Information we collect
Information you provide to us
We collect the personal information you provide to us when you purchase our products or visit our website. The categories of information we may collect include:
- Personal Identifiers, including name, email address, postal address, and telephone number
- Commercial and Financial Information, including purchases and credit card or debit card number
- Physical and Audio Data, including physical characteristics or descriptions and audio information
- Characteristics of Protected Classifications, including age and sex or gender
- Medical, including medical information
- Inferences, including inferences from other data
To the extent we process deidentified personal information, we will make no attempt to reidentify such data.
Information collected automatically
We automatically collect internet or other electronic information about you when you visit our website, such as IP address, browsing history and interactions with our website. This data may be collected using browser cookies and other unique personal identifiers.
Browser Cookies. We use cookies to create a better experience for you on our site. For example, cookies prevent you from having to login repeatedly, and they help us remember items you've added to your cart. We also use third-party cookies, which are cookies placed by third parties for advertising and analytics purposes. You can control these cookies through your browser settings.
Information from other sources
We may collect personal information about you from third-party sources, including Other consumers (e.g., referrals) and Retail Partners.
Other consumers (e.g., referrals)
- Personal Identifiers, including Name, Email address, Postal address, and Telephone number
- Online Identifiers, including Online Identifiers
- Physical and Audio Data, including Physical characteristics or descriptions
- Characteristics of Protected Classifications, including Age and Sex or gender
- Inferences, including Inferences from other data
Retail Partners
- Personal Identifiers, including Name, Email address, Postal address, and Telephone number
- Commercial and Financial Information, including Purchases
How long we keep your data
We do not retain data for any longer than is necessary for the purposes described in this Policy.
We generally retain data according to the guidelines below.| Type of Data | Retention Period |
|---|---|
| Cookies and online data we collect while you use our website, including Online Identifiers | We delete or anonymize data concerning your use of our website within 7 years of collecting it. |
| Data we collect in order to process and ship orders you place with us, including Name, Email address, Postal address, Telephone number, Credit card or debit card number, Audio information, Inferences from other data | We keep personal information related to products and services you purchase for as long as the personal data is required for us to fulfill our contract with you, and for 7 years from your last purchase with us. We may keep data beyond this period in anonymized form. |
| Data we collect when you contact us for customer support and other inquiries, including Name, Email address, Postal address, Telephone number, Purchases, Credit card or debit card number, Physical characteristics or descriptions, Audio information, Age, Sex or gender, Medical information, Inferences from other data | We keep customer feedback and correspondence with our customer service for up to 2 years to help us respond to any questions or complaints. We may keep data beyond this period in anonymized form. |
| Data we collect when you sign up for promotional and marketing communications, including Name, Email address, Telephone number, Purchases | Where you have signed up to receive promotional and marketing communications from us, we will retain any data collected until you opt out or request its deletion. We may keep data beyond this period in anonymized form. We will further retain a record of any opt-outs in order to prevent sending you future communications. |
| Data we collect when you review our products, answer surveys, or send feedback, including Name, Email address, Telephone number | We retain review, survey, and feedback data for up to 7 years following your last contact with us. We may keep data beyond this period in anonymized form to help improve our products and services. |
| Data we collect in connection with privacy requests, including Name, Email address, Online Identifiers | We retain records related to privacy requests for a minimum of 24 months following the completion of the request. |
| Data we collect for security purposes, including Internet Activity, Inferences from other data | We retain security-related data as long as necessary to comply with our legal obligations and to maintain and improve our information security measures. |
How we share and disclose information
Information Disclosed for Business or Commercial Purposes in the Last 12 Months, and Categories of Parties Disclosed To
We may disclose the following personal information about you when you purchase our products or visit our website:
| Personal Information Disclosed | Recipient (by Category) |
|---|---|
| Personal Identifiers | Ad Networks, Business Operations Tool, Cloud Computing & Storage Providers, Collaboration & Productivity Tools, Commerce Software Tools, Contractors, Governance, Risk & Compliance Software, IT Infrastructure Services, Payroll & Benefits Management Software, Sales & Marketing Tools, Shipping Services, and Web Hosting Services |
| Online Identifiers | Ad Networks, Business Operations Tool, Cloud Computing & Storage Providers, Collaboration & Productivity Tools, Commerce Software Tools, Contractors, Data Analytics Providers, Governance, Risk & Compliance Software, IT Infrastructure Services, Payment Processors, Sales & Marketing Tools, and Web Hosting Services |
| Internet Activity | Ad Networks, Business Operations Tool, Cloud Computing & Storage Providers, Collaboration & Productivity Tools, Commerce Software Tools, Contractors, Data Analytics Providers, IT Infrastructure Services, Payment Processors, Sales & Marketing Tools, and Web Hosting Services |
| Commercial and Financial Information | Ad Networks, Business Operations Tool, Cloud Computing & Storage Providers, Collaboration & Productivity Tools, Commerce Software Tools, Contractors, Data Analytics Providers, IT Infrastructure Services, Payment Processors, Sales & Marketing Tools, and Web Hosting Services |
| Physical and Audio Data | Contractors, IT Infrastructure Services, Sales & Marketing Tools, and Web Hosting Services |
| Characteristics of Protected Classifications | Ad Networks, Business Operations Tool, Collaboration & Productivity Tools, Commerce Software Tools, Contractors, Data Analytics Providers, IT Infrastructure Services, Sales & Marketing Tools, and Web Hosting Services |
| Inferences | Ad Networks, Business Operations Tool, Cloud Computing & Storage Providers, Collaboration & Productivity Tools, Commerce Software Tools, Contractors, Data Analytics Providers, IT Infrastructure Services, Payroll & Benefits Management Software, Sales & Marketing Tools, and Web Hosting Services |
EEA/UK Privacy Notice (GDPR)
This section provides additional information for people in the European Economic Area (EEA) or United Kingdom (UK). The terms used in this section have the same meaning as in the General Data Protection Regulation and the UK Data Protection Act (GDPR). The term “personal information” as used in this notice has the same meaning as “personal data” in the GDPR.
