records, or so that the organisation can handle complaints and show that it treated you fairly in any period that the law gives you to lodge a complaint or legal claim).

Right to limit processing:
It may sometimes be possible to restrict processing of data so that it can only be used for certain purposes (e.g. legal claims or to exercise legal rights). In such circumstances, we would not use or share the data in other ways while processing is restricted. You can ask us to restrict the use of your data: if it is inaccurate; if it has been used unlawfully but you do not want us to delete it; if it is not relevant any more but you want us to keep it for use in legal claims; if you have already asked us to stop using it but you are waiting for us to tell you if we are allowed to keep using it.

Right to object to profiling:
As explained in section 4.1 in relation to credit scoring systems, if you apply for credit and are not satisfied with the result, you have the right to seek an explanation and request that a person manually reviews the decision. You can also ask us not to make decisions based solely on automated decision-making systems.

In relation to marketing profiling (selecting you for specific promotions and making recommendations), you can also object to this but then offers and recommendations you receive may be less relevant and no longer targeted to your interests.

Right to portability:
This right entitles individuals to ask organisations to transfer their data to another organisation (e.g. you wish to move from one social media service to another; from one music streaming service to another; from one bank to another). It seems unlikely to us that you would want to move the data we hold (e.g. your purchase history with us or details of your account transactions) to another organisation but you have the right to ask.

It is worth noting also that, under UK GDPR if an organisation that is processing your data detects a breach of data security that could create a high risk to your rights, then that organisation may be required to notify you of the breach so you are aware of it. In such circumstances, the organisation would also be required to notify the relevant supervisory authority.

Right to complain:
You may make a complaint to us if you consider that we have not complied with UK GDPR in relation to your personal data. If you make a complaint, we must do as follows:

  • We must acknowledge receipt of your complaint within 30 days beginning when we receive your complaint
  • We must take appropriate steps to respond to the complaint without undue delay (e.g. investigate your complaint to the extent appropriate, keeping you up to date)
  • We must inform you of the outcome of your complaint without undue delay

5.2 How to exercise your rights

You can exercise your rights in the following ways:

By post to the following address:
Data Protection Officer
La Redoute UK
2 Holdsworth Street
Bradford
West Yorkshire
BD1 4AH

Please include surname, first name, address, email and, if possible, your customer reference to help us to process your request efficiently.

By calling us on 033 0303 0199 and submitting your request.

For requests other than complaints (e.g. right of access), by  clicking here and submitting your request. 

For complaints, by email to dpo-complaints@redoute.co.uk

We may require proof of identity before fulfilling your request.

For requests other than complaints, we will contact you to acknowledge receipt of your request and then answer fully within one month. In some cases, we may extend this period by up to 2 months.

For information about our complaints process, please refer to section 5.1 above.

5.3 Consequences of exercising the right of opposition to marketing profiling

In relation to marketing profiling (selecting you for specific promotions and making recommendations), you may continue to receive marketing promotions but they may be less relevant and no longer targeted to your interests.

5.4 Withdrawal of consent

Where we are processing your data based on your consent (see section 2 above), you may withdraw your consent at any time by contacting us at the above address or by informing us by phone or other means we may provide (e.g. by clicking “unsubscribe” at the bottom of an email or replying “STOP LR” to an SMS).

5.5 What if you are not satisfied with the response you receive from us?

If you try to exercise your rights and we do not reply or you do not think our response is satisfactory, you can complain to the UK’s data protection supervisory authority (www.ico.org.uk).

6. Overseas data transfers

Your personal data may be transmitted for the purposes set out in this notice to organisations located in countries outside the UK, including EU and non-EU countries. UK GDPR is based on EU GDPR with some changes. Both UK GDPR and EU GDPR provide a high level of protection for personal data. Other members of La Redoute Group within the EU provide a range of services to us, including hosting our website and other IT and business services.

When carrying out transfers outside the UK, we will implement procedures to secure such transfers.

You can find out more information about transfers outside the UK from the UK’s data protection supervisory authority (www.ico.org.uk).

