SPOKE's Privacy Notice
SPOKE's Privacy Notice

SPOKE's Privacy Notice

📅
Last updated on 31/03/2023

At SPOKE, we’re building the world’s most personal menswear brand.

We believe that for most men, fit comes first. And yet, many traditional brands and retailers struggle to deliver. When you spread your stock thin across lots of shops and stockrooms, something has to give - and one of the first things to give is sizing.

Most of us fall between the gaps.

By finishing to order, we can run to more than 400 size options where traditional brands offer 30 or 40. We’ve developed our own proprietary fit-finder tool, helping customers match to their perfect size, in 60 seconds.

We offer a flawless, personalised fit, without the hassle or expense of bespoke.

And today we ship more than 20,000 products a month to the UK, USA, the EU and beyond.

❓ What is this notice about?

We want to be completely transparent about how we collect and use your personal data and this privacy notice exists to tell you exactly how we do this.

This notice applies wherever we decide why and how we process personal data (and therefore act as a Data Controller under data protection law). It covers the personal data we process when you use our services.

Our privacy notice tells you the journey of your personal data from the moment it enters our systems up until it's time for us to say "goodbye 👋", as well as the various stops it makes along the way.

📮 Our contact details

Email: dpo@spoke-london.com

Address: Respoke Ltd, Evergreen Studios, Ground floor, Little Green, Richmond, TW9 1QE

👇 The different ways we process personal data

When you apply for a job with us
🗂️ What personal data do we collect, why do we collect it, and what legal basis do we rely on?
💡
Personal data is anything that can identify an individual, either on its own or through combining it with other factors that could eventually identify an individual.

When you apply for a job with us, we will ask you to provide some information about yourself in order to manage your recruitment process, such as your name, CV, email address, and phone number. As the interview process continues we may also record interview notes and request references from previous employers. The legal grounds we rely on for this processing is Article 6(1)(f) of the GDPR - Legitimate Interests.

🗺️ Where do we store it?

The information we will collect during the recruitment process will be stored on a recruitment platform that is headquartered in the US; for the transfer of data from the UK and EEA to the US, they have incorporated approved Standard Contractual Clauses (SCCs) in their contracts.

⏲️ How long do we keep it for?

If you are not shortlisted for an interview, we would like to keep your details on file for 12 months, just in case other opportunities become available. Please let us know if you do not want SPOKE to retain this information.

When you become a customer of SPOKE
🗂️ What personal data do we collect, why do we collect it, and what legal basis do we rely on?
💡
Personal data is anything that can identify an individual, either on its own or through combining it with other factors that could eventually identify an individual.

When you place an order or set up an account, we will ask you to provide some information about yourself, such as your name, email address, contact details, personal details, order details, phone number, payment details, and we will rely on Article 6(1)(b) of the GDPR - Contractual Obligation and Article 6(1)(f) of the GDPR - Legitimate Interest for this processing.

If you choose to sign up for text messaging, using the SMS provider on our website (Klaviyo), there will be cookies deployed - please see below in the When You Visit Our Website section.

When you make use of any of our customer features such as the Fit Finder for the perfect size, or choose to refer a friend, or ask us to place an order for an item temporarily out of stock, we will ask you to provide us with information relevant to fulfilling these requests, for example your measurements, contact details for referrals or for getting in touch to let you know when stock is available for you. We will reply on Article 6(1)(f) of the GDPR - Legitimate Interest for this processing.

🗺️ Where do we store it?

We process orders on our website using a processing ordering platform that stores data in a country (Canada) deemed ‘adequate’ under GDPR.

Orders are processed by our Warehouse Management System, which stores data in the UK but we also make use of cloud services provided by AWS, who are headquartered in the US; for the transfer of data from the UK and EEA to the US, they have incorporated Standard Contractual Clauses (SCCs) and the UK Addendum where necessary, in their contracts.

To deliver your items, we make use of courier services provided by companies that store data in the UK, the EEA and the US; for the transfer of data from the UK and EEA to the US, they have incorporated EU Commission approved Standard Contractual Clauses (SCCs) in their contracts.

If you complete our Find Your Fit (Fit Finder) tool, we will hold you size results (waist, leg length, thigh fit) and if you decide to add your email address we will store that data too, connected to your account details for if and when you place an order with us. This information is processed and stored on our website, hosted in the EEA (UK) and headquartered in the US. For the transfer of any data from the UK or EEA to the US they have incorporated Standard Contractual Clauses and the UK addendum where necessary in their contracts.

If you have referred a friend, that processing is stored in the UK.

When you make use of the ability to place an order for an item currently out of stock, that processing is stored in the UK.

If you need to return an item for any reason, the platform we use to process those instructions stores data in the UK, and we also share this information on our Warehouse Management System.

