Privacy Policy

Introduction

We are devoted to our customers – it is one of our core values – and this extends to how we manage your personal data. Whether you are browsing our website, visiting one of our stores, or dining in one of our restaurants, we want to assure you that we are committed to respecting your privacy and keeping your personal data safe.

This Privacy Policy applies to the processing of your personal data when you:

- use our website at www.harveynichols.com or the Rewards by Harvey Nichols app or the Harvey Nichols (the “Sites”)
- visit one of our stores or restaurants (“Stores”)
- use one of our services (e.g. personal shopping) (“Services”)

1. Purpose of this policy

This Privacy Policy describes the personal data we collect, use, and otherwise process about you in connection with your relationship with Harvey Nichols as a customer or potential customer. It also explains what your legal rights are in relation to your personal data and how you can exercise them. For example, how you can request a copy of the personal data we hold about you.

Please take the time to read this Privacy Policy; it is an important document and is intended to assist you in making informed decisions when using the Sites, Stores, and our Services. Please read it in conjunction with our Website Terms of Use.

2. About Us

The Sites, Stores, and our Services are made available by various companies in the Harvey Nichols group of companies listed below, including our third-party licensee, Harvey Nichols (Hong Kong) Limited (each a “Group Company”).

Where this Privacy Policy refers to "Harvey Nichols", “we”, "us” or “our”, this means one or more of the Group Companies that provide the Site, Store, or Service to you.

Unless stated otherwise, each Group Company is an independent controller of your personal data.

Group Companies:

United Kingdom

· Harvey Nichols.Com Limited (company no: 03869510) is responsible for:

o   making the Sites available to you;
o   fulfilling orders made via the Sites on behalf of other Group Companies, including our Group Companies located outside the United Kingdom [including on behalf of Harvey Nichols (Hong Kong) Limited];
o   performing marketing activities on behalf of other Group Companies;
o   providing you with the information set out in this Privacy Policy; and
o   giving effect to your individual rights on behalf of other Group Companies.


· Harvey Nichols and Company Limited (company no: 01774537), operates the Harvey Nichols store in Knightsbridge.

Other Group Company controllers of your personal information located in the United Kingdom are:

· Harvey Nichols Restaurants Limited (company no: 03114510) which operates the stand-alone restaurant in London;

· Harvey Nichols Beauty Bazaar Limited (company no: 07855506), which operates the Beauty Bazaar store in Liverpool;

·  Harvey Nichols (Own Brand) Stores Ltd (company no: 04079425), which operates the Harvey Nichols stores in Birmingham and Bristol; and

· Harvey Nichols Regional Stores Limited (company no: 04351230), which operates the Harvey Nichols stores in Edinburgh, Manchester, and Leeds.

· Harvey Nichols Pension Scheme, which administers the Defined Benefit Scheme of the Harvey Nichols Group.

Each of these UK Group Companies is established under the laws of England and has its registered office at Harriet Walk, Knightsbridge, London, SW1X 7RJ.

Republic of Ireland
· Harvey Nichols (Dublin) Limited (company no: 388458) operates our Store in Dublin, which is established under the laws of the Republic of Ireland with its registered office at Dundrum Town Centre, Sandyford Road, Dublin 16, D16 W0C0, Ireland.

Hong Kong
Our third-party licensee, Harvey Nichols (Hong Kong) Limited, is a joint controller of your personal data with Harvey Nichols.Com Limited.

Harvey Nichols (Hong Kong) Limited (company no: 0224937) operates our Site in Hong Kong.  It is a company established under the laws of Hong Kong with its registered office at 4/F, East Ocean Centre, 98 Granville Road, Tsim Sha Tsui East, Kowloon, Hong Kong.

EU Representative
As the UK is no longer part of the European Union (EU), we have appointed an EU representative for our customers who are based in the EU.

Our EU representative is Dave Harkin, and his contact details are as follows:

Harvey Nichols
Dundrum Town Centre
Sandyford Road
Dublin 16
D16 W0C0
Ireland
Tel: +353 (0)1 513 5533

For any data protection queries regarding any of our Group Companies, please to contact us at DPO@harveynichols.com in the first instance.

