LONDON

 

PRIVACY POLICY

We are Bret's, and this Privacy Policy explains how we collect, use and share your personally identifiable information ("Personal Data") when you access or use our website (www.brets.com/en/gb), mobile application, blog, branded pages on social media services, or any of the other sites, services, features, content or applications we offer in the United Kingdom (collectively, the "Services"), register an account with us, purchase our products or contact us from anywhere in the European Union, Iceland, Norway or Lichtenstein. Bret's Ltd. and its subsidiaries, including Bret's Corporation Ltd. (as applicable, "Bret's", "we", "us" or "our"), are the data controllers of your Personal Data. We encourage you to read this Privacy Policy in its entirety.

We urge you to read this Privacy Policy in full, but wanted to mention a few things upfront:

• If you use our Services, we may receive some of your Personal Data, even if you haven't created an account with us or purchased our products. This information may include your IP address, the type of device you're using, and other similar details, which we may use to understand how and where our Services are being used, among other purposes mentioned in this Privacy Policy. However, if you do create an account with us or buy our products, we'll collect additional Personal Data from you. We'll use this information to verify your identity, process your orders, market to you, and for other purposes as outlined in this Privacy Policy.

• This Privacy Policy outlines the different reasons for which we use your Personal Data and the legal grounds that support those purposes. As stated below, the legal basis we rely on for using your Personal Data may be due to contractual necessity (i.e., when we need to use your Personal Data to fulfill a contract with you), your freely given consent (which can be withdrawn at any time), and/or our legitimate business interests or those of others. However, we will only use your Personal Data for legitimate interests if we have assessed that such interests do not override your own rights, interests, and freedoms.

• Below, you can find information about your rights regarding the Personal Data we collect from you.

We do not knowingly collect or solicit Personal Data from anyone under the age of 18. If you are under the age of 18, please do not use the Services or attempt to send us any Personal Data. If we learn that we have collected Personal Data from someone under the age of 18, we will delete that information as quickly as possible, as stated in our Terms of Service.

If you are based in the European Union, Iceland, Norway or Lichtenstein, our subsidiary Loizou Trading Ltd based in the United Kingdom is the primary data controller of your information, and Bret's Corporation Limited has a registered office at Unit 1G, Tewin Court, Welwyn Garden City, Herts, AL71AU. You may contact us there or at sales@bret's.com if you have any questions or concerns about our collection and/or use of your Personal Data. If you are using the Services outside of the areas listed in this paragraph, a different privacy policy may apply to you instead.

The Services are operated in the United Kingdom by Bret's Corporation Ltd. and certain of our service providers. By using the Services, you acknowledge that any Personal Data you provide to us will be hosted on United Kingdom servers. Bret's Corporation Ltd

This Privacy Policy does not apply to Third Party Services that we do not own or control, including, but not limited to, any third party websites, services, products, or applications that you access and interact with during your use of the Services, or to individuals that we do not manage or employ. We take steps to ensure that we only work with Third Party Services that share our respect for your privacy, but we cannot take responsibility for the content, products, services, or privacy policies of those Third Party Services. We encourage you to carefully review the privacy policies of any Third Party Services you access.

PERSONAL DATA YOU PROVIDE US

REGISTRATION INFORMATION

We collect your email address and the password you enter when you register for an account with us, and we use them to verify your identity, based on our legitimate business interests in keeping your account secure and preventing fraudulent transactions.

We also use your email address:

• to send you confirmations, notifications and other information regarding your account, your shave plans and your purchases, as may be necessary to complete our contractual obligations to you. Without your email address, we wouldn't be able to provide you this information in a timely and effective manner;

• We may use your Personal Data to send you information and materials about us, our products, and our services that we think may be of interest to you, based on our legitimate business interest in marketing to individuals who have shown an interest in our products and services. You can opt-out of receiving such information during the registration process or at any time by emailing us at sales@bret's.com or by calling us at 01707 321 823.

