LUS by Carolina Moreira
Protecting the privacy and the personal data of its users is a fundamental commitment between LUS by Carolina Moreira and every client, user, and personal data holder who visit and use our Site www.lusbycm.com
Terms such as ‘Privacy’, ‘Data Privacy’, and ‘Data Protection’ may be used in the same sense, as they are all associated with a complex set of legal requirements applied to Personal Data, which go beyond data security and confidentiality. For example, it includes requirements inherent to data use transparency and its preservation.
In this document, it is our intention to explain who we are, what personal data we gather, to what purposes we gather it for, how we manage it, with whom we share it with, for how long we keep it, as well as all the ways of contacting us and exercise your rights as a user.
All transactions on the LUS Website are done through secure connections (https) and accredited with an SSL security certificate.
Thus, the user declares and guarantees that all data provided is real, accurate, complete, and up to date. The user will be held responsible for any damage or loss, direct or indirect, which might arise as a consequence of not complying with this obligation.
The user is compelled to inform LUS by Carolina Moreira, of any alterations made to the data provided or update it on their personal accounts.
In case the data provided belong to a third party, it is assumed that the user declares and guarantees having warned that third party about the conditions provided in this document and has been granted permission to provide that personal data to LUS by Carolina Moreira for the mentioned purposes.
By registering or making an online purchase, it is assumed the user consents to provide LUS by Carolina Moreira their personal data, address, and email, as well as shopping data. This data will be kept and managed informatically and it may be used for marketing or shipping procedures.
If you have any questions on how we manage and protect your data, please contact us via email: email@example.com
1- Data processing responsibility
LUS by Carolina Moreira (hereafter “LUS”), a brand registered in the Portuguese National Institute of Industrial Property under the number 607395, owned by Carolina de Sousa Moreira, with the address Rua Professor Machado Macedo, Nº25, 3º Esquerdo, 9500-700 Ponta Delgada, Açores, and NIF: 259820091, is responsible for processing personal data for the purposes described below, as set by the General Data Protection Regulation (GDPR).
2- Concept and personal data categories
Personal data is information on an identified or identifiable person. An identifiable person is someone who can, directly or indirectly, be identified. Personal data also includes other information which might lead to identifying a certain person.
Examples of personal data: Name and surname; address; email; ID number; location data (e.g., the location feature your phone); IP address (internet protocol); Cookies; advertising identifier on your phone; sound or image.
There are multiple categories to identify certain data, such as (not an all-inclusive list):
“Main identifiers”, which include information such as the name, national identification number or tax identification number, passport number, birth date, marital status, pictures and files in a mobile device, household data, and kinship data.
“Complementary identifiers”, which include information such as IBAN number, geolocation, educational level, gender, profession, socio-economic data, personal ID, IP address, social media handles, mobile device characteristics, operating system, and version of the operating system.
“Special categories”, which include information such as biometric or genetic data, racial or ethnic origin, political views, union membership, philosophical or religious believes, and health or sexual orientation data.
3- Purposes of personal data processing
Personal data that may be processed on www.lusbycm.com are, among others:
- Identification data (e.g., name, surname, language and country, contact information, tax identification number, etc.);
- Economic and transaction data (e.g., payment and card information, online shopping data, orders, returns, etc.);
- Connection data, geolocation and/or navigation (when interacting with us through your phone, for example);
- Business information (e.g., acknowledging if you have subscribed to our newsletter);
- Social media data, including credentials and any other sharable information on your profile, friends or family suggestions.
Understand that, by asking you to fill in your personal data to access any feature or service on our platform, some fields will be of mandatory filling to guarantee we can provide our services and give you access to a certain feature.
Please know that if you do not consent to provide this data, you may not be able to complete your user registration or enjoy our products and features.
Depending on how you interact with our platform, which products or features you wish to access, we will manage your personal data with the following purposes:
1. Managing your registration as a platform user
If you decide to register as a user on our platform, we will need to manage your data to identify you as a user and give you access to our multiple features, products, and services we can offer you as a registered user.
2. Development, validation, and execution of the online purchase agreement
This includes managing your data mostly with the following purposes:
- Contacting you about updates or to inform you about functionalities, products or hired services.
- Managing your payments, regardless of which method of payment was used on your purchase.
- Activating the necessary mechanisms to prevent eventual frauds committed against, both against you or us, during the purchase process. If we suspect fraud is being attempted, this data management might block the transaction as a consequence.
- Managing information requests about your order’s status, possible returns after a purchase, information requests on product availability, allowing you to reserve items through our platform, and managing eventual complaints.
- Billing and providing you with your purchases’ statements and invoices.
3. Marketing purposes
This includes data management mostly with the following purposes:
- If, in the moment of registering or updating their account, our client consents, LUS will be allowed to manage the client’s data to send them information on its products, news, campaigns, offers and birthday messages, through any communication channel, such as mail, email, SMS, or social network.
- Once you subscribe to our Newsletter, we will manage your data to oversee your subscription, to send customized information on our products and services through multiple channels (such as email or SMS). We may also provide this information via push notifications if you have that option activated on your mobile device.
- The management of this data implies the analysis of your user’s or client’s profile to determine your preferences and thereafter determine which products and services are more suited to your style, so we can send you customized information. For example, we will suggest products we think will interest you based on your shopping history and navigation (according to which items you have previously clicked and accessed).
- Broadcast, on our platform or our various social networks, pictures or images you have publicly shared, provided you give us your consent to do so.
Your consent to this processing of personal data for marketing purposes may be revoked at any time. To do so, you can either access your client account’s settings; click “cancel subscription” in any email we’ve sent you; or contact LUS via email firstname.lastname@example.org.
4- Legal bases for lawful processing of personal data
The legal bases that allow the processing of personal data depends on the purposes for which that data is processed.
LUS has the following legal bases for processing your personal data:
The data subject has given consent to have their personal data processed for one or more specific purposes.
Data processing is necessary according to the terms which regulate the Platform. This means that we need to process your personal data to allow you to register as a user on our Platform, otherwise, we would not be able to manage your registration. In those cases, the legal basis for data processing is consent itself. If you decide to access or login through a social network, we can legitimately process your data because you have given your consent by authorizing supplying them through the social network.
Revoking your consent to this data processing does not hinder the online purchase agreement established between you and LUS.
The basis of legitimacy for processing your data for marketing purposes is grounded on the consent you give us, for example, when you accept to receive customized information through any communication channel, when you accept our terms and conditions to participate in a promotional campaign, and when you allow us to post your pictures on our Platform or any of our social media.
Development, validation and execution of the online purchase agreement
Data processing is necessary to execute the agreement of which the data subject is a part of or for managing specific steps that might be requested by the data subject before entering into a contract.
Data processing is necessary for us to able to establish an online purchase agreement with you.
The legal basis for the personal data processing is the execution of the online purchase agreement. That being said, the customer is obligated to provide any information needed to execute said agreement. If the customer fails to provide that information, the agreement will not be executed.
Some data processing related to the purchase process will only be enacted when you request it or authorize it. In those cases, the basis for data processing is your consent.
When you contact us, specifically for managing incidents that might occur with your order or product bought through or Platform, data processing will be necessary to execute the purchase agreement.
Legitimate interest of the data controller
Data processing is necessary to ensure the legitimate interests of the data controller, except when the interests or rights and freedoms of the data subject prevail.
In order to verify your identity for fraud prevention purposes. We reckon we have a legitimate interest to carry out the necessary verifications to detect and prevent any possible frauds when a transaction is made.
We reckon we have a legitimate interest to answer requests or inquiries you present us through any of our media. We perceive that the processing of this data is also a benefit for you, as it allows us to properly assist you and answer your requests or inquiries.
In order to provide you with customized information, we reckon we have a legitimate interest to create a profile with the data we have on you (e.g., browser’s history, preferences, or purchases) and the personal data you have provided us, such as your age group or language. We perceive that the processing of this data is also a benefit for you because it allows a better experience as a user of our platform and grants you access to customized information.
The creation of profiles with the intent of sending information on exclusive promotions, new campaigns, and customized information adapted to our user’s profile.
LUS will send satisfaction surveys about the products you have purchased or services used by our clients, to be given feedback and be able to improve our services.
Our legitimate interest is grounded on the idea of guaranteeing that our Website remains secure, as well as to help LUS understand the needs, expectations, and how satisfied our users are, to be able to improve our services, products, and brands. All these procedures are done to improve our clients’ satisfaction and guarantee the best experience possible while navigating and shopping on our platform.
Whenever personal data processing is necessary to fulfil any obligations within the legal framework LUS is bound to, such as sending identification or traffic data reports to law enforcement agencies, judicial, tax, or regulatory authorities, or location data to assure emergency services.
In case your request is related to the rights about which we inform below, or complaints related to our products or services, the legal basis that legitimizes the processing of your data is the fulfilment of our legal obligations.
If consent is legally necessary to process personal data, the data subject has the right to revoke their consent at any time, although that right does not compromise the lawfulness of the processing done with the previously given consent or the posterior processing of that data based on another legal basis, such is the case with the fulfilment of contract or legal obligation LUS is bound to.
To revoke your consent, you may contact us by mail or via email email@example.com.
6- Disclosure of personal data
These entities are only provided with the necessary personal data to provide the service they are meant to and they guarantee to process that personal data exclusively for the mentioned purposes.
Your personal data may also be disclosed to other third parties, if necessary, under the following circumstances: (i) to comply with a request made by governmental authorities, a court order, or an applicable law; (ii) to prevent illegal use of our Site or violations of our Terms and Conditions and policies; (iii) to defend ourselves against a third party’s complaints; and (iv) to help preventing or investigate frauds. Your personal data may also be disclosed to other third parties when you have explicitly given us your consent to do so.
LUS does not, under any circumstances, sell its clients’ data to third parties.
LUS might have to, occasionally, transfer your personal data to a country outside of the EU and which might not be on the list of countries the EU considers having adequate levels of personal data protection. In those cases, LUS will make sure the data transfers are made with total security, strictly under our applicable legal requirements.
7- Retention of personal data
LUS processes and retains your personal data according to the purposes for which they are processed and only for the period of time necessary for the fulfilment of the purposes that motivated its collection and storage, and always in accordance with the law, the guidelines and the decisions made by CNPD, or according to what is applicable until you exercise your right to opposition, your right to be forgotten, or to revoke your consent.
In some situations, the law determines a minimum period of time to retain data, specifically the obligation of retaining business correspondence for 10 years, or the obligation of retaining relevant data for tax purposes for a time period of up to 12 years.
Once the retention period has elapsed, LUS will delete or anonymize all data which no longer serve any purposes.
8- Data subject rights
At any moment, while LUS retains and processes their personal data, all users may, with no costs, in accordance to the terms set by the GDPR and all other applicable legislation, exercise the following rights: the right of access (the right to request a copy of all the data we have on the data subject); the right to rectification (the right to rectify any data that might be inaccurate or incomplete); the right to erasure (under certain circumstances, the user may request to have all personal data to be erased from our data storage); the right to restrict processing (the right to restrict the processing of personal data in certain circumstances); the right to data portability (the right to have your data transferred to another organization); the right to object (the right to object to the processing of personal data in certain circumstances, such as direct marketing); the right to refuse automated decision making and profiling.
The data subject may, at any time, revoke their consent to personal data processing, as established by the GDPR. Revocation of consent will not affect the lawfulness of the personal data processed until the moment revocation, based on the consent previously given.
All rights mentioned above can be exercised via email: firstname.lastname@example.org or by registered mail sent to the following address: LUS by Carolina Moreira, Rua Professor Machado Macedo, Nº25, 3ºEsquerdo, 9500-700 Ponta Delgada, Açores.
LUS endeavours to respond as quickly as possible to any requests submitted, without unjustified delays, within a time period of a month, counting from the moment in which the request is submitted. If your request is particularly complex or submitted under exceptional circumstances, our response time might be extended for as long as two months, when necessary, considering how complex the request is and how many requests we have to answer.
To respond to your request and to be able to provide you access to your personal data, and to avoid supplying your data to any unauthorized third part, LUS may demand proof of your identity by mean of showing your updated identification document.
You also have the right to present any complaints you might have about personal data processing to the National Data Protection Commission (CNPD).
9- Information about “Cookies”