Welcome to Savage X Fenty! We care deeply about privacy. We’re committed to being transparent about our privacy practices, including how we treat your personal data. This privacy notice, together with the materials referred to in it, describes, among others:
- the personal data that we collect or receive on or through:
- the website http://www.savagex.eu (“Site”);
- other Savage X Fenty products or services; and
- all other written or oral communications, such as email or phone, with you (together, “Services”);
- how we use that information; and
- the steps we take to protect that information.
We need to use your personal data, among others, to operate our business and to provide you with the Services. Please read this privacy notice carefully before using the Services. If you don’t want us to collect or use your information in the ways described in this notice, you shouldn’t use the Services.
TABLE OF CONTENTS
- ABOUT US
- CATEGORIES OF PERSONAL DATA
- PROCESSING PURPOSES, LEGAL BASIS
- HOW WE SHARE INFORMATION WITH THIRD PARTIES
- INTERNATIONAL DATA TRANSFERS
- YOUR RIGHTS AND CHOICES
- RETAINING YOUR INFORMATION
- INFORMATION SECURITY
- CHANGES TO THIS NOTICE
- HOW TO CONTACT US, DATA PROTECTION AUTHORITY, COMPLAINTS
1. ABOUT US
We are Lavender Lingerie GmbH, a company registered in Germany with company number: HRB 193758 B and registered office at Schlesische Straße 38, 10997 Berlin, Germany (“we” or “us”). We operate the Services and are the data controller responsible for your personal data. Our contact details are set out in section 11.
2. CATEGORIES OF PERSONAL DATA
When you use the Services, we process the following personal data of you:
- Registration, account setup, Service usage: When you register for our Services, we will process the following categories of information
- your name, email address, customer ID, mailing address, phone number, payment method, demographic information such as gender, birthday and other personal identifiers, commercial information such as order history, order ID, items purchased, size, style and product preferences, and other unique identifiers. You are entitled to review, edit and, in certain circumstances, delete this information through your account settings.
- Automated information: We automatically receive and record technical information from your browser or your mobile device when you use the Services
- such as your IP address or unique device identifier, data about which pages you visit. This information is stored in log files and is collected automatically. We may combine this information with other information that we or those we work with collect about you.
- We also automatically collect device-specific information when you use the Services, including information about the hardware model, operating system information, App version, App usage, browser information, IP address, and device identifiers. For more information about cookies and similar technologies, see our Cookies Policy .
- Analytics performance information: We use data analytics software to record information such as how often you use the App, what happens within the App, aggregated usage, performance data, app errors and debugging information, and where the App was downloaded from.
- Information from third parties You may choose to connect to the Services or register a Savage X Fenty account using a third party application, such as Facebook from which we receive personal data. We may also collect public information in order to connect with you.
Protecting the privacy of children is especially important to us. The Services are not directed towards children and we do not knowingly collect personal data from children. If you are under 18 years of age, please do not use the Services. If we learn that we have collected or received personal data from anyone under 18 years of age, we will delete this information. If you are a parent or guardian and discover that your child has provided us with personal data, please contact us as detailed in section 11.
4. PROCESSING PURPOSES, LEGAL BASIS
Processing purposeDetails regarding each processing purpose.
Legal basisCorresponding legal basis.
|Providing and improving the Services: We use your information to provide and improve the Services and our products, for billing and payments, for identification and authentication, registration, account setup, Service usage, for targeted marketing, for general research and aggregate reporting. We may learn about the products and services that you’re interested in from your browsing and purchasing behaviour both through and outside the Services and may suggest potential purchases as a result.||Processing is necessary to perform our contract governing our provision of the Services to you or we process your personal data based on our legitimate interest in personalising the Services to help you discover products and services of interest to you. We use and share your information to enable us to pursue our legitimate interests in understanding how the Services are being used, and to explore ways to improve the Services. We will ask for your consent where we need to.|
|Sending you transactional messages: We will process your data information to send you service-related emails or messages. Examples of service-related messages include an email address confirmation or welcome email when you register an account, a confirmation when you place order, information concerning service availability, information about changes to key Service features or functions, and correspondence with our support team. We may also contact you by telephone for transaction-related purposes or to provide support.||Processing is necessary to perform our contract with you.|
|Sending you marketing messages: We also process your personal data to send you marketing emails or other marketing messages. You may unsubscribe at any time from marketing messages through the opt-out link included in the messages or through your account settings. If you opt out, we may still send you non-promotional emails, such as emails about our ongoing business relations.||Your consent, unless we are legally entitled to send you marketing messages without your consent.|
|Complying with law, for compliance, fraud prevention and safety: We process and retain your personal data or share it with a third party in the following limited circumstances:
||Processing is necessary to comply with our legal obligations or where we have a legitimate interest. In rare cases it may also be necessary in the public interest or to prevent loss of life or personal injury.|
|Defending our legal rights: We process your personal data to protect, establish, or exercise our legal rights or to defend against legal claims, including to collect a debt.||Processing is based on our legitimate interest.|
