Last Updated: January 20, 2022
Information We Collect
We collect personal data from you when you provide it to us directly and through your use of the Site. This information may include:
• Information you provide to us when you use our Site (e.g. your name, contact details, gender, product reviews, and any information which you add to your account profile);
• Transaction and billing information, if you make any purchases from us or using our Site (e.g. credit/debit card details and delivery information);
• Records of your interactions with us (e.g. if you contact our customer service team, interact with us on social media);
• Information you provide us when you enter a competition or participate in a survey;
• Information collected automatically, using cookies and other tracking technologies (e.g. which pages you viewed and whether you clicked on a link in one of our email updates). We may also collect information about the device you use to access our Site;
• Other information necessary to provide the Site, for example we may access your location if you give us your consent.
If you also shop in one of our stores, we may combine information you give us in-store (e.g. if you make a purchase or join our mailing list in-store) with the information above.
Information we collect by automated means
⦁ URLs that refer visitors to our websites;
⦁ Search terms used to reach our websites;
⦁ Details about the emails we send, such as opens, clicks, and unsubscribes;
⦁ Details about the devices that are used to access our websites (such as IP address, browser information, device information, and operating system information);
⦁ Details about your interaction with our websites (such as the date, time, length of stay, and specific pages accessed during your visits to our websites, referral activity, and which emails you may have opened);
⦁ Information about activity in our stores, such as through closed circuit TVs for security monitoring or geofencing to identify traffic in our stores; and
⦁ Usage information (such as the number and frequency of visitors to our websites).
We may associate this information with your ROTHYS account if you have one, the device you use to connect to our Services, or email or social media accounts that you use to engage with ROTHYS.
How We Use Your Information
Depending on how you use our Site, your interactions with us, and the permissions you give us, the purposes for which we use your personal data include:
• To fulfil your order and maintain your online account.
• To manage and respond to any queries or complaints to our customer service team.
• To personalise the Site to you and show you content we think you will be most interested in, based on your account information, your purchase history and your browsing activity.
• To improve and maintain the Site, and monitor its usage.
• For market research, e.g. we may contact you for feedback about our products.
• To send you marketing messages and show you targeted advertising, where we have your consent or are otherwise permitted to do so.
• For security purposes, to investigate fraud and where necessary to protect ourselves and third parties.
• To comply with our legal and regulatory obligations.
We rely on the following legal basis, under data protection law, to process your personal data:
• Because the processing is necessary to perform a contract with you, or take steps prior to entering into a contract with you (e.g. where you have made a purchase with us, we use your personal data to process the payment and fulfil your order).
• Because we have obtained your consent (e.g. where you contact us with a query, where you add optional information to your account profile, or if you consent to receive marketing from us).
• Because it is in our legitimate interests as an e-commerce provider to maintain and promote our services. We are always seeking to understand more about our customers in order to offer the best products and customer experience. We use information about you to tailor your view of the Site, to make it more interesting and relevant in respect of the products and offers on view.
Who May Have Access to Your Information
Third-Party Service Providers: We may use third party service providers acting on ROTHYS behalf to perform some of the services described above. For example, we share certain information with service providers who assist with the processing of credit cards and payments, hosting, managing and servicing our data, distributing emails, conducting research and analysis, advertising, analytics, or administering certain services and features. We also may share information about you with our professional advisors, including accountants, auditors, lawyers, insurers and bankers, if needed. These service providers may change over time, but we will always use trusted service providers who we require to take appropriate security measures to protect your personal data in line with our policies. We only permit them to process your personal data for specified purposes and, as appropriate, in accordance with our instructions and the provisions of this Policy and applicable law.
Advertising and Analytics Services Provided by Others
We may also work with third parties to serve ads to you as part of a customized campaign on third-party platforms (such as Facebook or Google). As part of these ad campaigns, we or third-party platforms may convert information about you, such as your email address, into a unique value that can be matched with a user account on these platforms to allow us to learn about your interests and to serve you advertising that is customized to your interests. Note that the third-party platforms may offer you choices about whether you see these types of customized ads.
Your Rights and Choices
Managing or deactivating your ROTHYS account
You may review, update, or modify your account information, including profile, contact, payment and shipping information, at any time by logging into your ROTHYS
account. You may also deactivate your ROTHYS account by emailing Rothys@contact.com.
