Privacy Policy
Le Chameau UK Limited (trading as Le Chameau) (Le Chameau, we, us or our) takes our data protection and information security responsibilities seriously. We are a company registered in England and Wales with company number 08239704.
This Privacy Notice (Notice) describes the types of information we collect when you visit our websites and social media channels (Digital Services) or purchase our products. It also explains how we treat and disclose that information and our security practices. By using our Digital Services, you are accepting and consenting to the practices described in this Notice.
We trade in a variety of countries and are subject to the data protection laws of those countries. While we aim to have as consistent an approach to data protection as possible across these countries in accordance with applicable laws, we recognise that the specific rights, responsibilities and obligations relating to personal data and our data processing activities vary by country. Nothing in this Notice may be interpreted to establish rights or obligations above those mandated by the applicable laws appropriate to that country or consumer. Certain sections of this Notice apply only to the residents of particular countries or US States, and these can be viewed at section 10 below.
Our website is not intended for children and we do not knowingly collect data relating to children.
This Notice is provided in a layered format so you can click through to the specific areas set out below.
- COLLECTION AND USE OF YOUR PERSONAL DATA
- DISCLOSURES OF YOUR PERSONAL DATA AND CATEGORIES OF RECIPIENTS
- INTERNATIONAL TRANSFERS
- DATA SECURITY
- DATA RETENTION
- CHANGES TO THIS NOTICE
- THIRD-PARTY LINKS
- CONTACT DETAILS
- INFORMATION APPLICABLE TO THE EEA AND THE UK
- INFORMATION APPLICABLE TO RESIDENTS OF CALIFORNIA AND SPECIFIC STATES OF THE UNITED STATES
1. COLLECTION AND USE OF YOUR PERSONAL DATA
“Personal Data” means any information (including sensitive personal data) relating to an identifiable individual or household as set out under applicable laws. The personal data we collect about you depends on your interactions with us. We outline below the categories of personal data we process, the sources of that personal data and our purposes in processing the data. We also identify the relevant ‘legal basis’ for our processing. We might process your personal data for more than one legal basis, depending on the specific purpose of the processing.
Personal data you provide to us directly
| Category of Personal Data | Our Purposes for Processing | Lawful Basis |
|---|---|---|
|
Identity Data includes information such as: name, date of birth, address, email address and telephone number, photo, video or audio data. We might receive this data when you: • purchase one of our products or use our services; • enter competitions; or • interact with us including by phone, post, email or social media. |
• Providing our products and services and administering our relationship with you including: • registering you as a customer; • processing and delivering your orders or transactions; • registering product ownership or competition entries; • providing customer support. • Recording and monitoring communications for record-keeping, analysis, training, and quality control. |
• Performance of a contract with you • Legal obligations • Legitimate interest (ensuring efficiency in service delivery, payment processing, and legal compliance) |
|
Financial Data includes information such as bank account and payment card details. We might receive this information when: • You purchase a product; • You use our infrastructure; or • We need to process a refund. |
• To enable purchases of products or services; • To award prizes; • To deliver products or services. |
• Performance of a contract with you • Legal obligations |
|
Marketing Data When you purchase products, subscribe to publications or social media, or enter a competition, we collect personal data and ask your preferences for receiving marketing via email, push notifications, SMS or post. You can opt out of marketing at any time. |
• To make product/service suggestions; • To enhance social/community features; • To deliver relevant content and advertising; • To personalise marketing messages; • To notify you about updates, terms, and services; • To verify identity with support teams; • To request reviews, feedback or survey responses; • With consent, to inform you of partner collaborations and promotions; • To measure ad effectiveness and seek your opinion. |
• Legitimate interests (to send direct marketing, ensure relevance, develop products/services, and meet duties) • Consent (where legally required for direct marketing or third-party promotions) |
Personal data we receive when your devices interact with our websites and Digital Services:
| What Personal Data Might Be Provided to Us | Why We Process That Personal Data | Lawful Basis |
|---|---|---|
|
