WHAT IS THIS POLICY ABOUT?
2.1 The definitions of the capitalised terms shall have the same meaning regardless of whether they appear in singular or in plural.
2.2 The following capitalised terms shall have the following meanings unless otherwise defined.
- "Account" means a personalised account created by any Customer to allow him/her to order any Products available on our Website;
- "Anonymous Data" means Personal Data that has been amended to the extent that it no longer contains any identifying information and thus, no longer constitutes Personal Data;
- "Brand(s)" means any brand(s) which is listed Products for sale on our Website;
- "Child" means any person under the age of 16;
- "Comply with a Legal Obligation" means processing your Personal Data where it is necessary for compliance with a legal obligation to which we are subject;
- "Cookies" means small files of letters and numbers that we store on the hard drive of your Device if you agree. Cookies contain information that is transferred to your Device’s hard drive;
- "Customer(s)" means any person or business, who ahs created an account on our Website to purchase Products;
- "Data Controller" means the natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the way any Personal Data are, or are to be, processed as outlined in the Data Protection Legislation;
- "Data Processor" means any natural or legal person who processes the data on behalf of the Data Controller;
- "Data Protection Legislation" means all applicable data protection and privacy legislation in force from time to time in the UK including without limitation the General Data Protection Regulation ((EU) 2016/679); the Data Protection Act 2018; the Privacy and Electronic Communications Directive 2002/58/EC (as updated by Directive 2009/136/EC) and the Privacy and Electronic Communications Regulations 2003 (SI 2003/2426), in each case as amended, varied, and replaced from time to time;
- "Device" means any electronic device, such as a computer, a phone or digital tablet (including without limitation an iPad), that is used to register and access your Account and/or our Website;
- "Flash Cookies" means a text file that is sent by a web server when your browser requests content supported by Adobe Flash, a popular browser plug-in;
- "Legitimate Interest" means the interest of our business in conducting and managing our business to enable us to give you the best service and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your Personal Data for our legitimate interest. We do not use your Personal Data for activities where our interests are overridden by the impact on you (unless we have your consent or otherwise required or permitted by law). You can obtain further information about how we assess our legitimate interest against any potential impact on you in respect of specific activities by contacting us;
- "Personal Data" has the meaning given to it in the Data Protection Legislation;
- "Performance of Contract" means processing your Personal Data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering such contract;
- "Product(s)" means various goods provided by adaptive fashion, beauty and lifestyle brands available to purchase on our Website;
- "subsidiary" or a "holding company" means a subsidiary or a holding company (as the case may be) as defined in section 1159 of the Companies Act 2006.
- "Third - party Social Media Service" means any website or social network website through which a Customer can create or log in to their Account to purchase any Products listed on our Website;
- "Website" means https://www.adaptista.com/
IMPORTANT INFORMATION AND WHO WE ARE?
3.3 The Website is not intended for use by Children and we do not knowingly collect any Personal Data relating to Children.
3.4 When access our Website, we will automatically assume that we have your consent to process your Personal Data as described in this policy.
3.5 You may change your mind at any time and withdraw your consent by contacting us. Your withdrawal will not affect the lawfulness of any processing carried out before you withdraw your consent.
4.1 Adaptista Limited is a Data Controller in respect of certain Personal Data provided by Customers.
4.2 From time to time we may appoint Data Processors who process Personal Data on our behalf. The responsibilities described below may be assigned to an individual, or may apply to our whole organization. Our Data Processors are required to sign binding agreements with us that mandate that they comply with obligations equivalent or more onerous than those set out herein when processing Personal Data on our behalf. Our Data Processors have the following responsibilities:
- ensuring that all processing of Personal Data is governed by one of the legal bases laid out within the GDPR and as set out below;
- ensuring our Data Processors are authorised and committed to process Personal Data;
- implementation of appropriate technical and organisational measures to ensure a level of security appropriate to the risk associated with the processing of Personal Data;
- obtaining the prior specific or general authorisation of the Data Controller before engaging another Processor;
- assisting the Data Controller in the fulfilment of the Data Controller’s obligation to respond to requests for exercising the data subject’s rights;
- making available to the Data Controller all information necessary to demonstrate compliance with the obligations laid down in the GDPR and allow for and contribute to audits, including inspections, conducted by the Data Controller or another auditor mandated by the Data Controller;
- maintain a record of all categories of processing activities carried out on behalf of a Data Controller;
- Cooperate, on request with the supervisory authority in the performance of its tasks;
- ensuring that any person acting under the authority of the Data Processor who has access to Personal Data does not process Personal Data except on instructions from the Data Controller; and
- Notify the Data Controller without undue delay after becoming aware of any Personal Data breach.
- RIGHTS TO COMPLAIN
5.2 If you wish to contact us regarding your rights, we reserve the right to request copies of your identification or any other information that may be reasonably required to verify your identity.
CHANGES TO YOUR PERSONAL DATA
6.1 It is important that the Personal Data we hold about you is accurate and current. Please keep us informed if any aspect of your Personal Data changes during your relationship with us. This can be done by updating your details on your Account or by contacting us on the details below. Any previous personal data held on you will be deleted to the fullest extent possible.
INTERACTING WITH THIRD PARTY LINKS
7.1 Our Website may include links to third-party providers, plug-ins and applications. Clicking on any of these links or enabling those connections may allow third parties not associated with us to collect or share data about you. We do not control these third-party providers and are not responsible for their privacy statements.
7.3 You may see our ads in Facebook after you have visited our Website. In order for this to happen, Facebook uses a custom audience pixel which is activated when a Customer lands on our Website and a unique “cookie” is placed in their browser. Facebook lookalike audience targeting allows us to show ads on Facebook to people who are similar to those who have already visited or made a purchase from our Website. To opt out of Facebook’s collection and use of information for ad targeting please visit: https://www.facebook.com/help/568137493302217.
PERSONAL DATA THAT WE COLLECT?
8.1 Personal Data (also referred to as personal information) means any information about our Customers from which that Customer can be identified. It does not include data where the identity has been anonymised.
8.2 We may collect, use, store and transfer different kinds of Personal Data about you, which include but are not limited to, the following categories:
- “Aggregated Data” means data which could be derived from your Personal Data but is not considered Personal Data under the Data Protection Legislation. This is because the data does not directly or indirectly reveal your identity.
- “Contact Data” means your email address, telephone number, billing address and address for service.
- “Financial Data” means your bank account information and payment card details.
- “Identity Data” means your first name, maiden name, last name, username or similar identifier, marital status, date of birth and gender.
- “Location Data” means any Personal Data derived from geolocation technology we may use to determine your current location. You can withdraw your consent at any time by disabling the geolocation settings.
- “Marketing and Communications Data” means your preferences in receiving marketing communications from us and our third parties and what are your communication preferences.
- “Profile Data” means your username and password, purchases made by you, your interests, preferences, feedback, and survey responses.
“Special Categories of Personal
Data” means Personal Data which is sensitive in nature and
requires a higher level of protection. This means personal data about an individual’s: biometric
data (where this is used for identification purposes); criminal convictions and
ethnic origin; genetic data; health data; political opinions; race; religious or philosophical beliefs; sex life; sexual orientation; or trade union membership.
- “Transaction Data” means data that includes details about any payments to and from you and the details of Products which you have purchased;
- “Technical Data” means internet protocol (IP) addresses, your log in data, browser type and version, time zone settings and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access the Website;
- “Usage Data” means information about how you use the Website, and purchase Products.
8.4 Other than incidental health data (for example, it may be possible to determine from your purchase history or from communications that you have had with us that you suffer from a particular illness, condition, or disability), we do not collect any Special Categories of Personal Data about you.
WHAT IF YOU DO NOT PROVIDE PERSONAL DATA?
