OVER LLC (hereinafter “the Company”) is the owner of the Overclothing.com website (hereinafter “the Website”) and responsible for all actions, users (hereinafter “User”, “Users”) perform on the Website’s sections.
Personal Data Collected from the Users
Personal data refers to any information that can help identify the User.
The Website collects the following personal data from the Users:
- Account data: username and password, if the User decides to create an account.
- Identity data: first and last name, birthday (optional).
- Contact data: street address, city, ZIP code, phone number, email address.
- Payment data: payment and billing information.
- Technical data: username and password (if the User decides to create an account), language, Internet Protocol (IP) address, browser type, and version, operating system, and other technical data Users provide when visiting the Website. This personal data is collected even if the User is not logged in, or doesn’t have an account on the Website.
- Usage data: data that shows how Users access, navigate and use the Website, and which Products they click on.
The previously mentioned data is collected according to the EU General Data Protection Regulation. The General Data Protection Regulation (hereinafter “GDPR”) represents a set of rules with a common EU approach to the protection of personal data, and has been applicable since 25 May 2018.
Personal Data Collected from the Users That Are Navigating the Website
Users navigate the Website anonymously, without revealing the identity or contact data. However, when browsing on the Website, the Website does collect particular technical and usage data:
- Users’ IP addresses.
- Time and date of each site visit.
- The first page Users have accessed each time they visited the Website.
- Users’ navigation on the Website.
- The browser and device type and version.
Personal Data Collected from the Users When Purchasing the Products without Registering
When Users decide to purchase Products, they are required to provide personal data that will ensure that the Products are delivered successfully to them. Users can, if they choose to, create their accounts.
When making a payment, all payment and billing data will be sent to the external payment service provider 一 PayPal. When Users decide to purchase the Products using PayPal, they are required to log into their accounts. The Company is not allowed to collect any personal data from the Users that are provided in the PayPal accounts, such as telephone number, information about State, Province, ZIP/Postal code and City Users live in.
All personal data Users provide when ordering Products are shared with the Company’s partner, DExpress, the courier service. The Company is obligated to provide the necessary personal data to the previously mentioned courier service to ensure that the Products are delivered to the Users. DExpress uses personal data to deliver the Products to the Users and contact them in the case of unsuccessful delivery or any other interruptions in the delivery.
Personal Data Collected from the Users When Purchasing the Products and Creating Accounts
Users are able to create accounts when ordering Products. To do so, Users need to check the “CREATE AN ACCOUNT?” checkbox and create their usernames and passwords. When clicking the button “PLACE ORDER” the accounts will be officially created.
The Company advises Users to protect their registered accounts, keeping the account passwords confidential, and without disclosing passwords to third parties. The User must not allow other Users to access the Website through the User’s account nor is the User permitted to access the Website using the account of another User. Additionally, it is highly recommended for Users to create, longer, and therefore stronger and more secure passwords, that contain different symbols.
The Company does not have access to Users’ passwords. The passwords are, however, easily changeable elements, which means that Users can create new ones at any given moment, if they have forgotten the old ones.
Users can, at any given moment, request to deactivate and delete their accounts, by contacting the Company 一 sending an email to firstname.lastname@example.org. Following termination of the User account, the Company may retain profile information for six months period if the information is accurate and relevant for the Company to use it.
Payment and billing data will be sent to the external payment service provider the User has chosen, which is in charge of processing the payment.
Personal Data Collected When Users Subscribe to Newsletter
The Company uses the newsletter to send information related to the Products, such as offers, promotions, discounts, and all news related to the Service itself.
Users may subscribe to OVER newsletter as soon as they get to the first page of the Website, for the first time. Users can, at any given moment, choose not to receive the newsletter emails, by clicking on the link “Unsubscribe” placed at the end of each newsletter content.
Personal Data Collected When Users Contact the Company
To contact the Company, Users must send an email to email@example.com.
The collected personal data Users provide when contacting the Company is stored in the Company email until the Users’ inquiries, suggestions, requests, or complaints are considered as answered or solved.
Personal Data Processing
All of the previously mentioned personal data, collected through the Website and its sections, is processed by the authorized employees in the Company, the Data Controllers. The Company is obligated to invest and use organizational, technical resources when collecting, processing, storing, and disclosing the collected data from any type of loss, misuse, unauthorized access, disclosure or alteration.
