“Personal data” (under Art. 3, para. (3) of the DPA 2018) means any information relating to an identified or living individual (i.e. a living individual who can be identified, directly or indirectly, in particular by reference to (a)an identifier such as a name, an identification number, location data or an online identifier, or(b)one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the individual.
Natural persons can be associated with online identifiers produced by devices, applications, instruments and protocols used, such as IP addresses, temporary markers (cookies) or other types of identifiers, such as radio frequency identification tags. Such identifiers can leave traces that, particularly if combined with unique identifiers and other information received from the servers, can be used to create profiles of natural persons and identify them.
“Controller” (under Art. 3, para. 6 of the DPA 2018) means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. When personal data is processed only for the purpose and means for which it is required by legislation to be processed, the person who has the obligation under than legislation to process the data is the controller.
“Processing" (under Art. 3, para. 4 of the DPA 2018), means in relation to information, means an operation or set of operations which is performed on information, or on sets of information, such as (a)collection, recording, organisation, structuring or storage; (b)adaptation or alteration; (c)retrieval, consultation or use; (d)disclosure by transmission, dissemination or otherwise making available; (e)alignment or combination, or (f)restriction, erasure or destruction.
Who is the controller and where can I contact the controller?
This website is managed by Au Depart Holdings (UK) Limited, a private company limited by shares registered in England and Wales (company number 10588034, VAT number: GB405-2996-89), which is the controller. Company name: Au Depart Holdings (UK) Limited, Registered office address: 5, New Street Square, London, United Kingdom EC4A 3TW E-mail address: email@example.com
Contact information for the data protection officer (DPO)
E-mail address: firstname.lastname@example.org
During navigation and for the purchase of products on the site Audepart.com (hereinafter, the “Site”), Au Depart collects and processes the following personal data: • personal data necessary to conclude and carry out the purchase on the site, such as first and last name, e-mail address, shipping address, invoicing address, telephone and payment information; • e-mail address to subscribe to the newsletter service; • personal data provided for contact with Customer Service to provide the requested assistance; • personal data for commercial communications; • to register the Account, first and last name, e-mail address, password, gender and age/date of birth are collected. In addition, for registered users, information about access to the reserved area of the Site is collected. With express consent, by analysing personal data we can prepare information about a specific user’s interests and preferences regarding our products and services, to present proposals and offers that reflect the user’s tastes; • information about a user’s internet protocol (IP) address, details of login activities, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices used by the user to access our website, and • information about navigation on the site, such as the pages visited and how a user interacted with individual pages, saving this information on Au Depart’s servers. Our site is not intended for minors and Au Depart does not process personal data relating to minors. As stated in our General Terms and Conditions, by accessing to the Site and using the services offered by Au Depart, the user is deemed to be 18 years or older.
Purposes of the processing
Au Depart processes the data subject’s personal data using electronic and potentially hard-copy tools for the purposes described in the following table, which, for each of the purposes listed, specifies the legal basis, the categories of personal data, and the relevant retention period:
|Purposes of the processing the personal data will undergo||Legal basis for the processing||Categories of personal data subject to processing||Retention period of the personal data|
|Concluding and carrying out the contract to purchase the products||Performance of a contract||Identifying personal data||Until administrative and accounting processes are completed and for an additional 10-year period|
|Registration on the website and using the services offered to registered users||Performance of a contract||Identifying personal data||Until a request is received to cancel the account|
|Providing the services offered on the website||Performance of a contract||Identifying personal data||Until the service is terminated or a request is received to cancel registration to the service|
|Managing requests to Customer Service||Performance of a contract/ Consent||Identifying personal data||Until the request has been satisfied|
|Sending a CV and evaluating an applicant for an open position||Consent||Identifying personal data and particular data about health status||Until the 12 months|
|Statistical analyses and surveys to improve the products and services offered||Consent||Identifying personal data||Until the user unsubscribes from the service or asks that that activity be suspended|
|Sending commercial communications after a product is purchased||Consent||Identifying personal data||Until the service is terminated or the user objects by unsubscribing|
|Communications of a commercial nature about products and services (innovations, new arrivals, exclusives, offers and promotions) and to perform market research and customer satisfaction surveys to improve services and relations with users||Consent||Identifying personal data||Until the user unsubscribes from the service or asks that that activity be suspended and, in any event, within two years|
|Personalising registered users’ experience on the website, sending previews and offers reflecting users’ tastes and sending commercial communications that are personalised to users’ interests||Consent||Identifying personal data||Until the consent given for that activity is revoked or that activity is terminated, and, in any event, within 12 months|
|Improving the purchase experience (locating the closest store, using a camera to enter credit card data)||Consent||Identifying personal data and data about geographic location||Until the service is terminated or consent given is revoked|
Disclosure and dissemination of data
In relation to the purposes indicated, personal data may be shared for business purposes with companies in the AU DEPART group and with shipping companies (“shippers”) in order to carry out the contract to purchase products. Transfer of data to non-EU countries Au Depart may share personal data collected from users to third party data processors located in countries outside of the European Economic Area in connection with the above-mentioned purposes. Please be aware that countries which are outside the European Economic Area may not offer the same level of data protection as the United Kingdom, but in the event we transfer personal data to one of these locations we will take steps to ensure that your data and rights are protected by approved methods within the relevant Data Protection laws. Please contact us if you would like further information about how we protect your transferred information.
Rights of the data subject
In relation to the personal data covered by this disclosure, the data subject is entitled to exercise the rights provided by the applicable laws and listed below:
- the data subject’s right of access (consisting of the right to be informed of processing performed on his/her personal data and to obtain a copy thereof);
- right to rectify his/her personal data (the data subject has the right to obtain rectification of inaccurate personal data concerning him/her);
- right to obtain erasure of his/her personal data without undue delay (the data subject has the right to the erasure of his/her data);
- right to request the cessation of direct marketing messages or email alerts which user can go through their accounts on our website;
- right (in certain circumstances) to restrict processing/collecting of his/her personal data, in cases permitted by current law, including where the processing is unlawful, or the data subject contests the accuracy of the personal data;
- right to data portability (the data subject may request to receive his/her personal data in a structured format in order to transmit them to another controller, in the situations set forth in that Article);
- right to object to the processing of his/her personal data ; and
- right to complain to your data protection regulator (i.e., the Information Commissioner’s Office in the United-Kingdom)
- right in relation to automated decision making which has a legal effect or otherwise significantly affect the data subject (to allow the data subject in certain circumstances to access certain safeguards against the risk that a potentially damaging decision is taken solely without human intervention) , The above rights can be exercised by sending an e-mail to Au Depart at the following address: email@example.com Au Depart has one month to respond to said e-mail. If the data subject believes his/her rights have been compromised,
- for the UK residents: he/she has the right to lodge a complaint with the Information Commissioner’s Office ( https://ico.org.uk/)
- for ROI residents: he/she has the right to lodge a complaint with the Data Protection Commission (https://www.dataprotection.ie/)
Automated decision-making process
Au Depart may in some case use automated decision-making processes, including profiling, which produces legal effects concerning the user or similarly significantly affects him/her, only subject to the following circumstances:
- it is necessary for entering into, or performing, a contract between the data subject and a data controller;
- it is authorised by the applicable law to which the controller is subject; or
- it is based on the data subject's explicit consent.
The personal data will be processed in hard-copy, computerised and electronic form and entered in the relevant databases (potential customers, customers, users, etc.) which can be accessed, and thus learned of, by employees expressly designated by the controller as data processors or persons authorised to process personal data, who may consult, use, process, align and perform other appropriate operations, which may be automated, in accordance with laws necessary to safeguard, among other things, the confidentiality and security of the data, as well as their accuracy, updating and relevance to the stated purposes.
Changes and updates