Privacy and cookies policy

Last updated: 02 May 2021

At XStitch Library, we’re working hard to serve clients a little better. Looking after the personal data you share with us is a hugely important part of this. We want you to be confident that your data is safe and secure with us, and that you understand how we use it to offer you a better and more personalised experience.

The data controller (who determines the purpose and manner in which your personal data is used) is XStitch Library (referred to in this policy as we or us).

We are committed to doing the right thing when it comes to how we collect, use and protect your personal data. That’s why we’ve developed this privacy and cookies policy (referred to as Policy), which:

  • Sets out the different ways you interact with us and the types of personal data that we collect
  • explains the reasons why we use the data we collect; and
  • explains the rights and choices you have when it comes to your personal data

We offer a wide range of products and services, so we want you to be clear about what this Policy covers. This Policy applies to you if you use our services (referred to in this Policy as our Services).

Using our Services means:

  • Shopping with us over the phone, online or otherwise using any of the websites (our Websites) or mobile application (our Mobile App) 1 where this Policy is posted
  • This Policy also applies if you contact us or we contact you about our Services

Our Websites or Mobile App may contain links to other websites operated by other organisations that have their own privacy policies. Please make sure you read the terms and conditions and privacy policy carefully before providing any personal data on a website as we do not accept any responsibility or liability for websites of other organisations.

1 Where our Mobile App process additional data, you will see a separate just in time notification in the Mobile App

1 Online media channels include websites, social media sites, pay TV providers and any other channels that become available to us

This section tells you what personal data we may collect from you when you use our Services and what other personal data we may receive from other sources.

Aggregated data

We try and remove personal data we do not need. If we remove enough personal data it becomes anonymous. This means that you cannot be identified.

We might also take data we hold and remove certain information and replace it with other non-identifying information such as ID number or reference number. This is an extra technique we use to protect data. This includes information that is statistical or demographic data.

Identity data

This is information that helps us identify who you are, so your name or title

Contact data

This is information that details how we can contact you i.e address, email or telephone number.

Financial data

This is information about your bank account and payment card details.

Location data

In some cases our app might ask for your location information to help better serve you information about related trends in your area. You will be made aware at the time if we would collect this data.

Transaction data

This is information about your purchase of a product or service from us. This includes when, where, what and how you purchased that item or service. It will also include where we sent that product or service and any other points or other benefits collected as part of the transaction.

Technical data

This is information about your device used to access our sites and app. This could be information that identifies your device, its operating system, internet address, your login data; browser and plug-ins; location; where you came to our site from and where you leave to as well as how often you visit. This is done via the use of cookies which is covered elsewhere in this notice.

User data

This is information collected about you as a user of our website, products and services more generally (compared to other types of data that relate to you directly for us to deliver our specific service to you). This may include where you engage with XStitch Library in a survey or provide feedback on your shopping experience.

We will also collect information about you that allows us to create an analysis of you as a consumer to better judge what products and services to offer in our websites.

Interaction data

This is information about how you interact with our products and services, namely what you click on and interact with on our sites and app.

Marketing and communications data

This is your marketing preferences and also your interaction with online marketing to be able to judge its effectiveness.

You may provide us with:

  • Your personal details, including your postal and billing addresses, email addresses, phone numbers and date of birth and title
  • Your account login details, such as your username and the password that you have chosen

We may collect:

  • Identity data
  • Contact data
  • Financial data
  • Technical data
  • User data
  • Marketing and communications data

We may collect:

  • Information about your online purchases (for example, what you have bought, when and where you bought it and how you paid for it)
  • Information about your online browsing behaviour on our Websites and Mobile App and information about when you click on one of our adverts (including those shown on other organisations' websites)
  • Information about any devices you have used to access our Services (including the make, model and operating system, IP address, browser type and mobile device identifiers)

What type of data might be collected:

  • Identity data
  • Contact data
  • Financial data
  • Transaction data
  • Technical data
  • User data
  • Interaction data
  • Marketing and communications data

We may collect:

  • Personal data you provide about yourself anytime you contact us about our Services (for example, your name, username and contact details), including by phone, email or post or when you speak with us through social media
  • Details of the emails and other digital communications we send to you that you open, including any links in them that you click on
  • Your feedback and contributions to customer surveys or reviews (research and insight)

What type of data might be collected:

  • Identity data
  • Contact data
  • User data

We may also use personal data from other sources, such as specialist companies that supply information and online media channels 1. For more information, see our section on service providers.

