- Our over-arching data principles
Everything we do relating to your information is covered by the following over-arching data principles:
- Your information belongs to you, not us – you should be able to control it, and you should know about, and be comfortable with, everything that we do with your information;
- We will only collect, keep, use and share your information either (a) for genuine business purposes that we’ve explained clearly to you and that you haven’t objected to, or (b) where we’re legally required to do so – and as soon as those purposes have been fully achieved, we will delete your information;
- We will be as clear and open as we can with you on what information we collect, why we collect it and how we use it, so you are informed and able to make decisions to control your information in the ways you’re comfortable with;
- As long as we have your information, we will keep it up to date and protect it as if it was our own sensitive information, using appropriate security safeguards, having kept on top of and appropriately taken into account the latest industry standards and best practice.
- How do we collect information about you?
In any interaction you may have with ASOS, we collect information in three possible ways:
1. When you directly give it to us (“Directly Provided Data”)
When you sign up for our site, or any time you visit ASOS, or purchase our products, or communicate with us, you may choose to voluntarily give us certain information – for example, by filling in text boxes, or clicking on active buttons on our side, like ‘Add to Bag’. All this information requires a direct action by you at that time in order for us to receive it.
2. When you give us permission to obtain from other accounts (“User Authorised Data”)
Depending on your settings or the privacy policies for other online services, you may give us permission to obtain information from your account with those other services. For example, social media is an important part of how ASOS interacts with our customers. In using social media (e.g. by signing onto ASOS using your Facebook or Twitter log-in), you may give us permission to access your information in that social media channel or in other services. So, if you did choose to link your Facebook or Twitter account to ASOS, this would enable us to obtain information and content from those accounts. Or if you’re using ASOS on your mobile, you can also choose to provide us with location data. The information we obtain from those services does depend on your settings for that service or their privacy policies. So you should always regularly check what those are.
3. When our systems collect information or data as you use our websites or apps, or use websites or apps that are connected to ASOS (“System Collected Data”)
These days, whenever you use a website, app, or other Internet service, there’s certain information that gets created and recorded automatically by the IT systems necessary to operate that site, app or service. The same is true when you use our websites, apps and services. For example:
(b) In addition, the type of device you’re using to access ASOS and the settings on that device may provide us with information about your device, including what type of device it is, what specific device you have, what operating system you’re using, what your device settings are, and why a crash has happened. What information we can be provided with depends on what type of device you’re using and its settings. For example, different types of information are available depending on whether you’re using a Mac or a PC, or an iPhone or an Android phone. Your device manufacturer or operating system provider will have more details about what information your device makes available to us.
- What information do we collect about you, why do we collect it and what do we do with it?
We need to answer this question first at the headline level, before looking at specifics.
At the headline level, we collect two types of information:
- “personally identifiable” information (meaning it can be used to specifically identify you); or
- “non-personally identifiable” information (meaning it relates to you but can’t be used to specifically identify you i.e. anonymous data like your unique ASOS customer number).
When explaining the specific information we collect about you, we will endeavour to confirm which is “personally identifiable” and which is “non-personally identifiable” on the other.
The easiest way to explain the specific information we collect about you is to look at every different point of interaction you may have with ASOS, as we collect different information at different points in your user or customer journey with ASOS. These interaction points include the following:
- Browsing our site;
- Saving an item;
- Registering on ASOS;
- Logging into ASOS once registered;
- Making a purchase from ASOS (i.e. adding to bag, checking out and completing a purchase);
- Contacting ASOS Customer Care, either about an order or for any other reason;
- Using ASOS social media channels;
- Clicking on ASOS banners, hyperlinks or plugins.
Set out below is an explanation of what information we collect at each of these interaction points, along with confirmation of (a) whether you directly give it to us, or we collect it with your permission, or whether it is collected by our technical systems; and (b) whether it is “personally identifiable” information or “non-personally identifiable” information:
- the IP address of the computer or the proxy server that you use to access ASOS – this is personally identifiable information;
- The type of device used to access our Services, your computer operating system details and settings, your type of web browser and your settings for that browser, the name of your ISP, (if you are accessing ASOS using a mobile device) your mobile device, your mobile operating system, your mobile device identifier provided by your mobile device operating system, and location data (if you have that functionality set up) and other general device or systems information – this is non-personally identifiable information;
- statistical information and log data about number of visits to certain pages on the site (e.g. the home page); the pages you viewed and activities you carried out during your visit; the date and time of your visit; the duration of an individual page view, the paths taken by visitors through the site – this is also non-personally identifiable information.
