Privacy Policy
Last updated: 3rd August 2023
We are excited to share that Fiorelli is under new ownership. Centric Brands International Europe Limited (“Centric Brands”, “we”, “us” or “our”) acquired Fiorelli on 2 November 2021. This Privacy Policy sets out how we collect, use, disclose and protect personal data (as defined below). It also tells you about rights and choices that you may have with respect to your personal data, and how you can contact us if you have any questions or concerns. We value the confidence and trust customers place in us and strive to protect that trust by holding personal data in strict confidence. This Privacy Policy contains the following sections: Personal Data We Collect and How We Collect It Purposes For And Bases For Collection And Use Of Personal Data Marketing How We Share Your Personal Data International Transfers Security And Data Retention Your Rights Children’s Privacy Links to External Websites Changes to this Privacy Notice How to Contact Us
Personal Data We Collect And How We Collect It
We collect personal information about you, including information that can help us directly or indirectly identify you (“personal data”). Where applicable, we will indicate whether and why you have to provide us with your personal data, as well as the consequences of failing to do so. In certain circumstances, if you do not provide your personal data, you may not be able to benefit from our products and services if that information is necessary to provide you with them or if we are legally required to collect it. The type of personal data we collect includes:
- identifiers and similar information such as name and title, postal address, email address and telephone numbers;
- financial data such as bank account and payment card details;
- transaction data such as details of products and services you have purchased from us;
- profile data such as your interests, preferences, feedback and survey responses;
- internet or other electronic network activity information, including interactions with our website or use of certain online tools; and
- audio, visual, or similar information, and photographs and video images which may later be used to identify you
We collect personal data directly from you when you submit it to us in the following ways:
- Communications via our website. We collect personal data when you provide it to us through communications via our website. This includes where you have contacted us through the channels listed on the “Contact Us” page on our website and similar situations in which you have chosen to provide the information to us, including for customer services support
In addition, telephone calls to, and any chat sessions with, our customer service representatives may be monitored and recorded for record-keeping, training and quality assurance purposes, as well as for the other purposes set forth under “Purposes For And Bases For Collection And Use Of Personal Data” below.
- Goods or services you request. Where you request a good or service from us, we will collect your personal data in order to process your request and otherwise contact you following a purchase
- In-store. In certain cases, we ask you to provide us with your contact details in store to allow us to send you marketing materials in accordance with applicable law
We collect personal data via automated means, as follows:
- Automated technologies or interactions. As you interact with our website, we may automatically collect technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. Please see our Cookie Policy for further details
We may also collect personal data from others, such as:
- Publicly available sources. We may collect information from public websites or other publicly accessible directories and sources, including bankruptcy registers, tax authorities, governmental agencies and departments, and regulatory authorities
- Third parties. We may receive personal data about you from various third parties, for example providers of technical, payment and delivery services
- Our affiliates. We may receive personal information from our affiliates, our service providers, or our affiliates’ service providers
Purposes For And Bases For Collection And Use Of Personal Data
We collect, use and process personal data for the purposes outlined below and based on the legal bases provided below. We process your personal data in order to enable us to perform the contract we are about to enter into or have entered into with you. We also process personal data to ensure compliance with local legal and regulatory requirements. We handle your personal data for the purposes of our legitimate and overriding business interests, including:
- to enable us to carry out our obligations arising from any contracts and to provide you with the information, products and services that you request from us;
- to enable us to respond to an enquiry or other request you make when you contact us via our website or otherwise, including for customer services support;
- to notify you about changes to our service;
- to enable us to issue a notice or corrective action to you in relation to any of our products or services, if required;
- to better understand how you interact with our website, including its functionality and features, and ensure that content is presented in the most effective manner;
- to enable us to send you direct marketing that you have consented to receive;
- to provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about and we feel may interest you, as described in the section 3 (Marketing) below;
- to invite you to take part in market research and testing of new features, products or services and to conduct these activities;
- to detect security incidents and protect against malicious, deceptive, fraudulent, or illegal activity, including preventing fraud or terrorist financing and complying with anti-money laundering obligations;
- to monitor and collect video evidence of any crime or wrongdoing in our stores;
- to arrange internal operations, such as troubleshooting, testing, research and statistical purposes; and
- to protect our business interests and legal rights in connection with legal claims, compliance, regulatory and investigative purposes. We also handle your personal data where you have consented to us doing so.
Marketing
We may contact you to provide you with information about goods and services similar to those which were the subject of a previous sale or negotiations of a sale to you. We may also contact you to provide you with information about goods and services by way of direct marketing that you have consented to receive, including by submitting your preferences electronically or during a visit to one of our stores. You may be contacted by us, Centric Brands affiliated companies, or by one of our selected partners, in each case where you have consented to receive these communications. You may opt out of receiving our marketing communications at any time, please contact us through the contact information provided in section 11 below or by using the unsubscribe link in any of our communications. We will continue to contact you for non-marketing related purposes where we need to issue a field corrective or safety notice, or where we need to send certain information to you under a legal, regulatory, or ethical requirement.
How We Share Your Personal Data
We may share your personal data with:
- other affiliates, subsidiaries and companies within the Centric Brands group of companies, including in the United Kingdom, United States of America and Canada;
- our selected commercial partners and sponsors where you have chosen to participate in surveys, opinion groups or other marketing-related initiatives relating to your use of our goods and services;
- a prospective seller or buyer in the event of a sale or purchase of any Centric Brands business, shares or asset so that the seller or buyer can continue to provide you with information and services. We may also share personal data as part of a transactions such as financing, bankruptcy or reorganisation of Centric Brands and its affiliates, subsidiaries and companies within the Centric Brands group of companies;
- our service providers that we engage to provide services to us. Where we provide your personal data to third party services providers, they are required to keep your personal data confidential and secure, and must only use your personal data as instructed by us;
- our distributors, business partners, professional advisors (including banks, auditors, law firms and consultants) or other service providers, including for marketing purposes or where you have chosen to share your personal data through various features and functionality provided via our Website; and
- law enforcement agencies and other governmental and non-governmental bodies, for the purposes of reporting or evidencing a crime.
We may also share your personal data with third parties with your consent. We may also disclose your personal data where required to respond to authorised requests from government authorities or if we believe it is reasonably necessary to comply with a law, regulation, valid legal process, or other governmental or regulatory request. Where we are required by law, we may also disclose your personal data where it is necessary to enforce or apply this Privacy Policy or other agreements; to investigate or protect the legitimate interests, rights, property or safety of Centric Brands or its affiliates, our products and services, our employees, our users or customers, our distributors, business partners or others; or to prevent or take action regarding illegal activities or fraud, situations involving potential threats to the safety of any person or as necessary to protect our business interests and legal rights in connection with legal claims and regulatory and investigative procedures.
Mobile Terms of Service
The Fiorelli mobile message service (the "Service") is operated by Fiorelli (“Fiorelli”, “we”, or “us”). Your use of the Service constitutes your agreement to these terms and conditions (“Mobile Terms”). We may modify or cancel the Service or any of its features without notice. To the extent permitted by applicable law, we may also modify these Mobile Terms at any time and your continued use of the Service following the effective date of any such changes shall constitute your acceptance of such changes.
By consenting to Fiorelli’s SMS/text messaging service, you agree to receive recurring SMS/text messages from and on behalf of Fiorelli through your wireless provider to the mobile number you provided, even if your mobile number is registered on any state or federal Do Not Call list. Text messages may be sent using an automatic telephone dialing system or other technology. Service-related messages may include updates, alerts, and information (e.g., order updates, account alerts, etc.). Promotional messages may include promotions, specials, and other marketing offers (e.g., cart reminders).
You understand that you do not have to sign up for this program in order to make any purchases, and your consent is not a condition of any purchase with Fiorelli. Your participation in this program is completely voluntary.
We do not charge for the Service, but you are responsible for all charges and fees associated with text messaging imposed by your wireless provider. Message frequency varies. Message and data rates may apply. Check your mobile plan and contact your wireless provider for details. You are solely responsible for all charges related to SMS/text messages, including charges from your wireless provider.
You may opt-out of the Service at any time. Text the single keyword command STOP to Fiorelli or click the unsubscribe link (where available) in any text message to cancel. You'll receive a one-time opt-out confirmation text message. No further messages will be sent to your mobile device, unless initiated by you. If you have subscribed to other Fiorelli mobile message programs and wish to cancel, except where applicable law requires otherwise, you will need to opt out separately from those programs by following the instructions provided in their respective mobile terms.
For Service support or assistance, text HELP to Fiorelli or email hello@fiorelli.com.
We may change any short code or telephone number we use to operate the Service at any time and will notify you of these changes. You acknowledge that any messages, including any STOP or HELP requests, you send to a short code or telephone number we have changed may not be received and we will not be responsible for honoring requests made in such messages.
The wireless carriers supported by the Service are not liable for delayed or undelivered messages. You agree to provide us with a valid mobile number. If you get a new mobile number, you will need to sign up for the program with your new number.
