Linnworks/SkuVault (Non-Product) Privacy Notice
Our privacy notice lets you know how we look after your personal information when you visit our website, have provided your contact data to us at a conference or event, through a partner or we have identified your business as a lead or opportunity. This includes how we collect and process personal information when you complete an online contact form, request a quote, request a demo, request a customization, integration, or partnership service, call us, use our Chatbot service, visit our offices or otherwise contact us.
We have consciously kept it short and sweet as we want this notice or policy (whatever you want to call it) to be accessible. We know that not many of you will take the time to read it, but for those that do, this notice or policy contains the information you have a legal right to know. European, UK, and US privacy laws are complicated and there is a lot to fit in, so we tried to cut out the nonsense that you normally find in such policies. This does not mean we don’t take the security and privacy of your information seriously, we really do, and we would be happy to tell you all the controls we have in place, just not here.
1. Who we are
Our trading names are Linnworks and SkuVault – that is what our eCommerce platforms, products and website are known as and the name our customers know us by. Our SkuVault platform is operated by SkuVault, Inc, registered at 2509 Plantside Dr, Louisville, Kentucky, 40299, United States. SkuVault is a wholly owned subsidiary of Linn Systems Limited. Our Linnworks platforms are owned and operated by Linn Systems Limited. Linn Systems Limited is based in the UK, our registered office is at Suite 3, 2-4 Southgate, Chichester, West Sussex, PO19 8DJ, United Kingdom and our company registration number in the UK is 06784391.
We are bound by applicable data protection laws in the EU, UK, and USA in respect of the handling and collection of your personal data.
We are registered as a data controller with the UK Information Commissioner’s Office (ICO) under the registration number ZA015143.
2. Categories of data we collect & lawful basis
We collect the following data when you visit our website, request a demo, request marketing materials, subscribe to any of our publications or updates, call us, email us, complete an online form, use our Chat bot, and visit one of our offices:
- Contact Data includes first name, last name, company name and job title, email address, phone number, company website, country, basic details about your company, business address and location.UK/ EU Lawful Basis: Legitimate Interest.
- Technical & Usage Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our websites. Usage Data includes information about how you use our website. UK/EU Lawful Basis: Legitimate Interest for Necessary Cookies, Consent for statistical, analytic and marketing cookies.
- Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences UK/ EU Lawful Basis: Legitimate Interest (because we only send business to business marketing communications).
Prospects & Leads
Where we have identified your business as a lead or prospect, we sometimes collect data from publicly available sources and receive personal data about you from various third parties and public sources as set out below:
- Identity and contact data from our authorized resellers, introducers, and other partners who you have given such information to so that they can upload it to our systems, and we can provide products and services to you; UK/ EU Lawful Basis: Legitimate Interest
- Identity and contact data from publicly available sources such as websites of relevant, prospective customers and Companies House. UK/ EU Lawful Basis: Legitimate Interest
- Identity and contact data from third parties such as ZoomInfo and LinkedIn Lawful Basis: Legitimate Interest
Our Legitimate Interest means the interest of our business in conducting and managing our business to enable us to respond to your enquiries, identify business customers who would benefit from our products and services to grow their business and ours, give you the best service/product and the best and most secure experience.
Consent means where we have obtained your agreement to process your personal data, for example when you sign up to receive our marketing materials or consent to marketing cookies which deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising, we serve to you. Consent must be freely given, specific, informed and be an unambiguous indication of your wishes for us to process your personal data.
3. Purpose for collection
We collect this information so we can:
- grow and manage our business;
- respond to your enquiries,
- identify business customers who would benefit from our products and services to grow their business and ours;
- contact you with offers and information about our products and services;
- deliver relevant website content and advertisements;
- measure or understand the effectiveness of the advertising we serve to you;
- keep our website secure and operating effectively.
You can unsubscribe at any time from any of our marketing communications using the links within the email or newsletter or email@example.com.
4. Who we share data with
In some circumstances we may need to share your personal data with third party service providers who may have access to your personal information to perform certain functions or may host your personal information as part of a “cloud based” solution used by Linn Systems and SkuVault such as:
- Our customer relationship management platform provider
- Our website support and hosting services provider
- Our Chatbot provider
- IT providers such as our cloud hosting provider, support ticketing provider, email providers
- Professional advisers including lawyers, bankers, auditors, and insurers based in the USA, UK and Estonia
- Marketing and PR providers
Data may be shared within our group of companies including SkuVault, Inc, Linn Systems Limited and Linn Systems OU in Estonia. All three companies specialize in eCommerce software and products. Your data may be shared for the purposes of providing technical support, quality testing, support with customer development projects, identification of cross sell and upsell opportunities and answering your queries in relation to SkuVault and Linnworks products or other services.
