WEBSITE POLICIES
The purpose of this General Privacy Policy (hereinafter, the "Policy") is to explain the way in which Joyería TOUS, S.A., part of the TOUS Group (hereinafter, “TOUS”), with registered address at Carretera de Vic - El Guix Km 3 · 08243 Manresa, Barcelona, will process any personal data belonging to users that may be collected through the different TOUS forms.
This Policy applies to any online service location that posts a link to this Privacy Policy and all features, content, and other services that we own, control, and make available through such online service location (collectively, the “Site”) and does not apply to websites owned by third parties. TOUS may provide links from this website to other websites that it considers of interest to its visitors.
TOUS does not control or guarantee the privacy levels of these third-party websites, nor can it be held responsible for the content of websites other than those of TOUS itself. This Policy is not intended to be applied to any website to which TOUS has a link and which does not belong to the Group.
- Transparency in data processing is one of the priorities of TOUS, so whenever it is necessary to collect personal data we will duly inform you through the corresponding privacy policy, including the purposes of such processing, among other aspects.
- The processing of those personal data that are strictly necessary to provide any services that you request.
- Accessibility and proactivity, whenever possible, to make available to you simple measures that allow you to control your personal data.
- The non-transfer to third parties of your personal data, except those suppliers providing a service to TOUS, or those about which TOUS has previously informed you and received your consent in this regard.
- The confidentiality of the personal data collected and processed by TOUS, guaranteeing the adoption of adequate security measures for their protection.
TOUS is committed to compliance with the General Data Protection Regulation of the European Union (“GDPR”) and the regulations related to the protection personal data in force at any time, this being a priority objective for the Group.
As a result, and with privacy being the basis on which all processing carried out is configured, TOUS has taken the decision to implement the following principles:
- Dealing with your queries, questions or requests made through the customer service or communication channels identified and contacting you to respond to them.
- Managing your registration in the TOUS database.
- Allowing you to make purchases through the TOUS website or in physical shops.
- Sending transactional notifications in relation to your purchase.
- Managing user participation in the TOUS loyalty programmes.
- Processing potential product reservation requests.
- Managing billing and for accounting purposes.
- Complying with the applicable legal requirements, both tax-related and those relating to the prevention of money laundering and terrorist funding.
- Processing guarantees, where applicable, for the products acquired in TOUS.
- Sending you marketing including offers and promotions that may be of interest to you, and other commercial information.
- Facilitating your participation in sweepstakes, contests, surveys, or other promotions.
- Obtaining information about your tastes and preferences from your purchasing history and wishlist.
- Sending information from the TOUS Group that may be considered of special interest for our stakeholders.
TOUS collects your personal data in order, among others, to manage the commercial relationship, your requests and offer you services and products that may be of interest to you. Specifically, TOUS processes your personal data for the following purposes:
If you are located in the United States, the Site may offer you, the option to send a communication to a friend. If so, we rely on you to only send to people that have given you permission to do so. The friend’s personal information you provide (e.g., name, e-mail address) will be used to facilitate the communication, but not used by us for any other marketing purpose unless we obtain consent from that person. Your contact information and message may be included in the communication.
TOUS will only process the personal data that you have voluntarily disclosed to us or that you have provided to us through third parties that manage the payment gateways or that are involved during the purchasing processes (eg marketplaces).
- Identification data. Information concerning an individual that allows them to be differentiated from others in a group, such as: full name; handwritten and electronic signature; tax identification number; place and date of birth; nationality; photograph; age.
- Contact data. Information that allows contact with its owner to be maintained or initiated, such as: address; email address; fixed telephone number, mobile telephone number.
- Data on physical characteristics. Information about an individual relating to their physiognomy, anatomy, features or specific characteristics, such as: measures necessary for the manufacture of the personalised products.
- Asset or financial data. If necessary, information concerning an individual relating to their assets, rights, liens or obligations that can be valued financially.
- Service Use Data. We collect data about the features you use, the pages you visit, the e-mails and advertisements you view, the products you purchase, the time of day you browse, your referring and exiting pages, and other similar information.
- Device Connectivity and Configuration Data. We collect data about the type of device or browser you use, your device’s operating software, your internet service provider, your device’s regional and language settings, and other similar information. This data also includes IP address, MAC address, device advertising Id (e.g., IDFA or AAID), and other device identifiers.
