PRIVACY POLICY


WHO IS THE CONTROLLER OF YOUR PERSONAL DATA?

Sociedad Textil Lonia, S.A. (hereinafter, "STL") with registered office at Parque Empresarial Pereiro de Aguiar, 32792, Pereiro de Aguiar, (Ourense-Spain) and developer of the CH Carolina Herrera brand, is the controller of your personal data.


You can contact our Data Protection Office at the above address or by email at: lopd@stlonia.com.


DATA PROTECTION OFFICER


We have appointed a Data Protection Officer to ensure that we continuously process your personal data in an open, accurate and legal manner. You can contact our Data Protection Officer at: lopd@stlonia.com stating DPO as the subject matter.


FOR WHAT PURPOSES DO WE TREAT YOUR PERSONAL DATA? HOW DO WE LEGITIMIZE THE PROCESSING OF YOUR DATA?


1. MANAGEMENT OF YOUR BUSINESS RELATIONSHIP WITH STL


Your personal data will be treated in order to develop, control, manage and maintain the contractual relationship established on making purchases in stores managed by STL. Where necessary, STL will communicate the personal data that you provide us by filling in the card in order to manage your relationship as a client.


Said treatment for the purposes indicated is legitimized by the execution of the existing contractual relationship between you and STL. The obtaining of your data for this purpose is mandatory in order to enable STL to establish and manage your contractual relationship.


2. MANAGEMENT OF PROFILE REGISTRATION AND CANCELLATION IN THE SHARED DATABASE


Your personal data will be processed for your registration and entry into the customer database managed by STL. When necessary, and exclusively for the management of the contractual relationship, STL will communicate the identifying data that you provide us by filling in the card in order to be able to manage your relationship as a customer. In addition, if you have consented to the transfer of your data to STL from PUIG Group companies or STL franchisees, it will be included in our database whose data treatment is explained below.


Said treatment for the purposes indicated is legitimized by the execution of the existing contractual relationship between you and STL. The obtaining of your data for this purpose is mandatory in order to enable STL to establish and manage your contractual relationship.


3. PROCESSING OF YOUR DATA FOR COMMERCIAL PURPOSES BY STL


Your personal data will be processed by STL for the sending of commercial information related to own products linked to and marketed by STL, in addition to opinion surveys. Said information to be sent by any means, including electronic, commercial communications, sending of bulletins and personalized offers. Similarly, your data may be used for profiling purposes in order to send personalized commercial actions and / or oriented to your preferences.


Said treatment for the purposes indicated is legitimized by the application of legislation that foresees said treatment and by having obtained STL consent to that effect.


For those cases legally provided for under article 21.2 of Law 34/2002, of July 11, concerning services of the information society and electronic commerce, as well as by article 16 of the Electronic Privacy Regulation 2017/0003 (e-privacy) of the European Union, STL will be entitled to send commercial communications electronically as long as the content thereof is related to products and / or services similar to those offered in the context of your relationship with STL.


You may, at any time, revoke your consent for the sending of commercial communications of STL products and services. You may refuse such procedure both at the time of data collection and on receipt of each commercial communication sent by STL.


Similarly, STL may use your data in legitimate interest to better meet your expectations and increase your level of satisfaction as a client in cases where legislation permits, provided that these legitimate interests respect your right to personal data protection, honor and personal and family privacy. Remember that you can always exercise your right of opposition if you consider it appropriate at the email lopd@stlonia.com.


4. DATA TRANSFER STL GROUP AND FRANCHISEES


In order to manage the relationship with you as a customer, STL may communicate to those companies that use the STL customer database any identification data that you provide us by filling in the card or via the website in order to verify your identity, as well as to manage all purchases and operations you make in the stores of Carolina Herrera (CH). With this in mind, your data will be included in a centralized database that can be accessed by both STL franchisees and other STL Group companies. In no case will your personal data be communicated to other entities that do not belong to the STL Group or to STL franchisees, without your prior consent.


Said treatment for the purposes indicated is legitimized according to the existence of a legitimate interest for STL. As a result of the use of a centralized customer database, for administrative, operational and logistics purposes, STL may communicate data to all STL's dependent entities with which it shares access to said database with the sole purpose of being able to improve the logistics, administration and your personal management needs by being able to centralize all the purchases you make. This centralization does not entail any detriment to you, on the contrary, it will speed up any order or process, thereby avoiding delays.


The obtaining of your data for this purpose is mandatory in order to enable STL to establish and manage your contractual relationship.


5. INTERNATIONAL DATA TRANSFERS TO THE STL GROUP


In order to manage the relationship with you as a customer, STL may communicate to those companies that use the STL customer database any identification data that you provide us by filling in the card or via the website in order to verify your identity, as well as to manage all purchases and operations you make in the stores of Carolina Herrera (CH). With this in mind, your data will be included in a centralized database that can be accessed by both STL franchisees and other STL Group companies that may be located in countries that do not offer a protection level comparable to European standards. In no case will your personal data be communicated to other entities that do not belong to the STL Group or to STL franchisees, without your prior consent.


