FRiLuk cares about your privacy and your rights to control your personal data. Our principle guidelines are simple. We strive to simplify language and remove jargon, to make our privacy statement easier to read and understand.
What information do we collect?
The information we collect is grouped into 2 categories: the information you provide us and the information we collect automatically.
Information you provide to us
When placing an order with us, we collect your Name, billing and shipping addresses, Telephone number (optional), Email address, Payment information.
When creating an account with us, we collect your Name, Address, Telephone number (optional), Email address.
When signing up for our newsletter from our website, we collect your Email address.
When participating in giveaways, contests or surveys, we collect your Name, Email address.
Information we collect automatically
In addition to the above data, we also collect information in order to provide you with a better experience when you browse our website and also allowing us to improve our site and services.
Cookies and similar technologies like pixels on our website allow us to track your browsing behaviour such as the products you have viewed, the items you have added to your cart and/or purchased, your device type, as well as various data, including analytics, about how you interact with our website. We may also collect your location (via your IP address) for fraud analysis purposes and to better understand geographic information about our visitors so that we can improve our content for everyone.
Third Party cookies: These cookies may be used on our website to improve our Services or to help us provide more relevant advertising. These cookies are subject to their respective privacy policies, for example, Facebook Data Use Policy.
Analytics cookies: We use analytics cookies, like those offered by Google Analytics, to help us understand things like what pages you visit, what site you visited prior to visiting our website, how much time you spend on each page, what operating system and web browser you use and network and IP information. To learn more about Google Analytics and your data, visit this Google webpage.
These tools place persistent cookies in your browser to identify you as a unique user the next time you visit our website. Each cookie cannot be used by anyone other than the service provider (ex: Google for Google Analytics). Though information collected does not include personal data such as name, address, billing information, etc., the information collected is used and shared by these service providers in accordance with their individual privacy policies.
Google Analytics opt-out browser add-on: you can opt-out of making your activity available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics code that is running on websites from sharing information with Google Analytics about visit activity.
Some browsers allow you to automatically notify websites you visit not to track you using a DNT (“Do Not Track”) signal. Like many websites and online services, we currently do not alter our practices when we receive a DNT signal from a visitor’s browser. To find out more about “Do Not Track” you may visit www.allaboutdnt.com.
Control cookie settings: you can learn about how to control cookie settings on popular web browsers here:
We use pixels in our email communications to you to help us to understand whether our email has been opened and what links in our emails have been clicked. We also use third party pixels (such as those from Google, Facebook, and other advertising networks) to help us provide advertising that is relevant to your interests.
Advertising and Modern Marketing Tools
At any time, you can opt out of these personalised ads from third-party advertisers and ad networks who follow the Digital Advertising Alliance's Self-Regulatory Principles for Online Behavioral Advertising or who are members of the Network Advertising Initiative (NAI) by visiting their opt-out pages on the DAA website and NAI website.
Note: if you have opted out of receiving communications from us, we will not use your email for interest-based advertising.
Customer Interactions with FRiLuk
When you buy from us
What we collect: your name, phone number (optional), email address, shipping address, and payment information.
Why do we collect it: We use this information to complete your purchase, follow up with you about your order, help with any delivery issues, handle returns, and other issues related to the purchase of our Products. Processing your personal data for this purpose is necessary for the performance of the agreement we have with you. If you purchase our Products on our website, you provide your payment information, including your name, credit or debit card number, card expiration date, CVV code and billing address. We do not store this payment information. Note that third-party payment processors may retain this information in accordance with their own privacy policies and terms.
When you sign up for our newsletter, participate in giveaways, contests or surveys
What we collect: your name and email address
Why do we collect it: We use this information to send you promotional offers, to promote new products that we think you would be interested in, content related to our brand and our community, follow up with you about your prize (e.g. how to ship it to you?). You don’t need to provide consent as a condition to purchase our products.
At any time, You can control marketing communications by using the links “unsubscribe” or “change your contact details” at the bottom of the emails you receive from us.
How We Use Personal Information
We use the data we collect for the following purposes:
- Fulfilling orders
- Customer Support
- Business Operations
- Communication, Marketing and Advertising
We use data to fulfil orders you place on our website. This processing is necessary for the performance of the contract we have with you.
We use data to manage customer enquiries and provide customer services. This processing is necessary for the performance of the contract we have with you, as well as to serve our legitimate interest.
We use data to develop analysis that enables us to operate, make informed decisions, and report on the performance of our business. This processing is necessary to serve our legitimate interest.
Communication, Marketing and Advertising
We do not target and are not intended to attract children under the age of eighteen (18). Although visitors of all ages may navigate through our website, we do not knowingly collect or request personal information from those under the age of eighteen (18).
How We May Share Personal Information
We do not and will not sell personal information about our customers.