7. How long will my data be kept?

As explained in section 2 above, processing of data is not necessarily based on consent and an organisation may have lawful reasons for continuing to process your data even if you would prefer them to stop and delete it (e.g. to comply with record-keeping requirements or to be able to handle a future complaint).

Like other organisations, we have certain data retention rules we work to that take account of the different reasons why we might wish to retain data. We use 3 main categories:

  • Prospective customers that register with us but have not ordered yet

  • Customers that have, or have had, a La Redoute credit account (e.g an LR Pay Account)

  • Customers that have not had a La Redoute credit account (e.g an LR Pay Account) and have paid by other means (e.g. credit card)

For prospective customers, the starting point for data retention is the creation of an account.

For La Redoute credit accounts (e.g. LR Pay Accounts), the starting point is when an application is made for an account and data is kept after the credit relationship ends (e.g. so we can handle any future queries or complaints).

For customers that have not had a La Redoute credit account but have ordered paying by other means, the retention period continues beyond the last order (e.g. so we can handle any future product complaints).

Data retention periods may be different if customers stay subscribed to loyalty/marketing programmes.

8. What security measures are taken to protect my data?

8.1 General rules

As a data “controller” under data protection laws, we take measures to preserve the security and confidentiality of data, and, in particular, to prevent data from being distorted, damaged or unauthorised third parties having access to data.

We have deployed a robust security system to ensure a high level of security of data collected and to detect data breaches. This includes physical security for the buildings housing our systems, also IT system security to prevent external access to your data, and having secure copies of your data.

When using sub-contractors, we require them to comply with data protection laws.

8.2 Rules applicable to bank data, credit cards, debit cards, PayPal and Klarna

To ensure payment security, we use the services of a payment service provider certified by the Payment Card Industry in relation to data security (PCI-DSS). This standard is an international security standard whose objectives are to ensure the confidentiality and integrity of cardholder data, and therefore secure the protection of card and transaction data.

When you place an order for payment by credit or debit card with us, our order taking system connects in real time with Stripe (https://stripe.com/gb) systems which collect your data and carry out various checks to avoid abuse and fraud. The data is stored on Stripe’s servers, and your card details are not transmitted to us or our servers at any time. Similarly, when you place an order for payment by PayPal or Klarna, our systems connect in real time with Stripe's systems and they securely share information with PayPal or Klarna (as appropriate).

So that you do not have to enter your details every time you place an order, you can choose, by ticking the box provided, to have credit and debit cards associated with your online account saved and stored securely by Stripe. You can consult the list of your saved cards (in hidden mode) and delete them if you wish in the “My Cards” section of "My Account". Deleted cards no longer appear in your account for future orders.

To be able to debit your account during invoicing or to credit it following a return, Stripe keep bank data associated with the transaction as long as it is needed to process the payment transaction (payment after ordering the goods) and to handle any subsequent claim (returns, disputes).

If you choose to save your payment details (e.g. credit card), they will automatically be deactivated when the relevant card expires and will need to be updated with new details.

9. What should I know about data collected by social networks?

La Redoute is present on Facebook, Instagram, TikTok and Pinterest.

We give you the opportunity to use social networks to improve our commercial relationship (e.g. Facebook messenger), to offer you targeted advertising offers through the networks (e.g. Facebook Custom Audience or Pinterest) or to allow you to simplify authentication by means of a social connect (e.g. Facebook connect).

If you use social networks to communicate with us, we will exchange data with the network. We may share data (e.g. hashed email) with them to send you personalised offers. Data will be encrypted and will not directly identify you. Data will be matched to your network account so you receive the personalised offers. Our processing here is based on “legitimate interests” (see section 2 above).

If you would like to opt out of targeted advertising, please contact us using the details set out in section 5.2 above.

Information may also be collected by social networks when you browse our site or app for targeted advertising and performance measurement using trackers (cookies, pixels) placed in your browser. This processing is based on your consent to the use of relevant trackers. You can change your choices at any time by using our cookie manager accessible through the link in section 12.3 below and also using the "Manage my cookies" button near the bottom of our website homepage.

