Your Shopping Bag is Empty
Our Privacy Policy
Below we share a summary of how we process and use personal data in Brown Thomas Arnotts.
(Last updated - 28th October 2021)
We have developed this privacy statement because we want you to feel confident about the privacy and security of your personal details when you visit or use the Brownthomas.ie website. We respect your right to privacy. We treat as confidential all of the personal information you give to us. By using the Brown Thomas website or by registering as a user of any services provided by Brown Thomas, you agree to our use of your data as set out below. Brown Thomas is registered with the Data Protection Commissioner as a Data Controller and all handling and processing of your personal data is strictly in accordance with the data protection principles contained in the Data Protection Acts 1988 – 2018. The Brown Thomas servers are located in a secure facility and any access to your personal data is strictly controlled and limited only to persons who are authorised and have appropriate security clearance to access the servers. Saved payment card details are transmitted by Brown Thomas in an encrypted form to provide extra security for your online transactions. They are only shared with our payment partner and not with any other third parties and are only used to process your order, using our payment partner.
The software we use, which is called “Adyen 3DS2 SDK” conforms to a security specification known as “EMVCo”. This industry standard software will allow the collection of device fingerprinting without you having to take any action. When you use your device or phone while shopping online, the software will automatically collect the required device fingerprint automatically in order to enhance the security offered by way of allowing a risk based assessment to take place. The software will then encrypt and secure the information collected as part of the operation of the software. As the information is fully encrypted, neither Adyen nor any other party can access or view the contents of your information and information collected is only used as part of the automated system process to protect you while online or making a purchase.
Who We Are
We are Brown Thomas Arnotts Ltd, a part of the wider Selfridges Group of companies. This Data Protection Notice relates to the Data Protection practices of Brown Thomas and the services offered by us in-store and online.
Concessions and Brands in our stores
We work with a range of brands in our stores. Our data protection policies apply only to personal information obtained by us, not information you share with brands directly through your interactions with them. However, we work closely with brands in our stores to try to ensure appropriate standards are applied consistently.
Who do we process data about?
We process different personal data about you depending on your relationship with us and the context in which we obtain the data. The main categories of person who we process data about are listed below.
Category of Data Subject
- Store Visitor (physical store)
- Store Visitor (online)
- Customer (physical store)
- Customer (online)
- Staff Member
- Contractors/Suppliers
What we use personal data for
We use personal data of customers, staff, and others for the purposes of selling and serving customers, employing and managing staff (and contractors), and operating and controlling the business (including security controls and regulatory obligations).
We process customer information through your interactions with us in store or online. This can include purchasing online or over the phone, when you sign up for a loyalty card, or register for an event or promotion. It would also include where you avail of alterations services, make enquiries about product or service availability, have an after-sales service query, avail of personal shopper services, concierge parking services, or sign up for the Brown Thomas credit card.
We also process personal data for the purposes of marketing to customers by post, email, or SMS depending on your selected preferences. Information about your interactions with our websites and apps may also processed to help us improve our services and identify and remedy any problems customers might have interacting with us online.
We process personal information of employees and contractors working on our behalf for the purposes of their employment, to manage and meet our legal obligations as an employer.
Personal information of customers and staff is processed for the purposes of operating and controlling the business. This includes the operation of CCTV, accident report books, and other business controls relating to security and health and safety in our stores, capturing and disclosing customer or staff information to regulatory bodies or law enforcement in order to meet our legal obligations. We also retain logs of interactions on our website for the purposes of security and maintenance of our websites. Logs of how devices connected to our in-store wifi are also used for maintenance and security purposes. No personal data is stored in relation to this.
For more information on how we use personal data and the categories of personal data that we use for each purpose, please click here.
Who we share data with (and why)
We make use of third-party services to process data and to deliver services to customers in line with this privacy statement. Third parties acting on our behalf are data processors acting under an appropriate contract. We can also offer services in collaboration with other organisations such as Concessions and Brands operating in our stores or who are involved in fulfilling orders placed through our online stores. These parties may be involved in the delivery of goods or services to you but it may be necessary for us to give them information about you for that purpose. You will be informed about this when you use such a service.
Certain features of our online stores or apps, such as social media like or sharing buttons, will result in personal data being shared with third parties for their own purposes via cookies or other mechanisms. This is a feature of how these types of service operate and we are not responsible for the uses that these third parties may have for data obtained in this way.
We will also share data with third parties if you give us permission, or if it is required by law, or if we are required to do so as a result of a court order or if we deem it necessary to do so for the protection of our interests or for defence against a legal claim, or if it is necessary to do so to ensure the safety and security of our physical or on-line stores.
For more information about the categories of 3rd party with whom we share personal data, please click here.