To the extent permitted by applicable law, you agree that we will not be liable for failed, delayed, or misdirected delivery of any information sent through the Service, any errors in such information, and/or any action you may or may not take in reliance on the information or Service.
We respect your right to privacy. To see how we collect and use your personal information, please see our Privacy Notice.
Feefo: how do we use personal data to ask you for feedback via email?
We share your name, email address and the product/service you purchased (as obtained during the order process) with Feefo, who will send you an email on our behalf asking you to complete a review. Our legal basis for doing this is our legitimate interest in asking for feedback in order to improve our products and services. Please see Feefo’s privacy policy for more information on how Feefo uses the reviews you submit.” Any questions just ask! Email us at GDPRcompliance@feefo.com, and we will be sure to help
International Transfers
We may share your personal data within the Centric Brands group. If you are located in the United Kingdom (“UK”), the European Economic Area (“EEA”), Switzerland or other regions with laws governing the processing of personal data, please note that this will involve transferring your personal data outside the UK, EEA, Switzerland or those regions to countries that do not have the same data protection laws as the country in which you initially provided the information. Many of our external third parties are based in countries outside the UK or EEA (which may include, but are not limited to, the United States of America) so their processing of your personal data will involve a transfer of data outside the UK or EEA. Whenever we transfer your personal data outside of the UK or EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will transfer your personal data to persons and undertakings in countries that have been deemed to provide an adequate level of protection for personal data by the European Commission or the UK government. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries and Information Commissioner’s Office: International transfers after the UK exit from the EU Implementation Period.
- We will transfer your personal data to persons and undertakings where we use specific contracts approved by the European Commission or the UK Secretary of State which give personal data the same protection it has in the UK or EEA, as supplemented where and if required. For further details, see European Commission: Model contracts for the transfer of personal data to third countries and Information Commissioner’s Office: Standard Contractual Clauses (SCCs) after the transition period ends.
- We may transfer your personal data to persons and undertakings outside of the EEA or the UK pursuant to other appropriate safeguards for the transfer of personal data.
- We may transfer your personal data on one of the conditions allowed under applicable law in the absence of an “adequacy” decision or appropriate safeguards, for example where you have consented to such transfer. For further information on the specific mechanism used by us when transferring your personal data outside of the UK or EEA, please contact us through the contact information provided in section 11 below.
Security And Data Retention
To protect your personal data from unauthorised access and use, we use security measures that comply with applicable law. We will take reasonable steps to use technical, administrative, organisational and physical security measures appropriate to the nature of the personal data we are processing and that comply with applicable law to protect personal data against unauthorised access and exfiltration, acquisition, theft, or disclosure. We generally restrict access to personal data to those employees and agents who have been advised as to the proper handling of such information and who need to know such data to provide services to clients. Given the nature of information security, there is no guarantee that such safeguards will always be successful. We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, contractual, accounting, or reporting requirements. How long we keep your personal data will vary depending on, among other things, the type of personal data and our reasons for collecting it. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Your Rights
You may inform us of any changes in your personal data, and in accordance with our obligations under applicable data protection laws we will update or delete your personal data accordingly. UK and EEA residents: You may have the right to request:
- (a) access to the personal data we hold about you;
- (b) request we correct any inaccurate personal data we hold about you;
- (c) request we delete any personal data we hold about you in certain circumstances;
- (d) restrict the processing of personal data we hold about you;
- (e) object to the processing of personal data we hold about you in certain circumstances, including where we process personal data for direct marketing purposes or where we have processed such data on the basis of our legitimate interests;
- (f) withdraw your consent to the processing of your personal data (where applicable); and/or
- (g) receive any personal data we hold about you in a structured and commonly used machine-readable format or have such personal information transmitted to a third party.
Children’s Privacy
Our products and services are not directed to children, and we do not knowingly collect information from children under the age of 13. If you learn that a child has provided us with personal data in violation of this Privacy Policy, then you may alert us through the contact information provided in section 11 below.
Links to External Websites
Our website may contain links to third party websites. Any access to and use of such third party websites is not governed by this Privacy Policy, but, instead, is governed by the privacy policies of those third party websites. We are not responsible for the information practices of such third party websites.
Changes to this Privacy Notice
We may update this Privacy Policy from time-to-time at our sole discretion. We will post the new Privacy Policy online and we will change the “Last Updated” date. Please check back frequently to see any updates or changes to this Privacy Policy.
How to Contact Us
If you have any questions, comments or requests regarding this Privacy Policy, please contact us at hello@fiorelli.com.