- Location Data. We collect data about your device’s location, which can be precise (e.g., latitude/longitude data) or imprecise (e.g., location derived from an IP address or data that indicates a city or postal code level).
- Log Files. A log file is a file that records events that occur in connection with your use of the Service, such as your service use data.
- Cookies. A cookie is a small data file stored on your device that acts as a unique tag to identify your browser. We use two types of cookies: session cookies and persistent cookies. Session cookies make it easier for you to navigate the Service and expire when you close your browser. Persistent cookies help with personalizing your experience, remembering your preferences, and supporting security features. Additionally, persistent cookies allow us to bring you advertising both on and off the Site. Persistent cookies may remain on your device for extended periods of time, and generally may be controlled through your browser settings. For more detailed information regarding our use of cookies, please review our Cookie Policy.
- Pixels. A pixel (also known as a web beacon) is code embedded in a website, video, e-mail, or advertisements that sends information about your use to a server. There are various types of pixels, including image pixels (which are small graphic images) and JavaScript pixels (which contains JavaScript code). When you access a website, video, e-mail, or advertisement that contains a pixel, the pixel may permit us or a third party to drop or read cookies on your browser. Pixels are used in combination with cookies to track activity by a particular browser on a particular device. We may incorporate pixels from third parties that allow us track our conversions, bring you advertising both on and off the Site, and provide you with additional functionality, such as the ability to connect our Site with your social media account.
- Device Fingerprinting. Device fingerprinting is the process of analyzing and combining sets of information elements from your device’s browser, such as JavaScript objects and installed fonts, in order to create a “fingerprint” of your device and uniquely identify your device and apps.
- Location-Identifying Technologies. GPS, WiFi, Bluetooth, and other location-aware technologies may be used to collect precise location data when you enable location-based services through your device. Location data may be used for purposes such as verifying your device’s location and delivering or restricting relevant content and advertising based on that location.
In accordance with current regulations on data protection, as well as those on information society services and electronic commerce, TOUS will inform you that such personal data provided at the time of registration, or any others provided to TOUS for access to some of the services on the website, will be processed by this company.
1. Information You Provide to Us
The data that we may request from the data subjects are the following:
The processing of your personal data may sometimes be necessary to comply with certain legal obligations, or in relation to any contractual relationship that TOUS may have with you. In all other cases, whenever appropriate, TOUS will request your consent to process your personal data or will consider that this is covered by the legitimate interest of the company.
The legal grounds applicable to each of the purposes indicated in point 4 of this Policy are indicated below.
|
PURPOSE |
LEGAL GROUND |
|
a) Responding to queries, questions or requests (…). |
Consent granted by the users through completing the form and/or ticking the corresponding box. |
|
b) Managing your registration in the TOUS database. |
Consent granted by the users through completing the form and/or ticking the corresponding box. |
|
c) Allowing you to make purchases (…). |
Performance of the contractual relationship. |
|
d) Sending transactional notifications in relation to your purchase. |
Performance of the contractual relationship. |
|
e) Managing (…) the TOUS loyalty programmes. |
Performance of the contractual relationship. |
|
f) Processing the reservation request. |
Performance of the contractual relationship. |
|
g) Managing billing and for accounting purposes. |
Complying with a legal obligation. |
|
h) Complying with the applicable legal obligations (…) |
Complying with a legal obligation. |
|
i) Processing guarantees for the products acquired in TOUS. |
Complying with a legal obligation. |
|
j) Managing your data to send you commercial information. |
Consent granted by the users through completing the form and/or ticking the corresponding box. |
|
k) Obtaining information about your tastes and preferences (…). |
Legitimate interest of the TOUS Group, consisting in personalising commercial offers and marketing activities. |
|
l) Sending information from the TOUS Group that may be considered of special interest for our stakeholders. |
Legitimate interest of the TOUS Group, consisting in offering improved service and content for users. |
1. Information Collected Automatically.
We automatically collect information about your device and how your device interacts with our Site. We may use Service Providers (defined below) to collect this information. Some examples of information we collect include the following:
We use various current – and later – developed technologies to collect this information (“Tracking Technologies”), including the following:
Some information about your use of the Site and certain third party services may be collected using Tracking Technologies across time and services and used by us and third parties for purposes such as to associate different devices you use, and deliver relevant ads and/or other content to you on the Site and certain third party services.
