Privacy policy

Last Modified: March 2, 2026

At Matri Group UK Limited, and the Controller identified below, (“We,” “Us,” or “Our”), your privacy and trust matters to Us. We appreciate that you (“You”) are a part of Our community and We are dedicated to protecting your personal data.

We encourage You to read this Policy to understand Our policies and practices regarding your personal data and how We handle it. We may update this Policy from time to time (see the “Changes to this Policy” section). We will notify You of significant changes as described below, and We encourage You to review this Policy regularly.

1. About this Privacy Policy.

a. This Privacy Policy (this “Policy”) describes Our practices for collecting, using, maintaining, protecting, and disclosing the types of personal data that We may collect from You or that You may provide when you interact with our Platforms and our practices for collecting, using, maintaining, protecting, and disclosing that personal data.

b. This Policy applies to all personal data we collect:

when You visit Janieandjack.uk (the “Website”);
when You visit Our official pages on social media sites including but not limited to Facebook, X (formerly Twitter), Instagram, LinkedIn and others (collectively, the “Social Media Pages”);
when You visit social media sites with which We interact;
in e-mail, text, and other electronic messages between You and the Company or through links to the Website;
when You interact with Our advertising and applications, including sweepstakes, contests, or other online promotions on the Website or on third-party websites and services if those applications or advertising include links to this Policy;
when You complete a survey or questionnaire; participate in a focus group or other consumer or market research project;
when You post a product review; send Us any feedback, questions, comments, suggestions, or ideas;
when You visit one of our brick-and-mortar stores; and
when You shop online.

c. For purposes of this Policy, the term “Platforms” shall mean, collectively, the Website, the Social Media Pages and all other means by which You may interact with Us through the actions set forth above.

This Policy shall not apply to personal data collected by any third party (including our affiliates and subsidiaries), including personal data collected through any application or content that may link to or be accessible from or on the Website.

2. Data Controller & Contact Information.

a. For the purposes of UK data protection law, the data controller responsible for your personal data is:

Janie and Jack, LLC. a California company

225 Bush Street, Suite 1300

San Francisco, CA. 94104

United States

b. We have a Data Protection Officer (“DPO”) who is responsible for overseeing compliance with this Policy. You may exercise your privacy rights by contact us and the DPO at:

Email: privacy_notices@janieandjack.com

c. The registered address for Matri Group UK Ltd.is

Cumberland Court

80 Mount Street

Nottingham

NG1 6HH

United Kingdom

Company No. 16632455

d. You may also contact our Article 27 Representative as follows:

Janieandjack@privacyrep.co.uk

Janie and Jack LLC

c/o Achieved Compliance Advocacy Ltd

Princess House

Princess House Way

Swansea

SA1 3LW

2.2 Joint Controllers.

We operate joint pages and advertising features on social media platforms including Meta (Facebook and Instagram) and others. In these contexts, We and the relevant platform are joint controllers of the personal data processed in connection with those features — for example, data about interactions with Our pages and targeted advertising. The essence of the arrangement between Us and Meta is set out in Meta’s Page Controller Addendum, available at www.facebook.com/legal/terms/page_controller_addendum.

Each joint controller is independently responsible for its own compliance with applicable data protection law. You may exercise your data subject rights in respect of jointly controlled data against either controller.

3. Changes to this Policy.

We may update this Policy from time to time. When We make changes to this Policy, We will post the updated policy on this page and update the date at the top. If We make significant changes to how We use your personal data, We will let You know by sending an email to the email address You have provided and/or by posting a notice on Our Website’s home page. Please make sure We have your current email address so You can receive these updates. We encourage You to review this Policy regularly.

4. Types of Personal Data We Collect.

a. When you use or interact with Us via the Website other Platforms, or in store, We collect several types of personal data (“Personal Data”) to help serve You better. The types of Personal Data We collect depend on how You interact with Us and the Platforms, and includes:

Personal Details: This includes Personal Data that can identify You, such as your name, e-mail address, phone number, gender, ZIP or postal code. We collect this Personal Data when You provide it to Us, and it may be used to serve you and to contact You online or offline.

Profile and Preference Data. This includes saved sizes, gender, saved items, newsletter preferences, communication preferences, language preference.

Payment Information: If You make a purchase from Us, We collect payment details like your credit card number and security code. We use this Personal Data to process your order, returns, promotions, contests, or fundraising events. Payment data is securely stored after your account is tokenised, and We may also keep records related to your shopping history and the items You purchase.

Content You Share: If You submit photos, videos, reviews, comments, ratings, forum posts, survey responses, competition entries or other content to our Platforms, We collect and store that Personal Data.