This other personal data helps us to:

  • Review and improve the accuracy of the data we hold
  • Improve and measure the effectiveness of our marketing communications, including online advertising 2.

1 Online media channels include websites, social media sites and any other channels that become available to us

2 Marketing messages that you may see on the internet

This section explains in detail how and why we use personal data. We use personal data to:

Make our Services available to you

This means that processing your personal data allows us to:

  • Manage the accounts you hold with us
  • Process your orders and refunds

Why do we process your personal data in this way?

We need to process your personal data so that we can manage your customer accounts, provide you with the goods and services you want to buy and help you with any orders and refunds you may ask for.

Why we are using this data (Legal Basis):

  • Contractual Necessity – at the time we collect it
  • Purchase & transaction data
  • Contact details
  • Profile details
  • Delivery/collection details.
  • We will not be able to provide you with your products or services if you do not provide us with this data.
  • Legitimate Interests - following fulfilment of your order.

Manage and improve our day-to-day operations

  • Manage and improve our Websites and Mobile App

Why do we process your personal data in this way?

We use cookies and similar technologies on our Websites and Mobile App to improve your customer experience.

Some cookies are necessary so you should not disable these if you want to be able to use all the features of our Websites and Mobile App. You can disable other cookies but this may affect your customer experience. For more information about cookies and how you can disable them, see the cookies and similar technologies section.

  • Help to develop and improve our product range, services, stores, information technology systems, know-how and the way we communicate with you

Why do we process your personal data in this way?

We rely on the use of personal data to carry out market research and internal research and development, and to improve our information technology systems (including security) and our product range and services. This allows us to serve you better as a customer.

  • Detect and prevent fraud or other crime

Why do we process your personal data in this way?

It is important for us to monitor how our Services are used to detect and prevent fraud, other crimes and the misuse of services. This helps us to make sure that you can safely use our Services.

Why we are using this data (Legal Basis):

  • Contractual Necessity – at the time we collect it
  • Purchase & transaction data
  • Contact details
  • Profile details
  • Delivery/collection details.
  • We will not be able to provide you with your products or services if you do not provide us with this data.
  • Legitimate Interests - following fulfilment of your order for the other personal data in that section.

Personalise your XStitch Library experience

  • Use your online browsing behaviour as well as online purchases to help us better understand you as a customer and provide you with personalised offers and services.

Why do we process your personal data in this way?

Looking at your browsing behaviour and purchases allows us to personalise our offers and services for you. This helps us meet your needs as a customer.

  • Provide you with relevant marketing communications (including by email, post or online advertising), relating to our products and services, and those of our suppliers, Retail Partners and the XStitch Library. As part of this, online advertising may be displayed on websites across the XStitch Library and on other organisations' websites and online media channels. We may also measure the effectiveness of our marketing communications and those of our suppliers and Retail Partners.

Why do we process your personal data in this way?

We want to ensure that we provide you with marketing communications, including online advertising, that are relevant to your interests. To achieve this, we also measure your responses to marketing communications relating to products and services we offer, which also means we can offer you products and services that better meet your needs as a customer.

You can change your marketing choices, both when you register with us, and at any time after that.

You also have choices when it comes to online advertising. We set out below your choices when it comes to cookies, and how you can control your online behavioural advertising preferences.

Why are we using this data? (Legal basis):

  • Legitimate Interests.

Contact and interact with you

  • Contact you about our Services, for example by phone, email or post or by responding to social media posts that you have directed at us.

Why do we process your personal data in this way?

We want to serve you better as a customer so we use personal data to provide clarification or assistance in response to your communications

  • Manage promotions and competitions you take part in, including those we run with our suppliers and Retail Partners.

Why do we process your personal data in this way?

We need to process your personal data so that we can manage the promotions and competitions you choose to enter.

  • Invite you to take part in and manage customer surveys, reviews and other market research activities carried out by the XStitch Library and by other organisations on our behalf.

Why do we process your personal data in this way?

We carry out market research to improve our Services. However, if we contact you about this, you do not have to take part in the activities. If you tell us that you do not want us to contact you for market research, we will respect this choice.

Why are we using this data? (Legal basis):

  • Legitimate Interests.

This section explains how and why we share personal data with other companies within the XStitch Library.

Where we have mentioned above our use of your personal data is based on our legitimate interests, these are:

  • To service our customers' needs, including delivering our products and services
  • To promote and market our products and services
  • To service your account, manage complaints and resolve any disputes
  • To understand our customers including their patterns, behaviours as well as their likes and dislikes
  • To protect and support our business, colleagues, customers and shareholders
  • To prevent and detect anti-social behaviour, fraud and other crime
  • To test and develop new products and services as well as improve existing ones.