Technical Data Includes information about your device, how it connects to other devices and networks. This may include IP address, login information, browser type/version, time zone, OS and platform, device type, IMEI, MAC address, phone number, network info, mobile OS, browser type. Collected when you interact with our website/platform or when visiting sites with our cookies. |
• Administer, manage and protect our business, website and infrastructure. • Troubleshooting, analysis, testing, research, surveys, maintenance, support, reporting, hosting. • Ensure optimal presentation of content. • Keep systems secure. |
• Legitimate interests (admin, IT services, security, fraud prevention, reorganisations) • Legal obligation • Consent (where required) • Performance of a contract with you |
|
Cookies and Tracking Technologies Includes Identity Data, Marketing Data, and Profile Data. See our Cookie Notice for more information. |
• Strictly necessary cookies: operate our website • Analytical/performance cookies: improve website performance • Functionality cookies: remember user preferences • Targeting cookies: track pages visited for relevant ads (may be shared with third parties) • Social media cookies: enable content sharing and build user interest profiles Cookies update data regularly based on your permissions. |
• Consent (Preferences can be changed at the Cookie Preference link) |
|
Location Data Data about your location, collected if location services are enabled. |
• Prevent access from restricted regions • Provide location-relevant ads, products, and services |
• Legitimate interests (regulatory compliance, marketing) • Legal obligation • Performance of a contract with you • Consent (when tracking with location services) |
|
Usage Data Includes website or platform use, product/service interaction, link clicks, viewed/searched products, time on site, error logs, interaction patterns, and exit methods. |
• Improve website and user experience • Suggest products/services • Enhance social and functional features • Personalise marketing based on site/product/service usage and transactions |
• Legitimate interests (product development and service efficiency) • Consent (when legally required for marketing or third-party communications) |
|
Transaction Data Includes payment/transfer info, accounts interacted with, transaction metadata, device technical data, currency, exchange rates, and messages. |
• Fulfil contracts and deliver orders • Comply with regulatory obligations • Maintain effective website and system operations |
• Performance of a contract with you • Legitimate interests (system and website efficiency) |
Personal data we receive from third parties
| Category of Personal Data | Our Purposes for Processing | Lawful Basis |
|---|---|---|
|
Providers of financial or payment services We might receive this information about you when you purchase our products or services, from the merchants we use to process payments. |
We need this information to receive payment from you and perform our contract with you. | • Performance of a contract with you • Our legitimate interests in being paid |
Personal data we receive from social media
| Category of Personal Data | Our Purposes for Processing | Lawful Basis |
|---|---|---|
|
Social Media Data Includes your social media ‘handle’ or username, your avatar, your interaction with other users and with us. We will also see the content of any messages you send us, and any engagement on discussions. Social media includes Telegram, Instagram, WhatsApp, Signal, Slack, Twitter or ‘X’, Facebook, Discord, Reddit, LinkedIn and others. |
We process this data to: • interact with you for marketing purposes; • create a profile about you; • respond to your queries. |
• Legitimate interests (to send direct marketing, ensure our direct marketing is relevant to your interests, develop our products and services, and to be efficient about how we meet our legal and contractual duties). • Consent (where we’re legally required to get your consent to send you direct marketing about our products or services, or partners’ promotions or offers, or for you to receive marketing from other organisations). |
We might also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we might aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Notice.
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we might not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with products or services). In this case, we might have to cancel a product or service you have with us but we will notify you if this is the case at the time.
Marketing
You can ask us to stop sending you marketing communications at any time by logging into our website and checking or unchecking relevant boxes to adjust your marketing preferences or by following the opt-out links within any marketing communication sent to you or by contacting us using the contact details below.
If you opt out of receiving marketing communications, you will still receive service-related communications that are essential for administrative or customer service purposes for example relating to order confirmations, for updates to our Terms and Conditions, or checking that your contact details are correct.
