Updated: August 16, 2019
PERSONAL DATA THAT WE COLLECT
When you visit the Site, we will collect and process all or some of the following Personal Data about you:
We automatically collect certain information about your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device. Additionally, as you browse the Site, we collect information about the individual web pages or products that you view, what websites or search terms referred you to the Site, and information about how you interact with the Site. We refer to this automatically-collected information as “Device Information.”
We collect Device Information using the following technologies:
“Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org.
“Log files” track actions occurring on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
“Web beacons,” “tags,” and “pixels” are electronic files used to record information about how you browse the Site.
When you make a purchase or attempt to make a purchase through the Site, we collect certain information from you, including your name, billing address, shipping address, payment information (including credit card numbers and/or PayPal account information), transaction details (i.e. what product you purchased and when), email address, and phone number. We refer to this information as “Order Information.”
If you contact us using the Site or any of our social media pages, we may receive your name, email address and any other Personal Data you choose to provide us within your correspondence. If you sign up for an account on the Site, we will receive your name, email address and chosen password. We retain your password so that we can confirm your identity for future logins.
HOW DO WE USE YOUR PERSONAL DATA?
This section explains how and why we use Personal Data. Please note that where you are a user located in the EEA, we also identify the “lawful bases” on which we rely to process your Personal Data, as required in order to comply with European law. An explanation of the lawful bases can be found by clicking on the relevant lawful basis
TO COMMUNICATE EFFECTIVELY WITH YOU AND CONDUCT OUR BUSINESS
We use your contact information to communicate with you, when in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services; and/or process your entries into any competition we may run on the Site or our social media page.
Lawful bases: legitimate interests (to identify you when you return to the Site, to communicate with you, to consider your entry into our competitions)
TO PROCESS YOUR ORDERS
Where you place an order with us, we will use your Personal Data to fulfill any orders placed through the Site, including processing your payment information, arranging for shipping, providing you with invoices and/or order confirmations, managing returns or exchanges, keeping a record of your transaction, to communicate with you about your order.
Lawful bases: contract performance, legitimate interests (to enable us to perform our obligations and provide our services to you)
TO SCREEN FOR POTENTIAL RISK OR FRAUD
We may use your Personal Data (such as your Device Information or Order Information) to compare against previous interactions with us, to confirm you are the authorized user of the account. We may also share your Personal Data with third party service providers who assist us in prevention of crime and fraud. They may do this by comparing Personal Data against known compromised or fraudulent datasets. We may use your Personal Data to prevent fraud as may be required by applicable law and regulation and best practice at any given time. If false or inaccurate information is provided and fraud is identified or suspected, details may be passed to fraud prevention agencies and may be recorded by us or by them.
Lawful bases: legal obligations, legitimate interests (to assist with the prevention of crime and fraud)
TO PROVIDE YOU WITH MARKETING MATERIALS
We may also use your information for marketing our products and services to you by post, email, SMS, phone, social media and, where required by law, we will ask for your consent at the time we collect your data to conduct any of these types of marketing. We will provide an option to unsubscribe or opt-out of further communication on any electronic marketing communication sent to you or you may opt out by contacting us as set out in the “Contacting Us” section below.
Lawful bases: consent, legitimate interests (to keep you updated with news in relation to our products and services)
TO MONITOR CERTAIN ACTIVITIES
To monitor queries and transactions to ensure service quality, compliance with procedures and to combat fraud.
Lawful bases: legal obligations, legal claims, legitimate interests (to ensure the quality and legality of our services, to assist with the prevention of crime and fraud)
TO OPTIMISE THE SITE AND ENSURE OUR ADVERTISING IS RELEVANT
We use data to improve your experience of the Site. For example, by generating analytics about how our customers browse and interact with the Site, and to assess the success of our marketing and advertising campaigns). We also use Device Information to offer you the best possible customer experience, which includes targeted advertising and retargeting on social platforms. For more information about how targeted advertising works, click here
Lawful bases: legitimate interests (to allow us to provide you with the content and services on the Site, to ensure the quality of our service)
FOR RESEARCH AND DEVELOPMENT PURPOSES
To analyse your personal data in order to better understand your and our other clients’ services and marketing requirements, to better understand our business and develop our products and services;
Lawful bases: legitimate interests (to allow us to improve our services)
TO REORGANISE OR MAKE CHANGES TO OUR BUSINESS
In the event that we: (i) are subject to negotiations for the sale of our business or part thereof to a third party; (ii) are sold to a third party; or (iii) undergo a re-organisation, we may need to transfer some or all of your personal data to the relevant third party (or its advisors) as part of any due diligence process for the purpose of analysing any proposed sale or re-organisation. We may also need to transfer your personal data to that re-organised entity or third party after the sale or reorganisation for them to use for the same purposes as set out in this policy.
Lawful bases: legitimate interests (in order to allow us to change our business)
IN CONNECTION WITH LEGAL OR REGULATORY OBLIGATIONS
To comply with our regulatory requirements or dialogue with regulators, as applicable, which may include disclosing your personal data to third parties, the court service and/or regulators or law enforcement agencies in connection with enquiries, proceedings or investigations by such parties anywhere in the world or where compelled to do so.