This section explains how and why we share personal data with Retail Partners and Service Providers.

When we share personal data with these companies, we require them to keep it safe, and they must not use your personal data for their own marketing purposes.

We work with a number of Retail Partners who:

  • sell products through our services; or
  • offer products, services.

We only share personal data that enable our Retail Partners to provide their services.

We work with carefully selected Service Providers that carry out certain functions on our behalf. These include, for example, companies that help us with technology services, storing, combining and analysing data, processing payments, provide us with legal or other professional services as well as delivering orders. We only share personal data that enable our Service Providers to provide their services.

We also work with Service Providers that provide us with personal data they hold about you. Where we use a third party to provide personal data to us, they will have told you about this data sharing at the time it was collected.

We use this and our own data to better understand our customers (and customers like them).

This allows us to group customers into different trends and means we can provide products and services to you that are more relevant (including in our marketing communications). We also use this personal data to ensure we have the right details for you to keep your details up to date. We do not give personal data we have collected or created from you back to these companies.

Some of the Service Providers we work with operate online media channels 1, and they place relevant online advertising for our products and services, as well as those of our suppliers and our Retail Partners, on those online media channels on our behalf. For example, you may see an advert for our products and services as you use a particular social media site.

When we introduce a customer to a product or service this is referred to as onboarding. We use partners to help us onboard you as a customer to any marketing you receive from us.

Examples of our Service Providers include, but not limited to Facebook, Twitter and Paypal.

This section explains how and why we share personal data with other organisations.

We may share personal data with other organisations in the following circumstances:

  • if the law or a public authority says we must share the personal data or for the administration of justice;
  • if we need to share personal data in order to establish, exercise or defend our legal rights (this includes providing personal data to others for the purposes of preventing fraud);

We know how important it is to protect and manage your personal data. This section sets out some of the measures we have in place.

  • We apply physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of personal data;
  • We protect the security of your information while it is being transmitted by encrypting it;
  • We use computer safeguards such as firewalls and data encryption to keep this data safe;
  • We only authorise access to employees and trusted partners who need it to carry out their responsibilities;
  • We regularly monitor our systems for possible vulnerabilities and attacks, and we carry out penetration testing to identify ways to further strengthen security;
  • We will ask for proof of identity before we share your personal data with you; and
  • We will reveal only the last four digits of your payment card number when confirming an order.

Whilst we take appropriate technical and organisational measures to safeguard your personal data, it is important that you keep your login details and devices protected from unauthorised access.

Your personal data may be transferred outside the UK. It may also be processed by companies outside the UK who work for us (or for one of our service providers). When we do this, your personal data will be subject to appropriate safeguards. If we do transfer personal data to outside of the UK, it will be protected in the same way as if it was being used in the UK. To do this we use one of the following safeguards:

  • Transfer to a non-UK Country whose privacy laws ensure an appropriate level of protection for personal data;
  • Put in place a contract with a third-party that means they must protect personal data to the same standards as the UK; or
  • Transfer personal data to organisations that are part of specific agreements on cross-border data transfers with the UK.

We will not keep your personal data longer than we need to, and will only use your personal data for the purposes set out in this Policy. We will always keep your personal data in accordance with applicable legal and regulatory requirements.

In most circumstances this means we will not keep your personal data for more than 7 years after the end of your relationship with us. However, for certain data sets we have the following retention periods:

  • Customer complaints and feedback will be deleted 4 years after the date of last communication.
  • Information you submit when participating in research panels/market surveys will be deleted 3 years after its creation.
  • Where your personal data is needed because we are in serious dispute with you (such as litigation), your personal data will be deleted 7 years after closure of the matter.

We and our partners use cookies and similar technologies, such as tags and pixels (cookies), to personalise and improve your customer experience as you use our Websites and Mobile App and to provide you with relevant online advertising. This section provides more information about cookies, including how we use them and how you can exercise your choices about our use of cookies.

How we use cookies

Cookies are small text files containing a unique identifier, which are stored on your computer or mobile device so that your device can be recognised when you are using a particular website or mobile app. They can be used only for the duration of your visit or they can be used to measure how you interact with services and content over time. Cookies help to provide important features and functionality on our Websites and Mobile App, and to improve your customer experience. Cookies can also be used help us to detect fraudulent activity or to prevent security breaches and so we may record information about your device within the cookie.