 

• We may send you information and materials about third parties with whom we partner or do business, and their products and services, but only if you have given us your consent to do so. You can choose to receive such messages when you register an account with us, and you can always decide to stop receiving these emails by contacting us at sales@brets.com or calling us at 01707 321 823.

If you choose to register for or access the Services using Third Party Services, such as Facebook, we may collect and receive your login credentials for such Third Party Service. This is only done if you expressly provide us with such information, and we will only use it for the purposes described above. We recommend that you review your privacy settings on any Third Party Service and their privacy policies to understand more about disclosures of information from your applicable Third Party Services.

SHIPPING AND PAYMENT INFORMATION

When you sign up for a shave plan or make a purchase through our Services or by phone with one of our customer service representatives, we will need to collect certain information from you, including your first and last name, shipping address, and telephone number (together referred to as "Shipping Information"). We will also collect payment information from you, such as your billing address and credit or debit card details, including the card type, number, security code, and expiration date (together referred to as "Payment Information"). We use this information to process, confirm, fulfill, and inform you about your shave plans and orders, as required to complete a contract with you. If we don't have this information, we won't be able to complete your purchase and deliver your products to you.

The Payment Information we collect through the Services is encrypted and secured using industry standard methods to prevent loss or theft, including during transmission to our third party payment processing company, which is currently Stripe. It's important to note that your Payment Information is stored by our Payment Processor, not by us. The use and storage of this information by the Payment Processor is subject to their applicable terms of service and privacy policy, which you can find at their website: https://stripe.com/gb/legal.https://stripe.com/gb/privacy).

We utilize your Payment Information to authenticate your identity when you manage your account, shave plan, or orders, or when you place a new order, as part of our legitimate business interests to maintain the security of your account and prevent fraudulent transactions. As previously mentioned, we do not retain your Payment Information ourselves. It is stored by our Payment Processor, and we must obtain your Payment Information from our Payment Processor or from you to confirm your identity or to process and fulfill your shave plans.

Our legitimate business interest in making the Services more convenient for your continued use involves the use and storage of your Shipping Information. This information is used to facilitate your purchases or shave plan sign-up processes, making it easier for you to engage with our Services.

We may utilize your name and shipping address to send you information and materials about our products and services that we think might be of interest to you. This is based on our legitimate business interest in marketing to individuals who have shown interest in our products and services. You can choose not to receive such communications when registering an account with us, and you may also stop receiving them at any time by contacting us at sales@brets.com or calling us at 01707 321 823.

If you give us your consent to do so, we may share your name and shipping address, as well as certain transactional information (including transaction date, value, amount, type, and order ID) with Epsilon Abacus. Epsilon Abacus provides data cooperative and marketing services to a group of retailers known as the Abacus Alliance, whose members may use the shared information to better market to existing and prospective customers. The transactional information is aggregated so that details of individual transactions are not shared. We share this information with Epsilon Abacus to help them analyze your buying patterns and determine which products are likely to appeal to you. Epsilon Abacus then shares your name and shipping address with Abacus Alliance Members who may offer such products. This sharing of information is based on our and their legitimate interest in marketing our products to individuals who have expressed an interest in our products and services.

When registering an account with us, you have the option to agree to share your information with Epsilon Abacus and the Abacus Alliance. If you do so, your name and shipping address, along with transactional information, will be shared with the Abacus Alliance Members for the purpose of analyzing your buying patterns and providing you with information about products likely to appeal to you. By agreeing to share this information, you also agree to receive information and materials by post from other Abacus Alliance Members, which are limited to retailers in the clothing, collectibles, food and wine, gardening, gadgets and entertainment, health and beauty, household goods, and home interiors categories. It is important to note that the list of retailers in the Abacus Alliance may change periodically.

