PRIVACY POLICY & COOKIE POLICY LOF BOUTIQUE

Version: April 2021
Sole proprietorship: LOF Boutique
Adress: Lusthofstraat 37B
3062 WB Rotterdam, The Netherlands
Telephone number: +31(0) 10 4146149
Ch. of Comm. number: 24468321
VAT number: NL001791757B205

Email adress: [email protected]

LOF Boutique (“LOF“) is a fashion boutique with webshop.
We process your personal data when you use our website ( https://lofboutique.nl/)
(hereinafter: the “Website“). We are convinced that the
protection of your personal data is of great importance and we treat your
personal data with the utmost care. We ensure that your personal data is
protected with appropriate safeguards and follow the rules for the
protection of personal data from the General Data Protection Regulation
(GDPR) and from the related applicable laws and regulations.

With this privacy statement we inform you about how and why your personal
data are processed. We also inform you about your rights in this respect.
Should you have any privacy related questions, you can contact us in the
following ways.

By telephone:
+31(0) 10 4146149

By postal mail:
Lusthofstraat 37B, 3062 WB Rotterdam, The Netherlands

By email:
[email protected]

1. HOW DO WE OBTAIN YOUR PERSONAL DATA?

We need certain personal data from you in order to deliver our products to
you and to provide our services. We receive your personal data when you
provide it to us through our Website or through cookies. Without this
personal data, we cannot deliver the products to you, communicate with you,
offer a good Website or inform you about our services.


2. WHAT PERSONAL DATA DO WE PROCESS AND FOR WHAT PURPOSES?

In particular, we process the following categories of personal data, for
the following purposes:

PERSONAL DATA PURPOSES
Contact details (name, adress, telephone number and email
adress).
To create an account, to deliver our products to you, to
send you an invoice, to provide you with information,
marketing purposes, to make offers, and to establish your
identity.
International Bank Account Number (IBAN). To facilitate payment for the products ordered.
Information about the use of our Website. To make our Website available, to ensure the functioning
and security of the Website, to perform analyses and to
adapt the Website to your needs.
Location details. To verify that our products can be delivered to you.
Information you leave to create an account. To create an account, to deliver our products to you, to
provide you with information and to establish your
identity.
Personal data through cookies (including IP address, for
more information, see below, under 4. More information
about cookies).
See below, under 4. More information about cookies.
Personal data that we automatically collect when you visit
our Website (including the date and time you accessed the
Website and information about your clicking behavior).
To make our Website available, to ensure the operation and
security of the Website, to perform analyses and to adapt
the Website to your needs.
Personal information that you otherwise leave with us in a
message.
For any of the above purposes.

No special personal data such as your Citizen Service Number (in Dutch: BSN) and medical data will be processed. You should also not
provide these to us. If you do provide them (accidentally), these personal
data will be deleted as soon as possible after receipt.

We do not use personal data for profiling or fully automated decisions.

You can only place orders with us if you are over the age of 16. We are not
liable for the consequences of processing personal data of persons under
the age of 16 without the consent of their parent(s) or guardian(s). If we
become aware that we have collected personal data from persons under the
age of 16 without the consent of their parent(s) or guardian(s), we will
take steps to remove that data from our servers. If you suspect that your
child under the age of 16 has provided us with personal information without
your consent, please email [email protected].

External links

The Website may contain links to other websites. We are not responsible for
the practices of other websites linked to or from our Website. Our privacy
statement does not apply when you use a link to go from our Website to
another website. Your conduct on a third-party website, including those
parties who have a link on our Website, is subject to their own rules and
policies. We are not responsible for the privacy policies or content of
these other websites. We encourage you to familiarize yourself with the
privacy statements on those websites.

3. ON WHAT GROUNDS DO WE PROCESS YOUR DATA?

Based on the execution of the agreement you enter into with us as a
customer, we may process your personal data. If you have not yet entered
into an agreement with us, but do visit our Website, we may process your
personal data based on our legitimate interest. This legitimate interest is
also the basis on which we use cookies to ensure that the Website functions
optimally.

