Free Shipping on orders €100+

WEBSITE PRIVACY NOTICE FOR RAEN.EU

Effective: November 22, 2020

1. Introduction and Scope

This Privacy Notice applies to the use of the website ("Website") being accessed from within the EU/EEA.

As regards the use of cookies on the Website, please refer to our separate Cookie Policy located here.

2. Data Controller

The responsible data controller for any personal data collected and processed in connection with the use of the Website is RAEN Optics GmbH, Danziger Straße 2, 85386 Eching, Germany (hereafter "RAEN", "we", "us", or "our").

3. Contact Details and Data Protection Officer

If you have any questions etc. about or in connection with this Privacy Notice or would like to complain about our handling of your personal data or exercise any of your rights (see section 9 below), please contact us by using one of the following contact details:

RAEN Optics GmbH, Danziger Straße 2, 85386 Eching, Germany; info@raen.eu or +49 89 99731556

4. Data Subjects

This Privacy Notice applies to the collection and processing of personal data of users of the Website.

5.  Categories of Data, Purposes of the Processing and Legal Bases

5.1 The Appendix Categories of Personal Data, Purposes and Legal Bases found at the bottom of the privacy policy contains detailed information on:

  • the categories of personal data we collect from you or from third parties (e.g., public authorities or public resources) in addition to other personal data that you actively provide to us (e.g., when you place an order or when you contact us);
  • the purposes for which we process these personal data; and
  • the legal bases for the collection and processing of your personal data (unless otherwise provided, e.g., at the time we collect the data from you).

5.2           Please note that we process your personal data for other purposes only if we are obligated to do so on the basis of legal requirements (e.g., transfer to courts or criminal prosecution authorities), if you have consented to the respective processing or if the processing is otherwise lawful under applicable law. If processing for another purpose takes place, we will provide you with additional information.

5.3           You may choose not to provide certain types of personal data to us, unless the provision of personal data is required for the performance of a contract you conclude with us (e.g., to provide you with products and services you ordered). If you choose not to provide certain types of personal data, our ability to provide you with, and your ability to make use of, the Website or their features and services may be affected.

Any access to your personal data at RAEN is restricted to those individuals that have a need to know in order to fulfill their job responsibilities.

RAEN will transfer your personal data for the respective purposes to the recipients and categories of recipients listed below:

6.1   Within the RAEN group

6.2   Service Providers (within and outside the RAEN group): We use service providers to provide services and products on our behalf and will share your personal data with them as necessary for the provision of the services and products. Our service providers are contractually obligated to Our service providers may not otherwise process or share your personal data, except as permitted by law. We use service providers to communicate news and deliver promotional and transactional materials to you, including personalized online and mobile advertising.

6.3   Governmental authorities, courts, external advisors, and similar third parties that are public bodies as required or permitted by applicable law, in order to: (i) ensure compliance with applicable laws, (ii) respond to governmental inquiries or requests from public authorities, (iii) comply with valid legal process, (iv) protect the rights, privacy, safety or property of RAEN, site visitors, guests, employees or the public, (v) permit us to pursue available remedies or limit the damages that we may sustain, (vi) enforce our Websites' terms and conditions, and (vii) respond to an emergency. Such data transfers are based on Art. 6 (1) (c) and/or (f) GDPR.

7. Cross-Border Data Transfer

7.1  We transfer your personal data outside of the country you are located. Some recipients of your personal data are located in another country for which the European Commission has , or some of the locations of non-European RAEN group companies.

7.2  Some recipients outside of the European Economic Area (EEA) are located in countries for which the European Commission has issued adequacy decisions. In each case, the transfer is thereby recognized as providing an adequate level of data protection from a European data protection law perspective (Art. 45 GDPR).

7.3  By way of entering into appropriate data transfer agreements based on (2010/87/EU and/or 2004/915/EC) as referred to in Art. 46(5) GDPR or other adequate means, which are accessible via the contact details above we have established that all other recipients located outside the EEA will provide an adequate level of data protection for the personal data and that appropriate technical and organizational security measures are in place to protect personal data against accidental or unlawful destruction, accidental loss or alteration, unauthorized disclosure or access, and against all other unlawful forms of processing. Any onward transfer (including our affiliates outside the EEA) is subject to appropriate onward transfer requirements as required by applicable law.

