LOF Boutique Privacy Statement

what we do with the personal data of our customers

LOF Boutique (“LOF“) is a fashion boutique, with webshop, specially for women. In order to be able to carry out our activities properly, it is sometimes necessary to process your personal data. We always do so carefully and in accordance with the law and the following basic principles:

  • We always tell you what we do with your data and make sure that you can exercise your rights.
  • We only use the data for the purpose for which we collected it (such as processing your online order, customer relationship management, customer administration, service and marketing).
  • We do not collect, use or store more data than we need to achieve the purpose for which we obtained the data.
  • We collect, use and retain data only if there is no other way to achieve the same purpose.
  • The more privacy-sensitive the information about you, the less we use the data.
  • We only use the data to the extent that there is a ground stated in the law for doing so.
  • We take appropriate security measures against the loss of or unauthorised access to personal data.
  • We have taken measures to facilitate the exercise of your rights (such as your right of access and correction).

In this LOF Boutique Privacy Statement we describe which of your data we process, how we do it and what your rights are. We sometimes amend the LOF Boutique Privacy Statement, for example because of changes in the law. On our website www.lofboutique.nl you will find the current version of the LOF Boutique Privacy Statement.

THE PARTIES THAT PROCESS YOUR PERSONAL DATA
  • The sole proprietorship LOF Boutique (registered under number 24468321 in the trade register of the Chamber of Commerce), with its registered office in Rotterdam at (3062 WB) Lusthofstraat 37-B, is responsible for the processing of personal data. The telephone number of LOF is 010-2131693 and the email address is [email protected] .
  • LOF uses different systems for the processing of your personal data and it is possible that the suppliers of these systems also process your personal data as a result, of course with due observance of the guarantees of the applicable legislation and regulations and if required on the basis of a processing agreement. (See also below under the heading “Use of third parties”).
  • LOF has made agreements with these parties so that there are sufficient guarantees for the careful processing of your personal data, in accordance with the law and the internal privacy policy of LOF and this LOF Boutique Privacy Statement.

This Lof Boutique Privacy Statement includes an overview of the service providers with whom LOF cooperates in the provision of services.

WHAT DATA DO WE PROCESS

We collect, use and share different types of personal data. Some data we obtain from you and others through other channels. We only process special personal data if the conditions set out in the law are met. We may, among other things, collect the personal data mentioned on the right if and to the extent that these data are necessary for the purpose for which we have collected the data. The examples given are not exhaustive. We may also process comparable information.

We process the following personal data of customers:

  • Contact information of the customer or his legal representative(s) (such as name, (home) address, email address, telephone number and bank account number).

We process the following personal data of website visitors:

  • Information entered in the contact form (first name and email address).
  • Information entered in the newsletter form (email address).
  • Website visit log files (IP address).

The processing of this data is necessary if you make use of our services, because without this data we cannot provide our services properly.

THE PURPOSES OF PROCESSING AND FURTHER USE

If we want to process personal data for another purpose that is not related to one of the purposes mentioned here, we will always inform you about this, for example by modifying the LOF Boutique Privacy Statement, placing a message on our website or sending a personal message to you.

We process personal data in order to be able to do our activities as well as possible and to carry out an assignment for you.

These purposes include the following activities related to the main purposes:

  • Sales and services to customers and customer administration
    LOF processes your personal data in the first place in order to be able to deliver our products and services to you. We use this information, for example, to send an invoice and to maintain our relationship with you. We also use the data to answer a request for information or to process your order.
  • Use of third parties
    LOF may use third parties in the performance of its services. Insofar as these third parties have access to personal data during the execution of the services in question, LOF has taken the required contractual and organisational measures to ensure that your data will only be processed in accordance with the applicable legislation and regulations on the basis of any required processing agreement and for the purposes stated in this LOF Boutique Privacy Statement.
  • Marketing and sales activities and customer relationship management
    We like to make offers for our products and services to our customers. We do this by telephone, email or post, unless you object.
  • Processing of your data on the LOF website
    We collect and use your personal data on our websites in the first place for the purpose of providing you with our (web) services and for the purpose of communicating with you. We also use the data to process your order and to ensure that it is delivered to the right location. Your data will also be used for research and analysis purposes, with the aim of improving our services and our website. We may also use your data on our websites to send (commercial) information by email about other LOF services in certain cases, provided you have given us your permission to do so. The personal data are also used for the management of the website, including the collection of statistical data on website visits and the improvement of the functioning of our website.
THE LEGAL BASIS FOR THE USE OF YOUR PERSONAL DATAWe may use your personal information because and to the extent that it is necessary for:

  • The execution of our agreement with you.
  • Compliance with a legal obligation that rests on LOF.
  • Promoting the legitimate interest of LOF or third parties (to the extent that this outweighs your privacy interest). That legitimate interest is the interest of LOF in being able to offer its services to its business contact as efficiently as possible.

In some cases, we may only process your data if you have given us permission to do so. You can withdraw your permission at any time.

