PRIVACY POLICY

Your Guide to All Things Privacy

1. All for you

Your data will only be used as set out in this Privacy Policy.

2. Our promise

You have our word that we’ll treat and protect your data.

3. Straight up

We’ll keep you updated with what you need to know.

4. No small talk

Let us know your preferences - you decide what and how you hear from us.

5. Just the essentials

We won’t keep your data for no reason. If we don’t need your data, we’ll delete it

 

INTRODUCTION

Protecting your Privacy at Grerivian.com we’ve got your back when it comes to your style and those all-important personal details. Our customers are super important to us, which means protecting our customers by keeping their personal data and information secure at all costs is a main priority. It applies to data collected when you use our websites, iOS and android applications, when you interact with us through social media, email, or phone, or when you participate in our competitions or events. It also applies to the extent that someone has nominated you through our "refer a friend" function or purchased an e-gift card on your behalf.

We know the world of data security can be tricky, but we want you to be fully clued up on everything you need to know when it comes to your personal information and how it’s used. Consider this your guide to all things privacy related, which covers the following:

  • The personal data we collect
  • How we collect your data
  • How we use your data
  • Marketing preferences, adverts and cookies
  • Links to other websites and third parties
  • How we share your data
  • Your rights
  • Changes to this privacy notice
  • How to contact us
WHO IS GRERIVIAN

is a leading international skincare company we are close to costumers, offering them compelling, innovative products, Our brands are trusted universally, Grerivian products are natural products that do not contain any of the potentially harmful and irritating ingredients found in a lot of skincare products, such as hydroquinone, paraben, and steroids. This makes it a lot safer and a more viable choice for people with sensitive skin, in particular. Grerivian is also ideal for those who prefer to choose more natural approaches where available.

OUR COMMITMENT TO YOU

We take the protection of your personal data seriously and will process your personal data fairly, lawfully and transparently.

We will only collect and use your personal data for the following purposes, to:

  • fulfil your order(s)
  • fulfil orders made on your behalf (e.g. e-gift card orders)
  • keep you up to date with the latest offers and trends
  • give you a better shopping experience
  • help us to make our marketing more relevant to you and your interests
  • improve our services
  • meet our legal responsibilities
HOW WE KEEP YOUR DATA SAFE AND SECURE

We have appropriate organisational safeguards and security measures in place to protect your data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

The communication between your browser and our website uses a secure encrypted connection wherever your personal data is involved.

We require any third party who is contracted to process your personal data on our behalf to have security measures in place to protect your data and to treat such data in accordance with the law.

In the unfortunate event of a personal data breach, we will notify you and any applicable regulator when we are legally required to do so.

THE PERSONAL DATA WE COLLECT

Personal data means any information about an individual from which that person can be identified. It does not include anonymised data, where the identity and identifying information has been removed.

While our website is designed for a general audience, we will not knowingly collect any data from children under the age of 13 or sell products to children. If you are under the age of 13, you are not permitted to use or submit your data to the website.

The following groups of personal data are collected:

  • Identity Data includes information such as: first name, last name, title, date of birth (optional), occupation, personal description, photo and gender.
  • Contact Data includes information such as: email address, billing address, delivery address, location, country, telephone number, loyalty programme membership number, and social media id (if you log in by social media).
  • Financial Data includes information such as: payment card details and bank account.
  • Transaction Data includes information such as: details of your purchases and the fulfilment of your orders (such as basket number, order number, subtotal, title, currency, discounts, shipping, number of items, product number, single item price, category, tax etc.); payments to and from you and details of other products and services you have obtained from us, correspondence or communications with you in respect of your orders, and details of any rewards and bonuses awarded.
  • Technical Data includes information such as: details of the device(s) you use to access our services, your internet protocol (IP) address, login data, your username and password, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform.
  • Profile Data includes information such as: purchases or orders made by you, product and style interests, preferences, feedback, and survey responses.
  • Usage Data includes information such as: how and when you use our website/app, how you moved around it, what you searched for; website/app performance statistics, traffic, location, weblogs and other communication data; loyalty programme activities; and details of any other GRERIVIAN products and services used by you.
  • Marketing and Communications Data includes information such as: your preferences in receiving marketing from us and our third parties and your communication preferences.

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.

HOW WE GET YOUR INFO

Most of the data we collect is provided by you, the customer, when you’re engaging with us and our brand in the following ways:

Direct interactions – you may give us your Identity, Contact, Financial, Transaction, Profile, and Marketing and Communications data by filling in forms, entering information online or by corresponding with us by post, phone, email, telephone or otherwise. This includes personal data you provide, for example, when you:

  • Create an account or purchase products on our website;
  • Subscribe to our newsletter, discussion boards, social media sites or create wish lists;
  • Enter a competition;
  • Join a GRERIVIAN loyalty programme;
  • Complete a voluntary market research survey;
  • Contact us with an enquiry or to report a problem (by phone, email, social media, or messaging service);
  • Use the “refer a friend” function on our website; or
  • When you log in to our website via social media.

Automated technologies or interactions – as you interact with our website, we may automatically collect the following types of data (all as described above): Technical Data about your equipment, Usage Data about your browsing actions and patterns, and Contact Data where tasks carried out via our website remain uncompleted, such as incomplete orders or abandoned baskets. We collect this data by using cookies, server logs and other similar technologies. Please see our Cookie section (below) for further details.

Third parties – we may receive personal data about you from various third parties, including:

  • Identity and Contact data from another individual when they purchase an e-gift card for you or use the "refer a friend" function on our website;
  • Technical Data from third parties, including analytics providers such as Google. Please see further information in the section entitled ‘Marketing preferences, adverts and cookies’.
  • Technical Data from affiliate networks through whom you have accessed our website;
  • Identity and Contact Data from social media platforms when you log in to our website using such social media platforms;
  • Identity and Contact data from third parties, including organisations (including law enforcement agencies), associations and groups, who share data for the purposes of fraud prevention and detection and credit risk reduction; and
  • Contact, Financial and Transaction Data from providers of technical, payment and delivery services.
HOW WE USE YOUR DATA

The legal basis for processing your personal data

We will only collect and process your personal data where we have a legal basis to do so. As a data controller, the legal basis for our collection and use of your personal data varies depending on the manner and purpose for which we collected it.

We will only collect personal data from you when:

  • we have your consent to do so, or
  • we need your personal data to perform a contract with you. For example, to process a payment from you, fulfil your order or provide customer support connected with an order, or
  • the processing is in our legitimate interests and not overridden by your rights, or
  • we have a legal obligation to collect or disclose personal data from you.

Uses made of your personal data

Your personal data is used by GRERIVIAN to support a range of different activities. These are listed in the table below together with the types of data used and the legal basis we rely on when processing them, including where appropriate, our legitimate interests. Please be aware that we may process your personal data using more than one lawful basis, depending on the specific activity involved. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.