If you need to get in touch with SPOKE, we use a Customer Service platform that is headquartered in the US; for the transfer of data from the UK and EEA to the US, they have incorporated Standard Contractual Clauses (SCCs) and the UK addendum in their contracts.

We provide various payment options and partner with payment providers for this purpose. These options vary according to our customers’ location for convenience and maximum choice. All data is processed strictly within applicable data protection law and stored locally.

⏲️ How long do we keep it for?

We retain financial information and customer records in line with relevant UK laws.

By default, we will keep your data while you are a customer. If you choose to delete your data, we will only retain what is required to comply with UK law.

When you use one of our payment options on the SPOKE website
🗂️ What personal data do we collect, why do we collect it, and what legal basis do we rely on?
💡
Personal data is anything that can identify an individual, either on its own or through combining it with other factors that could eventually identify an individual.

When you use one of our payment options, be assured that we take the security of our customers’ data very seriously and this includes credit card information. On our website at checkout, you are taken to a secure page and should always see a closed padlock beside the URL address or at the top/bottom of your browser window. If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored for as long as is necessary to complete your purchase transaction. After that is complete, only the last 4 digits of your card is kept, in order to respond to customer queries in the event of a payment / refund query. All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers. To learn more, you may also want to read Shopify’s Terms of Service or Privacy Statement. We rely on Article 6(1)(b) contract as the legal basis for this processing.

🗺️ What are the options and how is your data handled?

Klarna In order to be able to offer you Klarna’s payment options, we will pass to Klarna certain aspects of your personal information, such as contact and order details, in order for Klarna to assess whether you qualify for their payment options and to tailor the payment options for you.

General information on Klarna you can find here. Your personal data is handled in accordance with applicable data protection law and in accordance with the information in Klarna’s privacy policy.

Mollie (EU and DE only) In order to be able to offer you Mollie's payment options (currently iDEAL and Giropay on our European and German sites), we will pass to Mollie certain aspects of your personal information, such as contact and order details, in order for Mollie to assess whether you qualify for their payment options and to tailor the payment options for you.

General information on Mollie you can find here. You can find information on iDEAL here, and Giropay here. Your personal data is handled in accordance with applicable data protection law and in accordance with the information in Mollie’s privacy policy.

Sezzle (US only) Sezzle is a payment service provider that gives you the chance to buy now, and pay later in interest free instalments.

You'll be able to see this as a payment method when checking out (US only) and will be redirected to Sezzle's site to make the payment.

For more information about Sezzle please see their privacy notice.

⏲️ How long do we keep it for?

We retain financial information and customer records in line with relevant UK laws.

By default, we will keep your data while you are a customer. If you choose to delete your data, we will only retain what is required to comply with UK law.

When we raise awareness of our business
🗂️ What personal data do we collect, why do we collect it, and what legal basis do we rely on?
💡
Personal data is anything that can identify an individual, either on its own or through combining it with other factors that could eventually identify an individual.

We take steps to raise awareness of and grow our business and we achieve this in various ways. When you choose not to opt out of 1st party marketing, we may collect your email address, name and order details so that we can tailor our communications to you and send you relevant offers and news via email or, sometimes, by posting you our latest catalogue. We gather statistics around email opening and clicks using industry standard technologies including clear gifs to help us monitor and improve our e-newsletter. We rely on Article 6(1)(f) of the UK GDPR - Legitimate Interests and Article 6(1)(a) - Consent of the UK GDPR for this processing.

If at any time you wish to opt out of receiving our catalogues and/or emails, email us at hello@spoke-london.com or modify your marketing preferences at any time using the My Settings section of your account, which you can find here: https://spoke-london.com/pages/settings.

Alternatively, you may unsubscribe from our catalogue at any time here: https://spoke-london.com/pages/unsubscribe.

We also advertise on social media platforms with relevant, targeted offers and updates from SPOKE. To turn off targeted ads on any of these platforms, please see the individual privacy settings for each company.

🗺️ Where do we store it?

We operate a referral scheme using a third party cloud based platform. If you have referred a friend, or been referred, that processing is stored in the UK.

We partner with some companies using a shared data pool for direct mailing, for instance sending catalogues, and use a platform that verifies and checks names against a suppression list. For customers in the EEA, the data is stored locally, for customers in the US, the data is stored locally. If you do not wish to have your order data with us included in these data pools, you can opt out of 3rd party marketing at any time using the My Settings section of your account, which you can find here: https://spoke-london.com/pages/settings

⏲️ How long do we keep it for?

If you have made a transaction using the referral scheme (powered by Mention Me) we will retain this data for the length of your relationship with us. We will delete you from the scheme 4 years after your last referral. If an individual receiving a referral hasn’t used it after 2 years, we will delete them from the scheme.