Within the framework of its promotional activity, TOUS may provide you with resources for registration or subscription to news or commercial information related to the TOUS Group. These resources will always be subject to your prior and express consent to send them.
In the event that you have authorised this, TOUS will send you information about its products, activities and personalised services in keeping with your tastes and preferences. Moreover, you may also receive information related to TOUS competitions and/or prize draws, as well as its events and corporate activities.
You can revoke your consent to receiving commercial notifications at any time, through the link or button enabled for this purpose in each of the notifications, or by directly communicating your wish to revoke the consent through any of the following channels:
(i). By email that you should send to the following address: dataprotection@tous.com
(ii). By post, addressed to Joyería Tous, S.A., Carretera de Vic, El Guix 3, 08243 Manresa (Spain).
TOUS will obtain your express consent for the processing of your personal data in relation to the possible adoption of automated decisions and/or the creation of profiles.
For the provision of some services, TOUS may process your personal data using automated means. This means that certain decisions are taken automatically, without human intervention. For example, you will receive specific notifications if you have products selected in your "Shopping Bag” or “wishlist”, as well as when your order has left the TOUS facilities.
TOUS may also process your data to create profiles, with the purpose of predicting your behaviour. As a result of that, you will receive personalised commercial notifications and/or be shown products that may be of interest to you on the homepage, based on the preferences you have shown in your previous purchases, through your browsing, or from information obtained through cookies and other Tracking Technologies described above, as well as if you are part of the MY TOUS loyalty programme.
You can review the applicable Cookies Policy at the following link https://www.tous.com/us-esn/policies/cookies-policy. Likewise, you can contact TOUS for any questions or queries related to the processing of your personal data through the following address dataprotection@tous.com.
Our Site also contains Tracking Technologies owned and operated by third parties. For example, we use Tracking Technologies from third party analytics provides, such as Google Analytics, to help us analyze your use of the Site, compile statistic reports on the Site’s activity, and provide us with other services relating to Site activity and internet usage. We also work with ad serving services, advertisers, and other third parties to serve advertisements on the Site and/or on third party services. These third parties may use Tracking Technologies on our Site and third party services (including in e-mails and advertisements) to track your activities across time and services for purposes of associating the different devices you use, and delivering relevant ads and/or other content to you on the Site and third party services or third party devices after you have left the Site (“Interest-based Advertising”).
We serve ads on and through third party services, such as Facebook and Google, that are targeted to reach people (or people similar to people) who have visited our Site or are identified in one or more of our databases (“Matched Ads”). This is done by us uploading a customer list to the third party service or incorporating a pixel from the third party service on our Site, and the third party service matching common factors between our data and their data. To opt-out of receiving Matched Ads, please contact the applicable third party service. If we use Facebook Custom Audiences to serve Matched Ads on Facebook services, you should be able to hover over the box in the right corner of such Facebook ads and find out how to opt-out. We are not responsible for such third party service’s failure to comply with your opt-out instructions.
- Service Providers. We share your information with our agents, vendors, and other service providers (collectively “Service Providers”) in connection with their work on our behalf. Service Providers assist us with services such as payment processing, data analytics, marketing and promotional services, Promotions, website hosting, and technical support. Service Providers are prohibited from using your information for any purpose other than to provide this assistance, although we may permit them to use aggregate information which does not identify you or de-identified data for other purposes.
- Affiliates. We may share your information with our related entities including our parent and sister companies. For example, we may share your information with our affiliates for customer support, marketing, and technical operations.
- Business Partners. We may share your information with our business partners in connection with offering you co-branded services, selling or distributing our products, or engaging in joint marketing activities. For example, we may share information about you with a retailer for purposes of providing you with product support.
- Third Parties. We may share your information with third parties for purposes of facilitating your requests (such as when you choose to share information with a social network about your activities on the Site) and in connection with tailoring advertisements, measuring and improving our Site and advertising effectiveness, and enabling other enhancements.