We may also share your data with any organizations in the event of the sale, merger, reorganization, dissolution, or disposal of our business. We will inform you of any such transfer or disclosure as required by law.
5. Data transfers outside the UK and EU
Whenever we transfer UK or EU residents’ personal data out of the UK or EU, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission, including using the EU/ US Data Privacy Framework.
- We may rely on the European Commission approved standard contract clauses or Binding Corporate Rules (and their UK equivalent) together with a transfer impact assessment to identify any additional safeguards required to give personal data the same protection it has in the UK and EU.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data outside of the UK and EU.
6. How long we keep your data
We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
If you tell us that you no longer wish to receive such communications, your personal data will be removed from our marketing lists (but will be added to a “do not contact” list). We will also periodically do a manual scrub of the personal data that we hold on our systems.
Certain customer data (not your customer data) will be held for as long as we need to comply with audit, accountancy, and tax rules, in most cases this is 6 years following the end of your contract with us.
In some circumstances, we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
7. Your rights over your data
UK and EU residents’ rights
- The right to be informed about the collection and use of your personal data. This is the intention of this privacy notice.
- Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request rectification of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing.
- Object to processing of your personal information where we are relying on a legitimate interest and there is something about your situation which makes you want to object to processing on this ground.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you.
If you would like to exercise any of these rights, please contact our Data Protection Officer at firstname.lastname@example.org.
US residents’ rights
Your rights over your data will depend on which state you live in.
If you live in California, Colorado, Connecticut, Iowa, Utah, Virginia, you have the following rights over your consumer data (please note the definition of consumer data varies from state to state as our services are targeted at business customers as the laws currently stand only California business owners and residents are likely to be considered consumer data other states will be considered on a case by case basis):
- Right to Know/ Access. You have the right to request information on, the personal information we collected about you in the last 12 months, including the categories of personal information, the categories of sources from which your personal information was collected from, the business or commercial purpose for collecting, selling, or sharing your personal information, the categories of third parties to whom we disclosed your personal information to, and the specific pieces of personal information we have collected about you;
- Right to Delete. (Excluding Utah) You have the right to request that we delete Personal Data that we have collected from you, subject to certain exceptions.
- Right to Correct. (Excluding Iowa and Utah) You have a right to request that we correct inaccurate Personal Data that we maintain on you.
- Right to Opt Out. (Excluding Iowa) You have the right to opt out of the sale of your Personal Data. However please note that we do not sell your Personal Data.
- Right to Opt Out of Targeted Advertising and Profiling You have a right to opt out of targeted advertising and profiling (excluding Utah and Iowa). You can do this through the cookie banner on our website or by emailing us.
- Right to No Discrimination (California only). You have the right not to receive discriminatory treatment by us just because you exercised any of your privacy rights such as charging a different price or providing a different level of service. This right extends to includes employees, applicants, and independent contractors.
If you would like to exercise any of these rights please contact our Data Protection Officer at email@example.com or you can write to us at Data Protection Officer, 2509 Plantside Dr, Louisville, KY 40299, United State or call 502.795.5491, 800.641.4507.
Where your state laws allow for a right of appeal if you are not satisfied with the initial response to your rights requests, you should contact firstname.lastname@example.org and our Group Data Protection Officer will review how your request was dealt with.
Texas, Florida, Oregon, Montana, Tennessee, and Indiana all have privacy laws coming into force in the coming years which will provide individuals with some of the rights listed above.
8. Cookies and Third-Party websites
For further information about the cookies that we use, please visit our dedicated Cookies Policy Page.
Our website may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements.
9. Queries and complaints.
You can contact our Data Protection Officer at email@example.com at any time if you have any concerns or questions regarding the way your personal data is treated or handled.
If you are a UK Resident you also have the right to make a complaint at any time to the Information Commissioner Office https://ico.org.uk/make-a-complaint/ or if you are an EU resident, the Estonian Data Protection Inspectorate Home | Data Protection Inspectorate (aki.ee) the supervisory bodies for data protection issues for the UK and Estonia. However, we would appreciate the chance to deal with your concerns before, so please get in touch with us first.
|Version Number||Summary of Changes||Date|
|1.0||Original||10th May 2018|
|2.0||Major revisions including updates to company structure and information sharing following acquisition of SkuVault. Update with US rights and content and third country transfers.||1 October 2023|