and email address. You can also choose to give us your phone number and address. My Account provides you with an overview of your shopping bag and your order history. You can update or delete your account at any time by logging in and following the instructions on the web pages and screens.

FRAUD PREVENTION

We use the personal data submitted by you when you place an order for fraud detection and fraud prevention purposes. For those purposes we may also receive additional information from our payment solution and processing partners.

REGULATORY REQUIREMENTS

We use and store your personal data in order to comply with regulatory requirements, e.g. bookkeeping regulations.

BUSINESS PURPOSES

We de-identify or aggregate data we receive and may use and disclose it for any business purposes. We will process such data only in a de-identified fashion and not attempt to re-identify such data.

3. SHARING PERSONAL DATA

In order to provide our services, we share personal data with our partners. We only share your data when this is allowed by law and all our partners are committed to keeping your data safe. Some of our partners are “data controllers” and others are “data processors” or “service providers”. We may provide partners with the personal data we collect (as described above) for our business and commercial purposes, such as to assist us in providing products and services to you, including to process transactions, deliver products at your request, help us market to consumers, and as otherwise described below. We do not sell your personal data to third parties.

DATA CONTROLLERS

The below-described partners are data controllers meaning that they are directly responsible for the processing of your data. We only share personal data to the extent it is required for performance of their services to us, e.g. shipping. For example, when you complete an order, your payment is handled by our payment solution partners. Some of our payment solution partners are data controllers. In order to be able to offer you these payment options, we will pass certain aspects of your personal data, such as personal identifiers (including contact information) and commercial data (including order details), in order for the payment providers to assess whether you qualify for their payment options and to tailor the payment options for you. You can find more information about these providers, including their terms and conditions and privacy policies on their websites. Your orders are sent to our warehouse partner. When your order is packed and ready to ship, we share your personal identifiers (e.g., your name, address, email and phone number) with our carrier partners to fulfil your delivery. For marketing purposes, we may share non-reversible and encrypted (hashed) information about you and your use of our websites and services with our advertising partners who may combine it with other information that you have provided to them directly or that they have collected themselves about you so they can show you personalized advertisements. We also share information such as your IP address and order information with our affiliate partners to settle commissions for their reference to our web shop. We also allow partners to use cookies to collect information from users of our website and mobile apps as described above in the Marketing and Advertising section.

DATA PROCESSORS AND SERVICE PROVIDERS

The partners described below are data processors/service providers who are only allowed to process personal data on behalf of us and according to our instructions. We disclose personal data to data processors in connection with providing products and services to you, processing your transactions, our business and commercial purposes, and as otherwise described below. Our payment solution partner Adyen handles your payments as a data processor. Your payment details are sent directly to Adyen where it is handled and stored in accordance with their security measures in compliance with regulatory standards. Our technical service providers process your personal data when they have access to our databases or store personal data in their applications. These service providers include, for example, hosting providers, providers of our website platform and providers of message distribution tools. In addition, we have partners who provide tools related to customer service and customer experiences, e.g. a chat tool on our website or a customer experience feedback tool. Finally, as part of our marketing activities we share non-reversible and encrypted (hashed) customer information, including personal identifiers such as contact information with social media networks and with other partners who will make the campaigns available to you on their websites or in your social media news feed.

OTHER SITUATIONS WHERE WE SHARE DATA

If we believe we are obliged by law, a court decision, or a decision of another authority, we will access, preserve, and share personal data with the relevant authority or third party. We also report fraud incidents to the relevant law enforcement authorities. We also may access, preserve, and disclose information if we believe that such action is necessary in our judgment to protect and defend our rights or property, or those of others. In the event of a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another entity (whether by private sale, through operation of law, as part of a divestiture plan, or otherwise), we will provide personal data and transaction history associated with each such business unit to the persons and/or entities assuming control of such business unit or as otherwise necessary to complete the transaction as permitted by law or contract. The website and mobile apps may provide options allowing you to share information with social networking websites, such as Facebook. Their use of the information you share will be governed by the social media privacy policies, and we are not responsible for how they treat the information you share.

5. HOW LONG DO WE STORE YOUR DATA

We only store your personal data for as long as it is necessary to fulfill the purpose for which it was collected, to establish, defend or exercise legal claims or to comply with regulatory requirements, e.g. bookkeeping regulations in the countries where we operate. When this is no longer the case, the information will be deleted. There may also be residual information that will remain within our backup files, databases, and other records, which will not be removed or changed, except in accordance with retention policies. You can also request us to delete personal data as described in the Privacy Rights section below.

6. PROTECTING PERSONAL DATA

We employ reasonable security measures to protect the information we receive. Please remember, though, that no method of electronic transmission or storage is 100% secure.

7. LINKS

The website and mobile apps may contain links to other websites and mobile apps, and other websites may link to our websites and mobile apps. We are not responsible for the privacy practices of such other websites and mobile apps. Whenever you visit another website or mobile app – via a link from our website or mobile apps or otherwise – you should review the privacy policy of that other website or mobile pap. This Privacy Policy applies solely to information provided or obtained on our website or mobile apps.

8. NO USE BY CHILDREN UNDER 13

The website and mobile apps are not intended for use by children under the age of 13. If you are under the age of 13, you may not use our website or mobile apps. We do not knowingly collect, maintain, or use personal information from children under 13 years of age. If we believe that any information has been posted by a child under the age of 13, we will promptly delete that information. Parents may contact us using the methods set forth below to request that information concerning their child be removed from our websites and mobile apps.

9. QUESTIONS

Customer questions, comments, and feedback are very important to us. Upon request, we will allow you to access and change certain information about you (e.g., your contact information). To do so, contact us at:

Handels B.V. Koivistokade 1c, 1013AC Amsterdam, the Netherlands or by e-mailing us at customerservice@bestseller.com.

10. NOTIFICATION OF CHANGE TO THE PRIVACY POLICY

We reserve the right to modify this Privacy Policy. Whenever we decide to materially change this Privacy Policy, notice of the change will be posted on the website for a reasonable period of time or provided to you using other means. Nevertheless, you should review the Privacy Policy from time to time to be sure you are aware of the most recent version. We will only use information in accordance with the Privacy Policy in effect at the time the information was collected, unless we receive your consent.

11. PRIVACY RIGHTS

Certain jurisdictions, including in the EEA, UK, Switzerland, and U.S., impose specific legal requirements and privacy rights with respect to personal data, and we will comply with restrictions and any requests you submit as required by applicable law. For example, consumers may have one or more of the following privacy rights: to request additional information about our data collection, use, and disclosure practices in connection with the consumer’s personal information; to request access to the specific personal information collected about the consumer; to request the deletion of personal information we have about the consumer; to request a restriction on certain processing of personal information; and to request correction of inaccurate information. Also, certain consumers have the right not to receive discriminatory treatment if they exercise the rights list above. You may be able to use the website or mobile apps to access and update the information that you have provided to us through your use of the website or mobile apps or otherwise. If you would like to request access to such information or that we update, correct, or delete any such information, you may submit your request HERE . We will comply with requests you submit as required by applicable law.

When you make a request, we may require that you provide information (such as your name, email address and/or zip code) and follow procedures so that we can verify a request you make and your jurisdiction before responding to it. The verification steps we take may differ depending on your jurisdiction and the request you make. We will match the information that you provide in your request to information we already have on file to verify your identity. If we can verify your request, we will process it. If we cannot verify your request, we may ask you for additional information to help us verify your request. We will respond to your request within the time period required by applicable law. However, we may not always be able to fully comply with your request, and we will notify you in that event. Certain privacy laws permit consumers to use an authorized agent to make privacy rights requests. We require the authorized agent to provide us with proof of the consumer’s written permission (for example, a power of attorney) that shows the authorized agent has the authority to submit a request for the consumer. An authorized agent must follow the process described below to make a request, and we will additionally require the authorized agent to verify his/her own identity and we will confirm the agent’s authority with the consumer about whom the request was made.

