- Who is the data controller?
- What personal data do we collect?
- How do we use this personal data?
- What is our legal basis for processing your personal data?
- Who will process your data?
- Do we transfer your personal data outside of the EU?
- How long do we keep your personal data?
- Your rights
- Security measures
- Changes to this notice
- Legislative reference and useful links
- give you a description of it
- tell you why we are holding it
- tell you who it could be shared with
- tell you how long we will keep the data
- if the data was not provided by you, we will give you any available information such as the source of the data
- tell you if the data has been used for automated decision making
- tell you if the data is stored outside of the European Economic Area, and if so what safeguards are in place to protect your personal data
- let you have a concise and clear copy of the data
- What personal information do we collect from you and how?
- What about cookies? What are cookies?
- How this information may be used
- Who we will share your personal information with
- Where we process your personal information
- Marketing opt-in and opt-out provisions
- How you can access your personal information and keep it up to date
- Safeguarding your personal information
- Why we link to other websites
- How we can make changes to this policy
- Where and how to ask questions or contact us about this policy
November 27, 2018
Welcome to the NET-A-PORTER website.
If you have a question that is not answered here, or if you would like more information about how we collect, use and store your personal data, you can contact us at any time by emailing firstname.lastname@example.org, calling +44 330 022 5700 or writing to the Privacy Team at THE NET-A-PORTER GROUP LIMITED, 1 The Village Offices, Westfield London, Ariel Way, London, W12 7GF.
Under the data protection law, the data controller is responsible for ensuring that your data is held securely, that you are given accurate information about how your data is used, and that your rights regarding your data are respected.
The NET-A-PORTER website is owned and run by THE NET-A-PORTER GROUP LIMITED. For the purpose of the UK Data Protection Act 2018 and the General Data Protection Regulation 2016 (the Law), the data controllers for any personal data we hold about you are THE NET-A-PORTER GROUP LIMITED of 1 The Village Offices, Westfield London, Ariel Way, London, W12 7GF, United Kingdom and our parent company, YOOX NET-A-PORTER GROUP S.p.A. of Via Morimondo 17, 20143 Milan, Italy.
THE NET-A-PORTER GROUP LIMITED (referred to here as "we", "our", "us") is part of YOOX NET-A-PORTER GROUP. If we use the term "our Group", this means us and our subsidiaries, our ultimate holding company and its subsidiaries (or any of them). The term "our online services" refers to NET-A-PORTER, MR PORTER, THE OUTNET, our mobile and tablet applications, our pages on third party social media platforms such as Instagram, Facebook, Twitter, Pinterest and Google+ and any other websites or apps we own or run from time to time. The term "our services" refers to our online services and any of our other products and services, such as PORTER magazine, offered from time to time. If you use any of our services, we will refer to you using the terms "user", "visitor", "you", "your", "yours" in this policy.
Should you have any queries about our use of your personal data, please email email@example.com, call +44 330 022 5700 or write to our Privacy Team at THE NET-A-PORTER GROUP LIMITED, 1 The Village Offices, Westfield London, Ariel Way, London, W12 7GF, UK.2. What personal data do we collect?
We collect and process only the data that is required to allow us to provide our services to you. We collect the following data when you browse or shop at www.net-a-porter.com:
a) We process the personal data required to complete and despatch your purchase, including your name, billing address, delivery address, payment details, mobile number, telephone number and email address. We collect your email address in order to send you confirmation of your order; we collect your telephone number so that we can contact you if there are any issues with the order.
b) We collect your email address when you sign up to receive Net-a-Porter News.
c) If you register for a NET-A-PORTER account, we collect your name, email address, password, country, day and month of birth and additional information regarding your favourite designers and your marketing preferences.
d) When you contact our Customer Care team, we may collect additional data to help us resolve any queries relating to your order, delivery, payments, marketing, the website or any other queries.
e) We collect and process data about your browsing on www.net-a-porter.com, including the pages you visit and how you interact with these pages. If you have registered for an account, we collect browsing data about your access to the dedicated areas of the website.
f) If you are a customer of www.net-a-porter.com, or if you have given us your consent, we collect and process your personal data for direct marketing activities.
g) If you provide us with someone else’s data – for example, if you purchase a product to be delivered to a friend or as a gift – we will collect and process the personal data required to complete the transaction such as the name, delivery address and other contact details for your friend. If you are receiving an item as a gift, we will process your data only to fulfil the gift request and our contractual obligations.
