Lilo' boutique commitment to your privacy
At Lilo' Boutique we are committed to protecting your privacy.
The Privacy Policy explains the types of personal data we collect, how we process that data, and how we will protect it, in accordance with applicable law. Please also read our Cookie Policy for information about how we use cookies, and refer to our Terms & Conditions for additional information regarding our services. This Privacy Policy is issued by each of the controllers identified in section 2 below.
For any questions that may not be answered here, you can contact us at any time by emailing lilo.sexyboutique@gmail.com or by calling us on +55 85991147275. In this Privacy Policy we will cover:
- 1. Who is responsible for processing your personal data?
- 2. The controllers
- 3. Collection of personal data
- 4. Categories of personal data we process
- 5. Purposes of processing and legal bases for processing
- 6. Who will process your personal data
- 7. Where your personal data is processed
- 8. How long we keep your personal data for
- 9. Your rights regarding your personal data
- 10. Security
- 11. Direct marketing
- 12. Changes to this Policy
1. Provision of this Policy
The website accessible at www.lilo.boutique (our “Site”) is operated by Lilo' Boutique Brasil
The term “our online services” refers to all services provided through; (i) our Site; or (ii) our pages on third party social media platforms such as Instagram, Facebook, Twitter, and Pinterest.
The term “our services” refers to our online services and any of our other products and services offered from time to time. If you use any of our services, we will refer to you using the terms “user”, “visitor”, “you”, “your”, “yours” in this policy.
2. The controllers
The word “controller” means the entity that is responsible for deciding how and why your personal data is processed. In the context of the processing activities set out in this Privacy Policy, the relevant controllers are:
Controller entity Contact details lilo' Boutique
Email:lilo.sexyboutique@gmail.com
T
3. Collection of personal data
We collect or receive your personal data from the following sources:
- Data provided to us: We obtain personal data when that data is provided to us (e.g., where you contact us via email or telephone, place an order, return an order, call our Customer Care team, sign up for our marketing communications, sign up to create an account, apply for a job, or when you provide us with your business card).
- Data we obtain in person: We obtain personal data during meetings, when you visit our offices, at trade shows, during visit from sales or marketing representatives, or at events we attend.
- Relationship data: We collect or obtain personal data in the ordinary course of our relationship with you (e.g., we provide a service to you, or to your employer).
- Data you make public: We collect or obtain personal data that you manifestly choose to make public, including via social media (e.g., we may collect information from your social media profile(s), if you make a public post about us).
- Content and advertising information: If you interact with any third party content or advertising on a Site (including third party plugins and cookies) we receive personal data from the relevant third party provider of that content or advertising.
- Third party information: We collect or obtain personal data from third parties who provide it to us (e.g., credit reference agencies; law enforcement authorities; etc).
4. Categories of personal data we process
We collect the following categories of personal data:
- Personal details: given name(s); preferred name; and photograph.
- Demographic information: gender; date of birth / age; nationality; salutation; title; and language preferences.
- Contact details: correspondence address; shipping address; telephone number; email address; details of Personal Assistants, where applicable; messenger app details; online messaging details; social media details; and records of your interactions with our Customer Care team.
- Expertise: records of your expertise, professional history, practising details and qualification details, information about your experience, participation in meetings, seminars, advisory boards and conferences, information about your professional relationship with other individuals or institutions, language abilities and other professional skills;
- Consent records: records of any consents you have given, together with the date and time, means of consent and any related information (e.g., the subject matter of the consent).
- Purchase details: personal data required to complete and ship your purchase: name; billing address; delivery address; payment details; mobile number; telephone number and email address; records of purchases and prices; and consignee name.
- Payment details: invoice records; payment records; billing address; payment method; bank account number or credit card number; cardholder or accountholder name; card or account security details; card ‘valid from’ date; card expiry date; payment amount; payment date; and records of cheques.
- Data relating to our Site: device type; operating system; browser type; browser settings; IP address; language settings; dates and times of connecting to a Site; username; password; security login details; usage data; information how you came to the Site; products you viewed or searched for; page response times; download errors; length of visits to certain pages; page interaction data (such as scrolling, clicks, and mouse-overs); methods used to browse away from the page; cookie data; and aggregate statistical information.
