Privacy Policy of Ecoeri Limited

This is the privacy policy for Ecoeri Limited (“Ecoeri”, “we”, “our” or “us”), which operates the website www.ecoeri.com (the “Website”).

This privacy policy governs how Ecoeri Limited collects, uses, maintains and discloses information collected from users (each, a “User” or “you”) of the www.ecoeri.com website, Ecoeri’s mobile version of its online website and Ecoeri’s mobile apps (together, the “Sites”).

We are committed to protecting your information and respecting your privacy. By using our Sites, you accept that this privacy and cookies policy applies to you under our Terms & Conditions and consent to our use of cookies. Please read it carefully.

How to contact us.

You can contact us directly with any privacy-related queries or complaints at: support@ecoeri.com.

If we change our privacy and cookies policy, we will post any changes on this page and, where appropriate, notify you by e-mail. Please check back frequently to see any updates or changes to our privacy and cookies policy.

What personal data do we process, for what purposes and on what grounds?

Any information related to a person that can be used to identify them is personal data.

Ecoeri collects personal data from you when you place an order for our products, contact our customer service, subscribe to our mailing list, participate in a contest or promotion, respond to a survey or otherwise fill out a form on the Sites.

Ecoeri may process the following personal data: name, gender, email address, billing address, shipping address, postal code, country, phone number, language preference, payment details, details of purchases, details on returned goods, correspondence exchanged between you and our customer service team, your feedback in surveys and product and customer service reviews and your sport interest.

We use your data for purposes of creating your account, fulfilling your orders and addressing customer service queries in order to fulfil our contractual relationship with you. We use an automated fraud engine when processing your order to determine if your order can be accepted.

All the Personal Data we collect, both from you and from third parties about you, is outlined below.

Category of Personal Data collected

What this means

Identity Data

Your full name, your signature (when you sign for an order or to confirm collection of a return)

Contact Data

Your home address, shipping address, billing address, email address and telephone numbers.

Financial Data

Your bank account and payment card details, including your bank account number, sort code, IBAN, BIC, and bank address. Payment card details will be collected directly by our Payment Processor and we won’t receive them. However, in certain limited cases, we may receive bank account details in the context of administering refunds.

Social Media Data

The profile picture, email address and first and last name associated with your social media profile.

Marketing and Communications Data

Your preferences concerning receiving marketing from us and your communication preferences.

Behavioural Data

Inferred or assumed information relating to your behaviour and interests, based on your online activity. This is typically aggregated and grouped into “segments” (e.g., there may be a segment for men, living in London and aged under 25, who like sports).

Technical Data

Internet protocol (IP) address, data about log-ins (e.g., the time when a log-in occurs), browser type and version, time zone setting and city-level location (inferred from your IP address), browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website or use our services.

No Special Categories of Personal Data

We do not collect any “Special Categories of Personal Data” about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

We have set out below, in a table format, the legal bases we rely on in respect of the relevant Purposes for which we use your Personal Data.

Processing Purpose

Why do we do this

Our legal basis for this use of data

To provide the Services

This processing is necessary to perform the contract governing our provision of the Trouva services. This includes:

* Managing orders and returns (including processing payments and refunds through our payment processor).

* Passing your information to Boutiques for them to process your order.

* Providing customer support.

*Setting up and managing your account on the Site.

*Providing any other elements of the Ecoeri services to you.

Contractual Necessity.

Legitimate interests (where you make an order for someone else) – we have a legitimate interest in processing the Personal Data of the recipient of your order for the purposes of performing the agreement we made with you.

Saying sorry

If something goes wrong with an order or a product is out of stock, we may want to use one of our partners to send you a cookie to say ‘sorry’.

Legitimate Interests.

We have a legitimate interest in trying to maintain a good relationship with you in the event that something goes wrong with your order.

Insights

We record a small percentage of Users’ sessions on the Site to identify issues with the user journeys to ensure the quality of service.

Legitimate Interests.

It is in our legitimate interests that we are able to monitor certain user journeys to ensure that we can develop and improve the features and functionalities of our Site.

