1. Purpose

Shirt Boutique (SB, ‘us’ or ‘we’) gives high priority to data protection, and we want openness and transparency about how we process your personal data. We have therefore adopted this Privacy Policy, which provides you with information about how we process your data.

When you visit our websites, you accept the contents of this Privacy Policy and other documents mentioned in the policy.

2. Data controller

SB is a data controller, and we process personal data about you under this Privacy Policy and the current legislation.

Contact details: Shirt Boutique

Email: info@shirtboutique.nl

Website: www.shirtboutique.nl

3. Processing of personal data

We use data about our customers to provide them with products and services and to improve the quality thereof. The data include ordinary personal data.

Collection of data

Our digital solutions are based on different technologies with the objective of ensuring user friendliness and security. These technologies can automatically collect data in order to offer the best possible solution, either directly by us or by a third party on our behalf. Cookies and data flow analysis are examples of this; see below.

Use of cookies

When we use cookies, you will be informed about the use and the purpose of collecting data through cookies.

You can find more information about our use of cookies on our website as well as instructions on how to delete or block cookies.

Data flow 

Data about your computer can be collected for system administration and internal marketing-related analyses. These data are statistical information about user behaviour in digital solutions.

The following are examples of data:

- date and time of visit

- the pages visited in the solution

- the visitor’s IP address

- information about the browser and computer used

- URL from referrer

The purpose of these data is to optimise our digital solutions. The data are collected via a third party on our behalf.

Data actively provided by you

In addition to automatically collected data, we also process data that users have actively given us. Examples are name, address, email and telephone number. If you provide data on behalf of another person, you are responsible for ensuring that you have the right to share the data with us.

There may also be data which we obtain in connection with your inquiries to, for example, our Customer Service or Finance Department.

Purpose of collection 

We collect and store your data for specific purposes or other lawful business purposes. These may, for example, be the following:

- Execution of orders in webshop, by email or telephone

- Personal data in connection with placing of orders

- Info about registered products

- Purchase history

- Order processing and communication in connection with your order or other inquiries

- Confirmation of your identity in your communication with us

- Customisation of content of digital solutions

- We can target offers and campaigns at the individual customer based on customer behaviour history and demographic data combined with third-party solutions and data.

- Marketing purposes, including the collection of data about your activities on id.dk to optimise the user experience and targeted communication directly to you – this may be in the form of personal and electronic contact (See section 6 for more information).

Relevant and necessary personal data

We only process personal data that are relevant and sufficient in relation to the purposes defined above. We do not process more personal data than needed for the specific purpose. Before we process your personal data, we check whether it is possible for us to minimize the amount of data about you.

We only collect, process and store the personal data that are necessary to meet our stated purpose. In addition, there may be statutory requirements for the type of data that it is necessary to collect and store for our business activities. The type and extent of the personal data we process may also be necessary to perform a contract or other legal obligation.  

We use solutions that ensure that data are only accessible to relevant employees, so that you are protected from unauthorised access to your personal data.

Checking and updating of your personal data

We check that the personal data we process about you are not misleading or incorrect. Your personal data will be updated regularly.

It is important to us that your data are correct, so please inform us if there are any changes to your data. You may notify us of the changes via the contact details at the top of this policy.

Erasure of your personal data

We keep your personal data for as long as necessary for a legitimate purpose, or for as long as required by law. We therefore erase your personal data on a continuous basis when the purposes for which they were collected or subsequently processed no longer necessitate the processing.

No disclosure of your personal data without your consent

We will only disclose our customers’ data to third parties in accordance with the contents of this Privacy Policy.

If we disclose your personal data to partners and players, including for marketing purposes, we will obtain your consent and inform you about what your data are used for. You may object to such disclosure at any given time.

If we are legally obligated to disclose your personal data, we do not obtain your consent. This may, for example, be in connection with reporting to a public authority.

