Privacy Policy

Welcome to Julienne Bruno’s Privacy Policy.   

What does this Privacy Policy Cover?
 Julienne Bruno respects your privacy and is committed to protecting your personal data. We want to be transparent with you about how we collect and use your personal data in making available our website and services (“Site”) to you, and tell you about your privacy rights and how the law protects you.
With that in mind, this Privacy Policy is designed to describe: 
- Who we are and how to contact us.

- Marketing communications.

- What personal data we collect.

- How we use your personal data and why.

- Who we share your personal data with.

- How we keep your personal data secure.

- How long we store your personal data.

- Your rights relating to your personal data.

- Our policy on children.

- Third-party links.

This Privacy Policy aims to give you information on how Julienne Bruno collects and processes your personal data through your use of this Site, including any data you may provide through this Site and/or when placing orders with us. 
We will post any modifications or changes to this Privacy Policy on this page.
Who we are and how to contact us.
Who we are.
JULIENNE BRUNO LTD is the ‘controller’ of your personal data (referred to as either “Julienne Bruno”, “we”, “us” or “our” in this Privacy Policy). 
Our address is 20-22 Wenlock Road, London N1 7GU, England.
How to contact us.
You can contact us by emailing: HELLO@JULIENNEBRUNO.COM 
Marketing communications.
You can ask us to stop sending you marketing emails at any time by following the opt-out links at the bottom of any marketing email sent to you.
Where you opt out of receiving these marketing messages, this will not apply to service emails, for example emails relating to an order that you have placed with us.
What personal data we collect.
The personal data we may collect about you is outlined below:
Identity data: Your first name, last name and/or username
Contact data: Your billing address, shipping address, email address and/or telephone number(s)
Payments data: Your payment card details
Transaction data: Any details about payments to and from you, and other details of subscriptions and products you have purchased from us
Device data: Your Internet protocol (IP) address, operating system of your device and other information about the device that you use to access our Site
Usage data: Details of how you use our Site (for example, which pages of our Site you visit and how long you stay on them)
Aggregated data.
We also generate, use and share Aggregated Data, such as statistical or demographic data. Aggregated Data may be derived from your personal data, but once in aggregated form it will not constitute personal data for the purposes of applicable privacy law, as this data does not directly or indirectly reveal your identity. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Policy.
No sensitive data.
In the operation of our Site, we do not intend to collect or use any of your Sensitive Data, such as:
- details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data; or
- information about criminal convictions and offences.
Due to its sensitivity, we strongly recommend that you should not provide us with any of this Sensitive Data (e.g. by email, or by including it in any free-text boxes).
Data collected via cookies.
Some of our data collection (including collection of device data and usage data) is facilitated by the use of cookies and similar technologies. For more information, please refer to our Cookie Policy.
How we use your personal data and why.
We will only use your personal data for the purposes for which we collected it, as listed below. If we need to use your personal data for an unrelated purpose, we will update this Privacy Policy and we will explain the legal basis which allows us to do so. 
You do not have to provide personal data to us. However where we need to process your personal data either to comply with law or to perform our obligations to you, and you fail to provide that data when requested, we may not be able to perform our obligations to you (for example, to make our Site available to you or fulfil your order) but we will notify you if this is the case at the time.
Legal bases.
In respect of each of the purposes for which we use your personal data, applicable privacy law requires us to ensure that we have a legal basis’ for that use. Most commonly, we will rely on one of the following legal bases:
- Where we need to use your personal data to deliver our services to you (including our Site) or to fulfill an order that you have placed with us ("Contractual Necessity").
- Where we need to use your personal data for our legitimate interests, and your interests and fundamental rights do not override those interests ("Legitimate Interest").
- Where we need to use your personal data to comply with our legal or regulatory obligations ("Compliance with Law").
- Where we have your consent to use your personal data for a specific purpose ("Consent").
We have set out below the purposes and applicable legal bases we rely on when we use your personal data: 
Account management | To create and manage your account on our site | Contractual Necessity
Order fulfilment | To fulfil any order placed by you on our Site | Contractual Necessity
Payments processing | To process your payment for an order | Contractual Necessity
Fraud prevention | To keep our Site, our services and associated systems operational and secure | Legitimate Interest - we have a legitimate interest in ensuring the ongoing security of our Site and associated systems. 
Analytics | To understand how our users use our Site, and improve it using that data | Legitimate Interest – we have a legitimate interest in monitoring the use of our Site in order to improve it over time
Legal compliance | To comply with our legal and regulatory obligations (for example, by ensuring that you are allowed to use our Site) | Compliance with Law
Marketing | To send you information about our products and services from time to time | Consent
Who we share your personal data with.
Categories of recipients.
Below describes recipients we share your personal data with, and why we share it:
Our affiliates: Other companies within our corporate group may help us provide our services to you
Our service providers: Our service providers provide us with shipping and handling, IT, infrastructure and other services which allow us to provide our Site and services to you
