It also tells you about your privacy rights and how the law protects you.
What Information Do We Collect?
Types of Data Collected
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). At Pashion, we collect a variety of information about our customers and visitors to the Pashion websites in order to provide a better customer experience. This personal data falls into these categories:
|Category of Data||What It Includes|
|Identity Data||Your first name, last name, your login/password.|
|Contact Data||Your billing address, delivery address, email address and telephone numbers.|
|Financial Data||The last 4 digits of your credit card and the expiration year or less based on what our payment processor provides to us.|
|Transaction Data||Details about payments to and from you and other details of products and services you have purchased from us.|
|Profile Data||Your name and password, purchases or orders made by you, preferences, feedback responses, as well as any profile data which we have added (for example, using analytics).|
|Technical Data||IP address, your login data, browser type and version, location and other technology on the devices you use to access this website.|
|Usage Data||Information about how you use our websites, products and services.|
|Tracking Data||Information we or others collect about you from cookies and similar tracking technologies.|
|Marketing and Communications Data||Your preferences in receiving direct marketing from us and your communication preferences.|
We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity.
- (a) Turning off cookies in the preferences settings in your browser
- (b) Downloading the Google Analytics opt-out browser add on available at: https://tools.google.com/dlpage/gaoptout/
- (c) Opting out of user interest and demographic categories in the Settings for Google Ads feature to manage or opt out of Google interest based ads; or
- (d) Managing cookies used for online advertising across multiple companies at the USbased Network Advertising Initiative at http://www.networkadvertising.org/choices/.
Pashion tracks your browsing habits across other third-party websites and we do not respond to browser do not track signals.
We do not (and do not want to) collect any sensitive data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. We do not collect any information about criminal convictions and offences.
Pashion recognizes the privacy interests of children and we encourage parents and guardians to take an active role in their children’s online activities and interests. Neither our website nor our services are intended for children under the age of 16. Pashion does not target its services or this website to children under 16. Pashion does not knowingly collect personal data from children under the age of 16.
How We Use Your Information
We use your information in a number of different ways. The tables below provide more detail, showing what we do with your information and why, but generally, we use your information for the following reasons:
- In order to perform the contract we are about to enter into or have entered into with you. For example, when you purchase our products, that’s a contract. This may include disclosure to third parties who help us perform our end of the bargain, such as our shop hosting providers and shipping providers.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. For example, when we send newsletters or put you on a waiting list at your request.
- Where we need to comply with a legal or regulatory obligation. For example, keeping records of our sales for tax compliance.
|Purpose/Activity||Type of Data Non-Exhaustive||Lawful Basis for Processing|
|To register you as a new customer||Identity; Contact||Performance of a contract with you|
|To process and deliver your order including:
|Performance of a contract with you
Necessary for our legitimate interests (including to recover debts due to us)
|To manage our relationship with you which will include:
|Required in order to perform of a contract with you.
Necessary to comply with a legal obligation.
Necessary for our legitimate interests (to keep our records updated and to study how customers use our products).
|To deliver direct marketing to you||Identity; Contact;
|For most direct marketing communications, we rely on consent or consent implied from your past purchase from us of similar products, however there are situations in which it is in our legitimate interests to use your personal data in this way
(Please see Advertising, Marketing and Your Communications Preferences below)
|To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)||Identity; Contact;
|Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganization or group restructuring exercise)
Necessary to comply with a legal obligation
|To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you||Identity; Contact;
|Necessary for our legitimate interests (to study how customers use our products/ services, to develop them, to grow our business and to inform our marketing strategy)|
|To use data analytics to improve our websites, products/services, marketing, customer relationships and experiences||Technical; Tracking;
|Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)|
|To make suggestions and recommendations to you about other products of ours that may be of interest to you||Identity; Contact
|Necessary for our legitimate interests (to develop our products/services and grow our business)|
|To prevent and detect fraud and unlawful acts||Identity; Contact;
|Necessary for our legitimate interests (to protect our business and our customers by way of undertaking fraud monitoring and suspicious transaction monitoring)
Necessary to comply with a legal or contractual obligation to share personal data for the purposes of law enforcement
|In order to resolve legal claims or disputes involving you or us||All relevant data categories, depending on the nature of the allegation or claim||Necessary to bring or defend a claim|
How Is Your Data Collected?
We use different methods to collect data from and about you including through:
Direct interactions. You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by phone or email. This includes personal data you provide when you:
- sign up to receive product information or offers;
- make inquiries or request information be sent to you;
- create an account on our websites;
- signup for our waitlist;
- order our products;
- ask for marketing or newsletters to be sent to you;
- contact customer services; or
- provide comments or reviews on our products
Automated technologies or interactions. As you interact with us via our websites, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We may also collect Tracking Data when you use our websites, or when you click on one of our advertisements (including those shown on third party websites).
Third parties or publicly available sources. We may receive personal data about you from various types of third parties, including:
- Technical Data and/or Tracking Data from analytics providers, advertising networks and search information providers;
- any personal data you include in social media posts that tag us from social media plugin’s; and
- Contact, Financial, Tracking, Usage and Transaction Data from providers of website hosting provider services.
We will only use your personal data when the law allows us to.
Sharing Your Information
- Companies that do things to get your purchases to you, such as hosting service providers, payment service providers, and delivery companies;
- Professional service providers, such as auditors bankers, lawyers, accountants and insurers, marketing agencies, advertising partners and website hosts, who help us run our business; and
- Governments, regulators, law enforcement and fraud prevention agencies, so we can help tackle and comply with law enforcement; and
- Companies approved by you, such as social media sites (if you choose to link your accounts to us).
For example, we share personal data with the following specific third parties:
We also share data with third parties connected to advertising, retargeting and analytics. Please see Cookies below, including the cookie list, for more information about who those third parties are.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
We may also share your personal data if the law otherwise allows it.
Pashion uses third-party payment processors, such as Shopify, to process payments. Your credit card details are communicated directly from your browser to these payment processors - Pashion does not see your full Permanent Account Number (PAN).
Advertising, Marketing and Your Communication Preferences
We may use your Identity, Contact, Technical, Tracking, Usage and Profile Data to form a picture of what we think may be of interest to you. This is how we decide which products, services and offers may be relevant for you and tell you about them. This is what we call direct marketing. We carry out direct marketing by email. You have the right at any time to opt out of marketing emails. The easiest way to opt out is to use the unsubscribe link that you will find at the bottom of each communication.
If you see Pashion’s advertisements on websites and in social media, these may not be directed specifically at you, we might just have bid for the space. But we may specifically direct certain email promotions to you- for example if you live in a certain state, we may send you a marketing email for products with a certain team’s logos.
We also work with partners to try and promote the reach of our advertisements and use analytics and retargeting for this reason. We use Tracking Data to deliver relevant online advertising, including via websites and social media. For more information on Tracking Data, and in particular cookies, which also help us deliver website and social advertising that we believe is most relevant to you and to potential new customers of Pashion, please see Cookies below.
You can see from Advertising, Marketing and Your Communication Preferences above that cookies are a tool that we – and everyone one else who operates online – use for advertising. However, advertising is just one of the many reasons why cookies are used, and as you can see below, there are different types of cookies.
Strictly Functional Cookies
First and foremost, cookies help our websites work better. They help us work behind the scenes to make your customer experience a lot easier. You’d miss a lot of these things if they were gone – like easily logging in and moving from page to page, and keeping products in your cart if you leave the website.
Other cookies collect information about how visitors use our websites, and measure how well the websites work – like whether a visitor gets an error message from our web pages. These cookies don't collect information that identifies a visitor. All of the information that these types of cookies collect is aggregated and used to improve how our websites works.
Facebook remarketing service is provided by Facebook Inc. You can learn more about interest-based advertising from Facebook by visiting this page:https://www.facebook.com/ help/164968693837950. To opt-out from Facebook’s interest-based ads follow these instructions from Facebook:https://www.facebook.com/help/568137493302217
You can also opt-out from Facebook and other participating companies through the Digital Advertising Alliance in the USA http://www.aboutads.info/choices/, the Digital Advertising Alliance of Canada in Canada http://youradchoices.ca/ or the European Interactive Digital Advertising Alliance in Europe http://www.youronlinechoices.eu/, or opt-out using your mobile device settings. For more information on the privacy practices of Facebook, please visit Facebook’s Data Policy: https://www.facebook.com/privacy/explanation.
Cookies can also tell us if you have seen a specific advertisement, and how long it has been since you have seen it. This is helpful, because it means we can control the effectiveness of our advertisements and control the number of times people might be shown our advertisements. Cookies also help us understand if you’ve opened a marketing email - we don’t want to send you things that you don’t read.
Almost all the cookies that relate to advertising are part of third party online advertising networks. If you’d like to read about how you can control which advertisements you see online, see opt-out programs established by the Digital Advertising Alliance (United States), the Digital Advertising Alliance of Canada and the European Interactive Digital Advertising Alliance. We do not control cookies which are set by advertising networks.
Third Party Links
Data Security & Retention
We have put in place appropriate security measures designed to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosedIn addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know.
We will only keep your personal data for as long as necessary to fulfil the purposes for which we collected it in the first place, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data), generally for seven years after a transaction for tax purposes.
In some circumstances you can ask us to delete your data; see Your Legal Rights below for further information.
Your Legal Rights
If the GDPR applies to you because you are in the European Economic Area, you have certain rights in relation to your personal data:
- The right of access – that’s a right to make what’s known as a ‘data subject access request’ for a copy of the personal data we hold about you;
- The right to rectification – that’s a right to make us correct personal data about you that may be incomplete or inaccurate (though we generally recommend first making any changes in your Account Settings);
- The right to erasure (also known as the ‘right to be forgotten’) – that’s where in certain circumstances you can ask us to delete the personal data we have about you (unless there’s an overriding legal reason we need to keep it);
- The right to restrict processing – that’s a right for you in certain circumstances to ask us to suspend processing personal data;
- The right to data portability – that’s a right for you to ask us for a copy of your personal data in a common format (for example, a .csv file);
- The right to object – that’s a right for you to object to us processing your personal data (for example, if you object to us processing your data for direct marketing); and
- Rights in relation to automated decision making and profiling – that’s a right you have for us to be transparent about any profiling we do, or any automated decision making.
These rights are subject to certain rules around when you can exercise them. If you wish to exercise any of the rights set out above, please contact us (see How to Contact Pashion About Privacy).
Generally, you will not have to pay a fee to access your personal data (or to exercise any of the other rights) unless your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Finally, you have the right to make a complaint at any time to the supervisory authority for data protection issues in your country of residence. We would, however, appreciate the chance to deal with your concerns before you approach the supervisory authority so please contact us first.
How to Contact Pashion About Privacy
Pashion Customer Service