At oncenout.com Limited (“OnceNOut”), we are committed to protecting the privacy and security of our customers and site visitors, including you. The OnceNOut team members are customers themselves, both of OnceNOut and other Internet sites. We therefore fully appreciate and respect the importance of data privacy and security on the Internet.
We believe you should feel both informed and empowered when it comes to our handling and usage of your information. This notice therefore explains:
- what information we collect when you’re using any OnceNOut website or app, or when you’re communicating with us;
- why we collect that information;
- how we may then use that information;
- how we share that information;
- how long we keep your information, and how we protect it whilst we have it;
- what we won’t do with your information; and
- what choice and options you have to control your information.
So you only need to look in one place to find out all you need to know, this notice covers all OnceNOut websites, apps and services.
Because we’re an online fashion destination, the wording does have to get a little technical at times. But we’ve done our best to try to explain things as clearly as we can. We’re unlikely to have done this perfectly though, so we’re always happy to take any questions, comments or suggestions relating to this notice. Just contact our Customer Care team if you’d like to discuss this with us.
Everything we do relating to your information is covered by the following overarching data principles:
- Your information belongs to you, not us – you should be able to control it, and you should know about, and be comfortable with, everything that we do with your information;
- We will only collect, keep, use and share your information either (a) for genuine business purposes that we’ve explained clearly to you and that you haven’t objected to, or (b) where we’re legally required to do so – and as soon as those purposes have been fully achieved, we will delete your information;
- We will be as clear and open as we can with you on what information we collect, why we collect it and how we use it, so you are informed and able to make decisions to control your information in the ways you’re comfortable with;
- As long as we have your information, we will keep it up to date and protect it as if it was our own sensitive information, using appropriate security safeguards, having kept on top of and appropriately taken into account the latest industry standards and best practice.
In any interaction you may have with OnceNOut, we collect information in two possible ways:
- When you directly give it to us (“Directly Provided Data”)
When you sign up for our site, or any time you visit OnceNOut, or purchase our products, or communicate with us, you may choose to voluntarily give us certain information – for example, by filling in text boxes, or clicking on active buttons on our side, like ‘Click to Own’. All this information requires a direct action by you at that time in order for us to receive it.
- When you give us permission to obtain from other accounts (“User Authorised Data”)
Depending on your settings or the privacy policies for other online services, you may give us permission to obtain information from your account with those other services. For example, social media is an important part of how OnceNOut interacts with our customers. In using social media (e.g. by signing onto OnceNOut using your Facebook or Twitter log-in), you may give us permission to access your information in that social media channel or in other services. So, if you did choose to link your Facebook or Twitter account to OnceNOut, this would enable us to obtain information and content from those accounts. Or if you’re using OnceNOut on your mobile, you can also choose to provide us with location data. The information we obtain from those services does depend on your settings for that service or their privacy policies. So you should always regularly check what those are.
We need to answer this question first at the headline level, before looking at specifics.
At the headline level, we collect two types of information:
- “personally identifiable” information (meaning it can be used to specifically identify you); or
- “non-personally identifiable” information (meaning it relates to you but can’t be used to specifically identify you i.e. anonymous data like your unique OnceNOut customer number).
When explaining the specific information we collect about you, we will endeavour to confirm which is “personally identifiable” and which is “non-personally identifiable” on the other.
The easiest way to explain the specific information we collect about you is to look at every different point of interaction you may have with OnceNOut, as we collect different information at different points in your user or customer journey with OnceNOut. These interaction points include the following:
- Browsing our site;
- Registering on OnceNOut;
- Logging into OnceNOut once registered;
- Making a purchase from OnceNOut (i.e. clicking to own, checking out and completing a purchase);
- Contacting OnceNOut Customer Care, either about an order or for any other reason;
- Using OnceNOut social media channels;
- Clicking on OnceNOut banners, hyperlinks or plugins.
Set out below is an explanation of what information we collect at each of these interaction points, along with confirmation of (a) whether you directly give it to us, or we collect it with your permission, or whether it is collected by our technical systems; and (b) whether it is “personally identifiable” information or “non-personally identifiable” information:
- the IP address of the computer or the proxy server that you use to access OnceNOut – this is personally identifiable information;
- The type of device used to access our Services, your computer operating system details and settings, your type of web browser and your settings for that browser, the name of your ISP, (if you are accessing OnceNOut using a mobile device) your mobile device, your mobile operating system, your mobile device identifier provided by your mobile device operating system, and location data (if you have that functionality set up) and other general device or systems information – this is non-personally identifiable information;
- statistical information and log data about number of visits to certain pages on the site (e.g. the home page); the pages you viewed and activities you carried out during your visit; the date and time of your visit; the duration of an individual page view, the paths taken by visitors through the site – this is also non-personally identifiable information.