Aggregated Data: We gather general data about visitors and interactions on our Social Media Pages. This data is combined and does not personally identify You directly or indirectly.

Customer Service Records: If You contact Our customer service team by phone, email, text, or chat, We keep records of those interactions to help resolve your questions and to improve Our services. We also keep records of your returns requests, refund requests, complaints and other correspondence.

In-Store Data CCTV footage, in-store Wi-Fi connection data, loyalty card scan data, in-store purchase receipts, and staff interaction notes added to customer records.

Website and Technical Data Pages visited, products viewed, search terms entered, links clicked, time spent on pages, scroll depth, session duration, items added to cart, checkout abandonment point, frequency of visits, device type, browser type, operating system, screen resolution, referral source (how you arrived at the site), IP address, device identifier, cookie identifiers, session identifiers, advertising identifiers, browser fingerprint, geolocation data (where permitted).

Special Category Data (where applicable) Health or pregnancy information when provided to us.

Employment Application Data: Resume and work history, right-to-work documentation, diversity monitoring data (gender, ethnicity, disability status, veteran status — where voluntarily provided).

b. We collect this Personal Data in the following ways:

directly from You when You provide it to Us;

automatically as You navigate through or interact with the Platforms, use Our services, or visit a store. Personal Data collected automatically may include usage details, IP addresses, data collected through cookies, and CCTV and video footage or photographs captured when You are on Our premises.

at the physical point of sale, personal data may be processed as part of the transaction process, when a sales representative looks ups your account to process a return or review transaction details. This may also include the caputure of a requested email address or phone number as part of the transaction.

5. Personal Data You Provide to Us.

We collect Personal Data that You share with Us when You use or interact with Us via the Platforms. This may include:

Personal Data You enter on the Website, such as the personal details mentioned above such as when You create an account, place or return an order, post content, request services, enter a contest or promotion, make a donation, or report a problem;

Shopping details you provide including preferences, shopping details, your address book data, gift recipient information, and shipping details.

copies of your communications with Us, including emails and contact details, if You reach out for support or have questions;

your responses to surveys We may send for research or feedback purposes;

details about your transactions with Us, including order, payment details, returns, reasons for returns. You may need to provide financial details to complete a purchase on the Website;

your search activity on the Website;

Personal Data needed to process credit card transactions; and/or

videos or photos of You if You visit one of Our stores.

Health or pregnancy information when provided to us.

Resume and work history, right-to-work documentation, diversity monitoring data (gender, ethnicity, disability status, veteran status — where voluntarily provided).

We may combine Personal Data collected online with Personal Data We gather in Our stores, through other offline interactions, and from other companies related to Us.

We may remove details that identify You personally from the Personal Data We collect, making it pseudoanonymized or anonymized. We may do this by combining your Personal Data with data from others or by using methods that make it impossible to link the data back to You (in the case of anonymization).

If You post Personal Data in public areas of the Website or share it with other users or third parties (collectively, “User Contributions”), please remember that We cannot control what other users do with this Personal Data. We cannot guarantee that your User Contributions will not be seen by people You did not intend to share them with. Please use caution when sharing Personal Data in public spaces.

7. Personal Data We Collect from Other Sources.

We receive Personal Data about You from others to help Us provide better services and personalize your experience. Where We receive Personal Data from third-party sources, We will only use it for the purposes described in this Policy and will ensure an appropriate lawful basis exists for that processing.

7.1 Our Family of Brands.

Because We are part of the Matri Group, We may get additional Personal Data about You from the other brands in Our corporate family.

7.2 Partners and Service Providers.

We may also receive Personal Data about You from our trusted partners, such as:

marketing partners, including those We work with for joint promotions, co-branded offers, and data sharing;

companies that help Us with advertising, analytics, or data services; and

service providers who help Us with things like customer service, fraud prevention, mailing lists, order fulfilment, and shipping.

Recruiting partners when you submit an application for employment

7.3 Social Media and Third-Party Platforms.

If You interact with Us on social media, for example, by “liking” or “following” any one or more of the Social Media Pages, or if You use your social media or other third-party account to log in or connect with Us, We may receive certain Personal Data from those platforms. This can include your profile details, profile picture, user ID, and any other details the platform shares with Us, based on your settings and their policies.

We may also collect other Personal Data when You:

Contact Our customer support team;

Take part in surveys, contests, or promotions; and

Interact with Us in person, online, by phone, or by mail to accept Our services or get help.

8. Personal Data We Collect Through Automatic Data Collection Technologies.

When You visit and use the Website, We automatically collect certain Personal Data about your device and how You interact with the Website. This helps Us understand how the Website are being used and allows Us to improve your experience. We may collect:

Details about your Visits. This includes data like the pages You view, links You click, how long You stay on the given Website, and the resources You access.

