Security & Privacy Policy

Malebox Menswear is committed to ensuring the privacy and security of your personal data. The following Privacy Policy sets out the personal data that we collect about you as a user of our products and services, including how and why we process your personal data, who we share it with, and your rights and choices when it comes to your personal data. In this Privacy Policy, when we refer to "personal data", we mean information which could directly identify you (for example, your name) and information which could indirectly identify you, meaning that it could identify you when combined with other information which we hold about you (for example, your address or date of birth). "Process" or "processing" means just about any conceivable use of personal data, including recording, storing, viewing or disclosing personal data. 

Malebox Menswear is the data controller of your personal data (referred to in this Policy as “Malebox Menswear” or “we”). If you have any questions about your personal data which are not answered by this Policy, please contact us on the following email address:

How we collect your personal data

Information provided by you: 

We collect your personal data to give you the best possible experience as a user of our products and services. In general, we collect information from you when you interact with us to receive a quote, place an order, take out finance, open up an account, visit our website, enter a competition, or contact us with an enquiry or complaint. This covers all channels of communication with us, including over the telephone, email, website, social media and in person. We will collect the following information from you when you place an order: 

* Your name 
* Contact address 
* Email address 
* Telephone number(s)

We will also obtain or request the following information if you contact us with an enquiry or complaint: 

* Any information that you disclose to us as part of your enquiry or complaint 
* Necessary information to resolve your complaint, which could include: 
     - Proof of purchase 
     - Legal documentation 
     - Copies of credit card or bank statements 

If you visit our website

* Some pages on our website use cookies, which are small files placed on your internet browser when you visit our website. We use cookies in order to tell us how you're using our site, which in turn allows us to continually improve how the site works, looks and delivers information to users. We also use cookies to offer our website users a more tailored experience in the future, by understanding and remembering your particular browsing preferences. 

* Where we use cookies on our website, you may block these at any time. To do so, you can activate the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies), you may not be able to access all or parts of our website or to use all the functionality provided through our website. 

* For more information on the cookies we use, the purposes for which we use them, the details we collect and how you can manage your preferences, please see our Cookie Policy. By continuing to use our website you are agreeing to our use of cookies as described in our Cookie Policy.

How we use your personal data

We will use your personal data for the purposes outlined below. To fulfil our contractual agreement to provide you with our products and services: 

* Where requested by you, to provide you with a purchase for any of our products.
* To deliver our products and services to you according to our contractual agreement.
* To collect customer payments. 
* To contact you with important information about your account.

To comply with our legal obligations, and for the establishment, exercise or defence of legal claims: 

* To comply with our regulatory requirements, for example those under FCA, HMR&C 
* To meet our data protection obligations to verify your identity, before we provide you with information relating to your account.
* To resolve any disputes relating to your purchase with us. 
* For the detection and prevention of crime, including any investigations into potentially fraudulent activity. 

Where we have legitimate business interests: 

* To respond to customer enquiries and complaints. 
* To manage payment schedules, credit levels and debt collection. 
* To understand customer behaviour, so that we can provide you with products and services that are best suited to your requirements. 
* For management information (MI) reporting purposes, to help us continually improve our offering to our customers. 
* Subject to your marketing preferences, to provide you with information about products and services that we think you'd benefit from, by post, telephone or by electronic means. 

Where we have your consent: 

To provide you with information about products and services that we think you'd benefit from in accordance with your marketing preferences. 

If you are an existing customer, subject to your marketing preferences, or where you have otherwise expressly consented, we'll send you relevant information about products and services that we think you'd benefit from. We will never sell your data to third parties for marketing purposes. 
This information could be sent to you via text, telephone, email or post. You can opt out or update your marketing preferences at any time by contacting us: 


Email and message recording: 
Email and message, e.g. Instagram, Facebook, WhatsApp correspondence will be recorded for monitoring purposes, and to assist us in the provision of our products and services to you. We also will retain these messages to keep a record of our contractual agreement with you, and to help us investigate any complaints or disputes.

