Last updated: 07/2020
In view of the purpose and operating mode of the website www.vestiairecollective.com and the software applications “Vestiaire Collective”(the “Website”), it may collect and process some of its users’ personal data, within the meaning of the General Data Protection Regulation of the European Parliament and Council No 2016/679 of 27 April 2016 (the “GDPR”) and French Law No 78-17 of 6 January 1978 entitled “Loi Informatique & Libertés” (the “Data Protection Act”), in the version currently in force.
The purpose of this privacy policy & cookies charter is to explain how and why the data is collected and processed, what are their purposes, as well as the rights held by the subjects (i.e. the Community members who use the Website, hereinafter referred to as “you”) under the above-mentioned laws and regulations. This privacy policy completes the terms and conditions of use (“TCU”) of the Website. It may be amended at any time. The applicable version is the version available on the Website.
2. Identity of the data controller
Personal data is collected and processed by Vestiaire Collective, a French société anonyme with capital of EUR 3 197 475.26, registered with the Paris Trade and Companies Registry under number 517 465 225, whose registered address is 255 boulevard Pereire, 75017 Paris – France, represented by its Chief Executive Officer (hereinafter, "Vestiaire Collective" or “us”), acting as data controller.
3. Data that can be collected on the Website
When you browse the Website and use the services it offers, Vestiaire Collective collects and processes certain information that may be considered as personal data within the meaning of the GDPR and the Data Protection Act, including the following data: email address, title, first and last name, user name, country, identity card, date of birth, password, profile image, postal addresses, telephone number(s), IP address, connection and browsing data, order history, payments, claims, incidents, information concerning deliveries, correspondence on its website, and if applicable, the company’s name and the VAT number, all content shared on the Website (comments, messages etc.). For banking data, please see Section 10 below.
You are informed of the mandatory nature of the data to be provided for collection by an asterisk. If you do not fill in the required fields, we will not be able to provide you with all of our services.
Certain data is collected automatically through your actions on the site (see the section on cookies).
4. How the data is collected
As previously indicated, we collect the information listed in Article 2 above specifically when you:
- create your customer profile on the Website;
- purchase or sell a product on the Website;
- browse the Website and look at the products;
- participate in a lottery or contest;
- contact us directly through the contact details provided and/or through our customer service department;
- conclude a contract with us;
- subscribe to our mailing list ("newsletter");
- use the messaging tool made available to you to contact other users of the Website (the "Chat");
- accept the installation of certain cookies.
5. Data recipients
The personal data we collect may be shared with:
(i) Vestiaire Collective’s internal departments, on a need-to-know basis;
(ii) the other companies of the Vestiaire Collective group, particularly in the case of international payments;
(iii) advertising platforms and business partners, with your consent in that case;
(iv) our service providers, including:
a) delivery and payment services providers,
b) CRM services providers,
c) product verification services providers,
d) IT services providers;
(v) third parties who, in the scope of an M&A transaction, need direct or indirect access to certain data;
(vi) sellers, if the items you purchase are sent to you directly by them;
(vii) purchasers, to enable them, where appropriate, to return to sellers the items they purchased directly from them;
(viii) third parties legally authorised (including judicial authorities, the police, tax authorities when required by the tax obligations applicable to Vestiaire Collective, etc.).
6. Purposes of the data collection and processing
The primary purpose of collecting personal data is to offer you a safe, optimal, efficient and customized browsing experience. We use your personal data to:
- manage the user accounts (subscribe, unsubscribe, exclude, etc.) (Purpose No 1);
- manage applications for jobs with Vestiaire Collective (Purpose No 2);
- provide our services and those of our partners, when Vestiaire Collective acts as an agent (Purpose No 3);
- manage the products sold and, in particular, guarantee quality control (Purpose No 4);
- process transactions and orders (Purpose No 5);
- manage our customer relations (including with our VIP customers) and prospects (including, in particular, the provision of important information in connection with this privacy policy & cookies charter and our Website’s terms and conditions of use, etc.). (Purpose No 6);
- better know you (your needs, interests, etc.) to develop, improve and provide you with the services you expect (Purpose No 7);
- resolve any problems or claims (Purpose No 8);
- establish statistics and carry out surveys with a view to customizing, assessing and improving our services and content (Purpose No 9);
- inform you about our services and those of our partner companies, through targeted marketing and/or promotional offers, with your consent (Purpose No 10);
- prevent, detect and investigate any activities that are potentially prohibited and illegal and enforce our general conditions of sale and use (Purpose No 11);
- comply with our legal and regulatory obligations, for example Vestiaire Collective’s legal obligation to cooperate with the public tax or judicial authorities in the scope of their control and investigation missions (Purpose No 12);
- transfer it to the recipients referred to in Section 4 “Data recipients” (Purpose No 13);
manage administratively and financially the contracts we may enter into with our clients ("Purpose 14") ;
- improve the quality of the services that Vestiaire Collective offers its users: moderate messages by/to users send through the private Chat and in their comments, ensure that our terms and conditions of use are complied with, detect unsolicited content, malicious computer programs, improve the functionality of the chat, identify potential misbehaviour reported by a user, monitor transactions, carry out fraud investigations, ensure customer support, obtain information on claims or disputes between users and analyse the statistics of the Website and its functionality (Purpose No 15).
