Last updated July 7th 2018.
This privacy statement aims to give you a clear view of how we use personal information that you provide, our dedication to protecting it, your rights and the options you have to control your personal information and protect your privacy. It also outlines what personal information we collect about you when you visit our websites, stores and how we use your personal information and who we share it with.
For the purposes of data protection this policy refers to the applicable Icelandic Data Protection Act and the EU General Data Protection Regulation (GDPR) or any subsequent, and successor, legislation.
66°North, registered under the name Sjóklæðagerðin hf., reg. no. 550667-0299, Miðhrauni 1, 210 Garðabær, Iceland is the data controller of the personal information we hold about you.
What is personal information?
Personal information, or personal data, refers to any information about an individual from which that person can be identified. It does not refer to anonymous data. Anonymous data is information where any personal identifiers have been removed.
How do we use your personal information?
We use your information in a number of ways to make your shopping experience as easy and enjoyable as possible. The use of the personal information depends on the legal basis for processing your personal information.
We collect information about your name, contact details and payment details in order to fulfil and perform our contract with you. Those measures include:
- processing your order online including delivery, payment and returns.
- maintaining and securing your account by requiring holders to provide their email address and create a password to access their account.
- sending you updates of your order by email.
- sending, special offers and promotions that may be of interest if you have consented for us to do so or we believe may be of interest to you. You may opt-out of receiving these messages at any time.
- detection and prevention of fraud to prevent and detect fraud against you or the company.
- To provide customer support: if you contact our Customer Service (or vice versa), we will use personal information such as your order information and contact history to process your request and provide you with the best service possible.
- For items being delivered by our courier, the courier company will send you an email or a text message with a delivery update if you provided a valid phone number and email address when you placed the order.
We will use personal information about you not based on a contractual requirement or consent based on our legitimate interests to:
- Collect information about customers' browsing and buying habits for statistical analysis and to continuously improve the 66°North website and the products and services offered to our customers.
- Conduct analytics: we will use the personal information we hold about you (as well as pseudonymised or anonymised information generated from your personal information) to carry out analysis and research. We carry out all such analysis and research in order to understand our customers and ensure that our products meet the needs of our customers.
- Manage our business endeavours, such as analysing and managing our businesses, internal management and business planning, market research, review, new product development, to improve our website, to improve service and products, to identify usage, to evaluate the effectiveness of our promotional campaigns, to customize the experience of the website and its contents according to your previous use of the pages, and to measure customer satisfaction and provide customer service (including troubleshooting related to issues encountered by customers).
Please note that your personal information is only used in this purpose when necessary and your interests are not greater than the company’s interests.
Sharing your personal data
To the extent necessary to perform our contract with you our employees have access to personal information. We may share personal information with third parties (processors) that is a service provider, agent or developer for the purpose of completing a project or providing you with a service or product that you have requested or approved. We may also share information with other processors when necessary to protect critical interests, e.g. when collecting a default claim. We also share information for statistical purposes with employees and processors who work with quality and marketing efforts. We provide the processors with only the personal information necessary for them for the above purposes and we conclude an agreement under which they are obliged to keep your information safe and use them for the above purposes only. For example, our Courier Service has selected access to your details for delivery purposes only.
Why do we contact you?
We contact you for various reasons. For example:
• When you make a purchase online, we will contact you by email to notify you of updates to your order.
• If you have signed up for our newsletters, we contact you to update you about exciting new product launches, updates, store openings, sales and offers which are exclusive to our Contact List. You can opt out of marketing emails at any time – see below for more details. We use Mailchimp as our email marketing platform. Mailchimp has certified its compliance with EU-U.S. Privacy Shield Framework and therefore provides adequate data protection.
We will also contact you about leaving reviews for products once you have received your order.
• If successful when entering any of our competitions or prize draws we will contact you by email to notify you.
• We will contact you by telephone if there is a problem with your order or if we need to get in touch regarding a refund.
• Where you contact us via social media to make an enquiry, we will respond via the email you have provided when you placed your order.
Preservation of your personal data
66° North tries to maintain your personal information accurately and reliably, and update them as needed. We maintain your personal information for a maximum of 7 years unless you have given our consent to preserve them longer or if necessary to comply with legal requirements. We will review all your personal information regularly and review whether we may retain them. If we decide that we may not retain them, we will discontinue all processing with your personal information from that time. If there is a possibility that your personal information might be needed later to comply with legal requirements, e.g. to the tax authorities, or to appeal or defend against a claim, we will copy the relevant personal information and keep them in safe form for as long as necessary.
How we protect your personal information?
• We are committed to protecting your personal information and implement appropriate technical and organisational security measures to protect it against any unauthorised or unlawful processing and against any accidental loss, destruction, or damage
• All in all, it is highly important to protect all personal information well and therefore have an internal control system to ensure that appropriate technical and organizational safety measures are always taken.
• We will notify you without undue delay in the event of a breach of security regarding your personal information that poses a high risk to you. Such security violations are security breaches that result in unintentional or unlawful destruction of personal data or that they are lost, altered, displayed, or granted unauthorized access.
We also want to state that data transfer on the internet is never completely safe. You are therefore advised to inform us immediately if you consider any information provided by you to be at risk.
Your personal data may be stored and transferred outside the European Economic Area to countries that do not provide adequate protection to that provided within the European Economic Area, such as the United States of America. We only transfer personal data to service providers that have fulfilled certain legal requirements enabling them to provide an adequate level of protection compared to the level of protection offered within the European Economic Area such as through participation in the Privacy Shield framework or standard contractual clauses.
Information about children
As a general rule, we do not intentionally collect personal information about children under the age of 13. If we become aware that we have inadvertently collected personal information about children under the age of 13, we will take steps to delete the information as soon as possible, except where we are required by applicable law to keep it.
Where we know a child is above the age of 13, but considered a minor under applicable law, we will obtain parental/guardian consent prior to using that child's personal information.
What are your rights?
You have various legal rights in relation to the processing of your personal data. Your rights are the following:
Right of access: You have the right to obtain confirmation that your data is being processed and request access to your personal data.
In the first instance we will provide a copy of the information free of charge. However, we may charge a reasonable administration fee when a request is manifestly unfounded or excessive or to comply with requests for further copies of the same information although this does not mean that we will charge for all subsequent access requests.
We will without delay and within 1 month of your request (subject to extensions in some cases):
• confirm what personal data we hold about you.
• provide a copy of the data in commonly used electronic format if the request is made electronically.
• provide any supporting explanatory materials.
• We can extend the time to respond by a further two months where requests are complex or numerous. If this is the case, we will inform you of this within one month of the receipt of the request and explain why the extension is necessary.
Data portability: In addition to your access right you can require us to provide a copy of your information that we hold in a commonly used machine-readable format and transfer it to another retailer.
Rights of Rectification and Erasure (the right to be forgotten): You may ask us to correct or remove information you think is inaccurate or no longer necessary.
Right to complain to your data protection supervisory authority.
Right to object to direct marketing communications. Please see below on “Marketing Communications”.
You can sign up to receive marketing communications through our online sign up form, when you create an account or during the checkout process. Simply tick the opt-in box at any of these stages. It is also possible to sign up for marketing communications instore.
Marketing communications may be sent by either electronically via email or physically through the post. If you have an online account you can choose your preferences for each or opt-in/opt-out.
How to unsubscribe from marketing communications?
All our customers have the choice to opt out of receiving marketing communications from us.
If you do not wish to continue to receive marketing from us, click on the ‘Unsubscribe’ link in any email communications or log into your account to change your preferences.
The bit we cannot control
Third party sites: Our site may contain links to and from the websites of our partner networks, advertisers and other third parties. If you follow a link to any of these websites, please note that they have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Types of cookies we use:
Strictly Necessary Cookies These are essential cookies that let you move around the website or app and use its features, like accessing secure areas. Without them, services registration and logging in cannot be provided. These cookies don't collect any information about you that could be used for marketing or remembering where you've been on the internet.
Performance Cookies These collect information about how you use a website or app, for instance, which pages you go to most often, and if you get error messages. They don't collect information that identifies you; all the information is anonymous. It is used only to improve how the website or app works.
Functionality Cookies These remember choices you make (such as your user name, language or the region you are in) and provide personal features. They can remember changes you have made to text size, fonts and other parts of web pages that you can customise. They may also provide services you've asked for, such as watching a video or commenting on a blog. The information they collect can be made anonymous. They can't track other websites or apps you visit.
Targeting Cookies These deliver adverts or messages relevant to you and your interests. Sometimes targeting cookies are linked to other sites, such as Facebook.
Within these four categorizations of cookie, cookies are sorted as either temporary ('Session' cookies) or more long-term ('Persistent' cookies).
Analytics Cookies We use a set of cookies to collect information in-order to analyse and report website usage statistics without personally identifying individual visitors with tools such as Google Analytics. This helps us understand how visitors to our website use it and to make recommendations based on browsing history and engagement.
'Session' cookies link your actions in one session only. This 'session' starts when the webpage or app is opened and finishes when it is closed. Then the cookie is deleted forever.
'Persistent' cookies are where the cookie remains on your phone or computer for a specific period of time. They are activated automatically when you visit a particular website or app.
One other difference is if the cookie is a 'first-party cookie' or a 'third-party' cookie. A first-party cookie is set by the 66°North website or app you're visiting, whereas a 'third-party' cookie is set by someone else. 66°North will only ever allow third-party cookies that are approved by the brand.
Do not track (DNT) is a feature offered by most browsers, with some newer browsers offering it as default. If enabled, it sends a signal to websites to request that your browsing isn't tracked. Tracking is used for a wide variety of reasons ranging from social or advertising networks measuring effectiveness or third-party analytical services such as Google Analytics to improve customer experience and provide statistical analysis.
At present there is not an industry-wide uniform standard that has been agreed and adopted to determine how DNT requests should be managed. As a result, 66north.com does not currently respond to DNT requests. We will continue to review our DNT process and other new technologies.
SSL and encryption
We use the latest secure server technology to ensure your information is protected to the highest standards. We use encryption to safeguard your personal information and only accept orders from web browsers that permit communication through Secure Socket Layer (SSL) technology - this means you cannot inadvertently place an order through an unsecured connection. Most web browsers above version three support this security. This encryption makes it virtually impossible for unauthorised parties to read any information that you send us. The encryption technique we use is the highest standard available for e-commerce.
Alternatively, you can write to us at: