Legal & ethical policies
Eagle Rise Ventures Ltd is a company registered in England and Wales and is the owner of E&M (collectively referred to as "E&M'', "we" or "us" in this policy).
Maintaining the security of your data is a priority at E&m, and we are committed to respecting your privacy rights. We pledge to handle your data fairly and legally at all times. E&M is also dedicated to being transparent about what data we collect about you and how we use it.
This policy, which applies whether you visit our stores, shop with us on line or otherwise engage with us provides you with information about:
- how we use your data;
- what personal data we collect;
- how we ensure your privacy is maintained; and
- your legal rights relating to your personal data.
How we use your data
E&M (and trusted partners acting on our behalf) use your personal data:
- to provide goods and services to you;
- to make a tailored website available to you;
- to manage any registered account(s) that you hold with us;
- to verify your identity;
- for crime and fraud prevention, detection and related purposes;
- to safeguard our colleagues, contractors and workers in our supply chain, including in relation to the risk of modern slavery and exploitation.
- with your agreement, to contact you electronically about promotional offers and products and services which we think may interest you;
- for promotional and marketing purposes and to tailor and personalise products and services;
- to train and manage our people and develop products and services;
- for customer insight and market research purposes - to better understand your needs;
- to enable E&M to manage customer service interactions (including refunds) with you; and
- where we have a legal right or duty to use or disclose your information (for example in relation to an investigation by a public authority or in a legal dispute).
E&M uses your personal data to send you promotional messages by email, text and other electronic communication channels (with your consent) and may send you postal mail to update you on the latest E&M offers.
E&M aims to update you about products & services which are of interest and relevance to you as an individual.
You have the right to opt out of receiving promotional communications at any time, by:
1. changing marketing preferences via your E&M account;
2. making use of the simple “unsubscribe” link in emails or the “STOP” number for texts; and/or
3. contacting E&M via the contact channels set out in this Policy.
If you visit our websites, you may be served personalised advertisements for E&M branded products and services whilst using other websites (including social media platforms). Any advertisements you see will relate to products you have viewed whilst browsing our websites on your computer or other devices, or which we believe are of interest to you.
Sharing data with third parties
Our service providers and suppliers
In order to make certain services available to you, we may need to share your personal data with some of our service partners. These include IT, delivery and marketing service providers and fraud prevention and identification partners.
E&M only allows its service providers to handle your personal data when we have confirmed that they apply appropriate data protection and security controls. We also impose contractual obligations on service providers relating to data protection and security, which mean they can only use your data to provide services to E&M and to you, and for no other purposes.
Other third parties
Aside from our service providers, E&M will not disclose your personal data to any third party, except as set out below. We will never sell or rent our customer data to other organisations for marketing purposes.
- credit reference agencies, banks and payment card issuers (such as Visa, Mastercard and American Express)
- Third party marketing partners, such as Google or Facebook to deliver advertising to you if you are using Google or registered with Facebook (see further information on Facebook below).
- governmental bodies, regulators, law enforcement agencies, courts/tribunals and insurers where we are required to do so: -
- to comply with our legal obligations;
- to exercise our legal rights (for example in court cases);
- for the prevention, detection, investigation of crime or prosecution of offenders; and
- to safeguard and protect our employees, customers or other individuals.
If you have an account with Facebook (or Instagram) and accept cookies on our website, your personal data including purchasing and browsing activity may be shared with Facebook so they can serve E&M advertisements to you when you are using Facebook platforms and apps (including Facebook and Instagram). For certain data processing activities relating to the marketing, Facebook Ireland will act as Joint Controller.
Further information on how Facebook Ireland processes your personal data, including the legal basis Facebook Ireland relies on and the ways to exercise data subject rights against Facebook Ireland, can be found in Facebook Ireland’s Data Policy at https://www.facebook.com/about/privacy
In accordance with data privacy laws, E&M has entered into an agreement (a ‘Controller Addendum’) with Facebook Ireland to determine the parties’ respective responsibilities for compliance with the obligations under the General Data Protection Regulation (GDPR) relating to the Joint Processing.