Said treatment for the purposes indicated is legitimized by the adoption of adequate guarantees by STL. For these purposes, these international data transfers will be covered by the implementation of adequate guarantees through the signing of a contract to that effect based on the Standard Contractual Clauses for data protection adopted by the European Commission.


The obtaining of your data for this purpose is mandatory in order to enable STL to establish and manage your contractual relationship.


6. TRANSFER OF DATA TO PUIG GROUP COMPANIES


You give explicit and express consent for us to transfer your personal data to the PUIG Group in order to coordinate and update the information you provide us via the website concerning the subscription interests: "Carolina Herrera New York", "212 Carolina Herrera" and "Bridal".


In this case, the PUIG Group will be responsible for your data and the previsions as stipulated in their privacy notice will apply. To this effect, you may refer to the PUIG Group Privacy notice concerning how your data is processed and managed.


FROM WHERE DO WE GET YOUR DATA?


The personal data processed by STL has been provided directly by you by completing the forms provided for that purpose by STL.


HOW LONG WILL WE KEEP YOUR DATA?


STL will keep your data during the validity of your contractual relationship with STL and once expired during the prescription period of the actions that may arise from the relationship maintained.


For merely illustrative purposes, articles 1962-1972 of the Civil Code set deadlines for the prescription of actions that may go from one to thirty years, depending on the type of action to be exercised.


TO WHOM DO WE GIVE YOUR DATA?


Your data will be transferred to the different entities that form part of the STL Group (subsidiaries and franchisees) and that have access to the customer database, to which your personal data will be sent as a customer of STL products, for the handling of the following:


  • Collection and payment derived from the relationship with you.
  • Registration and removal of customer profiles in the STL database.
  • For operative and harmonizing reasons, your request to be unsubscribed from CH Carolina Herrera will be transferred to the PUIG Group.

The companies of the PUIG Group to which your personal data will be sent as a subscriber to commercial communications requested via the chcarolinaherrera.com website for the handling of the following:


  • Your purchase activity.
  • The sending of communications, promotions and commercial offers for products marketed by these entities
  • Registration and removal with respect to the sending of the newsletters managed by the PUIG Group.

Similarly, STL may outsource certain functions in order to improve the quality of service and/or for internal administrative purposes, and to this effect it will collaborate with Data Processors, always within the context of a Data Processing Agreement (DPA) that offers adequate guarantees.


WHAT ARE YOUR RIGHTS WHEN YOU PROVIDE US WITH YOUR INFORMATION AND HOW CAN YOU EXERCISE THEM?


You may, in the terms established in the data protection regulations, revoke at any time the authorization granted for the processing and transfer of your personal data, as well as exercise the rights of access, rectification, opposition, including the processing of data on the basis of legitimate interest, limitation, suppression, portability and not to be the subject of automated decisions, by writing to the Data Protection Office of Sociedad Textil Lonia, SA, at the following address: Parque Empresarial Pereiro de Aguiar, 31792, Pereiro de Aguiar (Ourense-Spain), or by email at: lopd@stlonia.com.


For greater transparency regarding your rights, please find below further information:


Right to Access


You have the right to obtain confirmation about the personal data we hold on you. You can contact us for further information concerning the aforementioned data by email.


Right to Portability


As long as STL processes your personal data through automated means based on your consent or an agreement, you have the right to obtain a copy of your data in a structured, commonly used and machine-readable format transferred to your name or to a third party. It will only include the personal information that you have given us.


Right to Rectification


You have the right to request the rectification of your personal data if it is inaccurate, including the right to complete incomplete data. Remember that in your User Area you can modify your personal data.


Right of Suppression


You have the right to obtain without undue delay the suppression of any personal data processed by STL at any time, except in those situations that the law considers an exception, such as compliance with a legal obligation.


Right to Oppose the Processing of data on the basis of legitimate interest


You have the right to object to the processing of your personal data based on the legitimate interest of STL. We will not be able to continue processing personal data unless we can attest compelling legitimate reasons for said processing that prevail over your interests, rights and freedoms, or for the formulation, exercise or defense of claims.


Right to Oppose direct marketing


You have the right to oppose direct marketing, including profile analysis made for direct marketing purposes.to.


Right to Restriction


You have the right to request that STL limit the processing of your personal data in the following circumstances:


  • If you object to the processing of your data based on the legitimate interest of STL, STL must limit any processing of such data pending the verification of legitimate interest.
  • If you claim that your personal data is incorrect, STL must limit any treatment of such data until its accuracy is verified.
  • If the treatment is illegal, you can object to the deletion of personal data and, instead, request limitation of its use.
  • If STL no longer needs personal information, but you need it for the formulation, the exercise or the defense of claims.