We will retain marketing lists only while participants agree to their data use; participants can unsubscribe at any time.

When you visit our website

Our website uses cookies and other similar technologies of which you should be aware.

🗂️ What cookies do we collect, why do we collect them, and what legal basis do we rely on?
💡
Cookies are text files placed on your hard drive by a web page server when you visit a website and are saved in your browser's history. They allow the website to recognise your device and store some information about your preferences or past actions. Cookies cannot be used to run programs or deliver software to your computer; they are uniquely assigned to you and can only be read by a web server in the domain that issued the cookie.

When you use our website, the cookies that can be stored on your device are either first party cookies, which are placed and read by us directly while you are using our website or third party cookies, which are set by other third parties we have partnered with.

Below is a list of the cookies we use and the purposes for which they are used:

Essential cookies
💡
These are essential to the operation and functioning of our website and therefore cannot be removed.
Name
Provider
Purpose
Expiry
Type
cart_ts_{locale}
SPOKE
Cart timestamp everytime a product is updated in basket
14 days
HTTP Cookie
shopify_user_id
SPOKE
Customer ID
0 (session)
HTTP Cookie
storeFrontToken
SPOKE
Token to associate a session with the appropriate store
1 day
HTTP Cookie
checkout_{locale}
SPOKE
ID of the users cart
14 days
HTTP Cookie
Non-essential cookies
💡
These cookies are additional to the the performance of our website and help us improve the service we provide to you.
Analytics cookies

These cookies generate analytics data to help website owners understand how visitors interact with websites by collecting and reporting information anonymously.

Name
Provider
Purpose
Expiry
Type
_ga
2 years
HTTP Cookie
_gat
1 day
HTTP Cookie
_gid
1 day
HTTP Cookie
checkoutStarted
SPOKE
Last checkout started date
0 (session)
HTTP Cookie
orderCompleted
SPOKE
Last checkout completed date
0 (session)
HTTP Cookie
th_LI
SPOKE
Last Login. Set whenever a logged in user loads a page.
1 day
HTTP Cookie
th_LOID
SPOKE
Last Order ID. Set whenever a logged in user loads a page
90 days
HTTP Cookie
th_LOP
SPOKE
Products from last order. Set whenever a logged in user loads a page
90 days
HTTP Cookie
th_LOD
SPOKE
Last order Date. Set whenever a logged in user loads a page
90 days
HTTP Cookie
th_LV
SPOKE
Last Visit
90 days
HTTP Cookie
th_FSB
SPOKE
Free Shipping Banner was shown
0 (session)
HTTP Cookie
th_HFB
SPOKE
Hide Flash Banner
30 days
HTTP Cookie
th_ftv
SPOKE
Cookie set for First Time Visitors
0 (session)
HTTP Cookie
th_OC
SPOKE
How Many Orders
90 days
HTTP Cookie
th_ATB
SPOKE
What was the last product added to cart but not purchased
90 days
HTTP Cookie
th_LPV
SPOKE
What as the last product viewed
90 days
HTTP Cookie
th_CU
SPOKE
Previous URL
0 (session)
HTTP Cookie
th_pp_consent
SPOKE
When a customer accepts GDPR terms in the banner displayed
180 days
HTTP Cookie
newsletter email
SPOKE
Stores the users email so that we can then reuse it on the FF email step
LocalStorage
HTTP Cookie
hideFlash
SPOKE
User has closed promotional flash banner
0 (session)
HTTP Cookie
FF_current
SPOKE
Saves customer fit finder answers
HTTP Cookie
filters
SPOKE
Customer fit filters
90 days
HTTP Cookie
hideNewsletterPrompt
SPOKE
User has closed newsletter modal
365 days
HTTP Cookie
landing_discount_code
SPOKE
The last discount code from query string
0 (session)
HTTP Cookie
source
SPOKE
used for awin
30 days
HTTP Cookie
show_modal
SPOKE
Used for the fit finder results modal to show
0 (session)
HTTP Cookie
spoke_fit_response
SPOKE
used in the spoke feedback form to re-render the form without email field
0 (session)
HTTP Cookie
ffFrom
SPOKE
stores the url and link name of users clicking on any fit finder link across the site
0 (session)
HTTP Cookie
dm
SPOKE
Stores direct mail opt in
30 minutes
HTTP Cookie
vwo_test_${id}
SPOKE
These dynamic cookies are used for AB testing
0 (session)
HTTP Cookie

You can adjust your browser cookie preference settings. You can find information about how to manage cookies in the most commonly used browsers here:

We also use a provider (Klaviyo) to help keep track of items you put into your shopping basket, including when you have abandoned your basket, and this information is used to determine when to send basket reminder messages via SMS.