International Transfers
From time to time we will use third party services that are hosted outside the EU or EEA for the purposes of executing business functions. We apply strict protocols to the selection of such suppliers and ensure that any processing is carried out on the basis of either:
1. Transfer to a country with an EU approved adequacy decision
2. Standard Contractual Clauses
3. Transfer to a Safe Country (e.g. Canada)
How we keep your data safe
We use appropriate organisational and technical measures to protect your data from unauthorised access or disclosure. Personal data is stored in locations that have both physical and technical access controls, and appropriate physical and technical access controls are in place in our stores and offices. Access to personal data is related to staff job roles and staff receive training and guidance on how to handle personal data.
How long do we keep your data?
We keep your personal information in line with our company retention policy and as required to comply with any legislation. We only retain information for as long as it is required.
Cookies and Third Party Websites or Services
We make use of cookies and other similar technologies to let us know whether you have or have not seen a particular web page or email. Certain features of our website and apps require cookies or similar technologies to allow the site to function. In other cases, you can choose to opt-out of these technologies being used, by changing your preferences in our consent management tool, (insert link to cookie management), where you can also find out more about the cookies we use.
Certain content on our site may link to 3rd party websites. We have no control over the privacy policies or practices of third-party websites. Your cookie preference settings may impact the functionality of some 3rd party services.
Your Rights
You have a number of rights under the GDPR and the Data Protection Act 2018.
- Right of Access – you have a right to request a copy of data we hold about you.
- Right of Rectification – You can request that we correct any errors in the information we hold about you
- Right of Erasure – You have a right to request we delete information we hold about you in certain circumstances. This is not a absolute right, but deleting data about you may result in you not being able to avail of services such as warranties and will result in the loss of any loyalty card points or other benefits you may have earned.
- Right to Object to Processing – You have a right to object to processing, particularly processing for the purposes of Direct Marketing. This is not an absolute right as we may have an over-riding requirement to continue processing your data. If we do opt you out of processing we may not be able to let you know about special offers or sales and it might have other implications depending on the specific processing you object to.
- Right to Restrict Processing – You have a right to ask us not to process your data for a period of time for a particular reason, for example if you have queried the accuracy of data we hold about you. Again, this is not an absolute right and it only applies in certain circumstances.
- Right to Data Portability – You have the right to ask us to transfer data we hold about you in a structured form and process using automated means to another company. This only applies if the basis of the processing is consent or contract.
- Right not to be subject to Automated Decision Making – You have a right not to be subject to automated decision making that has a legal or equivalent effect unless that processing is necessary for entering into or performing a contract, is required by law, or is conducted with your explicit consent. An example of such processing would include in-store credit checking.
- You have a right to compensation through the Courts in the event your data privacy rights under legislation are not upheld.
To avail of any of these rights, you should contact the Data Protection Officer in writing at the contact details below. There is no fee for availing of these rights, but we reserve the right to charge a reasonable administrative fee for repeat requests for the same information or for excessive requests.
Contacting our Data Protection Officer
By Post:
Data Protection Officer,
Brown Thomas
92 Grafton Street
Dublin 2
Ireland
By Email:
dataprotectionofficer@brownthomas.ie
As the United Kingdom is no longer a member of the European Union, our Nominated Representative in the UK for both the Brown Thomas and Arnotts brands will be:
Selfridges & Co
400 Oxford Street
London
W1A 1AB
United Kingdom
www.selfridges.co.uk
dataprotectionofficer@selfridges.co.uk
Contacting the Data Protection Commission
The Data Protection Commission can be contacted using the email address and phone numbers provided at this website: https://www.dataprotection.ie/en/contact/how-contact-us
Our Cookies Policy
Cookie Settings
Update the preferences of storing of cookies on your device to enhance site navigation, analyse site usage, and assist in our marketing efforts (last updated - 27 September 2021).
A cookie is a small amount of data that is sent to your browser from a website’s computer and stored on your computer’s hard drive. On the Brown Thomas website we use cookies to understand site usage, to improve the content and keep track of what you have put in your Shopping Bag.
We make use of cookies and other similar technologies to let us know whether you have or have not seen a particular web page or email. Certain features of our website and apps require cookies or similar technologies to allow the site to function. In other cases, you can choose to opt-out of these technologies being used, by choosing which types of cookies you wish to be active for your visit to our site. Please note that some features may not be available should you decline certain cookie categories.
Certain content on our site may link to 3rd party websites. We have no control over the privacy policies or practices of 3rd party sites.
To find out more about our use of Cookies and similar technologies or to make changes to your preferences, click here.
We know you love to share the great content we have on the Brown Thomas website. Please be aware that social networking sites, like Facebook and Twitter, might send cookies. We don’t control the setting of these cookies, so we suggest you check the third-party websites for more information about their cookies and how to manage them.
We work with Qudini, a carefully selected third party to process your booking who uses cookies to track use of its booking interface. Their service is embedded on https://bookings.brownthomas.com and we do not control their cookies. Qudini use the following cookies to deliver the Appointment booking journey.
- Strictly necessary cookies. These cookies are essential as they enable a user to move around a Booking Interface and use its features, such as accessing secure areas. Without these cookies, such as access to secure areas cannot be provided. These cannot be restricted or blocked.