- Employer details: where you interact with us in your capacity as an employee of a third party, the name, address, telephone number and email address of your employer, to the extent relevant.
- Content and advertising data: records of your interactions with our online advertising and content, records of advertising and content displayed on pages displayed to you, and any interaction you may have had with such content or advertising (e.g., mouse hover, mouse clicks, any forms you complete in whole or in part) and any touchscreen interactions.
- Views and opinions: any views and opinions that you choose to send to us, or publicly post about us on social media platforms.
5. Purposes of processing and legal bases for processing
The purposes for which we process personal data, and the legal bases on which we perform such processing, are as follows:
Processing activityLegal basisProvision of Site, products, and services: providing our Site, products, or services (e.g., placing and holding items in your online shopping basket); providing promotional items upon request; communicating with you in relation to those Site, products, or services; taking your orders; processing your payments; delivering the items you have purchased; processing an exchange, return or reclamation of an order; providing access to services reserved for registered users, such as wish lists; and providing you with help and assistance via our Customer Care team, including contacting you about the delivery/collection of your order/return.
- The processing is necessary in connection with any contract that you have entered into with us, or to take steps prior to entering into a contract with us; or
- We have a legitimate interest in carrying out the processing for the purpose of providing our Site, products, or services (to the extent that such legitimate interest is not overridden by your interests, fundamental rights, or freedoms); or
- We have obtained your prior consent to the processing (this legal basis is only used in relation to processing that is entirely voluntary – it is not used for processing that is necessary or obligatory in any way).
Operating our business: operating and managing our Site, our products, and our services; providing content to you; displaying advertising and other information to you; communicating and interacting with you via our Site, our products, or our services; and notifying you of changes to any of our Site, our products, or our services.
- The processing is necessary in connection with any contract that you have entered into with us, or to take steps prior to entering into a contract with us; or
- We have a legitimate interest in carrying out the processing for the purpose of providing our Site, our products, or our services to you (to the extent that such legitimate interest is not overridden by your interests, fundamental rights, or freedoms); or
- We have obtained your prior consent to the processing (this legal basis is only used in relation to processing that is entirely voluntary – it is not used for processing that is necessary or obligatory in any way).
Gifts: If you provide us with someone else's data - for example, if you purchase a product to be delivered to a friend or as a gift, we will collect and process the personal data required to complete the transaction such as the name, delivery address and other contact details for your friend. If you are receiving an item as a gift, we will process your data only to fulfil the gift request and our contractual obligations.
- The processing is necessary in connection with any contract that you have entered into with us, or to take steps prior to entering into a contract with us; or
- We have a legitimate interest in carrying out the processing for the purpose of providing our Site, our products, or our services to you (to the extent that such legitimate interest is not overridden by your interests, fundamental rights, or freedoms).
Communications, marketing and personalisation: communicating with you via any means (including via email, telephone, text message, social media, post or in person) to provide news items and other information in which you may be interested, subject always to obtaining your prior opt-in consent to the extent required under applicable law; personalising our Site, products and services for you; maintaining and updating your contact information where appropriate; obtaining your prior, opt-in consent where required; enabling and recording your choice to opt-out or unsubscribe, where applicable.
- The processing is necessary in connection with any contract that you have entered into with us, or to take steps prior to entering into a contract with us; or
- We have a legitimate interest in carrying out the processing for the purpose of contacting you, subject always to compliance with applicable law (to the extent that such legitimate interest is not overridden by your interests, fundamental rights, or freedoms); or
- We have obtained your prior consent to the processing (this legal basis is only used in relation to processing that is entirely voluntary – it is not used for processing that is necessary or obligatory in any way).
Product safety communications: communications in relation to product safety, including product recalls and product safety advisory notices.
- The processing is necessary for compliance with a legal obligation; or
- We have a legitimate interest in carrying out the processing for the purpose of ensuring the safety, and proper use, of our products (to the extent that such legitimate interest is not overridden by your interests, fundamental rights, or freedoms).
Management of IT systems: management and operation of our communications, IT and security systems; and audits (including security audits) and monitoring of such systems.