7. Storage of the data
All personal data collected and processed via the Website is done so on a duly identified legal basis, as required by the GDPR and the Data Protection Act, i.e.:
- Purpose Nos 1, 3, 4, 6, 7, 8, 9, 10, 11, and 13 are necessary for the legitimate business purposes of Vestiaire Collective or third parties (e.g. our business partners) in relation to the Website and the services provided, being specified that the collection and processing of that data does not in any way interfere with your interests or fundamental rights;
- Purpose No 10, where applicable, implies that we have previously obtained your consent;
- Purpose No 2 is necessary for the conclusion or performance of a contract at your request;
- Purpose No 3 (in the case VC provides its own services),Purpose No 5 (to implement VC’s General Terms of Sale) and Purpose No 14 are subject to the performance by VC of a binding contract with you;
- Purpose No 12 is necessary for the fulfilment of a legal obligation to which VC is subject;
- Purpose No 13 is either necessary to the performance of the contract to which you are a party or based on VC’s legitimate in managing and executing the contract of which you are a signatory.
- Purpose No 15 is necessary to protect the legitimate interests of Vestiaire Collective and the third parties.
Any sensitive personal data we may collect and/or process would exclusively be done so based on your explicit consent and never without you being aware of it. In any case, we recommend that you only provide us with information that is strictly necessary, thus complying with the data minimisation principle imposed by the GDPR and the Data Protection Act.
Where the processing is based on your consent, you can withdraw your consent at any time.
8. Data retention periods
Vestiaire Collective retains your personal data in an identifiable form for as long as necessary to fulfil the purposes for which it was collected. Thus, basically:
- data collected automatically and which concerns your browsing session on the Website are kept in the perspective of your next visit to the Website and are only deleted manually by empting the browser’s cache (see the paragraph on cookies);
- data that you have communicated to us which concerns your interactions on the Website and which is used for the purposes of managing the commercial relationship (execution of the contract, prospecting) are retain for the duration necessary for the commercial relationship increased by 3 (three) years (subject to the other stipulations of this charter);
- data relating to prospects is kept for a period of 3 (three) years from the date of their collection or from the last contact with the prospect;
- data of users registered on the Website is kept until the account is deleted;
- data collected in the context of the conclusion of contracts is kept for their entire duration of the execution and is then archived for the strict legal prescription periods applicable;
- data collected by VC in the context of its legal tax obligations is kept until it is sent to the tax authorities once a year and then archived for the strict applicable statutory limitation periods;
- other data, in particular statistical data, is kept in a form that does not allow you to be identified.
You may set guidelines for the storage, deletion and disclosure of your personal data after your death. To do so, please write to dataprivacy@vestiairecollective.com. In the absence of such guidelines, your personal data will be retained in accordance with the above paragraphs, unless your heirs request a faster deletion.
9. Cookies
A cookie is a small text file (in .txt format) containing a string of characters. Cookies are sent by the server of the website you are browsing and are stored on the hard disk of your computer, tablet or smartphone.
In general, a cookie contains certain directly or indirectly identifying data, such as the name of the server it is sent by, a session identifier, a date of expiry and, potentially, information on your browsing of the website concerned, such as the pages browsed for example.
A cookie is not used to gather personal data without your knowledge, but rather to record information concerning your browsing on the Website, which can be read directly by Vestiaire Collective during your subsequent searches on the Website (such as, for example: the pages you accessed or the date and time of access to such pages).
Cookies may be strictly technical and necessary, particularly to recognise you when you return to a website after leaving it, or to establish a secure connection for an online purchase. Cookies may also be used to establish statistics, audience and performance ratings, as well as advertising targeting in order to send you advertisements adapted to your tastes and assessed via your internet browsing habits.
The Website uses various cookies. When you first connect to the Website, a banner is displayed to inform you about cookies and give you the possibility to accept or refuse cookies relating to (i) the display of customised content, (ii) targeted advertising and (iii) statistics. Once the settings are configured, they in turn are recorded in a cookie and stored. If you wish to subsequently modify these settings, you must clear the memory cache in your browser so that the banner is displayed again.