Purpose/Activity Type of data Lawful basis for processing including basis of legitimate interest
To create an account and register you as a new customer (either directly or via social media). Identity
Contact		 Consent
(1) To process and deliver your order including: recording your order details; keeping you informed about the order status; process payments and refunds, collect money owed to us; and
(2) to protect our customers, boohoo group companies and website from fraud and theft, which involves automated decision making to assist such fraud prevention and detection.		 Identity
Contact
Financial
transaction		 (1) Performance of a contract with you
(2) We consider that fraud detection and prevention (including the use of automated decision making) is in our legitimate interests to ensure that fraudulent transactors are unable to benefit from our services and in the legitimate interest of the public as whole due to the impact of fraud on the consumer market; we also consider it a necessary element of entering into a contract with you that we are able to verify your identity and prevent fraud.
(1) To manage our relationship with you, including: providing you with any information, products and services that you request from us;
(2) notifying you about changes to our services, terms and conditions or privacy notice;
(3) asking you to leave a review or take a survey.		 Identity
Contact
Financial
Marketing Communications		 (1) Consent
(2) Performance of a contract with you
(3) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products and improve our services)
To enable you to take part in a competition, event, or receive a reward for shopping with us. Identity
Contact
Profile		 Consent
To enable you to take part in a competition, event, or receive a reward for shopping with us. Identity
Contact
Profile
Usage
Marketing and Communications		 Where you have decided to enter into a competition or event, for the performance of a contract with you
To administer, protect and improve our business and our website/app, including: troubleshooting, data analysis, testing, system maintenance, support, data analysis, reporting and hosting of data; setting default options for you, such as language and currency. Identity
Contact
Profile
Technical
Transaction
Marketing and Communications		 Consent
To deliver relevant website content, online advertisements and information for you; and measure the effectiveness of the advertising provided. Identity
Contact
Profile
Usage
Marketing and Communications
Technical		 Consent
To use data analytics to: improve our website, products, services, marketing, customer relationships and experiences; and for market research, statistical and survey purposes. Technical
Usage		 Consent
To use data analytics to: improve our website, products, services, marketing, customer relationships and experiences; and for market research, statistical and survey purposes. Technical
Usage		 Consent
To recommend products, services discounts and offers that may be of interest to you, including to send you such information by email, post or SMS. Identity
Contact
Technical
Usage
Profile
Marketing and Communications		 Consent
See further details in the section ‘Marketing preferences, adverts and cookies'
To inform or remind you by email of any task carried out via our website which remains uncompleted, such as incomplete orders or abandoned baskets. Identity
Contact
Usage		 Consent
To process and deliver your e-gift card orders including taking payment and communicating with you and/or the nominated recipient if delivered to another person. Identity
Contact
Financial
Transaction		 Performance of a contract

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we wish to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. We may process personal data without your consent, in compliance with the above rules, where this is required or permitted by law.


 

KEEPING YOUR INFO ON FILE

When it comes to keeping your details on file, we basically hold your personal data for:

  • As long as you have an account with us.
  • As long as it is needed to provide services to you.
  • As long as it is necessary in order to produce support related activities.

In certain cases, we may keep hold of some of your information after you have closed your account, or it is no longer needed to provide the services to you. This type of situation may arise if your details are needed to meet legal or regulatory requirements, resolve disputes, prevent fraud and abuse, or enforce our terms and conditions.

MARKETING PREFERENCES

We may send you marketing communications and promotional offers:

  • if you have opened an account with us or purchased goods from us, or registered for a promotion or event, and you have not opted out of receiving that marketing (in accordance with your preferences, as explained below);
  • by email if you have signed up for email newsletters;
  • if you have provided us with your details when you entered a competition and you have consented to receiving such marketing (in accordance with your preferences, as explained below).

We may use your Identity, Contact, Technical, Transactional, Usage, Profile Data and Marketing and Communications Data to form a view on what we think you may like, or what may be of interest to you, and to send you details of products and offers which may be relevant for you.

We will ask you for your preferences in relation to receiving marketing communications by email, post, SMS and other communication channels.

From time to time we may also include with your order, inserts advertising goods, services or offers from other third-party companies that you may be interested in.

In respect of third party marketing communications, we will obtain your express opt-in consent before we share your personal data with any third party for marketing purposes.

You will always have full control of your marketing preferences. If you do not wish to continue receiving marketing information from us (or any third party, if applicable) at any time:

  1. you can unsubscribe or ‘opt-out’ by using the unsubscribe button and following the link included in the footer of any marketing email; or
  2. account holders may withdraw their consent by simply logging in to account and editing your ‘Contact Preferences’.

We will process all opt-out requests as soon as possible, but please note that due to the nature of our IT systems and servers it may take a few days for any opt-out request to be implemented.