PRIVACY POLICY
Data privacy is of high importance for Something else and we are committed to protecting and respecting your privacy. We want to be open and transparent how personal data you provide to us will be processed. This policy provides key information about how we have set up appropriate physical, electronic and management procedures in order to protect data we collect. However, due to the inherently open nature of the Internet, we can not guarantee that the communication between you and us or the data stored on the website or on our servers will be completely safe from unauthorized third party access. Therefore, we have rules that determine how your personal data will be processed and protected during and after your visit to this website (site) and our stores.
Who is the controller of your personal data?
As the data processing controller, we process your personal data you submit to us according to the principles and provisions of the EU General Data Protection Regulation 679/2016 (GDPR).
Responsible data processing controller:
Something Else, vl. Nataša Džaleta
Lavoslava Ružičke 50, 10000 Zagreb, Croatia
MB: 98277146
E-mail: info@somethingelseapparel.com
Where do we store your personal data?
The personal data we collect are stored within the European Union (EU) and the European Economic Area (EEA), except Switzerland. The personal data can also be processed and transferred to recipients in third countries, especially the United States of America (US). Any such transfer of personal data shall be carried out in compliance with applicable legal regulations. For third-country transfers, we use Standard Contractual Clauses, appropriateness of decisions, appropriate protective measures, while each US transfer is covered by the Privacy Shield between the European Union and the United States, thus ensuring adequate personal data protection.
Who can access your personal data?
We never transfer, sell or change your personal data for marketing purposes to third parties outside Something Else, vl. Nataša Džaleta. Personal data that is forwarded to third parties is only used to provide you with our services. You will find categories of third parties under every specific procedure explained further below.
What is the legal ground for processing your personal data?
For each specific processing of the personal data we collect from you, we will inform you whether the provision of personal data is statutory or required to enter a contract and whether it is an obligation to provide the personal data and possible consequences if you choose not to provide the data.
What are your rights?
The right to access:
You have the right to request information about your personal data we hold at any time. You can contact us by email or by phone.
The right to personal data portability:
You have the right to receive a copy of the personal data we collect from you in a structured, commonly used and machine-readable format and a right to transfer such personal data to another data processing controller. The relevant personal data is data that you provide us with your consent or for the purposes of performing our contract with you.
The right to rectification:
You have the right to request rectification of incomplete personal data or correction of any personal data held about you that is inaccurate.
The right to erasure:
You have the right to request the erasure of your personal data if we have processed them unlawfully or that processing represents a disproportionate interference with your protected interests. Please note that for some reasons immediate erasure is not possible. For example, due to the archiving obligations laid down by law.
Your right to object personal data processing based on legitimate interest:
You have the right to object to processing of your personal data that is based on our legitimate interest. We will not continue to process the personal data unless we can demonstrate legitimate grounds for the process which overrides your interest and rights or due to legal claims.
Your right to object to direct marketing:
You have the right to object to direct marketing, including a profile analysis that is made for direct marketing purposes.
You can opt out from direct marketing by the following means:
- following the instructions in each marketing email received;
- writing an email to us.
Your right to restrict processing:
You have the right to request that we restrict the process of your personal data under the following circumstances:
- if you object to a processing of personal data based on our legitimate interest, we will restrict all processing of such data pending the verification of the legitimate interest;
- if you claim that your personal data is incorrect, we will restrict all processing of such data pending the verification of the accuracy of the personal data;
- if the processing is unlawful you can oppose the erasure of personal data and instead request the restriction of the use of your personal data instead;
- if we no longer need the personal data but are required by you to defend legal claims.
How can you exercise your rights?
If you want to exercise your rights, please contact us using our contact details stated in this Privacy Policy.
Please note that we will require you to verify your identity before responding to any requests to exercise your rights and that can include asking a set of questions to ensure it is you. This serves to protect your rights and private spheres.
If you execute any of these rights too often and with obvious intent of misuse, we may charge you an administrative fee or decline to process your request.
Right to complain with a supervisory authority:
If you consider us to process your personal data in an incorrect way you can contact us. You also have the right to raise a complaint to a supervisory authority.
Updates to our Privacy Policy:
We may need to update our Privacy Policy. The latest version of the Privacy Policy is always available on our website. We will communicate any material changes to the Privacy Policy, for example the purpose of why we use your personal data, the identity of the processing controller or your rights.
ONLINE PURCHASE
Why do we use your personal data?
We will use your personal data to manage your online purchase at our website by processing your orders, shipments and returns and to send you notifications of delivery status or in the event of any problems with the delivery of your items.
We will use your personal data to manage your payments.
We will also use your personal data in order to handle complaints and warranty matters for products.
Your personal data is being used to identify you and to validate your legal age for shopping online and to confirm your address with external partners, to create your invoice (order, shipment and delivery address).
What types of personal data do we process?
We will process the following categories of personal data:
- contact information such as name, last name, address, email address and telephone number;
- company OIB information (ID number), in case R1 invoice is needed;
- payment information and payment history;
- order information;
- IP address – assigned by the Internet Service Provider (ISP) and which uses the holder’s date and time of registration.