Vestiaire Collective’s Cookies
The cookies necessary to operate Vestiaire Collective’s Website and services are enabled by default. The other types of cookies are installed when you click “I accept” or “OK” on the banner or if you continue browsing the Website. In order to avoid any inconvenience due to these systematic authorisation requests and to enable smooth browsing, we can memorize your refusal or acceptance of certain cookies.
The cookies we use on the Website enable us to:
- establish statistics and the volume of traffic on the Website’s pages;
- facilitate communication;
- provide users with the services requested;
- recognise users for future visits;
- adapt the presentation of our website and our advertising spaces to the users’ display preferences on their terminal (language, operating system, etc.);
- offer targeted advertising to users;
- combat fraud on the internet;
- secure users’ payments on the Website.
Some of the browsing information collected via the cookies may be shared with our business partners.
The storage period for data collected via our cookies requiring consent is limited to thirteen (13) months.
Third Party Cookies
If, by clicking on their banners or advertising links, you access third-party websites that advertise on Vestiaire Collective’s website, or if you look at their advertisements, cookies may be used by the companies who publish these advertisements. These third parties potentially using cookies in the framework of Vestiaire Collective’s services (partners, advertisers or other third parties providing content or services on the Website) are responsible for the cookies they use and it is their cookie policy that applies. Vestiaire Collective does not accept any responsibility for the potential use of cookies by these third parties. For more information, we advise you to view the cookie policy directly on these advertisers’ websites.
How to configure your cookies settings, based on your browser and your mobile
As indicated above, Vestiaire Collective gives you the possibility to accept or refuse cookies on the Website. All you need to do is configure the appropriate settings using the banner displayed on your first visit.
Furthermore, you can configure your browser to manage cookies generally, whatever the website concerned. The configuration for each browser varies. It is described in your browser’s help menu, which includes instructions on how to change your cookies settings. Refusal or deletion of cookies may hinder the proper functioning of the website concerned. We explain the configuration process below for the browsers most used:
Chrome
Blocking third-party cookies:
Menu > Settings > Show the advanced settings (located at the bottom of the page). Click on “content settings” then check the box “Ignore exceptions and block third-party cookies from being set”, then click OK to validate your choice.
Prevent the installation of cookies:
Use the Chrome DoNotTrackMe, Disconnect or Ghostery.
Blocking social networks settings:
Use the free Extension Privacy badger.
Restricting tracking in Adobe Flash:
The software component Flash is configured by default to automate the storing of user’s tracking information. These settings can best be changed by connecting to the settings manager accessible on line. You should set the confidentiality settings for each of the 8 tabs.
Firefox
Blocking third-party cookies:
Menu > Options > Tab "Privacy & Security”
Configure the menu "Cookies and Site Data” in "Use custom settings for history". Deselect the box "Accept third-party cookies".
Prevent the installation of cookies:
Use Chrome extensions such as DoNotTrackMe, Disconnect or Ghostery.
Blocking social networks settings:
Use the free Extension Privacy badger.
Restricting tracking in Adobe Flash:
The software component Flash is configured by default to automate the storing of user’s tracking information. These settings can best be changed by connecting to the settings manager accessible on line. You should configure the confidentiality settings for all 8 tabs.
Internet Explorer
Refuser the cookies:
Menu > Internet Options > "Confidentiality" Tab then click on Advanced for the Settings window for advanced confidentiality.
Then check the box "Ignore automatic cookie management", then select "Refuse" in the box "Third-Party Cookies".
Restricting tracking in Adobe Flash:
The software component Flash is set by default to automate the storing of user’s tracking information.
These settings can best be changed by connecting to the settings manager accessible on line. You should configure the confidentiality settings for each of the 8 tabs.
Below, we describe the procedure for disabling advertising targeting on your mobile devices, based on the main operating systems:
iOS
Go to the "advertising" option and enable "limited ad tracking" in your privacy settings.
Android
Enable the option "disable interest-based ads" and "reset ad ID" in the "Google settings" application.
Geolocation
When you browse the Vestiaire Collective application, Vestiaire Collective can collect information on where your terminal is located. The geolocation feature in the application requires the user’s prior express consent to be geolocated. To do so, and if users so wish, they must activate the geolocation feature directly in the settings of their mobile terminal and enable the application to use it. The function can be activated or deactivated at any time and at no expense.
Below, we explain the process for configuring the geolocation options of your terminal and the Vestiaire Collective application, according to the main operating systems:
iOS
Access the “Location Services” option and set the applications that can access your location data in your “Privacy” settings.
Android
Activate or deactivate the “Position” feature in the “Settings” and “Applications” sections of your mobile.