🇬🇧 & 🇪🇺 What are your rights?

Your personal data is yours and you have rights in relation to it granted by the UK GDPR, which include:

📮 The right to be informed

You have the right to be informed about the collection and use of your personal data, the purposes for processing, retention periods for that personal data and who it will be shared with. We have set this information out in this privacy notice.

🗝️ The right of access

You have the right to ask us for copies of the data we hold about you. If you ask us, we’ll confirm whether we’re processing your personal information and, if so, provide you with a copy of that personal information.

The right to object

You have the right to ask us to stop processing your personal information in some circumstances, such as when we are relying on our own (or someone else’s) legitimate interests to process your personal information, when we are processing your personal information for direct marketing or when we are processing your personal information for research.

📝 The right to rectification

You have the right to ask us to rectify the personal information you think is inaccurate or to complete information you think is incomplete. When you ask us to rectify your information, if we’ve shared your personal information with others, we’ll let them know about the rectification where possible.

🧽 The right to erasure

You have the right to ask us to erase your personal information, in some circumstances, such as where we no longer need it or you withdraw your consent (where applicable).

🚫 The right to restrict processing

You have the right to ask us to restrict the processing of your personal information for a period of time in some circumstances, such as where you contest the accuracy of that personal information or object to us processing it. This right is separate from the right to object and will only stop us from using your personal information further, not from processing it. If we’ve shared your personal information with others, we’ll let them know about the restriction where possible.

✈️ The right to data portability

You have the right to ask that we transfer the personal information you gave us to another organisation, or to someone else, in some circumstances.

You don't have to pay anything in order to exercise your rights. Please contact us by sending an email to dpo@spoke-london.com if you wish to make a request under your rights; we will respond to any requests within a calendar month to get back to you with a response.

🇺🇸 What are your rights?

🗝️ The right to know

You have the right to ask a business to disclose what personal data they have collected, used, shared or sold about you and why it was collected, used, shared or sold. You have the right to this information for the 12 month period preceding your request. The data should be provided in a portable format.

The right to opt-out of sale

You have the right to ask a business to stop selling your personal information (”opt-out”). With some exceptions, a business cannot sell your personal information if they receive an opt-out request unless you provide authorisation allowing them to again.

Nevada Residents: We do not sell your personal information, but nevertheless we offer an opt out to sales of your data in an overabundance of caution to ensure compliance with Nevada law. Verified requests under Nevada law (NRS 603A) to not make any sale of any covered information we have collected or will collect regarding you may be sent to DPO@spoke-london.com. Please included in your email "Request for Nevada Opt-Out" in the subject line and in the body of your message.

🧽 The right to delete

You have the right to request that businesses delete personal information they collected about you and to tell their service providers to do the same. There are some exceptions that allow businesses to keep your personal information.

⚖️ The right to non-discrimination

Businesses cannot deny goods or services, charge you a different price, or provide a different level or quality of goods or services just because you exercised your rights under the CCPA.

📝 The right to rectification

You have the right to ask us to rectify the personal information you think is inaccurate or to complete information you think is incomplete. When you ask us to rectify your information, if we’ve shared your personal information with others, we’ll let them know about the rectification where possible.

🚫 The right to limit use of sensitive information

You have the right to ask us to only use your sensitive personal information (for example, your social security number, financial account information, your precise geolocation data, or your genetic data) for limited purposes, such as providing you with the services you requested. If we’ve shared your personal information with others, we’ll let them know about the restriction where possible.

💡 Shine a Light (California Residents)

If you are a California resident and have an established business relationship with us, you can request a notice disclosing the categories of personal information we have shared with third parties for the third parties’ direct marketing purposes during the preceding calendar year. To request a notice, please submit your request to: DPO@spoke-london.com. Please include in your email "Request for California Shine the Light Opt-Out" in the subject line and in the body of your message. Please allow 30 days for a response.

You don't have to pay anything in order to exercise your rights. Please contact us by sending an email to dpo@spoke-london.com or use our toll free number 1 (855) 295-0400 if you wish to make a request under your rights; we have a 45 days to get back to you with a response.

💔 How you can complain

If you have any concerns, or want to know more about our use of your personal information, please let us know by:

💡
Emailing us at dpo@spoke-london.com, or
💡
Writing to us at Respoke Ltd, Evergreen Studios, Ground floor, Little Green, Richmond, TW9 1NZ

If you are not satisfied with our response or you are unhappy with how we have used your data, you can complain to the Information Commissioner's Office (ICO). You can find the ICO contact details below:

💡
ICO Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, Helpline number: 0303 123 1113.
💡
icon
Powered By Trust Keith