Security + Privacy
By using this website you acknowledge that you have been informed that we collect, use and disclose your personal information in accordance with this Policy.
This Policy should be read in association with the Terms and Conditions of use of the website. If you have any questions regarding this Policy, please contact our Privacy Officer at firstname.lastname@example.org.
To process your Personal Data lawfully we need to identify one or more valid legal grounds. The grounds we may use include:
If you are a customer, processing your Personal Data is necessary for the creation and completion of a contract.
If you consent to particular processing activities, for example, when you provide consent for us use your information for marketing purposes, eg. receiving our newsletter.
Our legitimate interest as a business, for instance, it is within our legitimate interests to use your Personal Data to identify or prevent fraud on our website.
Our compliance with a legal obligation, for example, we have a duty to investigate complaints made against us and may be required to process your Personal Data as part of these investigations.
The personal information we hold
twentytwentyone only collects personal information from our online visitors on a voluntary basis. Visitors purchasing goods and services online will need to provide a valid credit or debit card number and expiration date, in addition to their name, delivery and billing address, telephone number (your telephone number may be given to our courier), email address, location data and any other Personal Data collected via registration or placing an order on the website. Credit or debit card details are held by SagePay and are not visible to us.
We will store this data and hold it on computers or in manual files then use this information to process, fulfil and to let you know the status of your order. To provide some of our services, we may require further information from you.
We may also collect information about where you are on the internet (eg the URL you came from), your browser type, the country and telephone area code where your computer or devise is located, the pages of our website that were viewed, the advertisements you engaged with and search terms that you entered during your visit. We may collect this data even if you do not register with twentytwentyone.
How this information may be used
When you register with twentytwentyone for an account or for our newsletter you will be asked to provide personally identifiable information. We use this information to process your online orders, to send you marketing and promotional materials by e-mail, and to help us improve our website, products and services. All personal data is stored securely in accordance with the Data Protection Act 1998.
If you would prefer not to receive newsletters from twentytwentyone, please contact us on email@example.com, alternatively, an unsubscribe link is included in every twentytwentyone email.
Your personal details will only be shared with other reputable third parties for the purpose of processing your order. twentytwentyone requires all such third parties to treat your personal data as fully confidential and to comply with all applicable UK Data Protection or Consumer Legislation.
Third Party Sites
Our site may contain links to and from the websites of other third parties. Please note that these websites have their own privacy policies that we recommend you read before submitting any personal information to their sites, as we do not accept any responsibility or liability for these policies.
Your rights in relation to your information
Data protection law provides you with various rights, including the right to access, rectify and object to the processing of your personal data. You also have the right to lodge a complaint with the relevant data protection authority if you believe your Personal Data is not being processed in accordance with the data protection law.
You may request full disclosure of the Personal Data held by our website. If you would like to make a Subject Access Request (SAR) please do so by writing to our Privacy Officer. The request should state that a SAR is being made. You may be required to provide proof of identity and a fee. You may also request that we update any inaccurate Personal Data that we hold. (Contact details are provided at the end of this policy).
You have the right to withdraw consent to the processing of your Personal Data at any time when consent is required. This withdrawal will not affect the lawfulness of data processing based on your previous consent. Please note that you may not be able to benefit from certain website functions for which the processing of Personal Data is fundamental. You also have the right to object to the processing of Personal Data and may request that we stop. You may request that we erase your Personal Data and we will comply unless there is a lawful reason not to.
If you wish to lodge a complaint in relation to the processing of your Personal Data, we would ask that you contact us, however, you have the right to contact the supervisory authority directly. To contact the Information Commissioner’s Office, please visit the ICO website for instruction.
Safeguarding personal information
We will only collect personal data to serve our legitimate business needs, and we will maintain safeguards to ensure the privacy and security of the information you have provided. We reserve the right to make changes to this policy (effective immediately on publication). Please check back from time to time to ensure you are aware of any changes.
Your Personal Data will be retained until your last use of the website and will be held for a period of seven years unless a longer retention is required by law or we have a legitimately lawful reason to do so. We will not hold your Personal Data beyond this period as long as it is no longer required for the purposes laid out in this policy. We may keep an unidentifiable version of your Personal Data for statistical purposes, that we have a legitimate and lawful interest in without time limits.
Cookies can be first or third party cookies. First party cookies are set by the website you are visiting and placed on your computer or device. Third-party cookies are placed on your computer through the website by third parties, such as Google or social networks.
The cookies that we could use are defined by the following categories:
Strictly necessary cookies. These cookies are required for the operation of the website, they include cookies that enable you to log in to the website and remember the items in your shopping basket.
Functionality cookies. These cookies are used to recognise you when you return to our website. They allow us to remember preferences, such as username and allow us to provide more personalised content for you.
Targeting cookies. These cookies record your visit to the website, the pages you have visited and the links you have followed. They allow us and our advertisers to deliver more relevant content to you. These are persistent cookies which will be stored on your device until their expiration or they are manually deleted.
Social media cookies. These cookies allow you to connect with social media networks such as Facebook, Twitter, Instagram and Pinterest. These are also persistent cookies which will be stored on your device until their expiration or they are manually deleted. You should also check the respective policies of each of these sites to see how they use your information.
Internet security technology
When you place an order with us using our secure online order form and web browser, the order is encrypted. The use of SSL encryption scrambles data sent from the browser to the twentytwentyone.com server in a way that only twentytwentyone can access. We also use fraud checking systems to verify your identity.
Checking your browser security
You will notice that when you look at the location (URL) field at the top of the browser it begins with https: instead of the normal http: This means that you are in secure mode. You can also verify the security of a document by checking the security icon at the bottom-right hand corner of your browser (usually a lock and key padlock or a solid gold key depending on your browser and version). This is your assurance that your browser and server are communicating securely. All information transmitted on our secure online order form is encrypted while in transit, so that even if the information is intercepted because it is encrypted, it is useless to anyone. When our Secure Payment Server has received your credit card information it is sent directly and encrypted to the Sage Pay server and will never be stored or saved at the twentytwentyone website.
Security of your personal data is of highest priority to us. This is why we have utilised encryption technology to guarantee unauthorised parties have no access to personal and credit card details as they are passed over the internet. This has been independently verified.
twentytwentyone Ltd. is registered in England as twentieth century design ltd. No. 3174958 (Head Office and Showroom)
twentytwentyone Ltd. (at the address below) is the data controller for the purpose of the Data Protection Act 1998.
Contact Privacy Officer:
Call: 020 7837 1900
Or write to us at:
18c River Street,
(Available weekdays 9.30am – 17.30pm)