Privacy Policy

02/02/2022

With this Privacy Policy LELO, as data controller, wants to be transparent about processing your personal data. We are committed to protecting privacy and security of our customers and site visitors. We, therefore, have a policy setting out the purpose for which your personal data will be collected, as well as how it will be processed and protected. This Privacy Policy is related to the following websites Lelo.com, Intimina.com, Lelohex.com.
 

1. LEGAL BASIS FOR PROCESSING PERSONAL DATA

We shall process your personal data for the following reasons:
- The execution of contracts or precontractual obligation, which you are party to.
- Complying with our legal obligations.
- Marketing and other business legitimate interests.
 

2. LEGITIMATE INTERESTS

Legitimate interests include the following:
- Sending our newsletter to our customers from whom we have obtained the contact details in the course of a sale (or negotiations for a sale) of a product or service.
- Collection of personal data to provide you with best possible customer experience.
- Operational requirements necessary for internal processes.
- Fulfilling your requirements or requests regarding our services and products.
- Fraud prevention.
- Protecting our rights, employees, and property.
 

3. PURPOSES OF PERSONAL DATA PROCESSING

- Online purchases (when you place an order or ask for a refund).
- Direct marketing (when we send our newsletters).
- Administration of user accounts.
- Enforcing our Terms and Conditions.
- Communication through our email, contact forms, social networks, or Customer Care.
- Managing subscriptions to our Volonté Blog.
- LELO mobile app, for which we have separate Privacy Policy.
Your personal data may also be automatically collected during visits to our website, these include information about your devices and browsing. This information is collected using cookies and similar technologies. For more information about cookies and other similar technologies, please read Cookie Policy.
This means that we want to provide you the most optimal and personalized service possible. Of course, we keep your privacy in mind. We will retain your shopping history and use details of the products you have previously purchased to make suggestions to you for other products which we believe you will also be interested in. We will retain and evaluate information on your recent visits to our website and how you move around different sections of our website for analytics purposes to understand how people use our website so that we can make it more intuitive.
 

4. Why we use your personal data

- Processing, analysing and delivering your purchases.
- Taking payments and making refunds.
- Sending you service messages by SMS, email or otherwise.
- Providing customer care services and support, handling returns, warranty claims.
- All forms of fraud detection and prevention.
- Security and Protecting our website/IT systems.
- Showing you our advertisements while you browse the web.
- Providing you with information about our products and services, promotions, discounts and news regarding your preferences and wishes.
- Improving our website.
 

5. MARKETING ACTIVITIES

We process personal data when you subscribe to our newsletter, event, Volonté Blog, or you purchase our products. For this purpose, we process data, such as, name, surname, country, email address. If you give us your consent for receiving our newsletter, we use Mailchimp services. We process data regarding opening e-mails, bounce rate, clicks, subscription, news segments. We segment buyers according to previously bought products, gender, country.
Based on our legitimate interest (so called, soft opt-in), we send our newsletter to our customers who made a purchase of our product using Omnisend services.
If you contact us through webforms on our website, through an e-mail, phone, or social network profile we will process data from contact form and a message based on our legitimate interest to connect and communicate with potential customers.
In any case you can object to direct marketing activities, and you may unsubscribe from our newsletter by clicking the link in our email or responding to us with your claim. In such case we will stop with marketing activities and store your data in an unsubscribed list for 5 years from the day of unsubscribing, based on our legitimate interest to prove facts on compliance steps we need to take.
We use certain online marketing tools, cookies, and similar technologies, and for this reason we process personal data of our website visitors or people who clicked on our online ads with our business associates. These technologies may provide us with some identifiers, information about devices you utilize to access our website, and other information regarding your interactions with our website. For detailed information about the use of cookies and advertising tools that we use please read our Cookie Policy.
The Facebook pixel is a small piece of JavaScript that an administrator of a Facebook Ads account adds to the website to optimize the ads, report on conversions across devices, and create custom audiences of website visitors for use in Facebook ads. To use this product, the website does not need to collect or send names, email addresses or other contact information to Facebook. All information is aggregated with millions of other signals before being read by our optimization systems. Facebook, as a joint controller, uses information obtained from websites that install Pixels to improve its ads (as noted in the terms and Privacy Policy). This data is aggregated before it's used.
 