If you are logged in on ASOS when browsing, a cookie on your device will also identify you, and record and associate all of this non-personally identifiable usage information and log data with your account.
If you are logged in on ASOS or log in during that same visit, the non-personally identifiable information relating to that saved item will be associated with your account, so that it is then displayed in your ‘Saved Items’ list for the next 60 days or until you remove it from your ‘Saved Items’ list (if earlier).
- Registering on ASOS: In order to place an order with ASOS, you need to create an account with us and become a registered user. It is not possible to place an order without being logged in on ASOS. To create an account and register with us, you need to provide us with at least the following Directly Provided Data, all of which will be personally identifiable information:
- your name;
- your email address;
- a password;
- your mobile phone number.
After you create an account and register with us, you can then choose to provide further information about yourself during the registration process (for example, your gender and location). We also provide the option to register for a separate ASOS Marketplace account, for which you must provide us with at least your name, email address and/or mobile number, and a password. Any further information you provide to us at this stage will also Directly Provided Data, all of which will be personally identifiable information.
When you create an account and register with us, ASOS will keep that Directly Provided Data for as long as you are registered with us, so that we can then use it to identify you by your ASOS profile, to operate all the systems (such as delivery systems) to enable you to place an order to purchase products from ASOS, and to offer you a personalized, relevant experience on ASOS.
- Logging into ASOS: Once registered, if you wish to log in, you will need to input your email address and password again, which is Directly Provided Data and personally identifiable information. This will be matched to the up-to-date Directly Provided Data of the same type associated with your account to confirm your identity, and to enable you to place an order to purchase products from ASOS.
- Purchasing from ASOS: To purchase products from ASOS, you will need to do the following:
- click the relevant button on the site to add the product(s) to your bag – at which point our systems will collect this Directly Provided Data relating to the identity, size and other product attributes of the item(s) you’ve added, so the item(s) can then be displayed in your ‘Bag’ until the end of that visit. This is non-personally identifiable information;
- be logged in (see above for an explanation of the information required to do that);
- select certain options relating to the delivery of the products you wish to order – our systems will collect this Directly Provided Data relating to your delivery selections in order to be able to fulfil and deliver your products to you by your required delivery method, should you complete your order. This is non-personally identifiable information;
- input certain details relating to your credit card, or log-in details for certain other payment systems, such as PayPal or Klarna. This Directly Provided Data will be collected by our systems, so we can take the required payment for the products you wish to purchase, should you complete your order. These details are personally identifiable information.
- To complete your order, you finally need to click the relevant button to ‘Place Order’. When we have this Directly Provided Data, we will record the full details of the completed order in our systems for as long as you are registered with us, so we can (a) fulfil and deliver your order, (b) add it to your order history and have a record of your purchases in order to deal with any queries you may have or process any returns you may wish to make, and (c) include it within the financial records of our business transactions. This is all personally identifiable information provided by you.
- Contacting ASOS Customer Care: if you contact our customer care department for any reason (for example when you submit a question using the Ask a Question or Help Form or if you communicate with us on Live Chat), irrespective of which of the available communication channels you use to contact us, we will record the contact and collect all applicable information relating to the contact. Details of the contact with you will be both Directly Provided Data and personally identifiable information, which we will then:
- keep and use to help us categorise your specific question or contact, respond to it, and, if applicable, investigate, deal with and resolve any issue or incident, and
- keep for so long as you are registered with us so we have a history of all of our communications with you, any issues you may have had with us, and what we did to resolve those issues or incidents, which we can then use to ensure that we deal with any further contacts appropriately.
- Using or interacting with ASOS social media channels: When you use or interact with any of our social media channels (like Facebook and Twitter), we may collect, record and retain certain System Collected Data and User Authorised Data regarding your activities on those social media channels, such as the frequency of your visits. For example, if you choose to use the Facebook “like” button to indicate you like any of our pages or apps, or if you tag any of your social media contacts or link to them in any content you post, we will record this information. This is most like to be non-personally identifiable information but may also include personally identifiable information depending upon your settings with those channels.
Any content you put or add on any of our social media channels will be Directly Provided Data, which may be personally identifiable information depending upon the content. We will collect, record and use that content and any other information you provide when putting or adding it to any of our social media channels (including any information that you have permitted those social media channels to share with us or that is allowed by your user settings on those sites).
Finally, any additional information about you that you need to provide when you use a particular social media channel or app will be explained in the terms and conditions for that app.
- Clicking on ASOS emails, banners, hyperlinks or plugins: if you view or click on emails that we have sent you, or on banners, hyperlinks or plugins we have placed on our website or other websites, both the fact that you have done so , as well as the address of the site you were on when you did so, will be Directly Provided Data that we will record. This is all non-personally identifiable information. We will use this information to track and analyse how successful those emails, banners, hyperlinks or plugins are in engaging with you.We are constantly innovating to improve ASOS and the Services, which means we may create new ways to collect information from you. If we do, we’ll tell you about any new information we are collecting through updates to this notice.
- What about cookies?
(1) Site functionality cookies – these cookies allow you to navigate the site and use our features, such as “Add to Bag” and “Save for Later”.
(2) Site analytics cookies – these cookies allow us to measure and analyse how our customers use the site, to improve both its functionality and your shopping experience.
(3) Customer preference cookies – when you are browsing or shopping on ASOS, these cookies will remember your preferences (like your language or location), so we can make your shopping experience as seamless as possible, and more personal to you.
(4) Targeting or advertising cookies – these cookies are used to deliver ads relevant to you. They also limit the number of times that you see an ad and help us measure the effectiveness of our marketing campaigns.
By using our site, you agree to us placing these sorts of cookies on your device and accessing them when you visit the site in the future. If you want to delete any cookies that are already on your computer, the “help” section in your browser should provide instructions on how to locate the file or directory that stores cookies. Further information about cookies can be found at www.aboutcookies.org. Please note that by deleting or disabling future cookies, your user experience may be affected and you might not be able to take advantage of certain functions of our site, and the complete ASOS user experience that we pride ourselves on providing our customers.
- How may we use your information?
We collect all of this information from you for a number of different purposes, which we want you to understand – all of these purposes apply wherever ASOS does business, including countries outside your own. A number of specific uses for specific data is already detailed above. But we often need to use lots of different types of information or data collectively in order for ASOS to work and in order to be able to provide the Services to you. These more fundamental purposes include the collective use of your information:
- To ensure that our site’s content is presented as effectively as possible for you, and to enable you to participate in interactive features of our site, when you choose to do so - for example by providing you with more customised services and a more customised experience on ASOS through things like language-specific profile pages, updates, and content, news, style advice and/or recommendations relevant to you to customise your experience on ASOS
- To set up, and manage your account, so you can place orders, so we can provide our products and services to you, so we can make sure that the items you order get to you (and get there on time!), so we can communicate with you about your orders and your account, so we can track potential problems and trends, and customise our support responses to better serve you – basically, this relates to the nuts and bolts of our online retail business. It’s everything involved in putting the products on the website, so you can browse them and then order them, and so we can then deliver them to you and answer any questions or queries you may have. These are all the things that make ASOS tick – and that get you looking good in your choice of our products!
- To ensure that our users are genuine and to ensure that we are paid for goods that we despatch – for example, by using personal information, or disclosing that personal information to a credit reference or fraud prevention agency, in order to confirm your identity and conduct appropriate anti-fraud checks. Any such credit reference or fraud prevention agency may keep a record of that information but please note that a formal credit check is not performed and your credit rating will not be affected.
- To update you on our latest products, news and special offers - If you have registered with us or provided us with your email address and elected to receive marketing communications from us, we will occasionally update you on our latest products, news and special offers via e-mail, post, telephone and other means available through the Services, including mobile text messages and push notifications. You will also be given the opportunity to receive such communications from us and selected third parties. This includes if you choose to use the Facebook “like” button to indicate you like any of our pages or apps. Examples of these communications include: (1) welcome and engagement communications - informing you about how to best use ASOS, new features etc.; (2) service communications on things like service availability, security, and other issues about the functioning of ASOS; (3) promotional communications, including details of our latest sale or promotion. These messages will be sent to you based on your profile information and messaging preferences as selected by you in relation to your account. Please keep your settings up to date or contact our Customer Care team if you wish to change any of these preferences, including unsubscribing from our mailing list.