Personal data processing is done according to the EU General Data Protection Regulation (GDPR), and in compliance with legal obligations, and for the purpose of:
- managing Terms and Conditions,
- providing and maintaining the Website,
- making improvements on the Website,
- preventing, detecting and addressing technical issues,
- providing Users with additional features on the website, especially for registered Users,
- providing Users with news, special offers, promotions, and general information about the Products and the Service.
For more information on how the data is collected, Users can contact the Company by sending an email to firstname.lastname@example.org.
Personal Data Storing
Personal data is stored as long as it is needed to fulfill the purpose of such data collection, and as long as it is permitted by applicable law.
Personal Data Disclosure
Personal data disclosure complies with the Company’s Terms and Conditions. Third parties that the Company shares personal data are:
- Payment platform 一 PayPal,
- DExpress, the courier service,
- Professional advisers such as lawyers, legal and accounting consultancy services, and financial institutions.
Payment Platform and Personal Data Disclosure
When making a purchase, the Users are required to purchase the Products using PayPal. The payment platform involved in the transaction process collects Users’ personal data to ensure that the transaction is completed successfully.
Other Third Parties and Personal Data Disclosure
There are some third parties that the Company is permitted or obligated by law to share personal data. These third parties include lawyers, legal and accounting services, and financial services.
According to the General Data Protection Regulation 2016/679 (GDPR), Users can exercise the rights related to the personal data that is collected from them. To exercise the rights, Users are required to contact the Company by sending an email to email@example.com, the subject of the message being “Exercising the Users’ rights”. Before such activity can be done, the Company will request to identify the User that requested to exercise the rights.
Here are the following rights Users can exercise:
Right to Access
The User has the right to receive complete and valid information about the personal data processing.
Right to Rectification
The User has the right to correct inaccurate or incomplete data that is being collected. In such case, the User is required to provide correct data by sending the documentation that confirms that the data the Company collected is inaccurate or incomplete.
Right to Restrict Processing
The User has the right to request the processing restriction of personal data. The restriction of can be done only if the Company collects and processes the data in an unlawful manner (and the User is against the personal data erasure), and when the Company does not need the personal data for the processing, but for the defense of legal claims.
Right to Erasure
The User has the right to request the erasure of their personal data collected on the Website. After the erasure request has been received and confirmed by the Data Controller, the data will lead to User’s termination of the profile on the Website and will be erased from the back-up system the next time the back-up is performed.
Right to Withdraw Consent
The User has the right to withdraw their consent for collecting, processing, storing, and securing personal data by the Company at any given moment. To do so, the User is required to contact the Company by sending an email to firstname.lastname@example.org. The revocation of consent does not affect the lawfulness of processing personal data based on consent before its withdrawal.
Right to Object
The User has the right to object to personal data collecting and processing at any given moment. However, the Company is, in particular cases, obligated to continue to collect and process the data, to defend itself of legal claims.
Right to Data Portability
The User has the right to request a copy of the personal data the Company collected in a structured, easily readable form, and legible use. The User can also request that the collected personal data should be sent to another third party.
Personal Data Security
The Company is obligated to use organization and technical resources that help create strong security controls and prevent personal data loss, misuse, unauthorized access, disclosure or alteration. The Company is required to implement and maintain reasonable security procedures and practices to protect personal data from unauthorized access, destruction, use, modification, or disclosure.
Before Users’ personal data is processed and retained in the database, the data is transferred and maintained on computers located outside of Users’ states, provinces, countries or other governmental jurisdictions, where the data protection laws may differ than those from the ones Users’ jurisdiction. All personal data is transferred to servers that are located in the United States and processed.
The Company takes precautions to protect Users’ personal data, both online and offline. The personal data that Users provide is encrypted and transmitted securely. Additionally, only employees who need the particular personal data to perform a specific job (e.g., customer service) are granted access to personally identifiable information.
If the User does not agree with the process of collecting, processing, storing and securing personal data, the User can contact the Company by sending an email to email@example.com or the Commissioner for Information of Public Importance and Personal Data Protection.