Last updated: 01/04/2021
In view of the purpose and operating mode of the website www.vestiairecollective.com and the software applications “Vestiaire Collective”(the “Website”), it may collect and process some of its users’ personal data, within the meaning of the General Data Protection Regulation of the European Parliament and Council No 2016/679 of 27 April 2016 (the “GDPR”) and French Law No 78-17 of 6 January 1978 entitled “Loi Informatique & Libertés” (the “Data Protection Act”), in the version currently in force.
The purpose of this privacy policy & cookies charter is to explain how and why the data is collected and processed, what are their purposes, as well as the rights held by the subjects (i.e. the Community members who use the Website, hereinafter referred to as “you”) under the above-mentioned laws and regulations. This privacy policy completes the terms and conditions of use (“TCU”) of the Website. It may be amended at any time. The applicable version is the version available on the Website.
2. Identity of the data controller
Personal data is collected and processed by Vestiaire Collective, a French société anonyme with capital of EUR 3 197 475.26, registered with the Paris Trade and Companies Registry under number 517 465 225, whose registered address is 255 boulevard Pereire, 75017 Paris – France, represented by its Chief Executive Officer (hereinafter, "Vestiaire Collective" or “us”), acting as data controller.
3. Data that can be collected on the Website
When you browse the Website and use the services it offers, Vestiaire Collective collects and processes certain information that may be considered as personal data within the meaning of the GDPR and the Data Protection Act, including the following data: email address, title, first and last name, user name, country, identity card, date of birth, password, profile image, postal addresses, telephone number(s), IP address, connection and browsing data, order history, payments, claims, incidents, information concerning deliveries, correspondence on its website, and if applicable, the company’s name and the VAT number, all content shared on the Website (comments, messages etc.). For banking data, please see Section 10 below.
You are informed of the mandatory nature of the data to be provided for collection by an asterisk. If you do not fill in the required fields, we will not be able to provide you with all of our services.
Certain data is collected automatically through your actions on the site (see the section on cookies).
4. How the data is collected
As previously indicated, we collect the information listed in Article 2 above specifically when you:
- create your customer profile on the Website;
- purchase or sell a product on the Website;
- browse the Website and look at the products;
- participate in a lottery or contest;
- contact us directly through the contact details provided and/or through our customer service department;
- conclude a contract with us;
- subscribe to our mailing list ("newsletter");
- use the messaging tool made available to you to contact other users of the Website (the "Chat");
- accept the installation of certain cookies.
5. Data recipients
The personal data we collect may be shared with:
(i) Vestiaire Collective’s internal departments, on a need-to-know basis;
(ii) the other companies of the Vestiaire Collective group, particularly in the case of international payments;
(iii) advertising platforms and business partners, with your consent in that case;
(iv) our service providers, including:
a) delivery and payment services providers,
b) CRM services providers,
c) product verification services providers,
d) IT services providers;
(v) third parties who, in the scope of an M&A transaction, need direct or indirect access to certain data;
(vi) sellers, if the items you purchase are sent to you directly by them;
(vii) purchasers, to enable them, where appropriate, to return to sellers the items they purchased directly from them;
(viii) third parties legally authorised (including judicial authorities, the police, tax authorities when required by the tax obligations applicable to Vestiaire Collective, etc.).