By registering on our website, the IP address — assigned by the Internet Service Provider (ISP) and which uses the holder’s date and time of registration – is stored. These personal data are stored and kept for the purpose of preventing the abuse of our services and, if necessary, to enable investigations of committed offenses. Furthermore, these personal data are not transmitted to third parties unless there is a legal obligation to transfer data or if the transfer serves the purpose of criminal prosecution.
Who has access to your personal data?
Your personal data that is forwarded to third parties is only used to provide you with the services mentioned above. These third parties are companies that validate your address, communication agencies to send you order confirmation, warehouse and distribution suppliers in connection with the delivery of your order, payment service providers for your payment, credit reference agencies for identity and credit checks and debt collection agencies.
While conducting payments on our web shop you are using CorvusPay – an advanced system for secure acceptance of credit cards on the Internet.
CorvusPay system ensures complete privacy of your credit card data and personal data from the moment you type them into the CorvusPay payment form. Data required for billing is forwarded encrypted from your web browser to the bank that issued your payment card. Our store never comes into contact with your sensitive payment card data. Similarly, CorvusPay operators cannot access your complete cardholder data. An isolated system core independently transmits and manages sensitive data while at the same time keeping it completely safe.
The form for entering payment data is secured by an SSL transmission cipher of the greatest reliability. All stored data is additionally protected by hi-grade encryption, using hardware devices certified by FIPS 140 2 Level 3 standard. CorvusPay fulfills all of the requirements for safe online payment prescribed by the leading credit card brands, operating in compliance to the PCI DSS Level 1 standard – the highest security standard of the payment card industry. Payments made by cards enroled with the 3-D Secure program are further authenticated by the issuing bank, confirming your identity through the use of a token or a password.
All information collected by Corvus Pay is considered a secret and treated accordingly. The information is used exclusively for the purposes for which they were intended. Your sensitive data is fully secure and it’s privacy is guaranteed by the state of the art safeguard mechanisms. We collect only the data necessary for performing the work in accordance with the demanding prescribed procedures for online payment.
Security controls and operating procedures applied within the CorvusPay infrastructure not only ensure current reliability of CorvusPay but permanently maintain and enhance the security levels of protecting your credit card information by maintaining strict access controls, regular security and in-depth system checks for preventing network vulnerabilities.
What is the legal ground to process your personal data?
The processing of your personal data is necessary to fulfill the service of managing and delivering the order to you.
How long do we save your personal data?
We keep your personal data for the purpose of processing and facilitating the control of complaints and the fulfillment of quality assurance, as well as for accounting purposes for 11 years, all in accordance with legal obligations.
DIRECT MARKETING/NEWSLETTER
Why do we use your personal data?
On our website, through social networks and personally via retailer’s access points, subscribers can subscribe to our newsletter that you can receive via email. The forms/screens you use to subscribe to our newsletter determine which personal data is processed. Through the newsletter we regularly notify you about our activities, offers and new content on our website, marketing activities and new product offerings.
The newsletter shall be delivered to you on the basis of your consent, but also based on a legitimate interest, if we have received your email address in the process of purchasing our products.
You can receive our newsletter if you have a valid email address, you have registered your email address to receive the newsletter and you have granted us with the consent to receive the newsletter. Once you have registered your email address, we will send you an email confirmation of your application before you receive the first newsletter in the double-entry process. This email address verification is used to prove that the respondent is the owner of that email address and that she or he has really given the consent to receive the newsletter. Collecting this information is necessary for understanding (possible) misuse of a data holder’s email address, and therefore serves as the purpose of legal protection of the processing collector.
We can deliver a newsletter to your email address based on a legitimate interest if you have made a purchase on our website, or based on your consent to receive newsletters that you have provided to us in writing in one of our stores.
We do not transfer to third parties personal data we collect to send newsletters. At any time you may revoke your prior consent to receive a newsletter or object to receiving it by clicking on the unsubscribe link contained in each newsletter or directly by informing us via email.
In order to optimize the experience of using our website, we will provide you with relevant information, recommended products, send reminders about the products that remain in your shopping bag and send personalized offers. All these great services are based on your previous purchases, your clicks and on the data you sent us.
The newsletter may contain a so-called tracking pixel. Miniature tracking pixel is embedded in such emails that are sent in HTML format. This gives us a statistical analysis of the success or failure of internet marketing campaigns. Based on the built-in tracking pixel, we can see whether and when an entrepreneur opened emails and who links the emails to the data subject. Such personal data collected in the monitoring pixels contained in the newsletter are stored and analyzed by the processing collector in order to optimize the delivery of the newsletter, as well as to adapt the contents of the future newsletters according to the interests of the respondent.
What types of personal data do we process?
We will process the following categories of personal data:
- contact information such as name, last name, email address, telephone number;
- when registering for newsletters, the IP address—assigned by the Internet Service Provider (ISP) and which uses the holder’s date and time of registration – is stored.
Who has access to your personal data?
Data that is forwarded to third parties is only used to provide you with the service mentioned above, to media agencies and technical suppliers for distribution of physical and digital direct marketing. We never pass on, sell or swap your personal data for marketing purposes to third parties.