We have agreed that E&M is responsible for providing data subjects with the information set out above, and agreed that between the parties, Facebook Ireland is responsible for enabling data subjects’ rights under Articles 15-20 of the GDPR with regard to the personal data stored by Facebook Ireland after the joint processing.
To deliver products and services to you, it is sometimes necessary for E&M to transfer your data outside of the UK to jurisdictions which have less stringent data protection laws to protect personal data . This will typically occur when we use overseas service providers located outside the European Economic Area (EEA) or if you are based overseas and outside the EEA. These transfers are subject to special rules under data protection laws.
If this happens, we will ensure that the transfer will be compliant with data protection law and all personal data will be secure. Our standard practice is to use ‘standard contractual clauses’ which have been formally approved by the European Commission and the relevant UK authorities for such transfers. Those clauses can be accessed here.
How long do we keep your data?
We will not retain your data for longer than necessary for the purposes set out in this Policy. Different retention periods apply for different types of data, however the longest we will normally hold any personal data is 7 years.
What personal data do we collect?
How we protect your data
E&M is committed to keeping your personal data safe and secure.
Our security measures include: -
- encryption of data;
- regular cyber security assessments of all service providers who may handle your personal data;
- regular scenario planning and crisis management exercises to ensure we are ready to respond to cyber security attacks and data security incidents;
- daily penetration testing of systems;
- security controls which protect the entire E&M IT infrastructure from external attack and unauthorised access; and
- internal policies setting out our data security approach and training for employees.
What you can do to help protect your data
E&M will never ask you to confirm any bank account or credit card details via email. If you receive an email claiming to be from E&M asking you to do so, please ignore it and do not respond.
If you are using a computing device in a public location, we recommend that you always log out and close the website browser when you complete an online session.
In addition, we recommend that you take the following security measures to enhance your online safety both in relation to E&M and more generally:
- keep your account passwords private. Remember, anybody who knows your password may access your account.
- when creating a password, use at least 8 characters. A combination of letters and numbers is best. Do not use dictionary words, your name, email address, or other personal data that can be easily obtained. We also recommend that you frequently change your password. You can do this accessing your account, clicking ‘your account’, clicking ‘your data’ and selecting ‘change password’.
- avoid using the same password for multiple online accounts.
You have the following rights:
- the right to ask for a copy of personal data that we hold about you (the right of access);
- the right to request that we delete personal data held on you; where we no longer have any legal reason to retain it (the right of erasure or to be forgotten);
- the right to ask us to update and correct any out-of-date or incorrect personal data that we hold about you (the right of rectification);
- the right to opt out of any marketing communications that we may send you and to object to us using / holding your personal data if we have no legitimate reasons to do so (the right to object);
- the right (in certain circumstances) to ask us to ‘restrict processing of data’; which means that we would need to secure and retain the data for your benefit but not otherwise use it (the right to restrict processing); and
- the right (in certain circumstances) to ask us to supply you with some of the personal data we hold about you in a structured machine-readable format and/or to provide a copy of the data in such a format to another organisation (the right to data portability).
If you wish to exercise any of the above rights, please contact us using the contact details set out below.
- phone: 0333 050 3195;
- e-mail: firstname.lastname@example.org
Legal basis for using data
We are required to set out the legal basis for our ‘processing’ of personal data.
Legal basis for E&M processing customer personal data
Generally E&M collects and uses customers’ personal data because it is necessary for:
the pursuit of our legitimate interests (as set out below);
the purposes of complying with our duties and exercising our rights under a contract for the sale of goods to a customer; or
complying with our legal obligations.
In general, we only rely on consent as a legal basis for processing personal data in relation to sending direct marketing communications to customers via email or text message.
Customers have the right to withdraw consent at any time. Where consent is the only legal basis for processing, we will cease to process data after consent is withdrawn.