Device and Connection Information. We collect data such as your IP address, browser type, operating system, and data about your internet connection.

The Personal Data We collect automatically is mainly used for statistical purposes and does not directly identify You. However, We may link this data to other Personal Data We have about You or receive from other sources. We use this Personal Data to:

Understand how many people visit the Website and how they use it;

Remember your preferences to personalize your experience;

Make your searches faster and easier;

Recognize You when You return to the Website;

Help keep the Website safe and secure, including monitoring for fraud; and

Show You content and advertising that may be more relevant to You.

8.1 Technologies We Use.

To make your experience on the Website better, We use a variety of technologies to automatically collect the Personal Data about You, which may include:

Cookies (or browser cookies). Cookies are small files stored on your computer or device. They help Us remember your preferences, enable website features, and show You relevant ads. We will only place non-essential cookies on your device after You have given Us your consent. You can manage your cookie preferences at any time through Our cookie consent tool. You can also block cookies by changing your browser settings, but some parts of the Website may not work properly if You do. You can find more details about cookies and how they work at www.allaboutcookies.org.

Web Beacons. Web beacons are tiny images or pieces of code on the Website that help Us count visitors and see how people use the Website. They help Us understand what content is popular and make sure the Website are working properly.

Local Storage (Including HTML5 and Browser Storage). Your browser may store data locally to help the Website remember things like what is in your shopping cart or some of your shopping preferences. If You block cookies or local storage, some features may not work.

Embedded Scripts. Embedded scripts are bits of code that run while You are on the Platforms to help Us understand how You interact with the Platforms, such as which links You click. They only work while You are on the Platforms and are removed when You leave.

Javascripts. JavaScript helps the Website work smoothly and quickly. It also helps Us understand how people use different parts of the Website.

Entity Tags (ETags). Entity Tags help your browser remember parts of the Website, so pages load faster when You come back.

Resettable Device Identifiers. On mobile devices and tablets, We may use special identifiers (like Apple’s IDFA or Google’s Advertising ID) to show You more relevant ads. You can reset or limit these identifiers in your device settings.

Please consult our cookie policy for more information about consent and compliance with the Privacy and Electronic Communications regulations (2003)(“PECR”)

9. Personal Data We Collect Through Video Footage.

When You visit a store of Ours, We may collect video recordings and photographs of You that We use:

for security;

to detect and prevent fraud;

to prevent product loss or damage;

to report incidents; and

for operational purposes.

This processing is carried out on the basis of Our legitimate interests in maintaining the security of Our premises, staff and customers. Footage is retained for 31 days unless it is required in connection with an active investigation or incident (see Data Retention Section).

10. Community Forums and User Submissions.

We offer features on the Website, like community forums, reviews, and interactive tools, where You can share Personal Data with Us and other users of the Website.

10.1 User Submissions.

When You post content (like photos, videos, reviews, messages, or other materials) in Our community forums or interactive features, We call these “User Submissions.” By submitting content, You agree to our Terms of Use, which may include additional rules about what You can post. Some features, such as user reviews, may be managed by third parties, and their privacy policies and terms will also apply.

10.2 Public Information.

Please remember that anything You post in public areas of the Website, such as your name, location, or other details, may be visible to others. Other users can see, use, or share your posts. We are not responsible for what others do with Personal Data You make public, and their actions are not covered by this Policy.

10.3 Social Media Connections.

The Website may let You connect with social media platforms such as Facebook or Instagram. For example, You might “Like” or “Share” Our content, or display your social media posts on the Website. If You interact with Us through these features, your Personal Data may be shared publicly and both We and the social media company may collect Personal Data about You. What the social media company does with your Personal Data is governed by their privacy policy and your settings with them.

10.4 Sharing with Friends.

We may offer features like “Send-to-a-Friend,” “Refer a Friend,” or “Wish List” that let You share content with others. If You use these features, We will use your friend’s Personal Data only to send your message, unless We have their permission for other uses. If You share someone else’s Personal Data, You represent that You have the authority to do so and to permit Us to use the Personal Data in accordance with this Policy.

10.5 Accurate Information.

All Personal Data that You provide to Us must be true, complete, and accurate, and You must notify Us of any changes to your Personal Data.

10.6 Employment Applications.

If You apply for a job through the Website, We or Our service provider(s) may ask for additional Personal Data such as your gender, ethnicity, or veteran status, as required by law. Your sharing of this Personal Data is voluntary. If You provide it, We and/or Our service provider may use it to meet legal reporting requirements or to respond to employment-related claims.

11. Do We Collect Personal Data from Children?

Our Platforms and services are primarily designed for use by adults. The children’s clothing We offer for sale is intended for purchase by adults on behalf of children, not by children directly. We do not direct Our Platforms or marketing at children under the age of thirteen (13).

We do not knowingly collect, use, or share any Personal Data from children under thirteen (13) years of age without parental consent. If We learn that We have collected the Personal Data of a child without appropriate consent, We will promptly delete that Personal Data from Our records. If You believe We may have collected Personal Data from a child, please contact Us at privacy_notices@janieandjack.com so We can take appropriate action.

12. Special Category Personal Data.

Certain categories of personal data are particularly sensitive and attract additional protection under the UK GDPR (“special category data”), including data concerning health, genetic data, biometric data used for the purpose of uniquely identifying a natural person, and other categories listed in Article 9 of the UK GDPR.

Some of Our brands (including Hatch) serve expectant and new mothers and may, in the course of providing services, receive health-related or lifestyle information from You, such as your pregnancy stage or health preferences. Where We collect such data, We do so on the basis of your explicit consent under Article 9(2)(a) of the UK GDPR.

You may withdraw your consent at any time by contacting Us using the details in Section 2. We will not use such information for any purpose beyond providing and personalising the services You have requested, unless required by law.

13. CCTV and Biometric Data.

Standard CCTV footage in Our retail stores is processed on the basis of Our legitimate interests in maintaining the security of Our premises and staff. Where any in-store technology processes facial images in a manner that constitutes the processing of biometric data for the purpose of uniquely identifying individuals, We will only do so on an appropriate Article 9(2) basis and will notify You clearly at the point of entry to the relevant store.

14. Lawful Bases for Processing Your Personal Data.

Under the UK GDPR, We must have a valid lawful basis to process your Personal Data. The lawful bases We rely on for processing your Personal Data include:

Contract: Where processing is necessary for the performance of a contract with You, or to take steps at your request before entering into a contract. This includes processing your Personal Data to fulfil orders, process payments, provide customer service, and manage your account.

Legitimate Interests: Where processing is necessary for Our legitimate interests or those of a third party, provided that such interests are not overridden by your rights and interests. Our legitimate interests include developing and improving Our products and services, marketing and promoting Our business, fraud prevention, and network and information security. We have conducted Legitimate Interests Assessments in respect of all processing activities for which We rely on this basis and are satisfied that our interests are not overridden by your rights. You may request further information about those assessments by contacting Us.

Legal Obligation: Where processing is necessary for compliance with a legal obligation to which We are subject, such as tax and accounting requirements, or responding to lawful requests from public authorities.

Consent: Where You have given Us clear, freely given, specific, informed, and unambiguous consent to process your Personal Data for a specific purpose, such as receiving marketing communications or the use of non-essential cookies.

Vital Interests: In rare circumstances, where processing is necessary to protect your vital interests or those of another person.

We have set out below the specific processing activities and the lawful bases We rely on for each. Where We rely on legitimate interests, We have also identified what those legitimate interests are.

Processing Activity	Lawful Basis	Legitimate Interests (where applicable)
Processing orders and payments	Contract
Managing your account	Contract
Providing customer service	Contract / Legitimate Interests	Ensuring customer satisfaction and resolving queries efficiently
Sending service-related communications	Contract
Sending marketing communications (where consent given)	Consent
Personalising your experience	Legitimate Interests	Improving customer experience and relevance of content and offers
Fraud prevention and security	Legitimate Interests	Protecting Our business and customers from financial crime and harm
Website analytics	Legitimate Interests	Understanding how Our Website is used so We can improve it
In-store CCTV and video footage	Legitimate Interests	Security of Our premises, staff and customers; loss prevention; incident reporting
Processing employment applications	Legal Obligation / Legitimate Interests	Recruiting suitable candidates; complying with equality reporting obligations
Compliance with legal obligations	Legal Obligation
Sensitive Data	Consent	This might arise when providing information about pregnancy status or in the context of seeking employment

15. Automated Decision-Making and Profiling.

We use automated processing, including profiling, in the following ways:

Website personalisation: We use automated tools to analyse your browsing behaviour and purchase history on Our Platforms in order to show You product recommendations, personalised content, and relevant advertising. This processing takes place on the basis of Our legitimate interests in improving your experience and the relevance of content We show to You.

Fraud detection: We use automated systems to analyse transaction data and flag potentially fraudulent activity. Where an automated check results in a transaction being declined or an account being suspended, You may request that the decision be reviewed by a member of Our team.

Marketing personalisation: We may use automated tools to determine the content, timing, and frequency of marketing communications sent to You, based on your purchase and engagement history.

None of Our automated processing currently produces decisions that have legal or similarly significant effects on You without human review. Your rights in relation to automated decision-making are set out in the Automated Decision-Making and Profiling Section below.

16. How We Use Your Personal Data.

We collect Personal Data from You to help Us provide a better, more personalized experience.

16.1 General Use.

We use your Personal Data to:

Show You the Platforms and their content.

Provide the products, services, or Personal Data You request.

Send You important updates about your account, like expiration or renewal notices.

Fulfil Our obligations and enforce Our rights under any contracts We have with You regarding any matter, including but not limited to billing and collections.

Let You know about changes to the Platforms and Our products or services.

Allow You to use interactive features on the Platforms.

Share personalized offers, promotions, and content with You, where You have consented to receive them.

Detect, prevent, and address fraud or other illegal activities.

Use your Personal Data for any other purpose with your consent.

If you agree, We may also contact You about our own or third-party products and services that might interest You. If You do not want to receive these messages, You can update your preferences in your account settings. For more details, see the “Your Privacy Rights” section of this Policy.

17 SMS Marketing.

We will only send You marketing text messages where You have given Us your prior, informed consent to do so. If You provide Your phone number (for example, during checkout or by signing up for messages), You will be asked to confirm your consent to receive marketing texts at that time. Standard message and data rates may apply. We use cookies to track items in Your shopping cart, including abandoned carts, which enables Us to send You timely cart reminder messages via SMS where You have consented to this. You may opt out at any time by replying “STOP”, “UNSUBSCRIBE”, “CANCEL”, or “QUIT” to any message from Us. We do not share Your SMS opt-in status with third parties for purposes unrelated to the applicable SMS campaign; however, We reserve the right to share Your Personal Data, including Your SMS opt-in or consent status, with Our service providers, platform providers, telecommunications carriers, and other vendors as necessary to facilitate the delivery of Our messaging services.

18 Email Marketing.

We will only send You marketing emails where You have given Us your consent, or where You are an existing customer and We are marketing similar products or services to those You have previously purchased from Us (the soft opt-in permitted under Regulation 22(3) of PECR). You can unsubscribe from Our marketing emails at any time by clicking the unsubscribe link in any email We send or by contacting Us directly.

We may use the Personal Data We collect for business purposes, including to:

better understand your interests and how You interact with Us, including your activity on the Platforms or in Our stores.

personalize your experience, such as showing You customized content, recommendations, and ads.

post product reviews You submit.

communicate with You, respond to your questions, and ask for your feedback.

run contests, sweepstakes, or other promotions.

manage event registrations, process donations, and improve fundraising experiences.

recruit and hire team members.

improve Our products, services, and your overall experience with Us.

19 Credit Cards and Electronic Payments.

We use your credit card and electronic payment data only to process payments and prevent fraud. We do not use this data for any other purpose and We do not keep this data longer than necessary to provide Our services or to comply with applicable law.

20. How We Share Your Personal Data and Why.

20.1 When We Share Your Personal Data.

Consent. We will process, disclose, or otherwise use your Personal Data for the specific purposes that You affirmatively authorize.

Legitimate Interests. We may process or disclose your data when doing so is reasonably necessary to pursue our legitimate business interests, which include, without limitation, (A) developing, enhancing, and personalizing Our products and services; (B) measuring the effectiveness of Our advertising; and (C) performing analytics to better understand how the Platforms are accessed and used.

Performance of a Contract. Where You purchase a product, or otherwise enter into a contract with Us, We will use, share, and otherwise process your Personal Data as necessary to perform, administer, and enforce that contract, including facilitating payments, fulfilling orders, and providing customer support.

Legal Obligations. We may disclose your Personal Data when we believe in good faith that such disclosure is required to comply with applicable law, regulation, legal process, or governmental request.

Vital Interests. We may disclose Personal Data where we believe it is necessary to investigate, prevent, or take action regarding suspected fraud, situations involving potential threats to the safety of any person, violations of our Terms, or as evidence in litigation in which we are involved.

20.2 Who We Share Your Personal Data With.

Business Transfers. We may share or transfer your Personal Data in connection with, or during negotiations of, any merger, sale of company assets, financing, restructuring, acquisition, or in any other situation in which Personal Data may be transferred as part of our corporate assets.

Service Providers. We engage trusted third parties, including payment processors, fulfilment centers, hosting providers, analytics vendors, consultants, auditors, and solicitors, to perform services on our behalf. These entities are provided only the Personal Data reasonably necessary to perform their functions and are contractually obligated to protect Personal Data and to use it only for the purpose of providing services to Us.