If you no longer wish to share your information with Epsilon Abacus and the Abacus Alliance or to receive materials by post, you can contact us at sales@bret's.com or call us at 01707 321 823. Additionally, you may wish to register with the Mailing Preference Service (MPS), a free service funded by the direct mail industry, to have your name and home address removed from mailing lists. This will help you to stop all unsolicited postal communications. For more information or to register with the MPS, please visit their website at www.mpsonline.org.uk..

INFORMATION YOU SHARE WITH US IN COMMUNICATIONS OR INTERACTIONS

Whenever you contact us or our customer service representatives via the Services, such as through email, phone, or messaging, we keep a record of your communication to assist you with your queries or complaints regarding our products and services. We may also use this information to train our customer service representatives, as part of our aim to provide you with high-quality customer service. Moreover, we use the information you provide us to handle your account-related requests, including those related to your shave plans and purchase orders. This is necessary to fulfill our contractual obligations to you, and without this information, we may not be able to address your requests. If you respond to a survey or leave a comment or review about us, our products, or the Services, we also record and analyze your feedback to assess and address your concerns, based on our legitimate business interest in delivering quality products and services to our customers.

OTHER PERSONAL DATA WE RECEIVE ABOUT YOU

We collect certain information about you automatically when you access or use our Services, or when you interact with us through other websites or mobile applications. This information includes data that is automatically generated by your device or web browser, such as your IP address, browser type, operating system, referring URLs, pages visited, and device identifiers. We also collect information from third-party sources, such as advertising and analytics companies.

LOCATION INFORMATION

When you use or access the Services, we gather data from your web browser, such as your device's settings, unique identifiers, and IP address. This information helps us to identify your approximate location accurately and reliably, and aids us in providing you with Services and information that are relevant to you. We collect this data based on our legitimate business interest in improving our Services and understanding how they are being used.

COOKIE INFORMATION

When you use the Services, we and certain third-party service providers collect information from your web browser and device through Cookies. These Cookies are small files, usually consisting of letters and numbers, which are placed on your computer, tablet, phone, or similar device when you visit a website. We refer to these technologies as "Cookies," which include pixel tags or web beacons. Cookies can be "session Cookies," which are temporary and stored on your device while you access or use our Services, or "persistent Cookies," which are stored on your device for a certain period of time after you leave our Services. The duration of a persistent Cookie varies. Our legitimate business interests in providing you with reliable and accurate Services and improving our Services guide the use of Cookies.

We utilize Cookies to gather data about your internet usage, which includes your internet protocol (IP) address, internet service provider, browser type and version, the pages you visit and the links you click on our Services, the page you were referred from or the page you land on after leaving our Services, and device-specific information if you use a mobile device, such as unique device identifiers, network information, and hardware model (collectively referred to as "Cookie Information"). We do this to:

• Our use of Cookies serves the purpose of allowing you to access and utilize our website and the features or content on the Services that you request or intend to use. This is based on our legitimate business interest in providing you with quality Services. Specifically, some Cookies, also known as "essential cookies," enable you to log into your account or use the "shopping cart" functionality on the Services. While you have the option to disable these Cookies, doing so may impair the Services' performance and cause certain features and services to become unavailable to you.

 

• We use Cookies to determine whether you have previously visited or used the Services, and if so, whether you indicated any preferences during your previous visits or use, based on our legitimate business interest in personalizing the Services for repeat visitors. These Cookies are generally known as "functionality cookies," and are persistent Cookies. However, you can disable these Cookies, but doing so will impair our ability to personalize the Services for you. Our functionality cookies include, for example:

• h_cart: notes the contents of your cart before checkout so that if you navigate away from your basket and return to us, we will remember what was in your cart;

• h_sess: identifies you to our servers after you log in to your account;

• flash: temporarily stores messages and alerts that we display on-screen to you;

• h_personalization: identifies your relationship with us (e.g., whether you have previously made a purchase from us or signed up for a shave plan);

