This policy applies to all data processed by Lovisa Pty Ltd (“Lovisa”).
For the purposes of the General Data Protection Regulations 2016/679 (“GDPR”) in the European Union, Lovisa is both a “data controller” and a “data processor” of personal information that you provide to us.
Lovisa is registered with the UK Information Commissioner’s Office (ICO) under registration number ZA502527.
WHAT PERSONAL INFORMATION DO WE COLLECT?
The information we collect, and process may include but is not limited to the following:
- Your full name and title;
- Contact information such as your residential or mailing address, telephone or mobile number and email address;
- Demographic information such as postcode, preferences and interests;
- Financial billing information that we require to process payment for our products;
- Information about your purchases through our online store including products and prices;
- Your web browser and browsing behaviour;
- Other information relevant to customer surveys and offers.
- Your legal identification document when provided to us when you obtain a piercing in store or when interacting with personal information we have collected.
We do not collect “special categories” of personal data or data of a sensitive nature including race or ethnic origin, health information, philosophical or religious beliefs, sexual preferences or practices, or criminal convictions and records.
Any personal information that you choose to submit or post on our social media pages or other public forums may be read, collect, or used by others who visit these forums. Lovisa accepts no responsibility for the personal data that you choose to submit in these forums.
WHY DO WE COLLECT IT?
We collect your data for several purposes, including but not limited to:
- To improve our understanding of you and your preferences to offer you the best online experience.
- To manage your queries and complaints for products and technical support matters through email, our chat function, telephone and through social media.
- To comply with legal obligations, court findings and decisions from authorities.
- For the purposes of loss prevention management, by ensuring that terms and conditions are being followed and to detect and prevent misuse of our services.
Like many other websites, our website may use ‘cookies’ from time to time.
Your explicit permission to store cookies on your device will be requested upon first use of our website. You can choose to disable cookies on your computer by changing the preferences or options menus in your browser. If you do not accept cookies, however, you will not be able to access your account information or make purchases on our websites.
WHO CAN ACCESS YOUR DATA?
Your details may be shared within Lovisa; however, we do not pass on, sell or swap your data to third parties for the purposes of marketing. Any data that is forwarded to third parties is used only to provide you with our services. Any disclosure of your personal data must be for the primary purpose of providing products or services to you in accordance with the policy, or for another specified lawful purpose.
PROTECTING YOUR INFORMATION
Any personal data collected by Lovisa will be processed fairly, lawfully, and in a transparent manner. “Processing” includes, but is not limited to, collection, storage, transfer, dissemination or erasure of personal information. Lovisa takes appropriate technical and organisational measures against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
In instances where personal data is collected inside the European Economic Area (“EEA”) and transferred to countries without adequacy decisions from the European Commission, Lovisa will only transfer this personal data in accordance with its binding corporate rules relating to data transfers outside the EEA.
However, to the extent that the Internet is not completely secure, we cannot guarantee that any of your personal information stored or sent to us will be completely safe. We encourage you to use caution when using internet to access our web sites, apps or social media.
HOW WE SECURE YOUR DATA
We have an obligation to ensure that your personal information is protected from unauthorised processing, accidental disclosure, access, loss, destruction or alteration. Accordingly, we have a range of technical security measures and procedures in place to ensure that your personal information is protected appropriately. These include but are not limited to:
- Restricting access to information systems through access control measures and authentication techniques;
- Encrypting sensitive data while at rest and in transmission;
- Providing information security training to internal employees;
- Binding employees and contractors to information security policies.
Your personal information will be kept in an anonymous form for a period no longer than is reasonably required for Lovisa to achieve the purpose of the data.
Data collected which is defined under the “what information do we collect” section will be stored:
- For three 3 years since our last contact
- For the duration of your commercial relationship with Lovisa and 10 years thereafter, if You are a client i.e. you have made a purchase of our products or services.
Your personal data will then be archived to be used in the event of a litigation or dispute for the statute of limitation term applicable to the related purpose. If a judicial action is initiated, the personal information may be stored until the end of such action, including any potential periods for appeal, and will then be deleted or archived as permitted by applicable law.
Your personal data are then anonymized or deleted.
WHAT ARE YOUR RIGHTS?
Right to access
You have the right to request information on the personal data that Lovisa holds about you. You are entitled to know what personal information we are processing, why we have processed it, and whether we have shared your personal information. You may exercise your right to request access and to obtain copies of any personal data we have collected from you, and request that your personal data be provided to you in a format that can be easily read.
You can contact our Data Protection Officer using the contact details in the contact section of this policy and we will provide you with your personal data via email.
Right to erasure
You have the right to erase any personal data processed by Lovisa at any time except for in the following situations:
- You have an ongoing matter with our customer service team;
- You have an open order which has not yet been shipped;
- You are suspected of misusing, or have misused, our services within the last four years;
- You are suspected of a crime, and the personal data that Lovisa holds is to be used as evidence in connection with that crime.
Right to object
You have the right to object to the processing of your personal data that is done based on Lovisa’s legitimate interests. Lovisa will not continue to process the personal data unless we can demonstrate a legitimate ground which overrides your interest and rights, or due to legal claims.
You also have the right to object to direct marketing. You can opt out from Lovisa’s direct marketing by following the instructions contained in each marketing email.
Right to restriction
In limited circumstances, you have the right to request that Lovisa restricts the processing of your personal data. These circumstances include:
- If you object to a processing based on Lovisa’s legitimate interest, in which case Lovisa shall restrict all processing the data pending the verification of the legitimate interest;
- If your personal data is incorrect, in which case Lovisa will restrict the processing of your data pending verification of the accuracy of your data;
- If the processing is unlawful, in which case you can request restriction of your personal data as opposed to deletion;
- If Lovisa no longer requires your personal data but it is required by you to defend legal claims.
In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data, Lovisa will assess the risk to your rights and freedoms and if appropriate report this breach to the relevant authorities.
Lovisa Pty Ltd
Level 1, 818 Glenferrie Road Hawthorn, Victoria 3122 Australia