6. Purposes of the data collection and processing
The primary purpose of collecting personal data is to offer you a safe, optimal, efficient and customized browsing experience. We use your personal data to:
- manage the user accounts (subscribe, unsubscribe, exclude, etc.) (Purpose No 1);
- manage applications for jobs with Vestiaire Collective (Purpose No 2);
- provide our services and those of our partners, when Vestiaire Collective acts as an agent (Purpose No 3);
- manage the products sold and, in particular, guarantee quality control (Purpose No 4);
- process transactions and orders (Purpose No 5);
- manage our customer relations (including with our VIP customers) and prospects (including, in particular, the provision of important information in connection with this privacy policy & cookies charter and our Website’s terms and conditions of use, etc.). (Purpose No 6);
- better know you (your needs, interests, etc.) to develop, improve and provide you with the services you expect (Purpose No 7);
- resolve any problems or claims (Purpose No 8);
- establish statistics and carry out surveys with a view to customizing, assessing and improving our services and content (Purpose No 9);
- inform you about our services and those of our partner companies, through targeted marketing and/or promotional offers, with your consent (Purpose No 10);
- prevent, detect and investigate any activities that are potentially prohibited and illegal and enforce our general conditions of sale and use (Purpose No 11);
- comply with our legal and regulatory obligations, for example Vestiaire Collective’s legal obligation to cooperate with the public tax or judicial authorities in the scope of their control and investigation missions (Purpose No 12);
- transfer it to the recipients referred to in Section 4 “Data recipients” (Purpose No 13);
manage administratively and financially the contracts we may enter into with our clients ("Purpose 14") ;
- improve the quality of the services that Vestiaire Collective offers its users: moderate messages by/to users send through the private Chat and in their comments, ensure that our terms and conditions of use are complied with, detect unsolicited content, malicious computer programs, improve the functionality of the chat, identify potential misbehaviour reported by a user, monitor transactions, carry out fraud investigations, ensure customer support, obtain information on claims or disputes between users and analyse the statistics of the Website and its functionality (Purpose No 15).
7. Storage of the data
All personal data collected and processed via the Website is done so on a duly identified legal basis, as required by the GDPR and the Data Protection Act, i.e.:
- Purpose Nos 1, 3, 4, 6, 7, 8, 9, 10, 11, and 13 are necessary for the legitimate business purposes of Vestiaire Collective or third parties (e.g. our business partners) in relation to the Website and the services provided, being specified that the collection and processing of that data does not in any way interfere with your interests or fundamental rights;
- Purpose No 10, where applicable, implies that we have previously obtained your consent;
- Purpose No 2 is necessary for the conclusion or performance of a contract at your request;
- Purpose No 3 (in the case VC provides its own services),Purpose No 5 (to implement VC’s General Terms of Sale) and Purpose No 14 are subject to the performance by VC of a binding contract with you;
- Purpose No 12 is necessary for the fulfilment of a legal obligation to which VC is subject;
- Purpose No 13 is either necessary to the performance of the contract to which you are a party or based on VC’s legitimate in managing and executing the contract of which you are a signatory.
- Purpose No 15 is necessary to protect the legitimate interests of Vestiaire Collective and the third parties.
Any sensitive personal data we may collect and/or process would exclusively be done so based on your explicit consent and never without you being aware of it. In any case, we recommend that you only provide us with information that is strictly necessary, thus complying with the data minimisation principle imposed by the GDPR and the Data Protection Act.
Where the processing is based on your consent, you can withdraw your consent at any time.
8. Data retention periods
Vestiaire Collective retains your personal data in an identifiable form for as long as necessary to fulfil the purposes for which it was collected. Thus, basically:
- data collected automatically and which concerns your browsing session on the Website are kept in the perspective of your next visit to the Website and are only deleted manually by empting the browser’s cache (see the paragraph on cookies);
- data that you have communicated to us which concerns your interactions on the Website and which is used for the purposes of managing the commercial relationship (execution of the contract, prospecting) are retain for the duration necessary for the commercial relationship increased by 3 (three) years (subject to the other stipulations of this charter);
- data relating to prospects is kept for a period of 3 (three) years from the date of their collection or from the last contact with the prospect;
- data of users registered on the Website is kept until the account is deleted;
- data collected in the context of the conclusion of contracts is kept for their entire duration of the execution and is then archived for the strict legal prescription periods applicable;
- data collected by VC in the context of its legal tax obligations is kept until it is sent to the tax authorities once a year and then archived for the strict applicable statutory limitation periods;
- other data, in particular statistical data, is kept in a form that does not allow you to be identified.
