Here at boohoo.com UK Ltd (‘boohoo’) we are committed to protecting and respecting the privacy of

your personal data. This privacy notice explains how your data is collected, used, transferred and

disclosed by boohoo. It applies to data collected when you use our websites, iOS and android

applications, when you interact with us through social media, email, or phone, or when you participate in

our competitions or events. It also applies to the extent that someone has nominated you through our

"refer a friend" function or purchased an e-gift card on your behalf. It covers:

●

The personal data we collect

●

How we collect your data

●

How we use your data

●

Marketing preferences, adverts and cookies

●

Links to other websites and third parties

●

How we share your data

●

Your rights

●

Changes to this privacy notice

●

How to contact us

Who is boohoo

boohoo is a leading online fashion retail company. We design, source, market and sell clothing, shoes,

accessories and beauty products targeted at 16-24 year-old consumers in almost every country in the

world.

Boohoo.com UK Ltd, of 49-51 Dale Street, Manchester M1 2HF (collectively referred to as “boohoo”,

“we”, “us” and “our” in this privacy notice) is the controller and responsible for your personal data

collected through the www.boohoo.com website (the “website”) and boohoo app (the “app”).

Details of our Data Protection Officer responsible for overseeing questions in relation to this privacy

notice, and our details are set out in the “How to Contact Us” section at the end of this notice.

Our commitment to you

We take the protection of your personal data seriously and will process your personal data fairly,

lawfully and transparently. This privacy notice describes the personal data we are collecting about you

and how it is used.

We will only collect and use your personal data for the following purposes, to:

●

fulfil your order(s)

●

fulfil orders made on your behalf (e.g. e-gift card orders)

●

communicate with you following a "refer a friend" nomination

●

keep you up to date with the latest offers and trends

●

give you a better shopping experience

●

help us to make our marketing more relevant to you and your interests

●

improve our services

●

meet our legal responsibilities

How we keep your data safe and secure

We have appropriate organisational safeguards and security measures in place to protect your data

from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

The communication between your browser and our website uses a secure encrypted connection

wherever your personal data is involved.

We require any third party who is contracted to process your personal data on our behalf to have

security measures in place to protect your data and to treat such data in accordance with the law.

In the unfortunate event of a personal data breach, we will notify you and any applicable regulator when

we are legally required to do so.

The personal data we collect

Personal data means any information about an individual from which that person can be identified. It

does not include anonymised data, where the identity and identifying information has been removed.

While our website is designed for a general audience, we will not knowingly collect any data from

children under the age of 13 or sell products to children. If you are under the age of 13, you are not

permitted to use or submit your data to the website.

The following groups of personal data are collected:

●

Identity Data includes information such as: first name, last name, title, date of birth (optional),

occupation, personal description, photo and gender.

●

Contact Data includes information such as: email address, billing address, delivery address,

location, country, telephone number, loyalty programme membership number, and social media

id (if you log in by social media).

●

Financial Data includes information such as: payment card details and bank account.

●

Transaction Data includes information such as: details of your purchases and the fulfilment of

your orders (such as basket number, order number, subtotal, title, currency, discounts, shipping,

number of items, product number, single item price, category, tax etc.); payments to and from

you and details of other products and services you have obtained from us, correspondence or

communications with you in respect of your orders, and details of any rewards and bonuses

awarded.

●

Technical Data includes information such as: details of the device(s) you use to access our

services, your internet protocol (IP) address, login data, your username and password, browser

type and version, time zone setting and location, browser plug-in types and versions, operating

system and platform.

●

Profile Data includes information such as: purchases or orders made by you, product and style

interests, preferences, feedback, and survey responses.

●

Usage Data includes information such as: how and when you use our website/app, how you

moved around it, what you searched for; website/app performance statistics, traffic, location,

weblogs and other communication data; loyalty programme activities; and details of any other

boohoo products and services used by you.

●

Marketing and Communications Data includes information such as: your preferences in

receiving marketing from us and our third parties and your communication preferences.

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose.

Aggregated Data may be derived from your personal data but is not considered personal data as this

data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data

to calculate the percentage of users accessing a specific website feature. However, if we combine or

connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we

treat the combined data as personal data which will be used in accordance with this privacy notice.

How we collect your data

We may collect personal data about you in the following ways:

●

Direct interactions – you may give us your Identity, Contact, Financial, Transaction, Profile, and

Marketing and Communications data (as described above) by filling in forms, entering

information online or by corresponding with us by post, phone, email, telephone or otherwise.

