This policy describes the personal information we collect about you, why we collect it, how we use it, and when we share it with third parties. Our policy also describes the choices you can make about how we collect and use certain information. If our information practices change, we will post an updated policy on our website. You can tell if the policy has changed by checking the revision date that appears on this policy. We shall not apply changes in our policy retroactively to information collected from you under a prior policy if, in the reasonable exercise of our discretion, we determine that the changes substantively affect your rights, unless we have given you notice of the changes of the policy and an opportunity to opt out. We will provide this notice to you by email if we have a current email address for you and otherwise by posting notice of the change prominently on the home page of our website.
When we say “Theory”, “us”, “our” or “we” in this Policy, we are referring to Theory LLC, a New York Limited Liability Company with an address at 38 Gansevoort Street, New York, NY 10014.
For the purposes of the General Data Protection Regulation (Regulation (EU) 2016/679, the “GDPR”), THEORY LLC is the “data controller” (as defined in the GDPR) of the personal data, when it determines the purposes and means of the processing of personal data.
In addition, under the GDPR:
• ‘personal data’ means any information relating to you and that identifies you, directly or indirectly;
• ‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data.
WHICH CATEGORIES OF PERSONAL DATA DO WE COLLECT FROM YOU AND FOR WHICH PURPOSES?
We collect personal data, either directly from you, most of the time obtained through forms on our Site, or indirectly when you interact with us.
When we collect personal data through forms, fields marked with an asterisk are mandatory. Indeed, some of the personal data we request from you are either necessary for us to perform a contract between you and Theory, or to provide you with a service you have asked for, or to comply with legal requirements. If you do not provide the personal data marked with an asterisk, this may affect the goods and services that we can provide.
We collect and process personal data for the following purposes:
• Customer relationship management where we mainly collect identifying data such as your name and your contact details;
• Management of the orders where we collect information such as your name, e-mail address, billing address, delivery address, telephone number, product selections, credit card or other payment information;
• Sending commercial communications, in particular via your subscription to our newsletters by entering your e-mail address;
• Organisation of competitions or promotional operations where we collect data such as your name, e-mail address or telephone number;
• Management of the after-sale service when Theory answers to requests regarding our products or our brand if you contact us at firstname.lastname@example.org.
• Management of the customer reviews on products for which we collect at least your e-mail address;
• Analysis of the ergonomy of our Site via some cookies or other technologies allowing us to collect information about your online browsing, such as information regarding your browser type, the country code where your device is located, the pages of our website that were viewed during your visit, the advertisements you clicked on, and any search terms that you entered on our Site.
Our Site may also use a website recording service which may record mouse clicks, mouse movements, page scrolling and any text keyed into website forms. Data collected by this service is used to improve our website usability. The information collected is stored and is used for aggregated and statistical reporting. All the data collected in connection with the ergonomy of the Site is statistical data about our users' browsing actions and patterns and does not identify any individual.
If you wish your website activity not to be recorded, please contact the following email address: email@example.com
Legal basis for processing your personal data is as follows:
• Processing of data relating to customer relationship management and management of your orders are either based on the performance of a contract between you and Theory (e.g. when you create an account with us or you order a product from us), or based on our legitimate interests (transaction security helps us to prevent fraud);
• Processing of data linked with the sending of commercial communications are based on your specific consent;
• Legal basis to process data in view of the organisation of competitions or promotional operations is the performance of a contract between you and Theory (to allow you to participate to such operation);
• When you send a request regarding our products or our brand or for the management of the customer reviews on products, processing of your data is based on your specific consent;
• Processing linked to the ergonomy of our Site and the development of statistics is based either on our legitimate interests for the cookies used to improve our website and to ensure it functions properly and it is secure and safe, or on your specific consent for all the other cookies (to send targeted advertising or to propose tailored services, to run statistics). For more information, please refer to our “Cookies” below section.
WHO MAY ACCESS YOUR PERSONAL DATA?