TO WHICH SUPERVISORY AUTHORITY CAN YOU ASSERT YOUR RIGHTS IN TERMS OF DATA PROTECTION?


In the event that you deem it necessary, you can contact the Spanish Agency for Data Protection with address at Calle Jorge Juan, 6, 28001, Madrid, Spain, in order to safeguard your rights.


UPDATES TO OUR PRIVACY NOTICE


We may proceed to update our Privacy Policy. The latest version will always be available on our website.


Cookies


Where you furnish your personal data via the Website, STL reserves the right to use cookies in order to recognise you as a frequent user and customise your use of the Website by means of pre-selecting your language, or more desired or specific content. By using cookies STL is able to recognise the user's browser in order to provide content and offer browsing or advertising preferences to the users' demographic profiles, measure visits and traffic parameters, and monitor the progress and number of hits.

In addition, in its preparation we have taken into consideration the instructions provided by the Spanish data protection agency in its "Guide on the use of cookies".


WHAT ARE COOKIES?


Cookies are small text files that are placed on your computer by the websites you visit. They are widely used to ensure that the Website functions correctly and efficiently since they provide the owners of the Website with information. The use of cookies is standardised in the majority of websites. Cookies enable us, among other things, to store and recover information on your browsing habits and your device and, depending on the information they contain and the way in which you use your device, they may be used to recognise and identify the user in order to enhance your browsing experience and offer you the services you request. If you would prefer not to send cookies to our systems you can disable and control them through your browser settings, erasing them from the browser history -cache- when you end your visit.


TYPES OF COOKIES


Classified by expiry date:

  • 'Session' cookies: Session cookies remain in your browser during your visit (e.g. until you close the browser or leave the site).


  • 'Persistent' cookies: Persistent cookies are saved in your browser after the session (unless they are deleted).




Classified by activity:
  • 'Performance' cookies: Performance cookies collect information on Website use; they do not gather personal data and the collected data is stored anonymously. Performance cookies are used to enhance the Website experience.


  • 'Functionality' cookies: Functionality cookies enable the Website to store any user options chosen on the webpage (such as, for example, changes in text size, customisation of the Website).




Classified by purpose:
  • Analytical cookies: Analytical cookies are used to gather data on user activity for statistical purposes. Among others, they analyse the number of users visiting the Website, the number of pages visited, as well as user activity on the Website and the frequency of use. The data collected is always anonymous in order to ensure that there is no way of using the data collected to identify any user.


  • Authentication cookies: These enable the Website to store any user options chosen on the webpage (such as, for example, changes in text size, customisation of the Website).




Classified by origin:
  • First-party cookies: First-party cookies are set by the web server of the visited page.


  • Third-party cookies: Third-party cookies are sent to the user's terminal equipment from a device or domain that is not managed by the editor, but rather by another entity that processes the data collected through the cookies.



USE OF COOKIES BY STL


Cookie use on the Website, in accordance with the guidelines of the Spanish data protection agency, is as follows: By using the Website, we understand that you consent to, and agree with, the use and storage of the following cookies on your computer/device/browser for the purposes stated above.

The cookies we use when a user visits our Website, based on the purpose for which they are used, are as follows:


Name of provider


Purpose of the Cookie


Description


_AN_CGID_COOKIE


Session cookies (not persistent)


Stores the categories visited by a user, which are later used by the following Analytics tags: Product tag, Cart tag, and Order tag.


REFERRER


Session cookies (not persistent)


The value of referer in the HTTP header.


WC_ACTIVEPOINTER
non-secured session cookie


Session cookies (not persistent)


This cookie contains the value of the store ID of the session. This value is used to select the store to run the command, if one is not specified on the URL.

  • valor: langId | storeId


SESSION_COOKIEACCEPT


Session cookies (not persistent)


Checks whether the client browser accepts cookies.


WC_AUTHENTICATION_ID
secure session cookie


Session cookies (not persistent)


WebSphere Commerce uses a secure authentication cookie to manage authentication data. An authentication cookie flows only over SSL. For increased security, it has a date and time stamp with a signature. This cookie is used to authenticate the user over SSL-connections.

  • value: userId | hashed by using SHA-1(sessionKey| userId | timestamp) sessionKey is the key that is used to encrypt session-related data


WC_GENERIC_ACTIVITYDATA
non-secured session cookie


Session cookies (not persistent)


This cookie exists only if it is a generic user (-1002) session. This cookie stores the session values such as store ID, language ID, and contracts.

  • value: activity token | storeId | business context values


WC_SESSION_ESTABLISHED
non-secured session cookie


Session cookies (not persistent)


This cookie is created on the first request that processes WebSphere Commerce run time. For example, a non-cache request.