2. DISCLOSURES OF YOUR PERSONAL DATA AND CATEGORIES OF RECIPIENTS
We disclose personal data to the parties set out below. We require all third parties to respect the security of your personal data and to treat it in accordance with applicable law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
| Categories of Recipients | Purpose of the Disclosure | Location of Recipient |
|---|---|---|
| Our group of companies | To provide the best service, perform contractual obligations, send product and service information, or comply with regulatory requirements. | UK, USA, Netherlands |
| Government bodies (e.g., HMRC, FCA, ICO) | To check identity, prevent fraud, comply with laws (tax, anti-money laundering, data protection, cyber security), and confirm service eligibility. | Jurisdictions of relevant authorities |
| Professional advisors (lawyers, bankers, auditors, insurers) | To obtain consultancy, banking, legal, insurance, payroll, and accounting services. | UK, EEA, USA |
| Social media channels | To check for social media accounts, deliver targeted ads based on your profile, and promote products or services. | Global (UK, USA, EEA) |
| Third parties authorised by you | To act on your behalf, e.g., courier or delivery service providers. | Location based on your selection |
| Third parties in business sales, transfers, or mergers | For financial, commercial or legal due diligence during mergers, acquisitions, or sales. | Varies depending on transaction |
| IT service providers | Email, cloud computing, web hosting, system administration, network services, software development, infrastructure, and collaboration tools. | UK, EEA, USA, Global |
| Software application providers | Support operations, contract management, document storage, accounting, marketing, business management, and legal compliance. | USA, UK, EU |
| Mailing service providers | To enable delivery of products to you. | Global (based on recipient location) |
| Analytics and cookies providers | To conduct surveys, statistical analysis, and track user behaviour on our website. | USA, UK |
3. INTERNATIONAL TRANSFERS
As a global business, our group has operations in different countries. We and our partners might transfer your personal data to and access it in jurisdictions where the level of data protection are not equivalent to those of your jurisdiction. It is also possible that the courts, law enforcement and national security authorities of that jurisdiction might access your personal data. We ensure adequate protection for the transfer outside your region by using appropriate safeguards. If you are in the EEA or the UK, these safeguards include the standard contractual clauses authorised by the ICO and the EU.
4. DATA SECURITY
We have implemented appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have implemented procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
While we take all reasonable steps to ensure that your personal data will be kept secure from unauthorised access, we cannot guarantee it will be secure during transmission by you to our website or other services.
We use HTTPS (HTTP Secure), where the communication protocol is encrypted through Transport Layer Security for secure communication over networks, for all our web and payment-processing services.
If you use a password for our website, you will need to keep this password confidential. Please do not share it with anyone.
When you use our public services, which includes participating in competitions and engaging with our social network accounts, do not share any personal data that you don't want to be seen, collected or used by other customers or the general public, as this personal data will become publicly available.
5. DATA RETENTION
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
By law we must keep certain information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes.
6. CHANGES TO THIS NOTICE
We keep our Notice under regular review. This version was last updated on [DATE].
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us, for example a new address or email address.
7. THIRD-PARTY LINKS
This website or any of our publications may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites, plug-ins or applications and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
8. CONTACT DETAILS
If you have any questions about this Notice or about the use of your personal data or you want to exercise your privacy rights, please contact us at the appropriate entity below.
Email address: dpo@lechameau.com
Postal address: FAO The Data Protection Officer, Le Chameau UK Limited, 16 Mill Street, Oakham, Rutland, LE15 6EA, GB
Le Chameau UK Limited (trading as Le Chameau), a company registered in England and Wales with company number 08239704, is the data controller and responsible for personal data we collect and process.
| UK | EU | USA |
|---|---|---|
|
Le Chameau UK Limited 16 Mill Street, Oakham, Rutland, LE15 6EA, GB Email: dpo@lechameau.com |
Le Chameau B.V. Klavermaten 49, 7472DD Goor, The Netherlands Email: dpo@lechameau.com |
Le Chameau USA Inc. c/o Corporation Service Company, 251 Little Falls Drive, Wilmington, DE 19808, Delaware Email: dpo@lechameau.com |
• Unsubscribe: If you wish to unsubscribe from any of our marketing communications, please do so by contacting us at customerservices@lechameau.com.
• Do Not Sell or Share your personal data: you may contact us to request this by contacting us at dpo@lechameau.com.
• Online tracking preferences: You can change your online tracking preferences by using the Cookie Preferences link located at the bottom of our homepage.