- If you are logged in on OnceNOut when browsing, a cookie on your device will also identify you, and record and associate all of this non-personally identifiable usage information and log data with your account.
- Registering on OnceNOut: In order to place an order with OnceNOut, you need to create an account with us and become a registered user. It is not possible to place an order without being logged in on OnceNOut. To create an account and register with us, you need to provide us with at least the following Directly Provided Data, all of which will be personally identifiable information:
- your name;
- your email address;
- a password;
- your mobile phone number.
- After you create an account and register with us, you can then choose to provide further information about yourself during the registration process (for example, your gender and location).
- When you create an account and register with us, OnceNOut will keep that Directly Provided Data for as long as you are registered with us, so that we can then use it to identify you by your OnceNOut profile, to operate all the systems (such as delivery systems) to enable you to place an order to purchase products from OnceNOut, and to offer you a personalized, relevant experience on OnceNOut.
- Logging into OnceNOut: Once registered, if you wish to log in, you will need to input your email address and password again, which is Directly Provided Data and personally identifiable information. This will be matched to the up-to-date Directly Provided Data of the same type associated with your account to confirm your identity, and to enable you to place an order to purchase products from OnceNOut.
- Purchasing from OnceNOut: To purchase products from OnceNOut, you will need to do the following:
- click the relevant button on the site to add the product(s) to your bag – at which point our systems will collect this Directly Provided Data relating to the identity, size and other product attributes of the item(s) you’ve added, so the item(s) can then be displayed in your ‘Bag’ until the end of that visit. This is non-personally identifiable information;
- be logged in (see above for an explanation of the information required to do that);
- select certain options relating to the delivery of the products you wish to order – our systems will collect this Directly Provided Data relating to your delivery selections in order to be able to fulfil and deliver your products to you by your required delivery method, should you complete your order. This is non-personally identifiable information;
- input certain details relating to your debit card, or log-in details for certain other payment systems, such as Verve. This Directly Provided Data will be collected by our systems, so we can take the required payment for the products you wish to purchase, should you complete your order. These details are personally identifiable information.
- To complete your order, you finally need to click the relevant button to ‘Place Order’. When we have this Directly Provided Data, we will record the full details of the completed order in our systems for as long as you are registered with us, so we can (a) fulfil and deliver your order, (b) add it to your order history and have a record of your purchases in order to deal with any queries you may have or process any returns you may wish to make, and (c) include it within the financial records of our business transactions. This is all personally identifiable information provided by you.
- Contacting OnceNOut Customer Care: if you contact our customer care department for any reason (for example when you submit a question using the Ask a Question or Help Form or if you communicate with us on Live Chat), irrespective of which of the available communication channels you use to contact us, we will record the contact and collect all applicable information relating to the contact. Details of the contact with you will be both Directly Provided Data and personally identifiable information, which we will then:
- keep and use to help us categorise your specific question or contact, respond to it, and, if applicable, investigate, deal with and resolve any issue or incident, and
- keep for so long as you are registered with us so we have a history of all of our communications with you, any issues you may have had with us, and what we did to resolve those issues or incidents, which we can then use to ensure that we deal with any further contacts appropriately.
- Using or interacting with OnceNOut social media channels: When you use or interact with any of our social media channels (like Facebook, Instagram and Twitter), we may collect, record and retain certain System Collected Data and User Authorised Data regarding your activities on those social media channels, such as the frequency of your visits. For example, if you choose to use the Facebook “like” button to indicate you like any of our pages or apps, or if you tag any of your social media contacts or link to them in any content you post, we will record this information. This is most like to be non-personally identifiable information but may also include personally identifiable information depending upon your settings with those channels. Any content you put or add on any of our social media channels will be Directly Provided Data, which may be personally identifiable information depending upon the content. We will collect, record and use that content and any other information you provide when putting or adding it to any of our social media channels (including any information that you have permitted those social media channels to share with us or that is allowed by your user settings on those sites).
- Finally, any additional information about you that you need to provide when you use a particular social media channel or app will be explained in the terms and conditions for that app.
- Clicking on OnceNOut emails, banners, hyperlinks or plugins: if you view or click on emails that we have sent you, or on banners, hyperlinks or plugins we have placed on our website or other websites, both the fact that you have done so , as well as the address of the site you were on when you did so, will be Directly Provided Data that we will record. This is all non-personally identifiable information. We will use this information to track and analyse how successful those emails, banners, hyperlinks or plugins are in engaging with you.We are constantly innovating to improve OnceNOut and the Services, which means we may create new ways to collect information from you. If we do, we’ll tell you about any new information we are collecting through updates to this notice.
We collect all of this information from you for a number of different purposes, which we want you to understand – all of these purposes apply wherever OnceNOut does business. A number of specific uses for specific data is already detailed above. But we often need to use lots of different types of information or data collectively in order for OnceNOut to work and in order to be able to provide the Services to you. These more fundamental purposes include the collective use of your information:
- To ensure that our site’s content is presented as effectively as possible for you, and to enable you to participate in interactive features of our site, when you choose to do so - for example by providing you with more customised services and a more customised experience on OnceNOut through things like language-specific profile pages, updates, and content, news, style advice and/or recommendations relevant to you to customise your experience on OnceNOut
- To set up, and manage your account, so you can place orders, so we can provide our products and services to you, so we can make sure that the items you order get to you (and get there on time!), so we can communicate with you about your orders and your account, so we can track potential problems and trends, and customise our support responses to better serve you – basically, this relates to the nuts and bolts of our online retail business. It’s everything involved in putting the products on the website, so you can browse them and then order them, and so we can then deliver them to you and answer any questions or queries you may have. These are all the things that make OnceNOut tick – and that get you looking good in your choice of our products!
- To ensure that our users are genuine and to ensure that we are paid for goods that we despatch – for example, by using personal information, or disclosing that personal information to a credit reference or fraud prevention agency, in order to confirm your identity and conduct appropriate anti-fraud checks. Any such credit reference or fraud prevention agency may keep a record of that information but please note that a formal credit check is not performed and your credit rating will not be affected.
- To update you on our latest products, news and special offers - If you have registered with us or provided us with your email address and elected to receive marketing communications from us, we will occasionally update you on our latest products, news and special offers via e-mail, post, telephone and other means available through the Services, including mobile text messages and push notifications. You will also be given the opportunity to receive such communications from us and selected third parties. This includes if you choose to use the Facebook “like” button to indicate you like any of our pages or apps. Examples of these communications include: (1) welcome and engagement communications - informing you about how to best use OnceNOut, new features etc.; (2) service communications on things like service availability, security, and other issues about the functioning of OnceNOut; (3) promotional communications, including details of our latest sale or promotion. These messages will be sent to you based on your profile information and messaging preferences as selected by you in relation to your account. Please keep your settings up to date or contact our Customer Care team if you wish to change any of these preferences, including unsubscribing from our mailing list.
- To create a link to our app in your social media channels – some of our apps may give you the option to post updates to your Facebook wall or other social media channel, and to the wall of your social media friends, or to send invitations to your friends. This may create a link to our app, dependent on your privacy settings in that social media channel. When you send an invitation, please be aware that it may contain your social media username and profile picture so your friend knows who sent them the invitation.
- To carry out polls, surveys, analysis and research on how our site is being used, customer views, what we could do better etc, - these polls, surveys, analysis and research may be conducted by OnceNOut, or third parties. OnceNOut or those third parties may follow up with you via email regarding your participation unless you have opted out of receiving email messages. We may use third parties to deliver incentives to you to participate in polls, surveys, analysis or research, and verifying your contact information, which may require your contact information and other personally identifiable information to be provided to the third party fulfilling the incentive offer.
- To make OnceNOut’s products and services better and to develop new ones - OnceNOut uses and stores site statistical information and log data, to help it identify potential areas to improve the services we offer.
We are aware that it is OnceNOut that you are trusting with your information, not some other company. But, to be able to carry out our business, we do need to work with a number of third parties who are experts in their particular fields – after all, we’re good at what we do, but we’re not good at everything! We are very careful who we share your information with, but it is important that you understand when that sharing takes place and why, and that’s what this section explains. The limited instances where we may share your information include:
- We share your information externally with our core service providers when required for our business to function: Also like any big global business, OnceNOut relies on a number of external companies to provide it with key services, products and applications in order to be able to provide the Services. These include for example companies who help us pick and pack orders, make deliveries, support our customers, carry out fraud protection and support our IT systems, help keep us secure, enable our marketing, audit whether we’re doing what we’re supposed to be doing, or make sure we’re keeping the books right. We just can’t do everything ourselves, after all, and working with experts in various fields enables us to improve our Services for you in the quickest, most efficient way. Each of the external companies we work with has been selected by us for their ability to provide what we need to our required specification, including their ability to handle sensitive data (like your personal information) securely and appropriately. Each of these external companies has a contract with us, which clearly sets out our expectations and requirements in handling any of your information, and holds them fully responsible for meeting those expectations and requirements. On that basis and only on that basis, we may therefore disclose your personal information (including your personally identifiable information) to such third parties who need to be given specific tailored access to your information to facilitate our Services by performing key tasks on our behalf, and who are obligated to only use it in line with our instructions, and not to disclose or use it for other purposes. We are confident that we can trust those third party service providers with your information.
- We share your information when we’re required to comply with a legal request: If we do come under a legal or regulatory duty to disclose or share your personal data in order to comply with any legal obligation, we will have to share your information (including your personally identifiable information) if we believe that disclosure is reasonably necessary to comply. Having said that, we may dispute such demands when we believe, in our discretion, that the requests are overbroad, vague or lack proper authority. We will also attempt to notify you about legal demands for your personally identifiable information when appropriate in our judgment, unless prohibited by law or court order or when the request is an emergency.
- We share your information where we believe it’s reasonably necessary to protect OnceNOut or our customers: Sadly, OnceNOut (like many other companies) can be the subject of attempted fraudulent or criminal activities, which does sometimes require us to take certain steps to protect both our business and our customers. We may therefore disclose your information (including your personally identifiable information) if we have a good faith belief that disclosure is reasonably necessary to (1) detect, investigate, prevent, take action regarding or otherwise address suspected or actual illegal activities, fraud, security or technical issues or to assist government enforcement agencies; (2) enforce or apply our terms and conditions of usage; (3) investigate and defend ourselves against any third-party claims or allegations; (4) protect the security or integrity of our Service; or (5) to exercise or protect the rights, property, or safety of OnceNOut, our customers, or others.
- We share your information externally with other partners when we have your consent to do so: OnceNOut works with a number of other partners who, whilst not essential for our business to operate, do enhance your experience with OnceNOut and your usage of the Services, in our opinion. This includes our marketing partners and social media partners (like Facebook or Twitter, if you’ve chosen to link your OnceNOut account to those services or publish your activity on OnceNOut to them) as well as third parties to deliver incentives to you to participate in competitions, offers, polls, surveys, analysis or research. We only believe in partnering with companies that we believe are right for OnceNOut and its customers, and that enhance our Services. On that basis and only on that basis, we may therefore disclose your personal information (including your personally identifiable information) to such third parties who are obligated to OnceNOut only use it in line with our instructions, and not to disclose or use it for other purposes. We are confident that we can trust those third party service providers with your information. But, as we know that people can feel strongly about their information being shared with companies when it is not essential to do, we will only do so where you have given us your consent to do that. And if you change your mind at any time, we’ll stop that sharing as soon as we can. More details on how to do that are set out below.
- We may share your information externally if we are considering a corporate transaction: We are always looking at ways to make our corporate group stronger and more effective. As a result, we may sometime consider certain corporate transactions, such as a merger, acquisition, bankruptcy, dissolution, reorganization, or similar transaction or proceeding. If we were to consider such a transaction, that may involve the transfer of your information (including your personally identifiable information) solely for the purposes of enabling that transaction or proceeding to be assessed. In the event that OnceNOut sells or buys any business or assets, or if OnceNOut or substantially all of its assets are acquired by a third party, your personal data which we hold about our customers may be one of the transferred assets.
- We may share aggregated non-personally identifiable information externally: We do also share certain information which, whilst not personally identifiable information relating to you, does include information that relates to your usage of our products, sites and Services, aggregated together with the same information from other users for example. Even though this would not include your personally identifiable information, we nonetheless want you to be able to understand that level of sharing as well. This sharing therefore happens for reasons such as these:
- We may provide reports containing aggregated information about your activities on various pages on our websites, or what are called ‘impressions’, to companies hosting OnceNOut plugins and similar technologies to help them measure OnceNOut-generated traffic to their websites.
- We may share aggregated or non-personally identifiable information with our brands and other product providers. For example, we may tell brands stocked on OnceNOut how many people viewed or purchased one of their product lines.
- We may disclose aggregate, anonymised statistics about the number of visitors to this site or the number of purchases made as required by our investors.
WE WILL NOT Sell your information without your consent: We will not sell your personally identifiable information – including your name, address, e-mail address, or credit card information - to any third party. We believe this is absolutely essential to receive and repay your trust in us.
WE WILL NOT Share your information with third-party advertiser or ad networks: We do not currently display third party adverts on our website and, even if we did, we would not support sharing your personally identifiable information with any third-party advertiser or ad network.