- Merger or Acquisition. We may share your information in connection with, or during negotiations of, any proposed or actual merger, purchase, sale or any other type of acquisition or business combination of all or any portion of our assets, or transfer of all or a portion of our business to another business.
- Security and Compelled Disclosure. We may share your information to comply with the law or other legal process, and where required, in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We may also share your information to protect the rights, property, life, health, security and safety of us, the Service or any third party.
- Consent. We may share your information for any other purpose disclosed to you and with your consent.
We share information about you as follows:
Without limiting the foregoing, in our sole discretion, we may share aggregated information which does not identify you or de-identified information about you with third parties or affiliates for any purpose except as prohibited by applicable law.
TOUS is committed to processing your personal data while they are actually useful and necessary to offer you a quality service through their processing. Therefore, TOUS will make all reasonable and timely efforts to minimise the processing and retention time for your personal data.
Even if you request the erasure of your personal data, TOUS will have the right to store and retain them for the time necessary to comply with the legal obligations that apply, as well as to make them available to the competent authorities in the different matters that are applicable.
- When you consider that the data that TOUS retains about you are not correct or accurate;
- When, even though you consider that TOUS is not processing your data legitimately, you prefer the restriction of their processing to their elimination;
- When the data that TOUS retains are no longer necessary in accordance with the purpose for which they were collected, but you need TOUS to retain them to lodge legal claims;
- When, having exercised the right to object to any processing, a response from TOUS is being awaited.
As a result of the processing of your personal data by TOUS, the current legislation grants you a series of rights. TOUS offers a brief explanation of each right in order to facilitate your exercising of them:
1. Right to access: You will have the right to find out what personal data are being processed by TOUS, as well as the purposes of such processing. You may also request a copy of your personal data being processed.
2. Right to rectification: You may request their rectification at any time if those that appear in the TOUS records are erroneous.
3. Right to be forgotten: You may at any time request that your personal data be erased from the TOUS files. However, and as previously indicated, you must take into account that in certain circumstances compliance with the current legislation may prevent the effective exercising of this right.
4. Right to object: You can object to the processing of your personal data in relation to any of the purposes for which we process your data, in accordance with the privacy policies applicable in each case.
5. Right of restriction of the processing. You can request the restriction of the processing in the following cases:
6. Right to the portability of your data: Whenever technically possible and reasonable, you will be entitled to request that the personal data you have provided directly be communicated to another data controller. If this is not possible, TOUS will directly provide your data to that other data controller, but if it is not, they will be provided to you in a standard format.
Provided that TOUS is processing your personal data based on your express consent, you can revoke this at any time without further consequences for you beyond, depending on the right exercised, not being able to provide you certain services.
The exercising of your rights may be carried out by contacting TOUS through any of the following means, accompanying this with, to be precise, a copy of your DNI or equivalent identification document:
(i) By email that should be sent to the following address: dataprotection@tous.com
(ii) By post addressed to Carretera de Vic, El Guix 3, 08243 Manresa (Spain).
In addition, if you consider it necessary, you can contact our TOUS data protection officer (DPO) through the following email address dpo@tous.com.
If you do not want to exercise a specific right but want to ask a question or make a suggestion in relation to the processing of your personal data, you can also use the addresses provided for the exercising of rights in relation to data protection matters.
If you decide to exercise your rights, our team may provide you with information, on request, about: (i) the information that you must provide as evidence of your identity or the legal status of your representative and the information or documentation that you must provide with the request; (ii) the time it will take for TOUS to respond to your request; (iii) how you should submit your request, including the form, if one is available; and (iv) the method or means of reproduction that TOUS will use to make the requested information available to you (which will generally be uncertified copies or electronic documents).
Please note that in any case, you may lodge a claim with the competent data protection authority if you consider that TOUS has not processed your data in a lawful manner or it has not correctly responded to your requests or rights. In Spain, this competent authority is the Spanish Data Protection Agency (Agencia Española de Protección de Datos - AEPD).
- Cookies and Pixels. Most browsers accept cookies by default. You can instruct your browser, by changing its settings, to decline or delete cookies. If you use multiple browsers on your device, you will need to instruct each browser separately. Your ability to limit cookies is subject to your browser settings and limitations.