  • valor: true


WC_USERACTIVITY_ID non-secured session cookie


Session cookies (not persistent)


This cookie is a user session cookie that flows between the browser and server over both SSL or non-SSL connections. It is used for user identification over non-SSL connections. It contains user session values such as, for example, the session login time, and session identifier information.

  • value: cookieValue | encrypted using 3DES (activityToken | cookieValue)

    where cookie value is : userId | storeId | passwordInvalidationFlag |
    attemptedPasswordProtectedCommands | logonTime | expiryTime | expiredUserId | preExpiryURL |
    forUserId | activeOrgId |



Cookie LTPA2
WebSphere Application Server cookie


Session cookies (not persistent)


This cookie is used when WebSphere Commerce is enabled for single sign-on with other WebSphere information centre applications.


WC_EdgeCacheComponent_storeId


Session cookies (not persistent)


Used for Edge Caching storage.


LtpaToken2


Session cookies (not persistent)


WebSphere Application Server LTPA token used for single sign on.


CompareItems_id


Functionality cookies


Cookie to compare items, currently disabled but the cookie is created independently.


WC_BACK


Functionality cookies


URL with filters for Back button to jump to product listing.


WC_CATEGORY


Functionality cookies


Item list for pagination subsequent and prior to the product listing page.


WC_NAV


Functionality cookies


Products that load as they scroll on pagination.


WC_COOKIE_WARN_storeId


Functionality cookies


This cookie is used to show the expired session pop-up.


WC_TIMESTAMP


Functionality cookies


This cookie stores the last date on which the user performed an action on the website. It combines with the WC_COOKIE_WARN_storeId cookie to display the popup.


WC_WISHLIST_storeId


Functionality cookies


Cookie that lists items stored in guest user's Wishlist.


_ga


Web analytics (Google Analytics)


This cookie is used to identify unique users.


_gat


Web analytics (Google Analytics)


This cookie is used to limit the request rate.


__utma


Web analytics (Google Analytics)


It is used to identify users and sessions. The cookie is created when the Javascript library is executed and there is no existing __utma cookie. The cookie is refreshed every time new data (a hit) is sent to Google Analytics.


__utmt


Web analytics (Google Analytics)


This cookie is used to limit the request rate.


__utmb


Web analytics (Google Analytics)


This cookie is used to identify new sessions or visits. The cookie is created when the Javascript library is executed and there is no existing __utmb cookie. The cookie is refreshed every time new data (a hit) is sent to Google Analytics.


__utmc


Web analytics (Google Analytics)


The _utmc cookie is no longer used by ga.js. It is set up for interoperability with urchin.js. Historically this cookie worked along with the __utmb cookie to identify whether the user was in a new web session or visit.


__utmz


Web analytics (Google Analytics)


This cookie stores the traffic source or campaign which explains how the user reached the site.


__utmv


Web analytics (Google Analytics)


This cookie is used to store visitor-level custom variable data.


_gat


Web analytics (Google Analytics)


This cookie is used to limit the request rate.


Maxmind (third-party cookies)


Geolocation


Session identifier with the Maxmind system.



By continuing to browse this Website, the user will be accepting the creation of cookies for the aforementioned purposes.

Notwithstanding the foregoing, should the user subsequently wish to eliminate the cookies that have been stored in his/her computer and which necessarily require his/her consent, he/she may do so using the tools provided by his browser for this purpose. In this connection, additional information may be found in the following section.


HOW TO BLOCK COOKIES


Should the user subsequently wish to block or eliminate the cookies that have been stored in his/her computer and which necessarily require his/her consent, he/she may do so using the tools provided by each web browser for this purpose. If the installation of cookies is not permitted on your browser, you may not be able to access certain sections of our Website.

Depending on the web browser used by the user, the procedure for allowing and eliminating cookies will be one of the following:


ADDITIONAL INFORMATION


  • The cookies are stored by the web browsers and browser settings must be used to exercise your right to eliminate or disable them. Neither this web nor its legal representatives can guarantee the correct or incorrect manipulation of cookies by the aforementioned browsers.


  • In certain cases it is necessary to install cookies to ensure that the browser does not forget your decision not to accept them.


PRIVACY POLICY UPDATE CONTACT


It is our policy to post any changes we make to our privacy policy on this page. If we make material changes to the way we treat our users' personal information, we will notify you. The date of the last revision of the privacy policy is identified at the top of the page. You are responsible for ensuring that we have an up-to-date, active, and deliverable email address, and for periodically visiting our website and this privacy policy to check for any changes.



CONTACT

If you have additional questions about our privacy practices, you may write to us at:

To: Privacy
Sociedad Textil Lonia Corp.
Parque Empresarial Pereiro de Aguiar, 31792, Pereiro de Aguiar (Ourense)

Or through the following email address legal@stlonia.com