• followed_incentive_code: this Cookie is delivered by us to verify that a referral link is genuine so that we can credit your account accordingly. Without this Cookie, we cannot authenticate the code and the credit cannot be applied;

• h_geoip: determines from which country you are accessing the site so that we can present a country-specific experience (e.g., currency, language, products, shipping options);

• h_public: stores your public user ID which helps us serve a personalized site experience;

• h_mobile: determines if you are on a mobile device to serve a mobile optimized site experience;

• h_signed_once: remembers if you have logged in before to default your login option to login instead of create account;

• h_user: identifies you as being logged-in;

• h_dc: remembers if you applied a discount code to apply that discount at checkout;

• referrer, utm_source, h_p_utm_source, utm_medium, h_p_utm_medium, utm_campaign, h_p_utm_campaign, h_p_utm_term, h_p_utm_content and h_p_eid: identify from which campaigns visitors to our website originated;

• h_gdpr_cookie_agree: remembers if you agree to being tracked via Cookies; and

• multi_step_builder_state: remembers your progress in completing the checkout experience for a subscription;

• h_membership_seen: remembers if you have seen the Core Membership program;

• h_churn_redirected: remembers if you have already been redirected to profile page upon visiting Bret's.com within the last 30 days;

• When you visit our website or Third Party Services, we use Cookies to track the pages you visit and learn about your interests and preferences. This helps us understand which products or services you may be interested in, and allows us to serve you with personalized advertisements for our products or services on the Services and elsewhere. We refer to these Cookies as "retargeting and advertising cookies" and they are persistent Cookies. We have a legitimate interest in marketing our products and services to individuals who may be interested in them. These Cookies allow us to collect information about your online activity even after you leave our Services. We work with several third parties, including Google, to deliver these Services. For more information, please refer to the section titled "Additional information about interest-based advertisements" below.

• We use "performance/analytical cookies" to analyze how visitors use our Services, such as by tracking the number of visitors to our website, the pages they view, and how long they stay on each page. This helps us improve and maintain the accessibility and functionality of our Services, based on our legitimate business interest. These cookies are persistent and may collect information about your online activity after you leave our Services. We also use them to measure the effectiveness of our advertising campaigns and to improve the content on our Services to better market our products and services to interested individuals. We rely on third-party providers to deliver these services. Examples of our performance/analytical cookies include:

• h_eph_sess: a short-lived unique identifier that we use to see if you arrive to our website and whether this could be linked to any offline advertising like TV or radio advertisements;

• h_custype: lets us know if you have purchased from us in the past, so that we can show you relevant information on our website;

• ga: Google Analytics session information, a third party Cookie served by Google; and

• gid: Google Analytics user identifier, a third party Cookie served by Google.

Certain Cookies on our Services are placed by third-party providers, and these Cookies may provide Cookie Information to both the third-party provider and us, allowing us to analyze your browsing habits, such as the pages you visit and links and advertisements you click on. These Cookies may also help us personalize advertisements for our products or services that we believe may be of interest to you, on our Services and elsewhere. For instance, we use Google Analytics, which uses Cookies to analyze how users use our Services. Upon our request, Google uses this information to measure your activity on our Services, create statistical reports on overall website activity, and provide other services related to such activity and internet usage. You can find out more about Google Analytics and their Cookies on this link: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage. If you are on the web, you can also opt-out of Google Analytics by installing Google's opt-out browser add-on: https://tools.google.com/dlpage/gaoptout. We don't have control over third-party Cookies.

If your browser has a "Do Not Track" or "DNT" option, this allows you to signal to Third Party Service operators that you do not want them to track certain of your online activities across different websites over time. However, as we collect persistent identifier and browsing data, our Services are not currently compatible with DNT requests. This means that we may collect information about your online activity both during and after you use our Services. It is important to note that some Third Party Services may also not support DNT requests, so you should review their privacy policies for further information.