Lawful bases: legal obligations, legal claims, legitimate interests (to cooperate with law enforcement and regulatory authorities)
SHARING YOUR PERSONAL DATA
We share your Personal Data with third parties to help us use your Personal Data, as described above. For example, we may share your personal data with our contractors, agents and/or advisors that perform activities on our behalf. In addition, we share your Personal Data with:
- Shopify, to power our online store--you can read more about how Shopify uses your Personal Data here: https://www.shopify.com/legal/privacy; and
- Google Analytics to help us understand how our customers use the Site--you can read more about how Google uses your Personal Data here: https://www.google.com/intl/en/policies/privacy/. You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
- Facebook via a pixel which allows us to track visitor activity on our site. It works by loading a small library of functions which we use whenever a site visitor takes an action (called an event) that you want to track (called a conversion). To learn more, visit here:https://business.facebook.com/privacy/explanation
Finally, we may also share your Personal Data where necessary to comply with applicable laws and regulations, or (subject to applicable law) to respond to a subpoena, search warrant or other lawful request for information we receive, or to defend or establish a legal claim.
EXPORT OUTSIDE THE EEA
Where we transfer Personal Data from inside the European Economic Area (the EEA) to outside the EEA, we may be required to take specific additional measures to safeguard the relevant Personal Data. Certain countries outside the EEA have been approved by the European Commission as providing essentially equivalent protections to EEA data protection laws and therefore no additional safeguards are required to export Personal Data to these jurisdictions. In countries which have not had these approvals (see the full list here http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm), we will transfer it subject to EU Commission-approved model contractual clauses, ask for your consent to the transfer, or other legal grounds permitted by applicable legal requirements, unless we are permitted under applicable data protection law to make such transfers without formalities.
Please contact us as set out in the “Contacting Us” section below if you would like to see a copy of the specific safeguards applied to the export of your Personal Data. Please note that your information will be transferred outside of Europe, including to Canada and the United States.
As described above, we may also use personalised online advertising on the Site, to ensure that the advertising is as relevant to you as possible. It works by showing you adverts that are based on your browsing patterns and the way you have interacted with the Site. It then shows you adverts which we believe may interest you.
When you browse the Site, some of the cookies and similar technology we place on your device are advertising cookies, so we can understand what sort of pages you are interested in. We can then display advertising on your browser based on these interests.
We only use Device Information for this purpose, we do not collect or use information such as your name, email address, postal address or phone number for personalised online advertising.
We may also share online data collected through cookies and similar technology with our advertising partners. This means that when you are on another website, you may be shown advertising based on your browsing patterns on the Site. We may also show you advertising on the Site based on your browsing patterns on other sites, that we have obtained from our advertising partners.
Online retargeting is another form of online advertising that allows us and some of our advertising partners to show you advertising based on your browsing patterns and interactions with a site away from the Site.
For example, if you have visited the website of an online clothes shop, you may start seeing adverts from that same shopping site displaying special offers or showing you the products you were browsing. This allows companies to advertise to you if you leave their website without making a purchase.
We also use personalised online advertising to promote our own products and services. This means that you may see advertising for our products and services on the Site and when you are on other, third party websites, including social media platforms.
For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.
You can opt out of targeted advertising by:
FACEBOOK - https://www.facebook.com/settings/?tab=ads
Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at: http://optout.aboutads.info/.Please note that we do not alter the Site’s data collection and use practices when we see a Do Not Track signal from your browser.
If you have any questions in relation to our use of your Personal Data, you should first contact us as per the “Contacting Us” section below.
Additional rights of individuals located in the EU :
Under certain conditions, individuals in the EU may also have the right to require us to:
- provide you with further details on the use we make of your information;
- provide you with a copy of information that you have provided to us;
- delete any Personal Data the we no longer have a lawful ground to use;
- where processing is based on consent, to withdraw your consent so that we stop that particular processing
- (see the section title, “To provide you with marketing materials” for more information);
- to ask us to transmit the Personal Data you have provided to us and we still hold about you to a third party electronically;
- object to any processing based on the legitimate interests ground unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights and restrict how we use your information whilst a complaint is being investigated.
Your exercise of these rights is subject to certain exemptions to safeguard the public interest (e.g. the prevention or detection of crime) and our interests (e.g. the maintenance of legal privilege). If you exercise any of these rights we will check your entitlement and respond in most cases within a month.
You have the right to ask us not to process your Personal Data for marketing purposes. We will inform you if we intend to use your information for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by not checking certain boxes on the forms we use to collect your Personal Data. You can also exercise the right at any time by contacting us as set out in the “Contacting Us” section below.
If you are not satisfied with our use of your Personal Data or our response to any exercise of these rights you have the right to complain to the Information Commissioner’s Office (the UK data protection regulator).
Our retention periods for Personal Data are based on business needs and legal requirements. We retain Personal Data for as long as is necessary for the processing purpose(s) for which the information was collected, and any other permissible, related purpose. For example, we may retain certain transaction details and correspondence until the time limit for claims arising from the transaction has expired, or to comply with regulatory requirements regarding the retention of such data. When Personal Data is no longer needed, we either irreversibly anonymise the data (and we may further retain and use the anonymised information) or securely destroy the data.
The Site is not intended for individuals under the age of 18 years.
Piloti Inc. Privacy Office
15 Riverside Avenue Connecticut, USA