- Do Not Track. Your browser settings may allow you to automatically transmit a “Do Not Track” signal to online services you visit. Note, however, there is no industry consensus as to what site and app operators should do with regard to these signals. Accordingly, we do not monitor or take action with respect to “Do Not Track” signals or other mechanisms. For more information on “Do Not Track,” visit http://www.allaboutdnt.com.
Please be aware that if you disable or remove Tracking Technologies some parts of the Service may not function correctly.
You can opt-out of your data being used by Google Analytics through cookies by visiting https://tools.google.com/dlpage/gaoptout and downloading the Google Analytics Opt-out Browser Add-on.
Some of the third parties that collect information from or about you on the Site in order to provide more relevant advertising to you participate in the Digital Advertising Alliance (“DAA”) Self-Regulatory Program for Online Behavioral Advertising. This program offers a centralized location where users can make choices about the use of their information for online behavioral advertising. To learn more about the DAA and your opt-out options for their members, please visit (i) for website opt-out, http://www.aboutads.info/choices; and (ii) for mobile app opt-out, https://www.aboutads.info/appchoices. In addition, some of these third parties may be members of the Network Advertising Initiative ("NAI"). To learn more about the NAI and your opt-out options for their members, please visit https://www.networkadvertising.org/choices/. Please note that if you opt-out of online behavioral advertising using any of these methods, the opt-out will only apply to the specific browser or device from which you opt-out. Further, opting-out only means that the selected members should no longer deliver certain Interest-based Advertising to you, but does not mean you will no longer receive any targeted content and/or ads (e.g., from other ad networks). We are not responsible for effectiveness of, or compliance with, any third-parties’ opt-out options or programs or the accuracy of their statements regarding their programs.
- Information You Provide to Us
- Information Collected Automatically
- Sharing of Information
- Tracking Technology Choices
- The categories of personal information we have collected about you in the last 12 months.
- The categories of sources for the personal information we have collected about you in the last 12 months.
- Our business or commercial purpose for collecting that personal information.
- The categories of third parties with whom we share that personal information.
- The specific pieces of personal information we collected about you.
- If we disclosed your personal information to a third party for a business purpose, a list of the personal information types that each category of recipient received.
In this privacy notice, “personal information” has the same meaning as under the California Consumer Privacy Act (CCPA), California Civil Code Section 1798.83: information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Personal information does not include information that has been de-identified or aggregated.
Personal Information We Collect and Share, and For What Purpose
In the past 12 months, we have collected and shared personal information from visitors in the following circumstances when they interact with the Service, as described in detail in the above sections:
As described in detail above in Section 4, “Purposes of the processing,” we use your personal information for a variety of purposes to operate, assess activity on, and improve the performance of the Service.
Except as described in detail above, we will not share with third parties information about you without your consent.
Your Rights as a California Resident
Under California law, users who are California residents have specific rights regarding their personal information. These rights are subject to certain exceptions described below. When required, we will respond to most requests within 45 days unless it is reasonably necessary to extend the response time.
Right to Disclosure of Information
You have the right to request that we disclose certain information regarding our practices with respect to personal information. If you submit a valid and verifiable request and we confirm your identity and/or authority to make the request, we will disclose to you any of the following at your direction:
Right to Delete Personal Information
You have the right to request that we delete any of your personal information collected from you and retained, subject to certain exceptions. Upon receiving a verified request to delete your personal information, we will do so unless otherwise authorized by law.
How to Exercise these Rights
You may submit a verifiable consumer request to us for disclosure or deletion of personal information by writing here: dataprotection@tous.com Alternatively, you may call us at Customer Service telephone number.
We will respond to verifiable requests for disclosure or deletion of personal information free of charge, within 10 days of receipt.
In order to protect your privacy and the security of your information, we verify consumer requests by [description of how a business will verify consumer requests to know and to delete.]
Any additional information you provide will be used only to verify your identity and not for any other purpose.
You may designate an authorized agent to make requests on your behalf. You must provide an authorized agent written permission to submit a request on your behalf, and we may require that you verify your identity directly with us. Alternatively, an authorized agent that has been provided power of attorney under Probate Code sections 4000-4465 may submit a request on your behalf.