Affiliates and Joint Marketing Providers. We may share Personal Data with our parent company, subsidiaries, affiliates, and selected joint marketing partners so that they can help Us advertise and market Our products.

Legal and Safety Reasons. We may share your Personal Data with law enforcement or other third parties if We believe it is necessary to comply with applicable law or protect Our customers, the Company, or the public.

Deidentified and Aggregated Data. We may take steps to remove details that can identify You from the Personal Data We collect. We may combine this deidentified or aggregated data with data from other users. This helps Us understand trends, improve Our services, and support Our business. We may share this type of data with trusted partners, but We will never share it in a way that could identify You personally.

20.3 Joint Controller Arrangements with Social Media Platforms.

Where We operate joint pages or advertising features with social media platforms such as Meta (Facebook and Instagram), We and the relevant platform are joint controllers in respect of the personal data processed through those features. The essence of the arrangement — including the respective responsibilities of each controller — is set out in the platform’s own joint controller terms. For Meta, these are available at www.facebook.com/legal/terms/page_controller_addendum. You may exercise your UK GDPR data subject rights in respect of any jointly controlled data against either Us or the relevant platform.

21. Third-Party Links and Content.

The Platforms may include links to other websites, ads, or content from companies We do not control, for Your convenience and to help You find more details. If You click on one of these links, You will leave our Platforms. We do not control these third-party sites or their privacy practices, which may be different from Our privacy practices and policies, including but not limited to this Policy. We encourage You to review the privacy policy of any website You visit before sharing any Personal Data. Please note, a link from the Platforms does not mean We endorse or are responsible for the content or services on those third-party websites.

We work with advertising networks, ad agencies, analytics providers, and other partners to show ads on the Platforms and elsewhere online, and to help Us understand how people use the Platforms. For example, if You click on an ad, Our partners may let Us know which ad You clicked and where You saw it. These ads may be shown by Us or third parties, who may use Personal Data about your visits to the Platforms and other sites, across different devices, to show You ads that are more relevant to You.

These third parties may use their own tracking tools, like cookies and web beacons, to collect Personal Data about You and your device. They may collect Personal Data such as your device ID, how You use Our Platforms, and other details. Some may collect Personal Data over time as You visit different websites and online services. These tools help with things like showing You targeted ads, making sure You do not see the same ad too often, and measuring how effective ads are. We may share certain Personal Data such as device identifiers, usage data, hashed data, and other de-identified transaction records with Our partners for advertising and analytics purposes. We and Our partners may also match this data with third-party cookies to help deliver targeted online marketing.

We use Google Analytics to help Us understand how people use the Website. Google Analytics uses cookies and similar technologies to collect and analyze Personal Data about use of the Website and may collect Personal Data about your use of other websites, apps, and online resources. To learn about how Google collects and uses data, visit Google’s privacy page at google.com/policies/privacy/partners. You can opt out of Google Analytics by installing the Google Analytics opt-out browser add-on, available at tools.google.com/dlpage/gaoptout.

22. Cross-Border Processing Outside of the United Kingdom.

Matri Group UK Limited is based in the United Kingdom. However, the data controller responsible for your personal data, Janie and Jack, LLC, is incorporated and operates in the United States. This means that when you interact with our Platforms or purchase from us, you are providing your personal data directly to an organisation located outside the United Kingdom.

The level of data protection available to you in the United States is not the same as in the United Kingdom. The United Kingdom has comprehensive data protection legislation — principally the UK GDPR and the Data Protection Act 2018 — which gives you enforceable rights over your personal data and is overseen by an independent regulator, the Information Commissioner's Office (ICO). The United States does not have a single equivalent federal data protection law; instead, it implements sector-specific laws, and the rights available to you and the remedies open to you if those rights are breached are more limited than under UK law.

This means that once your personal data is transferred to and processed in the United States, the legal protections, enforcement mechanisms, and individual remedies available to you in the United States may differ from those you have in the United Kingdom.

This does not mean that you are without rights. As a UK resident, your rights under the UK GDPR remain fully enforceable in the United Kingdom regardless of where your data is processed. You may exercise those rights against us at any time using the contact details in Section 2, and you retain the right to complain to the ICO. You may also have separate rights enforceable under the laws of the United States depending on the state in which you reside.

We take data protection seriously and have put in place the following measures to ensure that your personal data continues to receive an appropriate level of protection regardless of where it is processed:

Intra-company agreements require all entities within the Matri Group to process personal data in accordance with UK GDPR standards, regardless of where processing takes place.

