Privacy Notice

Forgiven fashion

OVERVIEW

Your privacy is very important to us and we are committed to protecting your personal data. We promise to keep your data safe and to give you ways to manage and review your marketing choices at any time.

FORGIVEN operates worldwide. As part of our business, we offer our customers an e-commerce service accessible from our website forgiven.store. We own and operate those sites but we work with a company called Global-e that provides order processing and fulfilment services and is the seller of all products and services purchased through those sites. The checkout pages on our sites are provided by Global-e. On successful verification by Global-e of order and payment information, Global-e buys goods from us and resells them to you in accordance with the Global-e Terms of Service.

If you purchase products or services from this site, your personal data will be collected and used by Global-e for the purposes of fulfilling your order and delivering products to you. This Privacy Notice only relates to the use of your data by FORGIVEN. Please refer to Global-e’s privacy policy for further details on how your personal data will be used by them.

To provide our services, we also collect personal data about you. Data collection may take place on our website, by phone, by email, through social media websites (e.g. Facebook), through written correspondence and through other media we may use from time to time as technology develops.
This notice is intended to provide you with detailed information on our use of your personal data.

FORGIVEN, is the “controller” in respect of your personal data for the purposes of EU General Data Protection Regulation …….. where La FORGIVEN determines the purposes and means of processing.

Global-e, is the “controller” in respect of your personal data for the purposes of GDPR where Global-e determines the purposes and means of processing. Global-e may share your personal data with us as explained in their privacy policy (e.g. to process your order and for marketing purposes).
If the personal data collection forms on the site or in paper format, the customer is notably informed of the mandatory nature, or not, of the data collection. In the event of failure to provide a mandatory data field, FORGIVEN and Global-e will not be able to perform their services.

1. WHO COLLECTS PERSONAL DATA

The company collecting your personal data under this notice is: FORGIVEN, a simplified joint-stock company registered in Boulevard Regiei 6D, Bucharest, Romania.

2. HOW THE LAW PROTECTS YOU

2.1 Lawful reasons for processing

Your privacy is protected by law. Under data protection law, we are allowed to use your personal data only if we have a lawful reason. We must have one or more of the following lawful reasons:

To perform a contract or to take steps at your request prior to entering into a contract, or
Where we are required to do so to comply with our legal obligations (e.g. to keep records), or
Where it is in our legitimate interests or those of a third party, or
Where you have consente

A “legitimate interest” is where there is a business, commercial or other reason to use your information but it should not unfairly go against what is right and best for you. Examples of legitimate interests given in the EU General Data Protection Regulation (GDPR) include fraud prevention, direct marketing and sharing data within a corporate group (like FORGIVEN).

The normal basis for our processing of personal data is that it is necessary for our legitimate interests. Amongst other things, Global-e process personal data to perform contracts (i.e. fulfil customer orders) and pass personal data to us so that we can assist with that processing.

2.2 Our processing & reasons

We collect and record personal data to carry out the following processing:

What we use personal data for:	Our
Customer account management and supplying products and services	Legitimate interests
Customer satisfaction management (collection of customer reviews on products and customer service performance)	Legitimate interests
Statistics, analytics, selection and segmentation of customers to improve customer knowledge, how they use our products and services and their changing needs	Legitimate interests
Sending targeted marketing promotions by post, email, mobile notification, social network, other websites or other media as technology develops	Legitimate interests Consent
Personalising our sites (mobile and desktop) and applications to customers	Consent
Measuring visits to our sites (mobile and desktop) and mobile applications	Consent
Providing sharing tools on social networks	Consent
Detecting, investigating, reporting and seeking to prevent financial crime	Legitimate interests To comply with our legal obligations
Running competitions (e.g. prize draws)	Legitimate interests
Sharing personal data with commercial partners supporting our operations	Legitimate interests
Sharing personal data with other organisations so they can market products and services to you	Consent
Complying with legal obligations (e.g. record-keeping requirements)	To comply with our legal obligations
Handling claims and complaints and seeking to resolve them	To comply with our legal obligations Legitimate interests Legal claims

3. WHO WE SHARE YOUR DATA WITH

We share your data within FORGIVEN Group and with Global-e, and we may also share it with public authorities and other partners who can use the data for their own purposes (they are recipients) and suppliers only for the account and according to our instructions (our sub-contractors).

The recipients of the data may include:

Google Inc. for purposes of using Google Analytics tool

4. YOUR RIGHTS

4.1. Your rights under data protection laws

Your rights under Articles 14 to 22 of the EU General Data Protection Regulation (GDPR):

Right of access:
You can request a copy of the data we hold about you.

5. WILL MY DATA BE SENT OUTSIDE THE EEA?

Personal data may be transmitted for the purposes of processing set out above to companies located in countries outside the European Economic Area (EEA) that do not have an adequate level of protection with regard to personal data protection. The EEA includes the EU member states and also Iceland, Norway and Liechtenstein. Prior to the transfer outside the EEA, and in accordance with applicable data protection laws, we will implement procedures required to obtain necessary guarantees to secure such transfers.

Activities we currently undertake outside the EEA including:

6. HOW LONG WILL MY DATA BE KEPT?

We have rules covering data retention periods for [email protected]

To calculate the most relevant retention period, we distinguish:

“Prospects”, i.e. persons who have never made a purchase through the above sites
“Customers”, i.e. persons who have made at least one purchase

7. WHAT SECURITY MEASURES ARE TAKEN TO PROTECT MY DATA?

7.1. General rules

As a data “controller” under the EU General Data Protection Regulation (GDPR), we take all measures to preserve the security and confidentiality of data, and in particular to prevent data from being distorted, damaged or unauthorised third parties having access to data. We have deployed a robust security system to ensure the highest security of data collected and to detect data breaches.

8. WHAT SHOULD I KNOW ABOUT DATA COLLECTED BY SOCIAL NETWORKS?

We offer you the option to use social networks to improve our commercial relationship and offer you targeted advertising offers through these networks.

If you use social networks to communicate and interact with us (including Facebook Messenger, Facebook Connect, and the Facebook, Instagram or Twitter “share” buttons) it is likely that this will involve a data exchange between FORGIVEN and the social network.

9. IS DATA ON MINORS UNDER THE AGE OF 16 COLLECTED?

Persons using this site to browse and make purchases must be [16] years or more.

You may have the option (e.g. when creating an account with us) to provide personal data relating to your children. You must ensure that you have authority to do this (e.g. as parent or guardian).

10. MARKETING

10.1. Principle

We use your contact details to send you targeted advertisements by email, post, mobile notification, on social networks or third-party websites. We will comply with the rules applicable to each channel.

11. COOKIES, TAGS & TRACKERS

When using our online services, information relating to the navigation of your device (computer, tablet, smartphone, etc.), may be recorded in “cookies” files placed on your device, subject to any choices you have expressed about cookies. You can set your browser settings to reject cookies but please bear in mind that, if you do this, certain personalised features of our site cannot be provided to you.

12. WHO IS THE DATA PROTECTION OFFICER (DPO)?

12.1. What are the DPO’s duties?

The role of the data protection officer (DPO) within FORGIVEN is to ensure compliance with the regulations and rules described in this document. Our DPO is based in France and leads a privacy team with representatives in various countries.

Our DPO is responsible for establishing records of processing of personal data and ensuring compliance with data protection laws.

13. Request for data deletion

13.1. How to get your data deleted?

For users of our mobile Android and iOS apps “Forgiven”, and our web property registered on forgiven.store. Please email [email protected] with the subject “DATA DELETION REQUEST” and using the email address you registered with.

14. CHANGES TO THIS NOTICe

If we change or replace this notice, we will notify you by updating our websites.
Version date: March 2019