Xero Shoes EU s.r.o. is committed to protecting your privacy in connection primarily with Regulation (EU) of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter “GDPR”) and the Act No. 110/2019 Coll., on Processing of Personal Data, as amended.
Accordingly, we have developed this Policy in order for you to understand how we collect, use, communicate and make use of personal information, and how the law affects and protects you.
Xero Shoes EU s.r.o. , with its registered office at VINOHRADSKA 35/25 12000 Prague, Czech Republic, Identification Nr: 11770589, registered in the Commercial Register kept by the Municipal Court in Prague, Section C, Inset Nr. 357956 (“we”, “us”, “the Company”, “our”) is the data controller and is responsible for processing your personal data.
We hope that if you have any questions, requests or complaints about our data collection and use and about this policy that you contact us first so that we may address any situation that arises.
Please note that should our site includes links to third-party websites over which we have no control, we recommend that you read the privacy documents of those websites.
Sharing of Your Personal Data
Xero Shoes EU s.r.o. shares your personal data with:
- Third party service providers processing personal data on our behalf, for example to process credit cards and payments, shipping and deliveries, host, manage and service our data, distribute emails, provide research and analysis, manage brand and product promotions as well as administering certain services and features. When using third party service providers we enter into agreements that require them to implement appropriate technical and organizational measures to protect your personal data.
- Other third parties to the extent necessary to: (i) comply with a government request, a court order or applicable law; (ii) defend ourselves against third party claims; and (iii) assist in fraud prevention or investigation (e.g., counterfeiting).
- To any other third party where you have provided your consent.
General Information About the Data We Collect
We collect your personal data in the following circumstances:
- When you provide personal data to us directly (both analog and digital);
- When you use (one of) our services;
- When you visit our website;
- When you subscribe to receive newsletters from us;
- When you visit (one of) our social media channels.
The types of information we collect may include the following (we do not necessarily collect all of this data):
- Identity — e.g. your name, gender
- Contact — e.g. billing and shipping addresses, email address, phone numbers
- Financial — e.g. payment data used in a business transaction
- Transactional — e.g. order data, ordered items, time and date of orders, refunds, credit memos, etc.
- Technical — e.g. IP address (see below), login times and days, browser type and version, geo location and time zones, operating systems, and other data related to the device and software you use to interact with our website and products
- Profile – e.g. user names, passwords (we are unable to see your passwords as they are encrypted), survey and feedback responses
- Usage — e.g. information about how you interact with our site
- Communication — e.g. your preferences about types of communication you would like to receive from us and/or third-parties
If we are required to collect any type of personal data by law, and you choose not to provide it, we may not be able to provide you with goods or services from our side. Should this require us to cancel or amend any order you have with us, we will contact you for resolution.
We may also collect, use, and share non-identifying “aggregate data” for any reason. This is information that is derived from the data above but is not deemed personal as it does not reveal your identity in any way. For example, aggregate data about the number or percentage of users who view a certain page or access a function or feature of our site or purchase certain products.
We do not collect “Special Categories” of personal data such as race, ethnicity, religious beliefs, sexual orientation, political opinions, health and biometric data, criminal history, etc.
The Purposes and Legal Basis, Why we Collect Your Personal Data
- Contractual relationship: we collect and process your personal data provided by you when you purchase goods through our online shop. The processing of personal data is necessary for the conclusion and fulfilment of the contract. If you do not agree to provide your personal data, the contract cannot be concluded. The legal basis for processing is 6 para. 1 b) GDPR (fulfilment of contract and pre-contractual measures). The aforesaid data will be processed and stored for the duration of the contractual relationship, or even longer if required by law or necessary for the protection of our rights.
- Marketing activities: On the basis of the valid legislation, we may use your personal data to disseminate commercial communications concerning product or service offers like those already provided to you as the customer, whereas the personal data will be processed and stored for the duration of the contractual relationship unless you raise an objection to such processing in which case it will be stopped immediately. The legal basis for such processing is Art. 6 para 1 f) GDPR (the legitimate interest of Xero Shoes EU s.r.o. as the data controller).
Further on, we may collect and process additional data received during our mutual contractual relationship (such as your purchasing habits, preferences, and logs including IP address or cookies used for identifying such preferences). The relevant personal data will be processed and stored for the duration of the contractual relationship The legal basis for such processing is Art. 6 para 1 f) GDPR (the legitimate interest of Xero Shoes EU s.r.o. as the data controller).