Intra-company policies and procedures harmonised to UK GDPR standards, covering how personal data is collected, stored, used, shared, and deleted across the group.

Voluntary appointment of a Data Protection Officer to oversee and monitor compliance with UK GDPR obligations across the group's processing activities.

Registration with the UK's Information Commissioner's Office.

The security and technical measures described in the Security and Data Retention Section

Where personal data is transferred to countries for which the UK Secretary of State has made an adequacy decision, those transfers are made on the basis of that adequacy finding.

Where personal data is transferred to countries without an adequacy decision, including the United States, transfers are covered by the UK International Data Transfer Agreement (UK IDTA) or the International Data Transfer Addendum to the EU Standard Contractual Clauses (UK Addendum), which require the recipient to provide protections equivalent to those under UK law.

In limited and specific circumstances only, transfers may be made under the derogations in Article 49 of the UK GDPR — for example, where the transfer is strictly necessary to perform a contract with you, or where you have given your explicit informed consent after being made aware of the risks involved.

Despite these safeguards, we want to be transparent: contractual and organisational measures reduce risk but cannot entirely replicate the statutory protections and enforcement environment of UK law. By using our Platforms, you acknowledge that your personal data will be transferred to and processed in the United States under the safeguards described above.

If you would like further information about the specific safeguards in place for any transfer, or if you wish to obtain a copy of the relevant transfer mechanism, please contact us at privacy_notices@janieandjack.com

22. Security and Data Retention.

22.1 Security Measures.

We take your privacy seriously and use a variety of security measures to help protect and secure your Personal Data from accidental loss and from unauthorized access, use, alteration, and disclosure. All Personal Data You provide to Us is stored on Our secure servers behind firewalls, and any payment data is encrypted using SSL technology. While We work hard to keep your Personal Data safe, no method of online transmission or electronic storage is completely secure. We cannot guarantee that unauthorized parties will never be able to defeat Our security measures. Please keep this in mind when sharing Personal Data online and always use the Platforms in a secure environment.

22.2 Analytics.

We use tools like Google Analytics to help Us understand how visitors use the Platforms. This may include data such as your browser type, operating system, screen resolution, IP address, location, pages visited, and how long You spend on each page of the Platforms. We use this data to improve the Platforms and your experience.

22.3 Other Tracking Devices.

We may use other industry standard technologies, such as pixel tags and web beacons, to see how You interact with the Platforms. These tiny graphic images help Us know if You visited certain pages or opened Our emails, so We can measure and improve Our services and promotions. Our partners may also use these tools for similar purposes.

22.4 Data Retention.

We keep your Personal Data only as long as We need it, for the purposes set out in this Policy, or as required or permitted by law. The criteria We use to determine retention periods include:

The length of time We have an ongoing relationship with You;

Whether there is a legal or regulatory obligation to which We are subject (such as tax, accounting, or anti-money laundering requirements);

Whether retention is advisable in light of Our legal position (such as in regard to applicable limitation periods, litigation, or regulatory investigations).

The table below sets out the specific retention periods or criteria We apply to the principal categories of Personal Data We process. By law We are required to keep basic information about Our customers (including contact, identity, financial and transaction data) for at least six years after they cease being customers, for tax purposes.

Category of Data	Retention Period or Criteria
Customer account and order data	Duration of account plus 7 years (tax and accounting obligations)
Payment transaction records	7 years from date of transaction
Marketing preferences and consent records	Until consent is withdrawn, plus 3 years as evidence of consent
Customer service correspondence	3 years from resolution of the query
In-store CCTV footage	31 days, unless required for an active investigation or incident
Website analytics data	26 months (standard analytics retention period)
Job application data (unsuccessful)	6 months from notification of outcome
Job application data (successful)	Duration of employment plus 7 years
Backup / archived data	Deleted at the next scheduled backup cycle following expiry of the primary retention period

We will not keep your Personal Data for longer than is necessary for the purposes for which it was collected. When We no longer need your Personal Data, We will delete or anonymize it. If immediate deletion is not possible (for example, if your Personal Data is stored in backup archives), We will securely store it and keep it separate from any further use until it can be deleted.

Upon your request to terminate your account, We will deactivate or delete your account and Personal Data from Our active databases. However, We may retain some Personal Data in Our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce Our Terms of Use and/or comply with applicable legal requirements.

23. Your Privacy Rights.

Under the UK GDPR, You have certain rights in relation to your Personal Data. These rights are subject to certain exemptions and limitations.

23.1 Your Privacy Choices.

You can control the Personal Data We collect and use in the following ways:

Location Information. You can disable location-based services at any time in your device or browser settings. If You do, some features, such as finding nearby store locations or using check-in, may not be available.