3. How to contact us

We have a Data Protection Office responsible for overseeing questions in relation to data protection. If you have any questions about this Privacy Policy, or want to exercise any of your legal rights, you can contact us by:

- sending an email to DPO@harveynichols.com
- calling us on +44 (020) 7201 8088
- writing to us at: Head Office, Harvey Nichols and Company Limited, Harriet Walk, Knightsbridge, London, SW1X 7RJ

4. Legal basis for using your personal data

Data protection laws require us to have a lawful basis for processing your personal data. The following lawful bases are the ones which we commonly rely on:

Consent – We may use your consent to process your personal data in certain situations, for example, when you tick a box to receive marketing emails. If you have given your consent to our use of your personal data, you are entitled to withdraw this consent at any time.

Contractual obligations – In certain circumstances, we require your personal data to fulfil our contractual obligations. For example, when you make an online order for home delivery, we’ll collect your delivery details and pass them on to the relevant courier company to fulfil our responsibility to deliver your order.

Legal compliance – If there is a legal requirement to collect and process your personal data. For example, we may need to share your details with authorities investigating fraud or other criminal activities.

Legitimate interest – In some instances, we will process your personal information to pursue our legitimate interests in a way that would be reasonably expected for our business operations. We make sure we consider and balance any potential impact on you and your rights before we process your personal data for our legitimate interests. You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.

5. What personal data do we collect about you?

Whether you are shopping in store or on our website or app, we love to add a personalised experience for all our customers. As part of this, we want to get the best idea of who our customers are by bringing together data we have about you. We use the information we have compiled to offer you promotions, products and services that are most likely to be of interest and of course rewards for our loyalty scheme members.

5.1 Information that we collected directly from you:
The personal data we collect about you is likely to include:

Title
Full name
Email address
Delivery address(es)
Billing address
Date of birth
Telephone number(s)
Purchase history
Preferred Stores

Other personal details which help us recommend items of interest (e.g., clothing or shoe size recommendations based on previous items bought)

Wishlist
Communications with Harvey Nichols e.g., with our Customer Services Centre
Payment details
Attendance at events, this may include sensitive data such as access or dietary requirements.
Survey completion
Appointment or reservation booking details
CCTV images and recordings
Information provided via cookies and similar technologies (in accordance with our Cookie Policy)
Your feedback and product reviews for items.

5.2 Information that we receive from other sources:
Harvey Nichols works with several independent organisations who may share personal data relating to you. This includes third parties such as advertising networks and analytics partners, corporate sales and events providers and social media companies. We may also use publicly available information about you. This information will only be shared with us where there is a lawful basis to do so. All independent organisations are obliged to inform you of this through their own Privacy Notices which you can refer to for further information. We have listed some of our main third-party providers below for your information.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

6. What do we use your Personal Data for?

6.1 Fulfilment of our Services
We collect and maintain personal data that you submit to us for the purposes of supplying Services (including goods that you have ordered) that you have requested from us via our Sites or in our Stores. Harvey Nichols is the Data Controller for this data and may collect and process your personal data whether you are interacting with us, on your own behalf or on behalf of any organisation that you represent. This information will also be used to maintain our user databases and to keep a record of how our Services are being used.

If you attend one of our Stores, we will process personal data about you which you volunteer in connection with the purpose of your visit and any enquiries you may have. Some Services we offer are also subject to separate terms and conditions which will apply to your use of such Services.

6.2 When you use one of our Sites (including our App)
Harvey Nichols is the Data Controller for any personal data submitted to us during your use of our Sites in the following ways:

6.3 When you register for, and access your Harvey Nichols’ account
When you make a purchase on one of our Sites, you will be offered the opportunity to use our Guest Checkout path or create an online account. When you register for a Harvey Nichols online account, or you apply to join our REWARDS programme, we will ask you to provide us with some personal details so we can activate your account.

We will use your personal data to process your application for a Harvey Nichols online account, our REWARDS programme, or both. Once you are registered, we will process your email address and password to identify you when you log in to your account and access secure areas of our Sites. We will also process your login information so we can administer your account and contact you about your account.

Your access to and use of our Sites, including any secure member’s area, is always subject to our Terms of Use.

