MENU CART {{currentCart.getItemCount()}}

WHOSTHATshop Privacy Policy


Respectingand protecting our customers’ privacy and personal data is important ParagonDesign Limited and its related companies (including all holding, subsidiary andaffiliate companies) (collectively, we or us). This policy will help youunderstand how we collect, use and safeguard your personal data in ourinteractions with you.

Italso describes your data protection rights.


2.What information do we collect?

Wecollect and process personal data about you when you:

2.1visit and/or register on any websites owned and operated by us (including,  ) (collectively, our Site);

2.2browse as a guest or as a registered user on our Site

2.3use a third-party service offered by service providers such as analyticscompanies, advertising networks and cooperatives, demographic companies, andany other third party service providers that we choose to collaborate or workwith, and we obtain your personal data from those third parties;

2.4provide us with your personal data via: our physical stores, Wi-Fi, mobiledevices, social media platforms/networks or telephone enquiries, your applicationfor or use of our services or loyalty programmes (such as our VIP membership orPrivate Sales);

2.5visit our physical stores or any other of our locations and your image iscaptured by our security CCTV

2.6visit our physical stores or any other of our locations, and our data analyticscameras carry out real-time data analyses based on your image for statisticalresearch purposes on an anonymous and aggregated basis as set out in our DataAnalytics Policy (see Section 13 below). The only personal data that will becollected and processed and used to analyse pathways throughout the store willbe your facial biometric template derived from your facial image (i.e. numericinformation describing different facial features).


3.How do we use this information, and what is the legal basis for this use?

Weprocess personal data for the following purposes:

3.1to conduct our business and pursue legitimate interests, in particular:

•3.1.1To provide our services to you, including: responding to any questions you mayhave, providing you with recommendations on products in our stores or on ourSite; assessing your applications with us for any of our services or loyaltyprogrammes; providing our VIP service to you; fulfilling any orders you maymake with us (including verification and security checks of your details,processing of your payments, shipping products that you have ordered to you,and processing returns or exchanges of products you have purchased); providingfree Wi-Fi services to you at our physical stores; personalizing our servicesto you and enhancing your experience in using our services; and

•3.1.2We monitor the use of our Site and our services (both online and offline), anduse your information to help us monitor, improve and protect our products,content, services and websites, both online and offline;

•3.1.3To analyse trends, usage, browsing and shopping behaviour with us (whether onan individualized or anonymized and aggregated basis), which helps us betterunderstand how you and our collective customer base access and use our Site,stores and services, for the purposes of:

o3.1.3.1 improving our services;

o3.1.3.2 to respond to customer desires and preferences;

o3.1.3.3 measuring the effectiveness of our marketing campaigns;

o3.1.3.4 conducting marketing activities targeted at external, potentialcustomers (on an aggregated and anonymized basis only); and

o3.1.3.5 crowdsource data analytics and hackathon activities (on an aggregatedand anonymized basis only).


3.2when you give us consent (if required):

•3.2.1To provide you with direct marketing communications in relation to products,services, events, offers or promotions under the categories stated below,provided by:

(a)us or our related companies (including our affiliate and subsidiary companies),(b) business partners, and (c) other third party providers. Such marketingcommunications may be in various forms, including advertisements, specialevents notifications or newsletters, and delivered via various methods inaccordance with the personal data that you provide to us, such as by email,SMS, WeChat messages, smartphone app push notifications, notifications on yoursocial media pages, in –app messaging or postal mail. Such marketingcommunications may market or offer products or services (including specialevents and promotions) in the following categories: Dining, food and beverages,sports, music, film, television and other entertainment, clothing andaccessories, jewellery, luggage and bags, cosmetics, personal health and hygiene,electronics, home furnishings, and housewares, automobiles, transport andtravel, hotels, financial services, loyalty and reward programs, mediaservices, entertainment services, social networking services, payment services,on-line advertising services, other e-commerce, information and communicationsand services, concierge services, and other products and services related toany of the foregoing, which we think may be relevant to you based oninformation you provide to us (for instance, via your participation in oursurveys); and

•3.2.2To allow you to register for and participate in our events and promotions,including verifying your identity at those events and promotions

3.3for purposes which are required by law:

•3.3.1In response to requests by government or law enforcement authorities conductingan investigation.