Aggregated Data creation

We may also create, use and share “Aggregated Data” (such as statistical or demographic data) for any purpose. Aggregated Data may be derived from your Personal Data, but once in aggregated form it will not constitute Personal Data for the purposes of the GDPR as this data does not directly or indirectly reveal your identity. For example, we may aggregate Technical Data and Behavioural Data to calculate the percentage of users accessing a specific Site feature. However, if we combine or connect Aggregated Data with your Personal Data so that it can directly or indirectly identify you, we treat the combined data as Personal Data that will be used in accordance with this Privacy Policy.

Legitimate Interests.

We have a legitimate interests in creating Aggregated Data to use and share for our own business purposes.

Compliance, fraud prevention and safety

We use your Personal Data as we believe necessary or appropriate to:

* Enforce the terms and conditions that govern the use of the Trouva platform;

* Protect our rights, privacy, safety or property, and/or that of you or others;

*Protect, investigate and deter against fraudulent, harmful, unauthorised, unethical or illegal activity

Compliance with Law – this will be the case where we have to carry out any of these processing activities in order to comply with a legal or regulatory obligation.

Legitimate Interests – it is in our legitimate interests to be able to take appropriate steps to ensure that our services are legally compliant, free of fraud and safe for you, us and our Boutiques to use.

Trouble shooting

To track technical issues that might be occurring on our Site or relating to our services.

Legitimate Interests.

It is in our legitimate interests that we are able to monitor and ensure the proper operation of our Site and associated systems and services.

Security

To keep our Site, together with associated services and systems, operational and secure.

Legitimate Interests.

We have a legitimate interest in ensuring the ongoing security and proper operation of our Site, together with associated IT services and networks. This may include ensuring that we are protected from automated spamming, crawling, scraping, denial-of-service attacks and similar operations.

Marketing

We use this information to prepare and send you marketing communications relating to products and boutiques that we think you might be interested in.

Legitimate Interests.

We have a legitimate interest in providing you with updates on our Site and related offers where you have purchased or shown interest in similar services from us

Personal Data from Third Party Sources

In addition to the Personal Data that we collect directly from you (as described in the section immediately above this one), we also collect certain of your Personal Data from third party sources. These sources are broken down in the table below, together with a description of whether they are publicly available or not.

Third party data source

Publicly available?

Category(ies) or other types of personal data received

Social Media sites

Yes

Social Media Data

Analytics Providers

No

Behavioural Data and Technical Data

Advertising technology providers

No

Behavioural Data and Technical Data

Who we share your Personal Data with.

The table below describes who we share your Personal Data with, what we share and why we share it.

We may share your Personal Data with other Controllers (i.e., people who can use the relevant data for their own purposes), as well as Processors (i.e., people who use the relevant data only on our behalf and under our instruction).

Recipients

Why we share it

Boutiques (as our Processors)

So that they can fulfil your order, we need to give your delivery information to boutiques whose products you purchase.

Advertising technology providers (as independent Controllers)

Advertising technology and analytics providers collect this Personal Data via this Site so that they can make sure that you see the most relevant content based on how you browse the Site and other pages on the internet.

Our payment processors (as independent Controllers)

We engage third parties to process your payments for products purchased via the Site.

Our delivery management platforms (as our Processors)

These third parties prepare the labelling and packaging information that we get our boutiques to use to send you your orders

Our other Service Providers (as our Processor)

We engage certain other third parties to provide elements of the Trouva services or to improve your experience on the Site. Here are a few examples of the types of things these third parties might be engaged to help us with:

* Providing customer support services.

* Helping confirm your delivery address.

* Helping us send out marketing messages.

Our Hosting Provider (as our Processor)

We outsource the hosting of the Site. This means that all categories of Personal Data that we process will be held and stored on the servers of our hosted service provider

HM Revenue & Customs, regulators and other authorities (as independent Controllers)

Authorities may require reporting of processing activities in certain circumstances.

Partners in corporate transactions (as independent Controllers)

We may disclose Personal Data to third parties to whom we may choose to sell, transfer, or merge all or any parts of our business or our assets. If we undergo a change like this to our business, then the new owners may use your Personal Data in the same way as set out in this Privacy Policy.

