PERSONAL DATA MANAGEMENT POLICY
Your privacy is very important to us and we are committed to protecting your personal data. We promise to keep your data safe and to give you ways to manage and review your marketing choices at any time.
A N Z Styles Limited operates worldwide. As part of our business, we offer our customers an e-commerce service accessible from our website www.anzclothing.com.
To provide our services, we collect personal data about you. Data collection takes place on our website, by phone, by email, through social media websites (e.g. Facebook), through written correspondence and through other media we may use from time to time as technology develops.
This policy is intended to provide you with detailed information on our use of your personal data.
A N Z, is the “controller” in respect of your personal data for the purposes of EU General Data Protection Regulation (GDPR) No. 2016/679 of 27 April 2016 with effect from 25 May 2018.
In the personal data collection forms on the site or in paper format, the customer is notably informed of the mandatory nature, or not, of the data collection. In the event of failure to provide a mandatory data field, A N Z will not be able to perform its services.
The company collecting your personal data is :
A N Z Styles Ltd, a company registered in England and Wales under company number 10126188 and our registered office and main trading address is B1-2 Arthouse, 1 York Way London N1C 4AT, United Kingdom.
You can contact us by email. Our hours of business are from 9.30am to 6pm GMT, Monday to Friday.
HOW THE LAW PROTECTS YOU
2.1 LAWFUL REASONS FOR PROCESSING
Your privacy is protected by law. Under data protection law, we are allowed to use your personal data only if we have a lawful reason. We must have one or more of the following lawful reasons:
A “legitimate interest” is where there is a business, commercial or other reason to use your information but it should not unfairly go against what is right and best for you. Examples of legitimate interests given in the EU General Data Protection Regulation (GDPR) include fraud prevention, direct marketing and sharing data within a corporate group.
2.2 OUR PROCESSING & REASONS
We collect and record personal data to carry out the following processing:
What we use personal data for:
We share your data within A NZ and its associated companies and we may also share it with public authorities and partners who can use the data for their own purposes (they are recipients) and suppliers only for the account and according to our instructions (our sub-contractors).
The recipients of the data include:
We also use sub-contractors for the following operations:
We may also share your data if our make-up or that of the wider A N Z Group changes in future:
In order to be able to offer you Klarna’s payment options, we will pass to Klarna certain aspects of your personal information, such as contact and order details, in order for Klarna to assess whether you qualify for their payment options and to tailor the payment options for you. General information on Klarna you can find . Your personal data is handled in accordance with applicable data protection law and in accordance with the information in Klarnas .
In order to be able to offer you Klarna’s payment options, we will pass to Klarna certain aspects of your personal information, such as contact and order details, in order for Klarna to assess whether you qualify for their payment options and to tailor the payment options for you.
Billpay’s/Klarna’s payment options In order to be able to offer you Klarna’s payment options and to assess whether you qualify for their payment options and to tailor the payment options for you, we will pass to Klarna certain aspects of your personal information. General information on Klarna you can find and on BillPay . Your personal data is handled in accordance with applicable data protection law and in accordance with the information in and privacy notices.
For Direct bank transfer, your personal data such as contact and order details, will be processed by Klarna.
For Pay Now (SOFORT Direct Banking) Your personal data such as contact and order details, will be processed by Klarna.
4.1. YOUR RIGHTS UNDER DATA PROTECTION LAWS
Under Articles 14 to 22 of EU General Data Protection Regulation (GDPR), you have the following rights:
You can request a copy of the data we hold about you.
You can query any data we hold about you that you think is inaccurate or incomplete.
This is often referred to as the “right to be forgotten”. It is not an absolute right to demand that organizations stop using or delete your data. An organization may be entitled to keep and continue to use the data (e.g. to comply with a legal obligation to retain records, or so that the organization can handle complaints and show that it treated you fairly in any period that the law gives you to lodge a complaint or legal claim).
It may sometimes be possible to restrict processing of data so that it can only be used for certain purposes (e.g. legal claims or to exercise legal rights). In such circumstances, we would not use or share the data in other ways while processing is restricted. You can ask us to restrict the use of your data: if it is inaccurate; if it has been used unlawfully but you do not want us to delete it; if it is not relevant any more but you want us to keep it for use in legal claims; if you have already asked us to stop using it but you are waiting for us to tell you if we are allowed to keep using it.
As explained in section 4.1 in relation to credit scoring systems, if you apply for credit and not satisfied with the result, you have the right to seek an explanation and request that a person manually reviews the decision. You can also ask that we do not make a decision based solely on the automated score generated by our credit scoring system.
In relation to marketing profiling (selecting you for specific promotions and making product recommendations), you can also object to this but then the offers and recommendations you receive will be less relevant and no longer targeted to your interests.
This right entitled individuals to ask organizations to transfer their data to another organization (e.g. you wish to move from one social media service to another; from one music streaming service to another; from one bank to another). It seems unlikely to us that you would want to move the data we hold (e.g. your purchase history with us or details of your account transactions) to another organization but you have the right to ask.