6. SECURITY

Based on our legitimate interest to protect our employees, customers, business associates, and our property we process personal data, such as log files, IP address, traffic data, metadata, incident reports, data from data breaches.
In case of personal data breach, we perform risk assessment and based on this assessment we will inform supervisory authority and data subjects.
Since no means of security, transmission or storage is 100% secure, we cannot guarantee absolute security, but we do use applicable technical and organizational security measures. We use access control, encryption and hashing of passwords, including industry standards authentication practices SSL and 2-factor authentication. We protect our IT systems from brute-force attacks by limiting the number of log-in attempts from a single IP address. We track logs and we make regular backups.
 

7. TYPES OF PERSONAL DATA

- Identity and contact information (email address, first name, last name, address, phone number, password).
- Financial and transaction information (cardholder data, details about payments provided by 3rd party payment processors, shipping, and billing address, order ID, payment method, order details, tracking ID, tax ID – if required by law, IP address).
- Profile information (user profile ID, first name, last name, email address, password, gender, time zone, date of birth, orders, reviews).
- Facebook account contact details if you choose this type of log in.
- Shipping information and billing information (country, first name, last name, address, house/apartment No., postal code, city, phone number, tax ID – if required by law, IP address).
- Warranty claims (proof of purchase, invoice number, image, or video of the product, tracking ID number, user address, shipping data).
- Technical information (IP address, your login data, browser info, time zone, language, browser plug-in types and versions, operating system, and other technology on the devices you use to access the LELO website).
- Marketing and communications information (email address, first name, last name, gender, time zone, region, country, purchase date, IP address, order date, product purchased, subscription source, language, order ID, user ID, cookie ID, website visits, subscription date, last change date).
 

8. DATA ABOUT MINORS

We do not knowingly collect or solicit personal data from anyone under the age of 13. Do not use our sites if you are under age of 13. If we learn that we have collected information from a child under the age of 13, we will delete this information as soon as possible.
If you believe that we might have any information from or about a child under 13, please contact us by sending an e-mail to the email address, or contact forms, as communicated to you on our sites.
Minors may not make purchases through our sites unless they have appropriate permission and are under the direct supervision of their parent or legal guardian who owns the account. All financial information on the account, such as a credit card or PayPal account, must be that of the parent or legal guardian.
In accordance with the UK General Data Protection Regulation (UK GDPR), in relation to the offer of information society services directly to a child, the processing of the personal data of a child shall be lawful where the child is at least 13 years old. Where the child is below the age of 13 years, such processing shall be lawful only if and to the extent that consent is given or authorised by the holder of parental responsibility over the child.
 

9. HOW LONG WE KEEP YOUR PERSONAL DATA

We will keep your personal data for as long as you have your account, or if it is needed to be able to provide services to you, including product warranty lasting, or (in the case of any contact you may have with our Customer Care) for as long as is necessary to provide support-related reporting.
We may keep some of your personal data, if required so by law, even after your account has been closed and we no longer need to provide any services to you. For the general business activities, we keep the data for 6 years, and we keep accounting and financial records for 6 years from the end of the last company financial year for which data relates to. In some cases, where the law does not define maximum data retention period, we keep some personal data based on legitimate interest, in case we need to defend our claim at court or some other public authority, in accordance with statutory limitations periods. If you wish to close your registered profile, please contact our customer support.
 