You have the option to accept or reject most Cookies. You can delete Cookies and turn off the Cookie feature in your browser's "preferences" or "options" section, which will prevent your browser from accepting new Cookies and give you the ability to decide whether to accept each new Cookie in various ways. If you decide to turn off the Cookie feature, you can prevent us from collecting your Cookie Information by not using the Services. However, please note that some of the Services may not work correctly if you choose to stop us from collecting your Cookie Information.

If you'd like to know more about Cookies, including information about how to manage, disable and delete them, you can visit http://ec.europa.eu/ipg/basics/legal/cookies/index_en.htmhttps://ico.org.uk/for-the-public/online/cookies/http://www.youronlinechoices.com/uk/ or http://www.allaboutcookies.org/.

ADDITIONAL INFORMATION ABOUT INTEREST-BASED ADVERTISEMENTS

We display advertisements on our Services and work with third-party ad networks, including ad servers, agencies, technology vendors, and research firms, to serve advertisements. These ads may be targeted to users who fit certain general profile categories or exhibit certain preferences or behaviors (known as "Interest-Based Ads"). We may receive information for Interest-Based Ads, including Personal Data, from you or from the usage patterns of particular users on our Services and/or Third Party Services over time. Cookies, including web beacons, may be used by us or our third-party service providers to gather this information and enable ad networks to view, edit, or set their own Cookies on your browser to serve Interest-Based Ads when you visit other websites. Web beacons also allow us and our advertisers to receive anonymized, aggregated auditing, research, and reporting about advertisements. Please note that you can choose to stop us from collecting your Cookie Information by turning off the Cookie feature on your browser or by ceasing to use our Services. You can also opt out of Interest-Based Ads sourced by Google using Google's Ads Settings. For more information on how to make choices about Interest-Based Ads from participating third parties and to learn how to opt-out of receiving them from participating organizations, please visit the user information website of the European Interactive Digital Advertising Alliance.http://www.youronlinechoices.eu/.

LINKS AND CONFIRMATIONS

If you open a Message sent by us, such as an email, SMS, MMS, or push notification, or click on any links within the Message, we receive a confirmation of when and that you did so, as well as Cookie Information. Similarly, if you click on any links anywhere else within our Services, such as on our website or branded social media pages, we receive confirmation and Cookie Information. We collect this information to evaluate the effectiveness of our marketing campaigns and Messages, to better understand our audience, and to learn about your preferences, all based on our legitimate business interest in promoting our products and services to individuals who may be interested in them. If you wish to stop receiving Messages from us, you can do so by contacting us via email at sales@bret's.com or by calling us at 01707 321 823.

Moreover, it is important to note that when you click on an advertisement or a link to a Third Party Service on any part of our Services, the Third Party Service or its advertiser may also receive confirmation and Cookie Information from you, for the same purposes mentioned in the preceding paragraph. This is based on their own legitimate business interest in marketing their products and services to individuals who may be interested. Please keep in mind that this Privacy Policy does not apply to your use or access of any Third Party Services, and we are not accountable for their content, products, services or privacy policies. We highly recommend that you carefully read the privacy policies of any Third Party Services you use or access.

INFORMATION FROM ADVERTISING AND ANALYTICS PARTNERS

We collaborate with advertising and analytics companies that furnish us with specific details about your interactions with the Services, as well as with Third Party Services. This includes your age or birth date, demographic or interest-related data, Cookie Information, hashed email addresses, unique identifiers assigned to you by our Advertising Partners, as well as pages or content you've viewed, links you've clicked or other actions you've taken. Our aim is to enhance our understanding of your interests and preferences, so that we can serve you with Interest-Based Ads and gauge their effectiveness. This is based on our legitimate business interest in marketing to individuals who we believe may be interested in our services and products. We strive to target Interest-Based Ads to individuals who match certain general categories, and the information provided to us by our advertising and analytics partners may cause Interest-Based Ads or other types of advertisements or recommendations to appear on Third Party Services that you visit.