If you are connected to Facebook or TikTok and visit a page on the La Redoute website, the social network can retrieve information about you.

On Instagram, if you express your consent by means of the hashtag "#yeslaredoute" or otherwise, you consent to La Redoute processing information in your post (comment and/or photo) for promotional and marketing purposes. The data is collected by a company called Flowbox. You can find more information here, www.socialnative.com/privacy-policy/

We recommend that you consult the personal data management policies of the various social networks you use to know the personal data that may be transmitted and what it will be used for.

10. Minors under 16 years

Users must be 16 years old or more to create an account on our websites and make purchases. Users must be 18 years old or more to open an LR Pay account.

You may have the option to provide information about children from time to time (e.g. when creating your account) but you should only do so if you are the parent or are otherwise authorised to agree to this.

11. Marketing

11.1 Principles

We use your contact details to send you targeted (i.e based on you and your interests) and other marketing by email, post, text (SMS), mobile notification, on social networks or third-party websites.

For targeted marketing, we may also use information collected by us or our partner marketing agencies (e.g. Attentive, Epsilon, RTB House) through the use of cookies, tags, trackers or similar technologes via our website, app or other methods (e.g. if you show an interest in marketing emails). Our partners help us to analyse and prepare information and measure the effectiveness of our advertising. This may include matching/combining offline data we hold (e.g. your personal details and order data) with online data collected through cookies, etc. (e.g. device, browser, advertising IDs, cookie IDs, IP-addresses) to create a profile based on your preferences. We can then provide marketing that is likely to be more relevant to you.

As explained in section 5 above, you can object to profiling. If you do, the marketing you receive is less likely to be of interest to you.

For more information about cookies, tags, trackers and similar technologes and how you can manage them, please see section 12 below.

11.2 Electronic marketing (by email, SMS, & phone)

The Privacy & Electronic Communications Regulations 2003 permit electronic marketing (email, SMS, phone) to existing customers for similar products and services without consent as long as customers are given an easy means to refuse (opt-out), e.g. by clicking an “unsubscribe” link or texting “STOP LR”.

Otherwise, your consent is required before we can market to you by electronic means. We seek your consent at various points, e.g. our online banners asking if you would like to sign up to newsletters.

We may ask you to consent to the following:

  • to receive La Redoute offers (e.g. newsletters) by email

  • to receive offers from partners we may share your details with (but see section 3 above)

  • to receive La Redoute offers by text message (SMS)

You can opt-out of marketing easily at any time, e.g.

  • When creating an account, select the relevant option to opt-out

  • Email: by clicking the “unsubscribe” link on each email

  • Texts (SMS): by replying “STOP LR”

  • All: By speaking with a customer services adviser, contacting us using the details set out in section 5.2 above or visiting the “My Communication Preferences” section within “My Account” on our website.

11.3 Marketing by post

We have a legitimate interest (see section 2) in sending you marketing by post but, if you ask us not to, we won’t. You can opt-out of marketing by post at any time by speaking with our customer services team, contacting us using other details set out in section 5.2 above or visiting the “My Communication Preferences” section within “My Account” on our website.

Please note that, if you have been pre-selected to receive a marketing publication by post before you opt-out, you may still receive that publication. It can take a few weeks for an opt-out request to be effective.

11.4 Email retargeting

After browsing our site, you may receive an email even though you have not provided your email address to us. How is this possible?

We, like many other retailers, use the services of companies that identify internet users who have already visited our website and send them personalised emails.

These companies use cookies to distinguish users and then customise the adverts they receive based on their online browsing history.

This processing involves our commercial partners that have already collected your email address from other sources, as well as your consent to authorise the sending of advertising.

You have the right to object this type of processing and can do this by, for example, refusing the relevant advertising cookies on our website or relevant third-party sites.

11.5 Display of personalised digital advertisements

After browsing our website or app, you may see advertisements for La Redoute products on third-party sites or social networks (e.g. Facebook, Instagram or Pinterest).