It is worth noting also that, under the EU General Data Protection Regulation (GDPR), if an organization that is processing your data detects a breach of data security that could create a high risk to your rights, then that organization may be required to notify you of the breach so you are aware of it. In such circumstances, the organization would also be required to notify the relevant supervisory authority.
4.2 HOW TO EXERCISE YOUR RIGHTS
You can exercise your rights in the following ways:
By post, by writing to us at the following address:
A N Z Styles Ltd – Data Protection Officer – B1-2 Arthouse, 1 York Way, London N1C 4AT, UNITED KINGDOM
Please include your surname, first name, address, email and, if possible, your customer reference to accelerate consideration of your request.
Electronically, by writing us at firstname.lastname@example.org
We may require proof of identity before fulfilling your request.
We will contact you to acknowledge receipt of your request and we will then answer fully within one month. In some cases, due to the complexity of the request or the number of requests, this period may be extended by 2 months.
4.3 CONSEQUENCES OF EXERCISING THE RIGHT OF OPPOSITION TO MARKETING PROFILING
In relation to marketing profiling (selecting you for specific promotions and making product recommandations), you may continue to receive marketing promotions but they will be less relevant to you and no longer be targeted to your interests.
4.4 WITHDRAWAL OF CONSENT
Where we are processing your data based on your consent (see section 2 above), you may withdraw your consent at any time by contacting us at the above address or by informing us by phone or by other means we provide, e.g. clicking “unsubscribe” at the bottom of an email or texting “STOP” in reply to an SMS.
4.5 WHAT IF YOU ARE NOT SATISFIED WITH THE RESPONSE YOU RECEIVE FROM US?
If you try to exercise your rights and we do not reply or you do not think our response is satisfactory, you can complain to the data protection supervisory authority in your country of residence:
You are hereby informed that personal data concerning you may be transmitted for the purposes of processing set out above to companies located in countries outside the European Union that do not have an adequate level of protection with regard to personal data protection.
Prior to the transfer outside the European Union, and in accordance with the regulations in force,
A N Z implements all the procedures required to obtain the guarantees necessary to secure such transfers.
Activities we currently undertake outside the EU including the following:
Purpose Data Country of Destination Management of Data Transfer
Sharing data with social network United States Privacy Shield/Standard contractual clauses
For more information on managing cross-border flows, you can contact the Data Protection Officer.
A N Z has set specific rules concerning the retention period of the Users’ personal data.
6.1. General rules concerning the management of the commercial relationship:
To calculate the most relevant retention period, A N Z distinguishes:
– Prospects who have never made a purchase from A N Z and its partners
– “Customers” who have made at least one purchase
A distinct retention period will be applied to prospects and customers.
Regarding prospects, the starting point of the retention period is the creation of the account.
Regarding customers, the starting point of the retention period is their last purchase at A N Z. The retention period of a customer’s data will differ depending on whether or not the customer adheres to a loyalty programme.
6.2. Specific rules for certain data processing:
For some types of processing, the retention of data is subject to specific retention periods.
Here are some examples:
For more information on the retention periods applied by A N Z, you can contact the data protection officer (see point 12).
7.1. GENERAL RULES
As a data “controller” under the EU General Data Protection Regulation (GDPR), we take all measures to preserve the security and confidentiality of data, and in particular to prevent data from being distorted, damaged or unauthorised third parties having access to data.
We have deployed a robust security system to ensure the highest security of data collected and to detect data breaches.
When using sub-contractors, we ensure their compliance with data protection laws.
7.2. RULES APPLICABLE TO BANK DATA, CREDIT CARDS AND DEBIT CARDS
To ensure payment security, we use the services of a payment service provider, Stripe, that is certified by the Payment Card Industry in relation to data security (PCI-DSS). This standard is an international security standard whose objectives are to ensure the confidentiality and integrity of cardholder data, and therefore secure the protection of card and transaction data.
When you place an order for payment by debit card with us, our order taking system connects in real time with the Stripe system which collects your data and carries out various checks to avoid abuse and fraud. The data is stored on Stripe servers and is not transmitted to us or our servers at any time. Stripe requests authorisation from your bank and sends us a transaction number that allows transactions up to the amount of the authorisation.
So that you do not have to enter your details every time you place an order, you can choose, by ticking the box provided, to have your credit and debit cards associated with your online account saved and stored securely by Stripe. You can consult the list of your saved cards (in hidden mode), but also delete all or part of its content, in the “Payment Methods” section of the “My Purchases” section under “My Account”. In this case, your deleted cards will no longer appear in your online account or in future orders.
In order to be able to debit your account during invoicing or to credit it following a return, Stripe keeps the bank data associated with the authorisation number only as long as it is needed to process the payment transaction (payment after ordering the goods) and to handle any subsequent claim (returns, disputes).
If you have made the choice to save your credit or debit cards, they will be automatically deactivated when the card expires.
