The EU General Data Protection Regulation (“GDPR”) comes into force across the European Union on 25th May 2018 and brings with it the most significant changes to data protection law in two decades. The General Protection Regulation (GDPR) (EU) 2016/679 is the EU regulation on data protection and privacy for all individuals within the European Union and the European Economic Area. has been designed to meet the requirements of the digital age.
E.N. ETC CLOTHING OUTLET LIMITED (Copmany name) (hereinafter called as the “Company” or “we” or “our” or “us” or “etcetera outlet”) is a Company incorporated under the laws of the Republic of Cyprus under registration number HE394917 with registered office address 4, Sofouli Str, Office 102, 2008 Nicosia.
E.N ETC CLOTHING OUTLET LIMITED (Company name) is the owner and operator of the website www.etceteraoutlet.com and the relevant accounts on the Social Media.
Etcetera Outlet is committed to ensuring the security and protection of the personal information that we process, and to provide a compliant and consistent approach to data protection. We have always had a robust and effective data protection program in place which complies with existing law and abides by the data protection principles. However, we recognise our obligations in updating and expanding this program to meet the demands of the GDPR.
Etcetera Outlet is dedicated to safeguarding the personal information under our remit and in developing a data protection regime that is effective, fit for purpose and demonstrates an understanding of, and appreciation for the GDPR Regulation. Our preparation and objectives for GDPR compliance have been summarized in this statement and include the development and implementation of new data protection roles, policies, procedures, controls and measures to ensure maximum and ongoing compliance.
Controller – the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and the means of the processing of Personal Data.
Personal Data – means any information relating to an identified or identifiable natural person (name, ID, location and any other factors specific to the physical, genetic, mental, economic, cultural or social identity of that natural person); The information for the legal entities such as business, partnerships, trusts or other organizations provided by its authorized person, signatory, partner, trustee, executor or a like shall be considered as appropriate.
Processor – a natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the controller;
Processing – obtaining, recording, storing, holding, using or carrying out any operation or set of operations on the information or data including organization, adaptation or consultation on the information or data, as well as disclosure by transmission, dissemination or otherwise making available, or alimenting, combining, blocking, removing or destructing of the information or data;
Sub-Processor – a processor engaged by the data importer or by any other sub-processor if the data importer and who agrees to receive from the data importer or from any other sub-processor of the data importer personal data exclusively intended for the processing activities to be carried out on behalf of the data exporter after the transfer in accordance with the data exporters instructions.
WHAT INFORMATION WE COLLECT FROM YOU
The following groups of personal data are collected:
- Identity Data includes information such as: first name, last name, title, date of birth (optional), personal description and gender (optional).
- Contact Data includes information such as: email address, billing address, delivery address, location, country, telephone number, loyalty programme membership number, and social media id (if you log in by social media).
- Financial Data includes information such as: payment card details and bank account.
- Transaction Data includes information such as: details of your purchases and the fulfilment of your orders (such as basket number, order number, subtotal, title, discounts, shipping, number of items, product number, single item price, category, tax etc.); payments to and from you and details of other products and services you have obtained from us, correspondence or communications with you in respect of your orders, and details of any rewards and bonuses awarded.
- Technical Data includes information such as: details of the device(s) you use to access our services, your internet protocol (IP) address, login data, your username and password, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform.
- Profile Data includes information such as: purchases or orders made by you, product and style interests, preferences, feedback, and survey responses if any.
- Usage Data includes information such as: how and when you use our website/app, how you moved around it, what you searched for; website/app performance statistics, traffic, location, weblogs and other communication data; loyalty programme activities; and details of any other boohoo products and services used by you.
- Marketing and Communications Data includes information such as: your preferences in receiving marketing from us and our third parties and your communication preferences.
Etcetera Outlet always makes sure that all Personal Data we collect is adequate, relevant and limited to what is necessary in relation to the purposes for which they are collected and processed.
In cases where we receive data which was not requested or where information was unintentionally revealed, and the company does not intend to use it for purposes of processing or where data was received by mistake, Etcetera Outlet shall notify you that such data was received and destroy it, unless you wish otherwise.
WHY WE COLLECT YOUR INFORMATION
According to GDPR, Etcetera Outlet acts as a Controller of Your Personal Data and determines solely or jointly with others, the main purpose and legal grounds for the collection and processing of Your Personal Data.
Below Etcetera Outlet outlines the following purposes and legal reasons:
- Execution of the contract. The collection and processing of Your Personal Data is necessary for entering into business relationship with you for the provision of our services.
- This is where we use your personal information with your clear consent, you have a complete free choice to say yes or no, and you can change your mind at any time.
- If you make a purchase on our website, we will use the information provided as indicated above to process your order. To help us, we may share information with other entities involved in processing your order. In addition, dealing with returns, replacements and refunds we will use the information provided.
- Personalisation of your experience on our website. We may use information about you in order to provide you with a more personalised experience when using our website, for example, by providing content that may interest you, facilitating browsing or personalising advertisements. We do not transfer personal data to advertisers.
- To manage our relationship with you, including: providing you with any information, products and services that you request from us; notifying you about changes to our services, terms and conditions or privacy notice; asking you to leave a review or take a survey.
- The information that you provide to us and information about you that we collect indirectly may be used by us for commercial purposes. However, you can agree to or refuse such use of your data beforehand. You can decide no longer to receive commercial information from us at any time by following the unsubscribe instructions included in each of our emails or by contacting us directly via email at email@example.com
- Legitimate Interests pursued by the company in order to protect its business environment. Provided that such interest does not infringe the rights, interests and Your fundamental freedoms.
“Legitimate interests” is a heading that covers several different reasons why Etcetera Outlet may need to collect and process Your Personal Data which may not be covered by other headings, such as: to prevent fraud or financial crime, to provide a better service, to transfer Personal Data between group entities for internal administrative purposes if applicable, or for the purposes of network or information security.
CATEGORIES OF RECEIPIENTS OF YOUR PERSONAL DATA
Your Personal Data in the curse of performing our contractual and statutory obligations may be disclosed to the following Processors, Sub-Processors and Controllers:
- Supervisory and other regulatory and public authorities, including governmental bodies;
- External auditors, lawyers, agents, consultants and other professional advisors subject to confidentiality agreements;
- Banks and other financial organizations, store cards and credit providers subject to the confidentiality agreements;
- Fraud prevention agencies;
- File storage companies, archiving and/or records management companies, cloud storage companies subject to the confidentiality agreements;
- Employees of Etcetera Outlet
Etcetera Outlet may be required to transfer the information provided by You outside of the European Economic Area (for example third party providers or banks) for the purpose of executing the services provided. Such transfer is subject to Article 49(1)(b) and Article 49(1)(c) of the GDPR.
The Company ensures an adequate level of protection for any Personal Data processed by others on behalf of Etcetera Outlet that it is transferred within or outside the European Area.
Unless expressly declared by you, the Personal Data collected and keeping by Etcetera Outlet will not disclosed to any third party other that the above-mentioned recipients.
HOW WE TREAT YOUR PERSONAL DATA FOR MARKETING ACTIVITIES AND WHETHER PROFILING IS USED FOR SUCH ACTIVITIES
We may process your personal data to tell you about products, services and offers that may be of interest to you.
The personal data that we process for this purpose consists of information you provide to us and data we collect and/or infer when you use our services. We study all such information to form a view on what we think you may need or what may interest you. In some cases, profiling is used, i.e. we process your data automatically with the aim of evaluating certain personal preferences in order to provide you with targeted marketing information on products.
We can only use your personal data to promote our products and services to you if we have your explicit consent to do so or, in certain cases, if we consider that it is in our legitimate interest to do so.
You have the right to object at any time to the processing of your personal data for marketing purposes, by contacting us at any time through email indicated below in this document or in writing.
KEEPING PERSONAL DATA
In accordance with the laws and regulations of the Republic of Cyprus, Etcetera Outlet is obliged to keep and update Your Personal Data for as long as Etcetera Outlet provides its services to you.
We will only keep your personal information for a limited period of time. This will depend on a number of factors, including:
- whether you have placed an order with us, or have a registered account with us;
- any laws or regulations that we are required to follow;
- whether we are dealing with a current request, customer care issue or complaint;
- where there is a legal or other type of dispute involving or affecting you;
- the type of information that we hold about you; and
- whether we are asked by you or a regulatory authority or public authority to keep your personal data for a valid reason.