In all other cases, we process your personal data with your consent only. It typically happens when you grant us your consent to being sent newsletters or other commercial messages. If consent is given, it is valid for the time necessary to process the data, unless and until you revoke it. The legal basis for such processing is Art. 6 para 1 a) GDPR (consent of you as the customer).
Ways We Collect Your Personal Data
There are various ways we can collect data from you (we do not necessarily use all of the following):
- Direct contact — e.g. you enter your data by filling out forms on our sites or in the store, as the case may be, when you place an order, subscribe to our publications, enter sweepstakes or contests, request information, provide reviews and feedback.
- Third party data — e.g. data from publicly available sources such as analytics providers (e.g. Google), advertising networks such as Facebook, Pinterest, Quora, financial transactional data from payment services such as PayPal, etc. subject to the terms and conditions of the relevant service provider. You can adjust your choice in this respect also via a Cookie Management tool on our website,Automated technologies — we may collect Technical data using server logs, or “cookies” that reside on our site or other sites using our cookies (see explanation below, “What Are Cookies?”). Information gathered through cookies and Web server logs may include the date and time of visits, the pages viewed, time spent at our Web site, and the Web sites visited just before and just after our Web site, your IP address.
What Are Cookies?
A cookie is a very small text document, which often includes an anonymous unique identifier. When you visit a Web site, that site’s computer asks your computer for permission to store this file in a part of your hard drive specifically designated for cookies. Each Web site can send its own cookie to your browser if your browser’s preferences allow it, but (to protect your privacy) your browser only permits a Web site to access the cookies it has already sent to you, not the cookies sent to you by other sites.
Types of Cookies We Use:
- Session cookies: We use session cookies to store information until you close your browser. This enables us to provide you with personalized user session. We can therefore adapt our service to your wishes or your surfing behavior as much as possible.
- Visitor impact: These cookies have no to little effect on the (the privacy of) our visitors. These cookies do not process personal data, or only for a short period.
- Visitor impact: These cookies have no to little effect on (the privacy of) our visitors. These cookies do not process personal data, or only for a short period.
- Marketing and Analytical cookies: We use marketing cookies to provide you with relevant information. This does not only apply to the content of our website, but also to the displayed (third-party) advertisements. We can thus get an idea of your interests and adapt our website and ads accordingly.
- Visitor impact: These cookies have a little to medium effect on (the privacy of) our visitors. These cookies do not process personal data, or only for a short period.
For a comprehensive and up-to-date summary of every third-party accessing your web browser we recommend installing a web browser plugin built for this purpose. You can also choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You can do this through your browser settings on each browser and device that you use. Each browser is a little different, so look at your browser Help menu to learn the correct way to modify your cookies. If you turn cookies off, you may not have access to many features that make our sites more efficient and some of our services will not function properly.
IP addresses are used by your computer every time you are connected to the Internet. Your IP address is a number that is used by computers on the network to identify your computer. IP addresses are automatically collected by our web server as part of demographic and profile data known as “traffic data” so that data (such as the Web pages you request) can be sent to you.
If you choose to correspond with us through email, we may retain the content of your email messages together with your email address and our responses. We provide the same protections for these electronic communications that we employ in the maintenance of information received online, mail and telephone.
How Do We Use the Information That You Provide to Us?
Broadly speaking, we use personal information for purposes of administering our business activities, providing customer service and making available other items and services to our customers and prospective customers.
We will not obtain personally-identifying information about you when you visit our site, unless you choose to provide such information to us, nor will such information be sold or otherwise transferred to unaffiliated third parties without the approval of the user at the time of collection. We may disclose information when legally compelled to do so, in other words, when we, in good faith, believe that the law requires it or for the protection of our legal rights.
Should we sell, transfer, or merge our business with a third-party, your data may transferred as part of that transaction. If that should occur, the third-party owners may use your data in the same manner described in this document. We will require third-parties to similarly treat and respect your data in accordance with the law. We will notify you should such a transaction occur.
We use a variety of technical and organizational security measures, including encryption and authentication tools, to protect your data from accidental loss, access, use, alteration, or disclosure. We limit the access to your data to employees, agents, contractors and other third-parties who have a business need for that data. They will only access this data per our instructions and subject to non-disclosure.
We will notify you and any necessary authorities, as the case may be, should we suspect a data breach to have occurred.
The Processing of Your Personal Data Outside the EEA:
Your personal data is processed both within and outside the EEA. Your personal data may be transferred to and processed in the United States of America (‘USA’) in which case the standard contractual clauses for the transfer of personal data to processors in third countries in accordance with Directive 95/46/EC of the European Parliament and of the Council, adopted by the European Commission Decision of February 5, 2010 shall be agreed and Xero Shoes EU s.r.o. and its contracting partner will apply the principle of accountability to data transfers in practice pursuant to the Roadmap published by EDPB alongside with the Recommendation 01/2020 on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data (adopted on 10 November 2020). For further details, see European Commission: Model contracts for the transfer of personal data to third countries.
We will retain your personal data only for as long as necessary for fulfilling the purposes for which it was collected and for satisfying any legal, accounting or reporting requirements. For more information we refer to the Section called, “The purposes and legal basis, why we collect your personal data.”
Your Rights Relating to Your Personal Data
As a data subject you have the following regarding your personal data given the legal requirements are met for you to exercise such right: :
- Requesting access to your personal data
- Requesting correction or updating of your data
- Requesting removal of your personal data
- Objecting to processing your personal data
- Requesting restriction of processing your personal data
- Requesting transfer of your personal data
- Withdrawing consent
Should you wish to exercise any of these rights, contact us at [email protected] or at VINOHRADSKA 35/25 12000 Prague, Czech Republic.
In order to comply, we may need to request specific information from you to confirm your identity, ensure your right to access your data or to exercise other rights. We do this to ensure that personal data is not disclosed to anyone who does not have the right to receive it. We may contact you to get further information so that we can provide an accurate and timely response to your request.
We will try to respond to all legitimate requests within one month, though it may take longer depending on the nature and quantity of your requests and the total requests received. Should we assess that the time to respond will exceed one month, we will notify you with updates to the status of your request.
Should your request be repetitive, excessive, or clearly unfounded, we my assess a fee for compliance or refuse to comply.
A Special Note About Children
Children are not eligible to use our web site and services and we ask that minors (under the age of 15) do not submit any personal information to us. If you are a minor, you can use this site only in conjunction with permission and guidance from your parents or guardians.
How Do We Protect Your Information and Secure Information Transmissions?
Email is not recognized as a secure medium of communication. For this reason, we request that you do not send private information to us by email. However, doing so is allowed, but at your own risk. Some of the information you may enter on our web site may be transmitted securely via a secure medium known as Secure Sockets Layer, or SSL. Credit Card information is never transmitted via email.
We may use software programs to create summary statistics, which are used for such purposes as assessing the number of visitors to the different sections of our site, what information is of most and least interest, determining technical design specifications, and identifying system performance or problem areas.
For site security purposes and to ensure that this service remains available to all users, we use software programs to monitor network traffic to identify unauthorized attempts to upload or change information, or otherwise cause damage.
Signing up for Newsletters and Opting Out
At our website, you may sign up to receive Newsletters regarding our products or services by email.
If you do not agree to receive the Newsletters anymore, you can ask us to stop sending marketing messages at any time by following the opt-out links in any marketing message we send you or by contacting us at [email protected]. In the event that you unsubscribe, we will no longer use your electronic contact for this purpose.
We do not provide opt-out options for transactional emails such as order confirmation, shipping confirmation, tracking, etc.
We are committed to conducting our business in accordance with these principles in order to ensure that the confidentiality of your personal information is protected and maintained.
If you have a complaint or other question with regards to the processing of your personal data, you may contact us through the following email address: [email protected] or at VINOHRADSKA 35/25 12000 Prague, Czech Republic.
Please make sure you include as much information as you can in relation to your complaint or question.
We will review complaints and questions within one month upon its receipt. We do everything we can to provide you with the best possible service. We make also every effort to resolve disputes. If you are not satisfied with the outcome, you may contact the supervisory authority and file a complaint.
The contact information for the supervisory authority is below
The Data Protection Office (Úřad pro ochranu osobních údajů)
Pplk. Sochora 27
170 00 Praha 7