We will treat all your Personal Information as confidential. Information about our customers is important and protecting your privacy is essential to us, we do not share your personal data with any third parties other than for the limited reasons specified below.
We will only disclose data to:
• Other companies within our Group of companies,
• Suppliers we engage to process data on our behalf,
• Government bodies and law enforcement agencies to comply with legal obligations or protect some rights,
• Successors in title to our business (in the case of a transfer of assets or if we sell any or part of our business).
We share personal data on a limited basis with trusted suppliers we use to perform operations on our behalf. These suppliers can assist us by providing us our Internet platform, providing marketing assistance, delivering our products to you, providing customer service or helping us to prevent fraud. We only provide them with personal information they need to perform their services and we ask them to commit to use your data only for specific listed purposes. We will always use our best efforts to make sure that these third parties will keep your personal data secure and confidential.
We release account and other personal information when we believe release is appropriate to comply with the law; enforce or apply our Policy; or protect the rights, property or safety of the Site, our users, or others. This includes exchanging information with other companies and organisations for fraud protection and credit risk reduction. However, this does not include selling, renting, sharing, or otherwise disclosing personal information for commercial purposes in violation of the commitments set forth in this Policy.
WHERE WE STORE YOUR PERSONAL DATA?
Internet is used in a global environment, using it to collect and process personal data involves the transmission of data on an international basis. The data that we collect from you may be transferred to, accessed in and stored at, a destination outside the European Economic Area ("EEA"), these data will always be held securely and in line with the requirements of any applicable regulations regarding data protection.
It may also be processed by third-parties operating outside the EEA (for example in the USA), working for us or for one of our suppliers. Such third parties may be engaged in, among other things, the fulfillment of your order, the processing of your payment details and the provision of support services. Where we transfer personal data to third parties outside the EEA, we ask them to provide sufficient guarantees to implement appropriate technical and organisational measures in such a manner that processing will meet the requirements of the EU regulation and ensure the protection of your rights as data subject. When necessary, we rely on the Commission Adequacy decision on the EU-U.S. Privacy Shield or we may ask them to enter into contracts based on the template adopted by the European Commission according to Article 46.2 of the GDPR (Adequacy decision and model clauses adopted by the EU Commission are available via this page).
HOW LONG DO WE KEEP YOUR PERSONAL DATA?
We will keep your personal data for as long as we need it to achieve the purpose for which it has been collected or to meet our legal obligations.
• We keep the data relating to the creation of an account until you request us to delete it or after a certain period of user inactivity detailed in our document retention policies;
• Data relating to product order, either through a customer account or via the guest checkout, will be kept for the duration of our contractual relationship linked to the management of the order;
• When you take part to competitions or promotional operations, your data will be kept for the duration of such operation;
• Data relating to your subscription to our newsletter will be kept until you request us to unsubscribe or delete it or after a certain period of user inactivity (as defined by our internal retention policy);
• When you send us a request regarding our products or our brand, your data will be kept for the time necessary to handle such request;
• Personal data within cookies set on your terminal will be kept for as long as we need it to achieve the purpose for which it has been collected (e.g. session identification cookies are just kept for the duration of the ongoing session).
We might keep some personal data for a longer time to comply with legal or regulatory obligations (e.g. to meet our obligations linked with invoicing) or to protect our legitimate business interests (e.g. to bring a claim before the Court).
We receive and store certain types of information whenever you interact with us.
When accessing our website, information about your browsing may be saved in some "cookies" files installed on your device.
We issue these cookies to facilitate navigation on our website.
They can also be issued by our providers in order to offer you personalised advertising when you access other websites.
In addition, some cookies may be on different areas on our Site, displaying advertising content from third-parties advertisers on your device.
Please note that only the issuer of a cookie may read or modify information contained therein.
Cookies we issue
Cookies we install on your device allow us to recognize your browser when you connect to our website.
We issue cookies for the following purposes:
• Establish traffic statistics (number of visits, page views, abandonment during the order process) to monitor and improve the quality of our services;
• Adapt the presentation of our website to the display preferences of your terminal;
• Memorise information entered in forms, manage and secure access to specific and personal places such as your account, manage your shopping cart. We may send you e-mails to keep you informed of the status of your order: you can unsubscribe at any time by clicking on the unsubscribe link in each email;
• Provide you with content, including advertising, related to your interests and customise the offers we send you.
When you access our Site, one or more cookies from our providers ("third-party cookies") may be placed on your device via the pages of our website or via content displayed in our advertising spaces.
The cookies placed on our website by the providers we use to promote our activities and our offers are designed to:
• Identify the products seen or purchased on our website in order to personalise the advertising offer sent to you when you access other websites;
• Send you Theory offers by email if you have authorized them when registering.
The cookies contained in the advertising spaces of our website are intended to establish statistics on advertisements (such as how many times it was displayed, which advertisements were displayed, number of users having clicked on each advertisement ...)
How to change your cookie settings?
You can configure your browser software so that cookies are saved in your device or, in order they are rejected, either systematically or according to their issuer. If your browser is set to refuse all cookies, you will not be able to make purchases or take advantage of essential features of our Website, such as keeping products in your cart or receiving personalised recommendations.
You can also configure your browser so that the acceptance or rejection of cookies is offered to you punctually, before a cookie is likely to be registered in your device.
To find information relating to other browsers, visit the browser developer's website.
To opt out of being tracked by Google Analytics across all websites, visit https://tools.google.com/dlpage/gaoptout
We might display or send personalised content or communications using profiling techniques (defined by the GDPR as any form of automated processing of personal data evaluating the personal aspects relating to a natural person, in particular to analyse or predict aspects concerning the data subject's personal preferences or interests, behavior or location).
Personalized advertising banner
After browsing our Site, personalized banner ads may be displayed when you are on other websites. We are committed to providing you with offers that are relevant to you. Thus, the advertising banners that will be displayed will relate to products that have been viewed by browsing our Site from your device. The service aims to offer personalized advertising displaying products or services based on the recent behavior of Internet users on the sites and applications of its partners. To do this, our provider recognizes users using cookies.
When you agree to be contacted by us for commercial purposes, we may send you e-mails and other communications about goods and services that may be of interest to you. We do this by studying our customers' online browsing and shopping habits, and providing them with information about the products they have viewed and those they use. If you have indicated your preferences when you have given us your details, we will use them to better select the information we will send you.
We use online browsing data to track use of our Site in order to understand which products and services are of interest to you and to collect certain personal information such as name, email address, phone number, and a unique identifier associated with your device. This information is then used to assist you in the buying process including by contacting you from time to time (either by email or SMS) or to personalise advertising displayed to you online.
TRANSACTION SECURITY AND WEBSITE MISUSE
To provide you with the best services and to allow you a secure experience regarding the payment and the delivery of your orders, we will use some of your data in order to prevent and to avoid any misuse of this Site. We have asked Adyen, our service supplier, to test such data on an automated basis.
Concerned data are: data regarding the implementation of the contract (purchased items, personal information, payment method and banking data).
Following such test and depending on the result, we may decide to implement any relevant security measures or, when the transaction security can’t be ensured, we may decide to cancel the order. In case of an incident, such as fraudulent use of the means of payment or fraud with the delivery, the data relating to the order will be stored in a specific file which would allow us to conduct any relevant additional verification for future orders. You will be notified of any test conducted by us, allowing you to express your observations.
In the case you withdraw your consent to the processing of your personal data regarding transaction security, you may no longer be able to use the website or to place an order.
YOUR RIGHTS ON YOUR PERSONAL DATA
You have the following rights at any time:
• The right to request access to personal data that we hold about you;
• The right to request from us rectification of any personal data that is inaccurate or incomplete;
• The right to request erasure (‘right to be forgotten’) of personal data if these data are no longer necessary in relation to the purposes for which they were collected or otherwise processed or if you withdraw your consent (we might have to keep some personal data to meet legal requirements or legitimate interests though).
• The right to obtain restriction of processing where one of the following applies:
• If you have contested the accuracy of your personal data, processing shall be restricted for a period enabling us to verify such accuracy,
• When processing is unlawful and you oppose to the erasure of your personal data and request the restriction of their use instead,
• If we no longer need the personal data for the purposes of the processing but they are required by you to establish, exercise or defend your legal claims,
• When you have objected to processing based on legitimate interests, processing shall be restricted for a period enabling the verification whether our legitimate grounds override yours.
• The right to object, on grounds relating to your particular situation, where processing of your personal data is based on our legitimate interests. You also have the right to object at any time to processing for direct marketing purposes (including profiling to the extent that it relates to such direct marketing);
• The right to data portability, meaning you have the right to receive the personal data we hold about you in a structured, commonly used and machine-readable format and you have the right to transmit those data to another controller where the processing is based on your consent or on a contract and is carried out by automated means. You have also the right to have your personal data transmitted directly from us to another controller where technically feasible;
• The right to opt out of any marketing communications that we may send you by clicking on the unsubscribe link at the bottom of any e-mail we have sent to you
• The right not to be subject to a decision based solely on automated processing including profiling, which produces legal effects concerning you or similarly significantly affects you (unless if this decision is necessary for entering into, or performance of, a contract between you and Theory or is based on your explicit consent);
• The right to lodge a complaint with a supervisory authority if you have reasons to think that your rights on your personal data are infringed by Theory.
You may exercise any of these rights by contacting customer service via one of the following methods
• Email: firstname.lastname@example.org
• Phone: +1 (877) 242-3317
• Mail: THEORY LLC, Data Protection
38 Gansevoort Street
New York, NY 10014
Note that we may ask you additional information necessary to confirm your identity to exercise your rights.
We are committed to offering our customers a safe and secure environment. Whilst we take appropriate technical and organisational measures to safeguard the personal data that you provide to us, no transmission over the Internet can ever be guaranteed secure. Consequently, please note that we cannot guarantee the security of any personal data that you transfer over the Internet to us.
If you are using a computer or terminal in a public location, we recommend that you always log out and close the website browser when you complete an online session for your security. In addition we recommend that you take the following security measures to enhance your online safety:
• Keep your account passwords private. Remember, anybody who knows your password may access your account.
• When creating a password, use at least 8 characters. A combination of letters and numbers is best. Do not use dictionary words, your name, email address, or other personal data that can be easily obtained. We also recommend that you frequently change your password. You can do this by going to ‘My Account’ and clicking ‘Change name, email or password’.
• Avoid using the same password for multiple online accounts.
LINKS TO THIRD PARTY WEBSITES
Certain links within the Site may be to other unrelated third party companies. We will never share your personal information with those third party companies.
We do not and will not knowingly collect information from any unsupervised person under the age of 16. For the processing of the personal data of a child below the age of 16, the consent of the holder of parental responsibility is necessary. We shall make reasonable efforts to verify in such a case that consent is given or authorized that way, taking into consideration available technology.
We will never ask you to confirm any account or credit card details via e-mail. If you receive an e-mail claiming to be from Theory asking you to do so, please ignore it and do not respond.
YOUR PRIVACY RIGHTS UNDER CALIFORNIA LAW
Learn about your California privacy rights here
If you have any questions or concerns relating to this Policy or any other privacy-related questions or if you would like to exercise any of your rights above described, please contact us at email@example.com. Or by writing to the following address:
New York, NY 10014
If you wish to contact our Data Protection Officer, please contact him at: firstname.lastname@example.org
© THEORY LLC 2020
Last Updated - January 1, 2020