THE PARTIES WHO HAVE ACCESS TO YOUR DATA
  • Only LOF employees who need the personal data to carry out their work have direct access to your data in LOF’s systems.
  • If we also give third parties access to your data, we will only do so if we are certain that that third party will only use the data in a way and for a purpose related to the purpose for which the data was obtained, and only in accordance with this LOF Boutique Privacy Statement. Furthermore, the confidentiality obligations and security measures required by law always apply to prevent your personal data from being disclosed to other parties.
  • In some cases, we are also required by law to provide data to third parties. In doing so, we always look at how we can respect your right to privacy as much as possible.
HOW LONG WE STORE YOUR PERSONAL INFORMATIONWe do not retain data for longer than is necessary for the performance of our activities, unless we are required by law to retain your data for longer. The retention period for specific data depends on the nature of the data and the purposes for which they are processed. The retention period may therefore differ per use.
THE SECURITY OF YOUR PERSONAL DATA
  • We will take all reasonable, appropriate security measures to protect LOF and our business contacts from unauthorised access or alteration, disclosure or destruction of personal data. In doing so, we comply with the applicable security standards.
  • If, despite the security measures in place, there is a security incident that is likely to adversely affect your privacy, we will notify you of the incident as soon as possible. We therefore inform you about the measures we have taken to limit the consequences and prevent repetition in the future.
YOUR RIGHTS WITH REGARD TO THE USE OF YOUR PERSONAL DATA (AND HOW TO EXERCISE THEM)
  • You may object to the use of your personal data, for example if you believe that the use of your personal data is not necessary for the performance of our activities or in order to comply with a legal obligation.
  • You have the right to access your personal data. This means that you can ask which of your personal data has been registered and for which purposes the data will be used.
  • If you believe that we have incorrect personal data about you, you can have these personal data corrected. You can also ask us to restrict the processing of your personal data, also for the period we need to assess your requests and/or objections.
  • You can also ask us to delete your personal data from our systems.
    You may also ask us to ensure that your personal information is transferred to another party.
  • We will comply with your request, unless we have a compelling, legitimate interest not to delete the data, which outweighs your privacy interest. Once we have deleted the data, for technical reasons we will not be able to delete all copies of the data immediately from our systems and backup systems. We may refuse to comply with the above requests if they are unreasonably frequent, require unreasonably heavy technical effort, or have unreasonably severe technical implications for our systems or endanger the privacy of others.
  • You can make the above requests or object by sending a message with your name, address, telephone number and a copy of a valid identification document to [email protected] Do not to forget to make your citizen service number (BSN) unreadable on the copy of your identity document before sending it to us. You will receive an answer within a month.
  • You can also submit a complaint about the use of your personal data. You can do this by contacting the Dutch Data Protection Authority https://autoriteitpersoonsgegevens.nl/nl/zelf-doen/privacyrechten/klacht-over-gebruik-persoonsgegevens?qa=klacht .

Service providers overview

Webshop software

WooCommerce

Our webshop has been developed with software from WooCommerce.  We have chosen DigitalOcean for our webhosting. Personal data that you make available to us for the purpose of providing our services will be shared with this party. DigitalOcean has access to your data to provide us with (technical) support, they will never use your data for any other purpose. DigitalOcean is obliged by the agreement we have concluded with them to take appropriate security measures. These security measures consist of SSL encryption and a strong password policy. Backups are made on a regular basis to prevent loss of data.

WooCommerce

Our webshop has been developed with software from WooCommerce. We host our webshop on a server under our own management. We have taken appropriate technical and organisational measures to prevent abuse, loss and corruption of data as far as possible. These security measures include at least SSL encryption and a strong password policy. Backups are made on a regular basis to prevent loss of data.

Webhosting

DigitalOcean

We purchase webhosting and email services from DigitalOcean. DigitalOcean processes personal data on our behalf and does not use your data for its own purposes. It may, however, collect metadata on the use of the services. These are not personal data. DigitalOcean has taken appropriate technical and organisational measures to prevent the loss and unauthorised use of your personal data. DigitalOcean is bound by a confidentiality agreement.

Email and mailing lists

MailChimp

Our website uses MailChimp, a third party that handles email traffic from our website and the sending of any newsletters. All confirmation emails you receive from our website and web forms are sent through MailChimp’s servers. MailChimp will never use your name and email address for its own purposes. You will see the unsubscribe link at the bottom of every email sent automatically via our website. If you click on this button, you will no longer receive an email from our website. This can seriously reduce the functionality of our website! Your personal data will be stored securely by MailChimp. MailChimp uses cookies and other Internet technologies to monitor whether emails are opened and read. MailChimp reserves the right to use your data to further improve the service and to share information with third parties as part of that service.

Payment processors

Mollie

We use the platform of Mollie to process (part of) the payments in our webshop. Mollie processes your name, address and residence details as well as your payment details such as your bank account or credit card number. Mollie has taken appropriate technical and organisational measures to protect your personal data. Mollie reserves the right to use your data to further improve the service and to share (anonymised) data with third parties in the context thereof. All the above guarantees with regard to the protection of your personal data also apply to the parts of Mollie’s services for which they engage third parties. Mollie does not retain your data for longer than permitted by law.

Delivery companies

DHL

If you place an order with us, it is our task to have your package delivered to you. We use DHL to carry out deliveries. It is therefore necessary for us to share your name, address and place of residence with DHL. DHL will only use this information for the purpose of performing the agreement. In the event that DHL engages subcontractors, DHL will also provide your information to those parties.

 

Website by Webroots