PRIVACY POLICY
Effective date: This Privacy Policy was updated on February 25, 2021 and is effective as
of that date.
What is the content of this document? What happens to my personal data when I interact with Eksogear Production BV
This privacy policy (“Privacy Policy”) applies to any collection and processing of personal data carried out:
A. when you interact with us through digital means, including the website https://www.lilioamsterdam.com (the “Site”) portals and mobile applications, operated by Eksogear Production BV, Pijlsteeg 6, 8911EM – Leeuwarden, The Netherlands;
B. when you purchase a product or request other services from Eksogear Production BV or any of its subsidiaries (hereinafter, “we” or “us”), including when you contact our customer service for post-sale customer services or specific questions or requests;
C. when we communicate with you as part of our marketing activities.
By accessing and using the Eksogear Production BV Platforms or otherwise providing us with your personal data, for example when visiting our stores or when contacting our customer service, you confirm that you have read and that you understand the way we collect, process, use and disclose your personal data, as described in this Privacy Policy.
For specific processing activities, we need to obtain your consent to collect and process your personal data. When we need your consent, we will ask you, before you submit personal data or use the relevant sections of Eksogear Production BV, to confirm electronically that you consent to the processing activity at stake, as described in this Privacy Policy, by ticking specific boxes. Your affirmative action in ticking the relevant box and your use of this Site signify that you agree to the processing activity at stake as described in this Privacy Policy. Our records of your acceptance of this Privacy Policy, the date thereof, and of all future amendments to this Privacy Policy, shall be regarded as conclusive and written evidence of your consent.
You will also be informed of this Privacy Policy – and, when a specific processing activity requires your consent, be asked to consent – when contacting our customer service or when providing us with your personal data through interactions in stores.
We collect and process your personal data in accordance with all applicable data protection laws and regulations, including, without limitation, the laws promulgated on the matter by the European Union, such as the General Data Protection Regulation (EU) 2016/679 of 27 April 2016 (“GDPR”) and supplementing national provisions, as well as the orders and guidelines issues by the competent data protection authorities, as applicable (the “Data Protection Laws”).
Who controls the processing of my personal data? Who is accountable for it?
The data controller of the personal data (i) that are collected when you use Eksogear Production BV Platforms (other than when you purchase goods from us), and (ii) that are collected for our marketing and profiling activities is: Eksogear Production BV. For further details and how to contact us, please refer to our Contact page.
What personal data are processed?
Automatic Information Collection on the Eksogear Production BV Platforms
The processing of your personal data when you merely visit and consult the Site is limited to the so-called surfing data, namely the data whose
transmission to the Site is implicit in the functioning of the systems in charge of the managing of the Site and in the communications protocols peculiar to the Internet. Surfing data are, for example, the IP addresses of the devices you use to connect to the Site and other parameters relating to your device and operating system.
In principle, surfing data, such as those specified above, and for example the number of visits and the time spent on the Site, are collected and processed by us exclusively for statistical purposes and in aggregated form for purposes of measuring and enhancing the functioning of the Site. Due to the nature itself of surfing data, these data may lead to identification of users if they are associated with data held by third parties; however, we do not collect surfing data in order to associate them with identified users, except where said data may be used for purposes of assessing possible responsibilities in case of information crimes realized against the Site or through the Site to the extent permitted by law. Besides, certain information is gathered on the Site by means of cookies and other tracking technologies.