3.4In this Privacy Policy, your personal data means: your name, email address,contact number, MAC address, IP address, credit/debit card and other paymentinformation, gender, date of birth, age, interests, geographical location, Siteusage (including browsing behaviour / activities), shopping and purchasingbehaviour, your physiological data in images captured by our analytics cameras(which data will be anonymized and aggregated before usage) and security CCTV, andother personal data you provide.


4.Relying on our legitimate interests

Wehave carried out an assessment on all the data processing activities describedabove in order to weigh up any privacy implications against our legitimatebusiness interests. You can obtain information on any of our assessments bycontacting us using the details set out later in this policy.


5.Withdrawing consent or otherwise objecting to direct marketing

Whereverwe require your consent under applicable law, you will always be able towithdraw any consent provided to us. We shall cease to use your personal datafor the purpose in respect of which you have withdrawn your consent, but we maystill use, process, store and transfer your data for other purposes, such asthose set out above. Specifically, in the case of customers from the EuropeanEconomic Area (EEA), we are able to send you direct marketing without yourconsent, where we rely on our business or legitimate interests. Irrespective ofthe legal basis on which we rely to send you direct marketing, you have anabsolute right to opt-out of direct marketing, or profiling we carry out fordirect marketing, at any time. You can do this by: contacting our PrivacyOfficer at


6.Who will we share this data with, where and when?

Wewill share your personal data with the related companies of Paragon Design Limitedfor the purposes set out in Clauses 3.1 and 3.2 above.

Personaldata may be shared with government authorities and/or law enforcement officialsif required for the purposes set out in Clause 3.3 above, if mandated by law orif required for the legal protection of our legitimate interests in compliancewith applicable laws.

Personaldata will also be shared with third party service providers, who will processit on our behalf for the purposes identified in Clause 3 above. In particular,we use the following third party providers:

•6.1Courier services;

•6.2E-mail/SMS/MMS/WeChat blasting services;

•6.3Telecom companies (for providing in-store Wi-Fi services);

•6.4Data storage and cloud service providers (for storage of your personal data andhosting of applications that process your personal data for the purposesidentified in this policy);

•6.5Google, Facebook and other advertising networks (for matching of your personaldata with their database in order to send you our direct marketing materialsthrough your Google and/or Facebook account(s));

•6.6Marketing (including digital marketing) and website analytic agencies (fordisplay of advertising materials on our Site and other websites that you mayvisit, and analysis of your online behaviour and usage of our Site; and

•6.7Data analytics and hackathon service providers and agencies (for the purposesstated in Clause 3.1.3 above, in which only anonymized data will be sent toservice providers for those purposes in Subclauses and

Yourdata, in an anonymous form such that your identity cannot be ascertained, mayalso be sold to third parties for their own purposes.

Inthe event that our business or any part of it is sold or integrated withanother business, your details will be disclosed to our advisers and anyprospective purchaser’s adviser and will be passed to the new owners of thebusiness.

Ifyour information is transferred to a business partner or third party serviceprovider in a country that is not subject to an adequacy decision by the EUCommission, data will be adequately protected by EU Commission approvedstandard contractual clauses, an appropriate Privacy Shield certification orthird party or business partner’s Processor Binding Corporate Rules.


7.What rights do I have?

Wherepermitted by law, you have the right to ask us for a copy of your personaldata; to correct, delete or restrict (stop any active) processing of yourpersonal data; and to obtain the personal data you provide to us in astructured, machine readable format, and to ask us to share (port) this data toanother controller.

Inaddition, you can object to the processing of your personal data in somecircumstances (in particular, where we do not have to process the data forbusiness or other legitimate interests, purposes for which consent has beengiven (including direct marketing) or other legal requirements).

Theserights may be limited, for example if fulfilling your request would revealpersonal data about another person, where they would infringe the rights of athird party (including our rights) or if you ask us to delete information whichwe are required by law to keep or have compelling legitimate interests inkeeping. Relevant exemptions are available under applicable laws. We willinform you of relevant exemptions we rely upon when responding to any requestyou make.


8.How do I get in touch with you?

Wehope that we can satisfy queries you may have about the way we process yourdata. If you have any concerns about how we process your data, or would like toopt out of direct marketing, you can get in touch at


9.Who is the data controller?

Whois the data controller? Paragon Design Limited, and its related companies;contact details can be found in the section How do I get in touch with youabove.