Privacy Policy

Date: January 2020 

1. GENERAL

1.1. Crowd Media B.V., organised under the laws of the Netherlands, having its place of business at Piet Heinkade 95B, 1019 GM, Amsterdam, registered with the Chamber of Commerce in Amsterdam under number 68741839,  (herein  referred  to  as  the  “data controller”, “we,”, “us”  or  “our”)  provides  and makes  available  certain  websites,  including,  without  limitation,  www.thelondonlabs.com (collectively,  the  “Site”),  pursuant  to  which  we  offer  hair  care  advice  and  tips  on trends  and  practices (the “Company Services”),  as  well  as  making  available  London Labs’  unique  hair  care  products  for purchase  (the  “Products”) to  our  Site  visitors (“you”, “your”).

1.2. This Privacy Policy explains the ways in which we may collect, store, use and, in certain circumstances, disclose (all together “process”) your Personal Data when you visit or use our Site or other services we offer, in accordance with all applicable laws.

1.3. Please read this Privacy Policy carefully, and if you have any questions, feel free to contact us. If you do not agree with the terms of this Privacy Policy, then do not browse our website and/or use our Services available through it/contained therein.

1.4. “Personal Data“, as used in this Privacy Policy, means any information relating to an identifiable person who can be, directly or indirectly, identified in particular by reference to an identifier. To give you a clearer idea of the aforesaid definition, Personal Data may include your name, home address, home or mobile telephone number, e-mail address, age, personal preferences and opinions; basically, any information that may be personally associated with you. In section 2 below, we describe your personal data that we process.

1.5. In case any Personal Data you provided us with will be identified as being “Sensitive Data” (such as, but not limited to, information with respect to your racial or ethnic origin, political opinion, sexual preference or religion), we will ask your explicit consent for the use of such Personal Data in case such is legally required.

 2. PERSONAL DATA WE COLLECT

When you interact with us through the Site, we may collect Personal Data and other information from you, as further described below:

2.1. Personal Data that you provide

When you purchase Products on our Site, you will provide us, at least, with your name, shipping address, email address and, depending on the selected payment method, with other Personal Data such as your bank account or credit card details. Additionally, you may also provide us with, without limitation, your birth date, (mobile) phone number, likes, dislikes or any other information you voluntarily share with us. Furthermore, we will need your Personal Data in case we are in postal, phone or electronic mail contact with you (for example because of a refund you are requesting).

Also, when you create an account with us, we will keep your first and last name and email address as well as your home address, phone number, shipping address, billing address, banking details, order history and wish list. We will store the data in your account for as long as you are a customer. In case you did not use your account for 7 years all data will be deleted. You can delete your account at any time, however, we may need to keep certain Personal Data to comply with legal obligations to which we are subject.

2.2. Browsing information

When you browse our Site and/or use our services available through it/contained therein, our servers use cookies, clear GIFs/pixel tags, JavaScript, local storage, log files, and other mechanisms to automatically collect and record information about your browsing activities, and use of the services. The recording of data for the provision of the website and the processing of data in log files is an absolute necessity for the operation of the website. Additionally, the so-called cookies are stored in the internet browser of the device you use to access the website. These are small text files with a sequence of numbers that are stored locally in the cache of the browser used. They serve to make our website user-friendly. The use of cookies may be technically necessary or may occur for other purposes (e.g. analysis/evaluation of website use). We may combine this “activity information” with other personal data we collect about you.

Generally, we use this activity information to understand how our services are used, track bugs and errors, improve our services, verify account credentials, allow logins, track sessions, prevent fraud, and protect our services, as well as for targeted marketing and advertising, to personalise content and for analytics purposes. For more detailed information about these mechanisms and how we collect activity information, see our Cookie Policy.

2.3. Aggregated Personal Data

In  an  ongoing  effort  to  better  understand  and  serve  the  users of our  Services,  we  often  conduct  research  on  our  customer demographics,  interests  and  behaviour  based  on  the  Personal  Data  and  other  information provided  to  us.  This  research  may  be  compiled  and  analysed  on  an  aggregate  basis,  and we  may  share  this  aggregate  data  with  our  affiliates,  agents  and  business  partners. This  aggregate  information  does  not  identify  you  personally.  We  may  also  disclose aggregated  user  statistics  in  order  to  describe  our  services  to  current  and  prospective business  partners,  and  to  other  third  parties  for  other  lawful  purposes.

3. OUR USE OF YOUR PERSONAL DATA 

3.1. We only use your Personal Data for the purposes described in this Privacy Policy. For any other purposes that are not described in this Privacy Policy, we will use your Personal Data only in case we have obtained an additional prior consent from you or in case we are otherwise authorised or required by law to use your Personal Data for that other purposes; in regard to the latter case, we will inform you about such a scenario.