Information you provide voluntarily to us:
We collect and process:
1. personal data that you provide when you interact with us, through Eksogear Production BV Platforms, for example, when you open an account, upload user-generated content on the Site or fill-in forms in store or by using our mobile applications. This personal data may include: your name, e-mail address, telephone number, and your username and password
2. personal data that you provide when you take part/subscribe to our marketing activities, for example, when you subscribe to our newsletter(s) or mailing list(s) or participate to promotions and other initiatives such as loyalty programs, contests and sweepstakes, etc. This personal data may include: your name, e-mail address, telephone number, the history of your purchases, and your preferences and interests
3. personal data that you provide when you purchase goods from us. This personal data may include: your name, e-mail address, telephone number, the history of products you purchase, and details regarding your transaction
4. personal data that you provide when you interact with our customer-service, for example, when you send a question about a product, communicate feedback to us, contact our customer service call center for support, or request specific assistance or service from our customer-service. This personal data may include: your name, e-mail address, telephone number, the history of products you purchase, information regarding the reasons why you contacted customer service, and content of your communications relating to your interaction
Where you have provided us with personal data about another person (for example when using the function e-mail to a friend, gift card functionalities or other purposes), to the extent permitted by applicable laws you hereby confirm that you are entitled to communicate such personal data to us and that you have informed said person about – and where necessary, have obtained his/her consent to – the processing of his/her personal data for the purposes set out in this Privacy Policy.
What are the legal bases for the processing of my personal data as described herein?
We will collect and process your personal data for the purposes described in the Section “For what purposes are my personal data processed?” on one of the following legal bases:
– The processing of your personal data is necessary for performance of a contract with you or in order to take steps prior to entering into a contract with you at your request (Article 6, 1., (b) of the GDPR);
– The processing is necessary for the purposes of our legitimate interests or our affiliates’ or other third parties’ legitimate interests, and such interests are not overridden by your interests or fundamental rights and freedoms (Article 6, 1., (f) of the GDPR); The legitimate interests that we pursue notably include our interest to manage and maintain the contractual relationship with you, to answer to your specific requests, to ask your feedback in order to improve our Site and our products, or to pursue other general marketing activities.
– Where your specific consent is required to the processing of your personal data as described herein, your personal data will be processed based on such consent (Article 6, 1., (a) of the GDPR)
How long will my personal be data processed?
Personal data are not kept for longer than the time necessary to achieve the specific data processing purposes described herein. This may be up to 10 years after the end of the contractual relationship with you (statute of limitation for legal claims in most EEA countries), unless a shorter or longer retention period applies under applicable laws.
Are my personal data safe?
We are committed to protect the security and confidentiality of your personal data. We take – and require that any service provider and/or third party processor processing personal data on our behalf and on our instructions takes – appropriate technical and organizational measures to prevent loss and destruction, even accidental, of data, unauthorized access to data, unlawful or unfair use of data. Moreover, information systems and software programs are configured so that personal and identification data are used only when necessary to achieve the specific processing purpose from time to time sought.
We deploy a variety of advanced security technologies and procedures to help protecting personal data against the risks outlined above. For example, personal data provided by users are stored on secured servers placed in controlled locations. Moreover, for the transmission of some data through the Internet are deployed encryption techniques such as the Secure Socket Layer (SSL) protocol.
However, please note that no electronic transmission or storage of information is 100% secure. Therefore, despite the security measures that we have put in place to protect your personal data, we cannot guarantee that loss, misuse, or alteration of data will never occur.
Where is my personal data stored?
Personal data collected through our Site and as part of our customer service, are stored on the servers provided and managed by our third party storage and hosting provider Siteground (www.siteground.com).
We communicate personal data within the limits and under the circumstances specified in this Privacy Policy, subject to your specific consent when required under applicable Data Protection Laws:
1°. Your personal data will be accessible within our organization by the internal and external personnel that need to access it because of their duties in relation to the processing purposes herein specified. We ensure that these persons are held by appropriate security and confidentiality duties.
2°. Your personal data may also be accessible by third party service provider that we appoint to process personal data on our behalf and on our instructions (as data processors). These data processors include:
– third party service providers to which we may revert to for performance of professional, technical and organizational services functional to the managing of VF Digital Platforms and the activities performed therein, such as for example the sales of goods and related activities, the managing of functionalities offered by Our Platforms and of the initiatives and services that you may subscribe to and require through Our Platforms, and for services strictly functional to achievement of the other processing purposes herein specified;
– third party service providers to which we revert for closing purchase transactions and payment processing through our e-commerce platform;
– third party service providers that are managing and supporting the Our Platforms, the relevant e-com platform and all the pre- and post-sale activities, such as, order processing, performance marketing, financial services, warehouse management, and customer relationship management;
A list of these data processors, with indication of where they are located, is available upon request to our Privacy Office. These data processors are bound by appropriate contractual obligations to implement adequate security measures to protect security and confidentiality of personal data.