7.3. FIGHT AGAINST ONLINE FRAUD
In order to secure payments and deliveries and ensure an optimal quality of service, the personal data collected on the site are also processed by A N Z to determine the level of fraud risk associated with each order and, if necessary, to help adapt the conditions of execution thereof.
A N Z offers you the option to use social networks to improve our commercial relationship and offer you targeted advertising offers through these networks.
If you use social networks to communicate and interact with us (including Facebook Messenger, Facebook Connect, and the Facebook, Instagram or Twitter “share” buttons) it is likely that this will involve a data exchange between A N Z and the social network.
For example, if you are connected to Facebook on your computer and you visit a page of the A N Z site, Facebook is likely to collect this information. Likewise, if you click on the “tweet” button on a A N Z site page, Twitter will collect this information.
We recommend that you consult the personal data management policies of the various social networks you use to know the personal data that may be transmitted and what it will be used for.
In accordance with the general terms and conditions, the user must be 16 years old or more to create an account on A N Z website and make purchases.
When creating an account, the user has the option to communicate the data of his children. The user may transmit data concerning minors under the age 16 to A N Z. He ensures that he is the holder of parental authority and expressly agrees to transmit theses personal data of a minor to A N Z.
We use your contact details to send you targeted advertisements by email, post, mobile notification, on social networks or third-party websites. We will comply with the rules applicable to each channel.
10.2. ELECTRONIC MARKETING (BY EMAIL, SMS & PHONE)
The Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 permit electronic marketing (email, SMS, phone) to existing customers for similar products and services without consent as long as the customer is given an easy means to opt-out on each occasion, e.g. by clicking an “unsubscribe” link.
Otherwise, your consent is required before we can market to you by electronic means. We seek your consent at various points, e.g. when creating a new account online or online banners asking if you would like to sign up to our newsletters by email.
You are asked to consent to the following:
A N Z will not send you personalised requests by email or text message if you have not consented to such unless we are allowed to do so under the Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002.
In all cases, you can opt-out of marketing at any time as follows:
10.3. MARKETING BY POST
We have a legitimate interest in sending you marketing materials by post but we will not do so if you tell us that you do not want to receive marketing materials in this way. You can opt-out of marketing by post at any time by going to the My Account section of our website, by speaking with a customer services adviser or by writing to us at the address in the previous section. Please note that, if you have been pre-selected to receive a marketing publication by post before you opt-out, then you may still receive that publication. It can take a few weeks for an opt-out request to be effective.
10.4. EMAIL RETARGETING
After browsing our site, you may receive an email even though you have not provided your email address to us. How is this possible?
We, like many other retailers, use the services of companies that identify internet users who have already visited our website and send them personalised emails.
Who collected my email address?
This processing involves commercial partners who have already collected your email address from other sources, as well as your consent to authorise the sending of advertising.
When using our online services, information relating to the navigation of your device (computer, tablet, smartphone, etc.), may be recorded in “cookies” files placed on your device, subject to any choices you have expressed about cookies. You can set your browser settings to reject cookies but please bear in mind that, if you do this, certain personalised features of our site cannot be provided to you.
11.1 WHAT IS A COOKIE?
A cookie is a small text file saved by the browser of your computer, tablet or smartphone which keeps limited user data to facilitate browsing and allow certain features, e.g. online shopping baskets and personal recommendations based on what you have viewed.
There are two types of cookies:
11.2 WHY ARE COOKIES, TAGS & TRACKERS USED?
Cookies that we use on our site and mobile applications (apps) allow us:
11.3 HOW TO CONFIGURE COOKIES, TAGS AND TRACKERS?
A N Z collects your prior consent to the use of advertising, audience measurement and social network sharing cookies in accordance with data protection law.
At any time, you can express and modify your wishes in terms of cookies, by the means described below.
You can set your web browsing software so that cookies are saved in your device or, on the contrary, are blocked ‒ either systematically or depending on their source. You may also configure your web browsing software so that you are prompted each time to allow or block cookies before a cookie can be saved to your device.
How do you implement your preference based on the browser you use?
To manage cookies and your preferences, each browser is configured in a different way. It is described in your browser’s help menu, which will explain to you how to modify your cookies preferences.
For Internet Explorer™: http://windows.microsoft.com/en-EN/windows-vista/Block-or-allow-cookies ,
For Firefox™: http://support.mozilla.org/en/kb/ ,
For Android: https://support.google.com/chrome/topic/3434352
You have the option to object to the storing of cookies by visiting the website
12.1. WHAT ARE THEIR DUTIES?
The role of the data protection officer (DPO) within A N Z is to ensure compliance with the regulations and rules described in this document. Our DPO is based in France and leads a privacy team with representatives in each country.
Our DPO is responsible for establishing a record of processing of personal data in each country and ensuring compliance of such processing with the data protection law.
Our DPO ensures the awareness of teams and is responsible for managing responses to customers that exercise the rights set out in section 5 above.
12.2. HOW CAN I CONTACT THE DATA PROTECTION OFFICER?
You can contact the data protection officer at email@example.com
You can find out more about data protection and your rights via your supervisory authority’s website: