PRIVACY POLICY – European Economic Area (EEA) & UK

Last update: January 2021

This Privacy Policy applies to individuals located in the EEA and the UK.

Thank you for your interest in PartyLite UK Ltd., (together with such entities, affiliates, and subsidiaries, hereinafter “PartyLite”, “we”, “us, “our”).

This Privacy Policy describes how we process and use “personal information” or “personal data” that we collect and retain, including the types and categories of personal information that we collect, the purposes for which we use it, the types of third parties with whom we share it, and your rights and responsibilities you may have with respect to such personal information. This Privacy Policy applies to the personal information provided to us through any type of engagement or interaction between you and us, such as when you access or use www.partylite.co.uk (the “Site” or “website”).

Please read this Privacy Policy carefully.  By providing us with personal information, or by using our Site, you acknowledge that your information will be used for the purposes and in the manner set forth in this Privacy Policy.  For any questions or concerns related to this Privacy Policy, including to obtain details of the controller of your information, please contact us at privacyofficer@partylite.com.

If you have a complaint or concern about how PartyLite has processed your personal information, we ask that you attempt to resolve it with us in the first instance.  You also have a right to submit a complaint to your local Data Protection Authority (DPA) within the EEA or UK.

You can find the details of your local DPA here:  http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm.

Collection of Personal Data

We collect personal data in various places on our Site and in other circumstances, in particular when:

  • You create an account on our website;
  • You make a purchase on our website;
  • You want to receive our newsletters and promotional offers;
  • You contact us to become a PartyLite affiliate;
  • As part of your browsing on our website;
  • You contact us via our website for any reason relating to our products and services;
  • You contact our customer service centres;
  • You visit one of our premises;
  • You provide us personal or business contact information via a business card or through similar communications;
  • You complete a survey or otherwise provide us with feedback;
  • You communicate with us via social networking websites, third party applications, or similar technologies;
  • You visit one of our trade counters at an exhibition;
  • You apply for employment with us.

Sometimes you may provide your personal data to us directly (e.g. when you contact us via our website, when you make a purchase, etc.), sometimes we collect it (e.g. using cookies to understand how you use our website) or sometimes we receive your data from other third parties (e.g. via our Affiliates’ websites when you are buying from an Affiliate).

Types and Categories of Personal Information We Collect

We may collect personal information under a broad range of circumstances. Generally, we collect the following types of information directly from, or about, you:

  • Identity data, such as your name, title, company/organisation name, e-mail address, telephone and fax numbers, physical address (including street, city, postal code, and/or country).
  • Registration data, such as information provided by you when you register for an account to use our Site, including usernames and passwords.
  • Business contact data, such as information related to other employees, owners, directors, officers, or contractors of a third-party organisation (e.g., business, company, partnership, sole proprietorship, non-profit, or government agency) with whom we may conduct, or possibly conduct, business activities.
  • Job applicant data, such as when you apply to work at PartyLite or as a PartyLite Affiliate, such as Identity data (defined above); information in a curriculum vitae (“CV”), resume, cover letter, or similar documentation; details regarding the type of employment sought, willingness to relocate, job compensation and benefit preferences; information related to your background, criminal record, credit history and similar data; and information provided about or by your references or other third parties related to your employment history, skills, or qualifications.
  • Marketing and communications data, including your marketing preferences and your subscriptions to our publications.
  • Transaction data, including orders for our products and services and details of payments to and from you.
  • Your feedback, including feedback from you about our Site as well as our products and services generally, which may include data gathered from any of our surveys in which you participate.
  • Usage data, we automatically collect from individuals who visit or access use our Site, such as a user’s Internet Protocol (“IP”) address, browser and computer type, access time, the webpage from which you came, and the specific webpage(s) that you access during your visit. For more information pertaining to our use of cookies, see section on “Cookies” below.