Our advertising and analytics partners may use their own Cookies, including web beacons, to collect the information described above and serve targeted advertisements to you on the Services and Third Party Services, as previously mentioned. If you prefer not to have these Cookies collect your information on the Services, you can choose to opt out. Additionally, your browser or device may offer a "Do Not Track" or "DNT" option that allows you to indicate to Third Party Service operators, including behavioral advertising services, that you do not wish to have your online activities tracked across different websites over time. However, we cannot guarantee how these Third Party Services will respond to your browser's signal.

You may also consider changing your settings to block third party Cookies generally, where possible. Again, if you'd like to know more about Cookies, including information about how to manage, disable and delete them, you can visit http://ec.europa.eu/ipg/basics/legal/cookies/index_en.htmhttps://ico.org.uk/for-the-public/online/cookies/http://www.youronlinechoices.com/uk/ or http://www.allaboutcookies.org/.

INFORMATION FROM OTHER SERVICE PROVIDERS

We work with third-party entities to ensure the smooth operation of our business and provision of our services and products to you. These third parties perform various services described in this policy, such as shipping and logistics, email distribution, market research, promotions management, and payment processing. They may also provide us with information about you that they have independently acquired or developed, in accordance with their own privacy policies and practices, which may be necessary to fulfill our contractual obligations to you or to further our legitimate business interests.

TRANSACTION DATA

As part of our efforts to protect against fraudulent transactions, we may request and receive your transaction history from our Payment Processor when processing your purchase orders and shave plans, or when enrolling you in discount, rebate, and other programs you have chosen to participate in. We may also use this information, in combination with the data you provide us, to verify your identity. This practice is based on our legitimate business interest in safeguarding against fraud.

WHO WE SHARE YOUR PERSONAL DATA WITH

We may disclose your Personal Data within our company group, which includes our subsidiary in the United States, Bret's USA, Inc. Additionally, we may share your Personal Data with third-party vendors, service providers, and agents, as described in this policy and on the legal bases outlined herein.

• We may share your Personal Data with shipping and logistics companies, as well as with our Payment Processor and other service providers that we depend on to provide you with the Services, or to process and fulfill your purchase orders and shave plans. This sharing is necessary to fulfill our contractual obligations to you under our Terms of Service or your purchase orders and shave plans.

• We may share your Personal Data with advertising companies, analytics companies, marketing service providers, Epsilon Abacus and the Abacus Alliance Members (if you have indicated your consent), fraud detection and prevention service providers, name and address verification service providers, email providers, email verification and suppression service providers, hosting and database service providers, data security service providers, customer relationship management service providers, and staff augmentation and contract personnel, for various legitimate interests outlined in this Privacy Policy.

We limit the Personal Data shared with third party vendors, service providers, and agents to the extent necessary to perform their services. We collaborate with them to ensure that your privacy is respected and protected. These third parties are not authorized to use your Personal Data beyond what is required to provide the services requested by us, unless expressly stated in this Privacy Policy or otherwise communicated to you. We also share your Personal Data with other third parties with your explicit consent, including for marketing purposes, which you can revoke at any time by emailing us at sales@bret's.com or calling us at 01707 321 823. As mentioned earlier, you can choose to stop receiving marketing messages from us at any time by emailing us at sales@bret's.com or calling us at 01707 321 823. In addition, we disclose certain Cookie Information to Third Party Services if you have chosen to engage with them through the Services, such as by clicking on a link or advertisement on the Services.

PUBLIC INFORMATION

If you publicly post any information or content on the Services, such as comments or reviews regarding our shave plans, products, or Services, or if you post such content elsewhere, including on your social media accounts, and that content relates to us or the Services, we may receive and share that public information with third parties. This is based on our legitimate business interest in marketing our products and services.

CHANGE OF OWNERSHIP OR CONTROL

In the event that we are acquired by or merge with another company, go out of business or enter bankruptcy, or sell some or all of our assets, your Personal Data may be sold or transferred as part of the transaction. If any of these situations occur, we will continue to apply this Privacy Policy to your Personal Data.

