In this Privacy Notice we will cover:
- Who is the data controller?
- What personal data do we process and what is our legal basis for processing it?
- Who will process your data?
- Data transfer outside the European Union
- How long do we keep your data?
- Your rights
1. Who is the data controller?
The data controllers for any personal data we hold about you are THE NET‑A‑PORTER GROUP LIMITED of 1 The Village Offices, Westfield London, Ariel Way, London, W12 7GF, United Kingdom and our parent company, YOOX NET‑A‑PORTER GROUP S.p.A. of Via Morimondo 17, 20143 Milan, Italy, a company with sole shareholder subject to direction and coordination by Compagnie Financière Richemont S.A,
We are responsible for ensuring that your data is held securely, that you are given accurate information about how your data is used, and that your rights regarding your data are respected. The products we sell are not aimed specifically at individuals under the age of 18, we do not promote our products to this market and we cannot identify individuals of this age and under, on our database. Please refer to our Terms & Conditions for more information. Please also read our Registration & Account Terms and Conditions which apply to you when you register for an account on our website or App.
2. What personal data do we process and what is our legal basis for processing it?
We collect data from you when you visit our websites: net-a-porter.com, mrporter.com, theoutnet.com or while using our associated apps (“websites and Apps”). The data we collect includes your name, email address, telephone number and shipping/billing address, your day and month of birth, your favorite designers and information regarding your browsing and shopping behaviour. Data is collected when you place an order, call our Customer Care team, register with us, opt into our marketing communications, browse our site and use other services offered by our site. The data we collect is used to take your order, process payment and deliver your purchase to you. We also use it to deliver marketing communications, give access to services for registered users, personalize your visit to our site and provide assistance via our Customer Care team.
We must have a valid reason for processing your personal data and we may not collect, store or use data about you that is not compatible with that reason. There are four valid reasons for our use of your personal data: Performance of a Contract, our Legitimate Interests as a business, a Legal Obligation we are required to follow and Consent which you provide to us.
If you have given your consent to our use of your personal data, you are entitled to withdraw this consent at any time.
The data we process, and the legal basis we use to process it is detailed below:
Purpose: When you purchase a product from our websites and Apps we ask you for the personal data necessary to allow us to fulfil our contract with you including despatching your item and taking payment from you. Your personal data will also be used to manage your requests for customer service.
Personal Data Processed: Contact details (name, address, postcode, phone number), financial details (credit and debit card details etc), delivery address.
Purpose: When you register on the website, convert your guest account to a registered account or download the App we ask you for the personal data necessary to allow you to benefit from services reserved to registered users.
Personal Data Processed: Name, email address, day and month of birth, designer and other preferences.
Purpose: If you are a member of a reward programme with one of our partners, your personal data will be used to fulfil your reward including despatching your item, taking payment from you and managing your requests for customer service
Personal Data Processed: Contact details (name, address, postcode, phone number), financial details (credit and debit card details etc), reward value, partner programme, delivery address.
Purpose: When you sign up to our Recommend a Friend scheme following a friend’s referral.
Personal Data Processed: Name, email address and order ID
Purpose: When you have referred a friend to get validation of the referral and the referral reward.
Personal Data Processed: Name and email address
Purpose: For NET‑A‑PORTER , MR PORTER and THE OUTNET direct marketing by email.
Personal Data Processed: Name, email address, browsing and purchase history, date of consent.
Purpose: Push notifications via our websites and Apps to offer goods and services that may be relevant to you. These can be configured in the settings of your device or browser.
Personal Data Processed: Products purchased, viewed, or placed in cart, name, device ID or IP address; language used to navigate and version of your use (country); information on the device and browser you use; date and time when you provided consent to receiving web push notifications; date of creation of the account; date of last visit to our site.
Purpose: When you receive email marketing communications from us after entering a competition run by one of our affiliate partners.
Personal Data Processed: Name and email address.
Purpose: When you have signed up to take part in our market research programmes.
Personal Data Processed: Name, email address and dependent upon the type of research, other relevant information, for example, age or place of domicile may also be collected.
Purpose: Calls to our Customer Care team are recorded to ensure a high level of customer service to our clients, to enable the development of staff training and to manage complaints or disputes.
Personal Data Processed: Recordings of calls to our Customer Care teams, customer name, account ID and order ID.
Purpose: To monitor how our websites and Apps are used so that we are able to provide a personalized browsing experience, to help us improve the websites and Apps to make them more user-friendly and help you find products that could be of interest.
Purpose: To monitor website and App visitor behaviour patterns using third party services such as Adobe Analytics.
Personal Data Processed: Internet log information that is anonymized, so that individuals cannot be directly identified.
Purpose: When we have a service message we need to send you via email confirming your order or returns or informing you of any changes that might affect your order, our service to you or changes to terms and conditions.
Personal Data Processed: Name and email address.
Purpose: When you save an item to your Shopping Bag, but don’t check out, we’ll send you an email service message to remind you that you haven’t checked out.
Personal Data Processed: Name, email address, item(s) saved in Bag.
Purpose: When you make a purchase on any of our websites, we will use some of your personal data to carry out anti-fraud activities: we have a legitimate interest in carrying out this activity to prevent and prosecute any fraudulent activity.
Personal Data Processed: Name, billing and shipping address, email address, phone number, payment information, previous order history.
Purpose: When providing your personal data for email communication purposes you also consent to us using tracking technologies in the email to make sure the email has been delivered, that you have opened it and to monitor if you have clicked on any of the links. This information helps us to measure the value of our communications and to provide you with relevant content at the right frequency, in compliance with our Retention Policy.
Personal Data Processed: Email address and engagement with email and its content.
Purpose: To monitor and analyse the performance of product ranges and anticipate market trends (Business Intelligence).
Personal Data Processed: Whilst this is normally in anonymized form, occasionally, we will use personal data such as location and gender to analyse business performance.
Purpose: When you use our live chat facility to message and talk to our Customer Care team we have a legitimate interest to ensure we handle and manage any query you have regarding the products and services we provide.
Personal Data Processed: Your name, the pages you have viewed and items in your Shopping Bag and any other contact details you might provide to us during the course of the conversation.
Purpose: To make size recommendations for specific garments.
Personal Data Processed: Your clothes and shoe size, age, weight and details of the fit of the item.
Purpose: To collect information on our brand influencers and understand their impact.
Personal Data Processed: Publicly available data on your social network that includes name, username(s), posts, views, followers, shares, comments and bio descriptions and to which NET‑A‑PORTER may add further information such as contact details (phone number, email and address), industry category, territory, age, gender, favorite products or other relevant information
Purpose: From time to time we may target NET‑A‑PORTER.COM visitors with products from our other brands – MR PORTER and THE OUTNET and vice versa.
Personal Data Processed: Name, IP address, email address, purchase/browsing history
Purpose: When you make a purchase on our websites and Apps, we are required to process your personal data to meet our legal obligations in accordance with the tax provisions and other statutory rules which apply.
Personal Data Processed: Contact details and details of your financial transaction with us.
Purpose: When we process your information in response to you exercising your data subject rights.
Personal Data Processed: Name, contact information, purchase history, other information you have specifically requested.
3. Who will process your data?
Your personal data will be processed by the internal staff of the THE NET‑A‑PORTER GROUP LIMITED who have been specifically trained and authorized for this processing. In carrying out the processing for distribution of our products and managing our supply chain, the data may also be transmitted to our parent companies YOOX NET‑A‑PORTER GROUP S.p.A and Compagnie Financière Richemont S.A,
Your personal data will also be transmitted to third parties that we use to provide our services; these parties have been rigorously assessed for the way in which they manage personal data and may only use your data for the exact purposes that we specify in the contract with them.
The third parties in question belong to the following categories:
- Companies such as payment service providers that help us to process your order.
- Companies that help us to deliver your purchases such as couriers and parcel delivery companies who deliver your goods and act as Data Controllers for the duration of the delivery process.
- Professional service providers, such as email delivery suppliers, IT software providers, marketing and research agencies, analytics companies and website hosts who help us to run our business,
- Credit reference agencies, law enforcement and fraud prevention agencies, so we can help tackle fraud.
- Governmental bodies and regulators to comply with our legal obligations.
- Aggregated data that does not identify individuals is shared with internal teams, relevant service providers and brand partners for business planning purposes
4. Data transfer outside the EU
Some of the third parties listed in the previous section 'Who will process your data?' may be located in countries outside the European Union that nevertheless offer an adequate level of data protection, as established by specific decisions of the European Commission.
The lawful transfer mechanism of your personal data to countries that do not belong to the European Union and that have not been assessed as offering adequate levels of protection will be performed only
- after Standard Contractual Clauses have been put in place
- if the transfer is necessary for the purchase of goods offered on our website or for registration on the website or use of services on the website
- for the management of your requests.
5. How long do we keep your data?
We keep your personal data for a limited period of time in line with our data retention policy. The specific retention period will vary according to the reason for processing your personal data. After this period, your data will be permanently erased or otherwise irreversibly rendered anonymous.
6. Your Rights
You have the following rights under data protection law:
- The right to request a copy of the personal data that we hold about you. The right to ask us to correct any inaccuracies in the personal data we hold about you.
- The right to withdraw your consent to marketing.
- The right to object to our processing of your personal data on the basis of our legitimate interest.
- The right to request the deletion of your personal data in certain circumstances.
- The right to data portability to transfer your data to another entity.
- The right related to automated decision making including profiling. We use profiling to make relevant and tailored recommendations to you. We do not use automated decision-making processes that would have a potentially damaging effect on you. But if we did, you have the right to obtain human intervention, express your point of view, obtain an explanation of the decision and challenge it.
To exercise any of these rights, you can sign in to your account, contact our Customer Care team at firstname.lastname@example.org or +44 330 022 5700 or write to our Data Protection Officer (DPO) by writing to "Data Protection Officer" at one of the addresses below, or by email to the DPO address (DPO@ynap.com).
- Data Protection Officer (DPO), THE NET‑A‑PORTER GROUP LIMITED, 1 The Village Offices, Westfield London, Ariel Way, London, W12 7GF
- Data Protection Officer (DPO), YOOX NET‑A‑PORTER S.p.A, Via Morimondo 17, 20143 Milan, Italy.
If you believe that NET‑A‑PORTER GROUP LIMITED are processing your data illegally, you have the right to lodge a complaint with the Supervisory Authority. In the UK, this is the ICO. https://ico.org.uk/make-a-complaint/
We are committed to taking appropriate technical, physical and organisational measures to protect personal information against unauthorized access, unlawful processing, accidental loss or damage, and unauthorized destruction.
In particular, we use security measures that employ pseudonymisation or encryption of your data to ensure the confidentiality, integrity, and availability of your data as well as the resilience of the systems and services that process them. We have the ability to restore the availability and access to personal data in the event of a physical or technical incident. Furthermore, NET‑A‑PORTER GROUP LIMITED undertakes to test, verify and regularly evaluate the effectiveness of technical and organizational measures in order to ensure continuous improvement in the safety of processing.
8. Changes to this notice