10. SHARING YOUR DATA WITH THIRD PARTIES

We share your data with the following categories of companies as an essential part of being able to provide our services to you, as set out in this statement:
- Affiliated companies and processors - based on fulfilment of the purchase agreement or to perform internal processes and procedures.
- Companies issuing credit cards, providers of payment services to process payments and banks, based on your order to fulfil a purchase agreement.
- Carriers to deliver your order or services. We use logistics services from MOTUS EUROPE d.o.o. and BROZ Inc.
- Third parties, such as law enforcement agencies, other governmental agencies, and related parties, if we are required by law to do so.
- Data processors - we share personal data with authorised data processors for providing IT support, accounting, legal, HR, marketing, and sales services. For this type of activities, we also engage affiliated Lelo and Foreo companies. Affiliated company Lelo Adria d.o.o. has been engaged in the maintenance of our websites, support of the process of on-line sales, marketing, promotion, social networks, PR, and customer care services. We also use Zendesk services, as data processor, for chat and customer support. We send to all our customers automatic emails regarding their purchase through Mandrill Mailchimp add-on.
- Network operators and/or other communications service providers - when necessary for the set-up of proper routing and connectivity.
- Third-party service providers - to the extent strictly necessary for them to perform specific actions on our behalf. We may share personal data with our trusted and verified third-party service providers for example to enable them to process payments for us or to prevent fraud.
- Relevant legislation - in case we are presented with a legal obligation, we will share the data from users with such third parties that are legally entitled and authorized to request the same, such as within criminal procedures or threats to the public security.
- Online marketing - we use certain online marketing tools and for this reason we share some personal data of our website visitors or people who clicked on our online ads with our business associates. We and our authorized partners use cookies and other information gathering technologies for a variety of purposes. These technologies may provide us with some identifiers, information about devices you utilize to access our website, and other information regarding your interactions with our website. For detailed information about the use of cookies and advertising tools that we use please read our Cookie Policy.
- Social networks – we use social networks (Facebook, Twitter, Instagram, Weibo, Facebook Intimina, Twitter Intimina, Pinterest Intimina, Instagram Intimina, Youtube Intimina) to communicate with our customers and advertise our products. For detailed information about the use of cookies and advertising tools that we use please read our Cookie Policy.
- Reviews – through Bazaarvoice services consumers can submit reviews, and to comment on or rate goods, products, and services. You should be aware that any information you provide in the area that is intended to collect may be published on a publicly facing website or mobile application and may be read, collected, and used by Bazaarvoice, its affiliates, subsidiaries, vendors, and clients. Therefore, please do not include any information within these areas that you do not want to share with the public, including personally identifiable information, such as your name, email address or financial information. You may be required to create an account with the Bazaarvoice Client. During account creation, you may be asked to submit information, such as but not limited to, your name, email address, mailing address or phone number, and other data. The consumer account info may be collected by both Bazaarvoice and Lelo.
- Mergers and acquisitions – in accordance with the applicable law, personal data may be transferred to data recipients who are in the process of buying our company (for example, in case of due diligence process), or personal data can be transferred to a company which merged with our company or to company who bought partially or in whole our company in case of business acquisitions or resolution/bankruptcy proceeding.
- reCAPTCHA – for security reasons and avoiding spam and bots making enquiry, we use Google reCAPTCHA. More information is available in Google’s Privacy Policy.
We transfer personal data of EU customers to the USA, based on standard contractual clauses and additional technical and organisational measures. We use Amazon AWS hosting services for our sites. For transfer of personal data regarding cookies and similar technologies, please read our Cookie Policy.
 