9. INFORMATION APPLICABLE TO THE EEA AND THE UK
If you are located in the EEA or the UK, you have certain rights and protections under applicable laws regarding the processing of your personal data, including the right to:
• Receive information about how your personal data is used. This Notice is one way in which we provide this information to you.
• Request access to your personal data (commonly known as a "subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
• Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
• Request erasure of your personal data in certain circumstances. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
• Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) as the legal basis for that particular use of your data (including carrying out profiling based on our legitimate interests). In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your right to object.
• You also have the absolute right to object any time to the processing of your personal data for direct marketing purposes. Update your marketing preferences by contacting us using the details in section 8 above or using the Cooke Preference link at the foot of our webpage.
• Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
• Withdraw consent at any time where we are relying on consent to process your personal data (see the table “Collection and Use of your personal data”) in section 1 for details of when we rely on your consent as the legal basis for using your data). However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
• Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in one of the following scenarios:
o If you want us to establish the data's accuracy;
o Where our use of the data is unlawful but you do not want us to erase it;
o Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
o You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
If you wish to exercise any of the rights set out above, please contact us as set out in the Contact Details section 8 above.
No fee usually required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
What we may need from you
We may need to request specific information from you to help us verify your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Complaints
If you have a concern about our processing of personal data, you have the right to lodge a complaint with the Data Protection Authority where you reside. Contact details for your Data Protection Authority can be found using the links below:
• For individuals in the EEA: https://edpb.europa.eu/about-edpb/board/members_en
• For individuals in the UK: https://ico.org.uk/global/contact-us/
We would, however, appreciate the chance to deal with your concerns before you approach the Data Protection Authority, so please contact us in the first instance.
10. INFORMATION APPLICABLE TO RESIDENTS OF CALIFORNIA AND SPECIFIC STATES OF THE UNITED STATES
Some U.S. states have enacted privacy laws that grant their residents certain rights and require specific disclosures (State Privacy Laws). The Notice explains how we collect, use, and disclose information about you, and your rights under those State Privacy Laws. This section also serves as our California notice at collection.
California Residents
California Shine the Light Law: California residents may ask us once if we have shared personal data with third parties for their direct marketing purposes during the preceding calendar year. To make a request please submit an inquiry to us using the contact details set out above. In your request, please specify that you want a "Your Le Chameau California Shine the Light Notice.". Please allow 30 days for a response.
California Privacy Rights Act: You have the right to request information about how we collect, process, and share your personal data. There may be situations where we cannot grant a request, for example, to complete a transaction to you or comply with the law. These options do not apply to publicly available information from government records nor to deidentified or aggregated information.
| Customer Right | Description |
|---|---|
| Right to Deletion | You may request deletion of applicable personal data. Upon verification of your request, we will notify third parties to whom we shared your personal data to delete your information as well. |
| Right to Correct Inaccurate Personal Data | You have the right to correct inaccurate personal data we collect. |
| Right to Know/Access the Personal Data We Collected During the Previous 12 Months | • Categories of personal data • Categories of sources • Business or commercial purpose(s) behind the collection • Specific pieces of personal data we collected • The categories of recipients to whom we disclosed personal data |
|
Right to Know the Personal Data We Sold or Shared During the Previous 12 Months (Please refer to section 2: Disclosures of your personal data) |
• Business or commercial purpose(s) for the sale • Categories of recipients to whom we disclose personal data • Categories of personal data we have sold and categories of buyers • Categories of personal data we disclosed about you for a business purpose |
| Right to Opt Out of Sale or Sharing | You may opt out of the sale or sharing of any personal data we collected about you, including Interest Based/Targeted Advertising and Retargeting. |
| Right to Opt Out of Automated Decision Making | You may opt out of automated decision making, including profiling. |
| Right to Limit Use and Disclosure of Sensitive Personal Data | You may opt out of the disclosure of Sensitive personal data to a third party if we use that information for any purpose other than the designated purpose defined in the legislation. |
| Right to No Retaliation | We will never discriminate nor retaliate against you if you choose to exercise any of these privacy rights. |
We do not “sell” or “share” and have not “sold” or “shared” personal data in the preceding 12 months under the laws applicable to you.