Sharing your personal data

Third Parties 
Your personal information may also be shared with the following categories of third parties: 
* Warehouse storage and fulfilment centres, so that we can fulfil our orders and send our products and services to you. 
* Fraud protection and prevention services, such as the TRAS fraud prevention agency, to help us to identify any potential fraudulent activity and for the prevention and detection of money laundering. 
* Debt collection agencies, to help us recover any outstanding debt. 
* Credit reference agencies, to enable us to perform a credit check prior to entering into contract with you. 
* Payment providers, to enable you to make online payments for our products and services.
* In order to be able to offer you Klarna’s payment options, we will pass to Klarna certain aspects of your personal information, such as contact and order details, in order for Klarna to assess whether you qualify for their payment options and to tailor the payment options for you.
General information on Klarna can be found here. Your personal data is handled in accordance with applicable data protection law and in accordance with the information in Klarna’s privacy policy
* Printing and distribution services, so that we can send out mailings to you. 
* Industry regulators, legal and tax services, to help us comply with our legal and regulatory obligations. 
* Dispute and complaints services, should we need to resolve a complaint with you. 
* IT service providers, to enable us to manage and host our IT platforms. 
* Social media platforms and management tools, to enable us to respond to any communications with you via our social media channels. 
* Marketing and advertising agencies, to help us develop our marketing communications so that they are relevant for you.
* Voucher and gift fulfilment companies, should you be entitled to receive an incentive from us. 
* Independent organisations and charities, such as Citizens Advice, should you choose to engage with us or raise a complaint through these channels. 
* Telephone directories, if you inform us that you wish to be listed in a directory 

We will also disclose your personal data to third parties: 
(a) where it is in our legitimate interests to do so to run, grow and develop our business: 
i. if we sell or buy any business or assets, we may disclose your personal data to the prospective seller or buyer of such business or assets; 
ii. if Malebox Menswear or substantially all of its assets are acquired by a third party, in which case personal data held by Malebox Menswear will be one of the transferred assets; 
iii. if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, any lawful request from government or law enforcement officials and as may be required to meet national security or law enforcement requirements or prevent illegal activity; 

(b) to enforce our contract with you, to respond to any claims, to protect our rights or the rights of a third party, to protect the safety of any person or to prevent any illegal activity; or 

(c) to protect the rights, property or safety of Malebox Menswear, our employees, customers, suppliers or other persons. 
Some of the companies with whom we share your data may use your data in countries which are outside of the European Economic Area. Please see the section below entitled "Where is my personal data stored?" for more detail on this aspect. Any third parties with whom we share your personal data are limited (by law and by contract) in their ability to use your personal data for the specific purposes identified by us. We will always ensure that any third parties with whom we share your personal data are subject to privacy and security obligations consistent with this Privacy Policy and applicable laws. Save as expressly detailed above, we will never share, sell or rent any of your personal data to any third party without notifying you and/or obtaining your consent. Where you have given your consent for us to use your personal data in a particular way, but later change your mind, you should contact us and we will stop doing so. You can do so by: 


Where is my personal data stored?

Malebox Menswear is based in the United Kingdom. However, we may have to share personal data with third parties located outside of the UK or process your data ourselves outside of the UK. Your personal data may be processed by staff operating outside the UK working for us, other members of our group or third-party data processors for the purposes set out in this Privacy Policy. 
When we do send personal data outside the UK, we will ensure that appropriate safeguards are in place to protect your data in accordance with UK data protection requirements, such as the General Data Protection Regulation (GDPR). These may include: 
* Sending information to countries which have been deemed as having adequate protection by the UK 
* Entering into UK approved standard contractual arrangements with the third party.
For more information, please contact us by: 



Malebox Menswear have implemented appropriate technical and organisational measures to protect the confidentiality of the personal data that you entrust us with. We update and test our physical, logical and procedural security controls on an ongoing basis. These include limiting access to your personal data to those who need it and training our employees about the importance of maintaining the privacy and security of your personal data. 