Except where relevant to a job application process and voluntarily provided by you (see below), we do not intentionally collect and ask that you please do not provide us, in particular via the open fields in our website, with any special category data (such as data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sex life or sexual orientation).

While you do not have to provide us with your personal information, if you do not then you may not be able to use our Site or receive our services. For example, when we collect data through forms including electronic forms, we will indicate the mandatory fields via asterisks. Failure to provide the data marked with an asterisk could prevent you from accessing a product or a service, and you agree that PartyLite will not be liable or otherwise responsible for any actions resulting therefrom.

Purposes and legal basis of Personal Data Processing

PartyLite may use personal information for several business and administrative purposes, or to further our legal or other business interests.

We use personal information for the following purposes:

  • After we have obtained your consent: When you browse our website and agree to our use of cookies (also see our Cookie section in this Privacy Policy) or provide consent for us to use your data for direct marketing purposes.
  • To further our legitimate business interests: When you contact us/ask questions or give us feedback relating to our products and services we may use this data to administer, protect and improve our business and our Site. This includes troubleshooting, system maintenance, support, reporting and hosting of data. We may also use personal data to promote, defend or protect our legal, regulatory, and business interests. We also use information submitted as part of a job application or inquiry to PartyLite to identify and evaluate job applicants, verify your information and complete employment, background and reference checks. We also need to communicate with you about the recruitment process and your application, to comply with our legal, judicial, regulatory, administrative, or other corporate requirements regarding employment and to accommodate individuals who may have specialized needs during the employment process, but only if you choose to provide us with such information. We also have a legitimate interest in communicating with you about our products and services (for example, if you contact us online, in-person or via social media channels, or if we need to send you service messages relating to something you have purchased from us).  We may also send you direct marketing on the basis of our legitimate interests, where a relevant exemption from the requirement to obtain consent applies. 
  • To comply with a legal obligation: We may use your data when detecting, preventing and responding to fraud, intellectual property infringement, violations of our terms and conditions, violations of law, or other misuse of our Site, products, or facilities. We also comply with our legal obligations regarding our employees, affiliates and obtaining relevant background checks for job applicants, and to maintain a log of personnel on our premises if you visit our sites.
  • To fulfil a contract with you: When purchasing products on our Website or through your account, we use your data during the order process and to provide you with the delivery services and to process our warranty service.

Data collected by cookies or similar technologies as part of your browsing on PartyLite’s website is processed to tailor our services for you, to allow proper functioning of our website, to ensure the website is secure and safe, and to run statistics (please see section on Cookies below for more information regarding the website’s use of cookies).

We do not routinely use automated decision-making techniques.  To the extent that we do take or may take an automated decision about you that uses your personal data, and that has a significant effect on you, we will establish a lawful basis to do so under applicable laws.  Further, we will give you the right to express your view on the decision, to challenge it, and/or to seek human intervention, in accordance with applicable laws.  We may also carry out profiling techniques that do not result in significant automated decisions, such as usage profiling for the purposes of targeted marketing and website personalization, as discussed below.

Disclosure of Personal Data Collected

Some of your personal data may be accessed by the following recipients:

  • Within PartyLite (including by its employees and executives).
    • This will only be done on a need-to-know basis and where necessary to provide you with the products and services you have asked for, or in the context of a contract between you and PartyLite, or with your consent (in particular for marketing purposes), or when necessary to achieve the purposes listed above.
  • By trusted service providers acting as processors or sub-processors (i.e. data processors including PartyLite affiliates), which will carry out certain services necessary for the purposes indicated above on our behalf (some of these service providers obtain access to the data provided by you, e.g. e-mail addresses and credit card information, and they may use cookies on behalf of PartyLite).
    • We only provide our trusted service providers with the information they need to perform such services, and we require that they do not use your personal data for any other purpose. These service providers will only act upon PartyLite’s instructions and will be contractually bound to: (i) ensure a level of security and confidentiality for your personal data that is the same as a level of protection that PartyLite provides; and (ii) comply with applicable personal data protection laws and regulations.
    • For instance, we may use service providers for the organization of customer care, implementation of promotions, further development of our internet offer, communication and contact with our customers, organization of events/parties, etc. We also use providers for credit card processing/payment and for IT services (hosting services, database maintenance, etc.).
  • By third parties where we are required or authorised to disclose personal information by law or in the good-faith belief that such action is necessary to comply with legal requirements or with legal process served on us, to protect and defend our rights or property or, in urgent circumstances, to protect the personal safety of any individual. We may share your personal information with any third party when we believe such disclosure is necessary to defend or protect our legal, regulatory, and business interests.
  • In addition, PartyLite may share your personal data with third parties:
    • To protect the rights, property or safety of PartyLite, our users, our employees or others; or
    • In the event of a merger, sale, restructuring or insolvency of the company’s assets (in such case your personal data will be disclosed to the prospective buyer); or
    • To comply with a legal obligation or to respond to legal proceedings of any nature, Court orders, any legal action or implementing enforcement measures that are required by the competent authorities; or
    • For other purposes required by applicable legislation or with your prior consent.

The security procedures we follow regarding your personal data are detailed in the “Security” section below.

If you have any concerns about the use of your information, want to understand more about your rights over the personal data we hold about you, or wish to be removed from our email list, please contact us at the address given at the end of this Privacy Policy and see the section on “Your Rights” below.

Payment Card Information

In order to purchase certain goods and services from PartyLite you will be required to furnish our third-party vendor (“Payment Vendor”) with a debit card number, credit card number, and/or similar information (collectively, the “Payment Information”). Such Payment Information is collected by our Payment Vendor pursuant to their own terms and conditions. You should make sure to read and understand these terms and conditions before you provide Payment Vendors with your information.

Children

PartyLite does not intentionally collect personal data or sensitive information concerning children and adolescents under the age of 18 or as otherwise defined in each applicable jurisdiction. If we become aware that we have inadvertently collected the personal information of a child, or if a parent or guardian of a child contacts us at the email address or phone number listed at the end of this Privacy Policy to so notify us, we will then destroy or de-identify the personal data of the child in question  from our records.

Links to Other Websites

PartyLite may from time to time provide links to other affiliate websites. Please check the privacy policy of each of these other websites as they may differ from PartyLite’s Privacy Policy.

Security

All personal data that you have specified during the shopping process will be transmitted to us encrypted from your computer. We use the proven encryption system, SSL (Secure Socket Layer). This widespread system for protection of online purchases guarantees the highest possible security not only of your order data, but also, for example, the account or credit card number used.

PartyLite uses reasonable technical and organizational measures to help protect and safeguard the order and business and personal information from loss, misuse, and unauthorized access, disclosure, alteration, unauthorised transmission, and destruction. For example, the use of password protected hardware and restrictions on document access.

Procedures for the regular review and evaluation of the effectiveness of technical and organisational measures have been established. However, no information system can be fully secure, so we cannot guarantee the absolute security of your personal information. Moreover, we are not responsible for the security of information you transmit to the Site over networks that we do not control, including the Internet and wireless networks.  You provide us with any information and data at your own risk. 

To the maximum extent permitted by applicable laws, PartyLite shall not be liable or otherwise responsible for any data incidents that may compromise the confidentiality, integrity, or security of your personal information.  Where we have given you (or where you have chosen) a user ID and password to access the Site, you are responsible for maintaining the security and confidentiality of those log-on credentials and not revealing them to others. You must contact us immediately (see the details at the end of this policy) if you have reason to believe that your user ID or password to our Site have been compromised.

Not all personal data collected on this website will be saved. Personal data that is stored is encrypted, and all systems connected to the Internet are equipped with firewalls that are regularly monitored to ensure a high level of security. Personal data is not stored for longer than as set out in the Data Retention section below.

We store your personal data at data centres in New Jersey and Massachusetts, USA and at Amazon Web Services.  We use AES 256 encryption for data moved between third party data centres in New Jersey and Amazon Web Services) using secure, dedicated Crypto-Tunnels.  When data is moved between physical office locations, we utilise SD-WAN encryption for data movement between data centres and our office locations.

If you have concerns about the use of your information or want to be deleted from our email list, please contact us using the details at the end of this policy.

Data Retention Period

We will keep your personal data only as long as necessary for the purposes of the processing for which it was collected (typically the length of the contract). We may, however, keep your data for a longer period of time in application of specific legal or regulatory provisions and/or to comply with applicable statute of limitations periods. In case of longer data retention for other reasons, we will inform you of such reasons and of the applicable retention period upon collecting your personal data.

To determine the data retention period of your personal data, we use the following criteria:

  • Data in connection with the administration of your account is retained as long as you use such account/keep it activated and for the applicable statute of limitation periods;
  • Data in connection with the processing of your transactions is retained during the period of your transaction, and in accordance with applicable legal requirements and statute of limitation periods (typically 6 years in the UK);
  • When you have consented to receive commercial solicitations, PartyLite will retain your personal data until you let us know that you no longer wish to receive such solicitations or after a period of inactivity defined in accordance with applicable legislation;
  • When your data is collected in the context of queries or questions concerning PartyLite products and services, and when you contact us to become a host or a consultant or affiliate, PartyLite will retain your data for the time necessary to process such queries;
  • When cookies are placed on your terminal, the cookie data is retained in accordance with the Cookies section of this Privacy Policy and applicable laws.

Your Rights

If you are located in the EEA or the UK, you may have certain rights with respect to the personal information we have about you. To the extent permitted by the GDPR, applicable EU Member State data protection laws, and the UK Data Protection Act, the following may apply to you:

  • A right of access and information:  You have the right to be informed in a concise, transparent, intelligible and easily accessible form of the way in which your personal data is processed. You also have the right to obtain (i) confirmation as to whether or not personal data concerning you are being processed, and where that is the case, (ii) to access such personal data and obtain a copy thereof.
  • A Right to Rectification:  You have the right to obtain the rectification of any inaccuracy in your personal data. You also have the right to have incomplete personal data completed, including by means of supplying a supplementary statement.
  • A Right to Erasure (‘Right to Be Forgotten’):  In some cases, you have the right to obtain the erasure of your personal data. However, this is not an absolute right and PartyLite may have legal or legitimate grounds for keeping such personal data.
  • A Right to Restriction of Processing:  In some cases, you have the right to obtain restriction of the processing of your personal data.
  • A Right to Data Portability:  You have the right to receive your personal data which you have provided to PartyLite, in a structured, commonly used and machine-readable format, and you have the right to transmit those data to another controller without hindrance from PartyLite. This right only applies when the processing of your personal data is based on your consent or on a contract and such processing is carried out by automated means.
  • A Right to Object to Processing:  You have the right to object, on grounds relating to your particular situation, to the processing of your personal data when such processing is based on the legitimate interest of PartyLite. PartyLite may, however, invoke compelling legitimate grounds for continued processing. You also have the right to object at any time to processing of your personal data for direct marketing purposes.
  • The Right to File a Complaint with the Supervisory Authority:  You have the right to contact your Data Protection Authority to complain about PartyLite’s personal data protection practices.
  • The Right to Give Instructions Concerning the Use of Your Data After Your Death:  You have the right to give instructions to PartyLite concerning the use of your personal data after your death.
  • The Right to Register on an Opposition List/Do Not Call Registry Regarding Direct Marketing Performed by Direct Calls.