- Analytical/performance cookies. They allow Qudini to recognise and count the number of visitors and to see how visitors move around our Booking Interface when they are using it. This helps improve the way our Booking Interface works, for example, by ensuring that users are finding what they are looking for easily. These cookies don’t collect information that identifies you. All the information that these cookies collect is anonymous and is only used to improve how a Booking Interface works. These can be restricted or blocked.
- Functionality cookies. These are used to recognise you when you return to the Booking Interface. This enables Qudini to personalise their content for you, greet you by name and remember your preferences. These can be restricted or blocked.
- Targeting cookies. These cookies record your visit to the Booking Interface, the pages you have visited and the links you have followed. This information is used to make the Booking Interface and the advertising displayed on it more relevant to your interests. Qudini may also share this information with third parties for this purpose. These can be restricted or blocked by you.
- For a full list if the cookies they use on their Booking Interface & more information about their cookies and how to manage them visit the Qudini Bookings Interface Cookie Policy.
These cookies enable the function of Salesfloor Software so that Brown Thomas Store Associates can serve and sell to customers who shop online via Live Chat or Storefront pages on www.mystore.brownthomas.com. The data stored by these cookies contains information about interactions, clicks and transactions (no payment information is collected).
Banner advertising appears on websites that we are affiliated with. We use the information we have learned from cookies to tailor this advertising to things we think you will like, based on your browsing history on the Brown Thomas website. The data contained by these cookies doesn’t contain any personal information.
How we collect and use customers' personal information?
Live Chat Record
This data does not identify you personally but provides us with information about how you use our services and engage with us in order to improve our services and make them more useful to you. This software is provided by Salesfloor who are a third party.
How long do we keep your information for?
We keep personal data for a variety of purposes and for a variety of retention periods. The general guidelines for how long we retain data are based on a clear assessment of what is necessary and proportionate in our business, with particular reference to statutory obligations that apply to our business.
Where there is no statutory period defined for keeping data, we will apply retention periods based on relevant industry standards or based on an internal assessment of a retention period that balances our ability to serve customers with our obligation to not retain identifiable data for longer than we need to.
Sharing and disclosure of data
Our websites feature social media sharing links to let you share content on social media sites like Facebook and Twitter. These links will write cookies that will let these services know what pages you visit on our site and can result in personal data about you being shared with these other platforms if you are logged in to them when visiting our site.
In certain circumstances we share personal data with Concessions and Brands for the purposes of managing customer service issues, dealing with complaints, or running joint events or promotions. This is not an exhaustive list and it is our policy to inform customers whenever data will be shared with a 3rd party in this way.
We share data with other Group companies including Selfridges in the UK and Holt Renfrew in Canada. In the vast majority of instances this data is aggregated data for reporting purposes but from time to time data that could identify an individual or individuals could be shared.
We will disclose data to third parties where necessary:
- For the execution of a contract entered into on behalf of the data subject
- For compliance with a legal obligation under EU or Member State law
- To meet the requirements of a Court Order
- For the purposes of seeking legal advice or managing an insurance claim
Transfers of data outside the EU/EEA
We transfer data outside the EU/EEA for a variety of reasons. Whenever possible we seek to work with partners, suppliers, and service providers in the EU/EEA but this is not always an option. We keep service providers who are based outside the EU/EEA under review to ensure valid legal grounds exist to continue using them. We keep service providers who are based outside the EU/EEA under review to ensure valid legal grounds exist to continue using them.
As identified previously, we may transfer data to other companies in the Selfridges Group.
Data is always transferred in a secure manner, with the specific methods of transfer depending on the nature of the processing. Whenever possible we try to anonymise, pseudonymise, or aggregate data rather than transferring identifiable personal information.
From time to time we will use third party services that are hosted outside the EU or EEA for the purposes of executing business functions. We apply strict protocols to the selection of such suppliers and ensure that any processing is carried out on the basis of either:
- Transfer to a country with an EU approved adequacy decision
- Standard Contractual Clauses
- Transfer to a Safe Country (e.g. Canada)
How you can unsubscribe?
To unsubscribe from marketing communications, you can click onto the "unsubscribe" link in any marketing communication that we send to you by email which will automatically unsubscribe you from that type of communication. Please note that you may continue to receive communications which are already on route to you for a short period of time while your relevant unsubscribe request is being processed.
You may also unsubscribe from marketing communications by contacting the Customer Services Team on 0818 303 062 or email onlinecustomerservices@brownthomas.ie or for loyalty related queries, please email loyalty@brownthomas.ie.
After you unsubscribe from marketing communications, you may still receive messaging in relation to the administration of the Loyalty programme. If you no longer wish to receive the service or administrative communications, please contact the Loyalty Team.
Alternatively, you can contact our Data Protection Officer by emailing: dataprotectionofficer@brownthomas.ie.
How we can make changes to this policy?
We may update this privacy policy from time to time so you should check this policy each time you give us personal information or use our website.