Privacy Policy

 

Welcome to Savage X Fenty! We care deeply about privacy. We’re committed to being transparent about our privacy practices, including how we treat, collect, use, and protect your personal data. This privacy notice, together with the materials referred to in it, describes, among others:

  • the personal data that we collect or receive on or through:
  • the website http://www.savagex.co.uk (“Site”);
  • other Savage X Fenty products or services; and
  • all other written or oral communications, such as email or phone, with you (together, “Services”);
  • how we use that information; and
  • the steps we take to protect that information.

 

We need to use your personal data, among others, to operate our business and to provide you with the Services. Please read this Privacy Policy carefully before using the Services. If you don’t want us to collect or use your information in the ways described in this policy, you shouldn’t use the Services.

 

TABLE OF CONTENTS

 

  1. ABOUT US
  2. CATEGORIES OF PERSONAL DATA
  3. MINORS
  4. PROCESSING PURPOSES, LEGAL BASIS
  5. HOW WE SHARE INFORMATION WITH THIRD PARTIES
  6. INTERNATIONAL DATA TRANSFERS
  7. YOUR RIGHTS AND CHOICES
  8. RETAINING YOUR INFORMATION
  9. INFORMATION SECURITY
  10. CHANGES TO THIS NOTICE
  11. HOW TO CONTACT US, DATA PROTECTION AUTHORITY, COMPLAINTS

 

1. ABOUT US

 

We are Savage X Ltd, a company registered in England and Wales under company number 12170155 and with our registered office at 210 Euston Road, London, NW1 2DA, United Kingdom (“we”, “us” or “Savage X”). " We operate the Services and are the data controller responsible for your personal data. Our contact details are set out in section 11.

 

2. CATEGORIES OF PERSONAL DATA

 

When you use the Services, we collect and process the following personal data of you:

  • Registration, account setup, Service usage: When you register for our Services, we will process the following categories of information
    • your name, email address, customer ID, mailing address, delivery address, billing address, phone number, payment method, demographic information such as gender, birthday and other personal identifiers, commercial information such as order history, order ID, items purchased, size, style and product preferences, product reviews, other unique identifiers, and any other information you may choose to provide, such as weight, height and other body measurement. You are entitled to review, edit and, in certain circumstances, delete this information through your account settings.
  • Automated information: We automatically receive and record technical information from your browser or your mobile device when you use the Services such as:
    • Your IP address or unique device identifier, data about which pages you visit. This information is stored in log files and is collected automatically. We may combine this information with other information that we or those we work with collect about you.
    • We also automatically collect device-specific information when you use the Services, including information about the hardware model, operating system information, App version, App usage, browser information, IP address, and device identifiers.
    • We also collect information when you communicate with us through our customer service channels, such as by phone, live chat, web messenger and third-party customer review platforms. In compliance with applicable law, we record and store telephone calls and live chat transcripts when you contact us through our customer service channels. Please note we use chatbots/virtual assistants to assist with common customer service requests and questions when you initiate and interact with the live chat feature available on our Site. By using live chat, you agree to the practices described in this Privacy Policy.
    • We also use session replay technology, to automatically collect and analyse information about the visitor interactions, as the use of the Site, time spent on the webpage, browser used to access to. For more information about cookies and similar technologies, see our Cookie Policy .
  • Analytics performance information: We use data analytics software to record information such as how often you use the App, what happens within the App, aggregated usage, performance data, app errors and debugging information, and where the App was downloaded from.
  • Mobile Information: When you access our Site from a mobile device, we may receive information about your location and your mobile device, such as unique device identifiers and approximate geolocation information in accordance with your device permissions. You may use our Services without enabling location information through your device, however, this may affect some functionality available in the Services.
  • Transaction information: When you make a purchase, return or exchange, we collect information about the transaction, such as the product details and the date and location of the purchase, return or exchange.
  • Information from third parties: You may choose to connect to the Services or register a Savage X Fenty account using a third-party application, such as Facebook, Instagram, Tik Tok, from which we receive personal data. We may also collect public information in order to connect with you.

 

3. MINORS

 

Protecting the privacy of children is especially important to us. The Services are not directed towards children, and we do not knowingly collect personal data from children. If you are under 18 years of age, please do not use the Services. If we learn that we have collected or received personal data from anyone under 18 years of age, we will delete this information. If you are a parent or guardian and discover that your child has provided us with personal data, please contact us as detailed in section 11.

 

4. PROCESSING PURPOSES, LEGAL BASIS

 

 

Processing purpose

Details regarding each processing purpose.

Legal basis

Corresponding legal basis.

Providing and improving the Services: We use your information to provide and improve the Services and our products, for billing and payments, for identification and authentication, registration, account setup, Service usage, for targeted marketing, for general research and aggregate reporting. We may learn about the products and services that you’re interested in from your browsing and purchasing behaviour both through and outside the Services and may suggest potential purchases as a result. We may also contact you by telephone or other electronic channel to provide support.

