Privacy Policy
1. Introduction
At net-a-porter.com (“we,” “our,” or “us”), we are committed to protecting and preserving your privacy. Your trust in how we collect, use, and protect your personal data is central to our business. This Privacy Policy outlines our practices concerning the processing of your personal information in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). We are committed to handling your data lawfully, transparently, and securely.
2. Scope of this Privacy Policy and Data Controller Role
This policy applies to all visitors and users of our website, net-a-porter.com (the “Website”). net-a-porter.com is the data controller responsible for the processing of personal data under this policy. We only process data where we have a legal basis to do so, and always in accordance with this policy.
3. Categories of Personal Data Processed
We may collect and process various categories of personal data through your interactions with net-a-porter.com:
– Usage Data: Includes information such as IP address, browser type, geographic location, access dates and times, pages viewed, and the referring link to our website. This data is collected automatically through cookies and similar technologies.
– Account Data: Includes your name, mailing address, email address, telephone number, and account identifiers provided when you register or create an account with us.
– Profile Data: Includes your preferences, interests, shopping behavior, wish lists, product reviews, personalized settings, and interactions with marketing campaigns.
– Communication Data: Includes any personal information contained in communications you send to us (e.g., customer support requests, complaints, or inquiries), including communication logs and history.
– Technical Data: Includes device type, operating system, language settings, internet service provider, screen resolution, and system configuration details.
– Transaction Data: Includes purchase history, order details, billing and shipping information, transaction timestamps, and payment method (excluding full payment card details which are securely handled by third-party payment processors).
– Preference Data: Includes your consent for marketing communications, product interest selections, and contact preferences.
4. Legal Bases for Processing
We process your personal data only where we have a lawful basis to do so, including:
– Contractual Necessity: To provide the services or deliver goods you request via net-a-porter.com.
– Legitimate Interests: To analyze usage patterns, improve services, enhance security, and communicate relevant offerings, where these interests are not overridden by your fundamental rights.
– Consent: For marketing messages, tracking cookies, personalization, or when required by law. You may withdraw your consent at any time.
– Legal Obligation: Where necessary to comply with applicable law, legal proceedings, or regulatory requirements.
5. Your Rights
In accordance with GDPR and applicable regional privacy laws, you are entitled to the following rights regarding your personal data:
– Right of Access: Request access to the personal data we hold about you.
– Right to Rectification: Request correction of inaccurate or incomplete data.
– Right to Erasure: Request deletion of your data where there is no legal reason for us to keep it.
– Right to Restriction: Request the limitation or suppression of your data processing.
– Right to Data Portability: Receive your data in a structured, commonly used, and machine-readable format.
You may exercise these rights by contacting us at [email protected]. We may require verification of your identity to fulfill certain requests.
6. Security Measures
We take appropriate technical and organizational measures to ensure your personal data is secure. These include:
– Use of encryption protocols (SSL/TLS) for data transmission.
– Access control policies, including role-based user permissions.
– Firewalls and intrusion prevention systems.
– Regular data backups stored securely.
– Staff training programs on data protection and security best practices.
7. International Data Transfers
Where we transfer your personal data outside the European Economic Area (EEA) or California to countries that do not provide a level of data protection equivalent to your jurisdiction, we ensure appropriate safeguards are in place. These may include:
– Standard Contractual Clauses approved by the European Commission.
– Data transfer agreements with our service providers.
– Verification of service provider compliance with recognized privacy frameworks (e.g., Privacy Shield where applicable).
8. Data Retention
We retain personal data only for as long as necessary for the purposes for which it was collected or to comply with our legal obligations. Retention periods vary by data category:
– Usage Data: Kept for up to 14 months to analyze trends and security logs.
– Account Data: Retained while your account is active and up to 6 years after inactivity.
– Profile Data: Stored up to 2 years unless your account is deleted earlier.
– Communication Data: Maintained for up to 3 years for customer service purposes.
– Technical Data: Logged for system diagnostics for up to 12 months.
– Transaction Data: Retained for up to 7 years for accounting and tax compliance.
– Preference Data: Stored until you withdraw consent or your profile is deleted.
9. Cookie Policy
Our website uses cookies and similar technologies to enhance user experience, analyze traffic, and customize content and advertisements. Cookies fall into the following categories:
– Essential Cookies: Required for website functionality, including navigation and cart operations.
– Functional Cookies: Enable customizing content and remembering preferences and past selections.
– Analytics Cookies: Used to understand website usage and performance, usually set by third-party analytics providers.
– Performance Cookies: Track the effectiveness of marketing campaigns and user interaction with site features.
10. Cookie Management and Compliance
Upon your first visit to net-a-porter.com, a banner will prompt you to accept or manage cookie settings. You may adjust your preferences at any time via our Cookie Settings panel. We respect “Do Not Track” and similar browser signals in compliance with the CCPA.
Under GDPR and CCPA, non-essential cookies requiring consent will not be set without your prior approval. You can also control cookies via your browser settings.
11. Protection of Children
net-a-porter.com is not intended for children under the age of 13. We do not knowingly collect or solicit personal data from minors. If we become aware that we have collected data from a child under 13, we will promptly delete the information. Parents or guardians who believe their child may have submitted personal data may contact us at [email protected].
12. Policy Updates
We reserve the right to update or modify this Privacy Policy to reflect changes in legal obligations, technological advancements, or our data handling practices. Any material changes will be communicated via our website. We encourage users to check this page periodically for updates.
13. Contact Us
For any questions regarding this Privacy Policy or to exercise your data privacy rights, please contact us at:
Email: [email protected]
Website: https://www.net-a-porter.com
We are dedicated to ensuring full compliance with applicable data protection legislation, including GDPR and CCPA. Your privacy is of the utmost importance to us. Please reach out with any concerns, and we will assist accordingly.