LAST UPDATED: 18TH AUGUST 2018
We are EBYAK Limited (“we”, “us”, “our”), and we are committed to protecting your privacy.
EBYAK Limited is the controller for the purposes of the General Data Protection Regulation (the “GDPR”) a company registered in England and Wales (Company No. 09499257), with its registered office located at 3rd Floor, 86-90 Paul Street, London EC2A 4NE, United Kingdom.
2. WHAT INFORMATION DO WE COLLECT, AND HOW?
When you interact with EBYAK Limited, whether by using our Website or communicating with us, we may collect the following information about you:
• The information you give us like: you may give us information about yourself if you sign up for an account on our Website, place an order for products, complete any online forms (such as registration forms, competitions, and surveys), opt in to receive our newsletters and special offers, enter a competition or promotion, participate in social media functions with our Website, or correspond with us (by email, telephone, instant chat, social media or otherwise).
Depending on what you provide, this information can include your name, address or location, phone number and email address, date of birth, gender, purchase information, shopping preferences, images and financial information (including your credit or debit card details, although we do not hold them, our payment processors do).
If you register an account on the Website, then you may choose to give us your photograph and nickname. From your account, you can also invite your friends to shop at our Website (including by email, Facebook, or Twitter). Although we will let them know that we received their details from you, please ensure that you have the permission of your friends before sharing their contact details with us and only forward emails to people you know would be happy to receive them.
• The information we receive from other accounts or sources: we can receive information about you from other sources, such as from your other accounts or other websites, including data brokers, our partner boutiques, social media providers like Facebook and Twitter, advertising networks and analytics partners, and payment and delivery service providers.
By logging in to our mobile applications via Facebook or Twitter, or linking your account on our Website to your Facebook or Twitter accounts, you are giving us permission to obtain certain information and content from these accounts. The specific types of information that we may obtain depends on your settings for that account or website, and will be subject to their privacy policies.
We supplement the data you provide to us with data from data append services such as public or social graph data in order to better serve you with content or promotions. We will append this data to our existing customer account information to better understand customers’ interests and to provide more relevant product recommendations and advertising, to increase our customer’s security when using our Website and to comply with our legal obligations, such as sanctions laws. This information may include household size, household income, or profession. This information can be associated with your personal information such as name, email, address, physical address or phone number.
You can see more details about the third parties we use in section 5.
• Information our IT systems collect about you: each time you visit the Website, certain information will be created and automatically recorded by our IT systems. That information includes:
Device information: Information that is provided by your device will differ depending on which type of device you are using (whether it’s a PC, Mac, iPhone, Android, or otherwise) and the settings on that device, but includes the type of device you have (such as an iPhone 6S or Samsung Galaxy S7), the device’s IP address, the browser you are using, your mobile network provider (for mobile devices), the pages you have visited, your time zone and country location, and crash or download error reports.
3. THIRD PARTY WEBSITES
4. WHAT DO YOU USE MY INFORMATION FOR?
To provide you services and the Website, including to allow you to order and receive products using our Website, administer your account and to optimise your experience we need to use the information that we collect in number of different ways.
We also use the information for marketing and advertising purposes. Where you have told, us you would like to receive marketing communications or when you have made a purchase using our services, we and our partner boutiques will use your personal information (including your name, email address and address) to occasionally send you updates, news, and offers via email, post, or other forms of media. We may use your information (including supplemental information received from partners that we append to our existing customer information as described below), to tailor these messages to you. You may unsubscribe from email marketing communications by following the opt out instructions in the promotional emails we send you.
We also carry out research, analysis, and surveys on your use of our Website, and views. We keep tracking of your overall spend on our Website to see if you can benefit from our exclusive loyalty programs as the VIP Program. Finally, we may need to use your information to confirm your identity and perform credit checks or anti-fraud checks, to ensure your, and our, financial security.
Please note that we do not sell your information without your consent (whether your name, address, emails address, financial information, or otherwise) to any third party.
Please scroll down to find out the detailed purposes for which we collect your information, what specific information is collected and the legal basis for which we purpose that data.
To register and manage your account in our Website, we collect your name, email, password and other additional details you may wish to add in your account, like phone number, addresses and gender. The legal basis is the performance of a Contract with you.
To fulfil the orders you make through our website, we collect your Name, addresses, phone number, Order details, like the products you are buying, the size and price. The legal basis is the performance of a Contract with you.
To collect payment from you we collect your payment information, which comprises the credit/debit card’s number, holder’s name and CVV we do not store them and only transfer them to our authorized payment providers. The legal basis is the performance of a Contract with you.
To provide you with our customer services (including helping you to solve any issue you have with our services, updating you about any change to our terms of service, or contacting you to know how was your experience with us) we collect your name, email, password and addresses and your contact history with us (including phone records of our conversations. The legal basis is the performance of a Contract with you and our legitimate interests in retaining you as a customer.
To monitor the quality of our customer services, we collect your name, email, password and addresses and your contact history with us. The legal basis is the legitimate interests in running our business.
To administer, maintain and optimise our Website and our services, we collect your device information (such as your device IP address and device type), Cookie identifiers and browsing information. The legal basis is the legitimate interests in running our business.
To perform fraud and credit checks and if we can do business with you, we collect your name; email; addresses; credit/debit card details; browsing history; purchase history; date of birth; gender; device information (such as IP address and device type), any national identifiers (like driver’s license or ID cards) and any publicly available information (like social media profiles or news). The legal basis is the legitimate interests to protect EBYAK and its customers from fraudulent activities and compliance with a legal obligation.
To send you marketing communications and personalised offers, we collect your Name; Email; Phone Number; Addresses; Date of Birth; Purchase history; Browsing history and behaviour; Device information; Shopping preferences; Cookie identifiers; Internal identifiers; Country. The legal basis is the legitimate interests to electronic direct marketing of similar products and services to that which you have acquired using our Website or, when such is not applicable, your Consent.
To manage our loyalty programmes, we collect your Name; Email; Phone Number; Addresses; Date of Birth; Purchase history; Browsing history and behaviour; Device Information; Shopping preferences; Nickname; Cookie identifiers; Internal identifiers; Country; Spent tier level and Wealth. The legal basis is our legitimate interests in running our business and improve the shopping experience.
Analysis of your behaviour and purchases in our Website, we collect your Name Email; Phone Number; Addresses; Date of Birth; Purchase history; Browsing history and behaviour; Device Information; Shopping preferences; Nickname; Cookie identifiers; Internal identifiers; Country; Spent tier level and Wealth. The legal basis is our legitimate interests in running our business and improve our Website and your experience.
Carry on research, analysis, enquiries and surveys on your use of our website, we collect your Name; Addresses; Email; Device information, legal basis is our legitimate interests in running our business and improve our Website and your experience.
Advertising and retarget advertising, we collect your email, cookie identifiers and device information. The legal basis is our legitimate interests in running our business.
5. WHO DO YOU SHARE MY INFORMATION WITH?
To provide the Website and our services, we work with several carefully selected third parties. To do this, we may share your information with these third parties in the following limited circumstances:
• Our partner boutiques from whom you may purchase products from: We rely on carefully selected partners that supply the products that you see in our Website.
• Third party service providers for business purposes: to function properly, we rely on several carefully selected third parties to provide us with our products, services and products. We permit these companies to use your personal information only to the extent necessary to provide us with their services and products. Below you can find the types of third parties we use:
Courier companies, such as Royal Mail, DHL and UPS, that we use in order to deliver the products to you and, as such, they need to have access to your order information, including your name and address. These providers have a global outreach, with many local companies that can be engaged depending on your shipping address. Our our printing studio companies like Fifth column, Twofifteen, Contrado, Inkthreadable and 3rd Rail that we use in order to print and deliver the products to you and, as such, they need to have access to your order information, including your name and address.
Payment providers that we use to process your payment information like PayPal (including your credit/debit card details) so that we can collect payment from you. These are based in the European Union, United States and China and are engaged depending on your location;
Anti-fraud and credit check providers to keep us and you secure. They have access to and process your information and associated orders to check for any fraudulent behaviour.
Analytics and search engine providers, like Google, that we use to assist us in the improvement and optimisation of the website. These providers are based in the United States and in Europe.
Marketing Tools providers that help us to enable our marketing and referral programs, such like Mail Chimp and LeadDyno. These providers are based in the United States.
Performance Marketing Providers that help us deliver advertising of EBYAK tailored to your interests and needs. These providers are based in Europe (mostly in the UK) and in the United States
Research companies that we can engage to help us carry out surveys regarding your use of our Website and Services. These providers are mostly based in Europe (mostly in the UK) or in the United States.
IT/technology providers that we use to support, maintain and provide our technology and IT infrastructure that supports our Website and the storage of your information. This includes G-Suite that we use to host your information and that it is based in United States.
• Advertisers for marketing purposes: we can provide your information to our advertising and social media partners (including Facebook and Twitter, where you choose) where they require the data to select and serve relevant adverts about our products and services to you and others;
• Third party service providers to enrich data: We may also enrich, match or combine information we hold about you with data from other sources, for instance by sharing some of your personal data with selected business partners. These partners are based in the United States. We do this to better understand your customer profile and interests so that we can deliver customised offers and other personalised services;
• Third parties where we are considering a corporate transaction: the EBYAK Limited is always looking for fresh new opportunities and directions in which to grow. This means sometimes we may consider corporate transactions such as merger, acquisitions, reorganisations, asset sale, or similar. In these instances, we may transfer your information to enable the assessment and undertaking of that transaction. If we buy or sell any business or assets, your personal information may be one of the assets that are transferred;
• To comply with legal requests: on occasion we may be required to liaise with various regulators and law enforcement agencies in a number of different countries, whether as a result of law, a court order, or another legal process. Although we dispute requests wherever suitable, in some cases we may have to share your information with the regulators or law enforcement agencies. Where we consider it appropriate, and provided we are not prohibited from doing so by law or court order, we will attempt to notify you of these legal demands; and
• Aggregated information with third parties: we may aggregate your information with the information of other customers, creating a dataset of information about the usage of our Website, purchase of products, and other general, grouped information about our customers on the basis of our legitimate interest to understand the usage of our service and demand for our product. Although this dataset is aggregated and anonymised, meaning it cannot identify you as an individual, it provides a valuable insight into the use of our Website and we may therefore share it with select third parties. These parties may include providers of plugins or similar technologies to help measure traffic, our partner boutiques and other providers to allow them to better stock products, and our investors. Please note that we do not share your information with any third-party advertisers or networks for the provision of third party advertising on our Website.
6. TRANSFERS OF YOUR PERSONAL DATA
To provide our Website and our services, in accordance with the purposes set out above, we may transfer and store the personal information that we collect from you to a destination outside of the European Economic Area (“EEA”), mostly to the United States, either to one of our Group Companies, to one of our partner boutiques or to one of the third parties with which we work with, as stated below:
•When transferring personal information to one of our Group Companies outside the EEA, which may be the USA, Brazil, Russia, Japan, or China, we rely on the Commission’s model contracts for the transfer of personal data to third countries (i.e. the standard contractual clauses) pursuant to Decision 2010/87/EU;
•We transfer the personal information to one of our partner boutiques outside the EEA, to the extent such transfer is needed to fulfil the contract between you and the boutique which you are ordering the products from. You can click here to see our partner boutiques and the respective countries.
•When transferring personal information to one of our third party services’ providers set out above, we rely on different adequacy measures, as set out below:
Adequacy Decision: We transfer the personal data that we collect from you to conduct fraud checks to Israel, which was found to have an adequate level of protection for personal data under Commission Decision 2011/61/EU of 31 January 2011.
Privacy Shield: Some of our third party providers based in the US, where we transfer your information to, comply with the US Department of Commerce’s EU-US Privacy Shield and have certified that adhere to the EU-US Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. For more information about the EU-US Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield website.
Model Clauses: We rely in the Commission’s model contracts for the transfer of personal data to third countries (i.e. the standard contractual clauses) pursuant to Decision 2010/87/EU when transferring your information to our US service providers who do not adhere to the US Department of Commerce’s EU-US Privacy Shield.
We use technology such as “cookies” to collect information and store your online preferences. Cookies are small pieces of information sent by a web server to a web browser, which allows the server to uniquely identify the browser on each page.
We use the following categories of cookies on our Website:
CATEGORY 1: STRICTLY NECESSARY COOKIES These cookies are essential in order to enable you to move around the website and use its features. Without these cookies, services you have asked for such as remembering your login details or shopping basket items cannot be provided.
CATEGORY 2: PERFORMANCE COOKIES These cookies collect anonymous information on how you use our Website. For example, we use Google Analytics cookies to help us understand how customers arrive at our site, browse or use our site and highlight areas where we can improve areas such as navigation, shopping experience and marketing campaigns. The data stored by these cookies does not show personal details from which your individual identity can be established. You may opt in to these cookies using your browser settings but it may affect the performance of our Website.
CATEGORY 3: FUNCTIONALITY COOKIES These cookies remember choices you make such as the country you visit our website from, language and search parameters such as size, colour or product line. These can then be used to provide you with an experience more appropriate to your selections and to make the visits more tailored and pleasant. The information these cookies collect may be anonymised and they cannot track your browsing activity on other websites. You may opt in to these cookies using your browser settings but it may affect the functionality of our Website.
CATEGORY 4: TARGETING COOKIES OR ADVERTISING COOKIES These cookies collect information about your browsing habits in order to make advertising more relevant to you and your interests. They are also used to limit the number of times you see an advert as well as help measure the effectiveness of an advertising campaign. The cookies are usually placed by third party advertising networks. They remember the websites you visit and that information is shared with other parties such as advertisers. For example, we use third party companies to provide you with more personalised adverts when visiting other websites. You may opt-in to these cookies using your browser settings.
CATEGORY 5: SOCIAL MEDIA COOKIES These cookies allow you to share what you’ve been doing on the website on social media such as Facebook and Twitter. Please refer to the respective privacy policies for how their cookies work.
If you want to delete any cookies that are already on your computer, please refer to the help and support area on your Internet browser for instructions on how to locate the file or directory that stores cookies. Information on deleting or controlling cookies is available at www.AboutCookies.org. Please note that by deleting our cookies or disabling future cookies you may not be able to access certain areas or features of our Website.
You can withdraw your consent to these cookies at any time through the following options:
• Google Analytics cookies across all websites, please visit Google Analytics Opt-out Browser Add-on;
• Other third party cookies relating to behavioural advertising, please go to www.youronlinechoices.eu.
• Any other type of cookies, you can clean the cookies through your browser settings.
Please note that refusing cookies does not mean you will no longer receive online advertising. It does mean that the company or companies from which you opted out will no longer deliver adverts tailored to your web preferences and usage patterns, so you may see a greater number of adverts that are irrelevant to you and your preferences.
Keeping you and your personal information secure is very important to us. We take a number of reasonable steps to try to protect the personal information that you provide, including:
• Using a Transport Layer Secure (TLS) to encrypt the personal data that you send us during the order process (including any financial information such as credit or debit card details);
• Requiring you to establish a unique username and password to access your account on our Website;
• Not keeping details of your credit or debit card that would enable any third party to transact using that credit or debit card (such as your CVV number); and
• regularly monitoring our servers and IT systems for possible vulnerabilities and attacks. Unfortunately, despite this, the transmission of information via the Internet is not completely secure. We cannot guarantee the security of your personal data transmitted to or through our Website, and any such transmission is at your own risk. In particular, please keep in mind that if you voluntarily disclose personal information through other means of communication than the Website in a non-protected environment (such as through email, sms, online messages) then that information can be collected and used by others outside of our or your control.
9. HOW LONG WILL YOU USE MY INFORMATION FOR?
We retain the data you provide to us for as long as you have your account with us and thereafter for such period as you may have questions or a claim in relation to our services, notwithstanding any superior retention period that we may be obliged to observe in accordance with legal requirements applicable to us.
In some circumstances you can ask us to delete your data as set out below.
After you have terminated your use of our services, we may store your information in an aggregated and anonymised format.
10. WHAT ARE MY PRIVACY RIGHTS?
You have certain rights in relation to the personal data we hold about you, which we detail below. Some of these only apply in certain circumstances as set out in more detail below. We also set out how to exercise those rights. Please note that we will require you to verify your identity before responding to any requests to exercise your rights and that can include asking a set of security questions to ensure it is you. When you have appointed someone else to do the request on your behalf, that person and/or organization needs to show a valid power of attorney issued by you. We must respond to a request by you to exercise those rights without undue delay and at least within one month (although this may be extended by a further two months in certain circumstances). To exercise any of your rights, please contact us at firstname.lastname@example.org or by writing to Data Protection Officer, at 3rd floor, 86 – 90 Paul St, London EC2A 4NE
• Access. You have the right to know whether we process personal data about you, and if we do, to access data we hold about you and certain information about how we use it and who we share it with (including the categories of personal data we share with businesses for their direct marketing uses and the names and addresses of those businesses). Please note that in “My Account” dashboards, you can see information about you, namely your account details (such as name, email, phone number, date of birth), the addresses you use for billing and shipping, your order history and shopping preferences.
You can also request a copy of your information. If you require more than one copy of the data we hold about you, we may charge a reasonable administration fee.
We may not provide you with certain personal data if providing it would interfere with another’s rights (e.g. where providing the personal data we hold about you would reveal information about another person) or where another exemption applies.
• Portability. You have the right to receive a subset of the personal data we collect from you in a structured, commonly used and machine-readable format and a right to request that we transfer such personal data to another party. The relevant subset of personal data is data that you provide us with your consent or for the purposes of performing our contract with you.
If you wish for us to transfer the personal data to another party, please ensure you detail that party and note that we can only do so where it is technically feasible. We are not responsible for the security of the personal data or its processing once received by the third party. We also may not provide you with certain data if providing it would interfere with another’s rights (e.g. where providing the personal data we hold about you would reveal information about another person or our trade secrets or intellectual property).
• Correction. You have the right to correct any personal data held about you that is inaccurate. You can edit your personal information in “My Account” settings. You can also request the correction by emailing us. Please note that in some cases we can ask you to explain in detail why you believe the personal data we hold about you to be inaccurate or incomplete so that we can assess whether a correction is required. Please note that whilst we assess whether the personal data we hold about you is inaccurate or incomplete, you may exercise your right to restrict our processing of the applicable data as described below.
• Erasure. You may request that we erase the personal data we hold about you in the certain circumstances. Please [click here/scroll below ]down to know what those are:
you believe that it is no longer necessary for us to hold the personal data we hold about you;
we are processing the personal data we hold about you on the basis of your consent, and you wish to withdraw your consent and there is no other ground under which we can process the personal data;
we are processing the personal data we hold about you on the basis of our legitimate interest and you object to such processing. Please provide us with detail as to your reasoning so that we can assess whether there is an overriding interest for us to retain such personal data;
you no longer wish us to use the personal data we hold about you in order to send you promotions and special offers;
you believe the personal data we hold about you is being unlawfully processed by us.
Also note that you may exercise your right to restrict our processing the data whilst we consider your request as described below.
Please provide as much detail as possible on your reasons for the request to assist us in determining whether you have a valid basis for erasure. Please note, however, that we may retain the personal data if there are valid grounds under law for us to do so (e.g., for the defence of legal claims or freedom of expression) but we will let you know if that is the case.
Where you have requested that we erase data that we have made public and there are grounds for erasure, we will use reasonable steps try to tell others that are displaying the data or providing links to the data to erase the data too.
• Restriction of Processing to Storage Only. You have a right to require us to stop processing the personal data we hold about you other than for storage purposes in certain circumstances. Please note, however, that if we stop processing the personal data, we may use it again if there are valid grounds under data protection law for us to do so (e.g. for the defence of legal claims or for another’s protection).
Please scroll down to know the cases where you may request we stop processing and just store the personal data we hold about you.
you believe the personal data is not accurate for the period it takes for us to verify your claim;
we wish to erase the personal data as the processing we are doing is unlawful but you want us to retain the personal data for storage but not further process it;
we wish to erase the personal data as it is no longer necessary for our purposes but you require it to be stored for the establishment, exercise or defence of legal claims; or
you have objected to us processing personal data we hold about you on the basis of our legitimate interest and you wish us to stop processing the personal data whilst we determine whether there is an overriding interest in us retaining such personal data.
You also have the right to object to our processing of data about you and we will consider your request in other circumstances as detailed below: o we are processing the data we hold about you (including where the processing is profiling) on the basis of our or a third party’s legitimate interest and you object to such processing. Please provide us with detail as to your reasoning so that we can assess whether there is a compelling overriding interest in us continuing to process such data or we need to process it in relation to legal claims. Also note that you may exercise your right to request that we stop processing the data whilst we make the assessment on an overriding interest;
• Withdrawal of Consent You can withdraw your consent at any time by changing your marketing preferences in “My Account” or by unsubscribing at the bottom of each email received or by writing emailing us as set out below.
• by emailing us at email@example.com; or • by writing to the Data Protection Officer, at 3rd floor, 86 – 90 Paul St, London EC2A 4NE
This is without prejudice to your right to launch a claim with the Information Commissioner’s Office (www.ico.org.uk) or the data protection supervisory authority in the EU country in which you live or work where you think we have infringed data protection laws.”
12. UPDATES TO THIS POLICY