We are HUA 0 SA de CV (“we”, “our”, “ours”), and we are committed to protecting your privacy. HUA 0 SA de CV is the controller for purposes of the General Data Protection Regulation (the “GDPR”), a company registered in Mexico (RFC: HCE140618I59), with an address in Medellín 213 Int 201 Roma South 06760 CDMX Mexico.
The Website and the services offered by HUA are not intended for use by children.
2.- THIRD-PARTY WEBSITES
3.- WHAT INFORMATION DO WE COLLECT AND HOW DO WE DO IT
When you interact with us, either through our Website or by communicating with us, we may collect the following information about you:
Information that you provide us: you can give us information about yourself by registering on our Website, placing an order for products, completing an online form (such as registration forms, contests, and surveys), opting in to receive our newsletters and special offers, participating in contests or promotions, interacting on social networks with our Website, or when interacting with us (via email, telephone, chat, social networks or others).
Depending on the data you provide, this information may include your name, address or location, telephone number, and email address, date of birth, gender, purchase information, purchasing preferences, images, and financial information (including the details of your credit and debit card, even though they are not processed by us, as our payment processors do).
If you register an account on the Website, then you may choose to provide us with your photograph and username. You can also invite your friends to buy on our Website (via email, Facebook, Instagram, or Twitter) with your account. In addition, we will let them know that we receive their data through you, so we ask that you make sure you have your friends' permission before sharing their contact details with us and that you only forward emails to people you know who want to receive it.
Information we receive from other accounts or sources: We may receive information about you from other sources, such as your other accounts or other websites, including data brokers, our Partners, social media providers – such as Facebook, Instagram, and Twitter –, advertising networks and analytics partners, as well as payment and messaging service providers.
By accessing our mobile applications through Facebook, Instagram, or Twitter, or by linking your account on our Website with your account on these social networks, you authorize us to obtain certain information and content from those accounts. The specific types of information we may obtain will depend on the settings you have in these accounts or websites, and will be subject to their privacy policies.
We supplement the data you provide us with data from aggregated data services, such as social or public graph data, in order to offer you content and promotions that are useful to you. We will add this data to your customer account information to better understand user interests and provide more relevant product recommendations and advertisements, to increase the safety of our customers when using our Website, and to comply with our legal obligations, such as sanctioning laws. This information may be associated with your personal data, such as your name, email, address, physical address, or telephone number.
You can see more details about our third parties in point 5.
Information that our IT systems collect about you: Every time you visit our Website, certain information will be created and automatically recorded by our IT systems. This information includes:
- Information about devices: The information that comes from your device may differ, depending on its type (PC, Mac, iPhone, Android, or other) and its configuration, but it includes the type of device you have (an Apple iPhone or a Samsung Galaxy or a Google Pixel, for example), the IP address of the device, the browser you use, your mobile network provider (in the case of mobile devices), the pages you have visited, your time zone and country, as well as reports of download error and failures.
Information we collect in-store: HUA is always looking for new opportunities to improve your shopping experience, and this extends to your in-store experience. When you visit our showroom, you can have the opportunity to use state-of-the-art technology to enrich your shopping experience. You may also give us information about you in-store if you make a purchase using a credit or debit card, complete a survey or questionnaire, enter a contest or promotion, give us feedback, or otherwise interact or correspond with us in-store. When you use a device with a WiFi connection, it may provide certain information, which will differ depending on your device and settings. The data that may be collected is the type of device you have, the device identifier/media access control (MAC) address, the proximity of the device from the access point, the location of the device, and, where relevant, when and for how long the device was connected to the WiFi network. However, you can prevent your information from being collected by turning off the Wi-Fi feature of your device.
- * To receive your payment:* we collect your payment information, which includes the credit/debit card number, cardholder name, and CVV. We do not store this data and only transfer it to our authorized payment providers. The legal basis is in the execution of a contract with you.
- * To provide you with our Customer Support services (including helping you resolve any problems you may have with our services, updating you on any changes to our terms of services, or contacting you about your experience with us):* we collect your name, email, password and address, and your contact history with us (including telephone recordings of our conversations).
The legal basis is in the performance of a contract with you and our legitimate interests in retaining you as a customer.