How long do we keep this information? 

We will only store your personal data for as long as is necessary to fulfil the purposes outlined in this Privacy Policy or for as long as we reasonably consider necessary to establish, exercise or defend our legal rights. Your data will be retained in line with statutory and regulatory requirements. The criteria used to determine these retention periods includes: 
* To comply with the statutory retention periods for accounting records, as set by the Companies Act and HM Revenue & Customs (HMRC). 
* To comply with the retention periods set by the TRAS Fraud Prevention Agency 
* Where our retention periods are not governed by legislation, our retention policy is based on commercial justifications, which have been set in accordance with the principle of retaining personal data for no longer than is necessary for the purposes for which it is processed. These include: 

- To comply with our Supplier Licence Conditions 
- To enable us to provide you with our products and services 
- To allow us to resolve any disputes or complaints 
- For the detection and prevention of fraud

Data subject rights

The following section sets out your rights in relation to your personal data. This includes your rights under the Data Protection Act, in addition to the enhanced rights that you will be entitled to post 25th May 2018, following the coming into force of the GDPR. If you would like to exercise any of your data subject rights, please contact us by: 


You have the following rights and choices in relation to your personal data: 
1. You have the right to request access to a copy of your personal data. You are entitled to obtain confirmation that your data is being processed, access to a copy of your personal data, and other supplementary information which largely corresponds to the information that should be provided in a Privacy Policy. Should you wish to exercise this right, please contact us with a description of the information you would like to see. We will provide our response to you without undue delay and within one month of receipt of your request. Please note, however, that in certain circumstances we are not required to provide the information requested. Where requests are manifestly unfounded or excessive, in particular because they are repetitive, we may charge a reasonable fee taking into account the administrative costs of providing the information or refuse to provide the information. Where we refuse a request, we will explain our reasons for the refusal, and remind you of your right to complain. Certain personal data may be exempt from such requests in certain circumstances. If an exemption applies, we will tell you this when responding to your request. We may request that you provide us with information necessary to confirm your identity before responding to any request you make. 
2. You have the right to ensure that any information we hold about you is accurate and kept up to date. Please let us know if you would like to update any inaccurate or incomplete records. You are also entitled to the following additional rights under the GDPR. These rights will become effective after 25th May 2018. 
3. You have the right to request that we erase your personal data on the following grounds: 
* Your personal data is no longer necessary in relation to the purpose for which it was collected or processed 
* If the processing is based on consent, you choose to withdraw your consent and there is no other legal ground for processing 
* You object to processing, and there are no overriding legitimate grounds to continue the processing 
* Your personal data has been processed unlawfully 
* Your personal data must be erased for compliance with a legal obligation 
4. You have the right to request the restriction of processing of your personal data under specific conditions, unless we have a lawful reason to continue, such as for the establishment, exercise or defence of legal claims. 
5. You have the right to request a copy of personal data you have provided to us in a structured, commonly used and machine-readable format, so that you can transmit this to another organisation. Where technically feasible you can also request that we transmit this data to another organisation. 
6. You have the right to object to processing which is based on: 
* Legitimate interests 
* Tasks carried out in the public interest 
* Direct marketing 
7. You have the right not to be subject to any decisions made based solely on automated processing, including profiling, which produces legal effects or significantly affects you. Where such decisions are made, you have the right to: 
* Obtain human intervention 
* Express your point of view 
* Obtain an explanation of the decision and challenge it


If you would like to make a complaint, please contact us: 


Changes to the Privacy Policy

This Privacy Policy does not form part of any customer's contract with us and we may amend it from time to time. Any changes we make to our Privacy Policy in the future will be posted on our website and, where appropriate, notified to you by email. 
The practices described in this Privacy Policy are current personal data protection policies, as of 30th April 2018.