3.2. We collect and use your Personal Data for the purposes set out below:

  1. a) For the performance of our agreement with you:
  • Provision of the Services you requested and delivery of the Products purchased;
  • Provision, billing and performance of our Site and our services contained therein/available through it;
  • Provide you with an account;
  • Provide customer support; and
  • Ensuring the technical functioning of our Site, our services contained therein/available through it and our network responsible for allowing us to provide our services to you.
  1. b) To comply with a legal obligation to which we are subject:
  • Any information referred to above in section 2 may be used to maintain appropriate business records, to comply with lawful requests by public authorities and to comply with applicable laws and regulations or as otherwise required by law.
  1. c) For our legitimate commercial interests:
  • Developing new Services, such based on your use of our Services;
  • Auditing, research and (statistical) analysis in order to maintain, protect and improve our Site and our Services contained therein/available through it;
  • Advertising and marketing of our Services;
  • We will use your Personal Data for direct marketing purposes. In this context, from time to time, we will send you an email in which we will inform you about our Service. At any time and in accordance with your rights described in this Policy, you will find instructions permitting you to “opt-out” of receiving future communications to stop any further direct marketing messages;
  • If you subscribe to our newsletter, we will send it to you via email, in order to inform you regularly about our offers, events, articles etc.
  • Protecting our (intellectual) property rights (including content that has been licensed to us) or other property of our users (e.g. your Personal Data);
  • In order to be able to create and update a personal profile of you, we may combine all your Personal Data we have collected from you; and
  • The Personal Data referred to above in section 2 may also be used by us:
    • to generate aggregated statistics about the users of our Products and Services;
    • to assist in security and fraud prevention;
    • for system integrity purposes (preventing hacking, cheats, spamming, etc.);
    • to facilitate our business operations, to operate company policies and procedures;
    • to enable us to merge, sell, acquire, or transfer assets; and
    • for other legitimate business purposes permitted by applicable law.

4. DISCLOSURE OF YOUR PERSONAL DATA AND OTHER INFORMATION

We do not sell or otherwise transfer your Personal Data to third parties except in cases as described in this Privacy Policy. We will share your Personal Data in the following circumstances:

  1. Corporate Transaction

As  we  develop  our  business,  we  might  sell  or  buy  businesses  or  assets.  In  the  event  of  a corporate  sale,  merger,  re-organisation,  dissolution, bankruptcy  or  similar  event,  Personal  Data  may  be part  of  the  transferred  assets.

  1. Service Providers

We may engage third party vendors, suppliers, agents, service providers, and affiliated entities to provide services to us, such as shipping, fulfilment or billing services and support. In providing their services, they may access, receive, maintain or otherwise process personal data on our behalf. Consistent with applicable legal requirements, we take commercially reasonable steps to require third parties to adequately safeguard your personal data and only process it in accordance with our instructions. When  we  employ  another  company  to  perform  a  function  of  this nature,  we  only  provide  them  with  the  information  that  they  need  to  perform  their  specific function.

  1. Third parties in case of legal requirement

We  may  disclose  your  Personal  Data  if  required  to  do  so by  law  or  in  the  good  faith  belief  that  such  action  is  necessary  to  (i)  comply  with  a  legal obligation,  (ii)  protect  and  defend  our  rights  or our property,  (iii)  act  in  urgent circumstances  to  protect  the  personal  safety  of  users  of  the  Site  or  the  public,  or  (iv) protect  against  legal  liability.

5. EXCLUSION

This  Privacy  Policy  does  not  apply  to  any  Personal  Data  collected  by  us,  other  than Personal  Data  collected  through  the  Site.  This  Privacy  Policy  shall  not  apply  to  any unsolicited  information  you  provide  to  us  through  the  Site  or  through  any  other means.  This  includes,  but  is  not  limited  to,  information  posted  to  any  public  areas  of  the Site,  such  as  comments  related  to  the  Products  (collectively,  “Public Areas“),  any  ideas  for new  products  or  modifications  to  existing  products,  and  other  unsolicited  submissions (collectively,  “Unsolicited  Information”).  All  Unsolicited  Information  shall  be  deemed  to  be non-confidential  and  we  shall  be  free  to  reproduce,  use,  disclose,  and  distribute such  Unsolicited  Information  to  others  without  limitation  or  attribution.

6. CHILDREN

We  do  not  knowingly  collect  Personal  Data  from  children  under  the  age  of  13.  If you  are  under  the  age  of  13,  please  do  not  submit  any  Personal  Data  through  the  Site.  We encourage  parents  and  legal  guardians  to  monitor their  children’s  Internet  usage  and  to help  enforce  this  Privacy  Policy  by  instructing  their  children  never  to  provide  Personal Data  on  the  Site  without  their  permission.  If  you  have  reason  to  believe  that  a  child  under the  age  of  13  has  provided  Personal  Data  to  us  through  the  Site,  please  contact  us, and  we  will  endeavour  to  delete  that  information  from  our  databases or to promptly stop our usage of such data.

7. INTEGRATION OF THIRD-PARTY CONTENT

7.1. Third Party Sites

This  Privacy  Policy  applies  only  to  the  Site.  The  Site  may  contain  links  to  other  web  sites not  operated  or  controlled  by  us  (the  “Third Party Sites“).  The  policies  and procedures  we  described  here  do  not  apply  to  the  Third  Party  Sites.  The  links  from  the  Site do  not  imply  that  we  endorse  or  have  reviewed  the  Third  Party  Sites.  We  suggest contacting  those  sites  directly  for  information  on  their  privacy  policies.  For  instance,  we use third  party  payment  processors  to  accept  and  process  credit  and  debit  card payments  when  you  purchase  our  Products  and  Services.  The  information  provided  to  the relevant payment  processor  is  governed  by  the  payment  processor’s  privacy  policy.  Your data will be passed on to the relevant third party payment processor and they may perform identity and credit checks on the basis of the data provided by you (name, address, account number, bank sort code, credit card number, invoice amount, currency and transaction number). The legal basis for the processing for payment processing is Art. 6(1) Sentence 1(b) GDPR. The data processing is necessary in particular to conclude the contract. If you do not provide your data, it may not be possible to conclude or execute a contract. You should check the terms of use and the privacy policy of those third-party payment processors for any further information. When you are purchasing a Product, you can always see which third-party payment processors we are offering.

7.2. Social Media Services

Through  the  Site,  you  can  choose  to  access  certain  social  media  websites  and  services that  are  owned  and/or  controlled  by  third  parties  (including,  without  limitation,  Facebook and  Twitter)  (such  websites  and  services,  collectively,  the  “Social Media Services“).  When you  choose  to  access  and  use  the  Social  Media  Services,  you  will  be  sharing  your information  (which  will  include  personal  information  if  you  elect  to  share  such  information) with  those  Social  Media  Services.  As  with  other  Third  Party  Sites,  the  information  that  you share  with  the  Social  Media  Services  will  be  governed  by  the  privacy  policies  and  terms  of service  of  the  providers  of  such  Social  Media  Services  and  not  by  the  policies  and procedures  we  describe  here.  You  may  also  be  able  to  modify  your  privacy  settings with  these Social  Media  Services  to,  for  example,  control  what  information  the  Social  Media Services  disclose  to  other  entities,  including  us.  When  you  log  into  the  Site  using your  Social  Media  Services  account,  we  will  collect  relevant  information  necessary  to enable  the  Site  to  access  that  Social  Media  Service,  however  you  will  provide  your  login information,  like  your  password,  directly  to  such  Social  Media  Service  (and  not  to us).  As  part  of  such  integration,  the  Social  Media  Service  will  provide  us  with access  to  certain  information  that  you  have  provided  to  such  Social  Media  Service,  and  we will  use,  store  and  disclose  such  information  in  accordance  with  this  Privacy  Policy  and,  if and  to  the  extent  applicable,  the  policies  of  such  Social  Media  Services.  However,  please remember  that  the  manner  in  which  Social  Media  Services  use,  store  and  disclose  your information  is  governed  by  the  policies  of  the  applicable  Social  Media  Services  provider, and,  as  a  result,  we  shall  not  have  any  liability  or  responsibility  for  the  privacy practices  or  other  actions  of  Social  Media  Services  that  may  be  enabled  within  and/or otherwise  accessible  through  the  Site.

8. SECURITY

Protecting your Personal Data is important to us. We use industry standard technology to protect your Personal Data. We will take reasonable steps to ensure that your personal data are properly secured using appropriate technical, physical, and organisational measures, so that they are protected against unauthorised or unlawful use, alteration, unauthorised access or disclosure, accidental or wrongful destruction, and loss. Unfortunately, no data transmission over the Internet and via mobile communications networks can be guaranteed to be 100% secure. As a result thereof, while we are committed to protecting your Personal Data, we cannot ensure or warrant the security of any information you transmit to or through us.

9. DATA TRANSFER   

Your Personal Data may be transferred to -and maintained on- computers located outside of your state, province, country or governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.

Where we are legally required to do so, we have legally acceptable mechanisms in place that ensure an adequate level of protection for the transfers of Personal Data to parties outside your jurisdiction. For example, for data transfers from EU/EEA to countries outside this region, we have European Commission-approved Standard Contractual Clauses or similar safeguards in place, allowing such data transfers.

10. YOUR RIGHTS IN REGARD TO YOUR PERSONAL DATA

10.1. In the following you will find a list with all individual rights you have in regard to the Personal Data we hold about you:

  • Your right of access
    If you ask us, we’ll confirm whether we’re processing your personal information and, if necessary, provide you with a copy of that personal information (along with certain other details). Please note that you might need to send us a copy of your passport ID or any other legal document that may verify your identity, too; this verification procedure is necessary in order to protect your Personal Data from unauthorised access through any other person.
  • Your right to rectification
    You are entitled to request to have it rectified, if the personal information we hold about you is inaccurate or incomplete, by sending us an email in the contact details at section 11. If you are entitled to rectification and if we’ve shared your personal information with others, we’ll let them know about the rectification where possible. If you ask us, where possible and lawful to do so, we’ll also tell you who we’ve shared your personal information with so that you can contact them directly.
  • Your right to erasure
    In certain circumstances you can ask us to delete or remove your personal information such as where we no longer need it or if you withdraw your consent (where applicable), provided there is no overriding legitimate interest for continuing the processing. If you are entitled to erasure and if we’ve shared your personal information with others, we’ll let them know about the erasure where possible. If you ask us, where it is possible and lawful for us to do so, we’ll also tell you who we’ve shared your personal information with so that you can contact them directly.
  • Your right to restrict processing
    In certain circumstances you can ask us to ‘block’ or suppress the processing of your personal information, such as where you contest the accuracy of that personal information or you object to us. If you are entitled to restriction and if we’ve shared your personal information with others, we’ll let them know about the restriction where it is possible for us to do so. If you ask us, where it is possible and lawful for us to do so, we’ll also tell you who we’ve shared your personal information with so that you can contact them directly.
  • Your right to data portability
    In certain circumstances you have the right, to obtain personal information you’ve provided us with (in a structured, commonly used and machine-readable format such as Microsoft Excel) and to reuse it elsewhere or to ask us to transfer this to a third party of your choice.
  • Your right to object
    You can ask us to stop processing your personal information, and we will do so, if we are:
  • relying on our own or someone else’s legitimate interests to process your personal information, except if we can demonstrate compelling legal grounds for the processing; or
  • processing your personal information for direct marketing purposes.
  • Your right to withdraw consent
    If we rely on your consent (or explicit consent) as our legal basis for processing your personal information, you have the right to withdraw that consent at any time.

10.2. Please note that some of these rights may be limited where we have an overriding interest or legal obligation to continue to process.

10.3. Please note that we might not be able to provide you with our Services anymore in case you have exercised any of your rights described above. However, any time you reuse our service after exercising any of the aforesaid rights, your then provided Personal Data may be processed, without regard to your previously exercised right(s), in accordance with the provisions of this Privacy Policy.

10.4. Erasing your Personal Data will delete the data only in our database. These deletions will not delete Personal Data that may have already been shared with or collected by third parties, all as provided above in this Privacy Policy. Unless it is impossible or involves disproportionate effort, we will take reasonable steps to contact any other recipient of your Personal Data and request the deletion of your Personal Data.

10.5. You have, at any time moving forward and in any case, the right to lodge a complaint with your
respective applicable (local and/or national) data protection authority if you think that we have violated your rights and/or are not in compliance with any applicable Personal Data protection regulation.

10.6. In regard to any respective request as described above that you may place, we have one month from the date of your request to fulfil said request.

11. CHANGES TO OUR PRIVACY POLICY

We  reserve  the  right,  at  our  sole  discretion,  to  change  or  modify  portions  of  this  Privacy Policy  at  any  time.  If  we  do  this,  we  will  post  the  changes  on  this  page  and  will  indicate  at the  top  of  this  page  the  date  this  Privacy  Policy  was  last  revised.  You  may  read  a  current, effective  copy  of  this  Privacy  Policy  at  any  time  by  selecting  the  “Privacy  Policy”  link  on the  Site.  We  will  also  notify  you  of  any  material  changes  either  through  a  pop-up  notice,  e- mail  or  through  other  reasonable  means.  Your  continued  use  of  the  Site  after  any  such changes  constitutes  your  acceptance  of  the  new  Privacy  Policy.  You  should  periodically visit  this  page  to  review  the  current  Privacy  Policy  so  you  are  aware  of  any  revision  to which  you  are  bound.  If  you  do  not  agree  to  abide  by  this  or  any  future  Privacy  Policy,  do not  use  or  access  (or  continue  to  use  or  access),  browse  or  use  the  Site.

12. OUR CONTACT INFORMATION

 We welcome your comments regarding this Privacy Policy.

For questions regarding your privacy please send an e-mail to: privacy[at]crowdmedia.com.

For general inquiries or complaints please contact us at team@thelondonlabs.com.