- *To monitor the quality of our Customer Service services:* we collect your name, email, password and address, and your contact history with us. The legal basis is our legitimate interests in running our business.
- *To administer, maintain and optimize our Website and our services:* we collect information from your devices (such as IP address and the type of device you use), cookie identifiers, and navigation information. The legal basis is our legitimate interests in running our business.
- *To carry out fraud and credit checks, and whether we can do business with you:* we collect your name, email, addresses, credit/debit card details, browsing history, purchase history, date of birth, gender, information of your devices (such as the IP address and the type of device you use), any type of identity documentation (such as a driver's license or any other identity document) and any publicly available information (such as social network profiles or news ). The legal basis is in our legitimate interests to protect HUA and its customers from fraudulent activities, and to comply with legal obligations.
- *To send you marketing communications and personalized offers:* we collect your name, email, phone number, address, date of birth, purchase history, browsing history and behavior, information from your devices, purchase preferences, cookie identifiers, internal identifiers, and country. The legal basis is our legitimate interests in electronic direct marketing of products and services similar to those you have purchased using our Website or – where this does not apply – your consent.
- *To manage our loyalty programs:* we collect your name, email, phone number, address, date of birth, purchase history, browsing history and behavior, information from your devices, purchase preferences, username, identifiers cookies, internal identifiers, country, spending level, and purchasing power. The legal basis is our legitimate interests in running our business and improving our Website and your user experience.
- *To offer you personalized recommendations and enhance your experience:* we collect your name, email, phone number, address, date of birth, purchase history, browsing history and behavior, information about your devices, purchase preferences, username, cookie identifiers, internal identifiers, country, spending level, and purchasing power. The legal basis is our legitimate interests in running our business and improving our Website and your user experience.
- *Carrying out studies, analyses, surveys, and questionnaires about the use you give to our Website:* we collect your name, address, email, information from your devices, demographic information (including gender, country of residence, and family income), and content of survey responses. The legal basis is our legitimate interests in running our business and improving our Website and your user experience.
- *Advertising and retargeted ads for our products and services and those of our Partners:* we collect your email, cookie identifiers, and information from your devices. The legal basis is our legitimate interests in running our business.
- *To produce aggregate statistical reports:* we use your order history, ensuring that the results of these reports do not identify you. The legal basis is our legitimate interests in running our business and improving our Website.
- Our partner boutiques and brands through which you purchase your products: We rely on a select number of partners who supply the products you find on our Website;
- Service Providers for Business Purposes: To function properly, we rely on a select number of third parties to provide us with their services and products. We allow these companies to use your information only as strictly necessary, in order to provide us with their services and products. Below you will find the types of providers we have:
- Courier companies, such as DHL, FedEx, and UPS, that we use to deliver the products to you, and therefore they need to have access to your order information, which includes your name and address. These providers have a global reach, with several local companies that may be involved in the delivery process, depending on your shipping address.
- Payment providers, which we use to process your payment information (such as your credit/debit card details) so that we can receive your payment. These are based in the European Union, the United States, and China, and are involved in the process depending on your location.
- Anti-fraud and credit validation providers, to keep you and us safe. These have access to your information and associated orders and process them with the aim of verifying any fraudulent behavior.
- Analytics and search engine providers, such as Google, that we use to help you improve and optimize the Website. These providers are located in the United States and Europe. o Marketing tools that help us drive our marketing, such as Oracle Responsys and Mention Me. These providers are located in the United States.
- Marketing performance providers, who help us deliver HUA advertising tailored to your interests and needs. These providers are located in Europe (mostly in the United Kingdom) and in the United States.
- Research companies, which we may engage to help us carry out surveys about your use of our Website and our services. These providers are mostly located in Europe (usually the UK) or the US.
- IT/technology providers that we use to support, maintain and provide our technology and IT infrastructure that supports our Website and that stores our information. These include Microsoft Azure – which we use to host your information – and which is located in the Netherlands and Ireland.