- The processing is necessary for compliance with a legal obligation; or
- We have a legitimate interest in carrying out the processing for the purpose of managing and maintaining our communications and IT systems (to the extent that such legitimate interest is not overridden by your interests, fundamental rights, or freedoms).
Health and safety: health and safety assessments and record keeping; providing a safe and secure environment at our premises; and compliance with related legal obligations.
- The processing is necessary for compliance with a legal obligation; or
- We have a legitimate interest in carrying out the processing for the purpose of ensuring a safe environment at our premises (to the extent that such legitimate interest is not overridden by your interests, fundamental rights, or freedoms); or
- The processing is necessary to protect the vital interests of any individual.
Financial management: sales; finance; corporate audit; and vendor management.
- We have a legitimate interest in carrying out the processing for the purpose of managing and operating the financial affairs of our business (to the extent that such legitimate interest is not overridden by your interests, fundamental rights, or freedoms); or
- We have obtained your prior consent to the processing (this legal basis is only used in relation to processing that is entirely voluntary – it is not used for processing that is necessary or obligatory in any way).
Surveys: engaging with you for the purposes of obtaining your views on our Site, our products, or our services.
- We have a legitimate interest in carrying out the processing for the purpose of conducting surveys, satisfaction reports and market research (to the extent that such legitimate interest is not overridden by your interests, fundamental rights, or freedoms); or
- We have obtained your prior consent to the processing (this legal basis is only used in relation to processing that is entirely voluntary – it is not used for processing that is necessary or obligatory in any way).
Security: physical security of our premises (including records of visits to our premises); CCTV recordings; and electronic security (including login records and access details).
- The processing is necessary for compliance with a legal obligation; or
- We have a legitimate interest in carrying out the processing for the purpose of ensuring the physical and electronic security of our business and our premises (to the extent that such legitimate interest is not overridden by your interests, fundamental rights, or freedoms).
Investigations: detecting, investigating and preventing breaches of policy, and criminal offences, in accordance with applicable law.
- The processing is necessary for compliance with a legal obligation; or
- We have a legitimate interest in carrying out the processing for the purpose of detecting, and protecting against, breaches of our policies and applicable laws (to the extent that such legitimate interest is not overridden by your interests, fundamental rights, or freedoms).
Legal compliance: compliance with our legal and regulatory obligations under applicable law.
- The processing is necessary for compliance with a legal obligation.
Improving our Site, products, and services: identifying issues with our Site, our products, or our services; planning improvements to our Site, our products, or our services; and creating new Site, products, or services.
- We have a legitimate interest in carrying out the processing for the purpose of improving our Site, our products, or our services (to the extent that such legitimate interest is not overridden by your interests, fundamental rights, or freedoms); or
- We have obtained your prior consent to the processing (this legal basis is only used in relation to processing that is entirely voluntary – it is not used for processing that is necessary or obligatory in any way).
Fraud prevention: Detecting, preventing and investigating fraud.
- The processing is necessary for compliance with a legal obligation (especially in respect of applicable employment law); or
- We have a legitimate interest in carrying out the processing for the purpose of detecting, and protecting against, fraud (to the extent that such legitimate interest is not overridden by your interests, fundamental rights, or freedoms).
Establishment, exercise and defence of legal claims: management of legal claims; establishment of facts and claims, including collection, review and production of documents, facts, evidence and witness statements; exercise and defence of legal rights and claims, including formal legal proceedings.
- The processing is necessary for compliance with a legal obligation;
- We have a legitimate interest in carrying out the processing for the purpose of establishing, exercising or defending our legal rights (to the extent that such legitimate interest is not overridden by your interests, fundamental rights, or freedoms); or
- The processing is necessary for the establishment, exercise or defence of legal claims.
Recruitment and job applications: recruitment activities; advertising of positions; interview activities; analysis of suitability for the relevant position; records of hiring decisions; offer details; and acceptance details.
- The processing is necessary for compliance with a legal obligation (especially in respect of applicable employment law); or
- We have a legitimate interest in carrying out the processing for the purpose of recruitment activities and handling job applications (to the extent that such legitimate interest is not overridden by your interests, fundamental rights, or freedoms); or
- We have obtained your prior consent to the processing (this legal basis is only used in relation to processing that is entirely voluntary – it is not used for processing that is necessary or obligatory in any way).
6. Who will process your personal data
Your personal data will be processed by personnel of Lilo Boutique who are authorised for this processing. In carrying out the processing, the data may also be transmitted to companies within the Lilo Boutique group structure. In addition, we disclose personal data to:
- you and, where appropriate, your appointed representatives;
- legal and regulatory authorities, upon request, or for the purposes of reporting any actual or suspected breach of applicable law or regulation;
- accountants, auditors, consultants, lawyers and other outside professional advisors to Lilo Boutique, subject to binding contractual obligations of confidentiality;
- third party processors (such as payment services providers; shipping companies; etc.), located anywhere in the world, subject to the requirements noted below in this Section (G);
- any relevant party, regulatory body, governmental authority, law enforcement agency or court, to the extent necessary for the establishment, exercise or defence of legal claims;
- any relevant party, regulatory body, governmental authority, law enforcement agency or court, for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, or the prevention of and protection from threats to public security;
- any relevant third party acquirer(s) or successor(s) in title, in the event that we sell or transfer all or any relevant portion of our business or assets (including in the event of a reorganization, dissolution or liquidation); and
- any relevant third party provider, where our Site use third party advertising, plugins or content. If you choose to interact with any such advertising, plugins or content, your personal data may be shared with the relevant third party provider. We recommend that you review that third party’s privacy policy before interacting with its advertising, plugins or content.
Your personal data will also be transmitted to third party processors that we use to provide our services. If we engage a third-party processor to process your personal data, the processor will be subject to binding contractual obligations to: (i) only process the personal data in accordance with the instructions given by Lilo' Boutique Group; and (ii) use measures to protect the confidentiality and security of the personal data; together with any additional requirements under applicable law.
The third party processors in question belong to the following categories: payment processors, banking operators, internet providers, ecommerce hosting maintainers, companies specialising in IT and telematics services; logistic partners; companies that execute marketing activities such as email marketing services; companies specialising in market research and data processing; companies providing publishing and distribution services.
7. Where your personal data is processed
Because of the international nature of our business, we transfer personal data within the Lilo' Boutique group, and to third parties as noted in section 6, in connection with the purposes set out in this Policy. For this reason, we transfer personal data to other countries that may have different laws and data protection compliance requirements to those that apply in the country in which you are located, including but not limited to the United States.
Some of the third parties listed in the section 6, may be located in countries outside the European Union that nevertheless offer an adequate level of data protection, as established by specific decisions of the European Commission. (https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en)
If an exemption or derogation applies (e.g., where a transfer is necessary to establish, exercise or defend a legal claim) we rely on that exemption or derogation, as appropriate. Where no exemption or derogation applies, and we transfer your personal data from the EEA to recipients located outside the EEA who are not in Adequate Jurisdictions, we do so on the basis of Standard Contractual Clauses. You are entitled to request a copy of our Standard Contractual Clauses using the contact details provided in this Policy.
Please note that when you transfer any personal data directly to any Liló Boutique entity established outside the EEA, we are not responsible for that transfer of your personal data. We will nevertheless process your personal data, from the point at which we receive such data, in accordance with the provisions of this Policy.
8. How long we keep your data
We will only retain your personal data for the length of time required to fulfil the purposes for which you provided it, unless the law permits or requires that we retain it for longer. The retention period will vary depending on the purpose of the processing.
After this period, your data will be permanently erased or otherwise irreversibly rendered anonymous.
Personal data is retained in accordance with the following criteria:
- When you have purchased goods from www.lilo.boutique we will retain the billing data until the end of the relevant accounting period;
- When you make a payment, we will retain your payment details up to the certification of the payment and the completion of the relevant administrative-accounting formalities regarding your right of withdrawal and the terms applied for the disputing of the payment;
- When you provide us with personal data in order to use the services of www.lilo.boutique such as marketing communications, we will keep your data for this purpose until the termination of the service or until you cancel your subscription to the service;
- When you give us your consent to send you marketing communications, you can withdraw your consent at any time. We will consider your consent to be current for six years from your last interaction with any email that we send you, with our Site. In any case, we will reduce the number of marketing contacts after six months if you do not interact with us;
- When we use your personal data and browsing history to analyse your behaviour in order to customise the website and to show you personalised sales offers, we will keep the data for analytical purposes until you ask us to delete it; and
- When we use personal data for market research and satisfaction surveys, we will keep the data until you ask us to stop.
9. Your rights regarding your personal data
Subject to applicable law, you may have the following rights regarding the processing of your personal data:
- the right not to provide your personal data to us (however, please note that we will be unable to provide you with the full benefit of our Site, products, or services, if you do not provide us with your personal data – e.g., we might not be able to process your requests without the necessary details);
- the right to request access to, or copies of, your personal data, together with information regarding the nature, processing and disclosure of those personal data;
- the right to request rectification of any inaccuracies in your personal data;
- the right to request, on legitimate grounds:
- erasure of your personal data; or
- restriction of processing of your personal data;
- the right to have certain personal data transferred to another Controller, in a structured, commonly used and machine-readable format, to the extent applicable;
- where we process your personal data on the basis of your consent, the right to withdraw that consent (noting that such withdrawal does not affect the lawfulness of any processing performed prior to the date on which we receive notice of such withdrawal, and does not prevent the processing of your personal data in reliance upon any other available legal bases); and
- the right to lodge complaints regarding the processing of your personal data with a Data Protection Authority (in particular, the Data Protection Authority of the EU Member State in which you live, or in which you work, or in which the alleged infringement occurred, each if applicable).
Subject to applicable law, you may also have the following additional rights regarding the processing of your personal data:
- the right to object, on grounds relating to your particular situation, to the processing of your personal data by us or on our behalf, where such processing is based on Articles 6(1)(e) (public interest) or 6(1)(f) (legitimate interests) of the GDPR; and
- the right to object to the processing of your personal data by us or on our behalf for direct marketing purposes.
This does not affect your statutory rights.
To exercise one or more of these rights, or to ask a question about these rights or any other provision of this Notice, or about our processing of your personal data, please email lilo.sexyboutique@gmail.com Please note that:
- in some cases it will be necessary to provide evidence of your identity before we can give effect to these rights; and
- where your request requires the establishment of additional facts (e.g., a determination of whether any processing is non-compliant with applicable law) we will investigate your request reasonably promptly, before deciding what action to take.
10. Security
We have implemented appropriate technical and organisational security measures designed to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, unauthorised access, and other unlawful or unauthorised forms of processing, in accordance with applicable law.
Because the internet is an open system, the transmission of information via the internet is not completely secure. Although we will implement all reasonable measures to protect your personal data, we cannot guarantee the security of your data transmitted to us using the internet – any such transmission is at your own risk and you are responsible for ensuring that any personal data that you send to us is sent securely.
11. Direct marketing
We process personal data to contact you via email, telephone, direct mail or other communication formats to provide you with information regarding Site, products, or services that may be of interest to you. We also process personal data for the purposes of displaying content tailored to your use of our Site, products, or services. If we provide our Site, products, or services to you, we may send or display information to you regarding our Site, products, or services, upcoming promotions and other information that may be of interest to you, including by using the contact details that you have provided to us, or any other appropriate means, subject always to obtaining your prior opt-in consent to the extent required under applicable law.
You may unsubscribe from our promotional email list at any time by simply clicking on the unsubscribe link included in every promotional electronic communication we send. Please note that it may take up to 2 weeks to process your unsubscribe request during which time you may continue to receive communications from us. After you unsubscribe, we will not send you further promotional emails, but in some circumstances we will continue to contact you to the extent necessary for the purposes of any Site, products, or services you have requested.
12. Changes to this Policy
We keep our Privacy Policy under regular review in order to reflect changes in our services and in privacy law. Where possible we will inform you of any changes, but please check the contents periodically. The date of issue and version number are shown at the beginning of the notice.
Klarna
In order to be able to offer you Klarna’s payment options, we will pass to Klarna certain aspects of your personal information, such as contact and order details, in order for Klarna to assess whether you qualify for their payment options and to tailor the payment options for you.
General information on Klarna you can find here. Your personal data is handled in accordance with applicable data protection law and in accordance with the information in Klarna’s privacy policy.