To exercise any of these data privacy rights, please contact us in accordance with the details listed at the end of this Policy. You should only submit a request if you are the data subject whose personal information is the subject of the request, or if you have signed authority to act on that data subject’s behalf. We do not charge a fee to facilitate your request unless we deem it to be manifestly unfounded or excessive, in particular because of the repetitive character of the request. PartyLite may not be permitted by law to refrain from undertaking any action or changing its data processing activities, in response to a data request you submit to us.  If you make any request related to your personal data, PartyLite will ascertain your identity (to the extent applicable) to the degree of certainty required under the law before addressing your request. PartyLite may require you to match at least two or three pieces of personal data we have previously collected from you before granting you access to, or erasing, specific pieces, or categories of, personal data, or otherwise responding to your request.  Further, we may rely on exemptions available under EEA or UK law that apply to part or all of your request. 

International Transfer of Personal Data

[PartyLite is headquartered in the United States of America and, as noted above, our primary data centres are in that country.  Transferring your personal information to the United States may therefore be necessary for the performance of agreements (such as our Terms of Use) to which you are a party, and into which you freely enter, or under which you benefit.  You should be aware that the United States has separate data protection laws, but they are not considered to be equivalent to those in the EEA or UK. 

Where required by law, we take steps to ensure adequate protections are in place to afford data subjects within the UK or EEA essentially equivalent protections to those found in the GDPR, including by implementing appropriate transfer mechanisms such as  the Standard Contractual Clauses issued by the European Commission (alongside appropriate further technical, contractual and organisational measure, if applicable, when taking the applicable laws of the third country into account).

If you require any further information regarding the steps we take when transferring your data then please send a request using the contact details set out at the end of this policy.]

Changes to the Privacy Policy

Please note that we may update this Privacy Policy at any time to adapt it to potential new practices and service offerings. In such case, we will change the “last update” date and we will indicate the date on which the changes have been made. In case of significant change, we will inform you by any appropriate means.

Please read this Privacy Policy at regular intervals, so that you are always informed about the current status.

Cookies

A “cookie” is a file that is stored on your device or hard drive containing information about you. PartyLite may set cookies on your device or hard drive to assist you in navigating the PartyLite website.

Most Internet browsers delete cookies from your computer's hard drive, prevent cookies from being stored, or give a warning before storing a cookie, so please read your browser's instructions or use the help function for further instructions, including on limiting or refusing cookies. While you are free to limit or refuse cookies by adjusting the settings in your browser, if you do so you may not be able to use the full functionality of our website or other services.

Google Analytics

Google Analytics is used on our websites. This is a web analytics service provided by Google Inc. (“Google”). Google uses cookies on this website for this web analytics service. The information generated by the cookie about the use of our online offer by the users (are usually transmitted to a Google server in the USA and stored there. The information collected includes information about the websites and the pages you visit, your online shopping and shopping habits and the transactions you have made.  Google will use this information on our behalf to evaluate the use of our online offer by users, to compile reports on the activities within this online offering and to provide us with further services related to the use of this online offer and the internet usage. In this case, pseudonymous usage profiles of the users can be created from the processed data.

You can prevent the collection and storage of cookies by setting your browser software accordingly. For Google Analytics, you can prevent the collection and storage of data generated by the cookie and its use of the online offer as well as the processing of this data by Google by downloading and installing the browser opt-out plug-in available at the following link:  https://tools.google.com/dlpage/gaoptout.  An opt-out cookie will be stored on your device. If you delete your cookies, you must click the link again.

The anonymised IP address provided by Google Analytics within the scope of Google Analytics will not be merged with other data provided by Google.

Facebook

Our website includes plug-ins from Facebook Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA (Facebook). They are indicated by the Facebook logo or the note "Like".

The Facebook plug-ins lead to information about your visit being forwarded to Facebook and, if necessary, saved there if you have a Facebook account and are logged into your account while visiting our website. In the logged-in state, it is possible to assign the data to the Facebook profile.

Otherwise, the Facebook plug-in will forward to Facebook the information that you have visited the website provided with a Facebook plug-in. Through interaction with a Facebook plug-in, e.g., by clicking on the "Like" button, this information and any other information that you have entered in this context will also be saved there.