This includes personal data you provide, for example, when you:

o Create an account or purchase products on our website;

o Subscribe to our newsletter, discussion boards, social media sites or create wish lists;

o Enter a competition;

o Join a Boohoo loyalty programme;

o Complete a voluntary market research survey;

o Contact us with an enquiry or to report a problem (by phone, email, social media, or

messaging service);

o Use the “refer a friend” function on our website; or

o When you log in to our website via social media.

●

Automated technologies or interactions – as you interact with our website, we may

automatically collect the following types of data (all as described above): Technical Data about

your equipment, Usage Data about your browsing actions and patterns, and Contact Data

where tasks carried out via our website remain uncompleted, such as incomplete orders or

abandoned baskets. We collect this data by using cookies, server logs and other similar

technologies. Please see our Cookie Policy for further details.

●

Third parties – we may receive personal data about you from various third parties, including:

o Identity and Contact data from another individual when they purchase an e-gift card for

you or use the "refer a friend" function on our website;

o Technical Data from third parties, including analytics providers such as Google. Please

see further information in the section entitled ‘Marketing preferences, adverts and

cookies’.

o Technical Data from affiliate networks through whom you have accessed our website;

o Identity and Contact Data from social media platforms when you log in to our website

using such social media platforms;

o Identity and Contact data from third parties, including organisations (including law

enforcement agencies), associations and groups, who share data for the purposes of

fraud prevention and detection and credit risk reduction; and

o Contact, Financial and Transaction Data from providers of technical, payment and

delivery services.

How we use your data

The legal basis for processing your personal data

We will only collect and process your personal data where we have a legal basis to do so. As a data

controller, the legal basis for our collection and use of your personal data varies depending on the

manner and purpose for which we collected it.

We will only collect personal data from you when:

●

we have your consent to do so, or

●

we need your personal data to perform a contract with you. For example, to process a payment

from you, fulfil your order or provide customer support connected with an order, or

●

the processing is in our legitimate interests and not overridden by your rights, or

●

we have a legal obligation to collect or disclose personal data from you.

Uses made of your personal data

Your personal data is used by boohoo to support a range of different activities. These are listed in the

table below together with the types of data used and the legal bases we rely on when processing them,

including where appropriate, our legitimate interests. Please be aware that we may process your

personal data using more than one lawful basis, depending on the specific activity involved. Please

contact us if you need details about the specific legal ground we are relying on to process your personal

data where more than one ground has been set out in the table below.

To create an account and register you as a new customer (either directly or via social media).

●

●

Identity Contact

●

Consent

To process and deliver your order including: recording your order details; keeping you informed about the order status; process

●

●

●

Identity

Contact

Financial

●

Performance of a contract with you

payments and refunds, collect money owed to us;

To protect our customers, boohoo group companies and website from fraud and theft, which involves automated decision making to assist such fraud prevention and detection.

To manage our relationship with you, including: providing you

●

Transaction

●

●

Necessary for our legitimate interests (e.g. to recover debts due to us) For automated decision making we consider that fraud detection and prevention is in our legitimate interests to ensure that fraudulent transactors are unable to benefit from our services and in the legitimate interest of the public as whole due to the impact of fraud on the consumer market; we also consider it a necessary element of entering into a contract with you that we are able to verify your identity and prevent fraud.

with any information, products and services that you request from us(or that has been requested on your behalf through our "refer a friend" function); notifying you about changes to our services, terms and conditions or privacy notice; asking you to leave a review or take a survey.

●

●

●

●

Identity

Contact

Profile

Marketing and Communication

s

●

●

Consent

Performance of a contract

with you

To enable you to take part in a competition, event, survey, or receive a reward for shopping with us.

●

●

●

●

●

Identity

Contact

Profile

Usage

Marketing and Communication

s

●

Where you have decided to enter into a competition or event, for the performance of a contract with you

To administer, protect and improve our business and our website/app, including:

troubleshooting, data analysis, testing, system maintenance, support, data analysis, reporting and hosting of data; setting default options for you, such as language and currency.

●

●

●

●

●

●

Identity

Contact

Profile

Technical

Transaction

Marketing and Communication

s

●

Consent

To deliver relevant website content, online advertisements and information for you; and measure the effectiveness of the advertising provided.

To use data analytics to: improve our website, products, services,

●

●

●

●

●

●

Identity

Contact

Profile

Usage

Marketing and Communication

s

Technical

●

Consent

marketing, customer relationships and experiences; and for market research, statistical and survey purposes.

●

●

Technical Usage

●

Consent

To recommend products, services discounts and offers that may be of interest to you, including to send you such information by email, post or SMS.

To inform or remind you by email

●

●

●

●

●

●

Identity

Contact

Technical

Usage

Profile

Marketing and Communication

s

●

Consent.

See further details in the section ‘Marketing preferences, adverts and cookies'

of any task carried out via our website which remains uncompleted, such as incomplete orders or abandoned baskets.

●

●

●

Identity

Contact

Usage

●

Consent

To protect our customers, boohoo group companies and website from fraud and theft

To process and deliver your e-gift

●

●

●

Identity

Contact

Profile

●

Necessary for our legitimate interests (to detect and prevent fraud)

card orders including taking payment and communicating with you and/or the nominated recipient if delivered to another person.

●

●

●

●

Identity

Contact

Financial

Transaction

●

Performance of a contract

We will only use your personal data for the purposes for which we collected it, unless we reasonably

consider that we need to use it for another reason and that reason is compatible with the original

purpose. If we wish to use your personal data for an unrelated purpose, we will notify you and we will

explain the legal basis which allows us to do so. We may process personal data without your consent, in

compliance with the above rules, where this is required or permitted by law.

If you have any questions about how boohoo use any of your personal data, please contact our Data

Protection Officer at DPO@boohoo.com.

How long we keep your data for

We will keep your personal data for no longer than is necessary for the purpose(s) it was provided for

and to meet our legal obligations. Further details of the periods for which we retain data are available on

request.

Marketing preferences, adverts and cookies

Marketing - your preferences

We may send you marketing communications and promotional offers:

●

if you have opened an account with us or purchased goods from us, or registered for a

promotion or event, and you have not opted out of receiving that marketing (in accordance with

your preferences, as explained below);

●

by email if you have signed up for email newsletters;

●

if you have provided us with your details when you entered a competition and you have

consented to receiving such marketing (in accordance with your preferences, as explained

below).

We may use your Identity, Contact, Technical, Transactional, Usage, Profile Data and Marketing and

Communications Data to form a view on what we think you may like, or what may be of interest to you,

and to send you details of products and offers which may be relevant for you.

We will ask you for your preferences in relation to receiving marketing communications by email, post,

SMS and other communication channels.

From time to time we may also include with your order, inserts advertising goods, services or offers from

other third-party companies that you may be interested in.

In respect of third party marketing communications, we will obtain your express opt-in consent before

we share your personal data with any third party for marketing purposes.

You will always have full control of your marketing preferences. If you do not wish to continue receiving

marketing information from us (or any third party, if applicable) at any time:

●

you can unsubscribe or ‘opt-out’ by using the unsubscribe button and following the link included

in the footer of any marketing email; or

●

account holders may withdraw their consent by simply logging in to My Account and editing

your ‘Contact Preferences’.

We will process all opt-out requests as soon as possible, but please note that due to the nature of our IT

systems and servers it may take a few days for any opt-out request to be implemented.

Cookies

Our website uses cookies to distinguish you from other users of our website and to keep track of your

visits. They help us to provide you with the very best experience when you browse our website and to

make improvements to our website. They also help us and our advertising networks to make advertising

relevant to you and your interests.

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or

access cookies. If you disable or refuse cookies, please note that some parts of our website may become

inaccessible or not function properly.

For detailed information on the cookies which we and our third-party providers use and the reasons why

we use them, please refer to our Cookie Policy.

Online ads

We use online advertising to keep you aware of what we’re up to and to help you find our products. Like

many companies, we may target boohoo banners and ads to you when you use other websites and apps,

based on your Contact, Technical, Usage and Profile Data. We do this using a variety of digital marketing

networks and ad exchanges, and a range of advertising technologies such as web beacons, pixels, ad tags,

cookies, and mobile identifiers, as well as specific services offered by some sites and social networks,

such as Facebook’s Custom Audience Service.

Our use of analytics and targeted advertising tools

We use a range of analytics and targeted advertising tools to display relevant website content on our

website and online advertisements on other websites and apps (as described above) to you, deliver

relevant content to you in marketing communications (where applicable), and to measure the

effectiveness of the advertising provided. For example, we use tools such as Google Analytics to analyse

Google's interest-based advertising data and/or third-party audience data (such as age, marital status,

life event, gender and interests) to target and improve our marketing campaigns, marketing strategies

and website content. We may also use tools provided by other third parties, such as Facebook, Content

Square, Adroll, Responsys, Criteo and Bing to perform similar tasks, using your Contact, Technical,

Usage and Profile Data.

In order to opt out of targeted advertising you need to disable your ‘cookies’ in your browser settings

(see Cookie Policy for details) or opt-out of the relevant third-party Ad Settings. For example, you can

opt-out of the Google Display Advertising Features. As an added privacy measure, you can also use the

The Digital Advertising Alliance (which includes companies such as Google, Responsys and Facebook)

provides a tool called WebChoices that can perform a quick scan of your computer or mobile devices,

find out which participating companies have enabled customised ads for your browser, and adjust your

browser preferences accordingly.

If you would like any further information about the data collected by these third parties or the way in

which the data is used, please contact us.

Links to other websites and third parties

Our website may include links to and from the websites of our partner networks, advertisers and

affiliates, or to social media platforms. If you follow a link to any of these websites, please note that these

websites have their own privacy policies and that we do not accept any responsibility or liability for

these policies. Please check these policies before you submit any personal data to their websites.

How we share your data

We may disclose and share your personal data with the parties set out below:

●

where you have consented for us to do so. For example, if you have consented to receive

marketing materials from third parties, or in respect of third parties’ (including co-branded or

jointly promoted) products and services, we may pass your data on to the relevant third parties

for the purpose of sending you such marketing communications;

●

• to business partners, suppliers, sub-contractors and other third parties that we use in

connection with the running of our business for the purposes set out in the table above in the

section ‘How we use your data’, such as:

o

third party service providers that we engage to provide IT systems and software, and to

host our website;

o

third party payment processing services (including Worldpay, Adyen, Paypal, and in

certain regions, Klarna, Laybuy, Clearpay and Zip (please see

T&C’s https://www.klarna.com/uk/terms-and-conditions/ / https://www.clearpay.co.uk/

en-GB/terms-of-service / https://www.laybuy.com/uk/consumer-terms https://zip.co/u

k/terms-conditions/for more information) to process your payment to us. boohoo does

not store your payment information. Your payment details are provided to the payment

processing service you have selected, who are required to comply with applicable

regulations and data protection laws. Please refer to the privacy policy of the relevant

provider for details of how they process your personal data;

o

services and to provide marketing and advertising services;

o

third party service providers that we engage to deliver and process your e-gift card

orders and e-gift card payment (including Jigsaw Business Solutions Ltd and Stripe

Payments UK Ltd)

o

third party service providers that we engage to deliver goods you have ordered and to

manage any returns;

o

third party service providers that we engage to send emails and postal mail on our

behalf including in relation to incomplete orders or abandoned baskets, or marketing

communications, to provide data cleansing services and to provide marketing and

advertising services;

o

analytics and search engine providers that assist us in the improvement and

optimisation of our website;

o

affiliate networks through whom you have accessed our website;

●

to any third party to whom we may choose to sell, transfer, or merge parts of our business or our

assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change

happens to our business, then the new owners may use your personal data in the same way as

set out in this privacy notice.

●

to protect our customers, boohoo group companies and website from fraud and theft, we may

share personal data that is required to make identity checks and personal data that we obtain

from making identity checks (including data relating to your age, name and location), together

with account information, with other boohoo group companies and with third party

organisations (including law enforcement agencies), involved in fraud prevention and detection

and credit risk reduction. Please note that the other boohoo group companies and these third

parties may retain a record of the information that we provide to them for this purpose;

o we may share your personal data with Ravelin and/or Risk Guardian and/or other fraud

prevention and analysis service providers, in order to carry out fraud prevention checks

on our behalf. If personal data is provided to Ravelin, Ravelin will also use this personal

data to improve its service and machine learning to improve its automated processing.

A copy of Ravelin's privacy notice can be found

at: https://www.ravelin.com/privacy-policy-new which explains how Ravelin will use

your personal data for these purposes; and

o we may further share personal data that is required to make identity checks and

personal data that we obtain from making identity checks (including data relating to

your age, name and location), together with account information, with organisations

(including law enforcement agencies), involved in fraud prevention and detection and

credit risk reduction. Please note that these third parties may retain a record of the

information that we provide to them for this purpose;

●

if we are under a duty to disclose or share your personal data in order to comply with any legal

obligation; or

●

to our professional advisers including lawyers, bankers, auditors and insurers who provide

consultancy, banking, legal, insurance and accounting services.