- To create a link to our app in your social media channels – some of our apps may give you the option to post updates to your Facebook wall or other social media channel, and to the wall of your social media friends, or to send invitations to your friends. This may create a link to our app, dependent on your privacy settings in that social media channel. When you send an invitation, please be aware that it may contain your social media username and profile picture so your friend knows who sent them the invitation.
- To target ASOS banners and ads to you when you’re on certain other websites (what’s called Digital Marketing Re-targetting) – we do this using a variety of digital marketing networks and ad exchanges, and advertising technologies like web beacons, pixels, ad tags, cookies, and mobile identifiers, and the banners and ads you will see will be based on your previous use of ASOS (for example, your ASOS search history, the content you read on ASOS, etc.) or on ASOS banners or ads you’ve previously clicked on.
- To carry out polls, surveys, analysis and research on how our site is being used, customer views, what we could do better etc, - these polls, surveys, analysis and research may be conducted by ASOS, or third parties. ASOS or those third parties may follow up with you via email regarding your participation unless you have opted out of receiving email messages. We may use third parties to deliver incentives to you to participate in polls, surveys, analysis or research, and verifying your contact information, which may require your contact information and other personally identifiable information to be provided to the third party fulfilling the incentive offer.
- to make ASOS’s products and services better and to develop new ones - ASOS uses and stores site statistical information and log data, to help it identify potential areas to improve the services we offer.
- How do we share the information we collect?
We are aware that it is ASOS that you are trusting with your information, not some other company. But, to be able to carry out our business, we do need to work with a number of third parties who are experts in their particular fields – after all, we’re good at what we do, but we’re not good at everything! We are very careful who we share your information with, but it is important that you understand when that sharing takes place and why, and that’s what this section explains. The limited instances where we may share your information include:
- We share your information internally within the ASOS Group when required for our business to function: Like any big global business, ASOS is not just a single company, but instead is a group, made up of a number of different company and entities in different parts of the world. We may therefore need to disclose your information (including your personally identifiable information) to any of our group of companies as necessary, in order to operate ASOS and to provide the Services. As they are all part of the ASOS Group, the requirements set out in this notice apply to all of these companies, as equally as they do to ASOS.com Limited
- We share your information externally with our core service providers when required for our business to function: Also like any big global business, ASOS relies on a number of external companies to provide it with key services, products and applications in order to be able to provide the Services. These include for example companies who help us pick and pack orders, make deliveries, support our customers, carry out fraud protection and credit risk reduction checks, support our IT systems, help keep us secure, enable our marketing, audit whether we’re doing what we’re supposed to be doing, or make sure we’re keeping the books right. We just can’t do everything ourselves, after all, and working with experts in various fields enables us to improve our Services for you in the quickest, most efficient way.
Each of the external companies we work with has been selected by us for their ability to provide what we need to our required specification, including their ability to handle sensitive data (like your personal information) securely and appropriately. Each of these external companies has a contract with us, which clearly sets out our expectations and requirements in handling any of your information, and holds them fully responsible for meeting those expectations and requirements. On that basis and only on that basis, we may therefore disclose your personal information (including your personally identifiable information) to such third parties who need to be given specific tailored access to your information to facilitate our Services by performing key tasks on our behalf, and who are obligated to only use it in line with our instructions, and not to disclose or use it for other purposes. We are confident that we can trust those third party service providers with your information.
- We share your information when we’re required to comply with a legal request: to do business in all the countries that we do, ASOS is required to liaise with a number of regulators and other law enforcement agencies in each of those countries. Whilst it doesn’t happen often (touch wood!), some of those regulators or agencies may legally require us to share your information with them, under law, under a court order or subpoena, or as a result of some other legal process. If we do come under a legal or regulatory duty to disclose or share your personal data in order to comply with any legal obligation, we will have to share your information (including your personally identifiable information) if we believe that disclosure is reasonably necessary to comply. Having said that, we may dispute such demands when we believe, in our discretion, that the requests are overboard, vague or lack proper authority. We will also attempt to notify you about legal demands for your personally identifiable information when appropriate in our judgment, unless prohibited by law or court order or when the request is an emergency.