3°. Your personal data may also be shared with institutions, authorities, public entities, banks and financial institutions, professionals, independent consultants, also in associate form, business partners or other legitimate recipients as permitted by applicable laws and regulations, for example in case of judicial processes, request by competent courts and authorities or other legal obligation, to protect and defend our rights and property and Eksogear Production BV.
Except for the foregoing, personal data will not be shared with third parties, natural persons or legal entities, that are unrelated to, or that do not perform a business, professional or technical function for us.
Personal data will not be communicated to third parties for their own marketing purposes.
These abovementioned recipients may be located in countries other than the country in which personal data was originally collected, it being noted that your personal data will in principle only be transferred within the European Economic Area or other countries recognized by the EU Commission as adducing an adequate level of protection of personal data.
In case any of the above recipient is established in a country outside the EEA that is not covered by an adequacy decision of the European Commission and therefore does not provide the same level of protection for your personal as in the EEA, we shall implement appropriate safeguards, including, but not limited to relevant data transfer agreements based on the EU Commission Standard Contractual Clauses for the transfer of data to third countries (Article 46, 2., (c) of the GDPR,) or binding corporate rules (Article 47 of the GDPR).
Am I obliged to provide my personal data? What are the consequences if I refuse to provide them?
Except in relation to the surfing data, providing your personal data may be a requirement necessary to enter into or to perform a contract, including for the performance of certain services and functionalities offered by Us, such as subscription to the Site, subscription to our newsletter(s), the purchase of goods through the Site, the management of participation to loyalty programs, promotions and other initiatives communicated through Our Platforms, replying to and managing of request of information, questions, communication or feedback. In the above referenced circumstances, refusal to provide your personal data would make it impossible for us to perform the contract or to provide the requested services, products or information as above specified.
Providing your personal data for survey, marketing and other profiling purposes, as above specified, is optional; refusal to provide your personal data for these purposes will not have any impact on the entering into or performance of the contract. When requested under Data Protection Laws, we will collect your prior consent before proceeding to processing your personal data for these purposes.
Does Lilioamsterdam.com contain elements controlled by third parties? Who is responsible and liable for these elements?
Our page may contain links to other sites, as well as objects or elements controlled by third parties.
An example is plug-ins that may connect Our site to social networks (“social plug-in”) and that are usually identified by the relevant social network’s logo. If you interact with a social plug-in, your browser may send such social network certain data relating to you, such as your user ID, date and time, and other browser-related information. Such information will be processed by the social networks, owned and operated by third parties, according to their privacy policies.
We do not have access nor control over elements, objects, plug-ins, cookies, web beacon and other items or tracking technologies owned and operated by third parties, available on our site or on the relevant third party websites, which users may access on or from Our site, and over the relevant methods of processing of personal data through such elements or sites. We disclaim any responsibility for such elements and websites. You should check the privacy policy of such third-party websites to learn about the conditions applicable to the processing of personal data.
What are my rights in relation to the processing of my personal data and how can I exercise them?
You are entitled at any moment to enforce the rights available to you under applicable Data Protection Laws, including, but not limited, to the right of access, rectification, restriction, erasure, opposition (including objecting, at any time and for free, to the processing of your personal data for direct marketing purposes), right to portability as well as the right to withdraw your consent. You also have the right to lodge a complaint with the competent supervisory authority.
Can we make changes to this Privacy Policy?
We reserve the right to update and amend all or parts of this Privacy Policy, at any time, to the fullest extent permitted under applicable law. The version published on the Site is the version actually in force.
The date at the top of this Privacy Policy indicates when it was last updated.