How long do we save your personal data?
We will keep your personal data for newsletter/direct marketing until you withdraw your consent or if we decide to delete your personal data due to your inactivity.
CUSTOMER SERVICE
Why do we use your personal data?
We will use your personal data to manage your queries, to handle complaints and warranty matters for products and technical support matters through email, telephone and through social media.
The website contains forms and information that allow quick electronic contact with us, as well as direct communication with us, which also includes the general address of the so-called email (email address). If you contact us by mail, your personal information is automatically stored, and for processing your query and search, we forward this data to third parties only to provide you with the mentioned services.
We may also contact you if there is a problem with your order.
We process personal data based on your inquiry or on the basis of contract obligation (when we contact you for your order).
What types of personal data do we process?
We will process any personal data you provide to us, including the following categories:
- contact information such as name, address, email address and telephone number
- payment information and payment history;
- credit information;
- order information;
- all correspondence in the matter.
How long do we keep your data?
We will keep your personal data for 100 days for email logs and correspondence and for 12 months for case management.
COOKIES
Our website uses cookies. Cookies are text files that are stored on a hard drive of your computer by a web server and that allow an analysis of the use of the website by you.
Many websites and servers use cookies. Many cookies contain a so-called cookie ID. Cookie ID is a unique cookie identifier. It consists of a series of characters through which websites and servers can be assigned to a particular web browser where the cookie is stored. This allows visited websites and servers to differentiate individual browsers from other web browsers that contain other cookies. A particular Internet browser can be recognized and identified using a unique cookie ID.
By using cookies, our website users are provided with a user-friendly feeling that could not be achieved without the use of cookies. When a user accesses a website, the cookie is stored on the user’s computer. Another example is a shopping bag cookie in the online store. The online store remembers the items that the customer puts in a shopping bag through a cookie.
At any time, you may choose to delete or permanently block cookies by using the appropriate web browser settings or other software programs. This is possible in all popular Internet browsers. If you choose to deactivate cookies settings you will probably not be able to use all of our website features.
FULFILMENT OF LEGAL OBLIGATIONS
Why do we use your personal data?
We will use your personal data to comply with obligations in laws, court rulings and decisions from authorities.
This includes using your personal data to collect and verify accounting data to comply with our bookkeeping rules.
What types of personal data do we process?
We will process following categories of personal data:
- customer number;
- order number;
- name;
- postal address;
- transaction amount;
- transaction date;
- company OIB information (ID number), in case R1 invoice is needed.
Who has access to your personal data?
Your personal data will be shared with companies that provide us with the above mentioned services (companies providing data storage services, IT companies providing bookkeeping system solutions, administrative bodies in compliance with legal obligations).
What is the legal ground to process your personal data?
The processing of your personal data is necessary for us to fulfill our legal obligation.
How long do we save your personal data?
We will save your personal data in compliance with the business and bookkeeping rules.
PROVISIONS OF DATA PROTECTION REGULATION ON APPLICATION AND USE OF FACEBOOK AND INSTAGRAM
On our website we may integrate or may have integrated some Facebook components. Facebook is a social network operated by Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, United States of America. If a person lives outside the United States or Canada, the processing data collector is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal port, Dublin 2, Ireland.
The Privacy Policy published by Facebook is available at https://facebook.com/about/privacy/ and https://help.instagram.com/519522125107875?helpref=page_content, and it provides information on how Facebook collects, processes and uses personal data. Furthermore, the policy explains the type of settings Facebook offers in order to protect personal data. In addition, various configuration options are available to allow the removal of data transfer.
PROVISIONS OF DATA PROTECTION REGULATION ON APPLICATION AND USE OF GOOGLE ANALYTICS (WITH IP ANONYMIZATION)
On our website we may integrate or may have integrated some Google Analytics components (with IP anonymization). Google Analytics is web analytics service that collects and analyzes data about visitors’ behavior. Google Analytics applies a method of reporting visits that came to our website from outside sources (referral traffic), the subpages that are visited, how often and for how long. The web analytics is mainly used to optimize a website and to conduct cost analysis and the benefit of online advertising.
The Google Analytics operator is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, United States of America.
For web analytics through Google Analytics, the processing controller uses the “_gat. _anonymizeIp ” function. Google uses this function to shorten and anonymize the last digits of the user’s IP address when the user is accessing our website from the European Union member states or from other parties to the Agreement on the European Economic Area.
The purpose of the Google Analytics is to analyze and evaluate the traffic on our website. Google collects personal data and information, among other things, to evaluate the use of our website and to compile and provide online reports that display activities on our website and provide other services related to the use of our website for us.
The additional information and applicable Google Privacy Policy provisions may be downloaded at: https://www.google.com/intl/en/policies/privacy/ and https://www.google.com/analytics/terms/us.html To learn more about Google Analytics, please visit the following link: vezi https://www.google.com/analytics/
On our website we may integrate or may have integrated some Pinterest components. Pinterest Privacy Policy is available at: https://policy.pinterest.com/en/privacy-policy