- We share your information where we believe it’s reasonably necessary to protect ASOS or our customers: Sadly, ASOS (like many other companies) can be the subject of attempted fraudulent or criminal activities, which does sometimes require us to take certain steps to protect both our business and our customers. We may therefore disclose your information (including your personally identifiable information) if we have a good faith belief that disclosure is reasonably necessary to (1) detect, investigate, prevent, take action regarding or otherwise address suspected or actual illegal activities, fraud, security or technical issues or to assist government enforcement agencies; (2) enforce or apply our terms and conditions of usage; (3) investigate and defend ourselves against any third-party claims or allegations; (4) protect the security or integrity of our Service; or (5) to exercise or protect the rights, property, or safety of ASOS, our customers, or others.
- We share your information externally with other partners when we have your consent to do so: ASOS works with a number of other partners who, whilst not essential for our business to operate, do enhance your experience with ASOS and your usage of the Services, in our opinion. This includes our marketing partners and social media partners (like Facebook or Twitter, if you’ve chosen to link your ASOS account to those services or publish your activity on ASOS to them) as well as third parties to deliver incentives to you to participate in competitions, offers, polls, surveys, analysis or research. We only believe in partnering with companies that we believe are right for ASOS and its customers, and that enhance our Services. On that basis and only on that basis, we may therefore disclose your personal information (including your personally identifiable information) to such third parties who are obligated to ASOS only use it in line with our instructions, and not to disclose or use it for other purposes. We are confident that we can trust those third party service providers with your information. But, as we know that people can feel strongly about their information being shared with companies when it is not essential to do, we will only do so where you have given us your consent to do that. And if you change your mind at any time, we’ll stop that sharing as soon as we can. More details on how to do that are set out below.
- We may share your information externally if we are considering a corporate transaction: We are always looking at ways to make our corporate group stronger and more effective. As a result, we may sometime consider certain corporate transactions, such as a merger, acquisition, bankruptcy, dissolution, reorganization, or similar transaction or proceeding. If we were to consider such a transaction, that may involve the transfer of your information (including your personally identifiable information) solely for the purposes of enabling that transaction or proceeding to be assessed. In the event that ASOS sells or buys any business or assets, or if ASOS or substantially all of its assets are acquired by a third party, your personal data which we hold about our customers may be one of the transferred assets.
- We may share aggregated non-personally identifiable information externally: We do also share certain information which, whilst not personally identifiable information relating to you, does include information that relates to your usage of our products, sites and Services, aggregated together with the same information from other users for example. Even though this would not include your personally identifiable information, we nonetheless want you to be able to understand that level of sharing as well. This sharing therefore happens for reasons such as these:
- We may provide reports containing aggregated information about your activities on various pages on our websites, or what are called ‘impressions’, to companies hosting ASOS plugins and similar technologies to help them measure ASOS-generated traffic to their websites.
- We may share aggregated or non-personally identifiable information with our brands and other product providers. For example, we may tell brands stocked on ASOS how many people viewed or purchased one of their product lines.
- We may disclose aggregate, anonymised statistics about the number of visitors to this site or the number of purchases made as required by our investors.
- How we DON’T use your information
- WE WILL NOT Sell your information without your consent: We will not sell your personally identifiable information – including your name, address, e-mail address, or credit card information - to any third party. We believe this is absolutely essential to receive and repay your trust in us.
WE WILL NOT Share your information with third-party advertiser or ad networks: We do not currently display third party adverts on our website and, even if we did, we would not support sharing your personally identifiable information with any third-party advertiser or ad network.
- How long do we keep your information for?
In the explanations above, we have tried to be as specific as we can about how long we keep your information for. But in general we retain the information you provide either while your account is in existence, or as needed to be able to provide the Services to you, or (in the case of any contact you may have with our Customer Care team) for as long as is necessary to provide support-related reporting and trend analysis only.
If legally required or if it is reasonably necessary to meet regulatory requirements, resolve disputes, prevent fraud and abuse, or enforce our Terms and Conditions, we may also retain some of your information for a limited period of time as required, even after you have closed your account or it is no longer needed to provide the Services to you.
- Your options and choices
We want you to have simple and meaningful choices over your information. While we work hard behind the scenes to protect you and your data at all times, we’re also committed to providing you with tools to further manage the privacy and security of your information yourself.