For the purpose, manner and extent of information stored by Facebook and their use, you can refer to the privacy policy of Facebook at:  https://www.facebook.com/privacy/explanation. There, you can also read about preventing the storage and use of your personal data through Facebook or restrict.

Facebook Pixels

We use the tool “Facebook Website Custom Audiences”. By means of a pixel integrated on this website, we mark you as a user of our website. For this purpose, no personal data will be collected or used about you. Facebook can recognize you by using this pixel when visiting the Facebook website. Information about your visit to our website is forwarded to Facebook without any personal reference for analysis and marketing purposes. The information transmitted to Facebook is a non-reversible and non-personal checksum, which is based on your usage data. There is no transmission of other data under this technology.

You can access the following links to learn more about the handling of the data by Facebook and also make setting changes: 

https://www.facebook.com/ads/website_custom_audiences/

https://www.facebook.com/about/ads

https://www.facebook.com/privacy/explanation

Bing Advertisements

PartyLite uses Bing Ads (Microsoft) to promote our business online. To more effectively market our products or services, PartyLite uses a small text file (a cookie) to record the completion of your transaction. Any information that Bing gathers will remain anonymous and cannot be used to identify you. Other browsers such as Internet Explorer and Mozilla Firefox, let you delete cookies and choose what types of cookies you want to allow on your computer. For more information pertaining to Bing Ads and Microsoft, please see https://privacy.microsoft.com/en-us/privacystatement.

Interest-based advertising

Our third-party vendors or service providers may also use cookies and web beacons to measure the effectiveness of our ads and to determine the content and advertising to offer you, based on your interests. To support these activities we, our service providers, and business partners may use information about your visits to our website.

You may opt out of other third-party vendor's use of cookies by disabling cookies on your browser or by visiting https://www.allaboutcookies.org/. Please note that even if you choose to disable cookies you will still see advertisements while browsing online. However, the advertisements may be less relevant to you and your interests.

E-mails and Newsletters

As explained above, we use your e-mail address, which you have given us in the ordering process, for sending the order confirmation as well as other important customer information necessary for the product order, processing and delivery in our system.

When visiting our website, we may use information about your activities (surfing behaviour, viewed products, shopping carts) to create a pseudonymised usage profile. We use this information to send you mailings targeted and tailored to your needs.  We use cookies in order to track user activity for our online digital platform.  When a user logs into the system, we associate the cookie to the email address.  We also leverage a third-party solution for purposes of remarketing cart abandonment items.  If a user who is logged into our system places items in a shopping cart, we will email the customer to encourage them to complete the purchase.

When you sign up for our newsletters or to hear from us, you agree that we may use the aforementioned information and your order history to send you customized mailings and marketing messages or to ask you about your satisfaction with the products you have purchased. Your data will be used solely for this purpose and will not be shared with third parties. You may revoke your consent at any time. To do this, either click on the unsubscribe link in the newsletter or send an informal letter to:

PartyLite Gifts, Inc.
600 Cordwainer Drive
Norwell, Massachusetts 02061 USA
via E-Mail: privacyofficer@partylite.com

Contact Us

Please contact our Privacy Officer if you have any questions about our privacy practices, this Privacy Policy or your personal data, including if you require access to or need to correct personal information we hold about you.

Please understand that we can only respond to requests for information or inquiries about your personal data if we can ensure that you are actually the sender (in some cases we may ask you to provide us with your Affiliate number). Please make your request always in writing by mail or e-mail.

Privacy Officer:

Patrick Piccininno

By post:

c/o PartyLite UK Ltd.

 

600 Cordwainer Drive

 

Norwell, Massachusetts 02061 USA

Telephone (UK)

01923 932606

By e-mail:

privacyofficer@partylite.com

Copyright © 2022 PartyLite