Push Notifications. We only send push notifications to App users if You have agreed to receive them. To stop getting these messages, simply update your notification settings on your mobile device.

Emails. You can unsubscribe from Our marketing emails at any time by clicking on the unsubscribe link in any email We send, or by contacting Us directly. Please note, You may still receive important service-related emails that are necessary for the administration and use of your account, to respond to service requests, or for other non-marketing purposes.

SMS Messages. We only send text messages if You have given Us permission to do so. To stop receiving texts, reply “STOP”, “UNSUBSCRIBE”, “CANCEL”, or “QUIT” to any message from Us. It may take up to ten (10) business days for your request to take effect. If You want to have your phone number removed from Our records, please email Us.

Online Accounts. You can review and update your contact and payment details anytime by logging into your account on the Website.

Do-Not-Track Settings. Some browsers and devices let You send a Do-Not-Track (“DNT”) signal. Right now, there is no standard way for websites to recognize and respond to these signals, so We do not currently act on them. If a standard for online tracking is adopted that We must follow in the future, We will inform You about that practice in a revised version of this Policy.

23.2 Your Rights Under the UK GDPR.

Right of Access. You have the right to request confirmation as to whether or not We are processing your Personal Data, and where We are, to request access to that Personal Data. This enables You to receive a copy of the Personal Data We hold about You and to check that We are lawfully processing it.

Right to Rectification. You have the right to request that We correct any Personal Data We hold about You that is inaccurate or incomplete.

Right to Erasure (Right to be Forgotten). You have the right to request the deletion or removal of your Personal Data where there is no compelling reason for Us to continue processing it. This is not an absolute right and only applies in certain circumstances, for example where the Personal Data is no longer necessary for the purpose for which it was originally collected.

Right to Restriction of Processing. You have the right to request that We restrict the processing of your Personal Data in certain circumstances, for example if You contest the accuracy of the Personal Data or where You have objected to processing (pending verification of whether Our legitimate grounds override yours).

Right to Data Portability. You have the right to request that We provide You, or a third party You have chosen, with your Personal Data in a structured, commonly used, machine-readable format. This right only applies to automated information which You initially provided consent for Us to use, or where We used the information to perform a contract with You.

Right to Object. You have the right to object at any time to the processing of your Personal Data where We are relying on a legitimate interest (or that of a third party). We will stop processing your Personal Data unless We can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defense of legal claims.

Right to Object to Direct Marketing. You have the right to object at any time to the processing of your Personal Data for direct marketing purposes, including profiling to the extent it relates to such marketing. If You exercise this right, We will stop processing your Personal Data for direct marketing purposes. This right is unconditional.

Rights Related to Automated Decision-Making. You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning You or similarly significantly affects You, unless the decision is necessary for entering into or performing a contract, is authorized by law, or is based on Your explicit consent. You have the right to request human review of any such automated decision, to express your point of view, and to contest the decision.

Right to Withdraw Consent. Where We rely on your consent to process your Personal Data, You have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of any processing carried out before You withdraw your consent.

23.3 Exercising Your Rights.

If You wish to exercise any of the rights set out above, please email Us at privacy_notices@janieandjack.com.

We will respond to your request within one (1) month of receipt of your request. In some cases, where your request is particularly complex or You have made a number of requests, We may extend this period by a further two (2) months. We will notify You if this is the case.

We will not charge a fee for responding to your request in most circumstances. However, We may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, We may refuse to comply with your request in these circumstances.

We may need to request specific information from You to help Us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it.

24. Right to Lodge a Complaint.

If You are not satisfied with how We handle your Personal Data, or any privacy query or request that You have raised with Us, You have the right to lodge a complaint with the Information Commissioner’s Office (“ICO”), the UK supervisory authority for data protection issues.

You can contact the UK ICO at:

Address: Information Commissioner’s Office

Wycliffe House,

Water Lane

Wilmslow Cheshire

SK9 5AF

United Kingdom

Telephone: 0303 123 1113 (or +44 1625 545745 if calling from outside the UK)

Website: www.ico.org.uk

We would, however, appreciate the opportunity to address your concerns before You approach the ICO, so please contact Us in the first instance at privacy_notices@janieandjack.com.

If you are based in the United Kingdom, your primary avenue for complaints is the ICO. You may also raise concerns with the US Federal Trade Commission at reportfraud.ftc.gov, though the FTC's complaint mechanisms are primarily designed for US consumers and individual remedies under US federal law are more limited.

Bag 0

Sorry, looks like we don't have enough of this product.

More to love

Privacy policy