LILOU ONLINE SHOP PRIVACY POLICY

1. Introduction

The US section of the lilouparis.com website (the “Website”) is owned and operated by Lilou Online Shop Sp. z o.o. sp.k., ul. Filtrowa 50, 02-032 Warsaw, Poland (“Lilou”).

Lilou is a ‘data controller’ with responsibility for deciding how we hold and use personal information. We are required under data protection laws to notify you of the information contained in this policy.

This notice is intended to inform you of the types of data we process about you; the reasons for processing your data, the lawful basis that permits us to process it, how long we keep your data for and your rights regarding your data.

This notice applies to visitors to the Website who use the Website (“Website Users”) and clients who do business with Lilou.

We will not seek or knowingly collect information from anyone under the age of 13. If you are under 13, please do not submit any personal information via this Website.

If you have any questions about this policy or how we handle personal information, please contact our Compliance Officer for Data Protection (“DPO”), by email at customer@lilouparis.com, or by postal mail at the following address: Compliance Officer for Data Protection, Lilou Online Shop Sp. z o.o. sp.k.,
ul. Józefa Lewartowskiego 6, 00-190 Warsaw, Poland.

2. The type of data that we hold about Website Users

Personal data, means any information about an individual from which that person can be identified.

We may collect, store and use some or all of the following categories of personal information about Website Users and clients, to the extent that it is provided by interacting with the Website or Lilou. Please note that not all of the categories will apply to you.

Name, title, address, telephone numbers, email addresses, PayPal account details, payment details, marketing preferences, favorite items, domain name, IP address, and browser type.

We collect personal information directly from clients, as part of our normal operating practice. We collect personal information from Website Users automatically, or when provided by the Website User.

Personal data is kept in files or within Lilou’s IT systems. Personal data may be stored on cloud servers under Lilou’s control.

We do not collect, store or use any “special categories” of more sensitive personal information as defined in the GDPR.

3. How we use your personal data

We may use personal information for any lawful bases, including:

a. Where we have obtained freely given, specific, informed and unambiguous consent from you to use your personal information in certain ways, for example in marketing communications or email delivery of newsletters or special offers.

b. Where we need to process an order or perform a contract.

c. Where we need to comply with a legal obligation.

d. Where we need to use personal information to pursue our legitimate interests (or those of a third party) and we believe that using personal information in that way is not overridden by the interests or fundamental rights of the person to whom the information relates.

e. Where the data is an asset of the company in connection with a merger or sale involving all or part of our business.

Below, we have set out why we use your personal data and the lawful bases which are relevant to those purposes.

We may use your personal data to fulfil orders and service requests for clients; to communicate with you in the course of doing business with you; to provide and improve our products and services; send announcements, marketing materials, special offers or other communications; complete and manage your transactions; process your requests; or otherwise administer our business. The lawful basis for this use of personal information is your consent, and to provide our goods and services to clients, and to pursue our legitimate interests in creating and maintaining relationships with you. Providing personal data by clients is voluntary, but failure to consent to the processing of personal data may prevent a client from making purchases or using services electronically.

We may use your personal data for marketing purposes, includes contacting you with relevant newsletters, bulletins and other information about our goods and services, and inviting you to events. The lawful basis for this use of personal information is your consent, and our legitimate interest in ensuring that our clients are informed about our goods and services. You have the right to withdraw this consent or amend your marketing preferences at any time by contacting customer@lilouparis.com.

We may use your personal information for monitoring and analyzing our Website usage, for IT security and to ensure compliance with our IT and communications policies. The lawful basis for this use is our legitimate interests in managing and securing our information and systems.

4. If you fail to provide personal information

If you fail to provide certain personal information when we request it, Lilou may not be able to fulfil orders for goods or services, or to contact you with relevant newsletters, bulletins and other information about our goods and services.

5. Data security

We have reasonable data security measures to protect your personal information from being lost, altered, disclosed, or used or accessed by unauthorized persons. We limit access to your personal information to those people who have a business need to know. In the event of a breach of data security, we will comply with all applicable rules and regulations, and when legally required, we will inform the individual whose data was subject to breach.

6. Data retention

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for. Personal information of clients may be held by us for an indefinite period to enable Lilou to fulfil client needs, and for marketing purposes. Personal information of Website Users may be held by us for an indefinite period, for monitoring and analyzing our Website usage, for IT security and to ensure compliance with our IT and communications policies. Client-submitted content for engraving purposes will be retained for two years and discarded thereafter.

Where you have chosen to unsubscribe from marketing communications, we will retain your contact details to ensure that you are not sent any further communications. This information will be held indefinitely.

7. Automated decision making

Automated decision-making means making a decision about you using no human involvement e.g. using profiles, algorithms, or computerized filtering equipment. No decision which has a significant impact on you will be made about you solely on the basis of automated decision making.

8. Changes to your data

If your personal information changes, please contact our DPO.

10. Your rights

By law you may have the right to:

a) be informed about the data we hold on you and what we do with it;

b) access to the data we hold on you. You can request access to the data we hold on you at any time, by contacting our DPO.

c) any inaccuracies in the data we hold on you, however they come to light, to be corrected. This is also known as ‘rectification’;

d) have data deleted in certain circumstances. This is also known as ‘erasure’;

e) restrict the processing of the data;

f) transfer the data we hold on you to another party. This is also known as ‘portability’;

g) object to the inclusion of any information;

h) regulate any automated decision-making and profiling of personal data.

If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, request that we transfer a copy of your personal information to another party or request the reconsideration of an automated decision, please contact our DPO.

You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

Where you have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact our DPO. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to.

11. Making a complaint

If you have any concerns over how we use your data, please contact our DPO.

12. Cookies Policy

Cookies are data we store on the device that you use to access the Site. By using the Site, you expressly consent to the use of cookies as described here.

We may use different types of cookies from time to time. The Site may use both first-party cookies (which are set by the Site being visited) and third-party cookies (which are set by a server located outside the Site domain). Certain cookies, specifically authenticating cookies which identify who you are during a session, are necessary for the Site to operate correctly. We may set cookies to enable functionality, such as storing preferences, to improve your experience of using the Site. We may set social media cookies to collect information about social media usage, advertising, analytics and market research. We may set analytics cookies to monitor and collect information about traffic of the Site and enable us to improve the way it works. We may set cookies to market products or services to you on third party websites. We may use cookies delivered by third parties to track the performance of our advertisements.

You may, if you wish, change your browser settings to remove or disable cookies. This may change, or even disable, operation of the Site.