Let's stay connected
Get the latest news and insights on D2C at vvast scale straight into your inbox.
(Our friends know us as vvast, pronounced vast and always spelt with a lower case v)
At vvast we collect data directly from individuals and we never purchase or acquire data outside of the public domain. We collect, process and store data of employees, prospective employees, supported brands, prospective supported brands, brand consumers and 3rd party suppliers.
We never collect sensitive or special category data other than to satisfy additional laws outside of data protection such as employment law or when you give it to us directly.
|Data||Supported Brand||Prospective Supported Brand||Brand Consumers||3rd Party Suppliers|
*when visiting vvast.com or our supported brand websites
Data we collect for employment purposes can be found within our employee contracts and full data protection policy.
Supported brand = a brand who vvast works with directly to support ecommerce sales
Prospective supported brand = a brand who could benefit from vvast’s services but who does not currently have a contract with vvast
Brand consumers = individuals who visit a brand website, purchase goods online and sign up for emails
3rd Parties = suppliers of goods or services to vvast
Employee = someone who works for vvast
Prospective employee = someone who has applied for or has been approached directly by vvast for a vacant job role
You can choose not to provide us with personal data. If you choose to do this, you can continue to use the vvast/supported brand website(s) and browse its pages, but we will not be able to process transactions or continue a relationship without personal data.
You can opt out from marketing by clicking the unsubscribe option in any of our marketing communications.
You can exercise your rights by sending us an email at firstname.lastname@example.org
You have the right to access information we hold about you. This includes the right to ask us supplementary information about:
We will provide you with the information within one month of your request, unless doing so would adversely affect the rights and freedoms of other (e.g. another person’s confidentiality or intellectual property rights). We’ll tell you if we can’t meet your request for that reason.
You have the right to make us correct any inaccurate personal data about you.
You can object to us using your data for profiling you or making automated decisions about you
We may use your data to determine whether we should let you know information that might be relevant to you (for example, tailoring emails or social media advertising to you based on your behaviour).
You have the right to port your data to another service. We will give you a copy of your data in CSV format so that you can provide it to another service.
If you ask us and it is technically possible, we will directly transfer the data to the other service for you. We will not do so to the extent that this involves disclosing data about any other individual.
You have the right to be ‘forgotten’ by us. You can do this by asking us to erase any personal data we hold about you, if it is no longer necessary for us to hold the data for purposes of your use of vvast, a supported brand or any other law.
You have the right to lodge a complaint regarding our use of your data, please tell us first, so we have a chance to address your concerns. If we fail in this, you can address any complaint to the UK Information Commissioner’s Office, either by calling their helpline or as directed on their website at www.ico.org.uk.
These rights apply to all of the data categories listed in the ‘Data we collect and how we collect it’ section
We do everything we can to ensure the security of your data and are proud to be Cyber Essentials & Cyber Essentials Plus certified.
In today’s data driven and connected world the security of your data is more important than ever. We recognise this and have implemented the following security controls:
All passwords to platforms or systems containing personal data are generated via a password vault. Access to the vault is only permitted via multi factor authentication.
Access to any platform or system containing consumer data is only granted to those who absolutely require it, even our Privacy and Compliance Manager doesn’t have access.
We deploy mobile device management to every single device that accesses any vvast system and we can remotely wipe that device at any time. All devices are regularly scanned for viruses and malware and patches are remotely deployed to applications regularly.
All staff are bound by confidentiality and will never disclose or share your data unless authorised to do so.
vvast is not currently a subprocessor of any 3rd party data and we process all data as either a controller, joint controller or processor.
Like most companies vvast utilises 3rd parties to provide services to our brands and their consumers and to store data. A list of the 3rd parties who process personal data is listed below.
