Linnworks/SkuVault Product Privacy Notice
We have consciously kept it short and sweet as we want this notice or policy (whatever you want to call it) to be accessible. We know that not many of you will take the time to read it, but for those that do, this notice or policy contains the information you have a legal right to know. European, UK, and US privacy laws are complicated and there is a lot to fit in, so we tried to make this as relevant as possible. This does not mean we don’t take the security and privacy of your information seriously, we really do, and we would be happy to tell you all the controls we have in place, just not here.
You can find out more information on privacy and security controls that we have in place to protect your customer’s data (where we are acting as your data processor, not as data controller) on your product dashboard.
1. Who we are
Our trading names are Linnworks and SkuVault – that is what our eCommerce platforms, products and website are known as and the name our customers know us by. Our SkuVault platform is operated by SkuVault, Inc, registered at 2509 Plantside Dr, Louisville, Kentucky, 40299, United States. SkuVault is a wholly owned subsidiary of Linn Systems Limited. Our Linnworks platforms are owned and operated by Linn Systems Limited. Linn Systems Limited is based in the UK, our registered office is at Suite 3, 2-4 Southgate, Chichester, West Sussex, PO19 8DJ, United Kingdom and our company registration number in the UK is 06784391.
We are bound by applicable data protection laws in the EU, UK, and USA in respect of the handling and collection of your personal data.
We are registered as a data controller with the UK Information Commissioner’s Office (ICO) under the registration number ZA015143.
2. Categories of data we collect & lawful basis
We collect the following information from you when you are a Linnworks or SkuVault customer only:
- Identity data and contact data includes, you and your employees first name, last name and titles, email address, details about your business, job role, telephone number, invoicing information and banking details, Lawful Basis: Contract
- Transaction data includes details about payments to and from you and details of products and services you have purchased from us, Lawful Basis: Contract
- Profile data includes your username and password Lawful Basis: Contract
- Technical data includes customer IP address and where customers log in from using the product Lawful Basis: Legitimate Interest
- You and your employees’ business contact details for marketing purposes, Lawful Basis: Legitimate Interest
Our Legitimate Interest means the interest of our business in conducting and managing our business, by ensuring our products are running effectively and securely, monitoring technical performance, and continuously improving our product and your experience in using our e-commerce platforms, growing our business by informing you of other Linnworks or SkuVault products and services and product updates we think might benefit your business.
3. Purpose for collection
We collect this information so we can:
- Provide you and your business with the Linnworks and SkuVault product and services.
- Ensue our platform and services are operating securely and efficiently and identify service improvements, check and monitor user activity, and identify performance issues.
- Provide you with marketing materials about other Linnworks or SkuVault products or services that we think might benefit your business. You can unsubscribe at any time from any of our marketing communications using the links within the email or newsletter or email email@example.com.
4. Who we share data with
In some circumstances we may need to share your personal data with third party service providers who may have access to your personal information to perform certain functions or may host your personal information as part of a “cloud based” solution used by Linn Systems and SkuVault such as:
- Our customer relationship management platform provider;
- Our website support and hosting services providers;
- Our user experience video provider;
- Our Chatbot provider;
- Our Telephony provider;
- IT providers such as our cloud hosting provider, support ticketing provider, email providers;
- Professional advisers including lawyers, bankers, auditors, and insurers based in the USA, UK and Estonia;
- Marketing and PR providers.
Data may be shared within our group of companies including SkuVault, Inc, Linn Systems Limited and Linn Systems OU in Estonia. All three companies specialize in eCommerce software and products. Your data may be shared for the purposes of providing technical support, quality testing, support with customer development projects, identification of cross sell and upsell opportunities and answering your queries in relation to Linnworks and SkuVault products or other services.
We may also share your data with any organizations in the event of the sale, merger, reorganization, dissolution, or disposal of our business. We will inform you of any such transfer or disclosure as required by law.
5. Data transfers outside the UK and EU
Whenever we transfer UK or EU residents’ personal data out of the UK or EU, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission, including using the EU/ US Data Privacy Framework.
- We may rely on the European Commission approved standard contract clauses or Binding Corporate Rules (and their UK equivalent) together with a transfer impact assessment to identify any additional safeguards required to give personal data the same protection it has in the UK and EU.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data outside of the UK and EU.
6. How long we keep your data for
We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
Our Customer data (not your customer data) will be held for as long as we need to comply with audit, accountancy and tax rules, in most cases this is 6 years following the end of your contract with us.
If you tell us that you no longer wish to receive such communications, your personal data will be removed from our marketing lists (but will be added to a “do not contact” list).