Collection and Disclosure of Personal Data
The personal data we collect is described above in Information we collect. The personal data we disclose for business or commercial purposes is described above in How we share and disclose information. The length of time for which we retain personal data is described above in How long we keep your data.
We may disclose your personal information to the following third party controllers for business purposes: Zenefits, TravelBank, Vested, Wave, Pinterest Ads, Instagram Ads, Concord, Officevibe, Dyno Mapper, Mazars, Apple Pay, Expensify, BDM, PayPal - Pay with PayPal, Venmo, Pay Later, CJ, Forter. To understand how these parties handle your data, please refer to their respective privacy policies.
Lawful Bases and Legitimate Interests
We process personal data on the following lawful bases:
- Complying with legal obligations
- Fulfilling contracts
- Consent
- Legitimate interests
Where we process personal data on the basis of our legitimate interests, we pursue the following interests: Creating Customer Profiles, Delivering Targeted Ads, Improving our Products & Services, Conducting Surveys, Fulfilling Customer Orders, Internal Business Operations, Meeting Compliance & Legal Requirements, Organizing & Managing Data, Processing Payments, Tracking Purchases & Customer Data, Operating Our Website or Mobile Apps, Preventing Fraud, Providing Customer Support, and Sending Promotional Communications.
International Data Transfers
We may send the personal data of individuals in the EEA/UK to third countries, including the United States, where it may be stored or processed, for example on our service providers’ cloud servers. When we transfer personal data, we rely either on Adequacy Decisions as adopted by the European Commission (EC) on the basis of Article 45 of Regulation (EU) 2016/679 (GDPR), Standard Contractual Clauses (SCCs) issued by the EC or International Data Transfer Agreements (IDTAs) approved by the UK Information Commissioner’s Office. Data protection authorities have determined that the SCCs and IDTAs provide sufficient safeguards to protect personal data transferred outside the EEA/UK. You may read more about the SCCs and IDTAs at the following links:
- https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en
- https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/international-data-transfer-agreement-and-guidance/
Privacy Rights
Individuals in the EEA/UK have the following rights regarding their personal data. You can exercise your rights using the request form at the top of this page, or by clicking here. Once you submit a request, we will verify your identity and process your request in most cases within 30 days.
Right to access. You have the right to request a copy of the personal data we hold about you.
Right of portability. You have the right to ask us to transfer your data to another party.
Right to rectification. You have the right to request that we rectify any incorrect information we have about you.
Right of erasure. You have the right to request that we erase (delete) any personal information we hold about you.
Right to lodge a complaint with a supervisory authority. You have a right to lodge a complaint with a supervisory authority. For more information, you can visit the Information Commissioner’s Office website at https://ico.org.uk/, or see a list of EU Data Protection Authorities at https://www.gdprregister.eu/gdpr/dpa-gdpr/.
Inquiries
Controller contact information
Sunday Riley UK
Representative Information
If you are located in the EEA or the United Kingdom and have questions about your personal data or would like to request to access, update or delete it, you may contact our representative at:
Bird & bird GDPR Representative Services SRL
Avenue Louise 235
1050 Bruxelles
Belgium
moc.sdribowt@yeliRyadnuS.evitatneserperUE
Key contact: Vincent Rezzouk-Hammachi
Bird & Bird GDPR Representative Services UK
12 New fetter Lane
London
EC4A 1JP
United Kingdom
moc.sdribowt@yeliRyadnuS.evitatneserperKU
Key contact: Vincent Rezzouk-Hammachi”