Last updated on: 10th May 2019
Generally, Zolotissimo ships the products to the following countries: European Union, Armenia, Australia, Azerbaijan, Belarus, Canada, China, Georgia, Hong Kong, Iceland, Israel, Jordan, Kuwait, Macedonia, Republic Of Monaco, Montenegro, New Zealand, Qatar, San Marino, Saudi Arabia, Serbia, South Korea, Switzerland, United Kingdom and the United States.
Zolotissimo is the controller for the data regarding the website visitors and its customers, who are registered users on the website.
This privacy statement covers:
Website visitors of Zolotissimo; and
Customers of Zolotissimo.
Personal data we collect
When you visit the Site, we automatically collect certain information about your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device. This collection of data aims at personalising your experience on the Site, improve customer service and respond to queries and emails of our customers. It is important to highlight that this information will not otherwise be aggregated in such a way that would enable us to identify any particular user of the system.
Additionally, as you browse the Site, we collect information about the individual web pages or products that you view, what websites or search terms referred you to the Site, and information about how you interact with the Site. We refer to this automatically-collected information as “Device Information”.
We collect Device Information using the following technologies:
- “Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier. More information about the cookies we use is available in the Privacy Management app which is accessible by clicking on the icon located in the lower right of website.
- “Log files” track actions occurring on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
- “Web beacons”, “tags”, and “pixels” are electronic files used to record information about how you browse the Site. It is important to highlight that this information will not otherwise be aggregated in such a way that would enable us to identify any particular user of the system.
Additionally when you make a purchase or attempt to make a purchase through the Site, we collect certain information from you, including your name, billing address, shipping address, payment information (including credit card numbers email address, and phone number). We refer to this information as “Order Information”.
HOW DO WE USE YOUR PERSONAL INFORMATION?
We use the Order Information that we collect generally to fulfil any orders placed through the Site (including processing your payment information, arranging for shipping, and providing you with invoices and/or order confirmations). Additionally, we use this Order Information to:
- Communicate with you;
- Screen our orders for potential risk or fraud; and
- When in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services.
We use the Device Information that we collect to help us screen for potential risk and fraud (in particular, your IP address), and more generally to improve and optimize our Site (for example, by generating analytics about how our customers browse and interact with the Site, and to assess the success of our marketing and advertising campaigns). It is important to highlight that this information will not otherwise be aggregated in such a way that would enable us to identify any particular user of the system.
Purpose of processing your personal information
We may process personal information related to you if one of the following applies: i) You have given consent for one or more specific purposes. Please note that under some legislations we may be allowed to process information until you object to such processing (by opting out), without having to rely on consent or any other of the following legal bases below. This however, does not apply, whenever the processing of Personal Information is subject to European data protection law, in particular with REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL OF 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation); (i) Provision of information is necessary for the performance of a contract with you and/or for any pre-contractual obligations thereof or for an agreement concluded in your interest; (ii) Processing is necessary for the purpose of the legitimate interests pursued by us or by a third party; or (iii) Processing is necessary for compliance with a legal obligation to which we are subject to. In any case, we will be happy to clarify the specific legal basis that applies to the specific case of processing your personal data, and in particular whether the provision of personal data that is a statutory or a contractual requirement, or a requirement necessary to enter into a contract. As a consequence, you may contact us at the following address: firstname.lastname@example.org.
SHARING YOUR PERSONAL INFORMATION
We will only share personal information with third parties when it is legally permitted to do so. When we will share personal data with others, this will only be accomplished under contractual arrangements and security mechanisms put in place intended to protect your personal information and to comply with our data protection, confidentiality and security standards.
We share your Personal Information with third parties to help us use your Personal Information, as described above. For example, we use Shopify to power our online store--you can read more about how Shopify uses your Personal Information here: https://www.shopify.com/legal/privacy. We also use Google Analytics to help us understand how our customers use the Site -- you can read more about how Google uses your Personal Information here: https://www.google.com/intl/en/policies/privacy/. You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
Occasionally, we may receive requests from third parties with authority to obtain disclosure of personal information such as to check whether we are complying with applicable laws and regulations, to investigate an alleged crime, to establish, exercise or defend legal claims, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights. We will only fulfil requests for personal data where we are permitted to do so in accordance with the applicable laws or regulation.
As described above, we use your Personal Information to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.
You can opt out of targeted advertising by using the links below:
- Facebook: https://www.facebook.com/settings/?tab=ads
- Google: https://www.google.com/settings/ads/anonymous
Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at: http://optout.aboutads.info/.
DO NOT TRACK
Please note that we do not alter our Site’s data collection and use practices when we see a Do Not Track signal from your browser.
Individuals have certain rights over their personal data and data controllers are responsible to fulfilling these rights. Where Zolotissimo decides how and why personal data is processed, zolotissimo is a controller according to Article 4(7) of the GDPR and include further information about the rights that individuals have and how to exercise it below.
Managing your personal data
When you update information, however, we maintain a copy of the unrevised information in our records for a period of 3 months. Some information may remain in our private records after your deletion of such information from your account. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes and enforce our agreements or contracts. We may use any aggregated data derived from or incorporating your Personal Information after you update or delete it, but not in a manner that would identify you personally. Once the retention period expires, Personal Information shall be deleted. Therefore, the right to access, the right to erasure, the right to rectification and the right to data portability cannot be enforced anymore after the expiration of this retention period.
Right of access
You have the right to obtain from us confirmation as to whether or not personal data concerning you are processed, and, where that is the case, you have the right to request and get access to that personal data in accordance with applicable law. We will aim to respond to any requests for information promptly, and in any event within the legally required time limits (which is currently set for 30 days). You can do this by sending an e-mail to as at: email@example.com.
Right of rectification
You have the right to obtain from us the rectification of inaccurate personal data that was submitted to us and you have the right to provide additional personal data to complete any incomplete personal data. You can do this by sending us an e-mail at: firstname.lastname@example.org.
Right to erasure
In certain cases, you have the right to obtain from us the erasure of personal data. You can do this by sending us an e-mail at: email@example.com.
Right to withdraw your consent
Where we process personal data based on consent, individuals have the right to withdraw consent at any time. We do not always process personal data based on consent (as we can also rely on another legal basis, i.e. contractual relationship between us and the customer. Nevertheless, if processing is based on consent, you can withdraw your consent by sending us an e-mail at: firstname.lastname@example.org.
Right to filing complaints
You have the right to fill complaints with the applicable data protection authority on our processing of your personal information.
If you are a European resident, you have the right to access personal information we hold about you and to ask that your personal information be corrected, updated, or deleted. If you would like to exercise this right, please contact us through the contact information below.
Additionally, if you are a European resident we note that we are processing your information in order to fulfil contracts we might have with you (for example if you make an order through the Site), or otherwise to pursue our legitimate business interests listed above. Additionally, please note that your information will be transferred outside of Europe and the European Economic Area (EEA), including to Canada, United States, China and Hong Kong.
How to exercise your rights?
Any requests to exercise the above-mentioned rights can be directed to us through the contact details provided in this document: email@example.com.
These requests can be exercised free of charge and you will be informed by us as early as possible and always within one month from the date of your request. Nevertheless, where requests from data subjects are manifestly unfounded or excessive, in particular because of their repetitive character, we may either (i) charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested; or (ii) refuse to act on request.
When you place an order through the Site, we will maintain your Order Information for our records as long as it is necessary to fulfil the purposes we collected it for, including for purposes of satisfying any legal, accounting or reporting requirements and obligations that Zolotissimo is subject to.
Zolotissimo takes the security of all data it holds very seriously. Zolotissimo has a framework of policies, procedures and trainings in place covering professional secrecy, data protection, confidentiality, security and regal review of the appropriateness of the measures it has in place to keep the data secure.
We secure information that you provide to us on computer servers in a controlled, secure environment, protected from unauthorised access, use or disclosure. We maintain reasonable administrative, technical, and physical safeguards in an effort to protect against unauthorised access, use, modification and disclosure of Personal Information in its control and custody. However, you must be aware that no data transmission over the Internet or wireless network can be guaranteed. Therefore, while we strive to protect your Personal Information, you acknowledge that (i) there are security and privacy limitations of the Internet which are beyond our control; (ii) the security, integrity and privacy of any and all information and data exchanged between us cannot be guaranteed; and (iii) any such information and data may be viewed or tampered with in transit by a third-party, despite our best efforts.
Zolotissimo recognises that transparency is an ongoing responsibility so this privacy statement will be kept under regular review.
Zolotissimo encourages you to periodically review it in order to stay informed of how Zolotissimo is protecting your information.
The Site is not intended for individuals who are considered a minor in their country. Subject to the national legislation of their country, minors must have their parent or legal guardian’s permission to use our Service .
For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e mail at firstname.lastname@example.org.