12. INFORMATION FOR SPECIFIC JURISDICTIONS

1. Information for individuals located in the European Economic Area, the UK, and Switzerland

1. Controller BESTSELLER Handels B.V., Koivistokade 1c, 1013 AC Amsterdam, the Netherlands, is the data controller of the personal data covered by this Privacy Policy.
2. Legal Bases for Collecting and Using your Personal Data We collect and use your personal data on the following legal bases:

1. Our performance of a contract, cf. GDPR article 6, 1 (b)

• Fulfilment of your order, including returns handling

2. Our legitimate interest, cf. GDPR article 6, 1 (f)

• Customer service • Improvement of your user experience • Fraud detection and prevention • Analysis, user experience and development based on cookies

3. Your consent, cf. GDPR article 6, 1 (a)

• Customer clubs • My Account • Marketing through push messages in apps • Cookie-based marketing

4. Our legal obligations, cf. GDPR article 6, 1 (c)

• Regulatory requirements

3. Transferring Data outside the EU

Some of our partners handle your personal data outside the EU. In such case we will take steps to transfer your personal data with an adequate level of data protection. Unless otherwise stated, the data transfer is safeguarded by the EU Commission’s Standard Contractual Clauses. The partners listed below are entities located outside the EU: • Google, USA
• Facebook, USA • Zendesk, USA • Atlassian, USA • Mailjet, USA

In addition, some of our partners may use external subcontractors (sub-processors) located outside the EU. In such case, our partner is obligated to keep your personal data safeguarded. If you want specific information about these external sub-processors, please contact customerservice@bestseller.com.

4. Privacy Rights

Residents of the European Economic Area, the UK, and Switzerland have the following rights: RIGHT OF ACCESS One of the most important rights that you have is the right to request access to the data that we have registered on you. If you request access, we will provide you with a copy of your personal data. RIGHT TO BE FORGOTTEN Another important right in terms of your relationship with us is that you have the right to be forgotten, meaning you can file a request asking that we delete the data that we have registered on you. We may not be able to delete all your personal data as we are required to continue to store certain data in order to comply with legal requirements or to establish, defend or exercise legal claims. RIGHT TO OBJECT You are entitled to object to the processing of your personal data on certain grounds. For example, you can object to the processing of your personal data for direct marketing purposes, including profiling. RIGHT TO RECTIFICATION If you believe that the data we have registered on you is inaccurate or incomplete, please let us know and we will make sure to update your information. RIGHT TO RESTRICTION In combination with some of your other rights you can also request that we restrict the use of your personal data, e.g. instead of full erasure or during our assessment of your objection. RIGHT TO DATA PORTABILITY You can file a request asking us to supply you with the personal data that you have provided to us in a structured, commonly used and machine-readable format and to transmit the data directly to a specific recipient. COMPLAINTS If you wish to lodge a complaint about how we handle your personal data, you can always contact our customer service team. You can also file a complaint with your local DATA SUPERVISORY AUTHORITY.

2. Information for individuals located in California

We are not currently “selling” (as defined by the California Consumer Privacy Act) and do not “sell” your personal data without your consent. We also do not rent, sell, or share personal information (as defined by California Civil Code §1798.83) with other people or unaffiliated companies for their direct marketing purposes. California consumers have the right to request the deletion of their personal data, additional information about our use and disclosure of their personal data, and the specific pieces of personal data we have about them. California consumers also have the right not to receive discriminatory treatment if they exercise the rights list above. To make privacy requests, California consumers may contact us HERE , or email us at: [insert email address]. Consumers will be required to submit their email address, and may also be asked to provide their name, location, and telephone number so that we can verify the request. California law permits California consumers to use an authorized agent to make privacy rights requests. We require an authorized agent to provide us with proof of the California consumer’s written permission (for example, a power of attorney) that shows the authorized agent has the authority to submit a request for the California consumer. Authorized agents must follow the process described above to make a request, and we may additionally require authorized agents to verify their identity and registration to do business in California and we may confirm the agents’ authority with the California consumer about whom the request was made.