Display advertising on social networks is carried out using targeting criteria they offer. We may also use information collected by us or our partner marketing agencies (e.g. Epsilon, RTB House) through the use of cookies, tags, trackers or similar technologes via our website, app or other methods (e.g. if you show an interest in marketing emails). Our partners help us to analyse and prepare information and measure the effectiveness of our advertising. This may include matching/combining offline data we hold (e.g. your personal details and order data) with online data collected through cookies, etc. (e.g. device, browser, advertising IDs, cookie IDs, IP-addresses) to create a profile based on your preferences. This helps us to provide marketing that is likely to be more relevant to you.

You can manage this type of marketing in various ways:

  • You can manage your preferences directly with your social media networks using their privacy settings.

  • As explained in section 5 above, you can object to profiling. If you do, the marketing you receive is less likely to be of interest to you.

  • For more information about cookies, tags, trackers and similar technologes and how you can manage them, please see section 12 below.

  • You can contact RTB House directly: https://optout.rtbhouse.com

  • You can contact Epsilon directly: https://legal.epsilon.com/dsr/

Other useful links

11.6 Notification on mobile applications (apps)

When you first open the La Redoute mobile application on your smartphone, you are asked to allow us to send you mobile or “push” notifications. If you agree, we may send you offers through these notifications.

You can disable these notifications at any time in the settings of your smartphone.

12. Cookies, tags, trackers and similar technologies

12.1 General

Cookies, tags, trackers and similar technologies are widely used to make websites and apps like ours work or work more efficiently, share data and for other purposes, e.g.

  • To recognise your device

  • To remember what’s in your shopping basket

  • To support you when you log in and remember you are logged in

  • To implement security measures (e.g. when you are asked to log back into your account after a period of time)

  • To remember information that you give us (e.g. when you register for an account)

  • To analyse traffic to our website/app and how you interact with our services (visitor statistic, volumes, use of different services, audience measurement, etc.)

  • To adapt how our site is presented on different devices (e.g. PC, mobile, tablet)

  • To adapt how our site is presented based on your preferences (e.g. your interests, such as fashion, kids, home)

  • To allow you to access reserved/personal areas of our site (e.g. My Account)

  • To see what has interested you, such as whether you have opened an email we have sent or viewed a product or other webpage

  • To share information with advertisers on other websites to offer you personalised ads that are more likely to interest you

  • To share information on social networks

  • To collect statistics on deliverability, opening and reading of emails

  • To monitor user browsing for fraud prevention in relation to payments

These constantly evolving technologies can also be divided into two types:

  • First-party: Placed on your device by La Redoute (e.g. where we have the ability to place the technology ourselves)

  • Third-party: Placed on your device by our partners (e.g. where we have a partner that helps us with analytics, security, fraud, online advertising, webchat, etc.)

You can find out more about cookies, tags, trackers and similar technologies here:

www. ico.org.uk

www.aboutcookies.org

12.2 How to customise settings with us or using your browser

Retailers must tell you about cookies and similar technologies they use and obtain your consent unless an exemption applies. There are two exemptions:

  • Communication: Transmission of the communication is impossible without the use of the particular technology

  • Strictly necessary: Necessary/essential to provide a service you have requested. Our exempt cookies/technologies are listed in section 12.4 below.

Retailers provide privacy policies, “cookie banners” and similar functionality to share information about relevant technologies they use and, unless an exemption applies, to obtain your consent. You can choose to “Accept all”, “Reject all” or “Customise” your settings. We ask that you consider your options carefully as, for example, choosing to “Reject all” would limit our ability to do certain things, such as to provide personalised features, analyse site usage, measure performance and provide other useful features, such as web chat. There may be other features that you would prefer to “switch off”.

To find out more about technologies we use and customise your settings, please select “Manage your cookies” on our website homepage or “How we use your data” on our mobile app.

You can also customise settings using the web browser software (e.g. Internet Explorer, Safari, Chrome, Firefox, Opera) you use on your various devices. See www. ico.org.uk or www.aboutcookies.org for more information.

