We use online advertising to keep you aware of what we’re up to and to help you find our products. Like many companies, we may target Vivaisapienza banners and ads to you when you use other websites and apps, based on your Contact, Technical, Usage and Profile Data. We do this using a variety of digital marketing networks and ad exchanges, and a range of advertising technologies such as web beacons, pixels, ad tags, cookies, and mobile identifiers, as well as specific services offered by some sites and social networks, such as Facebook’s Custom Audience Service.
OUR USE OF ANALYSIS & TARGETING TOOLS
We use a range of analytics and targeted advertising tools to display relevant website content on our website and online advertisements on other websites and apps (as described above) to you, deliver relevant content to you in marketing communications (where applicable), and to measure the effectiveness of the advertising provided. For example, we use tools such as Google Analytics to analyse Google's interest-based advertising data and/or third-party audience data (such as age, marital status, life event, gender and interests) to target and improve our marketing campaigns, marketing strategies and website content. We may also use tools provided by other third parties, such as Facebook, Adroll, Rakuten Marketing, Dash Hudson, Responsys, Criteo and Bing to perform similar tasks, using your Contact, Technical, Usage and Profile Data.
The Digital Advertising Alliance (which includes companies such as Google, Responsys and Facebook) provides a tool called WebChoices that can perform a quick scan of your computer or mobile devices, find out which participating companies have enabled customised ads for your browser, and adjust your browser preferences accordingly.
If you would like any further information about the data collected by these third parties or the way in which the data is used, please contact us.
LINKS TO OTHER WEBSITES & THIRD PARTIES
Our website may include links to and from the websites of our partner networks, advertisers and affiliates, or to social media platforms. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to their websites.
HOW WE SHARE YOUR DATA
We may disclose and share your personal data with the parties set out below:
• where you have consented for us to do so. For example, if you have consented to receive marketing materials from third parties, or in respect of third parties’ (including co-branded or jointly promoted) products and services, we may pass your data on to the relevant third parties for the purpose of sending you such marketing communications;
• to other companies within the boohoo Group which carry out order fulfilment and provide HR, financial, IT, facilities, customer service, legal, travel and health and safety support functions.
• to business partners, suppliers, sub-contractors and other third parties that we use in connection with the running of our business for the purposes set out in the table above in the section ‘How we use your data’, such as:
- third party service providers that we engage to provide IT systems and software, and to host our website;
- third party service providers that we engage to deliver goods you have ordered and to manage any returns;
- third party service providers that we engage to send emails and postal mail on our behalf including in relation to incomplete orders or abandoned baskets, or marketing communications, to provide data cleansing services and to provide marketing and advertising services;
- third party service providers that we engage to deliver and process your e-gift card orders and e-gift card payment (including Jigsaw Business Solutions Ltd and Stripe Payments UK Ltd)
- analytics and search engine providers that assist us in the improvement and optimisation of our website;
- affiliate networks through whom you have accessed our website;
• to any third party to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
• to protect our customers, other companies within the boohoo Group and website from fraud and theft, we may share your personal data with Ravelin and/or Risk Guardian and/or other fraud prevention and analysis service providers, in order to carry out fraud prevention checks on our behalf. If personal data is provided to Ravelin, Ravelin will also use this personal data to improve its service and machine learning to improve its automated processing. A copy of Ravelin's privacy notice can be found at: https://www.ravelin.com/privacy-policy-new which explains how Ravelin will use your personal data for these purposes; and we may further share personal data that is required to make identity checks and personal data that we obtain from making identity checks (including data relating to your age, name and location), together with account information, with other companies within the boohoo group and with third party organisations (including law enforcement agencies), involved in fraud prevention and detection and credit risk reduction. Please note that other companies within the boohoo group and these third parties may retain a record of the information that we provide to them for this purpose;
• if we are under a duty to disclose or share your personal data in order to comply with any legal obligation; or
• to our professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
YOUR DATA & COUNTRIES OUTSIDE OF EUROPE
The personal data we collect from you may be transferred to, and stored at, destinations outside the European Economic Area ("EEA") using legally-provided mechanisms to lawfully transfer data across borders. It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff may be engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services. We will take all steps necessary to ensure that your data is treated securely and in accordance with this privacy notice.