Opting out of email marketing
You may unsubscribe from our promotional emails at any time by following the instructions included in those emails. If you opt out of receiving such communications, note that we may continue to send you non-promotional emails (such as order confirmation emails or emails about changes to our legal terms).
Most web browsers are set to accept cookies by default. You can usually choose to set your browser to remove or reject browser cookies. Please note that if you choose to remove or reject cookies, this could affect the availability and functionality of our websites.
Our Services are not designed for children. If you have reason to believe that a child has provided personal data to us, please contact us.
We work hard to keep your data safe. We use a combination of technical, administrative, and physical controls to maintain the security of your data. This includes using Transport Layer Security (“TLS”) to encrypt many of our Services. No method of transmitting or storing data is completely secure, however. If you have a security-related concern, please contact us.
Data Transfers and Privacy Shield
ROTHYS is headquartered in the United States, and we have operations and entities in the United States and other countries. As such, we may transfer your personal data to, or store or access it in, jurisdictions that may not provide equivalent levels of data protection as your home jurisdiction. We will take steps to ensure that your personal data receives an adequate level of protection in the jurisdictions in which we process it.
When we transfer personal data from the European Union, the United Kingdom or Switzerland to the United States, we do so in reliance on an approved data transfer mechanism, such as the Standard Contractual Clauses adopted by the European Commission. We also comply with the EU-U.S. Privacy Shield Framework and the Swiss - U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data transferred from the European Union and Switzerland to the United States, respectively (collectively, the “Privacy Shield Principles”). ROTHYS has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.
In compliance with the Privacy Shield Principles, we are committed to resolving complaints about our processing of your personal data. EU, UK and Swiss individuals with inquiries or complaints regarding our compliance with the Privacy Shield program should first contact us. We have further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit https://www.jamsadr.com/file-an-eu-us-privacy-shield-or-safe-harbor-claim for more information or to file a complaint. The services of JAMS are provided at no cost to you.
Under certain conditions, you may be able to invoke binding arbitration to resolve your complaint. ROTHYS is subject to the investigatory and enforcement powers of the Federal Trade Commission.
If we share personal data transferred to the U.S. under the Privacy Shield with a third-party service provider that processes such data on our behalf, then we will be liable for that third party’s processing in violation of the Privacy Shield Principles, unless we can prove that we are not responsible for the event giving rise to the damage.
Data Subject Requests
If you are a European Resident, you have the right to access personal data we hold about you and to ask that your personal data be corrected, updated, or erased. You may also have the right to object to, or request that we restrict, certain processing. If you would like to exercise any of these rights, you may submit a request here. If you have a ROTHYS account, you may also review, update, and delete certain personal data by logging into your account.
Legal Basis for Processing
If you are a European Resident, we process your personal data when:
⦁ We need to use your personal data to perform our responsibilities under our contract with you (e.g., processing payments for and providing the ROTHYS products you have ordered).
⦁ We have a legitimate interest in processing your personal data. For example, we may process your personal data for performance marketing activities, to conduct data analytics and to provide, secure, and improve our Services.
⦁ We need to do so to comply with a legal obligation to which we are subject.
⦁ We need to do so to protect your vital interests or those of others.
⦁ We have your consent to do so, which you may withdraw at any time.
Data Subject Requests
If you are a European Resident, you have the right to access personal data we hold about you and to ask that your personal data be corrected, updated, or erased. You may also have the right to object to, or request that we restrict, certain processing. If you would like to exercise any of these rights, you may submit a request via email Rothys@contact.com. If you have a ROTHYS account, you may also review, update, and delete certain personal data by logging into your account.
Questions or Complaints
If you are a European Resident and have a concern about how we process personal data that we are not able to resolve, you have the right to lodge a complaint with the data privacy authority where you live. For contact details of your relevant local Data Protection Authority, please see http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm or, if you are a resident of Switzerland, https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact/.
California Privacy Rights
The California Consumer Privacy Act or “CCPA” (Cal. Civ. Code § 1798.100 et seq.) and the Shine the Light law (Cal. Civ. Code § 1798.83) afford consumers residing in California certain rights with respect to their personal data. If you are a California resident, this section applies to you.