- Ads for marketing purposes: We may give your information to our advertising and social media partners (including Facebook, Instagram, and Twitter, depending on the one you use), as long as they require this data to select and use relevant ads about our products and services and those of our Partners, addressed to you and others;
- Data enrichment service providers: We may enrich, aggregate, or combine the information we have about you with information from other sources, initially by sharing some of your personal data with select business partners. These partners are located in the United States. We do this to better understand your customer profile and interests so that we can provide you with offers especially for you, as well as specialized services;
- Role of third parties when considering a corporate transaction: HUA is always looking for new directions and opportunities for growth. This means that, on occasion, we may consider corporate transactions, such as mergers, acquisitions, reorganizations, asset sales, or the like. In this way, we will be able to transfer your information to allow the appreciation and completion of this transaction. If we buy or sell any business or assets, your personal information may be one of the assets to be transferred;
- To comply with legal requirements: On occasion, we may be required to cooperate with various regulators and security agencies in different countries, whether by legal requirement, court order, or any other legal process. Although we dispute requirements whenever possible, in some cases we may need to share your information with regulators or law enforcement agencies. When we deem it appropriate and provided that we are not prohibited from doing so by law or court order, we will attempt to notify you of these legal claims; and
- Aggregated information with third parties: we may aggregate your data with that of other customers, creating a database with information about the use of our Website, product purchases, and other general aggregated data about our customers, based on our legitimate interest in understanding the use of our service and demand for our product. Although this data set is aggregated and anonymous, meaning it cannot identify you individually, it does provide value regarding the use of our Website and may be shared with selected third parties. These third parties may include providers of plugins or similar technologies to help measure traffic; our Partners and other suppliers to enable them to better store products; and our investors.
6.- TRANSFER OF YOUR PERSONAL DATA
In order to offer our Website and services, we may transfer and store the personal information that we collect about you in a destination outside the European Economic Area (“EEA”), mainly in the United States of America, as well as in one of the Group Companies, one of our Partners or one of the service providers with whom we work, as indicated below:
- When we transfer personal information within our Company outside of the EEA, which may be to the US, Brazil, Russia, Japan, or China, we rely on the Commission's model contract for the transfer of personal data to third countries (for example, the standard contractual clauses), according to Decision 2010/87/EU.
- We transfer personal information to one of our partners outside the EEA, to the extent that this transfer is necessary to complete the contract between you and the boutique from which the products of your orders originate.
- When we transfer personal information to one of our service providers set out above, we rely on the appropriateness of different measures, as indicated below:
- o Adequacy decision: we transfer the personal data we collect about you to conduct fraud checks with those who have verified that you have an adequate level of personal data protection under Commission Decision 2011/61/EU of January 31, 2011.
- o Privacy Shield: Some of our service providers located in the United States, to which we also transfer your information, comply with the EU-US Protection Shield of the United States Department of Commerce, and have been certified to adhere to the EU-US Shield Principles of Notice, Choice, Transfer Processor Responsibility, Security, Integrity and Limitation, Access, and Recourse, Enforcement and Liability. For more information about the EU-US Privacy Shield agreement, visit the US Department of Commerce's Privacy Shield website.
- o Model clauses: we rely on the Commission's model contracts for the transfer of personal data to third countries (such as standard contractual clauses), in accordance with Decision 2010/87/EU, when we transfer your information to our service providers in the United States that do not adhere to the Protection Shield of the Department of Commerce of the United States.
We use "cookie" technology to collect information and save your online preferences. Cookies are small pieces of information sent by a web server to a web browser, allowing the server to authenticate the browser's identity on each page. We use the following categories of cookies on our Website:
- Category 1: strictly necessary cookies These cookies are essential since they allow you to navigate through the Website and use its functionalities. Without these cookies, services you have requested, such as remembering your login details or items in your shopping bag, would not be available.
- Category 2: analytical cookies These cookies collect anonymous information about how people use our Website. For example, we use Google Analytics cookies to help us understand how customers arrive at, search for, or use our site, as well as highlight areas where we can improve, such as navigation, the shopping experience, and marketing campaigns. The data collected by these cookies never shows personal information and it will never be possible to establish your individual identity. You can disable cookies in your browser settings. Category 3: Functional cookies These cookies remember the selections you have made, such as the country from which you visit our Website, language, and search parameters, such as size, color, and product style. In this way, they can be used to offer you an experience more appropriate to your selections and to make your visit more pleasant. The information these cookies collect may be anonymous and cannot track your browsing activity on other websites. You can disable cookies in your browser settings.