11. PAYMENT METHODS

If a customer chooses payment via PayPal, the customer agrees to personal data transfer to PayPal. PayPal is a data controller for this type of payment, so please read their Privacy Policy. Lelo cannot access consumer’s data about this payment, such as data about credit cards. Personal data transferred to PayPal are name, surname, e-mail address, IP address, phone number, shipping address, purchase data. PayPal uses personal data to perform transactions, check the identity, for anti-fraud measures and exchange of data with credit agency.
A customer may choose iDEAL to make online payments in a reliable, secure and easy way. Payments are done using the mobile banking app or the online banking environment of the customer's bank. iDEAL is a direct online transfer from the customer's bank account to Lelo's bank account. The iDEAL payment description always includes the name of the organisation you paid. However, it is possible that customers do not recognize the name of the beneficiary because some organisations (web shop or other online organisations) outsource the collection of payments to third parties.
Customers that use Sofort, as service of Klarna, in order to provide the service, such as our checkout and customer portal, Klarna collects certain personal data to complete the purchase and help us handle your order, but also to prevent fraud and meet legal requirements, such as, IP address, email address, name, surname, user profile ID, shipping data, order ID, transaction ID, payment method, language, items, credit card partial data – last 4 digits).
Stripe is also an available payment method for our customers. Stripe uses data (email address, name, surname, amount spent, credit card data, shipping address, IP address) to verify the identity to comply with fraud monitoring, prevention and detection obligations, laws associated with the identification and reporting of illegal and illicit activity, such as AML (Anti-Money Laundering) and KYC (Know-Your-Customer) obligations, and financial reporting obligations.
If a customer uses Sezzle services, the customers give consent to Sezzle to collect personal data to manage Sezzle Services, to detect and prevent fraud, to help Sezzle follow government regulations and otherwise comply with law, to communicate and personalize user experience.
The Privacy Notice to Users of Alipay Services applies to users of Alipay Services, including each individual who is a registered member of a merchant site, and who makes online purchase or sale from the merchant site using Alipay Services. Alipay Services use transaction data, such as, email address, name, surname, user profile ID, shipping data, order ID, transaction ID, payment method, language, items).
Google Payments is offered to Google Account holders, and your use of it is subject to the Google Privacy Policy. For users (except those selling on a Google marketplace) based in the European Economic Area (excluding the UK), the data controller responsible for your information is Google Ireland Limited. For users (except those selling on a Google marketplace) based in the UK, the data controller responsible for your information is Google LLC. If you are based in the European Economic Area, excluding the UK, and are selling on a Google marketplace, the data controller responsible for your information is Google Payment Ireland Limited. If you are based in the UK and are selling on a Google marketplace, the data controller responsible for your information is Google Payment Limited. For users based in Brazil, the data controller responsible for your information is Google LLC and, to the extent required under Brazilian law, it may be Google Brasil Pagamentos Ltda.
For purchases via Amazon services, we process data, such as, name, surname, email address, ID number, items, price, date.
When you add a card to Apple Pay, card-related information, location, and information about device settings and use patterns may be sent to Apple to determine eligibility. Some of the above information, account-related information, and paired-device details may be shared with your card issuer or bank to determine eligibility and for anti-fraud purposes. When you use Apple Pay in apps and on the web, information necessary to process the payment is shared with the app or website. Your actual card number isn’t shared with the Lelo.
 

12. WHAT ARE YOUR RIGHTS

- The right to access personal data we hold about you. You have the right to request information about personal data we hold about you.
- The right to portability. You have the right to get a copy of your data in a structured, commonly used, and machine-readable format transferred to you or to another data controller.
- The right to rectification. You have the right to request rectification of your personal data if it is incorrect, including the right to have incomplete personal data completed.
- The right to erase. You have the right to request that we delete, stop processing or collecting any personal data in accordance with the relevant law.
- The right to object to processing of personal data that is based on legitimate interest.
- The right to object personal data processing.
You have the right to object to direct marketing, including profiling analysis made for direct marketing purposes.
In case we use your personal data based on your consent, you are entitled to withdraw that consent at any time subject to applicable law. We rely on you to ensure that your personal data is complete, accurate and current. Please inform us of any changes to or inaccuracies of your personal data by contacting us immediately.
If you would like to exercise your rights, require assistance, file a complaint, or just have any questions, please do not hesitate to contact us on privacy@lelo.com.

You have right to file a complaint to data protection supervisory authority:

EU
Swedish Authority for Privacy Protection
Integritetsskyddsmyndigheten, Box 8114
104 20 Stockholm
Sweden
imy@imy.se

UK
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 0303 123 1113
 

13. BREXIT NOTICE

From 1 January 2021, the UK is no longer considered as an EU Member State and UK GDPR started to apply. Based on the agreement between the UK and the EU, until 2025 all the personal data transfers from the EU to the UK are not considered as transfers to a third country. For the transfer from the UK to the EU, UK finds this transfer as transfer with adequate protection, so currently there are no additional requirements needed for such personal data transfers.
 