California Consumer Privacy Act
The CCPA requires us to disclose the following information with respect to our collection, use, and disclosure of personal data. In the preceding 12 months, we have collected the following categories of personal data: identifiers; commercial information; demographic information (note that some demographic information may be considered characteristics of protected classifications under state or federal law); internet or electronic network activity; geolocation data; audio, electronic, visual, thermal, olfactory, or similar information; inferences; and other categories of personal data that relates to or is reasonably capable of being associated with you. For examples of the precise data points we collect, please see “Information We Collect” above. We collect personal data for the business or commercial purposes described in the “How We Use Your Information” section above. In the preceding 12 months, we have disclosed the following categories of personal data for business to the following categories of recipients:
Category of Personal Data Categories of Recipients
Identifiers Advertising networks, marketing partners, data analytics providers, market research platform, payment processors, fulfilment partners, customer support partners, Internet service providers, operating systems and platforms, other users, fraud prevention partners, cloud service providers, technical maintenance and system security providers
Commercial Information Data analytics providers, advertising networks, marketing partners, market research platform, payment processors, fulfilment partners, customer support partners, and fraud prevention partners, cloud service provider
Characteristics of Protected Classifications under state or federal law, such as age Advertising networks, marketing partners, market research platform, other users, customer feedback platforms
Internet or other electronic network activity Advertising networks, marketing partners, data analytics providers, Internet service providers, operating systems and platforms, cloud service providers, fraud prevention partners, technical maintenance and system security providers
Geolocation data Advertising networks, marketing partners, data analytics providers, Internet service providers, operating systems and platforms
Audio, electronic, visual, or similar information Customer support partners, market research platform, facility security partners
Inferences Advertising networks, data analytics providers, customer support partners, fraud prevention partners, cloud service providers
ROTHYS does not sell your personal data. We do allow our advertising partners to collect certain device identifiers and electronic network activity via our Services to show ads that are targeted to your interests. To opt out of having your personal data used for targeted advertising purposes, please see the Advertising and Analytics Services Provided by Others section above.
Subject to certain limitations, California consumers have the right to (1) request to know more about the specific pieces and categories of personal data we collect, use, and disclose, (2) request deletion of their personal data, and (3) opt out of any “sales” of your personal data that may be occurring, and (4) not be discriminated against for exercising these rights. You may make a request to know more about or delete your personal data by emailing Rothys@contact.com. Additionally, access requests can be made by calling 1-855-929-2179. We will verify your request by contacting you after receiving your request to verify your identity. Please note that we may retain certain information as required or permitted by applicable law. If you request to delete your personal data, certain of our products and services may no longer be available to you.
If we receive your request from an authorized agent, we may ask for evidence that you have provided such agent with a power of attorney or that the agent otherwise has valid written authority to submit requests to exercise rights on your behalf.
We offer various financial incentives. For example, we may provide discounts or other benefits to customers who sign up to receive our marketing emails. When you participate in a financial incentive, we collect personal data from you, such as identifiers like your name and email address. You can opt into a financial incentive by following the sign-up instructions, and you have the ability to opt-out of the incentive by contacting us. In some cases, we may provide additional terms and conditions for a financial incentive, which we will provide to you when you sign up. The value of your personal data is reasonably related to the value of the offer or discount presented to you.
Shine the Light
California law permits residents of California to request certain details about how their information is shared with third parties for direct marketing purposes or to opt out of such sharing. We do not share your personal data with third parties for their own direct marketing purposes.
Links to Other Websites and Third-Party Content
The Services may offer social sharing features and other integrated tools (such as the Facebook "Like" or "Share" button or the Twitter “Tweet” button) which let you share actions you take on our Services with other media. Your use of such features enables the sharing of information with your friends or the public, depending on the settings you establish with the entity that provides the social sharing feature. For more information about the purpose and scope of data collection and processing in connection with social sharing features, please visit the privacy policies of the entities that provide these features.
Our retention periods for personal data are based on business needs and legal requirements. We retain personal data for as long as is necessary for the processing purpose(s) for which the data was collected, and any other permissible, related purpose. For example, we may retain certain transaction details and correspondence until the time limit for claims arising from the transaction has expired. When we no longer need to use your personal data, it is removed from our systems and records or anonymized so that you can no longer be identified from it.
If you have questions about this policy, or need help exercising your privacy rights, please contact our Data Protection Officer at Rothys@contact.com.
ROTHYS, Inc. 71-75 Shelton St, London WC2H 9JQ, United Kingdom
Customers in the EU may contact: 71-75 Shelton St, London WC2H 9JQ, United Kingdom Rothys@contact.com.