- Category 4: targeting cookies or advertising cookies These cookies collect information about your browsing habits, with the aim of making advertising more relevant to you and according to your interests. They are also used to limit the number of times you see an advertisement, as well as to help measure the effectiveness of an advertising campaign. Cookies are generally provided by an advertising company. They remember the websites you visit, and that information is shared with related parties, such as advertisers. For example, we use third-party companies to serve you more personalized ads when you visit other websites. You can disable these cookies using your browser settings.
- Category 5: social network cookies These cookies allow you to share what you are doing in relation to the Website on social networks, such as Facebook, Instagram, and Twitter. These cookies are not under our control. Please consult the respective privacy policies to learn how these cookies work. If you wish to delete any cookies that are already on your computer, please refer to the help and support section of your Internet browser for instructions on how to find the file or directory that stores cookies. At www.AboutCookies.org you can get more information about its elimination and control. Please note that by deleting our cookies or disabling future cookies, you may be unable to access certain areas or features of our Website.
You can withdraw your consent to these cookies at any time through the following options:
- Google Analytics cookies on all websites: please visit Google Analytics Opt-out Browser Add-on;
- Other third-party cookies related to behavioral ads: please go to www.youronlinechoices.eu.
- Any other type of cookies: you can clean your cookies through the configuration of your browser.
Remember that even if you disable cookies, you will still receive online ads. This means that the company or companies in which you disabled this option will not place more advertising tailored to your web preferences and usage patterns, so you will see a large number of ads that will be irrelevant to you and your preferences.
Keeping you and your personal information safe is very important to us. Therefore, we try to protect them by following these steps:
- Using Secure Socket Layer (“SSL”) encryption to help us encrypt the personal data you submit to us during the checkout process (including any financial information, such as credit or debit card details);
- Requesting a password to access your account on our Website;
- Deleting the details of your credit or debit card, to prevent third parties from carrying out a transaction using that card (such as your CVV number); Y
- Regularly monitor our servers and IT systems to avoid possible vulnerabilities and attacks.
Unfortunately, despite these precautions, the transmission of information via the Internet is not completely secure. We cannot guarantee the security of your personal data transmitted to or through our Website, so any transmission is done at your own risk. In particular, please note that if you voluntarily provide personal information online in an unprotected environment (such as on a message board, shopping list, or in chat areas), this information may be collected and used by others outside of our or your control.
9.- FOR HOW LONG WILL MY INFORMATION BE USED?
We will keep the data you provide us for as long as you have your account with us and, from that moment, for the period in which you have questions or complaints in relation to our services, in addition to any additional maintenance period to which we are forced, in accordance with the legal requirements that are applied to us.
In some circumstances, you can ask us to delete your data as explained below.
When you have finished using our services, we may store your information in an aggregated and anonymous format.
10.- WHAT ARE MY PRIVACY RIGHTS?
You have certain rights in relation to the personal information we hold about you, which we will detail below. Some of them only apply in certain circumstances, as explained below. We will also tell you how to exercise those rights. Please note that we may ask to verify your identity before responding to any request to exercise your rights, and this may include asking you a series of security questions to certify that it is you. When you ask someone else to make this request on your behalf, that person and/or organization will need to show a valid power of attorney from you. We must respond to your request to exercise these rights without delay and at least within one month (however, this may be extended to a further two months in certain circumstances). To exercise any of your rights, please write to us at firstname.lastname@example.org or send us your physical request, addressed to the Data Protection Officer, at the following address: Medellín 213 Int 201 Roma Sur 06760 CDMX México.
Access. You have the right to know if we process your personal data and, if we have, to access the data we have about you and certain information about how we use it and with whom we share it (such as the categories of personal data we share with companies for use in direct marketing and the names and addresses of those companies). Please note that in "My Account" you can see your information, mainly your account details (such as name, email, phone number, date of birth), the addresses you use for billing and shipping, the history of your orders, and your purchasing preferences.
You can also request a copy of your information. If you request more than one copy of the data we hold about you, we may require a reasonable administrative fee.
We may not provide you with certain personal data if doing so would interfere with other rights (for example, if this would cause us to disclose information about another person) or where other exceptions apply.