h) When you use the App version of our website, we will ask for your consent to collect personal data from you in order to send you brief messages (“push notifications”) about products and services that we believe may be of interest to you. With your consent, we will also collect data regarding your use of the App and your IP address, in order to improve our service to you. You can disable push notification at any time by updating the App settings in your mobile device.
i) If you subscribe to PORTER magazine, we will collect and process the personal data required to complete and despatch your purchase, including your name, billing address, delivery address, payment details, telephone number and email address. We collect your email address in order to send you confirmation of your order; we collect your telephone number so that we can contact you if there are any issues with the subscription. You have the option to provide us with your birth day and month and to subscribe to our marketing communications and those from our partners.
j) When you call our Customer Care team, your call will be recorded for training and fraud prevention purposes.3. How do we use the personal data we collect?
We collect and process your personal data for the following purposes:
a) To fulfil our contract with you, including taking payment, shipping and delivery;
b) To provide you with relevant information about our products and services via our marketing communications and advertising;
c) To help you take full advantage of our website, including placing and holding items in your shopping bag and using services such as Wish Lists;
d) To improve the performance of our website and our promotion of the website;
e) To allow our Customer Care team to help you with queries and requests;
f) To send you updates to important information such as our Terms & Conditions.
For a detailed breakdown of how we use your personal data, please view the table below.
Under the Law we must have a valid reason for using your personal data and we may not collect, store or use data about you that is not compatible with that reason. There are four valid reasons for our use of your personal data:
a) Most of the data we collect from you is necessary to allow us to fulfil our contract with you or to enter into a contract with you e.g. you provide a billing address and email address when you purchase an item from www.net-a-porter.com so that we can process your payment and send you order confirmation.
b) In certain circumstances we will ask for your permission or consent to use your personal data e.g. if we would like to send you marketing information about items we believe may be of interest to you via email. If you have given your consent to our use of your personal data, you are entitled to withdraw this consent at any time.
c) We may also have a legitimate interest in using your personal data e.g. to ensure that the content of our website is presented to you and your device as effectively as possible, or to ensure that our marketing communications are relevant to your interests. If this is our reason for using your data, we must make sure that our interests do not override yours and you are entitled to object to this use of your data.
d) Lastly, we may be required to use your data to meet a legal obligation or to protect your interests e.g. we may exchange information with other specialist organisations for the purposes of fraud detection and credit risk reduction and we will retain financial data long term to meet our statutory obligations.
For a detailed breakdown of how we use your personal data, please view the table below.
Your personal data will be processed by the internal staff of THE NET-A-PORTER GROUP LIMITED who have been specifically trained and authorised for this processing. In carrying out the processing, the data may also be transmitted to companies belonging to YOOX NET-A-PORTER GROUP S.p.A, to which THE NET-A-PORTER GROUP LIMITED belongs.
Your personal data will also be transmitted to third parties that we use to provide our services; these parties have been rigorously assessed and offer a guarantee of compliance with the legislation on the processing of personal data. These parties have been designated as data processors and carry out their activities according to the instructions given by NET-A-PORTER GROUP LIMITED and under its control.
The third parties in question belong to the following categories: banking operators, internet providers, companies specialising in IT and telematics services; couriers; companies that carry out marketing activities, including social media organisations; companies specialising in market research and data processing; companies offering contact centre services; companies providing publishing and distribution services.
Under some circumstances we may be required to disclose or share your data without your consent, for example if we are required by the police, the courts or for other legal reasons. Your data may be transmitted to the police, judicial and administrative authorities, in accordance with the law, for the investigation and prosecution of crimes, the prevention of and protection from threats to public security, to allow THE NET-A-PORTER GROUP LIMITED to ascertain, exercise or defend a right in court, as well as for other reasons related to the protection of the rights and freedoms of others.
Some of the third parties listed in the previous paragraph 'Who will process your data?' may be located in countries outside the European Union that nevertheless offer an adequate level of data protection, as established by specific decisions of the European Commission (https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en)
The transfer of your personal data to countries that do not belong to the European Union and that have not been assessed as offering adequate levels of protection will be performed only:
I. after the completion between THE NET-A-PORTER GROUP LIMITED and said parties of specific agreements containing safeguard clauses and appropriate guarantees for the protection of your personal data (known as “standard contractual clauses” and approved by the European Commission), or
II. if the transfer is necessary for the completion and execution of a contract between you and THE NET-A-PORTER GROUP LIMITED (for the purchase of goods offered on our website, for registration on the website or use of services on the website), or
III. for the management of your requests.7) How long do we keep your data?
We keep your personal data for a limited period of time in line with our data retention policy. The specific retention period will vary according to the reason for processing your personal data. After this period, your data will be permanently erased or otherwise irreversibly rendered anonymous.