8.  Retention Period

8.1  Your personal data is stored by RAEN and/or our service providers, strictly to the extent necessary for the performance of our obligations and strictly for the time necessary to achieve the purposes for which the personal data is collected, in accordance with applicable data protection laws. When RAEN no longer needs to process your personal data, we will erase it from our systems and/or records and/or take steps to properly anonymize it so that you can no longer be identified from it unless we need to keep your information to comply with legal or regulatory obligations to which RAEN is subject.

9. Your Rights

Under the conditions set out under applicable law (i.e., the GDPR), you have the following rights:

9.1 Right to withdraw consent: If you have declared your consent for any personal data processing activities, you can withdraw this consent at any time with future effect. Such a withdrawal will not affect the lawfulness of the processing prior to the consent withdrawal.

9.2  Right of access: You have the right to obtain from us confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, to request access to the personal data. The access information includes – inter alia – the purposes of the processing, the categories of personal data concerned, and the recipients or categories of recipients to whom the personal data have been or will be disclosed.

You have the right to obtain a copy of the personal data undergoing processing. For additional copies requested by you, we may charge a reasonable fee based on administrative costs.

9.3  Right to rectification: You have the right to obtain from us the rectification of inaccurate personal data concerning you. Depending on the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

9.4  Right to erasure (right to be forgotten): You have the right to ask us to erase your personal data.

9.5   Right to restriction of processing: You have the right to request the restriction of processing your personal data. In this case, the respective data will be marked and may only be processed by us for certain purposes.

9.6  Right to data portability: You have the right to receive the personal data concerning you which you have provided to us in a structured, commonly used and machine-readable format and you have the right to transmit those personal data to another entity without hindrance from us.

9.7  Right to object:

You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data by us and we can be required to no longer process your personal data. If you have a right to object and you exercise this right, your personal data will no longer be processed for such purposes by us. Exercising this right will not incur any costs.

Such a right to object may not exist, in particular, if the processing of your personal data is necessary to take steps prior to entering into a contract or to perform a contract already concluded.

 

Please note that the aforementioned rights might be limited under the applicable national data protection law. RAEN remains the universal point of contact for your execution of these rights.

Please refer any of your questions to info@raen.eu.

In case of complaints, you also have the right to lodge a complaint with the competent supervisory authority, in particular in the Member State of your habitual residence or alleged infringement of the GDPR.

If you have provided us with your email address in order to be notified once a product is back in stock, you can request to be deleted from the notification list by [sending an email to info@raen.eu or using the unsubscribe button at the end of the email once you have received the notification email.

Changes to this Website Privacy Notice

This privacy notice may require an update from time to time – e.g. due to the implementation of new technologies or the introduction of new services or features. We reserve the right to change or supplement this Website Privacy Notice at any time. We will publish the changes and/or inform you accordingly (e.g., via email).

 

10. Virtual Try On Privacy Policy

When you use these VTO solutions, FITTINGBOX may operate a scan and/or a reconstruction and/or a change in the appearance of your face but will not disclose or store your image: your image is processed live, only for the duration of the virtual try-on experience. FITTINGBOX will not sell, distribute, lease or otherwise disclose or store your personal data or your image. If you ever save a screenshot of your try-on, the image will be stored on your device only and FITTINGBOX cannot access it.

However, because we value your privacy, if FITTINGBOX ever were to come into the possession of personal data and/or biometric information / identifiers as part of this process, it would permanently destroy any such data and/or information when the initial purpose for collecting or obtaining such identifiers or information has been satisfied or within 30 days of an individual’s last interaction with us, whichever occurs first. By using such VTO solutions, you hereby agree to give access to your webcam to make a virtual try-on (VTO) experience and release FITTINGBOX from any liability whatsoever under the applicable data protection laws and regulation, with the European Regulation 2016/676 of 27 April 2016 (GDPR), the EU-U.S. and Swiss-U.S. Privacy Shield, the US Health Insurance Portability and Accountability Act of 1996, the US Health Information Technology for Economic and Clinical Health of 2009, the US CCPA of 2020, and with the Illinois' Biometric Information Privacy Act of 2008, as applicable, and any similar laws.