10. Your rights under Personal Data Protection Regulations
You are informed that your personal information is automatically processed under Vestiaire Collective’s responsibility, in its capacity as a data controller, for the purpose set out in Article 6 “Purpose of the data collection and processing”.
In compliance with the provisions of the GDPR and the Data Protection Act (collectively, the “Regulations”), you acknowledge having been informed of your rights and you are thus entitled to the following:
- an access and rectification right allowing you to modify, complete or update your personal data;
- a right to the erasure of any inaccurate, incomplete, ambiguous or obsolete data or any data concerning which collection, use, disclosure or storage is prohibited;
- the right to object to the processing of your data on legitimate grounds;
- the right to object, without justification, to the use of your data for prospection;
- the right to define guidelines concerning the use of your personal data after your lifetime;
- the right to data portability, in a commonly used structured format that is machine-readable; however, this right can only be exercised in relation to (i) data concerning you and provided by you, and (ii) automated processing operations;
- the right to restrict processing, under the terms and conditions set out in article 18 of EU Regulation No 2016/679 of 27 April 2016;
- the right to file a claim with the relevant authorities (the Commission Nationale de l’Informatique et des Libertés – “CNIL”) or the relevant authority at your location.
To exercise your rights – except for your right to file a claim with the CNIL or your data protection authority –, please contact the data protection manager by email at the following address: dataprivacy@vestiairecollective.com. In compliance with applicable regulations, your claim must be signed and must include a copy of your identification document with your signature and provide your address for the response.
11. Banking data and system for analysing orders (fraud detection)
As a matter of principle, your banking data is only stored during the payment.
However, subject to your consent, which is materialized by ticking a box, it may be stored in a secured manner to avoid you having to enter the information again for a future order and thereby facilitate future purchases. In this case, the data will be stored until you withdraw your consent, and/or your credit card expires.
The banking information relating to your order is automatically processed by Riskifield, Adyen, Oney Trust, Oney, Ethoca, Cybersource, Ingenico, PagaMasTarde, Afforditnow, Affirm, Crédit du Nord, Paypal, Mangopay. The purpose of this automated data processing is to enable the authentication of the persons paying an order and to prevent payment fraud.
Non-payments due to fraudulent use of credit cards will result in the registering of contact information relating to your order, in connection with such non-payment, in an internal payment incident file as well as by the service providers listed above. A false declaration or an error may also result in specific processing (particularly for fraud detection purposes).
12. Measures taken to protect your personal data
In its capacity as data controller, Vestiaire Collective undertakes to implement and maintain, at its own expense, appropriate technical and organisational measures for the processing and security of personal data, in accordance with Articles 32 to 34 of the GDPR.
Vestiaire Collective thus ensures that these technical and organisational measures are permanently adapted to the specific risks associated with its processing operations, concerning the type of data likely to transit via the Website, especially to protect your personal data against destruction, loss, alteration, unauthorized disclosure or accidental or unlawful access.
Thus, in terms of the technical measures implemented by Vestiaire Collective:
- all personal data is stored on servers located in France, Germany, Ireland and/or United-States,;
- administrative access to our servers is limited to specific IP addresses of our hosting agent.
In terms of organisational measures, your personal data can only be accessed by certain members of Vestiaire Collective’s personnel, on a need-to-know basis.
Vestiaire Collective also undertakes to maintain, update and store complete and accurate records on the processing of personal data in the scope of the Website. These records contain details of the processing operations carried out.
13. Transfer of personal data abroad
Certain data collected such as, mainly, identification data (personal and professional identity), data concerning personal preferences, economic and financial information (employment, income), electronic communications, geolocation data, customer relations follow-up data, may be transferred to service providers and/or entities of the Vestiaire Collective group potentially located outside the European Union.
Prior to any such transfer, Vestiaire Collective will ensure that:
(i) the destination countries guarantee an adequate level of protection of personal data; or
(ii) data recipients located in the United States warrant that they comply with the “Privacy Shield” requirements implemented by the European Commission in its decision No 2016/1250 of 12 July 2016; or
(iii) appropriate guarantees have been implemented (for example, acceptance by the recipient of the standard contractual clauses adopted by the European Commission or authorised by the relevant supervisory authority).
For further information, please write to the following address dataprivacy@vestiairecollective.com. We will then provide you with all the required information on the subject and, if necessary, on how to obtain a copy of such information or where it is available.
14. Further queries
For any further queries you may have on how Vestiaire Collective collects and processes your personal data, please send an email to the following address: dataprivacy@vestiairecollective.com and we will be pleased to answer you.
Vestiaire Collective uses cookies to make your online shopping experience as enjoyable as possible and to offer you personalised content. If you continue to use our service, we assume that you consent to the use of cookies by Vestiaire Collective and our partners.