privacy policy

Privacy Policy

Date: 22/05/2023

General

Privacy Policy details LELO’s commitment to protecting the information of visitors to the LELO website ("Visitors") and individuals that register to use LELO services ("Customers"). It explains how personal data is collected, how it is stored, for how long it is retained, what the purposes of processing are, as well as individual rights in relation to such personal data. LELO processes personal data following the provisions of the EU General Data Protection Regulation (GDPR) and other applicable data privacy regulations.

Please read the following carefully to understand our Privacy Policy and practices regarding your information collected through the Website, through your use of our services, and through our marketing activities. If you do not agree with this Privacy Policy and our practices, your choice is not to use our website, not to register to use our services or to unsubscribe from our marketing.

About us 

This Privacy Policy details LELO’s treatment of personal data gathered when you access or use LELO website or Services and through LELO and marketing activities. LELO acts as the data controller of your personal data as described in this Privacy Policy when collecting personal information from: (i) Visitors to LELO website; (ii) Customers when registering to use LELO Services; and (iii) personal information received from you through our marketing activities.

Provisions of this Privacy Policy apply to LELOi AB and its affiliated companies. Depending on the affiliated company you came into contact with and under what circumstances, such a company shall be considered a data controller in that particular case.

Personal Data 

Personal data means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Personal Data we collect

Personal data shared with LELO by accessing LELO website is used for the purposes of managing your relationship with LELO as well as better personalization of your experience and interaction with LELO, including customized advertising and offerings.

When you wish to create your account on lelo.com we will ask you for your email address, first name, last name and to specify your gender. 

When you sign into your LELO account, we will ask you for your email address. If you wish to log in using Apple or Google accounts for login to lelo.com, we will ask for your account information for authentication.

When you place an order on lelo.com, we will ask you for your shipping address, first name, last name, company and company address (optional), shipping, and billing address, postal code, city, phone number and cardholder data.

When you wish to contact support through the Contact Support form, we will ask you for your email address, phone number and to select the country you are writing from. You can also contact us through Zendesk contact form. Please read their Privacy Policy and Terms of use before contacting us through Zendesk contact form.

When you sign up for our newsletter, we will ask you for your email address.

When you sign up for Volonté newsletter, we will ask you for your name and email address. 

When you want to apply to a current openings on our career page, we will ask you for your first and last name, email address, your photo and professional data. You will then be redirected to TalentLift webpage. Please read their Privacy Policy and Terms of use before registering.

Lawful basis for processing Personal Data 

The lawful basis for processing Personal Data, in the context of this Privacy Policy, is:

Consent - In some situations we may ask you for your consent to process your Personal Data. If you provide your consent, we will process your Personal Data on the basis of such consent. You may withdraw such consent at any time. However, withdrawing your consent does not affect the lawfulness of any processing based on your consent before your withdrawal.

Legitimate interest - We process your Personal Data on the basis of our prevailing legitimate interest to provide services to you through our website or communicating with you. When collecting and processing of your personal data is based on LELO’s legitimate interest, we give our best efforts to ensure your fundamental rights and freedoms are not overridden by LELO’s interests.  

Contract - If you engage with LELO on a contractual basis, LELO processes your Personal Data to fulfil its obligations under the contract.     

Personal data processing operations

Use of the website

Data shared with LELO by accessing lelo.com is used for the purposes of managing your relationship with LELO as well as better personalization of your experience and interaction with LELO, customized advertising and offerings.

Contact forms and e-mail communication

LELO’s website contains Contact support forms through which you can reach our Support teams. To respond more efficiently, we may ask for some additional information when filling out the contact forms (including but not limited to e-mail address, phone number, country of residence). Depending on the type of inquiry, LELO will process the data expressly stated on the respective form to fulfil the purpose of replying to your request, optimizing our services, and informing you about LELO products. For these purposes, such data may be shared with third-party service providers such as Zendesk.

To process your personal data for the processes mentioned above, LELO pursues its legitimate interest in answering your inquiry.

Receiving LELO newsletters and direct marketing

If you provided your email to receive LELO newsletter and/or provided your name and email address to receive Volonté newsletter, we might have collected personal data contained within such email addresses. 

When subscribed to our newsletters, you will receive emails with promotional communications, including emails about LELO products. For these purposes, such data may be shared with third-party service providers such as MailChimp and Omnisend. 

Subscribing to LELO/ Volonté newsletter is voluntary (based on the consent you have given) and you can unsubscribe at any time. In such case you will no longer receive email notifications regarding LELO products and/or services and your personal data shall be anonymized and stored in an unsubscribed list for the period of five (5) years from the day of unsubscribing, based on our legitimate interest to provide facts on compliance steps we would need to take.

Managing online purchases

When you wish to purchase a product on lelo.com, we will process personal data you provided to us as part of your order. For the purpose of performing the contract, mandatory fields are marked as such for processing, analyzing and delivering your purchases, taking payments and making refunds and also, for fraud detection and prevention.

After complete processing of the contract, your personal data will be restricted for further processing and deleted after expiry of the retention periods under tax and commercial law.

We will forward your personal data to our logistics service providers within the scope required for the delivery of the ordered goods. 

As part of the payment process on lelo.com, we work together with our payment service providers. Depending on the selected payment method, we will forward personal data necessary for processing the payment transaction to the selected payment service provider. In certain cases, payment service providers collect the data required for processing the payment themselves, e.g. on their own website or via technical solution within the ordering process. In this respect, please read their Privacy policy before making payment.

We may forward personal data to our service providers, which they will use for the purpose of fraud prevention and to optimize our payment processes.

Job applications 

This data is processed on the basis of LELO’s legitimate interest in carrying out a selection process - we need this information to be able to contact you and to check whether you are suitable for the position. After the selection process is finished, we will delete the submitted job applications. For these purposes, such data may be shared with third-party service providers such as TalentLyft. 

When applying for a position at LELO, you are given the option to provide your consent for us to keep you in our candidate database for 12 months, and if a position that would suit your qualifications opens up in the future, we may contact you for a job interview.

Security of your data

Based on our legitimate interest to protect our employees, customers, business associates, and our property we might process personal data such as log files, IP addresses, traffic data, metadata, incident reports, data from data breaches.

To prevent unauthorized access or disclosure and to maintain data accuracy, as well as to ensure the appropriate use of such data, LELO utilizes all reasonable technical and organizational measures to protect your personal data, including but not limited to minimizing the processing of personal data, pseudonymization, and anonymization of personal data as soon as possible. Additionally, LELO continuously undertakes and upgrades different measures to ensure the highest standards for data privacy. 

Although LELO uses best industry practice in keeping the data safely stored, LELO does not warrant that the undertaken safety, technical and organizational measures will be sufficient to fully protect your personal data against potential unauthorized access and use of your personal data. Moreover, to the maximum extent permitted by applicable law, LELO cannot guarantee the safety of your information when in the possession of other parties. However, if such an attempt is detected, we will notify you as soon as reasonably possible of a potential breach of the security measures directly to your contact address.

Retention period 

LELO will retain your personal data as long as it is required to fulfil the purpose of collection or for as long as the applicable law requires. We will delete your personal data when it is no longer required for the aforementioned processing purposes and no statutory retention obligations prevent deletion.

Personal Data sharing 

To give you better service and complete support, please note that your personal data might be shared with LELO affiliates. Also, your personal data might be shared with operator of the services and their advisors in connection with a corporate merger, consolidation, restructuring, or the sale of substantially all of our stock and/or assets, or in connection with bankruptcy proceedings, or other corporate reorganization, following this Privacy Policy. If legally required to do so or when necessary to protect its rights or the rights of third parties, LELO will disclose information to public authorities, such as law enforcement.

LELO uses various tools, third-party service providers, plug-ins and other technologies to pursue its legitimate interest in carrying out web analysis, improving your website experience, personalizing and enhancing its offerings to you, optimizing our IT support, accounting, legal, HR, marketing and sales services. For this type of activities, we also engage affiliated LELO and Foreo companies. Affiliated company Lelo Adria d.o.o. has been engaged in the maintenance of our websites, support of the process of on-line sales, marketing, promotion, social networks, PR, and customer care services. We also use Zendesk services, as data processor, for chat and customer support. We send to all our customers automatic emails regarding their purchase through Mailchimp add-on. 

LELO uses network operators and/or other communications service providers when this is necessary for the set-up of proper routing and connectivity.