Processing is necessary to perform our contract governing our provision of the Services to you or we process your personal data based on our legitimate interest in personalising the Services to help you discover products and services of interest to you. We use and share your information to enable us to pursue our legitimate interests in understanding how the Services are being used, and to explore ways to improve the Services. We will ask for your consent where we need to.

Sending you transactional messages: We will process your data information to send you service-related emails or messages. Examples of service-related messages include an email address confirmation or welcome email when you register an account, a confirmation when you place order, information concerning service availability, information about changes to key Service features or functions, and correspondence with our support team. We may also contact you by telephone for transaction-related purposes or to provide support.

Processing is necessary to perform our contract with you.

Sending you marketing messages: We also process your personal data to send you marketing emails or other marketing messages. You may unsubscribe at any time from marketing messages through the opt-out link included in the messages or through your account settings. If you opt out, we may still send you non-promotional emails, such as emails about our ongoing business relations.

Your consent, unless we are legally entitled to send you marketing messages without your consent.

Complying with law, for compliance, fraud prevention and safety: We process and retain your personal data or share it with a third party in the following limited circumstances:

in response to lawful requests by public authorities,

to comply with a subpoena, court order, legal process, or other legal requirement; or

when we believe in good faith that such processing is reasonably necessary to comply with the law, prevent imminent physical harm or financial loss, or investigate, prevent, or take action regarding illegal activities, suspected fraud, threats to our property, or violations of our terms and conditions.

Processing is necessary to comply with our legal obligations or where we have a legitimate interest. In rare cases it may also be necessary in the public interest or to prevent loss of life or personal injury.

Defending our legal rights: We process your personal data to protect, establish, or exercise our legal rights or to defend against legal claims, including to collect a debt.

Processing is based on our legitimate interest.

Future corporate activity: We may need to transfer your personal data to a third party In the context of future corporate activities, such as a sale, merger, liquidation, receivership or transfer of all or a significant portion of our business or assets.

Processing is based on our legitimate interests, particularly our interest in making decisions that enable our business to develop over the long term.

To create anonymous data for research and development: We aggregate and de-personalise demographic information, so that your personal data is not revealed, in order to share aggregated demographic information with third parties, including to comply with our reporting obligations, for business or marketing reasons, or to assist third parties in understanding the Services and our business.

Processing is based on our legitimate interest to analyse the reach and efficiency of our business.

Analytics performance information: We use data analytics to ensure the functionality of, and to improve, the Services. We use mobile analytics software to allow us to understand the functionality of the App on your mobile device. Processing is based on our legitimate interests, that is also beneficial for you as we use this data to improve the user experience and provide a higher quality servicer.

Processing is based on our legitimate interests, that is also beneficial for you as we use this data to improve the user experience and provide a higher quality servicer.

Location information: We process your location information you provide in your profile or from your IP address or more precise information as set out in Section 2. In order to provide features and to improve and personalise the Services. For example, for internal analytics and performance monitoring, to localise content and (using non-precise location information) for marketing purposes. Certain non-precise location services, such as for security and localization of policies based on your IP or profile address, are critical for the Services to function.

Processing of non-precise location information is based on our legitimate interest

 

5. HOW WE SHARE INFORMATION WITH THIRD PARTIES

 

We share your personal data with the following third parties in the following context, provided that we have a legal basis to do so or where you have expressly made such personal data public.

Service Providers, Consultants and Vendors

    • Performance of the contractual obligations in our terms and conditions and in order to provide the Services to you;
    • Serving our legitimate interests;
    • Protecting the personal safety and property of Savage X Fenty, its customers, or any other third party;
    • Providing or improving our Services and the safety and security of our Services, Site, and Apps including facilitating identification and authentication, targeted online and offline marketing, as through our Messaging Service. For the purposes of the Messaging Service, Attentive acts as our service provider and data processor of your information, for general research and aggregate reporting, customization of website and application customer experiences;
    • Enabling third parties to perform services on behalf of Savage X Fenty including, but not limited to, payment processing, couriers, research, analytics, and security; to help Savage X Fenty operate, provide, and market the Services.
  • Public Authorities, Including Courts and Law Enforcement Agencies
    • compliance with a legal obligation or judicial or administrative order or in the course of judicial or administrative proceedings;
    • protecting the rights and property of Savage X Fenty and our agents, customers, and third parties including the right to enforce our terms and conditions;
  • Third Parties During A Merger:
    • Facilitating the negotiation of any kind of merger and acquisition, or dissolution, transaction, or proceeding involving sale, transfer, divestiture, or disclosure of all, or a portion of our business or assets to another company. In the event of an insolvency, bankruptcy, or receivership, personal data may also be transferred as a business asset. If another entity acquires our company, business, or assets, that entity will possess the personal data collected by us and will assume the rights and obligations regarding your personal data as described in this notice. However, before transferring the personal data, Savage X Fenty and the third party will comply with any necessary legal or administrative procedure.
  • Third-Party application providers: Third party plug-ins or add-ons may collect information about your use of the Services. For example, when you load a page on the Site that has a social plug-in from a third party site or service, such as a ‘Like’ or ‘Send’ button, you are also loading content from that third-party site. These interactions are subject to the privacy practices of the third party. In addition, certain cookies and other similar technologies on the Site are used by third parties for targeted online marketing and other purposes. These technologies allow the third party to recognise your computer or mobile device each time you use the Services. Please be aware that when you use third-party sites or services the terms and privacy practices of the third party will apply to your use of those sites or services. We choose and manage the third party technologies provided through the Services. However, these are third-party technologies and they are subject to the third party's privacy policy. For more information, see our Cookie Policy . If you provide your personal data to third parties different privacy practices may apply to the use or disclosure of the information you provide to them. We are, in principle, not responsible for the privacy or security practices of third-party sites or services, including those linked to or from the Services. We encourage you to read the privacy policies and to ask questions of third parties before you provide your personal data to them.

 

6. INTERNATIONAL DATA TRANSFERS

 

We are part of a global group of companies. When providing our Services we process your personal data in the European Economic Area (“EEA”), United Kingdom ("UK"), US, and other countries in which we and our partners operate for purposes described in this notice. This includes sharing your information with TFG Holding, Inc., our US parent company, and other group companies in our global group, as well as third party service providers.

When your personal data is transferred from your home country to another country, the laws and rules protecting that information in the country to which it is transferred may be different from those in the country in which you live. We will transfer your information only to those countries to which we are permitted by law to do so, and we will take steps to ensure that your information continues to enjoy appropriate protections.

6.1 Transfer Mechanisms

Whenever we transfer personal information to a third country outside of the EEA, we do so on one or more of the following legal bases and transfer mechanisms:

  • Necessary to perform our contract with you. You may choose whether or not to use the Services. However, if you want to use the Services, you must agree to the terms and conditions, which set out the contract between us and you. As we use technical infrastructure in the EEA, UK, US and other countries to deliver the Services to you, in accordance with our contract with you, we need to transfer your personal information within the EEA, to the US and to other jurisdictions as necessary to provide the Services. We can’t provide you with the Services and perform our contract with you without transferring your information in this way.

Where applicable, we rely on:

  • Existing decision by the EU Commission, based on Article 45 of Regulation (EU) 2016/679 (GDPR) in which the EU Commission has stipulated that certain third countries provide for an essentially adequate level of data protection as under the GDPR (e.g. for transfer from the EEA to the UK).
  • Adequacy decision by the UK Secretary of State, based on Article 45 of the UK GDPR and Section 17A of the Data Protection Act 2018.
  • In the absence of an adequacy decision, we have implemented appropriate transfer mechanisms to safeguard your personal information when we transfer it outside of the EEA:
  • Standard Contractual Clause/Model Clauses. The European Commission has adopted Standard Contractual Clauses, also known as Model Clauses, which provide safeguards for personal information that is transferred outside of the UK / EU or EEA. You may view the Model Clauses on the Commission’s website, here.

If you would like a copy of the Standard Contractual Clauses, please submit a written request to the following address: Savage X Ltd, Att.ne General Counsel, 210 Euston Road, London, NW1 2DA, United Kingdom

  • Binding Corporate Rules. Some of our partners may have implemented binding corporate rules to protect your personal information during international transfers from the EEA to third countries within our partner organisations.

EU-USA Data Privacy Framework and UK Extension to the Data Privacy Framework: SavageX and certain other companies in our global group participate in the EU-US Data Privacy Framework ( “EU-US DPF”)and the UK extension to the EU-US Data Privacy Framework (“UK Extension to the EU-US DPF”), as part of our commitment to maintain high data protection standards when transferring Personal Information between European Economic Area (“EEA”) the UK and the United States ( “US”).

We are committed to comply with the obligations under the EU-US Data Privacy Principles, as set forth by the US Department of Commerce. SavageX has certified to the U.S. Department of Commerce that it adheres to the EU-US Data Privacy Framework Principles (“EU-US DPF Principles”) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-US DPF and the UK Extension to the EU-US DPF. If there is any conflict between the terms in this privacy policy and the EU-US DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit here.

In compliance with the EU-US DPF Principles, we are committed to resolve complaints about the collection or use of your Personal Information transferred to the United States pursuant to the EU/US DPF Principles and UK extension, as detailed in section 11.

 

7. YOUR RIGHTS AND CHOICES

 

  • Request access to your personal data in order to receive a copy of the personal data we hold about you.
  • Request correction of the personal data that we hold about you in order to have any incomplete or inaccurate data corrected, though we may need to verify the accuracy of the new data you provide to us.
  • Request erasure of your personal data in order to ask us to delete or remove personal data where there is not a good reason or legitimate interest for us to continuing to process it. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request. For example, where we have a legal obligation to retain and store your personal data.
  • Request restriction of processing of your personal data in order to ask us to suspend the processing of your personal data.
  • Request the portability of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to personal data which you initially provided consent for us to use or where we used the personal data to perform a contract with or provide services to you.
  • Object to processing of your personal data if, as explained in section 4, we process your information based on our legitimate interests, and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms In some cases, we may demonstrate that we have compelling legitimate grounds to process your personal data which override your rights and freedoms.

Where you have provided your consent to processing of your data, you have the right to withdraw your consent at any time with effect for the future. The withdrawal of consent does not affect the lawfulness of our processing based on consent before your withdrawal.

We work with third parties to manage our ads on other sites. These third parties may use cookies or similar technologies in order to provide you with ads based upon your browsing activities and interests. If you have chosen to connect your account to an external third-party application, such as Facebook, you may change your settings by changing your account settings.

 

8. RETAINING YOUR INFORMATION

 

We will retain your personal data only for as long as your account is active, as needed to provide the Services to you, or otherwise as necessary for the purposes described in this policy.

However, we may be obliged to retain your personal data due to certain legal requirements, such as for legal and/or administrative proceedings. Once the retention period resulting from these proceedings has ended, we will proceed to delete the personal data.

 

9. INFORMATION SECURITY

 

The security of your personal data is very important to us. We follow generally accepted standards to protect the information we collect and receive, both during transmission and after it is received. We maintain appropriate administrative, technical and physical safeguards to protect your information against accidental or unlawful destruction, accidental loss, unauthorized alteration, unauthorized disclosure or access, misuse, and any other unlawful form of processing. This includes, for example, firewalls, encryption, password protection and other access and authentication controls. However, no method of transmission or storage is completely secure. While we strive to protect your personal data, we can't guarantee its absolute security. Your account information is protected by a password. It is important that you protect against unauthorised access to your account and information by choosing your password carefully and by keeping your password and computer secure, such as by signing out after using the Services. If you believe the security of your personal data has been compromised, please contact us as detailed in section 11. If we become aware that your information has been compromised, we will inform you in accordance with applicable law.

 

10. CHANGES TO THIS NOTICE

 

This notice is subject to occasional revision. We will notify you of the changes by posting the changes on or through the Services, or by sending you an email about the changes, and/or by posting an update in the version notes on the App’s platform . Any changes will be effective upon the earlier of fourteen (14) calendar days following our dispatch of an email notice or fourteen (14) days following our posting of the changes on or through the Services. We encourage you to check back regularly and review any updates. If we make any material changes in the way we use your personal data, we will notify you by sending you an email to the last email address you provided to us and by posting notice of the changes on our Site.

 

11. HOW TO CONTACT US, DATA PROTECTION AUTHORITY, COMPLAINTS

 

If you have any questions or comments about this notice, your personal data, or your choices and rights, please contact:

 

  • our support team:

  • our EU Data Protection Officer:

 

You also have the right to file a complaint against us with The Information Commissioner's Office (ICO)". The Information Commissioner's Office is our lead supervisory authority for data protection matters. The ICO's contact details are:

Address: Wycliffe House Water Lane Wilmslow
Cheshire SK9 5AF

Email:icocasework@ico.org.uk.

Telephone: 0303 123 1113

Fax: 01625 524510

 

If you live in the EEA, you are entitled to also file a complaint with your local data protection authority. You may find details of your local authority here.

In compliance with the EU-US and the UK Extension to the EU-US DPF, Lavender Lingerie commits to resolve EU-US Principles-related complaints about our collection oand use of your personal information. European Union and UK individuals with inquiries or complaints regarding this Privacy Policy should first contact SavageX at:

Lavender Lingerie GmbH
Attn: Privacy Department
Schlesische Straße 38
10997 Berlin, Germany

SavageX has further committed to refer unresolved EU-US DPF Principles-related complaints concerning our handling of personal data received in reliance on the EU-US DPF and the UK Extension to the EU-US DPF to a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit here for more information or to file a complaint. There is no charge to consumers for calling or using this independent dispute resolution mechanism.

Under certain limited conditions, European Union and UK individuals may be able to invoke binding arbitration before a panel to be established by the U.S. Department of Commerce, the EU data protection authorities (DPAs), the UK Information Commissioner’s Office (ICO) and the Gibraltar Regulatory Authority (GRA).

 

10/2023