Data transfers

We share your Personal Data with certain external third parties who are based outside the European Economic Area (“Europe”). Any processing of your Personal Data by these parties will involve an export of your Personal Data outside of Europe.

We endeavour to ensure that people to whom we provide Personal Data hold it subject to appropriate safeguards and controls. Whenever we transfer your Personal Data out of Europe, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • We may transfer your Personal Data to countries that have been deemed to provide an adequate level of protection for Personal Data by the European Commission. For further details, see European Commission: Adequacy of the protection of Personal Data in non-EU countries.
  • Where we use service providers outside Europe, we may use specific contracts approved by the European Commission, which give Personal Data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of Personal Data to third countries.
  • Where we use service providers based in the U.S., we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to Personal Data shared between Europe and the U.S. For further details, see European Commission: EU-U.S. Privacy Shield.

Our policy on children.

This Site is not intended for children below 16 and we do not knowingly collect data relating to such children.

Storage period of personal data & where we store it

We will retain your personal data for as long as you maintain an account or as otherwise necessary to provide you with our services. We will also retain your personal data as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. Where we no longer need to process your personal data for the purposes set out in this policy, we will delete your personal data from our systems. Where permissible, we will also delete your personal data upon your request; information on how to make a deletion request can be found in the section “Your rights and withdrawal of permission” below.

The personal data we collect is processed at our trading address and in any other places where the parties involved with the processing are located. As part of the services offered to you through our website, the data that we collect from you may be transferred to and stored in countries outside the European Economic Area (the “EEA”). It may also be processed by staff who work outside the EEA who work for us or one of our suppliers, for example in processing your payment details, fulfilling your order, and providing administration and support services.

By submitting your personal data, you agree to this transfer, storing or processing by us. If we transfer or store your information outside the EEA in this way, we will take steps to ensure that your privacy rights continue to be protected as outlined in this privacy and cookies policy.

Links to other websites

We may show links on our website to the websites of other businesses. This privacy and cookies policy applies only to our website and not to any other websites. Each third party website may have privacy policies different from this privacy and cookies policy and you should comply with these policies. If you visit other websites, we are not responsible for the privacy practices or content of those sites.

The security of your data

We take your privacy seriously and have implemented this privacy and cookies policy to help keep your personal and financial information secure. We have physical, electronic, and managerial procedures to safeguard and secure the information we collect. To protect your financial information, we use SSL technology to encrypt all payment transactions. Unfortunately, no data transmission is guaranteed to be 100% secure and we therefore cannot guarantee the security of information you transmit to or from our website or through the use of our services, and you provide this information at your own risk.

Ecoeri Limited cannot be held liable for theft, loss or unauthorised access, interception or damage to your data. You acknowledge that you understand these risks. Where we have given you a password, you are responsible for keeping such a password confidential. We ask that you do not share any password with anyone. If you believe your privacy has been breached, please contact us immediately on support@ecoeri.com.

Opting Out

You have the right to opt-out of the use of your personal data by Ecoeri for our mailing list or other direct marketing purposes at any time. You may do so by either clicking the unsubscribe option at the bottom of each email or by making a request to us through our email address support@ecoeri.com

You also have the right to request an overview of your personal data processed by Ecoeri, object to or restrict its processing, and request removal or correction if your data appears incorrect or irrelevant, by making a request to us by emailing us at support@ecoeri.com. Please note that if you request the removal of or restrict the processing of some or all of your personal data, we may not be in able to meet our contractual obligations with you or respond adequately to your customer service queries.

In addition, you have the statutory right to complain to a competent data protection authority.

You may choose not to provide us with personal data and you may turn off cookies in your browser by changing its settings. If you make these decisions, you may continue to use the website and browse its pages. However, we may not be able to process transactions without personal data. You can ask us not to use your data for marketing. You can do this by ticking the relevant boxes on our forms, or by contacting us at any time at support@ecoeri.com.

Last Updated on 19th June, 2018

Please also read our Cookie Policy and Terms & Conditions.