Right to Opt Out of Sales of Your Personal Information
You have a right to opt-out of the sale of your personal information. You may, at any time, direct businesses that sell your personal information to third parties not to sell your personal information.
We do not sell your personal information. Therefore, we do not provide any mechanism for you to exercise the right to opt out.
Right to Non-Discrimination
You have the right not to be discriminated against for the exercise of your California privacy rights described above.
California’s “Shine the Light” law permits customers in California to request certain details about how certain types of their information are shared with third parties and, in some cases, affiliates, for those third parties’ and affiliates’ own direct marketing purposes. Under the law, a business should either provide California customers certain information upon request or permit California customers to opt in to, or opt out of, this type of sharing.
We may share personal information as defined by California’s “Shine the Light” law with third parties and/or affiliates for such third parties’ and affiliates’ own direct marketing purposes. If you are a California resident and wish to obtain information about our compliance with this law, please contact us as set forth in the section entitled “Contact with TOUS” below. Requests must include “California Privacy Rights Request” in the first line of the description and include your name, street address, city, state, and ZIP code. Please note that we are not required to respond to requests made by means other than through the provided e-mail address or mail address.
The Site is intended for a general audience and not directed to children under thirteen (13) years of age. We do not knowingly collect personal information as defined by the U.S. Children’s Privacy Protection Act (“COPPA”) in a manner that is not permitted by COPPA. If you are a parent or guardian and believe we have collected such information in a manner not permitted by COPPA, please contact us as set forth in the section entitled “Contact with TOUS” below, and we will remove such data to the extent required by COPPA.
TOUS has implemented security measures that it deems appropriate and reasonable designed to avoid the loss, misuse, alteration, unauthorised access and theft of personal data. TOUS periodically reviews its security measures to help ensure that they are up-to-date.
Nevertheless, transmission via the internet is not completely secure and we cannot guarantee the security of your information.
Social networks are part of the daily life of many Internet users, and for this purpose TOUS has created different profiles in them.
All users have the opportunity to join the pages or groups that TOUS has in different social networks. However, it must be taken into account that, unless we request your information directly (for example, through marketing actions, competitions, promotions, or any other valid form), your data will be governed by the privacy policies and practices of the corresponding social network. Therefore, it is recommended that you carefully read its conditions of use and privacy policies and ensure that you configure your preferences regarding the processing of data.
- Communication to countries that, despite not being part of the EU or the EEA, have been considered by the European Commission as countries that have data protection regulations that guarantee a level of security similar to that applicable in Europe.
- Existence of contractual clauses of the type approved by the European Commission: to ensure that companies in third countries that are not part of the EU or the EEA comply with a similar level of protection. TOUS will sign these agreements as long as there is no equivalent alternative that guarantees the protection of your personal data.
- Definition of binding corporate rules (BCRs) approved by the companies, which are reviewed and approved by control authorities, with the aim of ensuring that the company, in any country, to whom we provide your data complies with an adequate level of protection.
- In certain cases, the company to which TOUS provides the data may have Data Protection Certificates that guarantee the correct use of your data in accordance with current regulations.
As a general rule, TOUS tries to keep your personal data within the European Union (EU) or the European Economic Area (EEA). However, on an exceptional basis, TOUS may need to provide them to other companies in the Group or to service providers located in other countries, either by necessity to provide the requested service, or to be able to offer you the service with the highest quality standards.
When the data need to be transferred to a third party in the context of a commercial relationship or corporate transaction (including mergers and acquisitions, among others), the companies that could receive your information are the suppliers, subsidiaries or franchisees, or, where appropriate, potential purchasers and advisers (legal, accounting or financial, among others) involved. TOUS will only communicate your personal data to those third parties to the extent that this communication is necessary for the execution of the services or to evaluate or complete the relationship or transaction.
In these situations, TOUS applies necessary measures and controls designed to protect the processing of your personal data, such as:
You can request information about these foregoing from the addresses indicated below.
If you have any questions or concerns about the processing of your personal data, please contact us through:
(i) Email that must be sent to the address dataprotection@tous.com
(ii) Web contact forms
(ii) Post addressed to Carretera de Vic, El Guix 3, 08243 Manresa (Spain)
(iv) DPO contact details: dpo@tous.com
