EU Privacy & Cookie Policy
PRIVACY POLICY OF CITIZEN OF HUMANITY EUROPE S.R.L.
Privacy Notice Abstract pursuant to artt. 13 and 26 GDPR
This page describes how Citizen of Humanity Europe S.r.l. and Citizens of Humanity, LLC (“Citizen of Humanity”, “Us”, “Company” or “Joint Data Controllers”) manage its website and its platform, in relation to the processing of personal data (“Data” or “Personal Data”) of those users consulting our website (“Site” or “website”) and our e-commerce platform (“Platform”) to whom apply the provisions set forth by Personal Data set out in Regulation (EU) 2016/679 (“Regulation” or “GDPR”), as well as Directive 2002/58/EC (“ePrivacy Directive”). This information is provided only for this Site and Platform and not for other websites that the user may consult.
JOINT DATA CONTROLLER
Citizens of Humanity Europe S.r.l. with registered office at Via Savona, 97, 20144 Milano (MI) and Citizens of Humanity, LLC, with its principal offices at 5715 Bickett Street, Huntington Park, CA 90255 act as joint controller pursuant to art. 26 GDPR.
REPRESENTATIVE OF THE EXTRA EEA DATA CONTROLLER
Citizens of Humanity Europe S.r.l. acts also as a representative of Citizens of Humanity, LLC, pursuant to art. 27 GDPR. For any information related to the processing of personal data in the European Economic Area (“EEA”), you can refer to Citizens of Humanity Europe S.r.l. and send your data protection request.
HOW DO WE COLLECT AND USE YOUR PERSONAL DATA?
This Site and the Platform acquire Personal Data as part of their normal operation, the transmission of which is an integral part of Internet communication protocols. This Data, depending on the way you interact with the Site and the Platform, may include: profile information, contact information, browsing preferences and interests, and information on your location.
- Data collected by browsing the Website and the Platform
The Website could automatically allow the identification of the user through its browsing by collecting some personal information such as IP addresses or domain names of computers used by users who connect to the site, the URI (Uniform Resource Identifier) of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, a numerical code indicating the status of the response from the web server ( success, error, etc..) and other relevant data on the operating system and computer environment related to the user.
These data are used only to obtain anonymous statistical information on the use of the Website and the Platform and to check its proper functioning.
Data could be used to verify responsibility in case computer crimes are committed damaging the Website and our e-commerce Platform or at the request of the authorities.
- Data voluntarily provided by the user
Sending e-mails to the addresses indicated on this website, creating a personal profile, having an order on the e-commerce Platform, subscribing to the newsletter or filling in forms on the website entails the acquisition of Personal Data provided by the user.
PURPOSES OF DATA PROCESSING
We use Personal Data collected for many purposes such as (for example): for allowing the management of requests made to the Company through the website, process orders that users place through the e-commerce Platform, sending you newsletters and commercial information about our products, analyzing how to improve our Website and user experience.
WHO DO WE SHARE YOUR INFORMATION WITH?
We may share information:
- With Citizen of Humanity's staff involved in the management of the services;
- with third parties in order to fulfil users’ requests (such as, for example, the following:
- Third party providers of the newsletter service and other communications with users via email who register to receive communications from us via our website(s)
- Shopify and associated service providers for the e-commerce Platform, including those who facilitate order entry, calculation and collection of payments in your currency, shipment of orders, communications regarding orders and processing of returns
- Third party providers who support us and our website and social media channels, including by customizing content for us and communicating with users regarding our use of user-provided content
- Third party providers who administer our loyalty program, gift card program, wish lists and our “back in stock” notification system
- Third party providers who integrate our content and product catalogues to improve visibility on third party applications such as Google, Facebook, Instagram and Pinterest and
- Third party providers who collect data about visitors to our website, social media channels and our customers for our internal analysis.
For details about the extra EEA data transfer activities, please refer to the abstract of our data transfer agreement with Citizens of Humanity, LLC and the Standard Contractual Clauses (“SCCs”) attached, which can be found at this link.
For more information, please consult our list of Personal Data recipients at Tab 1 (Personal Data Recipients.).