To exercise your customer rights, you may submit your request via our contact details as set out in the contact details section 8 above.
Authorized Agents: If you would like to enter a request on behalf of a California resident, please contact us at as set out in the contact details section 8 above. We might ask you to upload documentation showing proof of written permission from the customer authorizing you to submit a request on their behalf. We reserve the right to require customers to confirm their requests and/or identity.
Do Not Sell or Share My personal data Requests: You may submit your request by contacting us at as set out in the contact details section 8 above.
We may need to request specific information from you to help us verify your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. Please follow the instructions we email you about verifying your request. No action will be taken on requests not verified within 7 days.
California Metrics
We did not receive any eligible consumer requests in 2024.
US States (CO/CT/NV/UT/VA/OR/TX/MT/IA/DE/NH/NE/NJ)
This section describes the rights residents in Colorado, Connecticut, Nevada, Utah, Virginia, Oregon, Texas, Montana, Iowa, Delaware, New Hampshire, Nebraska, and New Jersey have regarding the management of your personal data. There may be situations where we cannot grant a request, for example, to complete a transaction to you or comply with the law. These options do not apply to publicly available information from government records nor to deidentified or aggregated information.
| Customer Right | Description |
|---|---|
| Right to Deletion | You may request deletion of applicable personal data. Upon verification of your request, we will notify third parties to whom we shared your personal data to delete your information as well. |
| Right to Withdraw Consent (CO/CT/OR/MT/DE/NH/NJ Residents Only) |
You may withdraw your consent to processing of your personal data by using the Cookie Preference link located at the foot of our website or by sending us a “Right to Withdraw Consent” email to dpo@lechameau.com. |
| Right to Correct Inaccurate Personal Data (CO/CT/VA/OR/TX/MT/DE/NH/NE/NJ Residents Only) |
You may correct inaccurate personal data. |
| Right to Know / Access the Personal Data We Collected About You During the Previous 12 Months | • Categories of personal data • Categories of sources • Business or commercial purpose(s) for the collection • Specific pieces of personal data we collected |
| Right to Know the Personal Data We Sold or Shared During the Previous 12 Months | • Business or commercial purpose(s) for the sale • Categories of third parties with whom we shared the personal data • Categories of personal data we disclosed about you for a business purpose |
| Right to Opt Out of Sale or Sharing | You may opt out of the sale or sharing of any personal data, including Interest Based/Targeted Advertising and Retargeting. |
| Right to Opt Out of Automated Decision-Making | We do not engage in profiling of or automated decision making related to consumers. |
| Right to Appeal (CO/CT/VA/OR/TX/MT/IA/DE/NH/NE/NJ Residents Only) |
If we reject your privacy request, you will receive an email with a link that will direct you to our Appeal form. |
| Right to Request a List of Third Parties With Whom My Data May Have Been Disclosed (OR) |
You may request a list of specific recipients (other than natural persons) to which we disclosed your personal data. |
| Right to Obtain a List of the Categories of Third Parties to Which My Data May Have Been Disclosed (DE) |
You may request a list of the categories of recipients of disclosures of your personal data. |
| Right to No Retaliation | We will never discriminate nor retaliate against you if you choose to exercise any of these privacy rights. |
We do not “sell” or “share” and have not “sold” or “shared” personal data in the preceding 12 months under the laws applicable to you.
We may need to request specific information from you to help us verify your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. Please follow the instructions we email you about verifying your request. No action will be taken on requests not verified within 7 days.
Information About Children
The Children's Online Privacy Protection Act imposes requirements on websites that collect personal data about children under 13 years old (for example - name, address, email address etc.). Our current policy is not to collect any personal data on any person under 13 years old online. For this reason, our competitions and other promotions conducted online are restricted to entrants who are at least 18 years old. If this policy changes, we will revise this portion of this Notice and will comply with the requirements of the Children's Online Privacy Protection Act, which includes providing notice and choice to each child's parent or guardian before collecting any personal data.
We do not knowingly sell or share personal data about individuals under the age of 16.