Whenever we transfer personal data outside the EEA, we will ensure a similar degree of protection is afforded to it by ensuring appropriate safeguards, as required by law, are in place. This may include using specific contractual clauses approved by the European Commission which give personal data the same protection as it has in Europe. More information about these is available here: http://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX:32010D0087
Please contact us if you want further information on the countries to which we may transfer personal data and the specific mechanism used by us when transferring your personal data outside the EEA.
You have several rights under the data privacy legislation. This includes, under certain circumstances, the right to:
• request access to your personal data
• request correction of your personal data
• request erasure of your personal data
• request restriction of processing of your personal data
• request the transfer of your personal data
• object to processing of your personal data
• request human intervention for automated decision making
Brief details of each of these rights are set out below. If you wish to exercise any of these rights, please email us at DPO@nastygal.com.
REQUEST ACCESS TO YOUR PERSONAL DATA
You have the right to obtain a copy of the personal data we hold about you and certain information relating to our processing of your personal data.
REQUEST CORRECTION TO YOUR PERSONAL DATA
You are entitled to have your personal data corrected if it is inaccurate or incomplete. You can update your personal data at any time by logging into your account and updating your details directly, or by emailing us at DPO@nastygal.com.
REQUEST ERASURE OF YOUR PERSONAL DATA
This enables you to request that Nasty Gal delete your personal data, where there is no good reason for us continuing to process it. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
REQUEST RESTRICTION OF PROCESSING YOUR PERSONAL DATA
You have a right to ask Nasty Gal to suspend the processing of your personal data in certain scenarios, for example if you want us to establish the accuracy of the data, or you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it. Where processing is restricted, we are allowed to retain sufficient information about you to ensure that the restriction is respected in future.
REQUEST THE TRANSFER OF YOUR PERSONAL DATA
You have the right to obtain a digital copy of your personal data or request the transfer of your personal data to another company. Please note though that this right only applies to automated data which you initially provided consent for us to use or where we used the data to perform a contract with you.
OBJECT TO PROCESSING OF YOUR PERSONAL DATA
You have the right to object to the processing of your personal data where we believe we have a legitimate interest in processing it (as explained above). You also have the right to object to our processing of your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your data which override your rights and freedoms.
REQUEST HUMAN INTERVENTION FOR AUTOMATED DECISION MAKING & PROFILING
You have the right to request human intervention where we are carrying out automated decision making when processing your personal. This form of processing is permitted where it is necessary as part of our contract with you, providing that appropriate safeguards are in place or your explicit consent has been obtained.
We will try to respond to all legitimate requests within one month. Occasionally, it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated. We may need to request specific information from you to help us confirm your identity and ensure your right to exercise any of the above rights. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
RIGHT TO LODGE A COMPLAINT
If you have any concerns or complaints regarding the way in which we process your data, please email us directly at DPO@vivaisapienza.com. You also have the right to make a complaint to the ICO (the data protection regulator in the UK). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please do contact us in the first instance.
CHANGES TO THE PRIVACY NOTICE
From time to time we may change this privacy notice. If there are any significant changes we will post updates on our website, applications or let you know by email.
HOW TO CONTACT US
We welcome feedback and are happy to answer any questions you may have about your data.
Please send any questions, comments or requests for more information to our nominated representative and Data Protection Officer Keri Devine, who can be contacted at DPO@vivaisapienza.com.
This privacy notice was last updated on 21st September 2021 (NG UK and Europe Version 1.13)
Registered Company Number: 10487954,
UK VAT Number: 185 4874 61.