Our payments processor: Our payments processor processes payments for orders on our behalf
Our advisers: Our lawyers, bankers, auditors, insurers and other advisers may need to access your personal data when providing their services to us
Public authorities: Public authorities may require us to report our data processing activities in certain circumstances, which may involve disclosing your personal data
Potential acquirers: We may disclose or transfer your personal data in the context of actual or prospective corporate events (e.g. the sale, transfer or merger of all or part of our business, assets or equity interests). For example, we may need to share certain personal data with prospective counterparties and their advisers
International transfers of your personal data.
Some of our external third-party suppliers are based outside the UK, so their processing of your personal data will involve transferring your personal data outside the UK.
Where we share your personal data with third-parties who are based outside the UK, we try to ensure a similar degree of protection is afforded to it by making sure one of the following mechanisms is implemented:
- Transfers to territories with an adequacy decision. We may transfer your personal data to countries or territories whose laws have been deemed to provide an adequate level of protection for personal data by the UK Government (from time to time).
- Transfers to territories without an adequacy decision. We may transfer your personal data to countries or territories whose laws have not been deemed to provide an adequate level of protection for personal data by the UK Government. However in these cases:
-- we may use specific appropriate safeguards, approved by the UK Information Commissioner’s Office and/or the UK Government, which are designed to give your personal data the same protection it has in the UK – for example, requiring the recipient to enter into the relevant form of the so-called ‘International Data Transfer Agreement’ or ‘Standard Contractual Clauses’ issued or approved from time to time; or
-- in limited circumstances, we may rely on an exception or ‘derogation’ which permits us to transfer your personal data to such country despite the absence of an ‘adequacy decision’ or ‘appropriate safeguards’ – for example, reliance on your explicit consent to that transfer. 
Should you wish to find out more about these controls and safeguards, please contact us.
How we keep your personal data secure.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
We limit access to your personal data to those employees and other staff who have a business need to have such access. All such people are subject to a contractual duty of confidentiality.
We have put in place procedures to deal with any actual or suspected personal data breach. In the event of any such breach, we have systems in place to work with applicable regulators. In addition, in certain circumstances (including where we are legally required to do so), we may notify you of breaches affecting your personal data.
How long we store your personal data.
We retain your personal data for as long as necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting or reporting requirements, to establish or defend legal claims, or for fraud prevention purposes.
To determine the appropriate retention period for your personal data, we consider the amount, nature and sensitivity of the relevant data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. 
Your rights relating to your personal data.
By law you have the right to:
- Request access to your personal data. This enables you to receive a copy of the personal data we hold about you, and to check that we are lawfully processing it.
- Request the correction of your personal data. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request the erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. This may not always be available.
- Object to our processing of your personal data. This right exists where we are relying on Legitimate Interest as the legal basis for our processing, and there is something about your particular situation which makes you want to object to our processing on this ground.
- Request the restriction of our processing of your personal data. This enables you to ask us to temporarily suspend the processing of your personal data, for example if you want us to establish its accuracy or our reason for processing it.
- Request the transfer of your personal data. This enables you to ask us to provide to you, or a third-party you have chosen, your personal data in a structured, machine-readable format.
- Withdraw consent. This enables you to withdraw your consent. This right only exists where we are relying on Consent as our lawful basis to process your personal data.
How to exercise your rights.
If you want to exercise any of the rights described above, please contact us. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data. This is a security measure to ensure that your personal data is not disclosed to any person who has no right to receive it.
Typically, you will not have to pay a fee to exercise your rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. We may also refuse to comply with your request in limited circumstances.
We try to respond to all legitimate requests within a month. It may take us longer than a month if your request is particularly complex or you have made a number of requests; in this case, we will notify you and keep you updated.
Please note that applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions.
If you would like to make a complaint regarding this Privacy Policy or our practices in relation to your personal data, please contact us. We will reply to your complaint as soon as we can.
If you feel that your complaint has not been adequately resolved, please note that applicable privacy law gives you the right to contact your local data protection supervisory authority, which for the UK is the Information Commissioner’s Office.
Our policy on children.
Our Site is not intended for children below the age of 16, and we do not knowingly collect data relating to such children. 
Third-party links.
Our Site may include links to third-party websites and/or content. Clicking on those links or enabling those connections may allow third-parties to collect or share your personal data. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our Site, we encourage you to read the privacy policy of every site you visit.