LAWS AND SAFETY

We reserve the right to access, read, preserve, and disclose your Personal Data when we reasonably believe it is necessary to:

• satisfy any applicable law, regulation, legal process or governmental request;

• enforce this Privacy Policy and our Terms of Service, including investigation of potential violations hereof or thereof; or

• protect our rights, property or safety, and those of our users, customers and the public.

This Privacy Policy does not intend to restrict your rights and options regarding your Personal Data, including your ability to file a complaint with your local data protection authority.

HOW WE PROTECT YOUR PERSONAL DATA

We take appropriate technical and organizational measures to protect your Personal Data, considering the nature of the data and processing activity involved. For instance, we use industry-standard encryption methods to secure all Payment Information regularly collected through the Services and ensure its security against loss or theft during transmission to our Payment Processor. However, we cannot guarantee or warrant that these measures will prevent unauthorized access to your Personal Data or other information we collect and store about you. Factors like unauthorized entry or use, hardware or software failure may compromise the security of your information at any time.

You can play an active role in preventing unauthorized access to your account with us and your Personal Data by choosing a strong and unique password and safeguarding it appropriately. Additionally, you should limit access to your device and browser by signing off after you have finished accessing your account. This will help ensure that your Personal Data remains secure and protected from potential security breaches.

INTERNATIONAL TRANSFERS OF YOUR PERSONAL DATA AND PRIVACY SHIELD

At times, we may transfer your Personal Data to our authorized third-party agents, vendors, and service providers located outside of the European Union, Iceland, Norway, or Lichtenstein. In such instances, we typically use contracts containing standard provisions approved by the European Commission to ensure that Personal Data receives the same level of protection it enjoys in Europe. If we use third-party agents, vendors, and service providers located in the United States, we may transfer data to them only if they are members of the Privacy Shield program, which mandates that they provide comparable protection to Personal Data shared between Europe and the United States.

The Services are operated and hosted in the United States ("U.S.") by us and our service providers. If you do not reside in the U.S., the laws in the U.S. may differ from those where you reside. By using the Services, you acknowledge that any Personal Data, regardless of whether it was provided by you or obtained from a third party, is being provided to us in the U.S. and will be hosted on U.S. servers. You authorize us to transfer, store, and process your information in the U.S. and potentially other countries. You consent to the transfer of your data to the U.S. in compliance with the EU-U.S. Privacy Shield Framework, which is explained in more detail below.

Bret's, Inc. and its U.S. subsidiary, Bret's USA, Inc., comply with the EU-U.S. Privacy Shield Framework established by the U.S. Department of Commerce for the collection and use of Personal Data transferred from the European Union. Our Privacy Shield certification and additional information about the Privacy Shield program can be found at www.privacyshield.gov. We follow the Privacy Shield Principles, which include notice, consent, accountability for onward transfer, security, data integrity and purpose limitation, access, and recourse, enforcement, and liability with respect to all Personal Data received from the European Union. We remain potentially liable under the Privacy Shield Principles if any third party processing Personal Data on our behalf fails to comply with them (except to the extent we are not responsible for the event giving rise to any alleged damage). The U.S. Federal Trade Commission has the power to investigate and enforce our compliance with the Privacy Shield.

If you have any questions or concerns regarding our Privacy Shield certification, please contact us at sales@bret's.com. If you don't receive a timely response to your Privacy Shield-related complaint from us, or if we don't resolve your complaint, you may file a complaint with JAMS, an alternative dispute resolution provider with offices in London and the United States, by visiting https://www.jamsadr.com/file-an-eu-us-privacy-shield. This service is free of charge to you. Under certain conditions, you may also be entitled to invoke binding arbitration for complaints not resolved by other means.