These 3rd parties will be based in the UK, EEA and in some cases outside of the both the UK and EEA.
vvast conducts thorough reviews of all of its 3rd parties, including data protection agreements, where possible to ensure that every possible safeguard is in place and that the data is secure. Should there be a possibility that data could be exposed to a high level of risk a Data Protection Impact Assessment will be completed and will be available upon request.
vvast works with a number of 3rd parties to offer ecommerce solutions to our brands, most of which do not process brand consumer data in any way, below is a list of those who have access to or process the data of our brands consumers and a brief description of what they do.
|3rd Party||Brief Description|
|Amazon/AWS||Amazon market place and AWS data storage solutions|
|Brightpearl||Digital operations platform that integrates with Shopify|
|Crazy Egg||Website heatmap and optimisation platform|
|Divaaco||Analysis of brand trading and product purchasing for future optimisation|
|Facebook Group||Advertising of brand products via lookalike audiences, cookies/pixels and custom audiences|
|Analytics via cookie/pixel information|
|Hectic Numbers||vvast’s sister company who provide trade reporting between vvast and our brands|
|Klarna||Payment plan option at checkout|
|Klaviyo||Marketing via brand website sign up|
|Mention Me||Customer recommendation tool|
|Narvar||Customer experience via delivery prediction, package tracking, returns and exchanges|
|Nosto||Product recommendation tool|
|Power BI (Microsoft)||Business Intelligence platform to analyse trading and product trends|
|RIF||Warehouse, stock and delivery fulfilment|
|ShiptheoryShopify||Shipping integration and label printingThe platform that our brand websites are built upon|
|Signifyd||Fraud prevention checking|
|Stitch Data (Talend)||A tool to move data securely from Brightpearl to Power BI via AWS for trade analysis|
|Trustpilot||Customer review platform|
|Upward Comms||Contact center and fulfillment|
|Zendesk||Customer services platform|
Once per year we perform a full cleanse of data to ensure that we are only processing the data of those individuals who have an ongoing and active relationship with vvast and/or our brands.
As part of our Record of Processing Activities we have defined the length of time we store all of our data, should your data be due for deletion it will be erased during the yearly data cleanse.
To understand data retention in relation to your data please feel free to contact us at email@example.com
|cookielawinfo-checkbox-necessary||This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category “Necessary”.||1 hour||Necessary|
|cookielawinfo-checkbox-non-necessary||This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category “Non-necessary”.||1 hour||Necessary|
|_ga||This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site’s analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.||2 years||Analytics|
|_gid||This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visited in an anonymous form.||1 day||Analytics|
|_gat||This cookies is installed by Google Universal Analytics to throttle the request rate to limit the collection of data on high traffic sites.||1 minute||Performance|
You can update your cookie preferences via our cookie banner.
Should a breach of your data occur that is likely to result in the harm to the rights and freedoms on an individual or group of individuals vvast will notify those involved within 72 hours along with the ICO, where applicable.
vvast has not appointed a statutory Data Protection Officer as we are not required to by law, however, we have appointed a full time Privacy and Compliance Manager to ensure the continued security of our data.
vvast maintains and updates a Record of Processing Activities (ROPA) in which we list the lawful basis for processing all of our data. Wherever Legitimate Interests is relied upon vvast has conducted an impact assessment which is available upon demand to those who’s data is included.
From January 1st 2021 the UK will no longer be part of the European Economic Area (EEA). As vvast trades in the EU we have appointed a European representative to comply with Article 27 of the GDPR.
This representative is:
Hectic UG (haftungsbeschränkt), Beethovenstr. 2, D-68165 Mannheim, VAT ID/ USt.-IdNr.: DE333798536, Commercial Registration Number/ Handelsregister Gewebeanmeldung: HRB 737484, Tax Identification Number/ Steuernummer: 38184/15129. firstname.lastname@example.org +49 160 6835555
Bye for now
Still with us? Wow! Well done for reading this notice all the way through. We totally get that privacy and security can be confusing and often notices like this are full of jargon that is hard to understand.
If you would like to speak to a human in regard to your data please feel free to email us at email@example.com and we will be happy to talk further.