DISCLOSURE ON THE PROCESSING OF PERSONAL DATA
Yoko London, with its registered office at 20-24 Kirby Street, London, EC1N 8TS, (hereinafter, “Controller”, or “Yoko London” ), as Data Controller, wishes to inform in accordance with Art. 13 EU Regulation No. 2016/679 (hereinafter, “GDPR”) that your information will be processed with the following methods and for the following purposes:
1. Data subject to Processing
The Controller processes the personal identification data (for example, name, surname, company name, address, telephone, e-mail, bank and payment references) – hereinafter, “personal data” or also “data”) communicated by you at the time of the conclusion of agreements for the Controller’s services.
2. Purpose and methods of the Data Processing
Your data is processed only subject to your specific and clear consent (Articles 23 and 130 Privacy Code and Art. 7 GDPR). Please find below detailed information on how the Controller collects information from you and how the Controller uses it:
- To access certain areas of our Platform, you will need to register with us. During the registration process you will be asked to submit personal information about yourself (including your name and address, date of birth, e-mail address and telephone number). By entering your details in the fields requested, you enable the Controller to provide you with the services you select;
- When you purchase products online or by phone, we collect information such as your purchase details and relevant payment information. In addition, we will also collect personal information from you when you correspond with us (for example, if you contact us with a query about one of our products or services), when you provide your details when you visit the Yoko London boutique or contact Yoko London customer service by telephone or e-mail;
- If you choose to interact with Yoko London via a social media platform or other third party service, we will collect the information you have provided to us through that platform;
- We will use the information we collect from you to:
- Manage and fulfill purchase and repair orders, facilitate delivery, and to provide after-sales services;
- Manage our accounts and records;
- Deal with your enquiries and requests;
- Send service related communications, including announcements and administrative messages such as order confirmation;
- Identify products and services we think you might be interested in based on your information, such as your purchase history and your previous interactions with us;
- Send you marketing communications (including e-mails and social media audience matching) relating to us that we think may be of interest to you where we have a legitimate basis to do so;
- Conduct market research so that we can continuously improve the services we provide to our customers;
- Undertake credit checking, prevention of fraud and other prohibited or illegal activities as part of our efforts to keep our Platform and services secure; and
- Understand how our Platform is used so that we can continuously improve our Platform and services and other offerings.
3. Processing methods
The processing of your personal data is carried out with the operations indicated in Art. 4 Privacy Code and Art. 4 no. 2) GDPR and specifically: collection, registration, organisation, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of the data. The processing of your personal data is done in paper, electronic and/or automated form.
The Controller will process your personal data for the time necessary to fulfil all the aforementioned purposes and in any case for not more than 10 years following the termination of the relationship for Service Purposes and for not more than 2 years following the collection of the data for Marketing Purposes.
4. Access to the data
Your data may be made accessible for the purposes:
to employees and partners of the Controller or the companies in their capacity as employees and/or internal managers of the processing and/or system administrators.
5. Communication of the data
Your data will not be circulated.
6. Transfer of data
The personal data is stored on servers located in York (UK), within the European Union. It remains however understood that the Controller, should it become necessary, will have the right to move the servers also outside the EU. In that case, the Controller guarantees, as of now, that the transfer of the data outside the EU will take place in conformity with the applicable legal provisions, subject to the stipulation of standard contractual clauses required by the European Commission.
7. Nature of data provision and consequences of refusal to answer
The provision of the data for the purposes listed is mandatory. Without it, we will not be able to provide you with the Services).
The provision of the data for the purposes listed is instead optional. You can, therefore, decide not to provide any information or later refuse the possibility of processing data already provided: in that case, you will not receive newsletters, commercial communications and advertising material pertaining to the Services offered by the Controller. You will continue however to be entitled to the Services.
8. Rights of the interested party
In your capacity as an interested party, you have the rights provided in Art. 7 Privacy Code and Art. 15 GDPR and specifically the right:
i. to obtain confirmation of the existence or otherwise of the personal data concerning you, even if not recorded yet, and their communication in an intelligible form.
ii. to be informed: a) of the origin of the personal data; b) of the purposes and methods of the processing; c) of the logic applied to the processing, if the latter is carried out with the help of electronic means; d) of the identification data concerning the data controller, data processors and the representative designated as per Section 5, paragraph 2 Privacy Code and Art. 3, paragraph 1, GDPR; e) of the entities or categories of entities to whom the personal data may be communicated or who may learn of the data as designated representative in the territory of the State, processors or employees.
iii. to obtain: a) the updating, correction or, where interested, the integration of the data; b) cancellation, anonymization or blocking of data that has been processed unlawfully, including data whose retention is unnecessary for the purposes for which they have been collected or subsequently processed; c) certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data was communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected.
iv. to object, in all or in part: a) for legitimate reasons to the processing of your personal data, even though pertinent to the purpose of the collection; b) to the processing of your personal data for the purpose of sending advertising or direct sales material or to conduct market research or commercial communication, through the use of automated call systems without the intervention of an operation, through e-mail and/or through traditional marketing methods by telephone and/or postal service. We wish to point out that the interested party’s right to object as explained in the preceding point b), for direct marketing purposes by automated means extends to the traditional means and in any case, the interested party retains to the possibility of objecting even just in part. Therefore, the interested party can decide to only receive communications through traditional methods or just automated communications or neither of the two types of communication.
Where applicable, he/she also has the rights provided in Articles 16-21 GDPR (Right of correction, right of oblivion, right of limitation of processing, right of portability of the data, right of opposition), as well as the right to file a complaint with the Data Protection Authority.
9. Methods for exercising your rights
You may at any time exercise your rights by sending:
- a registered letter with return receipt to Yoko London, 20-24 Kirby Street, London, EC1N 8TS.
- an e-mail to the address: firstname.lastname@example.org.
10. Controller, processor and employees
The Data Controller is Yoko London with registered office at 20-24 Kirby Street, London, EC1N 8TS.
The updated list of processors and those responsible for data processing is kept at the registered office of the Data Controller.