Date: 3 May 2019
Welcome to the MR PORTER website.
If you have a question that is not answered here, or if you would like more information about how we collect, use and store your personal data, you can contact us at any time by emailing firstname.lastname@example.org, calling +44 330 022 5705 or writing to the Privacy Team at THE NET-A-PORTER GROUP LIMITED, 1 The Village Offices, Westfield London, Ariel Way, London, W12 7GF.
1. Who is the data controller?
Under the data protection law, the data controller is responsible for ensuring that your data is held securely, that you are given accurate information about how your data is used, and that your rights regarding your data are respected.
The MR PORTER website is owned and run by THE NET-A-PORTER GROUP LIMITED. For the purpose of the UK Data Protection Act 2018 and the General Data Protection Regulation 2016 (the Law), the data controllers for any personal data we hold about you are THE NET-A-PORTER GROUP LIMITED of 1 The Village Offices, Westfield London, Ariel Way, London, W12 7GF, United Kingdom and our parent company, YOOX NET-A-PORTER GROUP S.p.A. of Via Morimondo 17, 20143 Milan, Italy.
THE NET-A-PORTER GROUP LIMITED (referred to here as "we", "our", "us") is part of YOOX NET-A-PORTER GROUP. If we use the term "our Group", this means us and our subsidiaries, our ultimate holding company and its subsidiaries (or any of them). The term "our online services" refers to NET-A-PORTER, MR PORTER, THE OUTNET, our mobile and tablet applications, our pages on third party social media platforms such as Instagram, Facebook, Twitter, Pinterest and Google+ and any other websites or apps we own or run from time to time. The term "our services" refers to our online services and any of our other products and services, such as PORTER magazine, offered from time to time. If you use any of our services, we will refer to you using the terms "user", "visitor", "you", "your", "yours" in this policy.
Should you have any queries about our use of your personal data, please email email@example.com, call +44 330 022 5705 or write to our Privacy Team at THE NET-A-PORTER GROUP LIMITED, 1 The Village Offices, Westfield London, Ariel Way, London, W12 7GF, UK.
2. What personal data do we collect?
We collect and process only the data that is required to allow us to provide our services to you. We collect the following data when you browse or shop at www.mrporter.com:
a) We process the personal data required to complete and despatch your purchase, including your name, billing address, delivery address, payment details, mobile number, telephone number and email address. We collect your email address in order to send you confirmation of your order; we collect your telephone number so that we can contact you if there are any issues with the order.
b) We collect your email address when you sign up to receive Style News.
c) If you register for a MR PORTER account, we collect your name, email address, password, country, day and month of birth and additional information regarding your favourite designers and your marketing preferences.
d) When you contact our Customer Care Team, we may collect additional data to help us resolve any queries relating to your order, delivery, payments, marketing, the website or any other queries.
e) We collect and process data about your browsing on www.mrporter.com, including the pages you visit and how you interact with these pages. If you have registered for an account, we collect browsing data about your access to the dedicated areas of the website.
f) If you are a customer of www.mrporter.com, or if you have given us your consent, we collect and process your personal data for direct marketing activities.
g) If you provide us with someone else's data - for example, if you purchase a product to be delivered to a friend or as a gift - we will collect and process the personal data required to complete the transaction such as the name, delivery address and other contact details for your friend. If you are receiving an item as a gift, we will process your data only to fulfil the gift request and our contractual obligations.
h) When you use the App version of our website, we will ask for your consent to collect personal data from you in order to send you brief messages ("push notifications") about products and services that we believe may be of interest to you. With your consent, we will also collect data regarding your use of the App and your IP address, in order to improve our service to you. You can disable push notification at any time by updating the App settings in your mobile device.
i) When you call our Customer Care Team, your call will be recorded for training and fraud prevention purposes.
3. How do we use the personal data we collect?
We collect and process your personal data for the following purposes:
a) To fulfil our contract with you, including taking payment, shipping and delivery;
b) To provide you with relevant information about our products and services via our marketing communications and advertising;
c) To help you take full advantage of our website, including placing and holding items in your shopping bag and using services such as Wish Lists;
d) To improve the performance of our website and our promotion of the website;
e) To allow our Customer Care Team to help you with queries and requests;
f) To send you updates to important information such as our Terms & Conditions.
For a detailed breakdown of how we use your personal data, please view the below.
4. What is our legal basis for processing your personal data?
Under the Law we must have a valid reason for using your personal data and we may not collect, store or use data about you that is not compatible with that reason. There are four valid reasons for our use of your personal data:
- I. Most of the data we collect from you is necessary to allow us to fulfil our contract with you or to enter into a contract with you e.g. you provide a billing address and email address when your purchase an item from www.mrporter.com so that we can process your payment and send you order confirmation.
- II. In certain circumstances we will ask for your permission or consent to use your personal data e.g. if we would like to send you marketing information about items we believe may be of interest to you via email. If you have given your consent to our use of your personal data, you are entitled to withdraw this consent at any time.
- III. We may also have a legitimate interest in using your personal data e.g. to ensure that the content of our website is presented to you and your device as effectively as possible, or to ensure that our marketing communications are relevant to your interests. If this is our reason for using your data, we must make sure that our interests do not override yours and you are entitled to object to this use of your data.
- IV. Lastly, we may be required to use your data to meet a legal obligation or to protect your interests e.g. we may exchange information with other specialist organisations for the purposes of fraud detection and credit risk reduction and we will retain financial data long term to meet our statutory obligations.
For a detailed breakdown of how we use your personal data, please view the below.
5. Who will process your data?
Your personal data will be processed by the internal staff of THE NET-A-PORTER GROUP LIMITED who have been specifically trained and authorised for this processing. In carrying out the processing, the data may also be transmitted to companies belonging to YOOX NET-A-PORTER GROUP S.p.A, to which THE NET-A-PORTER GROUP LIMITED belongs.
Your personal data will also be transmitted to third parties that we use to provide our services; these parties have been rigorously assessed and offer a guarantee of compliance with the legislation on the processing of personal data. These parties have been designated as data processors and carry out their activities according to the instructions given by NET-A-PORTER GROUP LIMITED and YOOX NET-A-PORTER GROUP S.p.A and under our control.
The third parties in question belong to the following categories: banking operators, internet providers, companies specialising in IT and telematics services; couriers; companies that carry out marketing activities, including social media organisations; companies specialising in market research and data processing; companies offering contact centre services; companies providing publishing and distribution services.
Under some circumstances we may be required to disclose or share your data without your consent, for example if we are required by the police, the courts or for other legal reasons. Your data may be transmitted to the police, judicial and administrative authorities, in accordance with the law, for the investigation and prosecution of crimes, the prevention of and protection from threats to public security, to allow THE NET-A-PORTER GROUP LIMITED to ascertain, exercise or defend a right in court, as well as for other reasons related to the protection of the rights and freedoms of others.
6. Data transfer outside the European Union
Some of the third parties listed in the previous paragraph 'Who will process your data?' may be located in countries outside the European Union that nevertheless offer an adequate level of data protection, as established by specific decisions of the European Commission (https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en)
The transfer of your personal data to countries that do not belong to the European Union and that have not been assessed as offering adequate levels of protection will be performed only:
- after the completion between THE NET-A-PORTER GROUP LIMITED and said parties of specific agreements containing safeguard clauses and appropriate guarantees for the protection of your personal data (known as "standard contractual clauses" and approved by the European Commission), or
- if the transfer is necessary for the completion and execution of a contract between you and THE NET-A-PORTER GROUP LIMITED (for the purchase of goods offered on our website, for registration on the website or use of services on the website), or
- for the management of your requests.
7. How long do we keep your data?
We keep your personal data for a limited period of time in line with our data retention policy. The specific retention period will vary according to the reason for processing your personal data. After this period, your data will be permanently erased or otherwise irreversibly rendered anonymous.
Your personal data are retained in accordance with the following criteria:
When you have purchased goods from www.mrporter.com, we will retain the billing data until the end of the relevant accounting period, normally seven years from the billing date;
When you make a payment, we will retain your payment details up to the certification of the payment and the completion of the relevant administrative-accounting formalities regarding your right of withdrawal and the terms applied for the disputing of the payment;
When you provide us with personal data in order to use the services of www.mrporter.com, such as marketing communications subscription, we will keep your data for this purpose until the termination of the service or until you cancel your subscription to the service;
When you give us your consent to send you marketing communications, you can withdraw your consent at any time. We will consider your consent to be current for five years from your last interaction with any email that we send you, with our App or with www.mrporter.com. In any case, we will reduce the number of marketing contacts after six months if you don't interact with us;
When we use your personal data and browsing history to analyse your behaviour in order to customise the website and to show you personalised sales offers, we will keep the data for analytical purposes until you ask us to delete it;
When we use personal data for market research and satisfaction surveys, we will keep the data until you ask us to stop.
When you contact our Customer Care Team, we will keep any additional personal data you provide that is specific to your enquiry for as long as you remain an active customer of www.mrporter.com.
When you contact our Customer Care Team, we will keep the call recording for 6 months. Credit card details are not recorded as part of the call.
8. Your rights
You have the right to request a copy of the data that we hold about you (and we will provide this to you free of charge once we have confirmed your identity).
If you would like a copy of some or all of your personal data, please email or write to us using the contact details in this policy.
If we do hold data about you we will:
- give you a description of it
- tell you why we are holding it
- tell you who it could be shared with
- tell you how long we will keep the data
- if the data was not provided by you, we will give you any available information such as the source of the data
- tell you if the data has been used for automated decision making
- tell you if the data is stored outside of the European Economic Area, and if so what safeguards are in place to protect your personal data
- let you have a concise and clear copy of the data
You have the right to ask us to correct any inaccuracies in the personal data we hold about you and to stop us using your data until it has been corrected. We want to make sure that your personal data is accurate and up to date and we will be happy to correct or remove data you think is inaccurate. You can also update your own information at any time by logging into My Account at www.mrporter.com.
You have the right to withdraw your consent to marketing at any time by calling our Customer Care Team, clicking 'unsubscribe' on a marketing email or replying STOP to a text message. Alternatively, you can sign into your account on www.mrporter.com and update your requirements in our Email Preference Centre. You may receive a small number of further communications immediately after unsubscribing but we will implement your request as quickly as possible.
You have the right at any time to oppose our processing of your personal data on the basis of our legitimate interest. You will need to explain the reasons behind your request and allow us to consider your request and respond.
You have the right to request the deletion of your personal data. After receiving and reviewing your request, if legitimate it will be our responsibility to cease processing promptly and to delete your personal data.
You have the right to receive a copy of your data that we process based on your consent or on the basis of a contract with you in a standard format. If you wish, where technically possible, we can transfer your data directly to a third party indicated by you.
To exercise any of these rights, you can sign in to your account, contact our Customer Care Team at firstname.lastname@example.org or +44 330 022 5705 or write to our Privacy Team at THE NET-A-PORTER GROUP LIMITED, 1 The Village Offices, Westfield London, Ariel Way, London, W12 7GF.
To ensure that the data of our users are not subject to breaches or illegitimate use by third parties, we will ask you to confirm your identity before carrying out your request.
We protect your personal data with specific technical and organisational security measures aimed at preventing your personal data from being used illegitimately or fraudulently.
In particular, we use security measures that guarantee: pseudonymisation or encryption of your data; the confidentiality, integrity, and availability of your data as well as the resilience of the systems and services that process them; the ability to restore data in the event of a data breach. Furthermore, THE NET-A-PORTER GROUP LIMITED undertakes to test, verify and regularly evaluate the effectiveness of technical and organizational measures in order to guarantee continuous improvement in the safety of processing.
If you believe that THE NET-A-PORTER GROUP LIMITED is processing your personal data in contravention of the Law, you can file a complaint with the supervisory authority responsible for compliance with the rules on personal data protection.
In the UK, the complaint can be presented to the ICO. More information on how to complain is available on the ICO's website at https://ico.org.uk/ .
According to the Law to which the Controller YOOX NET-A-PORTER GROUP S.p.A. is subject, you can also contact the Italian Data Protection Authority. More information is available on the website of the Garante Privacy, at http://www.garanteprivacy.it/.
11. Changes to this notice