In the explanations above, we have tried to be as specific as we can about how long we keep your information for. But in general we retain the information you provide either while your account is in existence, or as needed to be able to provide the Services to you, or (in the case of any contact you may have with our Customer Care team) for as long as is necessary to provide support-related reporting and trend analysis only.
If legally required or if it is reasonably necessary to meet regulatory requirements, resolve disputes, prevent fraud and abuse, or enforce our Terms and Conditions, we may also retain some of your information for a limited period of time as required, even after you have closed your account or it is no longer needed to provide the Services to you.
We want you to have simple and meaningful choices over your information. While we work hard behind the scenes to protect you and your data at all times, we’re also committed to providing you with tools to further manage the privacy and security of your information yourself.
With respect to the information relating to you that ends up in our possession, and recognising that it is your choice to provide us with your personally identifiable information, we commit to giving you the ability to do all of the following:
- You can verify the details you have submitted to OnceNOut by contacting our Customer Care team, or via the e-mail address or address given below. Our security procedures mean that we may request proof of identity before we reveal information, including your e-mail address and possibly your address.
- You can also contact us by the same method to change, correct, or delete your personal information controlled by OnceNOut regarding your profile at any time. Please note though that, if you have shared any information with others through the OnceNOut Social Media channels for example, that information may remain visible, even after you have deleted the information from your own account.
- You can withdraw or modify your consent to OnceNOuts’ collection and processing of the information you provide at any time. You can do this by changing your account settings. You can access 'Your Account' by logging in.
- You can link or unlink your OnceNOut account from an account on another service (e.g., Facebook or Twitter), also by changing your account settings.
- You can close your account, also through our account settings. If you close your account(s), we’ll deactivate it and will generally delete closed account information within 30 days of account closure, except as set out in this notice. However, we may retain archived copies of your information as required by law or for legitimate business purposes (including to help address fraud and spam). Please note though that, if you have shared any information with others through the OnceNOut Social Media channels for example, that information may remain visible, even after you have closed your account.
- You can opt-out of receiving marketing communications from us at any time.This can be done through your account settings, by clicking on the "unsubscribe" link in any email communications which we might send you, or by contacting our Customer Care team. Once you do this, we will update your profile to ensure that you don’t receive further emails. Please note that this might take a few days for all our systems to have updated with that fact, and that you might receive a small number of emails from us while we process your request.
- At any time, you can request a copy of the personal data we hold on our systems about you. If you wish to do so, please contact our Customer Care team who will be able to assist you with your query. We won’t charge you anything for this, but we might need to ask some further questions to confirm your identity before we provide any information.
We are always striving to make sure your information is protected. As soon as we receive your information, we use various security features and procedures, taking into account industry standards, to try to protect the personal information that you provide and to prevent unauthorised access to that information. For example:
- We also offer secure “https” access to the transactional parts of oncenout.com website (that is to the bits where you are required to provide Directly Provided Data). [This includes to existing SSL access over mobile devices]. [We’re working on making secure “https” access a default across OnceNOut.]
- Access to your data on OnceNOut is password-protected, and sensitive data (such as card information) is protected by SSL encryption when it is exchanged between your web browser and the OnceNOut Services. To further secure your credit card, we also don’t keep details of the security code (or CCV number) that you need to input in order to complete an order using your credit card.
- To protect any data you store on our servers, we regularly monitor our system for possible vulnerabilities and attacks, as well as carrying out penetration testing of our own on those systems to try to identify possible improvements. We also use a tier-one secured-access data centre.
We will do our best to protect your personal data. Unfortunately, security cannot be guaranteed though. There are therefore a number of general things we would also recommend that you do. Please help keep your account safe by using a strong password that includes characters other than just letters. We will also encourage you not to use the same password across all or many of your online accounts. As emails, instant messaging, and similar means of communication are not encrypted, we also would recommend not communicating any confidential information through these means.
Both the information you provide to us, and the information we collect, is controlled by OnceNOut Limited, including for the purpose of the Data Protection Act 1998 (the Act) and any other applicable laws.
We are always keen to hear from our customers (especially if you feel we’ve let you down or fallen short of your expectations). We are always grateful for any time you spend providing us with the knowledge we need to ensure our customers are completely satisfied – after all, we want you to return to the site and to recommend us to your friends and family. If you have any questions or feedback about this statement, or if you would like us to stop processing your information, please do not hesitate to contact a customer service member of the OnceNOut team, who will be delighted to answer any questions you may have. You can either contact customer care via the OnceNOut website, or, write to us at:
19B Adeyemi Lawson,
This page was last updated on 1 October 2016.