We will keep your personal information during the period that you are a customer with us and then for as long as is necessary in connection with both our and your legal rights and obligations. If you close your customer account, we will delete all the data we have stored regarding you. If it is not possible or necessary to completely delete your data for legal reasons, the relevant data will be blocked for further processing. However, Etcetera Outlet will be required to keep Your Personal Data for the longer period of time if it is prescribed by laws, competent authorities or other regulations (such as pending legal proceedings or investigations) or technical reasons.
Etcetera Outlet takes all reasonable and appropriate steps to protect Your Personal Data from misuse, loss or unauthorized disclose. The Company is doing this by having a range of appropriate technical and organizational measures. In addition, Etcetera Outlet shall maintain appropriate technical and organizational measures for protection of the security (including protection against unauthorized or unlawful processing and against accidental or unlawful destruction, loss or alteration or damage, unauthorized disclosure of, or access to, personal data), confidentiality and integrity of Client´s data. Etcetera Outlet regularly monitors compliance with these measures. Although we take reasonable steps to safeguard information, we cannot be responsible for the acts of those who gain unauthorized access and we make no warranty, express, implied or otherwise, that we will for use prevent such access.
You have the following rights in relation to the Personal Data provided by You to the Company:
- The right to access to or have a copy to the Personal Data we hold about you as well as some supplementary information on that data and to check that we are lawfully processing it;
- The right to request rectification of incorrect data concerning You; This enables you to have any incomplete or inaccurate data we hold about you corrected;
- The right for data portability if it should become relevant; Also you have the right to have your personal data transmitted directly by us to another data controller you will name;
- The right to request, on legitimate grounds the erasure of Your Personal Data; This enables you to ask us to erase your personal data [known as the ‘right to be forgotten’] where there is no good reason for us continuing to process it.
- The right to object the processing of Personal Data based on Etcetera Outlet legitimate interests and/or processing of Personal Data for direct marketing purposes; If you lodge an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms.
- The right to restrict processing of Your Personal Data if you disagree over the accuracy of the personal data, the reason for processing or if you wish us to retain your date for longer that the retention period, e.g. to establish, exercise or defend a legal claim;
- The right to withdraw consent, by written notice at any time, if the process of Your data is based on consent. Please note that this will not affect the lawfulness of processing based on consent before it was withdrawn by You;
Please feel free to exercise the above rights by sending an email to firstname.lastname@example.org
You have the right to lodge a complaint regarding the processing of Your Personal Data by Etcetera Outlet by sending your complaint via email to email@example.com and the Company’s responsible officer will investigate your complaint. In the event that you are not satisfied with the response or if You feel that Your Concerns have not been adequately addressed by the Company, you have the right to file a complaint with the Office of the Commissioner for Personal Data Protection of the Republic of Cyprus. Find out on their website how to submit a complaint (http://www.dataprotection.gov.cy).
PERSONAL DATA BREACH NOTIFICATION
In case the Company becomes aware of Personal Data breach which may result in high risk to Your rights and freedoms, the company shall without undue delay notify You of such breach and provide the following information:
- Type of Personal Data affected;
- The nature of breach;
- Steps to be taken by the Company in order to minimize any damage
You should inform the Company immediately by sending an email to firstname.lastname@example.org of any possible damage, loss or misuse such breach may cause You in order to assist Etcetera Outlet assess all possible solutions promptly.
We may modify or amend this privacy statement from time to time.
We will notify you appropriately when we make changes to this privacy statement and we will amend the revision date at the bottom of this policy. We do however encourage you to review this statement periodically so as to be always informed about how we are processing and protecting your personal information.
You and the Company hereto irrevocably submit to the exclusive jurisdiction of the courts of the Republic of Cyprus in connection to any dispute arising from the terms of this policy.
HOW TO CONTACT US
We welcome feedback and are happy to answer any questions you may have about your data.
Please send any questions, comments or requests for more information sending an email to email@example.com or in writing to the following address:
4 Sofouli Str.,
This Privacy notice was last updated on 9th September 2019 (Version 1)
E.N. ETC CLOTHING OUTLET LIMITED