In some circumstances, we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
7. Your rights over your data
UK and EU residents’ rights
- The right to be informed about the collection and use of your personal data. This is the intention of this privacy notice.
- Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request rectification of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing.
- Object to processing of your personal information where we are relying on a legitimate interest and there is something about your situation which makes you want to object to processing on this ground.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you.
If you would like to exercise any of these rights, please contact our Data Protection Officer at firstname.lastname@example.org.
US residents’ rights
Your rights over your data will depend on which state you live in.
If you live in California, Colorado, Connecticut, Iowa, Utah, Virginia, you have the following rights over your consumer data: (Please note the definition of consumer data varies from state to state. As our services are targeted at business customers, only California business owners and residents are likely to be considered consumer data: other states will be considered on a case by case basis):
- Right to Know/ Access. You have the right to request information on, the personal information we collected about you in the last 12 months, including the categories of personal information, the categories of sources from which your personal information was collected from, the business or commercial purpose for collecting, selling, or sharing your personal information, the categories of third parties to whom we disclosed your personal information to, and the specific pieces of personal information we have collected about you;
- Right to Delete. (Excluding Utah) You have the right to request that we delete Personal Data that we have collected from you, subject to certain exceptions.
- Right to Correct. (Excluding Iowa and Utah) You have a right to request that we correct inaccurate Personal Data that we maintain on you.
- Right to Opt-Out. (Excluding Iowa) You have the right to opt out of the sale of your Personal Data. However please note that we do not sell your Personal Data.
- Right to Opt-Out of Targeted Advertising and Profiling You have a right to opt out of targeted advertising and profiling (excluding Utah and Iowa). You can do this through the cookie banner on our website or by emailing us.
- Right to No Discrimination (California only). You have the right not to receive discriminatory treatment by us just because you exercised any of your privacy rights such as charging a different price or providing a different level of service. This right extends to employees, applicants, and independent contractors.
If you would like to exercise any of these rights please contact our Data Protection Officer at email@example.com or you can write to us at Data Protection Officer, 2509 Plantside Dr, Louisville, KY 40299, United State or call 502.795.5491, 800.641.4507.
Where your state laws allow for a right of appeal if you are not satisfied with the initial response to your rights requests, you should contact firstname.lastname@example.org and our Group Data Protection Officer will review how your request was dealt with.
Texas, Florida, Oregon, Montana, Tennessee, and Indiana all have privacy laws coming into force in the coming years which will provide individuals with some of the rights listed above.
8. Cookies and Third-Party websites
A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer. We only use (and store) non-essential cookies on your computer’s browser or hard drive if you provide your consent. These cookies deliver relevant content to you and measure or understand the effectiveness of our product usage, data analytics cookies are used to improve the efficacy of our product, services, customer relationships and product experience.
Our product may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements.
9. Queries and complaints
You can contact our Data Protection Officer at email@example.com at any time if you have any concerns or questions regarding the way your personal data is treated or handled.
If you are a UK Resident you also have the right to make a complaint at any time to the Information Commissioner Office https://ico.org.uk/make-a-complaint/ or if you are an EU resident, the Estonian Data Protection Inspectorate Home | Data Protection Inspectorate (aki.ee) the supervisory bodies for data protection issues for the UK and Estonia. However, we would appreciate the chance to deal with your concerns before, so please get in touch with us first.
10. Linnworks and SkuVault as a ‘Data Processor’
We provide E-Commerce platforms which provide automated inventory and order management software, shipping and warehouse management and stock forecasting, to you, our business customers, to make sure your business can deliver a seamless service to your customers.
To do this we act as what is known as a ‘data processor’, or if you are in California, a ‘service provider’ or ‘contractor’, for your customers personal data. The data that we process for you will vary depending on the integrations, products and services, and any customization you have. However, typically, as a data processor or service provider we process the following personal data for our customers’ customers:
Your customer’s name, email address, phone number, address, username and/or user ID, transaction history, order notes.
European, UK and most State privacy laws require that you have a contract in place with data processors or service providers: these contracts are usually called a Data Processing Agreement. If you would like a copy of the Data Processing Agreement covering the Linnworks or SkuVault platforms or products or you have any questions or require assurances around our responsibilities and accountabilities as a data processor please, contact firstname.lastname@example.org and we would be happy to provide you with a copy or respond to your enquiries.
|Summary of Changes
|10th May 2018
|Major revisions including updates to company structure and information sharing following acquisition of SkuVault. Update with US rights and content and third country transfers.
|5 October 2023