You may set guidelines for the storage, deletion and disclosure of your personal data after your death. To do so, please write to dataprivacy@vestiairecollective.com. In the absence of such guidelines, your personal data will be retained in accordance with the above paragraphs, unless your heirs request a faster deletion.
9. Cookies
1) What is a cookie?
A cookie is a small file stored by a server in a user's terminal (computer, telephone, etc.) and associated with a web domain (i.e. in most cases with all the pages of a single website).
Generally speaking, the cookie contains certain directly or indirectly identifying information, such as the name of the server that deposited it, a session identifier, an expiry date, or even information on navigation within the site you are visiting, such as the pages you have visited, for example, a terminal identifier, an advertising identifier, etc.
Cookies have many uses: they can be used to remember your advertising ID, the contents of your shopping cart, the language in which the web page is displayed, to track your browsing for statistical or advertising purposes, to personalise content etc. For the sake of simplicity, we use the term cookies to refer to all types of tracers.
2) Who can place cookies on my terminal?
-> Vestiaire Collective
-> Vestiaire Collective's partners: these are third-party companies, such as advertising agencies, fraud prevention service providers or our partners' clients. You can consult the list of partners.
Cookies may be deposited when you browse our Platform or when you click on our advertising spaces from our Platform or partner sites.
3) How do I set my cookies?
a) The Vestiaire Collective banner
When you first connect to the Platform, a banner is displayed to inform you about the categories of cookies that are used and to give you the possibility of accepting or refusing cookies related to (i) audience measurement, (ii) content customisation, (iii) personalised advertising and (iv) sharing on social networks.
Once you have made your choices, a necessary cookie is placed on your terminal in order to keep them in memory for 6 months. This prevents us from asking you to set your cookies each time you visit our Platform.
If you wish to change these settings at a later date, you must empty your browser's cache so that the banner appears again or
Retention period: their life span is generally the time of the session and a maximum of several months.
Consequence in case of blocking: you may no longer be able to access the Platform and/or the Platform's services.
Details of the purposes:
● retain your expressed choice on the deposit of tracers;
● to allow you to remain connected when you navigate from one page of the Platform to another;
● to keep track of the contents of your shopping cart or to charge for the product(s) and/or service(s) purchased;
● customise the user interface (e.g. for language selection or presentation of our services); save the format and dimensions of your screen and windows in order to correctly display our Platform;
● authenticate you to a service, including those aimed at ensuring the security of the authentication mechanism, for example by limiting robotic or unexpected access attempts;
● combat spam and phishing attempts, by enabling us to identify computers used to create large numbers of fake accounts;
● detect computers infected with malware and prevent them from causing damage
● implement security measures, for example when you are asked to log in again to a content or service after a certain period of time;
● detect navigation problems and therefore improve the usability of our services;
● to secure transactions and fight against fraud (prevention of payment fraud, identity theft, etc.);
● to balance the load of equipment contributing to a communication service;
● to route traffic between servers and to understand the loading speed of our pages;
● facilitate communication via the Platform;
● measure the audience, traffic and carry out statistics of our Platform and its services, in particular to improve the functionality of the Platform.
4.2) Audience cookies (subject to your prior consent):
These cookies allow us to collect information about your use of the site (number of visits, pages visited, time spent on the site, etc.) in order to carry out statistical analyses, on an aggregate basis, of the number of users and the way in which you navigate our Platform.
Retention period: The life of these cookies does not exceed 13 months.
Consequence in case of blocking: No consequence for the user but by accepting them, you contribute to the improvement of our Platform and our services.
To block this cookie directly via Google: Google Analytics opt-out browser add-on - Analytics Help
Detail of the purposes:
● to measure the audience, traffic and performance of our Platform and its services and to improve the functionality of the Platform;
● to analyse traffic in greater depth.
4.3) Content personalisation cookies (subject to your prior consent):
These cookies do not directly store personal data, but are based on the unique identification of your browser and terminal. These cookies allow us to deduce your user profile and recommend products, services and content that best suit your preferences, and to offer you certain promotional offers on our Platform.