The Legal Bases for Using Personal Information
We rely on different legal bases to use your personal information:
Performance of a contract
The use of your personal information may be necessary to perform the agreement you have with us. For example, to complete your purchase of your FRiLuk Product, to help with order status and to handle returns.
We may use your personal information for our legitimate interests. For example, we rely on our legitimate interest to use your personal information for administrative tasks such as accounting, fraud detection or legal purposes.
Where we process your personal information based on our legitimate interest and no opt-out mechanism is available to you, you may exercise your right to object by sending an email to firstname.lastname@example.org.
Your Rights and how to control your data
We want you to be in control of how we use your personal information. Subject to local law, you can:
- Ask us for a copy of the personal information we hold about you;
- Inform us of any changes to your personal information, or if you want us to correct any of the personal information we hold about you;
- In certain situations, ask us to erase or restrict the personal information we hold about you, or object to particular ways in which we are using your personal information;
Please do inform us promptly of any changes to or inaccuracies in your personal information by contacting email@example.com.
Where we are using your personal information on the basis of your consent, you are entitled to withdraw that consent at any time. Moreover, where we process your personal information based on legitimate interest, you have the right to object at any time to that use of your personal information.
We will respond to your request as soon as possible and within 30 days. For more information about how you can control the collection and use of your Communication, Marketing and Advertising Preferences, please visit the "how to control your data" section below.
Note: If you make a request to delete your personal data and that data is necessary for the products or services you have purchased, the request will be honoured only to the extent it is no longer necessary for any Services purchased or required for our legitimate business purposes or legal or contractual recordkeeping requirements.
We are committed to working with you to obtain a fair resolution of any complaint or concern you may have about our use of your personal information. If, however, you believe that we have not been able to assist with your complaint or concern, you may have the right to file a complaint with the data protection authority in your country (if one exists in your country) or supervisory authority.
How to control your data
You can opt out of receiving direct marketing communications from FRiLuk by following the “Unsubscribe” link in every email sent to you. We respect your choice, and we will stop sending you promotional emails once you unsubscribe.
Please note, regardless of your communication settings, we may continue to communicate with you regarding changes to our terms and conditions, policy updates, or other significant information about a Product you own.
You can adjust the amount of interest based advertising you may receive by changing your cookie settings (see section "Control cookie settings") and/or opting out of certain advertising networks (as explained in the section "Advertising and Modern Marketing Tools").
If you have opted out of receiving emails from us, we will not use your email for interest-based advertising activities.
How your data is secured, stored and retained
Our store is hosted by Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you.
Your data is stored through Shopify’s data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall.
Your personal data is retained for as long as necessary to fulfil transactions you have requested, or for other essential purposes such as complying with our legal obligations and enforcing our agreements. Because these needs can vary for different data types in the context of different Products or Services, actual retention periods can vary significantly.
If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover.
PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
Security standards and certifications
Shopify and all online stores powered by Shopify are Level 1 PCI-DSS compliant (for more information visit https://www.shopify.ca/pci-compliant). Shopify uses third-party data centers with industry-standard certifications. Examples include:
- Tier III
- ISO 27001
Personal data of residents of the EEA can only be transferred to recipients outside the EEA if the recipient has adequate protections in place. These protections may include:
- Adherence to domestic laws that have been deemed adequate by the European Commission
- Negotiated agreements (such as the EU-U.S. Privacy Shield)
- Contractual Protections
- Approved sets of internal policies (Binding Corporate Rules)
- Approved codes of conduct or certifications
Shopify has protections for personal data in every step of its data flow
Within EEA: EEA personal data is received and initially processed by Shopify's Irish entity, Shopify International Ltd.
EEA to Canada: Data is exported from the EEA to Shopify’s Canadian parent entity, Shopify Inc. This export takes place within Shopify’s corporate structure. Data within Shopify Inc. is protected under PIPEDA, Canada’s private sector privacy legislation, which is considered adequate under the GDPR.
United States: Shopify Inc. uses a combination of data centers and cloud service providers to store this personal data in the United States and Canada. When personal data is transferred to the United States, it is either done so through the EU-U.S. and Swiss-U.S. Privacy Shield, for Shopify’s own storage, or through contractual data protection addenda (DPAs) with third-party service providers. The EU-U.S. and Swiss-U.S. Privacy Shields are also considered adequate under the GDPR. Shopify’s Privacy Shield certification statement can be found on PrivacyShield.gov.
Additionally, Shopify is in the process of applying for approval of Binding Corporate Rules (BCRs) by the Irish Data Protection Commissioner. After they are approved, Shopify will rely on these BCRs to protect the personal data that is transferred between Shopify’s corporate entities worldwide.
How to Contact Us
If you have any questions about the use of your personal information, please email firstname.lastname@example.org.
In the alternative, you may contact us by the following mean:
By Mail: Friluk Ltd, Attn: Data Protection Officer, Office 7, 35-37 Ludgate Hill London GB EC4M 7JN
We will respond to all requests, inquiries or concerns within thirty (30) days.