We may analyse the personal data provided to us including sharing this with third parties to help us understand our customers better. Additional information about you, which may not be essential to operate the REWARDS programme may be collected to provide a personalised service.

6.4 When you link to social media sites
If you click on one of the social media links on our Sites or otherwise interact with our social media accounts such as Facebook or Instagram (including interacting with any ‘like’ or similar embedded features on our Sites or social media accounts), we and the relevant social media platform may receive information relating to such interaction and may share your personal data in connection with this purpose.

6.5 To ensure that our Harvey Nichols app functions properly and to provide you with in-app features
To ensure that the app can operate and deliver its features to you, the provider of your phone may collect technical data. The data is automatically collected and transmitted to us from your mobile device during your use of the app and may include: (i) device name (e.g. “Apple iPhone 14” or “Samsung Galaxy S23”); (ii) operating system and version; (iii) system language; (iv) general device data, such as voice and regional settings; (v) IP address of the terminal; (vi) date and time of use; and (vii) application ID to identify your installation of the app (“Usage Data”).

To improve our service, our app may send error messages to us in the event of a crash (e.g. after the app has unexpectedly quit because of a program error or has stopped responding to your input). The error messages contain the above Usage Data, as well as information about which part of the app’s software code has caused the error.

When you open our Harvey Nichols app for the first time, you will be asked if the app is allowed to send push notifications. If you allow this feature, we will send you push notifications, for example, to provide you with details of rewards that are available to you. Such push notifications are controlled by the software components of your operating system (so-called “tokens”). You can configure and turn our push notifications off via your device settings at any time.

If you permit location settings via the app, you will be asked if the app is allowed to access your location. If you allow this feature, we will determine your location to provide you with site-specific functions of the app, such as showing you Stores that are close to you. You can configure and turn off location settings via your device settings at any time.

If other features of the app require access to your camera or photos and videos, you will be asked if you want to use this function and provide such access before using it for the first time. If you allow any such function, you can use the corresponding function to perform the desired action on the app, such as barcode scanning. You can enable or disable access to these functions at any time via your device settings.

6.6 To analyse purchasing behaviours when using our Harvey Nichols app
When using our Harvey Nichols app, we will analyse your purchases and purchasing behaviours to help personalise your REWARDS experience (if you are a member of the REWARDS programme) by understanding the types of products you like to buy and what products to suggest to you.

6.7 For security reasons
We have security measures in place at our Stores, including CCTV based on our legitimate interest. There are signs in place showing that CCTV is in operation. Our CCTV systems do not use facial recognition technology or biometrics. The images captured are securely stored and only accessed on a need-to-know basis (e.g. to look into an incident). The CCTV systems are not connected to any other systems containing personal data. CCTV recordings are typically automatically overwritten after a short period of time unless an issue is identified that requires investigation (such as a theft).

6.8 To provide you with connectivity in our Stores
If you require access to wireless internet (Wi-Fi) when visiting our Sites, you may be invited to connect to the free Wi-Fi, provided by an external provider, Purple. You can access the Wi-Fi by signing up with your email address and you may be invited to sign up to email marketing or the Harvey Nichols REWARDS programme at the time of signing into the Harvey Nichols Wi-Fi. Your email address will be shared with us and Purple. Please refer to the Purple End User Licence Agreement for further details here.

6.9 When you enquire about, or make a purchase from our Brand Partners
Our “Brand Partners” include both our in-store concession and online marketplace brands.

In-store concession brands operate as a shop-in-shop set up and therefore when you enquire about or make a purchase from an in-store Brand Partner, they may collect personal data about you directly for their own purposes. Harvey Nichols and the brand partner are often joint controllers or data controllers in their own right. Harvey Nichols is not responsible for such collection and processing of your personal data by the concession, which is the legal responsibility of the Brand Partner. To find out more about how and why a Brand Partner processes your personal data, please refer to their own privacy policy. We sometimes obtain information about you or your purchases from our Brand Partners.

Marketplace Brand Partners operate as an online concession on our Sites. Some of the personal data collected from you relating to an order will be shared with the Brand Partner in order to fulfil your order. Harvey Nichols remains the data controller, while the Brand Partner is the data processor of your personal data.