We use service providers and data processors which perform work on our behalf. These services may, for example, be server hosting and system maintenance, analysis, payment solutions, email service etc. These partners may be granted access to data to the extent necessary to provide their services. The partners will be contractually obligated to treat all data as strictly confidential and thus do not have permission to use the data for any other purpose than what is covered by the contractual obligation between the partner and SB.

We obtain your consent before we disclose your personal data to third country partners as defined in the General Data Protection Regulation. In this case, we ensure that their level of protection meets the requirements we have laid down in this policy based on the current legislation.

Special information about Google Analytics     

We use Google Analytics as a web analysis tool in our digital solutions. In this connection, web analysis data are sent from our digital solutions for analysis in the service provided by Google. Here, Google Analytics acts as ‘data processor’ and SB as ‘data controller’, and our data may only be disclosed by agreement or to comply with legal requirements.

You can read more about Google’s privacy policy here:

https://policies.google.com/?hl=da

4. Security

Protection of your personal data and data security

We have adopted an internal IT security policy containing instructions and measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access to data which have been transmitted, stored or otherwise processed.

Data transfer via the Internet is never 100% secure, but we do our best to protect your personal data and support digital communication.

5. Your rights

In accordance with the General Data Protection Regulation, you have a number of rights in relation to our processing of data about you.

If you wish to exercise your rights, you need to contact us via the contact details provided at the top of this policy.

Right of access (right to view data)

You have the right to obtain access to the data we process about you as well as a number of additional data. Access may, however, be restricted to protect other persons’ personal data or business secrets.

Right to rectification (correction)

You have the right to have incorrect data about you rectified.

Right to erasure

In exceptional cases, you have the right to have data about you erased prior to the time of our ordinary general erasure of data.

Right to restriction of processing

In some cases, you have a right to have the processing of your personal data restricted. If you have a right to restriction of processing, we may, in future, only process the data – except for storage – with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest.

Right to object

In certain cases, you have the right to object to our, otherwise lawful, processing of your personal data.

You may also object to the processing of your data for direct marketing purposes.

Right to transmit data (data portability)

In certain cases, you have the right to receive your personal data in a structured, commonly used and machine-readable format and to transmit these personal data from one data controller to another without hindrance.

Right to withdraw your consent

You have the right to withdraw your consent at any time. You can do so by contacting us via the contact information listed above in clause 2.

If you choose to withdraw your consent, this will not affect the legality of our processing of your personal data on the basis of the consent you have previously given us and up to the time of withdrawal. Consequently, the withdrawal of your consent will not take effect until then.

6. Declaration of consent for electronic mail

At SB, we want to give you the best experience possible. That is why we collect data about your movements and behaviour when you visit our websites. This data enables us to tailor and target the most current and relevant marketing for you to enhance your digital experience.

If you do not have a login, we will use the data from the cookie policy you have accepted in your browser. We cannot send tailored marketing to you if you have not consented to this. 

Frequency:

You can expect to receive something from us three times a month on average. As our marketing is tailored to your behaviour, the number of emails you receive from us will vary. We endeavour to limit our marketing at all times so that you receive only the most relevant content and not too often.

Subscribing and unsubscribing

You may withdraw your consent, or delete or amend the data we have on file about you at any time. All you have to do is send an email to:

info@shirtboutique.nl and type Declaration of Consent in the subject line. In the email, please explain the purpose of writing to us, and we will take action as soon as possible. Our actions are subject to a processing time, but as soon as an employee has seen your email, we will make the changes you request.

You will receive email confirmation upon both the granting and the withdrawal of your consent.  

Proviso

We are not responsible for breakdowns or technical problems that prevent you from using our online services or receiving our newsletter.

7. Policy update

We strive constantly to comply with applicable legislation, including the principles of personal data protection. It will therefore be necessary continuously to update and modify this Privacy Policy. In the event of significant changes, we will notify you via our website or by email.

Updated January 2021