Your personal data are retained in accordance with the following criteria:
When you have purchased goods from www.net-a-porter.com, we will retain the billing data until the end of the relevant accounting period, normally seven years from the billing date;
When you make a payment, we will retain your payment details up to the certification of the payment and the completion of the relevant administrative-accounting formalities regarding your right of withdrawal and the terms applied for the disputing of the payment;
When you provide us with personal data in order to use the services of www.net-a-porter.com, such as marketing communications subscription, we will keep your data for this purpose until the termination of the service or until you cancel your subscription to the service;
When you give us your consent to send you marketing communications, you can withdraw your consent at any time. We will consider your consent to be current for five years from your last interaction with any email that we send you, with our App or with www.net-a-porter.com. In any case, we will reduce the number of marketing contacts after six months if you don’t interact with us;
When we use your personal data and browsing history to analyse your behaviour in order to customise the website and to show you personalised sales offers, we will keep the data for analytical purposes until you ask us to delete it;
When we use personal data for market research and satisfaction surveys, we will keep the data until you ask us to stop.
When you contact our Customer Care team, we will keep any additional personal data you provide that is specific to your enquiry for as long as you remain an active customer of www.net-a-porter.com.
When you contact our Customer Care team, we will keep the call recording for 6 months. Credit card details are not recorded as part of the call.8) Your rights
You have the right to request a copy of the data that we hold about you (and we will provide this to you free of charge once we have confirmed your identity).
If you would like a copy of some or all of your personal data, please email or write to us using the contact details in this policy.
If we do hold data about you we will:
You have the right to ask us to correct any inaccuracies in the personal data we hold about you and to stop us using your data until it has been corrected. We want to make sure that your personal data is accurate and up to date and we will be happy to correct or remove data you think is inaccurate. You can also update your own information at any time by logging into My Account at www.net-a-porter.com
You have the right to withdraw your consent to marketing at any time by calling our Customer Care team, clicking “unsubscribe” on a marketing email or replying STOP to a text message. Alternatively, you can sign in to your account on www.net-a-porter.com and update your requirements in our Email Preference Centre. You may receive a small number of further communications immediately after unsubscribing but we will implement your request as quickly as possible.
You have the right at any time to oppose our processing of your personal data on the basis of our legitimate interest. You will need to explain the reasons behind your request and allow us to consider your request and respond.
You have the right to request the deletion of your personal data. After receiving and reviewing your request, if legitimate it will be our responsibility to cease processing promptly and to delete your personal data.
You have the right to receive a copy of your data that we process based on your consent or on the basis of a contract with you in a standard format. If you wish, where technically possible, we can transfer your data directly to a third party indicated by you.
To exercise any of these rights, you can sign in to your account, contact our Customer Care team at firstname.lastname@example.org or +44 330 022 5700 or write to our Privacy Team at THE NET-A-PORTER GROUP LIMITED, 1 The Village Offices, Westfield London, Ariel Way, London, W12 7GF.
To ensure that the data of our users are not subject to breaches or illegitimate use by third parties, we will ask you to confirm your identity before carrying out your request.9) Security
We protect your personal data with specific technical and organisational security measures aimed at preventing your personal data from being used illegitimately or fraudulently.
In particular, we use security measures that guarantee: pseudonymisation or encryption of your data; the confidentiality, integrity, and availability of your data as well as the resilience of the systems and services that process them; the ability to restore data in the event of a data breach. Furthermore, THE NET-A-PORTER GROUP LIMITED undertakes to test, verify and regularly evaluate the effectiveness of technical and organizational measures in order to guarantee continuous improvement in the safety of processing.10) Complaints
If you believe that THE NET-A-PORTER GROUP LIMITED is processing your personal data in contravention of the Law, you can file a complaint with the supervisory authority responsible for compliance with the rules on personal data protection.
In the UK, the complaint can be presented to the ICO. More information on how to complain is available on the ICO’s website at https://ico.org.uk/.
According to the Law to which the Controller YOOX NET-A-PORTER GROUP S.p.A. is subject, you can also contact the Italian Data Protection Authority. More information is available on the website of the Garante Privacy, at http://www.garanteprivacy.it/11) Changes to this notice
The processing of your personal data is carried out by THE NET-A-PORTER GROUP LIMITED and YOOX NET-A-PORTER GROUP S.p.A. in compliance with the Regulation (EU) 2016/679 general regulation on data protection, UK Data Protection Act 2018 and rules on the processing of personal data (https://ico.org.uk/).TABLE OF USE AND LEGAL BASIS FOR PROCESSING
This website is owned and run by THE NET-A-PORTER GROUP LIMITED ("we", "our", "us”), part of YOOX NET-A-PORTER GROUP. If we use the term “our Group”, this means us and our subsidiaries, our ultimate holding company and its subsidiaries (or any of them). The term “our online services” refers to NET-A-PORTER, MR PORTER, THE OUTNET, our mobile and tablet applications, our pages on third party social media platforms such as Instagram, Facebook, Twitter, Pinterest and Google+ and any other websites or apps we own or run from time to time. The term “our services” refers to our online services and any of our other products and services, such as PORTER magazine, offered from time to time. If you use any of our services, we will refer to you using the terms “user”, “visitor”, “you”, “your”, “yours” in this policy.
WHAT PERSONAL INFORMATION DO WE COLLECT FROM YOU AND HOW?
We collect personal information about you when you register or subscribe for one of our services, place an order, buy a gift voucher, use our online services, interact with us in any other way, such as via social media, click on an advert that we put on our or someone else’s website, use our Personal Shopping services, ask for information or assistance, give us a testimonial or other feedback, comment on any blogs or articles featured in our services, attend an event that we run or sponsor, enter competitions or special promotions, sign up for our special offers or other updates, participate in research panels or fill in surveys. By registering, subscribing or using our services, you consent to the use of your personal data in line with this policy. We may also receive information about you from our Group and from third parties, with whom we have a business relationship.
The information we collect and hold about you may include your name, email address, phone and mobile phone numbers, home address, shipping and payment card billing address, payment card details, IP address, search criteria, shopping history, shopping preferences, sizings, responses to research panels and surveys, the type of browser you use (a browser is the program you use to look at websites, such as Internet Explorer, Firefox or Safari), the times when you access the site and for how long, your referring URL (the site you come from to reach our website), cell IDs (these are the unique identifiers of the telecommunications towers being used by your mobile phone when you use our locations-based services on your mobile phone or tablet) and other location information (for example, GPS measurements), photographs and other content you share with us when you use our services, date of birth, password details, answers to security questions and any other information you may give us.
We may record or monitor calls that you receive from us or make to us. We do this for security and training purposes, and to improve the services we provide to you.
HOW THIS INFORMATION MAY BE USED
Whenever you give us your personal information we will use it in accordance with applicable privacy laws and for the purposes set out in this policy, on the data entry forms you complete, in any relevant terms and conditions and on pages or emails which link to the data entry forms.
When you use our services: If you use any of our services, register for or attend one of our events, set up, look at or change your account details or contact your personal shopper or a member of our Customer Care team, we will record your personal details. Your information will be used in the first place to provide the products, services or information you have asked for and to provide you with a personalized shopping experience. We keep the information you provide and may use it for several purposes, including: (i) accounting, billing, reporting and audit; (ii) credit checking or screening; (iii) authentication and identity checks; (iv) credit, debit or other payment card verification and screening; (v) debt collection; (vi) safety, security, health, training, administrative and legal purposes; (vii) data matching and dedupe, statistical and market analysis, and marketing information; (viii) advertising and marketing for us, our Group and third parties; (ix) developing, testing and maintaining systems; (x) studies, research and development; (xi) customer surveys; (xii) customer care and to help us in any future dealings with you, for example by identifying your requirements and preferences; (xiii) where required by law or in connection with legal proceeding or disputes; and (iv) any other uses set out in the terms and conditions for use of our services. For these purposes we may disclose your information to one or more of the other organisations listed in the section called “who we will share your personal information with”.
Saved payment card details will only be shared with our payment partner and not with any other third parties and will only be used to process your order, using our payment partner's systems.
We may also use your personal information to send you marketing updates, as detailed in the next section.
Testimonials: If you give us feedback, we may use it to improve our services and we may publish it online or offline to promote our business and our services. We will ask for your permission before we publish it.
Comments and reviews submitted to our online services: If you wish to submit a comment or feedback on a blog or article featured on our services, we may (but are not obliged to) publish your comment online or offline to promote our business and our services. We will collect your name or username which will be displayed next to your comment and e-mail address, which will not be published, but which we may use to contact you in relation to your comment.
Mobile services: When you request our mobile services, we may keep your mobile phone number, the make and model of your phone, the operating system used by your phone and details of your network operator, and we will link a unique identifier to your mobile phone number. We’ll store your device language, app language, country, We need this information in order to provide the features and services enabled through our mobile services and to administer our mobile service. Our Givenchy mobile services use your location to show your closest Givenchy store. We may also use it for SMS or voice marketing and market research.
Direct marketing: For information on how we may market to you, please read the section called “marketing opt-in and opt-out provisions”.
WHERE WE PROCESS YOUR PERSONAL INFORMATION
When we use your information as described in this policy, this may involve sending your information outside the European Economic Area (EEA). When we do this, we make sure that appropriate steps are taken to protect your personal information and your rights. By providing us with your personal information, you agree that we may transfer, store and process your information outside the EEA. Governments in certain countries such as the USA have broad powers to access data for security, crime prevention and detection and law enforcement purposes.
MARKETING OPT-IN AND OPT-OUT PROVISION
We offer you the chance to receive news and fashion updates which, depending on your preferences, we will discuss with you by phone or live chat or send to you via email, SMS and/or direct mail. These include alerts for new products, features, enhancements, special offers, upgrade opportunities, contests, events of interest, and one-off marketing promotions. You can opt-out of receiving these updates, if you wish.
We, or our third party business partners, may also ask you if you want to receive marketing if you enter a promotion or attend an event thrown or sponsored by us. Other companies in our Group may also pass your personal information to us for marketing use.
Marketing communications you subscribe to will only be sent by our Group.
You have the right to ask us not to use your personal information for marketing. At all times, we will offer you the opportunity to unsubscribe from any service or update to which you have subscribed, if you change your mind. Whenever you receive direct marketing from us, we will tell you how to unsubscribe. Alternatively you can change your marketing preferences by logging into My Account. To opt out of direct mail, please contact our Customer Care team:
For NET-A-PORTER, on 0800 044 5700 (UK) or +44 330 022 5700 (from a mobile or internationally) or by email at email@example.com
For MR PORTER, on +44 330 022 5705 or by email at firstname.lastname@example.org
For THE OUTNET, on +44 330 022 4250 or by email at email@example.com
If you tell us that you do not want to receive direct marketing, we will still contact you in order to provide you with products and services you request and for administration purposes.
HOW YOU CAN ACCESS YOUR PERSONAL INFORMATION AND KEEP IT UP TO DATE
You have the right to see information we hold about you, with some exceptions which are described in the privacy laws. If you would like a copy of your personal information, please contact our privacy officer at firstname.lastname@example.org. You will need to pay a processing fee.
You have the right to review and update your personal details. If for any reason you are concerned that the personal information we hold is not correct, please visit our online services and, after logging into the site using the "Sign In" menu on the home page, your personal information will be made available for review and change in the "My Account" section. Only you or, upon your request, our Customer Care team, may access your personal data from our online services using your user ID and password. Information may be changed online within “My Details”, “Shipping Details” and “My Email Preferences”. You can change or delete saved credit/debit card details each time you make a purchase. You will also be able to delete saved credit/debit card details by adding or editing a shipping/billing address. If you change your billing or shipping address while your order is still being processed, the order will be re-processed through security validation checks. If you prefer, you may contact us by email at email@example.com and we will amend your personal details.
Our Live Chat provider stores all chat conversations for 13 months. To receive a copy of your chat conversation simply request this when exiting Live Chat or contact our Customer Care team by emailing firstname.lastname@example.org for NET-A-PORTER chats, email@example.com for MR PORTER chats and firstname.lastname@example.org for THE OUTNET chats.
SAFEGUARDING YOUR PERSONAL INFORMATION
We will take reasonable care to maintain appropriate safeguards to ensure the security, integrity and privacy of the information you have provided to us. We have put in place technology and security policies which are designed to protect the personal information we hold about you. We also follow the security procedures that applicable privacy laws require. These cover storing, using and releasing any information you have provided and, as well as measures designed to prevent unauthorised access or use. When you place an order or access your account information, we use a Secure Socket Layer (SSL) encryption which encrypts your information before it is sent to us to protect it from unauthorised use.
HOW WE CAN MAKE CHANGES TO THIS POLICY
WHERE AND HOW TO ASK QUESTIONS OR CONTACT US ABOUT THIS POLICY
If you wish to talk to a Customer Care representative, please call:
For NET-A-PORTER, on 0800 044 5700 (UK) or +44 330 022 5700 (from a mobile or internationally).
For MR PORTER, on +44 330 022 5705 or by email at email@example.com.
For THE OUTNET, on +44 330 022 4250 or by email at firstname.lastname@example.org.