6.10 In connection with Events, Surveys, Competitions, and other Promotions
From time to time, we may invite you to events, take part in surveys, prize draws or to enter competitions for example, for the launch of a new brand or other promotions. These may take place across our Sites, in our Stores and/or on our social media accounts. We may process your name and contact information (including email address, postal address, and telephone number, as applicable), social media handle (if relevant), payment details (if relevant), and any other information volunteered by you. We will communicate with you about such opportunities where you have specifically requested to receive information about them, or where we have another lawful basis for sending this information to you.

If you attend one of our events, we may use your personal data to record your attendance at the event and for related record-keeping purposes and, if relevant, we may collect and process any dietary requirements or access requirements pertaining to your visit. You may also feature in photographs taken at our events and such photographs may be published.

Our prize draw, competition and promotions may be subject to separate terms and conditions which you may be required to accept as a condition of entry.

We use the information we collect via surveys, events and other promotions to help us improve the quality of service provided by our personnel and help us to plan future events. We also use other feedback that you provide to us to monitor and improve the quality of our Sites, our Stores and our Services and to assist with the selection of future product and service lines and the training of our personnel. We will maintain an online panel containing your contact details which we will use for this purpose. You can also voluntarily provide feedback by contacting our Customer Service team. Please see “Customer services and general enquiries” for more information.

Occasionally, our Brand Partners may manage their own promotions and events from our Stores or Sites. The use and management of any personal data that you provide directly to our Brand Partners will be governed by their separate privacy policies.

6.11 To provide you with customer services and respond to general enquiries
Our Sites feature a “Contact Us” page which invites you to submit general enquiries about our Sites and our Services by email telephone or post.

When you make an enquiry, we will collect and process your name, contact information (including email address, postal address, and/or telephone number) and any other personal data you volunteer that is relevant to your enquiry. We use this information to manage and respond to your enquiries and requests.

We also record (including voice recordings of telephone conversations) and use the information referred to above to train and monitor our personnel so that they can effectively deal with enquiries.

6.12 To provide Harvey Nichols Shopping Services
In order to provide the level of customer service you would expect of Harvey Nichols, we offer a variety of shopping services both at our Stores and remotely such as over the telephone or online through our Sites. For example, customers can place mail-orders over the telephone or take part in our Private Shopping experience.

Orders placed over the telephone will involve personal data such as your name, billing and delivery address as well as payment details being collected. Please see the “Fulfilment of our Services” section above for further details.

Customers who use our Private Shopping service are contacted by one of Consultants, who will offer their services in store or through a virtual appointment. Use of these services may involve you sharing additional personal data for a more bespoke service. As part of this service customers may share their sensitive personal data, including personal circumstances, beliefs and festivals and holidays that might be important to them. Any additional or sensitive personal data provided will be set and agreed by the customer for the specific purpose of their shopping experience and will be treated separate to their general marketing communications for Harvey Nichols and cannot be managed through the customer preference centre via the Harvey Nichols account.

6.13 To gain insights and analysis in order to improve our services
We analyse your contact details with other personal data that we observe about you from your interactions with our Sites, our email and push communications and/or with our Services, such as the products and services you have purchased or viewed, or from your use of our in-Store Wi-Fi.

Where you have given your consent or where we have identified an alternative lawful basis for processing, we use cookies, log files and other technologies to collect personal data from the device and software that you use to access the Sites. This includes the following:

- an IP address to monitor Sites traffic and volume;
- a session ID to track usage statistics on our Sites;
- information regarding your personal or professional interests, demographics, buying habits, experiences with our products and contact preferences.


Our Sites (including our app) contain cookies, web beacons, and pixel tags (“Tags”). Tags allow us to track receipt of an e-mail to you, to count users that have visited a web page or opened an e-mail and collect other types of aggregate information. If you click on an e-mail that contains a Tag, your contact information may subsequently be cross-referenced to the source e-mail and/or the relevant Tag.

In some of our e-mail messages, we use a “click-through URL” linked to certain websites administered by us or on our behalf. We may track click-through data to assist in determining interest in particular topics and measure the effectiveness of these communications. Please see our Cookie Policy for further information.