Worldpay

Worldpay are the data controller in respect of the Personal Information that you give to them (and

which they hold about you) when you sign up for, access, or use services, features, technologies or

functions offered on the Worldpay website (including when using Worldpay to pay for goods or services

offered on the Boohoo website) and in relation to Personal Information collected during the course of

business as set out in their Privacy Policy which can be found on their website

at https://www.worldpay.com/

Your data and countries outside of Europe

The personal data we collect from you may be transferred to, and stored at, destinations outside the

European Economic Area ("EEA") using legally-provided mechanisms to lawfully transfer data across

borders. It may also be processed by staff operating outside the EEA who work for us or for one of our

suppliers. Such staff may be engaged in, among other things, the fulfilment of your order, the processing

of your payment details and the provision of support services. We will take all steps necessary to ensure

that your data is treated securely and in accordance with this privacy notice.

Whenever we transfer personal data outside the EEA, we will ensure a similar degree of protection is

afforded to it by ensuring appropriate safeguards, as required by law, are in place. This may include using

specific contractual clauses approved by the European Commission which give personal data the same

protection as it has in Europe. More information about these is available

here http://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX:32010D0087

Please contact us if you want further information on the countries to which we may transfer personal

data and the specific mechanism used by us when transferring your personal data outside the EEA.

Your Rights

You have several rights under the data privacy legislation. This includes, under certain circumstances,

the right to:

●

request access to your personal data

●

request correction of your personal data

●

request erasure of your personal data

●

request restriction of processing of your personal data

●

request the transfer of your personal data

●

object to processing of your personal data

●

request human intervention for automated decision making

 Brief details of each of these rights are set out below. If you wish to exercise any of these rights, please

email us at DPO@boohoo.com.

Request access to your personal data

You have the right to obtain a copy of the personal data we hold about you and certain information

relating to our processing of your personal data.

Request correction of your personal data

You are entitled to have your personal data corrected if it is inaccurate or incomplete. You can update

your personal data at any time by logging into your account and updating your details directly, or by

emailing us at DPO@boohoo.com.

Request erasure of your personal data

This enables you to request that boohoo delete your personal data, where there is no good reason for us

continuing to process it. Note, however, that we may not always be able to comply with your request of

erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

Request restriction of processing of your personal data

You have a right to ask boohoo to suspend the processing of your personal data in certain scenarios, for

example if you want us to establish the accuracy of the data, or you have objected to our use of your data

but we need to verify whether we have overriding legitimate grounds to use it. Where processing is

restricted, we are allowed to retain sufficient information about you to ensure that the restriction is

respected in future.

Request the transfer of your personal data

You have the right to obtain a digital copy of your personal data or request the transfer of your personal

data to another company. Please note though that this right only applies to automated data which you

initially provided consent for us to use or where we used the data to perform a contract with you.

Object to processing of your personal data

You have the right to object to the processing of your personal data where we believe we have a

legitimate interest in processing it (as explained above). You also have the right to object to our

processing of your personal data for direct marketing purposes. In some cases, we may demonstrate that

we have compelling legitimate grounds to process your data which override your rights and freedoms.

Request human intervention for automated decision making and profiling

You have the right to request human intervention where we are carrying out automated decision making

when processing your personal data. This form of processing is permitted where it is necessary as part of

our contract with you, providing that appropriate safeguards are in place or your explicit consent has

been obtained.

We will try to respond to all legitimate requests within one month. Occasionally, it may take us longer

than a month if your request is particularly complex or you have made a number of requests. In this case,

we will notify you and keep you updated. We may need to request specific information from you to help

us confirm your identity and ensure your right to exercise any of the above rights. This is a security

measure to ensure that personal data is not disclosed to any person who has no right to receive it.

Right to lodge a complaint

If you have any concerns or complaints regarding the way in which we process your data, please email us

directly at DPO@boohoo.com. You also have the right to make a complaint to the ICO (the data

protection regulator in the UK). We would, however, appreciate the chance to deal with your concerns

before you approach the ICO, so please do contact us in the first instance.

Changes to this privacy notice

From time to time we may change this privacy notice. If there are any significant changes we will post

updates on our website, applications or let you know by email.

How to contact us

We welcome feedback and are happy to answer any questions you may have about your data.

Please send any questions, comments or requests for more information to our nominated

representative and Data Protection, who can be contacted at DPO@boohoo.com.

This privacy notice was last updated on 29th July 2022 (Version v1.11)

Boohoo.com UK Limited,

Registered Company Number: 05723154,

UK VAT Number: 185 4874 61.