In case of any inconsistency between the terms of this Privacy Policy and the Privacy Shield Principles, the latter shall prevail. You can find more information about the Privacy Shield program and view our certification by visiting https://www.privacyshield.gov/. If you are an EU individual and have any questions or concerns about our privacy practices in the U.S., you can contact us at sales@bret's.com, or follow the arbitration process described above.

WHAT YOUR RIGHTS ARE TO YOUR PERSONAL DATA, AND HOW YOU CAN EXERCISE THEM

You possess certain rights regarding your Personal Data, which are detailed below. To learn more about these rights or to make a request regarding them, you may send an email to sales@bret's.com. Please note that we may be unable to fully satisfy your request in certain situations, such as if it is trivial, incorrect, or incredibly impractical, if it threatens the rights of others, or if it is not mandated by law. Nonetheless, we will still respond to inform you of our decision in such cases. In certain circumstances, we may also require additional information from you, including Personal Data, in order to verify your identity and the type of request you are making.

RIGHT OF ACCESS

• If allowed by law, you may request additional details about the Personal Data we have regarding you and obtain a copy of your Personal Data. If you have an active account with us, you can also access your Personal Data by visiting your account settings on our website.

RIGHT OF RECTIFICATION

• If you think that any of your Personal Data held by us is incomplete or inaccurate, you can request that we correct or add to it. Alternatively, you may be able to make some corrections to your Personal Data directly through your account settings on our website.

RIGHT OF ERASURE

• If permitted by applicable law, you may request the deletion of some or all of your Personal Data from our systems. You can also delete your account with us at any time by contacting us via email at sales@bret's.com or by phone at 01707 321 823.

RIGHT TO WITHDRAW CONSENT

• If we are processing your Personal Data based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent to this processing at any time, which you can do by emailing us at sales@bret's.com or calling us at 01707 321 823. Please note, however, that if you exercise this right, you may have to then provide express consent on a case-by-case basis for the use or disclosure of certain of your Personal Data, if such use or disclosure is necessary to enable you to utilize some or all of our Services.

RIGHT TO OBJECT TO PROCESSING AND TO RESTRICT PROCESSING

• You have the right to object to the use or disclosure of your Personal Data for certain purposes, such as marketing, and request that we restrict further processing of your Personal Data, where permissible.

RIGHT OF PORTABILITY

• If permitted by applicable law, you have the right to request a copy of your Personal Data in a machine-readable format and to request that we transmit the data to another controller, where technically feasible.

RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY

• If you are not satisfied with our handling of your Personal Data, you have the right to file a complaint with the supervisory authority of your country or EU Member State. You can find more information about the supervisory authorities and their contact details at http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.

OUR PERSONAL DATA RETENTION POLICY

We keep your Personal Data as long as you maintain an active account with us, or as needed to provide you with our Services. In certain cases, we may retain Personal Data for a longer duration if it is essential to serve our legitimate business interests (provided that such interests do not take precedence over your own rights and freedoms), adhere to our legal obligations, settle disputes or collect outstanding fees, carry out audits, or if permitted or mandated by applicable laws, rules or regulations. Once your Personal Data is no longer necessary for the purposes we collected it for, we securely dispose of it, although we may keep some information in a depersonalized or aggregated form that does not identify you personally.

As mentioned earlier, you can ask us to erase some or all of your Personal Data from our systems, and you can also delete your account with us at any time by contacting us via email at sales@bret's.com or calling us at 01707 321 823.

ANY QUESTIONS OR CONCERNS?

If you have any questions or concerns regarding the collection, use, protection, or sharing of your Personal Data, including our legitimate business interests or those of others described above, please send a detailed message to sales@bret's.com. You may also contact Bret's Corporation Ltd at its registered office, located at Unit 1G, Tewin Court, Welwyn Garden City, Hertfordshire, United Kingdom, AL7 1AU. We will make every effort to address your concerns.

EFFECTIVE DATE:

14 July 2022