Who we are
We are an online store, providing an assortment of trending items expressly selected with a taste of opulence for your special occasion.
This privacy notice provides you with details of how we collect and process your personal data through your use of our site https://derebbew.com.
By providing us with your data, you warrant to us that you are over 13 years of age.
We are responsible for the safety of your personal data (referred to as ‘we’, ‘us’ or ‘our’ in this privacy notice).
What personal data we collect and why we collect it
Personal data means any information capable of identifying an individual. It does not include anonymised data. We may process the following categories of personal data about you:
Communication Data that includes any communication that you send to us, whether that be through the contact form on our website, through email, text, social media messaging, social media posting or any other communication that you send us. We process this data for the purposes of communicating with you, for record keeping and for the establishment, pursuance or defence of legal claims. Our lawful ground for this processing is our legitimate interests which in this case are to reply to communications sent to us, to keep records and to establish, pursue or defend legal claims.
Customer Data that includes data relating to any purchases of goods and/or services such as your name, title, billing address, delivery address, email address, phone number, contact details, purchase details and your card details. We process this data to supply the goods and/or services you have purchased and to keep records of such transactions. Our lawful ground for this processing is the performance of a contract between you and us and/or taking steps at your request to enter into such a contract.
User Data that includes data about how you use our website and any online services together with any data that you post for publication on our website or through other online services. We process this data to operate our website and ensure relevant content is provided to you, to ensure the security of our website, to maintain back-ups of our website and/or databases and to enable publication and administration of our website, other online services and business. Our lawful ground for this processing is our legitimate interests which in this case are to enable us to properly administer our website and our business.
Technical Data that includes data about your use of our website and online services such as your IP address, your login data, details about your browser, length of visit to pages on our website, page views and navigation paths, details about the number of times you use our website, time zone settings and other technology on the devices you use to access our website.
The source of this data is from our analytics tracking system. We process this data to analyse your use of our website and other online services, to administer and protect our business and website, to deliver relevant website content and advertisements to you and to understand the effectiveness of our advertising. Our lawful ground for this processing is our legitimate interests which in this case are to enable us to properly administer our website and our business and to grow our business and to decide our marketing strategy.
Marketing Data that includes data about your preferences in receiving marketing from us and your communication preferences.
We may use Customer Data, User Data, Technical Data and Marketing Data to deliver relevant website content and advertisements to you (including Facebook adverts or other display advertisements) and to measure or understand the effectiveness of the advertising we serve you. Our lawful ground for this processing is legitimate interests which is to grow our business. We may also use such data to send other marketing communications to you. Our lawful ground for this processing is either consent or legitimate interests (namely to grow our business).
We do not collect any Sensitive Data about you. Sensitive data refers to data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. We do not collect any information about criminal convictions and offences.
Where we are required to collect personal data by law, or under the terms of the contract between us and you do not provide us with that data when requested, we may not be able to perform the contract (for example, to deliver goods or services to you). If you don’t provide us with the requested data, we may have to cancel a product or service you have ordered but if we do, we will notify you at the time.
We will only use your personal data for a purpose it was collected for or a reasonably compatible purpose if necessary. We may process your personal data without your knowledge or consent where this is required or permitted by law.
Our lawful ground for this processing is our legitimate interests which in this case are to enable us to properly administer our website and our business and to grow our business and to decide our marketing strategy.
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Information submitted through the contact forms on our site are sent to our company email, hosted by Gmail. Google adheres to the EU “Privacy Shield” policy and you can find more information about this here. We keep these submissions for customer service purposes only.
With our newsletter we inform you about our products and us. When registering for the newsletter, you have to provide an email address. In case of registration for the newsletter, we also store the date of registration as well as the user’s first and last name, if you choose to additionally disclose those.
After registration, the user will receive an email to confirm the registration. The processing is based on your consent (Art. 6 (1) a. GDPR). Purpose of the processing is the distribution of our newsletter.
Consider cookies a way of making interactions with the Site easy and meaningful. When you visit the Site, our servers send a cookie to your computer. Standing alone, cookies do not identify you personally; they simply recognize your web browser. Unless you decide to identify yourself by opening an account or filling out a form, you will remain anonymous to us.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
On this site, the only analytics gathering service we use is Google Analytics, as explained in the Cookies section above.
Google Analytics helps us measure our advertising ROI as well as track our Flash, video, and social networking sites and applications.
They abide by the General Data Protection Regulation (GDPR) and the ePrivacy Directive (ePR) affect how we as a website owner may use Google Analytics to track our visitors from the EU.
Who we share your data with
We don’t share your data with third-parties in a way as to reveal any of your personal information like email, name, etc.
Any contact messages received through this website related to hiring and customer service are also never used for marketing purposes or shared with any third parties.
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where we send your data
Visitor comments may be checked through an automated spam detection service.
Your contact information
It is very important that the information we hold about you is accurate and up to date. Please login to our site to keep your information current.
Customer Data that includes data relating to any purchases of goods and/or services such as your name, title, billing address, delivery address, email address, phone number, contact details, purchase details and your card details.
We process this data to supply the goods and/or services you have purchased and to keep records of such transactions. Our lawful ground for this processing is the performance of a contract between you and us and/or taking steps at your request to enter into such a contract.
How we protect your data
We have put in place security measures to prevent your personal data from being accidentally lost, used, altered, disclosed, or accessed without authorization. We also allow access to your personal data only to those employees who have a need to know such data. They will only process your personal data on our instructions and they must keep it confidential.
We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach if we are legally required to.
What data breach procedures we have in place
How we protect your data and what data breach procedures we have in place
We protect customer data with the following site features:
•We are entirely using SSL/HTTPS throughout all our sites. This encrypts our user communications with the servers so personal identifiable information is never captured by third parties without authorization.
•Databases are sanitized (actual user personal details are removed) before deploying to development or testing environment.
In case of a data breach, System administrators will immediately go through affected users and will attempt to reset passwords if needed after informing the user.
What third parties we receive data from
In certain circumstances (for example, to verify the information we hold about you or obtain missing information we require to provide you with a service) we will obtain information about you from certain publicly accessible sources, both EU and non-EU, such as the electoral register, Companies House, business directories, media publications, social media and websites (including your own website if you have one).
What automated decision making and/or profiling we do with user data
We do not use automated decision-making. Regarding profiling, we use the tracking tool Google Analytics. For further information about our use of Google Analytics see section II. 3. – “Google Analytics”.
Industry regulatory disclosure requirements
We may have to share your personal data with the parties set out below:
Service providers who provide IT and system administration services
Professional advisers including lawyers, bankers, auditors and insurers
Government bodies that require us to report processing activities.
We require all third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions.