Privacy Policy

The purpose of this privacy policy is to inform you in a clear, simple and complete manner of the processing done using the personal data that you provide or that may be collected by ZILLI during your browsing on the site www.zilli.com (hereafter the "Site") or in relation to your use of the services offered there.

User is understood to mean any person using, or who has used, the Site as well as the services offered on it, including, in particular, visitors to the Site.

The Site makes it possible for you make online purchase of ready-to-wear items, leather goods, accessories, Zilli brand shoes and gift cards (hereafter the "Items").

ZILLI, as Data Controller, agrees to comply with the provisions of Regulation (EU) no. 2016/679 of 27 April 2016 on the protection of personal data (hereafter the "GDPR" or the "Applicable Regulations").

Terms with capital letters are defined by the GDPR.   

This privacy policy applies to all Users, in addition to the Terms and Conditions of Sale and Use. 

 

 ARTICLE 1 – DATA CONTROLLER

The Company that collects the personal data and implements data processing is:

MAISON ZILLI, doing business under the trade name "ZILLI", simplified joint-stock company with capital of 1,000 euros, identified under number 908.785.314 RCS LYON, whose registered office is located at 12 Chemin des Gorges, Dardilly (69570), France - concierge@zilli.com - represented by its President, domiciled in this capacity at said registered office. Its SIRET number is 908 785 314 and its intra-Community VAT number is FR40908785314.

 

ARTICLE 2 – MANAGEMENT OF PERSONAL DATA BY ZILLI

2.1. NATURE OF INFORMATION COLLECTED BY ZILLI

Personal Data” means any information that identifies you either directly (such as your name) or indirectly (for example using a unique customer number or order tracking).

In accordance with article 4 of the General Data Protection Regulation, an “identifiable natural person” is a natural person who may be identified, directly or indirectly, notably by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more pieces of information specific to the physical, physiological, genetic, psychological, economic, cultural or social identity of this person”.

 

The Personal Data processed by ZILLI in the course of its activities is as follows:

  • Last name,
  • First name,
  • Email,
  • Date of birth,
  • Address,
  • Telephone number,
  • Geolocation data from the browser,
  • Navigation data from cookies and tags placed on the site,
  • Order data (item type, size, number of items, price, payment method used, bank details),
  • Order history,
  • History of exchanges with customer service.

If you communicate, with regard to use ofthe Site, Personal Data that you have directly or indirectly collected from an individual, it is your responsibility to ensure that this data subject has authorised you to share their Personal Data with ZILLI and that they are duly informed of this privacy policy.

 

2.2. PURPOSES FOR COLLECTION OF INFORMATION BY ZILLI AND LEGAL BASES

ZILLI is only allowed to use your Personal Data if it has a valid legal basis.

ZILLI must ensure that it has one or more of the following legal bases:

  • Performance of a contract (e.g. to process and send an order or to open and manage an account), or;
  • Performance of a legal obligation (e.g. retention of invoices), or;
  • When it is in ZILLI's legitimate interest, or;
  • When you have given your consent for the collection of Personal Data.

ZILLI's legitimate interest must not go against your rights and freedoms. Examples of legitimate interests mentioned in the GDPR include fraud prevention, direct marketing and data sharing within a group of companies.

When you voluntarily provide Personal Data about yourself, you agree to communicate information that is accurate and that does not harm the interests or rights of third parties.

 

ZILLI may be required to process your Personal Data within the framework of the Purposes and on the basis of the following Legal Bases:

Purpose of Processing

Legal Basis for Processing

To provide requested services or information

Execution of the contract

To create a customer account on the Site

Execution of the Contract

To manage and monitor orders for items placed on the Site

Execution of the Contract

To manage payment transactions

Execution of the Contract

To manage delivery operations

Execution of the Contract

To manage requests sent to the after-sales service dept.

Execution of the Contract

To manage item returns and refunds

Execution of the Contract

To improve the services offered by the Site and secure use of the Site

Legitimate interest of ZILLI

To manage customer reviews

Legitimate interest of ZILLI

To fight against fraud during payment for orders and to manage unpaid invoices after order placement

Legitimate interest of ZILLI

Establishment of anonymous statistics on use of the Site

Legitimate interest of ZILLI

To manage registration and dispatch for the newsletter

Your explicit consent

To send personalised solicitations by email, SMS, on social networks or any other support

Your explicit consent

To provide sharing tools on social networks

Your explicit consent

To share information with business partners

Your explicit consent

 

When the processing of Personal Data requires your consent, ZILLI shall ensure that such consent is obtained in advance.

ZILLI is prohibited from processing your data for purposes other than those initially agreed without first informing you and obtaining your consent for the new processing, unless the processing is required or authorised by law, or is in your vital interest (in particular in the event of a medical emergency).

 

2.3. Rights of data subjects concerning personal data collected

In accordance with th GDPR, you have the right (under the circumstances, conditions, and subject to the exceptions provided by Applicable Regulations) to:

  • Request access to the Personal Data that ZILLI processes about you: this right allows you to know if ZILLI has your Personal Data and, if so, to obtain information and a copy of said Personal Data.
  • Request correction of your Personal Data: This right entitles you to have your Personal Data corrected if it is inaccurate or incomplete.
  • Object to the processing of your Personal Data: This right allows you to request that ZILLI stop processing your Personal Data.
  • Request the erasure of your Personal Data: this right allows you to ask ZILLI to erase your Personal Data, including when said Personal Data is no longer be necessary to achieve the objectives pursued.
  • Request restriction of processing of your Personal Data: This right allows you to request that ZILLI process your Personal Data only under limited circumstances, including with your consent.
  • Request the portability of your Personal Data: this right allows you to receive a copy (in a structured, commonly used and machine-readable format) of the Personal Data that you have provided to ZILLI, or to ask ZILLI to send this Personal Data to another date controller.
  • Request to set post-mortem directives this right allow you to define instructions regarding the handling of your Personal data after your death

To the extent that the processing of your Personal Data is based on your consent, you have the right to withdraw such consent at any time by contacting the Data Protection Officer at concierge@zilli.com, along with proof of your identity.