14. SUPPLEMENTAL NOTICE FOR CALIFORNIA RESIDENTS

The California Consumer Privacy Act (“CCPA”), which is effective as of January 1, 2020, regulates how we handle personal data of California residents and gives California residents certain rights with respect to their personal data. This supplemental privacy policy shall apply only to residents of California and may be subject to change. The general privacy policy shall continue to apply to the extent that it applies to you as a resident of California. If you are a resident of California, we are required to disclose certain uses and disclosures in a certain format, as well as to inform you of certain rights you may have. Any term used in this supplemental privacy policy shall have the same meaning as in the general privacy policy.
The CCPA requires disclosure of the categories of personal information collected over the past 12 months. While this information is provided in greater detail above, the categories of personal information that we have collected – as described by the CCPA – are:
- Identifiers, including name, email address, IP address, and an ID or number assigned to your account.
- Other individual records such as phone number, billing address, or credit or debit card information. This category includes personal information protected under pre-existing California law (Cal. Civ. Code 1798.80(e)) and overlaps with other categories listed here.
- Demographics, such as your age or gender, or, where you have provided such information voluntarily. This category includes data that may qualify as protected classifications under other California or federal laws.
- Commercial information, including purchases and engagement with our services.
- Internet activity, including your interactions with our services.
- Inferences, including information about orders, interests, preferences, and favourites.
We collect and use these categories of personal information for our business and commercial purposes that are previously described, including providing and improving our services, maintaining the safety and security of our services, processing purchase and sale transactions, and for advertising and marketing services. We share personal data as described above under Sharing data with third parties.

CATEGORY OF PERSONAL
INFORMATION
PURPOSE OF SUB-PROCESSING
Identifiers
A name, alias, online identifier,
Internet Protocol (IP) address, email address,
account name, or other similar
identifiers.
  • Advertising networks
  • Communication service providers
  • Data analytics providers
  • Service providers
  • Social networks

Personal information categories listed in the
California Customer Records statute
(Cal. Civ. Code § 1798.80(e))
 A name, signature, contact information, bank account number or any other financial information

 

  • Service providers

Protected classification characteristics under
California or federal law
A name, contact (email)

 

  • Service providers

Internet or other electronic network activity
Browsing history, search history, information
on a consumer’s interaction with an internet
website, application, or advertisement

 

  • Advertising networks
  • Data analytics providers
  • Service providers
  • Social networks

Geolocation data
Physical location (over IP) or movements.

 

  • Advertising networks
  • Data analytics providers
Inferences drawn from other personal
information to create a profile about a consumer
Profile reflecting a consumer’s preferences,
behaviour on web site
  • Advertising networks
  • Data analytics providers
  • Service providers
  • Social networks

We may access, preserve, and disclose each of the categories listed above to external parties if we, in good faith, believe doing so is required or appropriate to: comply with law enforcement or national security requests and legal process, such as a court order or subpoena; protect your, our, or others’ rights, property, or safety; enforce our policies or contracts; collect amounts owed to us; or assist with an investigation or prosecution of suspected or actual illegal activity.

“Sales” of Personal Information under the CCPA

For the purposes of the CCPA, Lelo does not “sell” personal information, nor do we have actual knowledge of any “sale” of personal information of minors under 16 years of age.
To opt-out of receiving interest-based advertising, you can exercise your choice by using your privacy settings.

Additional Privacy Rights for California Residents

Non-Discrimination. California residents have the right not to receive discriminatory treatment by us for the exercise of their rights conferred by the CCPA.
Authorized Agent. Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. To designate an authorized agent, please contact us on privacy@lelo.com.
Verification. To protect your privacy, we will take the following steps to verify your identity before fulfilling your request. When you make a request, we will ask you to provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, which may include contact information. We will only ask for the minimum data and only what is relevant in the given context.
If you are a California resident and would like to exercise any of your rights under the CCPA, please contact us privacy@lelo.com.
 

15. UPDATES TO OUR PRIVACY POLICY

We may need to update our Privacy Policy. The latest version of this Privacy Policy will always be available on our website, so you can access it and be informed of any updates or changes at any time.
We inform registered customers about the new version of Privacy Policy, if the changes are substantial and are not only connected with the grammar, style, corrections etc. Your continued use of any portion of our sites following the updated Privacy Policy will constitute your acceptance of the changes.