Please note also that data or cookies might be locally saved on your computer; If you are uncomfortable regarding cookies use, you can decline or disable or delete cookies on your computer by changing the settings in preferences or options menu in your browser. Please note that any declination or disabling or deletion of cookies may result in degraded operation of FITTINGBOX’s VTO solutions and/or the website or the device where such VTO solutions may be implemented; in no event will FITTINGBOX be liable for such degraded browsing or malfunction and their consequences.

If you have any enquiry or observation about this Policy, please contact us at contact@fittingbox.com. We will answer you as soon as possible.


Appendix

Categories of Personal Data, Purposes and Legal Bases

We process the following categories of personal data:

Account Data, such as your username and your password.

Device Data, such as information about your device, including information about your web browser, IP address, time zone, individual web pages or products that you view, what websites or search terms referred you to the Website, and information about how you interact with the Website.

Identification Data, such as your name, email address, postal address and phone number.

Interest Data, such as your interests and preferences you have shared with us.

Order Data, such as your billing address, shipping address, and payment information (including credit card numbers).

Review Data, such as i on our Website.

Social Media Data, such as information to your profiles on social media (e.g., if you contact us via a social media channel).

 

In the following, you will find an overview of the purposes for which we process the categories of personal data as well as its legal bases:

No.

of the Processing

Categories of Personal Data

Legal Bases for the Processing

1.      

Create an

Account Data; Identification Data

Performance of a contract, Art. 6 (1) (b) GDPR

2.      

Fulfill orders placed through the Website (including processing your payment information, arranging for shipping, and providing you with invoices and/or order confirmations)

Account Data; Identification Data; Order Data

Performance of a contract, Art. 6 (1) (b) GDPR; legitimate interest, Art. 6 (1) (f) GDPR

3.      

Provide you with information on the shipping and delivery process

 

Legitimate interest, Art. 6 (1) (f) GDPR

4.      

Handle product returns we receive from you

Account Data; Identification Data; Order Data

Performance of a contract, Art. 6 (1) (b) GDPR; legitimate interest, Art. 6 (1) (f) GDPR

5.      

Maintain and improve the functionality of our Website (e.g., to ensure the security and operability of our IT systems)

Device Data

Legitimate interest, Art. 6 (1) (f) GDPR

6.      

Optimize our Website (e.g., by generating analytics about how our customers browse and interact with the Website, and to assess the success of our marketing and advertising campaigns)

Device Data

Consent, Art. 6 (1) (a) GDPR

7.      

Post your review of a product on the Website

Review Data, Identification Data

Legitimate interest, Art. 6 (1) (f) GDPR

8.      

Communicate with you (including responding to your questions, inquiries and requests via forms on the Website or on Social Media)

Identification Data; Order Data; Social Media Data

Performance of a contract, Art. 6 (1) (b) GDPR; legitimate interest, Art. 6 (1) (f) GDPR

9.      

Provide you with information or advertising relating to our products or services (when in line with the preferences you have shared with us), e.g. with newsletters

Identification Data; Order Data; Interest Data

Consent, Art. 6 (1) (a) GDPR

10.   

Send you a back in stock notification

Identification Data

Legitimate interest, Art. 6 (1) (f) GDPR

11.   

Administrate rewards, surveys, sweepstakes, contests, or other promotional activities or events

Identification Data; Order Data; Interest Data

Consent, Art. 6 (1) (a) GDPR; performance of a contract, Art. 6 (1) (b) GDPR; legitimate interest, Art. 6 (1) (f) GDPR

12.   

Screen our orders for potential risk or fraud

Identification Data; Order Data; Device Data

Legitimate interest, Art. 6 (1) (f) GDPR

13.   

Comply with legal obligations, prevent unlawful uses of the Website, resolve disputes, and enforce our agreements

Identification Data; Order Data; Device Data

Legal obligations, Art. 6 (1) (c) GDPR; legitimate interest, Art. 6 (1) (f) GDPR

 

*For data processing activities based on legitimate interests (Art. 6 (1) (f) GDPR): Further information on the balancing test performed are available upon request to info@raen.eu