Our legitimate interests
The normal legal basis for processing customer data, is that it is necessary for the legitimate interests of E&M, including:-
- selling and supplying goods and services to our customers;
- protecting customers, employees and other individuals and maintaining their safety, health and welfare;
- promoting, marketing and advertising our products and services;
- sending promotional communications which are relevant and tailored to individual customers (including administering the Sparks loyalty scheme);
- understanding our customers’ behaviour, activities, preferences, and needs;
- improving existing products and services and developing new products and services;
- complying with our legal and regulatory obligations;
- preventing, investigating and detecting crime, fraud or anti-social behaviour and prosecuting offenders, including working with law enforcement agencies;
- handling customer contacts, queries, complaints or disputes (including managing refunds);
- managing insurance claims by customers;
- protecting E&M, its employees and customers, by taking appropriate legal action against third parties who have committed criminal acts or are in breach of legal obligations to E&M;
- effectively handling any legal claims or regulatory enforcement actions taken against E&M;
- fulfilling our duties to our customers, colleagues, shareholders and other stakeholders; and
-managing corporate transactions, including selling or transferring any parts of our business to third parties, acquiring new businesses, entering into mergers or undertaking corporate restructuring activity.
What are cookies?
How are cookies managed?
The cookies stored on your computer or other device when you access our websites are designed by:
E&M, or on behalf of E&M, and are necessary to enable you to a make purchases on our website;
third parties who assist us in detecting and preventing fraud;
third parties who participate with us in marketing programmes; and
third parties who broadcast web banner advertisements on behalf of E&M.
What are cookies used for?
The main purposes for which cookies are used are: -
For technical purposes essential to effective operation of our websites, particularly in relation to on-line transactions and site navigation.
For E&M to market to you, particularly web advertisements and targeted updates.
To help E&M detect and prevent fraud through web and social media advertising.
To enable E&M to collect information about your browsing and shopping patterns, including to monitor the success of campaigns, competitions and find out if promotional communications have been opened.
To enable E&M meet its contractual obligations to make payments to third parties when a product is purchased by someone who has visited our website from a site operated by those parties.
Accessibility and duration of cookies on your device(s)
Cookies will remain on your device for various lengths of time dependant on their type and purpose. Some cookies may only be used throughout the duration of the visit and others may persist over time to enable us to view how you interact with our services.
How do I disable cookies?
Note - if you have already consented to cookies on our website, you can change your preferences at any time by clearing cookies from your browser and re-entering our site. This will cause the pop-up banner to re-display, and you can choose to use the site(s) without consenting to cookies.
If you want to disable cookies you can also change your website browser settings to reject cookies. How you can do this will depend on the browser you use. Further details on how to disable cookies for the most popular browsers are set out below: -
For Microsoft Internet Explorer:
Choose the menu “tools” then “Internet Options”
Click on the “privacy” tab
Select the setting the appropriate setting
For Google Chrome:
Choose Settings > Advanced
Under "Privacy and security, " click “Content settings”.
Choose Preferences > Privacy
Click on “Remove all Website Data”
For Mozilla firefox:
Choose the menu “tools” then “Options”
Click on the icon “privacy”
Find the menu “cookie” and select the relevant options
For Opera 6.0 and further:
Choose the menu Files”> “Preferences”
What happens if I disable cookies?
This depends on which cookies you disable, but in general the websites may not operate properly if cookies are switched off. If you only disable third party cookies, you will not be prevented from making purchases on our sites. If you disable all cookies, you will be unable to complete a purchase on our sites.
Data protection officer
Our Data Protection Officer helps us to ensure we protect the personal data of our customers (and others) and comply with data protection legislation.
If you have any questions about how E&M uses your personal data that are not answered here, or if you want to exercise your rights regarding your personal data, please contact our Data Protection Officer’s team by
- phone: 0333 050 3195;
- e-mail: email@example.com
For UK Residents:
You have the right to lodge a complaint with the Information Commissioner’s Office. Further information, including contact details, is available at https://ico.org.uk.
For ROI Residents:
You have the right to lodge a complaint with the Data Protection Commission. Further information, including contact details, is available at https://www.dataprotection.ie/.
This policy was last updated in April 2023.