With respect to the information relating to you that ends up in our possession, and recognising that it is your choice to provide us with your personally identifiable information, we commit to giving you the ability to do all of the following:
- You can verify the details you have submitted to ASOS by contacting our Customer Care team, or via the e-mail address or address given below. Our security procedures mean that we may request proof of identity before we reveal information, including your e-mail address and possibly your address.
- You can also contact us by the same method to change, correct, or delete your personal information controlled by ASOS regarding your profile at any time. Please note though that, if you have shared any information with others through the ASOS Social Media channels for example, that information may remain visible, even after you have deleted the information from your own account.
- You can withdraw or modify your consent to ASOS’ collection and processing of the information you provide at any time. You can do this by changing your account settings. You can access 'Your Account' by logging in.
- You can link or unlink your ASOS account from an account on another service (e.g., Facebook or Twitter), also by changing your account settings.
- You can close your account, also through our account settings. If you close your account(s), we’ll deactivate it and will generally delete closed account information within 30 days of account closure, except as set out in this notice. However, we may retain archived copies of your information as required by law or for legitimate business purposes (including to help address fraud and spam). Please note though that, if you have shared any information with others through the ASOS Social Media channels for example, that information may remain visible, even after you have closed your account.
- You can opt-out of receiving marketing communications from us at any time.This can be done through your account settings, by clicking on the "unsubscribe" link in any email communications which we might send you, or by contacting our Customer Care team. Once you do this, we will update your profile to ensure that you don’t receive further emails. Please note that this might take a few days for all our systems to have updated with that fact, and that you might receive a small number of emails from us while we process your request.
- At any time, you can request a copy of the personal data we hold on our systems about you. If you wish to do so, please contact our Customer Care team who will be able to assist you with your query. We won’t charge you anything for this, but we might need to ask some further questions to confirm your identity before we provide any information.
You may also have choices available to you through the device or software you use to access ASOS. For example, the browser you use may provide you with the ability to control cookies or other types of local data storage, or your mobile device may provide you with choices around how and whether location or other data is shared with us. [In particular, if online adverts are not to your liking, we would encourage you to find out more about the Do Not Track browser setting.] To learn more about these choices, please refer to your device or software provider.
- Protecting your security
We are always striving to make sure your information is protected. As soon as we receive your information, we use various security features and procedures, taking into account industry standards, to try to protect the personal information that you provide and to prevent unauthorised access to that information. For example:
- We also offer secure “https” access to the transactional parts of ASOS.com website (that is to the bits where you are required to provide Directly Provided Data). [This includes to existing SSL access over mobile devices]. [We’re working on making secure “https” access a default across ASOS.]
- Access to your data on ASOS is password-protected, and sensitive data (such as credit card information) is protected by SSL encryption when it is exchanged between your web browser and the ASOS Services. To further secure your credit card, we also don’t keep details of the security code (or CCV number) that you need to input in order to complete an order using your credit card.
- To protect any data you store on our servers, we regularly monitor our system for possible vulnerabilities and attacks, as well as carrying out penetration testing of our own on those systems to try to identify possible improvements. We also use a tier-one secured-access data center.
We will do our best to protect your personal data. Unfortunately, security cannot be guaranteed though. There are therefore a number of general things we would also recommend that you do. Please help keep your account safe by using a strong password that includes characters other than just letters. We will also encourage you not to use the same password across all or many of your online accounts. As emails, instant messaging, and similar means of communication are not encrypted, we also would recommend not communicating any confidential information through these means.
- Contacting us
Both the information you provide to us, and the information we collect, is controlled by ASOS.com Limited, including for the purpose of the Data Protection Act 1998 (the Act) and any other applicable laws.
We are always keen to hear from our customers (especially if you feel we’ve let you down or fallen short of your expectations). We are always grateful for any time you spend providing us with the knowledge we need to ensure our customers are completely satisfied – after all, we want you to return to the site and to recommend us to your friends and family. If you have any questions or feedback about this statement, or if you would like us to stop processing your information, please do not hesitate to contact a customer service member of the ASOS team, who will be delighted to answer any questions you may have. You can either contact customer care via the ASOS website, or, write to us at:
Building 2. People Building
Hemel Hempstead Industrial Estate
- Changes to this Policy
This page was last updated on 1 April 2015.