Portability. You have the right to receive a subset of the personal data we collect about you in a structured, commonly used, and readable format on any device, as well as the right to request that we transfer that information to a third party. The subset of personal data is information that you provide us with your consent or for the purpose of maintaining our contract with you. If you want us to transfer this data to a third party, please make sure to detail it and keep in mind that we can only do so when technically possible. We are not responsible for the security of this personal information or its processing once it is received by a third party. In addition, we may refuse to give you certain information if doing so would mean revealing information about another person (for example, if this would cause us to reveal information about another person, such as our trade secrets or intellectual property).
Correction. You have the right to correct any personal data we hold about you that is incorrect. You can edit your personal information in the "My Account" settings. Likewise, you can request the correction via email. Please note that in some cases we may ask you to explain in detail why you believe that data is incorrect or incomplete so that we can assess whether a correction is necessary. It is important that you also know that, even if we conclude that your personal data is incorrect or incomplete, you can exercise your right to restrict our processing of the applicable data, in the manner described below.
Elimination. You may request that we delete the personal data we hold about you in certain circumstances. Please scroll down to find out what they are:
- o When you believe that it is not necessary for us to continue to have your personal data; o When we are processing your personal data based on your consent, and you wish to withdraw this consent and there is no other place under which we can process it; o When we are processing your personal data based on our legitimate interest and you object to such processing. Please tell us in detail your reasons so that we can assess whether there is an overriding interest for us to retain such information; o When you do not want us to use your personal data to send you promotions and special offers; or When you believe that your personal data has been unlawfully processed by us.
Also, keep in mind that you can exercise your right to restrict our data processing as long as we consider that your request complies with what is explained below.
Please provide as much detail as possible in your request to help us determine if you have valid reasons to remove them. Please note that, despite this, we may retain your personal data if there are strong legal grounds to do so (for example, to defend against legal claims or freedom of expression). We will let you know if this is the case.
Where you have requested to delete data that we have made public and there are grounds for doing so, we will take reasonable and necessary steps to tell those who are displaying this data or providing links to it that they should also delete it.
Restriction of Processing for Storage Only. You have the right to ask us to only process your personal data for storage purposes, in certain circumstances. However, please note that if we stop processing this data, we may use it again if there are strong grounds in data protection law that allow us to do so (for example, for the defense of legal claims or for the protection of another person). ).
Please scroll down to know the cases in which you can request that we stop processing your information and that we can only store it.
- When you believe that this personal data is not correct during the period that it takes us to verify your claim;
- When we want to delete the personal data, since the process we are doing is not legal, but you want us to keep this information for storage and not for future processing;
- When we wish to delete the personal data, since they are not necessary for our purposes, but you request that they be stored for the establishment, exercise, or defense of legal claims; either
- When you object to us processing your personal data on the basis of your legitimate interest, and you want us to stop processing it while we determine whether there is any interest on our part in retaining it.
Objection At any time, you have the right to object to the processing of your information to send you promotions and special offers – including when we build profiles for such purposes – and we will stop processing that data for those purposes. You can do this by changing your marketing preferences in "My Account" or by selecting "unsubscribe" at the bottom of any of the marketing emails we send you. Please note that you will continue to receive emails related to the orders you make through our Website, as well as updates to our Terms and Conditions and Privacy Policies.
You also have the right to object to our processing of your data, and we will consider your request in other circumstances as set out below:o When we are processing your data (including when the processing is for profiling) based on the legitimate right of our related entities, and you object to that processing. Please provide us with your reasons in detail so that we can determine if there is an overriding interest for us in continuing to process that data, or if we need to do so due to legal claims. Likewise, you can exercise your right to request that we stop processing your data while we make that determination of our interests.
Withdrawal of consent: You can withdraw your consent at any time, by changing your marketing preferences in "My account", by unsubscribing at the bottom of any of the emails you receive, or by sending us an email as indicated below.
10.- DOUBTS AND QUESTIONS
Sending us an email to email@example.com; either
Writing to the Data Protection Officer, at the following address: Medellín 213 Int 201 Roma Sur 06760 CDMX Mexico. You can also exercise your right to make a complaint to the Information Commissioner's Office (www.ico.org.uk) or to the data protection supervisory authority in the EU country where you live or work when you think that we have breached data protection laws.
11.- UPDATES TO THIS POLICY