As a customer of ours, we may approach you to send newsletters and we may
also inform you about our products and other related services. If you no
longer wish to be informed with news about us, you will find an unsubscribe
option in every email. Furthermore, you can unsubscribe free of charge by
sending an unsubscribe request to [email protected].

Withdrawing your consent and unsubscribing from any newsletters

Withdrawal of your consent is effective for the future and does not affect
the lawfulness of processing based on consent before the withdrawal. If you
have withdrawn your consent or unsubscribed from our newsletters, we will
delete your personal data from our systems within four (4) weeks, unless we
are required to retain your personal data for a longer period by law or if
longer retention is necessary for the performance of our activities or the
completion of the contract.

4. MORE INFORMATION ABOUT COOKIES

The Website makes use of cookies. Cookies are simple text files stored by
your browser on your computer, tablet or smartphone that contain
information about general visiting data, such as most requested pages,
browser type, date and time of your visit etc. The Website instructs the
browser you use to view websites to store these cookies on your computer. A
cookie is used, among other things, to make the use of the Website easier
for you. The purpose of this is to optimize the design of the Website for
you. When you visit our Website, it is necessary to collect certain
information to ensure a smooth connection. If you request a web page, it is
necessary for the web server to know where the page is going. For this
purpose, your IP address is used. This is a number sequence that is
automatically assigned to your computer by your internet service provider
each time you log on to the internet, so that you can be identified. Your
data can also be used to offer more targeted information. If you visit our
Website for the first time, we will ask you to allow cookies. You can then
turn certain cookies on or off or block or delete them via your web
browser. Most parts of our Website will then remain readable.

You can manage your cookie preferences by clicking on the “Cookie settings”
link on the Website and enabling or disabling the cookie categories in the
pop-up according to your preferences.

Should you decide to change your preferences later via your browser
session, you can click on “manage your consent” in the first paragraph of
this page. This will bring up the consent message again, so you can either
change your preferences or withdraw your consent completely.

Below is a description of the cookies that are placed on the Website. We
use the services of Google and Facebook. Basically, the cookies can be
divided into functional cookies (necessary for the Website), analytical
cookies (to keep statistics), social media cookies (for sharing content)
and tracking cookies (to follow visitors). However, for the use of tracking
cookies (that is, cookies that follow you) we will actively ask your
permission.

COOKIE

DESCRIPTION

Mandatory

_gat_gtag_* This cookie is used to differentiate between different
users.
_gid This cookie is installed by Google Analytics. The cookie is
used to store information about how visitors use a website
and helps create an analysis report on how the website is
doing. The data collected, including the number of
visitors, the source they came from and the pages are
anonymized.
_ga This cookie is installed by Google Analytics. The cookie is
used to calculate visitor, session, campaign data and track
site usage for the site’s analytics report. The cookies
store information anonymously and assign a randomly
generated number to identify unique visitors.
cookielawinfo-checkbox-necessary This cookie is set by GDPR Cookie Consent plugin. The
cookies is used to store the user consent for the cookies
in the category “Necessary”.
cookielawinfo-checkbox-performance This cookie is used to keep track of which cookies the user
have approved for this site.
cookielawinfo-checkbox-advertisement The cookie is set by GDPR cookie consent to record the user
consent for the cookies in the category “Advertisement”.
__cfduid The cookie is set by CloudFare. The cookie is used to
identify individual clients behind a shared IP address and
apply security settings on a per-client basis. It does not
correspond to any user ID in the web application and does
not store any personally identifiable information.
viewed_cookie_policy The cookie is set by the GDPR Cookie Consent plugin and is
used to store whether or not user has consented to the use
of cookies. It does not store any personal data.

Speed

__utma This cookie is set by Google Analytics and is used to
distinguish users and sessions. The cookie is created when
the JavaScript library executes and there are no existing
__utma cookies. The cookie is updated every time data is
sent to Google Analytics.
__utmc The cookie is set by Google Analytics and is deleted when
the user closes the browser. The cookie is not used by
ga.js. The cookie is used to enable interoperability with
urchin.js which is an older version of Google analytics and
used in conjunction with the __utmb cookie to determine new
sessions/visits.
__utmz This cookie is set by Google analytics and is used to store
the traffic source or campaign through which the visitor
reached your site.
__utmv This cookie is set by Google Analytics. The cookie is used
to store visitor-level custom variable data and is updated
every time data is sent to Google Analytics.
__utmt The cookie is set by Google Analytics and is used to
throttle request rate.
__utmb The cookie is set by Google Analytics. The cookie is used
to determine new sessions/visits. The cookie is created
when the JavaScript library executes and there are no
existing __utma cookies. The cookie is updated every time
data is sent to Google Analytics.

Ads

_fbp This cookie is set by Facebook to deliver advertisement
when they are on Facebook or a digital platform powered by
Facebook advertising after visiting this website.
fr The cookie is set by Facebook to show relevant
advertisments to the users and measure and improve the
advertisements. The cookie also tracks the behavior of the
user across the web on sites that have Facebook pixel or
Facebook social plugin.

5. WHAT THIRD PARTIES HAVE ACCESS TO YOUR PERSONAL DATA?

Only those employees for whom it is necessary for them to have access to
your personal data have access to your personal data.

We may share your personal data as mentioned in paragraph 2 with third
parties. We will only share your personal data with third parties if this
is necessary to provide our services, for analytical or market purposes or
to comply with legal obligations. We ensure that if we work with third
parties, then we enter into a data processing agreement with that third
party. We then agree with these third parties that they will only process
your personal data in accordance with this privacy statement.

In some cases we may also have to provide data to third parties on the
basis of a legal obligation. In doing so, we always consider how we can
respect your right to privacy as much as possible.

In principle we do not share your personal data outside the European
Economic Area (EEA), except with Google, based in the United States, for
functional and tracking purposes. Otherwise, if we do transfer your
personal data outside the EEA, we will do so only under the conditions set
by privacy legislation. However, with respect to some non-European service
providers we engage, data processing outside the European Economic Area
cannot be excluded. We ensure that such service providers always provide an
adequate level of data protection.

Below you will find an overview of the third parties we engage in order to
provide the products, host our Website and provide our other services:

Web shop software

WooCommerce

Our online store is developed with software from WooCommerce, we have
chosen for our web hosting DigitalOcean. Personal data that you provide to
us for our services will be shared with this party. DigitalOcean has access
to your data to provide us (technical) support, they will never use your
data for any other purpose. Based on the agreement we have concluded with
them, DigitalOcean is obliged to take appropriate security measures. These
security measures consist of the application of SSL encryption and a strong
password policy. Regular backups are made to prevent loss of data.

Web hosting

DigitalOcean

We use web hosting and email services from DigitalOcean. DigitalOcean
processes personal data on our behalf and does not use your data for its
own purposes. However, this party may collect metadata about the use of the
services. This is not personal data. DigitalOcean has taken appropriate
technical and organizational measures to prevent the loss and unauthorized
use of your personal data. DigitalOcean is bound to secrecy on the basis of
the agreement.

Email en mailing lists

MailChimp

Our Website uses MailChimp, a third-party company that handles the email
traffic coming from our Website and the sending of any newsletters. All
confirmation emails you receive from our Website and web forms are sent
through MailChimp’s servers. MailChimp will never use your name and email
address for its own purposes. At the bottom of every email automatically
sent through our Website you will find the ‘unsubscribe’ link. When you
click this you will no longer receive email from our Website. This may
severely reduce the functionality of our Website. Your personal data are
stored securely by MailChimp. MailChimp uses cookies and other Internet
technologies that provide insight into whether emails are opened and read.
MailChimp reserves the right to use your data to further improve the
service and as part of this to share information with third parties.

Payment processors

Mollie

For handling (part of) the payments in our store, we use the platform of
Mollie. Mollie processes your name, address and city details and your
payment information such as your bank account or credit card number. Mollie
has taken appropriate technical and organizational measures to protect your
personal data. Mollie reserves the right to use your data to further
improve its services and in this context, to share (anonymized) data with
third parties. All of the above guarantees regarding the protection of your
personal data also apply to those parts of Mollie’s services for which it
engages third parties. Mollie will not retain your data any longer than is
legally permitted.

Shipping Companies

DHL

When you place an order with us, it is our job to get your package
delivered to you. We use the services of DHL for carrying out the
deliveries. It is therefore necessary for us to share your name, address
and place of residence with DHL. DHL will only use this data for the
execution of the contract. If DHL uses subcontractors, DHL will also share
your data with these parties.

6. HOW DO WE SECURE YOUR PERSONAL DATA?

We handle your personal data with the utmost care and ensure appropriate
organizational and technical security measures to protect the personal data
against unauthorized access or modification, disclosure or destruction of
personal data. We comply with the applicable security standards. The
information that is exchanged, collected and analyzed on our Website is
encrypted with a certificate. You can recognize this by the padlock in the
URL bar.

If, despite the security measures, there is a security incident that is
likely to adversely affect your privacy, we will inform you as soon as
possible about the incident. We will also inform you about the measures we
have taken to limit the consequences and to prevent repetition in the
future.

7. HOW LONG DO WE KEEP YOUR PERSONAL DATA?

We do not retain data for longer than is necessary to conduct our business,
unless we are required by law to retain your data for a longer period. How
long certain data is kept depends on the nature of the data and the
purposes for which it is processed. The retention period may therefore
differ depending on the use.

8. WHAT RIGHTS DO YOU HAVE?

You have the following rights with regard to the processing of your
personal data:

● You can request information and access to the personal
data we process about you. This means that you can ask which of your
personal data has been registered and for what purposes this personal data
is used.

● You can object to the processing of your personal data,
for example if you believe that the use of your personal data is not
necessary for the performance of our activities or to comply with a legal
obligation.

● You can request us to have your personal data changed/corrected and/or to restrict the
processing of your personal data;

● You can also ask us to remove your personal data from
our systems.

● You can also ask us to arrange for your personal data to be transferred to another party;

● You can also file a complaint about the use of your
personal data. You can do so at the Dutch Data Protection Authority (in
Dutch: Autoriteit Persoonsgegevens) via link.

Requests and other communications regarding the exercise of the
aforementioned rights can be submitted in writing using the contact
information at the top of the LOF Boutique Privacy Statement. We ask you to
motivate your request, provide your first and last name, signature, email
address and attach a copy of a valid identification document and ask you to
cross out all unnecessary information, including in any case your Citizen
Service Number (in Dutch: BSN) (for example by using the CopyID
app of the Dutch national government).

You will receive a response in principle within four (4) weeks after
receipt of your request. We will comply with your request, unless we have a
compelling legitimate interest or legal obligation not to remove the
personal data that outweighs your privacy interest or if complying with
your request is not otherwise required by law. If we have deleted personal
data, for technical reasons we may not immediately remove all copies of the
personal data from our systems and backup systems.

If a request to correct, supplement or delete personal data has been
complied with, we will also notify third parties to whom such personal data
has been disclosed of the changes made.

9. PRIVACY STATEMENT AMENDMENT

We may modify or update this privacy statement from time to time.
Amendments to this privacy declaration will take effect from the moment
they are published on our Website. We therefore recommend that you consult
this privacy statement regularly, so that you are aware of any changes to
it. If these adjustments are of significant importance to you, we will
always inform you