Retention period: Their life span is very short, generally the time of the session, a few hours and a maximum of 13 months.
Consequence in case of blocking: No consequence on the use of the Platform. On the other hand, their deletion will have the effect of displaying content that does not take into account your centres of interest. By accepting these cookies, you benefit from an enriched and personalised experience.
Details of the purposes:
● to offer you content, products and services that are personalised according to your preferences, interests and your browsing and use of the Platform;
● to identify your visit to our Platform, track the pages you visit and the links you click; to understand your user profile to better tailor our Platform and the advertisements displayed on it to your interests. If you have given us permission to send you advertising emails (such as newsletter sign-ups) or push notifications, we will also use this information to personalise these (targeting or advertising cookies).
4.4) Personalised advertising cookies (subject to your prior consent):
These cookies may be set within our Platform by our advertising partners. They may be used by these companies to profile your interests and deliver relevant and personalised advertising on other websites. These cookies allow us to display ads that best match your preferences. Your profile is also enriched with information from your interactions with our partners or with other publishers who are clients of these partners.
Retention period: Their life span is very short, generally the time of the session, a few hours and a maximum of 13 months.
Consequence in case of blocking: No consequence on the use of the Platform. On the other hand, their deletion will not lead to the cessation of advertising on the Internet. It will only result in the display of advertising that does not take your interests into account. By accepting these cookies, you will benefit from an enriched and personalised experience.
Detail on the purposes:
● to offer you personalised content, products and services based on your preferences, interests and your browsing and use of the Platform;
● to count the total number of advertisements displayed by us on our advertising spaces, to identify these advertisements, their respective number of displays, the number of users who clicked on each advertisement and, if applicable, the subsequent actions taken by these users on the pages to which these advertisements lead;
● to adapt the advertising content of our Platform through our advertising spaces as well as our offers, according to the navigation on our Platform, or third party sites, the purchases you may make and/or according to the location data (longitude and latitude) transmitted by your terminal (with your prior consent);
● to associate this data with browsing information in order to send you, for example, electronic prospecting or to display on your terminal, within advertising spaces that we issue, personalised advertisements that are specifically intended for you and likely to interest you personally.
4.5) Social network sharing cookies (subject to your consent):
We may include on our site, computer applications from third parties, which allow you to share content from our site with other people or to let these other people know your consultation or your opinion concerning a content of our Platform. This is notably the case of the "Share" and "Like" buttons from social networks such as "Facebook".
The social network providing such an application button is likely to identify you thanks to this button, even if you did not use this button when visiting our site. Indeed, this type of application button may allow the social network concerned to track your browsing on our site, simply because your account with the social network concerned was activated on your terminal (open session) during your browsing on our site.
We have no control over the process used by these third parties to collect information relating to your browsing on our site and associated with the personal data they hold. We invite you to consult the privacy protection policies of these social networks in order to learn about the purposes for which they may use the browsing information they may collect through these application buttons, particularly for advertising purposes. These protection policies must allow you to exercise your choices with these social networks, in particular by configuring your user accounts for each of these networks.
Retention period: The retention period of the sharing cookies is determined by each social network but must not exceed 13 months.
Consequence in case of blocking: No consequence on the use of the Platform. However, deactivating these cookies will prevent any interaction with the network(s) concerned.
10. Your rights under Personal Data Protection Regulations
You are informed that your personal information is automatically processed under Vestiaire Collective’s responsibility, in its capacity as a data controller, for the purpose set out in Article 6 “Purpose of the data collection and processing”.