LELO engages with third-party service providers to the extent strictly necessary for them to perform specific actions on our behalf. We may share personal data with our trusted and verified third-party service providers. Our service providers are located in the EU, UK or US and have undergone security audits to make sure that they can ensure an adequate level of personal data protection. 

LELO may implement additional tools or introduce new third-party providers to enhance your user experience and optimize its services and offerings and LELO will strive to notify of such changes by updating this Privacy Policy in due time. 

LELO uses social networks (Facebook, Twitter, Instagram, Weibo, Facebook Intimina, Twitter Intimina, Pinterest Intimina, Instagram Intimina, Youtube Intimina) to communicate with our customers and advertise our products. For detailed information about the use of cookies and advertising tools that we use please read our Cookie Policy.

For security reasons and avoiding spam and bots making enquiry, LELO uses Google reCAPTCHA. More information is available in Google’s Privacy Policy.

International data transfers

In some cases, our contractual partners also process data in countries outside the EEA. In order to ensure the protection of your personal rights also in the context of these data transfers, LELO makes sure the recipient offers a similar degree of protection and ensures that one of the following safeguards is in place: the data is transferred to countries that have been deemed to provide an adequate level of protection of personal data by the European Commission; and the transfer is made on the basis of Standard Contractual Clauses approved by the European Commission or International Data Transfer Agreement approved by Information Commissioner’s Office.

Your rights related to the processed data

As a user, you have the right to request information about what personal data LELO has stored about you and for what purpose this personal data is stored. In addition, you can correct incorrect personal data or have such personal data deleted if its storage is inadmissible or no longer necessary. If the legal requirements are met, you have the right to personal data portability and the right to restrict personal data processing. You also have the right to complain to a supervisory authority about the personal data processing that is taking place. 

If personal data processing is based on your consent, you have the possibility to revoke this consent at any time without giving reasons and with effect for the future.

You have the right to object to the processing of your personal data on grounds relating to your particular situation. The prerequisite for this is that the data processing is based on a balance of interests. 

You have the right to object to the processing of your data for direct marketing purposes at any time. This also applies to profiling in connection with direct advertising. 

Additionally, you have the right not to receive discriminatory treatment from LELO for exercising an individual’s rights conferred by the applicable data protection laws.

For any questions and requests for access or deletion, please email us at privacy@lelo.com. If you make a request, we have one (1) month to respond to you. It is necessary to clearly state on which basis and through which channel you shared your personal data with LELO so we can easily fulfil your request. Please note that LELO may ask for additional information to determine if you are authorized to submit a particular request.

Cookies

LELO uses certain online marketing tools, cookies, and similar technologies. For this reason, LELO process personal data of website Visitors or people who clicked on our online ads with our business associates. These technologies may provide some identifiers, information about devices you utilize to access the website, and other information regarding your interactions with the website. For more information on what cookies are, how to manage cookies on this website and the types of cookies we use, please read our Cookie Policy.

No automated decision-making and profiling

LELO does not automatically process nor use techniques for profiling its users.

Children’s data

LELO does not knowingly collect information from persons who are considered children by their local law. We encourage parents and guardians to take an active role in their children’s online and mobile activities and interests. Children below the age of 16 may provide their information only if a parent or guardian has given their consent to do so, in accordance with applicable law. If you have reason to believe that a child below the minimum age has provided personal data to LELO without the necessary consent, please contact us at privacy@lelo.com and we will use reasonable efforts to delete that data.

Third-party personal data you share with us

In case you send personal data of third parties to LELO, you are responsible for ensuring an appropriate legal basis for any such sharing of third parties/data subjects. LELO might ask you to provide evidence that such personal data is shared on a lawful basis. LELO shall use its best efforts to ensure that third parties' personal data is processed, handled, and collected in the same manner as your own personal data. However, you are solely responsible for obtaining consent from third parties for the use and processing of their personal data. Additionally, it is your obligation to understand and abide by the applicable local data protection laws when you process and share personal data with LELO.

Questions or concerns

Should you have any questions regarding this Privacy policy, or the protection of the personal data, please contact us via email at privacy@lelo.com. You can reach our Data Protection Officer at the same address for any questions or concerns about your personal data shared with LELO.