9.1 In some circumstances, we need to collect Personal Data by law, or under the terms of a contract we have with you. If you fail to provide that data when requested, we may not be able to perform any contract which we have or are trying to enter into with you. In this case, we may have to terminate your Account with us.
9.2 For the avoidance of doubt, we accept no liability for any losses arising from any inability to fulfil any contractual requirement as a result of your failure to provide the any Personal Data or payments required.
HOW DO WE COLLECT YOUR PERSONAL DATA?
10.1 We use different methods to collect data from and about you including through:
(a) Direct interactions. You may give us your Identity, Contact, Account, Financial and Marketing and Communications Data by creating an Account and/or agreeing to purchase Products or by corresponding with us by post, phone, email, via our Website or otherwise. This includes Personal Data you provide when you:
(i) create an Account on our Website;
(ii) input and/or change information associated with your profile recorded with your Account;
(iii) purchase any of our Products or browse our Website; or
(iv) sign up to our newsletter; or
(v) give us some feedback.
(b) Automated technologies or interactions. As you interact with us via our Website, we may automatically collect Technical Data about your equipment, browsing actions and pattern through mediums such as recording systems, Cookies, server logs and other similar technologies. We collect this Personal Data by using Cookies, server logs and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our Cookies.
(c) Third parties or publicly available sources. We may receive Personal Data about you from various third parties and public sources as set out below:
(i) Technical Data from the following parties:
- analytics providers (such as Google Analytics);
- advertising networks (such as Google and Facebook);
- search information providers (such as Google); and
- providers of technical, payment and delivery services.
(ii) Identity and Contact Data from publicly availably sources such as Companies House.
HOW DO WE USE YOUR PERSONAL DATA?
11.1 We will only use your Personal Data to the extent permitted by the Data Protection Legislation. We will commonly use your Personal Data in the following circumstances:
(a) Where we have or are about to enter into a contract and to ensure the Performance of the Contract;
(b) Where it is necessary for our Legitimate Interests (or those of a third party) and your interests and fundamental rights do not override those interests; and
(c) Where we need to comply with a legal or regulatory obligation.
11.2 We will help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Data is a statutory or contractual requirement necessary to enter into a contract.
11.3 Generally, we do not rely on consent as a legal basis for processing your Personal Data other than in relation to sending third party direct marketing communications to you via email. You have the right to withdraw consent to marketing at any time by contacting us.
WHY WE WILL USE YOUR PERSONAL DATA
12.1 Please contact us if you need details about the specific legal ground we are relying on to process your Personal Data.
12.2 We will only use your Personal Data for the purposes for which we collected it. There may be times where we consider it necessary to use your Personal Data for another reason which is compatible with the original purpose. We may process your Personal Data without your knowledge or consent, but only where it is compliance with the rules set out above. For further information on how your Personal Data may be used for another reason, please contact us.
12.3 We may process your Personal Data without your knowledge or consent in compliance with the above rules and where this is required by law. If we use your Personal Data for any unrelated purpose, we will contact you as soon as reasonably practicable.
13.1 We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data on our instructions, and they are subject to a duty of confidentiality.
13.2 We have put in place procedures to deal with any suspected breach of any Personal Data and we will notify you and any applicable regulator when we are legally required to do so.
14.1 By law we have to keep basic information about our Customers for six (6) years after you cease being a Customer for tax purposes. You can ask us to delete your data in some circumstances.
14.2 We will anonymise your Personal Data for research or statistical purpose, in which case we may use this information indefinitely without further notice to you.
14.3 In the event that you do not use our Website for a period of 6 calendar months we may terminate your Account and delete any Personal Data associated with it.
HOW LONG WILL WE USE YOUR PERSONAL DATA FOR?
15.1 In accordance with the General Data Protection Regulation (EU) 2016/67, we will only retain your Personal Data for as long as necessary to fulfil the purposes for which we collect it, including for the purposes of satisfying any legal, accounting, or reporting requirements. Once these have been satisfied, the Personal Data will either be deleted or amended to the extent that it would be considered Anonymous Data.