In compliance with the provisions of the GDPR and the Data Protection Act (collectively, the “Regulations”), you acknowledge having been informed of your rights and you are thus entitled to the following:
- an access and rectification right allowing you to modify, complete or update your personal data;
- a right to the erasure of any inaccurate, incomplete, ambiguous or obsolete data or any data concerning which collection, use, disclosure or storage is prohibited;
- the right to object to the processing of your data on legitimate grounds;
- the right to object, without justification, to the use of your data for prospection;
- the right to define guidelines concerning the use of your personal data after your lifetime;
- the right to data portability, in a commonly used structured format that is machine-readable; however, this right can only be exercised in relation to (i) data concerning you and provided by you, and (ii) automated processing operations;
- the right to restrict processing, under the terms and conditions set out in article 18 of EU Regulation No 2016/679 of 27 April 2016;
- the right to file a claim with the relevant authorities (the Commission Nationale de l’Informatique et des Libertés – “CNIL”) or the relevant authority at your location.
To exercise your rights – except for your right to file a claim with the CNIL or your data protection authority –, please contact the data protection manager by email at the following address: dataprivacy@vestiairecollective.com. In compliance with applicable regulations, your claim must be signed and must include a copy of your identification document with your signature and provide your address for the response.
11. Banking data and system for analysing orders (fraud detection)
As a matter of principle, your banking data is only stored during the payment.
However, subject to your consent, which is materialized by ticking a box, it may be stored in a secured manner to avoid you having to enter the information again for a future order and thereby facilitate future purchases. In this case, the data will be stored until you withdraw your consent, and/or your credit card expires.
The banking information relating to your order is automatically processed by Riskifield, Adyen, Oney Trust, Oney, Ethoca, Cybersource, Ingenico, PagaMasTarde, Afforditnow, Affirm, Crédit du Nord, Paypal, Mangopay. The purpose of this automated data processing is to enable the authentication of the persons paying an order and to prevent payment fraud.
Non-payments due to fraudulent use of credit cards will result in the registering of contact information relating to your order, in connection with such non-payment, in an internal payment incident file as well as by the service providers listed above. A false declaration or an error may also result in specific processing (particularly for fraud detection purposes).
12. Measures taken to protect your personal data
In its capacity as data controller, Vestiaire Collective undertakes to implement and maintain, at its own expense, appropriate technical and organisational measures for the processing and security of personal data, in accordance with Articles 32 to 34 of the GDPR.
Vestiaire Collective thus ensures that these technical and organisational measures are permanently adapted to the specific risks associated with its processing operations, concerning the type of data likely to transit via the Website, especially to protect your personal data against destruction, loss, alteration, unauthorized disclosure or accidental or unlawful access.
Thus, in terms of the technical measures implemented by Vestiaire Collective:
- all personal data is stored on servers located in France, Germany, Ireland and/or United-States,;
- administrative access to our servers is limited to specific IP addresses of our hosting agent.
In terms of organisational measures, your personal data can only be accessed by certain members of Vestiaire Collective’s personnel, on a need-to-know basis.
Vestiaire Collective also undertakes to maintain, update and store complete and accurate records on the processing of personal data in the scope of the Website. These records contain details of the processing operations carried out.
13. Transfer of personal data abroad
Certain data collected such as, mainly, identification data (personal and professional identity), data concerning personal preferences, economic and financial information (employment, income), electronic communications, geolocation data, customer relations follow-up data, may be transferred to service providers and/or entities of the Vestiaire Collective group potentially located outside the European Union.
Prior to any such transfer, Vestiaire Collective will ensure that:
(i) the destination countries guarantee an adequate level of protection of personal data; or
(ii) appropriate guarantees have been implemented (for example, acceptance by the recipient of the standard contractual clauses adopted by the European Commission or authorised by the relevant supervisory authority).
For further information, please write to the following address dataprivacy@vestiairecollective.com. We will then provide you with all the required information on the subject and, if necessary, on how to obtain a copy of such information or where it is available.
14. Further queries
For any further queries you may have on how Vestiaire Collective collects and processes your personal data, please send an email to the following address: dataprivacy@vestiairecollective.com and we will be pleased to answer you.
Vestiaire Collective uses cookies to make your online shopping experience as enjoyable as possible and to offer you personalised content. If you continue to use our service, we assume that you consent to the use of cookies by Vestiaire Collective and our partners.