You may also be able to manage some settings here, www.youronlinechoices.com

12.3 Tracking pixels

Retailers also uses tracking pixels within its marketing emails to identify whether they have been opened and help decide if customers are likely to be interested in further emails. We do this to avoid sending unwanted emails. The technology may also provide other information, e.g. about the time, location and operating system of devices used to read emails. You can opt-out of email marketing at any time via My Account or using the other methods set out in section 11.2 above.

12.4 List of exempt cookies and similar technologies

The technologies we use that we consider are exempt are as follows:

Cookie name Partner Definition Purposes
cf_bm Cloudflare This is linked to a security function introduced by our use of Cloudflare's Bot Management service. A separate cf_bm cookie is generated for each site visited by an end user, as Cloudflare does not track users from site to site or session to session Security
cfuvid Cloudflare This only set when a site uses this option in a Rate Limiting Rule and is only used to allow Cloudflare WAF to distinguish individual users who share the same IP address. Visitors who do not provide the cookie are likely to be grouped together and may not be able to access the site if there are many other visitors from the same IP address Security
aa_lastcampaign Adobe Analytics This gives the last time stamp when the browser visited the website. Allows you to measure audience, page by page, and to list the pages from which a link was followed to request the current page (sometimes called a ‘referrer’), whether internal or external to the site, by page and aggregated on daily basis Analytics
aa_lastTimeStamp Adobe Analytics Allows you to measure the audience, page by page, and to list the pages from which a link has been followed to request the current page (sometimes called a ‘referrer’), whether internal or external to the site, by page and aggregated on a daily basis Analytics
AMCV_# Adobe Analytics This makes it possible to customise the browsing experience of each user on the different pages of the site Analytics
AMCVS_#AdobeOrg Adobe Analytics This makes it possible to customise the browsing experience of each user on the different pages of the site Analytics
ASP.NET_SessionId www.laredoute.co.uk Website session - everything related to the session across different screens, keeping user logged in, showing minimal user details without needing full sign in Mandatory
cf_clearance www.laredoute.co.uk Clearance cookie stores the proof of challenge passed. It is used to no longer issue a challenge if present. It is required to reach an origin server Security
didomi_token Didomi This contains consent information for personalised purposes and for suppliers, as well as information specific to Didomi (e.g. user ID); encoded in base 64 Mandatory
IsMobile www.laredoute.co.uk Used to identify the type of terminal used to optimise the display of the site throughout the user's navigation on the site Mandatory
IsTablet www.laredoute.co.uk Used to identify the type of terminal used to optimise the display of the site throughout the user's navigation on the site Mandatory
s_ecid www.laredoute.co.uk Makes it possible to individualise the navigation of each Internet user on the different pages of the site. No unique identifier (Visitor ID or MID) is assigned to the visitor Analytics
TheseusGUID1 www.laredoute.co.uk This is specific to La Redoute and is used to uniquely identify a user session. It helps maintain navigation continuity and ensure a consistent user experience on the site Mandatory
utag_main Tealium This is needed to count sessions (based on billing) Analytics
RequestVerificationToken www.laredoute.co.uk This is an anti-CSRF (Cross-Site Request Forgery) cookie used to prevent attacks where unauthorised actions are performed in the name of an authenticated user. It ensures requests come from reliable sources Mandatory
BaseDirectory www.laredoute.co.uk Used to define the language in which the website should be displayed and is not a persistent cookie (direct deletion after creation) Mandatory

13. Who is the data protection officer (DPO)?

13.1 What duties do data protection officers have?

The role of the data protection officer (DPO) within La Redoute is to ensure compliance with the regulations and rules described in this document. Our DPO is based in France and leads a team with representatives in each country, including the UK.

Our DPO is responsible for establishing a record of processing of personal data in each country and ensuring compliance of such processing with the data protection law.

Our DPO ensures awareness of our teams about data protection and is responsible for managing responses to customers that choose to exercise their rights as set out in section 5 above.

13.2 How can I contact your data protection officer?

You can contact the data protection officer at dpo@redoute.co.uk

You can find out more about data protection and your rights via the UK’s data protection supervisory authority (www.ico.org.uk).

14. Changes to this notice

If we change or replace this Notice, we will notify you by updating our websites.

Edition date: 10 March 2026