15.2 We will consider the nature and sensitivity of the Personal Data and any potential risk of harm from unauthorised use or disclosure of your Personal Data when determining the appropriate retention period. We will consider other means and applicable legal requirements for when we process your Personal Data.
15.3 You can ask us to delete your Personal Data. In some circumstances we may anonymise your Personal Data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
WHEN WILL WE DISCLOSE YOUR PERSONAL DATA?
16.1 We may have to share your Personal Data, including but not limited to the following and for the purposes set out in the table in Paragraph 12 above:
- a) External Third Parties;
- b) Internal Third Parties;
- c) Specific third parties listed in the table above; and
16.2 We may sell data derived from usage of our Website including viewings of pages, profiles and adverts on our Website which will always be aggregated and anonymised.
16.3 All third parties are required to respect the security of your Personal Data and to treat it in accordance with the law. We will not allow our third-party service providers to use your Personal Data for their own purposes and without our instructions.
16.4 We may from time to time transfer your Personal Data to Data Processors located outside the UK and EU. Where we do this, we will ensure that each such Data Processor signs a data processing agreement and/or Standard Contractual Clauses as provided by the European Commission (https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc/standard-contractual-clauses-international-transfers_en) to ensure that their processing activities comply with GDPR and the principles set out herein.
YOUR LEGAL RIGHTS
17.1 You have rights under the Data Protection Legislation in relation to your Personal Data.
17.2 You have the right to:
- Request access to your Personal Data. This enables you to receive a copy of the Personal Data we hold about you.
- Request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate data corrected, we may need to verify the accuracy of the new data you provide to us.
- Request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where you have successfully exercised your right to object to processing. Where we may have processed your information unlawfully or where we are required to erase your Personal Data to comply with the Data Protection Legislation. We may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
- Object to processing only in circumstances where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your Personal Data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing This
enables you to ask us to suspend the processing of your Personal Data in the following
(a) if you want us to establish the data's accuracy;
(b) where our use of the data is unlawful but you do not want us to erase it;
(c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
(d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- Request the transfer We will provide to you, or a third party you have chosen, your Personal Data in a structured, commonly used, machine-readable format. This right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you. In addition, this does not provide you with routine access to our systems and processes and only the extraction of your Personal Data.
- Withdraw consent at any time where we are relying on consent to process your Personal Data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain functionality to you. We will advise you if this is the case at the time you withdraw your consent.
17.4 You will not usually have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
17.5 We may implement our security measures, such as requesting specific information about you to ensure that your Personal Data is not disclosed to any unauthorised person. We may also contact you to ask you for further information in relation to your request to speed up our response.
17.6 We will use all reasonable endeavours to respond to all legitimate requests within one month of the time we receive all of the information required to complete your request. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
MARKETING AND PROMOTIONAL OFFERS FROM US
18.1 By accessing our Website, and not opting out of our marketing and promotional offers, you are consenting us to use your Identity Data, Contact Data, Account Data, Technical Data, Usage Data and Marketing and Communications Data and form a view of Products that we think may interest you.
18.2 You may withdraw your consent for us to contact you, at any time by selecting the opt out link on any of our marketing emails or contacting us.
18.3 It is possible that you may receive marketing communications from us if you have requested information on any of the Products provided by any of the Brands listed on the Website, if you have used our Website previously, or if you have provided your details to us when you have entered into any competition or registering for a promotion.
19.1 We will get your express opt-in consent before we share your Personal Data with any other company which is not directly linked to us for marketing purposes.
19.2 When you opt out of receiving any marketing communications, this will not apply to Personal Data provided to us.
21.1 If you would like to contact us or exercise your legal rights, or you have any questions about any aspect of this policy, please contact us on the following details:
Full name of legal entity: Adaptista Limited (company number: 13204110).
Email: info (at) adaptista.com