|Future corporate activity: We may need to transfer your personal data to a third party In the context of future corporate activities, such as a sale, merger, liquidation, receivership or transfer of all or a significant portion of our business or assets.||Processing is based on our legitimate interests, particularly our interest in making decisions that enable our business to develop over the long term.|
|To create anonymous data for research and development: We aggregate and de-personalise demographic information, so that your personal data is not revealed, in order to share aggregated demographic information with third parties, including to comply with our reporting obligations, for business or marketing reasons, or to assist third parties in understanding the Services and our business.||Processing is based on our legitimate interest to analyse the reach and efficiency of our business.|
|Analytics performance information: We use data analytics to ensure the functionality of, and to improve, the Services. We use mobile analytics software to allow us to understand the functionality of the App on your mobile device. Processing is based on our legitimate interests, that is also beneficial for you as we use this data to improve the user experience and provide a higher quality servicer.||Processing is based on our legitimate interests, that is also beneficial for you as we use this data to improve the user experience and provide a higher quality servicer.|
|Location information: We process your location information you provide in your profile or from your IP address or more precise information as set out in Section 2. In order to provide features and to improve and personalise the Services. For example, for internal analytics and performance monitoring, to localise content and (using non-precise location information) for marketing purposes. Certain non-precise location services, such as for security and localization of policies based on your IP or profile address, are critical for the Services to function.||Processing of non-precise location information is based on our legitimate interest|
HOW WE SHARE INFORMATION WITH THIRD PARTIES
We share your personal data with the following third parties in the following context, provided that we have a legal basis to do so or where you have expressly made such personal data public.
- Service Providers, Consultants and Vendors
- Performance of the contractual obligations in our terms and conditions and in order to provide the Services to you;
- Serving our legitimate interests;
- Protecting the personal safety and property of Savage X Fenty, its customers, or any other third party;
- Providing or improving our Services and the safety and security of our Services, Site, and Apps including facilitating identification and authentication, targeted online and offline marketing, for general research and aggregate reporting, customization of website and application customer experiences;
- Enabling third parties to perform services on behalf of Savage X Fenty including, but not limited to, payment processing, couriers, research, analytics, and security; to help Savage X Fenty operate, provide, and market the Services.
- Public Authorities, Including Courts and Law Enforcement Agencies
- compliance with a legal obligation or judicial or administrative order or in the course of judicial or administrative proceedings;
- protecting the rights and property of Savage X Fenty and our agents, customers, and third parties including the right to enforce our terms and conditions;
- Third Parties During A Merger:
- Facilitating the negotiation of any kind of merger and acquisition, or dissolution, transaction, or proceeding involving sale, transfer, divestiture, or disclosure of all, or a portion of our business or assets to another company. In the event of an insolvency, bankruptcy, or receivership, personal data may also be transferred as a business asset. If another entity acquires our company, business, or assets, that entity will possess the personal data collected by us and will assume the rights and obligations regarding your personal data as described in this notice. However, before transferring the personal data, Savage X Fenty and the third party will comply with any necessary legal or administrative procedure.
6. INTERNATIONAL DATA TRANSFERS
We are part of a global group of companies. When providing our Services we process your personal data in the European Economic Area (“EEA”), US, and other countries in which we and our partners operate for purposes described in this notice. This includes sharing your information with TFG Holding, Inc., our US parent company, and other group companies in our global group, as well as third party service providers.
When your personal data is transferred from your home country to another country, the laws and rules protecting that information in the country to which it is transferred may be different from those in the country in which you live. We will transfer your information only to those countries to which we are permitted by law to do so, and we will take steps to ensure that your information continues to enjoy appropriate protections.
6.1 Transfer Mechanisms
Whenever we transfer personal information to a third country outside of the EEA, we do so on one or more of the following legal bases and transfer mechanisms:
- Necessary to perform our contract with you. You may choose whether or not to use the Services. However, if you want to use the Services, you must agree to the terms and conditions, which set out the contract between us and you. As we use technical infrastructure in the EEA, US and other countries to deliver the Services to you, in accordance with our contract with you, we need to transfer your personal information within the EEA, to the US and to other jurisdictions as necessary to provide the Services. We can’t provide you with the Services and perform our contract with you without transferring your information in this way.
Where applicable, we rely on existing decisions by the EU Commission in which the EU Commission has stipulated that certain third countries provide for an essentially adequate level of data protection as under the GDPR (e.g. for transfer from the EEA to the UK). In the absence of an adequacy decision, we have implemented appropriate transfer mechanisms to safeguard your personal information when we transfer it outside of the EEA:
- Standard Contractual Clause/Model Clauses. The European Commission has adopted Standard Contractual Clauses, also known as Model Clauses, which provide safeguards for personal information that is transferred outside of the EU or EEA. You may view the Model Clauses on the Commission’s website, here.
If you would like a copy of the Standard Contractual Clauses, please submit a written request to the following address: Lavender Lingerie GmbH, Attn: General Counsel, Schlesische Straße 38, 10997 Berlin, Germany.
- Binding Corporate Rules. Some of our partners may have implemented binding corporate rules to protect your personal information during international transfers from the EEA to third countries within our partner organisations.
Privacy Shield. TFG Holding, Inc., and certain other companies in our global group participate in the EU-US Privacy Shield Framework. Even though the Privacy Shield Framework was invalidated in 2020 by the European Union Court of Justice, we are committed to comply with the obligations under the Privacy Shield´s principles.
7. YOUR RIGHTS AND CHOICES
- Request access to your personal data in order to receive a copy of the personal data we hold about you.
- Request correction of the personal data that we hold about you in order to have any incomplete or inaccurate data corrected, though we may need to verify the accuracy of the new data you provide to us.
- Request erasure of your personal data in order to ask us to delete or remove personal data where there is not a good reason or legitimate interest for us to continuing to process it. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request. For example, where we have a legal obligation to retain and store your personal data.
- Request restriction of processing of your personal data in order to ask us to suspend the processing of your personal data.
- Request the portability of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to personal data which you initially provided consent for us to use or where we used the personal data to perform a contract with or provide services to you.
- Object to processing of your personal data if, as explained in section 4, we process your information based on our legitimate interests, and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms In some cases, we may demonstrate that we have compelling legitimate grounds to process your personal data which override your rights and freedoms.
Where you have provided your consent to processing of your data, you have the right to withdraw your consent at any time with effect for the future. The withdrawal of consent does not affect the lawfulness of our processing based on consent before your withdrawal.
If you no longer wish to use the Services or receive service-related messages you may close your account at any time by following the instructions detailed here. Please be aware that this deletion is permanent and your account cannot be reinstated.
8. RETAINING YOUR INFORMATION
We will retain your personal data only for as long as your account is active, as needed to provide the Services to you, or otherwise as necessary for the purposes described in this policy. If you no longer want us to use your information to provide the Services to you, you may close your account at any time by following the instructions detailed here.
However, we may be obliged to retain your personal data due to certain legal requirements, such as for legal and/or administrative proceedings. Once the retention period resulting from these proceedings has ended, we will proceed to delete the personal data.
9. INFORMATION SECURITY
The security of your personal data is very important to us. We follow generally accepted standards to protect the information we collect and receive, both during transmission and after it is received. We maintain appropriate administrative, technical and physical safeguards to protect your information against accidental or unlawful destruction, accidental loss, unauthorized alteration, unauthorized disclosure or access, misuse, and any other unlawful form of processing. This includes, for example, firewalls, encryption, password protection and other access and authentication controls. However, no method of transmission or storage is completely secure. While we strive to protect your personal data, we can't guarantee its absolute security. Your account information is protected by a password. It is important that you protect against unauthorised access to your account and information by choosing your password carefully and by keeping your password and computer secure, such as by signing out after using the Services. If you believe the security of your personal data has been compromised, please contact us as detailed in section 11. If we become aware that your information has been compromised, we will inform you in accordance with applicable law.
10. CHANGES TO THIS NOTICE
This notice is subject to occasional revision. We will notify you of the changes by posting the changes on or through the Services, or by sending you an email about the changes, and/or by posting an update in the version notes on the App’s platform . Any changes will be effective upon the earlier of fourteen (14) calendar days following our dispatch of an email notice or fourteen (14) days following our posting of the changes on or through the Services. We encourage you to check back regularly and review any updates. If we make any material changes in the way we use your personal data, we will notify you by sending you an email to the last email address you provided to us and by posting notice of the changes on our Site.
11. HOW TO CONTACT US, DATA PROTECTION AUTHORITY, COMPLAINTS
If you have any questions or comments about this notice, your personal data, or your choices and rights, please contact:
You also have the right to file a complaint against us with the Berlin Commissioner for Data Protection and Freedom of Information. The Berlin Commissioner is our lead supervisory authority for data protection matters. The Berlin Commissioner’s contact details are:
Address: Berliner Beauftragte für Datenschutz und Informationsfreiheit
Telephone: 0303 123 1113
If you live in the EEA, you are entitled to also file a complaint with your local data protection authority. You may find details of your local authority here.
- our support team:
- in writing at the address in section 1;
- by sending an email to email@example.com or
- by calling us on 31858880124, or
- our EU Data Protection Officer:
- in writing at the address in section 1, marked for the attention of the EU Data Protection Officer; or
- by sending an email to firstname.lastname@example.org.