This information is used to create profiles and insights about our visitors’ browsing and shopping habits and the shopping habits of our other customers.

By using this information, we can measure the effectiveness of our content and how visitors use our Sites and our Services. This allows us to learn what pages of our Sites are most attractive to our visitors, which parts of our Sites are the most interesting and what kind features and functionalities our visitors like to see.

We also use this information to help us with the selection of future product and service lines, websites design and to remember your preferences (such as brands that you shop and whether you shop online or instore).

We also use this information for marketing purposes (please see the “In connection with marketing activities” section below for further details).

6.14 In connection with our refer-a-friend scheme
We operate a refer-a-friend scheme (available here). If you refer a friend to us, we will collect your name and email address. You will then be prompted to contact your friend via a number of channels, including email and social media, to provide a referral link, or you can provide your name or referral link to your friend directly.

Please only share a referral invitation with friends who you know would be happy to receive it.

If you are a friend that has received an email from someone inviting you to use Harvey Nichols, we will not receive any of your personal data unless and until you use our Site or our Services.

6.15 In connection with marketing activities
To provide our customers with an excellent level of service, we may use your previous spending behaviours, selected marketing interests and other information we have collected about you to provide bespoke marketing communications personalised to you. Communications will include press releases and information on events and upcoming campaigns, as well as general information about Harvey Nichols, our Sites, Stores, the Services we provide and the events and promotions we offer from time to time. We may also provide you with personalised and non-personalised advertising on social media channels, including those operated by Meta and/or Google, where you are a registered user of such services. Facebook Custom Audiences and/or Google Audience Builder are used respectively subject to the privacy choices you have elected to make on such services. For further information, please review Google’s Privacy & Terms site

Where you are a registered user of any Meta platforms such as Facebook or Instagram, or of Google services, we will use your email address in an encrypted format to enable Meta and Google to find other registered users of their services that share similar interest to you based on an amalgamation of information that we observe about you from your interactions with us (see the Insight and Analysis section above for more details on the information collected and how it is collected) and the information Meta and/or Google hold about you. We do this using tools such as Facebook Lookalike Audiences and/or Google Similar Audience respectively. Such activity is subject to the privacy choices you have elected to make on such services.

During your interactions with us across our Sites and Stores, we may collect information you directly provide to us and you may be given the opportunity to opt-in to receiving Harvey Nichols marketing communications. Please see the “Insight and Analysis” section above for more details about the personal data collected and how it is collected. To ensure you are happy to receive marketing communications from us, we will periodically provide you with the opportunity to decline receiving any marketing communications from us, including when we first collect your contact details.

The easiest way to manage your communication preferences is by creating an account on our website linking to your email address and logging into the Preferences Centre. Alternatively, you can contact our Customer Services Team or the Data Protection Office and request to unsubscribe to marketing communications or exercise your other legal rights. Please note, it can take up to 1 month for your new preferences or for an unsubscribe requests to be registered throughout all our systems and you may still receive communications from us during this period.

6.16 For business administration and legal compliance
We use your personal data for the following business administration and legal compliance purposes:

- to comply with our legal obligations;
- to enforce our legal rights;
- protect rights of third parties; and
- in connection with a business transition such as a merger, acquisition by another company, or sale of all or a portion of our assets.

7. Who do we share your data with?

We will share your personal data with the following categories of third parties:

· Our Brand Partners.

· Credit card companies and other payment providers – to help us process payments and refunds. This may include Ayden, PayPal, WorldPay, American Express, Visa, Apple Pay, Google Pay and others.

· Retail logistics providers – to help us manage our stock and fulfil orders. We work with GXO Logistics for this purpose.

· Customer compliance providers – to comply with anti-money laundering obligations for high value transactions.

· Delivery and courier companies – to deliver products and process returns, including DPD, DHL and Royal Mail.

· Third party IT service providers – to provide and help us run, manage and backup our internal IT systems, and provide applications/functionality. Such third parties may include, for example, providers of information technology, cloud-based software as a service providers, identity management, website hosting and management, data analysis, data back-up, security and storage services. This includes for example, Salesforce and Big Commerce.

· Stores Wi-Fi – to provide free Wi-Fi services across or Stores. We work with Purple Wi-Fi for this purpose.

· Cross-border solution provider – to fulfil international orders and facilitate customer enquiries.

· Tax-free service providers and HM Revenue & Customs – in relation to tax free rebates;

· Concession and Marketplace brands – to fulfil customer orders across our Sites and Stores.

· Concierge service providers – to enable us to provide the Services.

· Third-party events service providers and specialists - that are assisting us with the operation and administration of events or customer relationship management and administration of competitions, prize draws and other promotions.

· Customer insight analytics providers - in order for us to improve our services

· Mention Me – a third-party service provider which operates our refer-a-friend scheme. Please refer to the Mention Me privacy policy for further information.

· Specialist suppliers who assist us in managing our marketing database and media buying agencies – these providers send out our email marketing communications, membership-related communications, and assist us with the delivery of online personalised advertising campaigns or social media remarketing campaigns. These suppliers include but are not limited to:

- Google
- Microsoft/Bing
- Facebook (Meta)
- Instagram (Meta)
- LinkedIn
- Snapchat
- X – Previously known as Twitter
- Salesforce
- Purple WI-FI
- Wunderkind

Your encrypted email address is also shared by us or our third party service providers with Facebook and/or Google under the terms of their Facebook Customer Audiences and/or Google Customer Match services respectively.

Other suppliers that we use for this purpose are described in our Cookie Policy

Regulators and law enforcement agencies - on occasion we may be required to disclose your data to these parties in a number of different countries, whether as a result of law, a court order, or another legal process. Although we dispute requests wherever suitable, in some cases we may have to share your information with the regulators or law enforcement agencies. Where we consider it appropriate, and provided we are not prohibited from doing so by law or court order, we will attempt to notify you of these legal demands

8. Our use of cookies and similar technologies

We use cookies and similar technologies on our Sites and in our emails that may collect your personal data to enhance and personalise your online experience. Cookies are text files that gather small amounts of information, which your device stores when you visit a website or use an app. Some cookies are essential and required for the operation of the website, including retaining items in your online shopping bag, recognising that you are signed in to your “My HN account”, establishing the relevant currency, language and country settings for your session.

Other cookies and technologies such as pixel tags and JavaScript may be used for analytic purposes to help us understand more about your visit to our site, such as how regularly you visit the site and how long you spend on it. This helps us to improve, maintain and understand our site visitors’ journeys. Where applicable, some of this information may be shared with our third parties, such as Meta and Google to give them an insight into website visitor information. This includes ensuring that the ads you see online, including other selected websites are more relevant to you and your interests. This is based on you providing your consent to advertising cookies. You can opt out of third-party use of your personal data as set out in our Cookie Policy and/or through the relevant platforms, such as Meta and Google.

Analytical cookies also determine opportunities where you may be invited to join our email marketing communications or REWARDS programme. This technology allows us to acknowledge if you’re a returning visitor and if you’ve already subscribed to receiving marketing emails, whereby you will no longer see certain pop-ups if they are not relevant. Our aim is to provide a personalised and smooth operating experience for our customers across all of our Sites and therefore we combine the details of our relationship with you, including guest checkout service details in our records, device identification information that may be linked through your REWARDS account and other information retained online about you.

We use cookies and similar technologies in our emails to you, to help us understand how you interact with our emails and to help us improve our future email communications. This also helps us to ensure that the ads you see online are relevant to you and based on your interests.

Our Cookie Policy provides more detailed information about the use of cookies and how you can manage them.

9. Third party links and services on our Sites

Our Sites contain links to third party websites and services, for example when you book a beauty service you may be taken to our brand partner’s website or for example our website may invite you to connect with us on social media platforms such as X (previously Twitter) or Instagram. Please be aware that when you click on a link to go from our Sites to another website, or you request a service from a third-party, this Privacy Policy will no longer apply. Harvey Nichols does not monitor, control, or endorse the privacy practices of any third parties. We encourage you to become familiar with the privacy practices of every website you visit and app you use.

When downloading and installing the Harvey Nichols app, certain information is transmitted to the respective provider of the app (e.g., Google or Apple), including your username, your email address and customer number of your account, the time of download and the individual device code. Harvey Nichols has no influence over and is not responsible for downloading and installing the app on your mobile device.

This Privacy Policy applies solely to personal data collected by us through our Sites, the supply of our Services and/or in connection with our business operations and does not apply to any third-party websites and third-party service providers.

10. Transfers of personal data outside of the United Kingdom (“UK”) or the European Economic Area (“EEA”)

There may be instances where we need to transfer your personal data to countries other than your own. For example, within the Harvey Nichols Group Companies, or to third party data processors. Some of these countries may have different data protection laws and may not provide the same level of protection to your personal data as that of your own country. We will only transfer your personal data outside of the UK or the EEA, if:

- The recipient country ensures an adequate level of protection for your personal data, recognised by the UK and/or EEA; or
- The recipient or recipient country is subject to approved certification mechanism or code of conduct with binding and enforceable commitments which amount to appropriate safeguards for your personal data, or we have put in place appropriate safeguards to protect your personal data, such as a contract with the person or entity receiving your personal data which incorporates specific provisions as directed by the UK or EEA data protection laws; or
- The transfer is permitted by applicable laws; or
- You explicitly consent to the transfer.

Where this is the case, we have procedures in place to ensure that your personal data receives the same level of protection as if it were being processed in the UK or EEA.

For any questions about how we protect your personal data outside of the UK, please contact the Data Protection Office at DPO@harveynichols.com

11. How long we keep your personal data for?

We only keep your data for as long as is necessary to fulfil the purpose for which it was collected, to comply with any legal, regulatory, or reporting obligation, to prevent fraud or to resolve disputes.

We have a company retention policy in place which specifies how long we will retain your personal data for. We actively review the personal data we hold and delete it securely, or in some cases anonymise it, when there is no longer a legal, business or customer need for it to be retained.

If you have opted out of receiving marketing communications from us, we will need to retain certain personal data on a suppression list indefinitely so that we know not to send you further marketing communications in the future.

12. Personal data relating to children

Our products and services are aimed at customers who are ages 16 or over. We do not knowingly collect personal data from children under the age of 16, and we encourage all parents and legal guardians to supervise children’s use of the internet and when visiting our Stores. Children visiting our Stores may be captured as part of the CCTV camera recordings. Please see “What personal data we collect about you and how we use it” for more information or contact our Data Protection Office.

Customers need to be aged 16 or over to join the Harvey Nichols REWARDS programme.

If you have reason to believe that a child under the age of 16 has provided Personal Data to us by use of our Services, please contact our Data Protection Office.

13. Your legal rights

We are committed to ensuring you remain in control over the personal data we hold about you and that you know what your legal rights are. Under data protection laws, you have the following rights:

Ø Access to your personal data
This is also known as a subject access request, whereby you have the right to request a copy of the personal data we hold about you. Please note, certain information may be excluded from your request as we also have an obligation to protect other individuals’ personal data, and we may need to withhold information for legal or business purposes. Please note, we may use third parties to assist us with this request.

Ø To edit and update your personal data
You have the right to request that your personal data is rectified if it is inaccurate, outdated, or incomplete.

Ø To have your personal data erased
You have the right to request that your personal data is erased. However, this is not an absolute right and only applies in certain circumstances. For example. The law may require us to keep some types of personal data for a specific period. We will review such requests on a case-by-case basis. Please note, if your personal data is erased, this will include any Harvey Nichols REWARDS points which will be cancelled.

Ø To restrict the processing of your personal data
You have the right to request the restriction or suppression of your personal data. However, this is not an absolute right and only applies in certain circumstances. When processing is restricted, we will continue to store your personal data, but we will not use it.

Ø Data portability
You have the right to request that we transfer your personal data from one organisation to another or to give it you (in a structured, commonly used and machine-readable format). This right only applies to personal data that you have provided to us and is held electronically.

Ø To object to your personal data being used
You have the right to ask us to stop using your personal data at any time. We will stop this processing if:

- we are relying on our own or someone else’s legitimate interests to process your personal data and we cannot demonstrate compelling legal grounds to continue processing; or
- we are processing your personal data for the purposes of direct marketing.

Ø Automated decision-making and profiling
You have the right not to be subject to a decision when it is based on automatic processing, including profiling (where no human has reviewed the outcome and criteria for a decision) and it produces an adverse legal effect or significantly affects you.

Ø To withdraw consent
If we rely on your consent as our legal basis for processing your personal data, you have the right to withdraw that consent at any time.

Exercising these rights:
You may exercise your rights at any time by contacting our Data Protection Office at DPO@harveynichols.com.

If you are based in the UK and would like more information on your rights as a data subject, or want to lodge a complaint with the Information Commissioner’s Office, please visit https://ico.org.uk/.

If you are based outside of the UK, you may have the right to lodge a complaint with the relevant data protection regulator in your country of residence.

14. Changes to this Policy

We regularly review this privacy Policy to ensure that we are always transparent about the ways in which we use your personal data, and that it accurately reflects our business practices, applicable laws and regulations.

The most up to date Privacy Policy will always be available on our website to ensure that you are always aware of how we use your personal data.

Privacy Policy Addendum for California and Virginia residents

The following provisions apply to our customers who are California residents and are intended to address the requirements of the California Consumer Privacy Act of 2018, as amended from time to time (the “CCPA”). As applicable, these Supplemental Terms also apply to residents of other States in the United States of America that provide for similar consumer privacy protections.

Your Information. Please see Section [5] of this Privacy Policy above for a description of what personal data we collect from you, and how we use that personal data.

Sharing your information. The Privacy Policy explains who we share your personal data with and why. In particular, please see the “What personal data we collect and how we use it” section for specific examples of how we share your personal data.

Selling your information. We do not sell personal data in exchange for monetary compensation. We may allow certain third parties (such as certain advertising partners) to collect your personal data from our website in order to provide you with tailored content and advertising, and may share your personal data with specialist suppliers, including third party media buying agencies and service providers, who assist us with the delivery of online personalised advertising campaigns. You have the right to opt out of this disclosure of your information. For example, when using Google Chrome, customers can customise their cookie settings to disable all cookies or block third party cookies, which only allows Harvey Nichols related to be activated.

Our Cookie Policy provides more detailed information about the cookies we use and how you can manage them.

Your rights: Subject to exceptions and certain limitations under applicable law, you may have certain choices regarding our use and disclosure of your personal data, as described below:

- Access: You may request that we disclose to you (i) the categories of personal data we have collected about you, (ii) the categories of sources of that data, (iii) the business or commercial purpose for collecting or selling (if applicable) the personal data, (iv) the categories of third parties with whom we share personal data, and the categories of personal data shared; (v) the specific pieces of your personal data that we have collected, used, disclosed, or sold.
- Correction: You may request that we correct your personal data if it is inaccurate.
- Deletion: You have the right to request that we delete the personal data we have collected from you. If you request deletion, please note that any Harvey Nichols Loyalty Program points will be permanently cancelled, and your account closed. Know that deletion requests are subject to certain limitations, for example, we may retain personal data as permitted by law, such as to maintain an active account, to process transactions and facilitate customer requests, and for certain other internal business purposes described in our Privacy Policy.
- Automated Decision-making: You have the right to opt-out of certain profiling activities.
- Opt-Out: You have the right to opt-out of targeted advertising and the sharing of personal data for that purpose, and any use of sensitive personal information (such as precise geo-location or financial information), except for the purposes it was collected and as otherwise permitted by law. Please note that we honour Global Privacy Control signals. We do not respond to Do Not Track signals. Click here to manage the activation of the cookies and make other opt-out choices. See our Cookie Policy for more information.

To exercise these rights, you or your authorised agent can contact us directly at DPO@harveynichols.com. If we deny your privacy request, you may appeal the decision by contacting us at the email address provided. You must describe the basis for your appeal.

Non-discrimination Statement. Harvey Nichols will not discriminate against any consumer for exercising their rights under the California Consumer Privacy Act, or similar U.S. state privacy laws, as applicable.

Retention. This Privacy Policy explains how long we keep your personal data for, please refer to “How long we keep your personal data for”.