When you consent to cookies on our Services, these may be used to do the following:

Our key partners are listed below with information about the services they provide to us. This list is not exhaustive but it does include those partners with whom we have an established relationship and whose cookie technologies are most frequently deployed through our Services.

To analyse how our services are used, including to test different content versions. This data may also be used to enable us to personalise our services and the marketing of our services.

  • Adobe
  • Optimizely
  • Google
  • Integral Ad Science
  • Leanplum

To enrich your shopping experience by delivering personalised recommendations to you on some of our websites.

  • Rich Relevance

To personalise XStitch Library adverts shown to you via our websites. For example, by using data about your transactions with us, what you have in your basket and the pages and products you look at.

  • Bing
  • Google

To market to you via social media platforms and to enable social sharing and engagement on our websites. These companies may use your data for their own purposes, including to profile and target you with other advertising.

  • Facebook
  • Twitter
  • RadiumOne (po.st)

To power commenting on our websites

  • Disqus

To enable us to personalise and deliver online advertising on behalf of our Retail Partners.

  • Google

To enable us to personalise and deliver online advertising on behalf of our Retail Partners.

  • Akamai

You can use your browser settings to accept or reject new cookies and to delete existing cookies. You can also set your browser to notify you each time new cookies are placed on your computer or other device. You can find more detailed information about how you can manage cookies through your browser’s help function.

If you choose to disable some or all cookies, you may not be able to make full use of our Websites. For example, you may not be able to add items to your shopping basket, proceed to checkout, or use any of our products and services that require you to sign in.

You can also manage advertising related cookies used on our Services by opting-out through the Service Providers listed in the table above or by visiting the YourOnlineChoices website. Where we display personalised adverts on other organisations' websites, the AdChoices icon will usually be displayed. Clicking on this icon will provide you with specific guidance on how to control your online advertising preferences. More information is available on the YourAdChoices website.

Cookies work differently on our Mobile App as they are coded into the App itself and will use a unique identifier created by your mobile device for use for advertising activities. You can turn off or reset this advertising identifier through your mobile device’s privacy settings.

We use cookies to improve your experience on our website. However, your consent is needed for certain cookies before they can be used. You can also choose which cookies you allow us to use, apart from essential cookies, which can't be turned off.

Check out our cookie preferences page for more information, along with options on managing your preferences.

You have the right to see the personal data we hold about you. This is called a Subject Access Request.

To comply with government guidance and enable our office Colleagues to work from home, if you would like a copy of the personal data we hold about you, please email us at webmaster@replicant.xstitchlibrary.com.

In relation to your personal data, you also have the right to:

  1. have inaccurate information corrected:

    Summary of the right:

    if you believe we hold inaccurate or missing information, please let us know and we will correct it.

  2. object to our use of it:

    Summary of the right:

    • general objection - We will then consider your objection to our use of your personal data. If on balance, your rights outweigh our interests in using your personal data, then we will at your request either restrict our use of it (see section 3 below) or delete it (see section 4 below).
    • objection in relation to direct marketing - If you make such an objection, we will stop using your personal data for direct marketing purposes.

  3. restrict our use of it:

    Summary of the right:

    There are several situations when you can restrict our use of your personal data, this includes (but is not limited to):

    • you have successfully made a general objection (listed in section 2 above).
    • you are challenging the accuracy of the personal data we hold.
    • we have used your personal data unlawfully, but you do not want us to delete it.

  4. have us delete it:

    Summary of the right:

    There are several situations when you can have us delete your personal data, this includes (but is not limited to):

    • we no longer need to keep your personal data;
    • you have successfully made a general objection (listed in section 2 above);
    • you have withdrawn your consent to us using your personal data (and we do not have any other grounds to use it);
    • we have unlawfully processed your personal data.

  5. complain to the data protection regulator:

    We’d like the chance to resolve any complaints you have, however you also have the right to complain to the UK data protection regulator (the "ICO") about how we have used your personal data. Their website is https://ico.org.uk/your-data-matters/raising-concerns/.

More Information on your Data Protection Rights

The ICO website also contains more detail on the data protection rights mentioned above, or if you would like to speak to us about these rights in more detail, see the how to contact us section below.

If you have any questions about how we collect, store and use personal data please contact us.

Email:

webmaster@replicant.xstitchlibrary.com

Our Data Protection Officer can be contacted by email: webmaster@replicant.xstitchlibrary.com

XStitch Library © 2014 - 2025