WHICH ARE THE USER'S RIGHTS?
All users, in their capacity as data subjects, have the right at any time to obtain evidence of the existence or otherwise of personal data processed and to know the content and origin, verify its accuracy or request its integration, updating, rectification (Articles 15 and 16 of the Regulation).
Pursuant to articles 17, 18 and 21 of the Regulation, each user has the right to request the erasure, limitation of processing, transformation into anonymous form or blocking of data processed unlawfully, and to oppose in any case, for legitimate reasons, their processing. As data subjects, users also have the right to lodge a complaint with the Data Protection Authority.
For more information on the rights and how to exercise them, we invite our users to read our Privacy Policy Privacy Policy
in its extended version below.DO YOU HAVE QUESTIONS ABOUT OUR PRIVACY POLICY?
If you have any questions about our Privacy Policy, please contact us at: privacy-eu@citizensofhumanity.com
Before you access or use our Website and our Platform, please ensure that you have read and understood our practices on the collection, processing, storage, use and disclosure of your personal information as described in this Privacy Policy.
Tab 1 - LIST OF PERSONAL DATA RECIPIENTS
This page describes how Citizen of Humanity Europe S.r.l. and Citizens of Humanity, LLC (“Citizen of Humanity”, “Us”, “Company” or “Joint Data Controllers”) manage its website and its platform, in relation to the processing of personal data (“Data” or “Personal Data”) of those users consulting our website (“Site” or “website”) and our e-commerce platform (“Platform”) to whom apply the provisions set forth by Personal Data set out in Regulation (EU) 2016/679 (“Regulation” or “GDPR”), as well as Directive 2002/58/EC (“ePrivacy Directive”). This information is provided only for this Site and Platform and not for other websites that the user may consult.
Citizen of Humanity Europe S.r.l. acts as a joint controller with Citizens of Humanity LLC for some of our data processing activities, which are described in more detail below in section 7 and that are listed in detail in Table 1 (Personal Data Recipients). An abstract of the joint controllership agreement signed by the parties is available on request.
Citizens of Humanity Europe S.r.l. acts as a representative of Citizens of Humanity, LLC, pursuant to art. 27 GDPR. For any information related to the processing of personal data in the European Economic Area (“EEA”).
Through the Website and the e-commerce Platform, we collect and process Personal Data in different ways:
- Personal Information Voluntarily Provided by the User: We collect Personal Information about users when they actively provide it, such as when they have a log in to our Site and when they register for a feature (such as a wish list or “back in stock”), create a personal account on our Website and or register for a special account (such registering for a loyalty program).
- Personal data collected through the use of the Website and the Platform: we automatically collect certain personal information during the navigation and use of our Website and the Platform.
- Contact and Profile Information: personal information, such as name and surname, e-mail address, when registering on our website, subscribing to our mailing list or creating a personal area, such as a wish list;
- Information about your method of payment and your credit card: in order to allow the user to purchase our products on our e-commerce Platform, we may process Personal Data and payment information. This information is not stored directly by us but will be processed by our provider Shopify.
- Information about preferences and interests: preferences set for notifications, marketing communications and for displaying our Website and our Platform.
- Social Profiles: when you register on our Website via social media or when you interact with the Website via social media, we may receive information from your personal social media account and any other information that you allow social media to share with third parties.
- Location data: we may approximate the location of the user based on the user’s IP Address;
- Information related to purchased product, time and date of purchase, IP address and location.
When the user uses our Website or our Platform, or accesses our newsletters, or otherwise interacts with us via a computer or mobile device, we and our third party providers may automatically collect information on how the user accesses and uses the Website, as well as information about the device the user uses to access the Site. We use this information to improve and customize your experience, to track and improve our Website, and for other in-house purposes. In general, we collect this information through a variety of tracking technologies, including cookies, pixels, web beacons, embedded scripts, location identification technologies and similar technologies (collectively, “tracking technologies”).
The user can agree to and refuse these technologies by changing the privacy preferences settings of the user’s browser's profile settings.
The information we automatically collect may be combined with other personal information we collect directly from the user.
The information we may collect automatically are:
- information related to the website use (e.g. which website the user comes from, how many times the user clicked on an object);
- Personal Data has relating to the interactions of the user with our marketing communications (e.g., whether or not the user opens it, whether or not the user clicks);
- Information on devices used to access and interact with the Website (e.g., this allows us to know if the user uses a computer, a tablet or a smartphone, the screen resolution, the operating system, the Wi-Fi connection, the Internet browser and the IP address, information on the server log files);
- Analytical information: we may collect analytical data, or use third party analysis tools, to help us to measure traffic and Website and Platform use trends, and to better understand the demographic characteristics and behaviors of our users.
We do not collect or process the following personal information about our users:
- racial or ethnic origin;
- political opinions;
- religion or philosophical beliefs;
- health or medical conditions;
- criminal background;
- union membership;
- genetic or biometric data;
- life or sexual orientation.
Please do not send us, or disclose, any of the above personal information through the Site or the Platform or directly to our contacts.
We also remind our users that we do not process Personal Data of minors.
Please note that to open an account you should be at least 16 years old.
Personal Data are processed for:
- Answering questions and processing user requests
To answer any inquiries, complaints, and suggestions regarding our Website and our Platform which the user submits using the contact details provided by the Company on the Website.
Legal basis of the processing: our legitimate interests in managing, in an appropriate and timely manner, users' requests, complaints and recommendations regarding the Site and the Platform.
- To allow the registration request to the Site
To allow users to register and create a personal profile on the Site and to use the e-commerce Platform.
By accessing our Site and our Platform, in the section dedicated to registration, users will be able to fill in the form for the creation of their profile.
At the time of registration, the following data will be requested:
- first and last name;
- e-mail address;
- password
At the time of log in, the following data will be requested:
- e-mail address;
- password
To access your personal profile, Citizen of Humanity requires you to enter your username and a strong password that shall be alphanumeric with a length of at least 8 characters with upper and lower case and symbols.
Legal basis of processing: the use of services provided by the Controllers.
- Administering the e-commerce service
We may process our users' Personal Data to allow them to use our e-commerce Platform and purchase the Company's products and allow us to communicate with purchasers. Please note that Citizens of Humanity does not store credit card and payment information, but the Data Controller uses the service offered by Shopify.
For more information on the data processing carried out by Shopify, we invite users to visit the Shopify's website and consult its privacy policy.
Legal basis of processing: the execution of the purchase order related to the product selected by the user.
- Ensuring the technical operation of the Site and the Platform
We collect and use Personal Data of our users to technically administer the Site and the Platform and to ensure that they function properly.
Legal basis of processing: our legitimate interests in ensuring the proper functioning of the Site and the Platform from a technical/IT point of view.
- Using the “gift card” service
The Company offers functionalities or services that require the processing of Personal Data of third parties that the user must provide us with, such as in the case of activating and sending a Gift Card or managing the request for a Gift Voucher.
We would like to remind the user that the communication of Personal Data of third parties are subject to privacy regulations and - for this reason - we would like to clarify that we will provide your contact with the necessary information on the processing of your Personal Data, at the time of the first contact, in compliance with the provisions of art. 14 GDPR. The recipient's Contact Data will be processed and stored as part of the Service/Product Purchase Order Data.
Legal basis of processing: Fulfilment and execution of the purchase or service contract concluded with us.
- Informing users about changes to the terms and conditions of the website and providing this Privacy Policy
In order to promptly inform our users about changes or updates to our terms and conditions of use of the Site and Platform and to provide this Privacy Policy.
Legal basis of the processing: our legitimate interest in informing the user in advance of these changes.
- Compliance with legal obligations
In order to comply with our legal obligations, orders from government authorities which may also include measures from government authorities outside your country, if we reasonably believe we are required to do so and if the disclosure of user’s Personal Data is strictly necessary to comply with such legal obligations or government orders.
Legal basis for processing: compliance with our legal obligations.
- Marketing communications
To submit or to allow our IT service providers to submit our email marketing communications to the Company users. Marketing communications inform the user exclusively about products, services and new activities promoted by Citizen of Humanity.
Legal basis of the processing: the prior explicit consent of our users.
Please note that users can always opt out of receiving marketing communications even if they have already given their consent, simply by unsubscribing from the newsletter service or by notifying us by email.
If the user is already a customer of Citizen of Humanity, we may contact the user via e-mail to provide information about similar product to the one the user has already bought and to keep the user updated on the latest news promoted by the Company.
Legal basis of the processing: our legitimate interest in Citizen of Humanity's direct marketing and services.
Users have the option to opt out of this specific direct marketing processing at any time by sending an email and/or using the contact information listed in this Privacy Policy.
- Profiling activities
We collect Personal Data from users who visit the Site and the Platform in order to better understand their tastes and preferences and to better orient our offerings based on user behavior.
Legal basis of the processing: the prior explicit consent of our users.
Please note that users can always opt out of this type of processing even if they have already given their consent, simply by notifying us by email.
- Data analysis to obtain trends and improve the Site and the Platform
We collect Personal Data from users to carry out analyses on trends and consumption patterns. This helps us to know better the users of the Site and the Platform and allows us to adapt our Site and e-commerce Platform to the preferences identified by the users and, more generally, to the services.
Legal basis of the processing: by staying and browsing on our Website and using our Platform, the user allows us to get to know the user better, to improve our offer and to make the user’s experience more immediate and easier.
- Fraud protection
We will use information about fraudulent or criminal activities related to the use of our services for the purpose of detecting and preventing any fraud or abuse.
Legal basis of the processing: our legitimate interests in protecting our organization from fraudulent activities.
- Protection of our legitimate and legal interests
In order to enforce, in accordance with applicable law, our contractual terms and conditions, to protect our business operations, to protect our rights, privacy, safety or property, and to enable us to pursue available legal remedies or limit any damages that may be awarded against us.
Legal basis of the processing: our legitimate interests in protecting our organization, in accordance with current regulatory requirements.
The Personal Data of users of the Site and the Platform may be communicated to our staff, for the purposes of providing the service and responding to requests received from users.
As Citizens of Humanity, LLC is located outside the European Economic Area (“extra EEA”), in the United States, Citizens of Humanity Europe S.r.l. has signed Standard Contractual Clauses (“SCCs”), pursuant to art. 46 GDPR, to manage the data transfer and to ensure the security of its users.
The newsletter is sent via e-mail to those who explicitly consent to its processing for marketing purposes, authorizing Citizen of Humanity to process their Personal Data. For this service, we may use external companies that carry out the activities of commercial communication and sending newsletters.
These companies may also be based out of Europe.
In any case, we ensure our users that our business partners will not directly use or sell your Personal Data to third parties. By subscribing to the Services on the Site, users acknowledge that they allow the Company, through the analysis of the Data made by the service provider, to come into possession of the following information:
- the amount of times the newsletter email is opened;
- number of clicks on links contained in the newsletters;
- no email opening related to the newsletter;
- bounce email related to the newsletter on another email;
- un-subscription;
- complaints;
- possible use of the newsletter through social media;
- number and value of individual user purchases.
We may request the support of professionals, business partners or external companies to provide certain services, such as the technical operation of the Platform or the management of transactions for e-commerce activities. For more information, please consult our list of Personal Data recipients at Tab 1 Personal Data Recipients.
- What are the user’s rights in relation to the processing of Personal Data and how can they be exercised?
Data subjects have the right at any time to obtain confirmation of the existence of personal data and to be informed about the content and origin of such data, to verify its accuracy or to request its integration, updating or rectification (Articles 15 and 16 of GDPR), and in particular:
- Right to access. The right to obtain access to Personal Data as well as to certain related information.
- Right to data portability. The right to receive Personal Data in a common format and to have it transferred to another data controller.
- Right of rectification. The right to obtain rectification of Personal Data without undue delay if Personal Data are inaccurate or incomplete.
Pursuant to articles 17, 18 and 21 of the Regulation, users have the right to request the erasure, limitation of the processing, anonymization or blocking of data processed in breach of the law, as well as to oppose in any case, for legitimate reasons, their processing, and in particular:
- Right to erasure. The right to obtain the erasure of your Personal Data without undue delay in certain circumstances, such as when Personal Data are no longer necessary in relation to the purposes for which they were collected or processed.
- Right to restriction of processing. The right to obtain, in specific circumstances identified by the applicable law, a limitation for Data processing for a certain period of time, for example when you contest the accuracy of Personal Data, as long as to verify the accuracy of such data.
- Right to object. The right to object, on grounds relating to your particular situation, to the processing of your Personal Data, and to object to the processing of your personal data for direct marketing purposes, insofar as this is related to such direct marketing.
Please note that the abovementioned rights, in some cases, are subject by law to certain conditions. For this reason, in the event that the user submits a specific request to us regarding the exercise of one or more of the user’s rights, we will take the necessary time to evaluate the content of the request.
The deadline for responding to the Data Subject is thirty days, extendable up to three months in cases of particular complexity. In this case, we will provide at least one interlocutory communication to the data subject within the thirty-day period.
The exercise of rights is, in principle, free of charge. However, the Company reserves the right to request a fee in the event of manifestly unfounded or excessive requests (including repetitive requests), also in light of any indications that may be provided by the Data Protection Authority.
Rights can be exercised by contacting the Citizens of Humanity Europe at the following addresses:
- e-mail: privacy-eu@citizensofhumanity.com
- phone: +39-0289155284
- legal headquarters - Citizens of Humanity Europe S.r.l., via Savona 97, 20144 Milano (Italia)
We will retain the user's Personal Data for as long as he/she has not requested deletion. For profiling purpose, the data retention period is 12 months from the collection of Data.
The Company undertakes, in accordance with the terms of service indicated on our Website and our Platform Terms and Conditions, to store the Data you have entered and to make it available to you for processing through the tools offered by our services, until you request for the erasure of your Data from our service.
For some of the processing operations mentioned above, we may use business partners, suppliers and distributors located outside the European Union. In these circumstances, we ensure our users that Data transfers outside the EU will be carried out in compliance with the applicable law and, where necessary, by entering into agreements that provide an adequate level of protection and/or by adopting the standard contractual clauses required by the European Commission.
Specifically, Citizen of Humanity Europe S.r.l. transfer user Personal Data to Citizen of Humanity LLC. As mentioned above, the parties have signed specific agreements, which contain appropriate provisions and warranties for the protection of personal data, known as "Standard Contractual Clauses", in compliance with the last provisions of the European Commission.
Whatever the user decides to use our services, whether the user creates a profile, uses our Platform or make a purchase, Citizen of Humanity cares about the security of users’ Data and therefore it takes appropriate technical and organizational security measures to protect Personal information.
We are committed to processing our users’ Data as minimally and as intrusively as possible, using the following security measures:
- the Transport Layer Security (“TLS”) encryption system, allows us to protect the user's personal information and to ensure a certain level of security when the user uses our services.
- The passwords we ask to our users to enter when they log in are required to access the account and help us protect information on the Site. Therefore, we ask the users to enter "strong" passwords with 8 characters, alphanumeric and with upper and lower case letters.
- Standardization comes in two forms, ensuring general formatting standards and canonizing Data. First, the Company capitalizes all Data and removes leading and trailing whitespace. It ensures normalization across all of our Data sources, as raw Data comes in a variety of capitalization models. We also remove any leading or trailing punctuation that we have deemed non-essential.
We take all measures we deem necessary to protect our users' Personal Data from unauthorized access. We attempt to protect our users' Information in accordance with regulatory requirements.
However, no security system is unfailing and we cannot guarantee the security of our systems 100%. In the event that any information under our control is compromised due to a breach of our systems, we will take reasonable steps to investigate the incident and, where appropriate, notify affected users of the breach.
To opt-out the newsletter or to unsubscribe from the website, the user may either click on the unsubscribe link provided in the newsletter or on the website, or may visit your "My Account" section and click on "Edit" or you may just send us an e-mail to privacy-eu@citizensofhumanity.com.
- Processing in case of termination of the Joint Controllership agreement
In case of termination of the joint-controller agreement, each party will be acting as autonomous data controller.
This Privacy Policy is regulated by and shall be construed in accordance with the laws and any other mandatory provisions applicable in the European Union.
The data subject may lodge a complaint with the Data Protection Authority, available at the following website https://www.garanteprivacy.it/.
Last Updated: October 15, 2021
Tab 1 - LIST OF PERSONAL DATA RECIPIENTS
The list of personal data recipients is listed below.
· Klaviyo; · Yotpo, Ltd; · Glow |
|
e-commerce and website suppliers |
· Shopify INC; · Shopify International Ltd; · Avalara; · Back in stock; · Better Reports Technologies; · Edit order by Cleverific; · Facebook by Shopify (Facebook & Instagram Shopping); · Flow checkout / flow connect; · Google by Shopify; · Jetti Limited; · Kiwi Sizing; · Matrixify; · Metafields Editors; · Order Logic; · Pinterest; · Returnly Technologies, Inc; · Ship Station; · Stockist Store Locator - Nitra LLC; · Swym Corporation - Wishlist Plus; · Modd Apps - Xporter Data Export Tool; · Zendesk, Inc.; · FORSBERG+two; · Behold Brand (Only available in US). |
COOKIE POLICY OF CITIZEN OF HUMANITY
- Preamble
The Cookie Policy of Citizen of Humanity Europe S.r.l. (“Cookie Policy”) describes the different types of cookies that are used on the Citizen of Humanity website (“Site”) and the e-commerce platform (“Platform”), which the user can access.
Citizen of Humanity Europe S.r.l. (“Citizen of Humanity”, “We”, “Company” and “Data Controller”) is the Data Controller and it determines the purposes and means of the processing of personal data pursuant to Regulation (EU) 2016/679 (“Regulation” or “GDPR”) and Directive 2002/58/EC (“ePrivacy Directive”).
Joint controllership agreement
We act as a joint controller (“Joint Controller”) with Citizens of Humanity, LLC.
Representative of the extra EEA Data Controller
Citizens of Humanity Europe S.r.l. acts as a representative of Citizens of Humanity, LLC, pursuant to art. 27 GDPR. For any information related to the processing of personal data in the European Economic Area (“EEA”).
What are cookies?
Cookies are small text files that may be used by websites to make the experience more efficient for you.
Cookies allow us to store small amounts of information on your computer or mobile application about your visits to our Site.
Why are we using cookies?
We use cookies for several purposes. Necessary cookies are used in order to ensure the proper functioning of the Site and the Platform.
We may also collect information about your use of the Site anonymously such as: pages visited, time spent, traffic origins, geographic origin, age, gender and interests for the purpose of marketing campaigns. These cookies are sent from third party domains external to our Site.
We may personalize content and ads through the Site and the e-commerce Platform to provide social media features.
How do we use cookies?
We may store cookies on your device if they are strictly necessary for the operation of this Site and the Platform. For all other types of cookies we require your consent.
What types of cookies do we use?
This Site and the Platform use different types of cookies. Some cookies are placed by third-party services that appear on our pages.
At any time, you can change the cookie settings in your browser that allow you to use all features without restrictions when browsing our Site and our Platform. We invite users to read our Privacy Policy located on our Website and which contains all the information about who we are, how we process Personal Data and how the user can contact us.
Please find below the types of cookies we use when you browse our Site and our Platform.
- Necessary cookies
Necessary cookies are used to make the Site and the e-commerce Platform usable by enabling basic functions such as browsing the page and accessing secure areas. The Site cannot work properly without these cookies.
- Preference cookies
Preference cookies allow the Site and the Platform to remember information that affects the way the Site behaves or looks, such as your preferred language or location.
- Statistical cookies
Statistical cookies help us to understand how visitors interact with us by collecting and transmitting information anonymously.
- Marketing cookies
Marketing cookies are used to track visitors to the Site and the Platform. The purpose is to display Ads that are relevant and engaging to the individual user and therefore those of greatest value to third-party publishers and advertisers.
- Unclassified Cookies
Unclassified cookies are cookies that are in the process of being classified, along with individual cookie providers. In order to collect Data and information about the user browsing on this Site and our Platform and track user behavior, the Company uses services offered by Google, Facebook, Pinterest, Flow.io, Riskified.