Please note that this will not affect ZILLI's right to process your Personal Data obtained before the withdrawal of your consent, nor its right to continue certain parts of the processing by relying on other legal bases than that of your consent.

These rights may be exercised in the following manner:

  • By post, by writing to the address: ZILLI – Service Client – 48 rue François 1er - 75 008 Paris
  • Electronically by email to the following addressconcierge@zilli.com

The request must indicate the last name, first name, postal address, email and, if possible, the customer reference.

For a right of access to data, the request must be accompanied by proof of identity.

ZILLI will send you a response within one month after exercise of the right. In some cases, due to the complexity of the request or the number of requests, this period may be extended by 2 months.

In certain cases specified by applicable Regulations, these rights may be the subject of exceptions.

You also have the right to file a complaint with a personal data protection supervisory authority. The French authority is the CNIL (Commission Nationale de l 'Informatique et des Libertés). 

 

2.4. RECIPIENTS OF YOUR PERSONAL DATA

Your Personal Data is intended for the services of ZILLI, for the purposes of managing the purposes described above. It is processed using computer tools.

ZILLI may, in addition, send your Personal Data to partners who may process the data on their own behalf (recipients) or only on behalf of and according to the instructions of ZILLI (Subcontractors).

The recipients of the data are:

  • Payment institutions (banks)
  • Social networks (Facebook, Instagram, LinkedIn, Pinterest, etc.) for targeted advertising

ZILLI also uses Subcontractors for the following operations:

  • Hosting of data
  • Secure payment on the site
  • The fight against fraud
  • Shipping your orders and packages
  • Carrying out technical maintenance and development operations on the Site
  • To send commercial prospecting emails
  • Customer relationship management via an online customer advisor (chatbot)

Finally, ZILLI may be required to send your Personal Data at the request of a judicial authority or any administrative authority authorised by law, that requests this information in accordance with legislative provisions in effect.

 

 

2.5. TRANSFER OF PERSONAL DATA OUTSIDE THE EU

For certain operations, ZILLI may transfer your Personal Data to countries outside the European Union. In this case, ZILLI ensures the security of these data transfers.

Transfers outside the European Union may notably be done within the framework of the following activities:

Processing operations

Country of destination of personal data

Transfer supervision

-        Audience measurement analysis + ads + scripts

United States

Adequacy decision of 10 July 2023

-        Payment management

United States

Adequacy decision of 10 July 2023

-        Management of the platform and user accounts

United States

Adequacy decision of 10 July 2023

-        Management of communication

United States

Supervision by standard contractual clauses

 

2.6. RETENTION OF PERSONAL DATA

ZILLI retains the Personal Data that you provide to it for the period strictly necessary to fulfil the purposes of the processing.

ZILLI applies specific policies and procedures for the management of your Personal Data and this data is deleted at the end of the period defined according to the following retention criteria:

  • ZILLI retains your data for as long as it has an ongoing business relationship with you;
  • ZILLI keeps your data for as long as it is necessary to provide its services to you;
  • ZILLI keeps your data for as long as it is necessary to comply with its legal and contractual obligations.

The durations of retention used are as follows:

  • The personal data of prospects (person who has never made a purchase) is kept for 3 years after the last contact from the prospect;

 

  • The Personal Data of customers is kept for 3 years from the last purchase;

 

  • Cookies for audience measurement, targeted advertising and sharing to social networks are placed on the customer's terminal for a period of 13 months.

Certain Personal Data may be kept (credit notes, purchase orders) for a commercially reasonable period, for backup, archiving or audit purposes. The mandatory retention period is, in particular, ten (10) years for invoices.

 

 2.7 SECURITY OF PERSONAL DATA COLLECTED

ZILLI applies organisational, physical and technical security provisions for all Personal Data it processes. ZILLI has put protocols and control measures in place, as well as appropriate policies, procedures and guidelines to ensure the proper application of these provisions, taking into account the risks associated with the different categories of Personal Data and their processing.

During development and design, or at the time of selection and use of the various tools that allow the processing of personal data, ZILLI ensures that they ensure an optimal level of protection of the Personal Data processed.

 

This is why ZILLI implements all appropriate measures to prevent, to the extent possible, any alteration or loss of your Personal Data or any unauthorised access to it.

 

Thus, ZILLI implements measures that respect the principles of protection by design and protection by default of the Personal Data processed.

 

When ZILLI calls upon a trusted service provider, it only communicates Personal Data to said service provider after that latter has given its commitment and guarantees concerning its ability to meet these security and confidentiality requirements, in compliance with applicable Regulations.

The Site may contain links to third-party websites. ZILLI has no control over the content, privacy policy or personal data protection of these websites.

 

2.8 UPDATE OF THE PRIVACY POLICY

As Data Controller, ZILLI could modify the Privacy Policy.

If ZILLI uses your Personal Data in a different way in connection with use of the Site from that stipulated in this Privacy Policy, as it was in effect at the time of collection of your data, these changes will be visibly displayed on the Site.