Your browser's Javascript functionality is turned off. Please turn it on so that you can experience the full capabilities of this site.

PRIVACY POLICY

Cotton On do Brasil Comercial e Participações LTDA, CNPJ registration N° 15.425.654/0001-34 (hereinafter referred to as “Cotton On BR”), protecting your privacy and the confidentiality of your personal data is very important. This Privacy Policy explains why we collect personal data, and how we collect, use, disclose and store them. It also explains how you can access, correct, update or delete any personal information provided to us, or make a complaint if you have concerns.

We comply with Law N° 13.709/2018 (Brazilian General Data Protection Law - LGPD) and all privacy principles and laws governing how we collect, use, disclose, store and protect your personal data. This Privacy Policy may change from time to time, and is available on our website.

WHICH ENTITIES OF COTTON ON ARE COVERED BY THIS POLICY?

This Privacy Policy applies to Cotton On BR, as well as Cotton On Australia Pty Ltd (ABN 13 634 090 083), and all of its related entities and brands in Brazil (hereafter referred to as “we” or “our”), including: Cotton On, Cotton On Body, Cotton On Kids, Rubi Shoes, Factorie, Typo and Supré.

WHAT ARE PERSONAL DATA?

Personal data are any information that may be used to identify you, such as your name, gender, date of birth, address, telephone number or email address.

In addition, sensitive personal data are data concerning your racial or ethnic origin, religious belief, political opinion, membership in a trade union or religious, philosophical or political organization, data concerning sexual health or life, genetic or biometric data, financial information, and so on.

WHAT ARE YOUR RIGHTS AS A DATA SUBJECT?

The Personal Data we process are yours and the Brazilian General Law of Data Protection - LGPD (Law N° 13.709/2018) guarantees you several rights related to them. We are committed to enforcing these rights and, in this section, we will explain what these rights are and how you can exercise them. Please see below:

YOUR RIGHTS	HOW TO EXERCISE THEM
Confirmation and Access	You may request confirmation that your Personal Data have been processed so that, if so, you can access them, including by requesting copies of the records we have about you.
Correction	You may request us to correct your Personal Data if it is incomplete, inaccurate or out of date.
Anonymization, Blocking or Deletion	You may request that we (a) anonymize your Personal Data so that they can no longer be attributed to you and are thus no longer Personal Data; (b) block your Personal Data, whereby we temporarily suspend your ability to process them for certain purposes; and (c) deletion of your Personal Data, in which case we shall delete all of your Personal Data without possibility of reversal.
Portability	You may request us to provide your Personal Data in a structured and interoperable format for transfer to a third-party, provided that such transfer does not violate the Company’s intellectual property or trade secrets.
Information on Sharing	You have the right to know the public and private entities with which the Company shares your Personal Data. On a case-by-case basis, we may limit the information provided to you if its disclosure would violate the Company’s intellectual property or trade secrets.
Information about your ability to opt-out	Information about your ability to opt-out You have the right to receive clear and complete information about the possibility and consequences of not providing consent, where this is the legal basis for processing. