Privacy Policy
This Privacy Policy outlines how personal information is collected, used, disclosed, and secured by Net-A-Porter and its affiliates (“we”, “us”, or “our”) when you visit, interact with, or use our website, net-a-orter.com (the “Site”). We are committed to safeguarding the privacy and confidentiality of your personal data and adhering to applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
1. Commitment to Privacy and Data Protection
Net-A-Porter values your trust and is dedicated to preserving your right to privacy. We strive to maintain the highest standards of data protection and transparency. Our data handling practices are designed with a privacy-first mindset to ensure the confidentiality, integrity, and availability of your information throughout its lifecycle.
2. Scope of the Policy and Role as Data Controller
This Privacy Policy applies to all data collected through your interactions with net-a-orter.com, including when you browse our Site, create an account, make purchases, subscribe to marketing communications, or engage with our customer service team.
For the purposes of GDPR and other relevant data protection laws, Net-A-Porter acts as the data controller with respect to all personal data collected from visitors and users of the Site. We determine the purposes and means of processing personal data.
3. Categories of Personal Data Processed
We may collect and process the following categories of personal data:
a. Usage Data – including IP address, browser type, referral URLs, pages visited, time spent on pages, clickstream data, and session data to optimize performance and security.
b. Account Data – including your name, billing and shipping addresses, email address, and phone number used when creating an account on our Site.
c. Profile Data – including your preferences, wishlists, shopping behaviors, viewed products, purchase history, and account settings.
d. Communication Data – including correspondence with customer support, emails, chat transcripts, and information you submit via contact forms.
e. Technical Data – including device information, operating system, mobile identifiers, browser configuration, and system settings necessary for site functionality and diagnostics.
f. Transaction Data – including order details, payment methods (tokenized), delivery information, and billing records. Payment card details are processed securely by third-party payment processors.
g. Preference Data – including opt-in status, marketing consents, product interests, language preferences, and notification settings.
4. Legal Bases for Processing Personal Data
We process your personal data under the following lawful bases:
– Contractual Necessity: For the execution and performance of a contract (e.g., to process your orders or manage your account).
– Legitimate Interests: To improve our services, prevent fraud, ensure security, and maintain business operations. We balance our interests against your fundamental rights and freedoms.
– Consent: Where required by law, we seek your explicit consent before processing certain data, such as for sending marketing communications or using certain cookies.
– Legal Obligation: To comply with legal obligations, such as tax, accounting, or law enforcement requests.
5. Your Rights Under GDPR and CCPA
Depending on your location, you may have the following rights:
– Right of Access – To request confirmation as to whether your personal data is being processed and to obtain a copy of your data.
– Right to Rectification – To correct inaccurate or incomplete data we hold about you.
– Right to Erasure – To request deletion of your data, subject to legal or legitimate grounds for retention.
– Right to Restriction – To restrict or limit how your data is used, where appropriate.
– Right to Data Portability – To receive your data in a structured, machine-readable format and transfer it to another service provider.
– Right to Object – To object to the processing of personal data based on legitimate interest or for direct marketing purposes.
– Right Not to Be Subject to Automated Decision-Making – To request human intervention if profiling or automated decisions affect your rights.
– Right to Opt-Out of Sale (under CCPA) – California residents may request that we not sell their personal data.
To exercise your rights, please contact us at [email protected]. We reserve the right to verify your identity when responding to such requests.
6. Security Measures
We implement industry-standard technical and organizational safeguards to protect your personal data from unauthorized access, disclosure, alteration, and destruction. Key measures include:
– SSL/TLS encryption of data in transit
– Pseudonymization and tokenization where applicable
– Access control with authentication protocols
– Secure data backups and disaster recovery procedures
– Employee training and restricted data access rights
While no system is completely secure, we continuously assess and enhance our security practices to mitigate emerging threats.
7. International Data Transfers
Your personal data may be transferred to and processed in countries outside your jurisdiction, including countries that may not have data protection laws equivalent to those applicable in your country. In such cases, we use appropriate legal safeguards, including Standard Contractual Clauses approved by the European Commission, to ensure your data remains protected to GDPR-equivalent standards.
8. Data Retention
We retain your personal data only for as long as necessary for the purposes outlined in this policy, unless a longer retention period is required by law. Retention durations may include:
– Account data: as long as your account is active and up to 7 years post-deactivation to comply with legal auditing requirements
– Transaction data: 7 years for accounting and tax purposes
– Usage and technical data: typically retained for 18-24 months for analytics
– Communication and support records: up to 3 years
– Marketing preference data: until consent is withdrawn or after 2 years of inactivity
9. Cookie Policy
We use cookies and similar tracking technologies to enhance your experience on net-a-orter.com. Cookies fall into the following categories:
– Essential Cookies: Necessary for basic site functionality (e.g., navigation, secure checkout)
– Functional Cookies: Remember your site preferences and login details
– Performance Cookies: Collect anonymous data on how the Site is used to improve functionality
– Analytics Cookies: Used for aggregated measurement and reporting (e.g., Google Analytics)
– Targeting and Advertising Cookies: Help deliver relevant offers and personalize your browsing experience
All non-essential cookies are used only with your consent.
10. Cookie Management and Legal Compliance
When you first visit our Site, a banner informs you about cookie usage. You have control over your cookie preferences through our Consent Management Platform accessible at the bottom of each page.
Under GDPR and CCPA, users can:
– Withdraw consent to cookie tracking at any time
– Access clear information about cookie purposes and retention
– Prevent certain cookies via browser settings or cookie preference tools
11. Children’s Privacy
Net-A-Porter does not knowingly collect or solicit personal information from children under the age of 13. If we are made aware that such data has been collected, it will be deleted promptly. Parents or guardians who believe their child has provided us with personal information without consent may contact us at [email protected].
12. Privacy Policy Updates
We may revise this Privacy Policy from time to time to reflect changes in technology, legal requirements, or our business practices. Material changes that affect your rights will be communicated via prominent notices on the Site. Your continued use of net-a-orter.com constitutes acceptance of the updated policy.
13. Contact Us
If you have any questions, privacy-related concerns, or wish to exercise your data protection rights, please contact us at:
Email: [email protected]
We are committed to full compliance with applicable data protection regulations, including the GDPR and CCPA. For more information on how we handle your data or to submit a request, please reach out to us at your convenience.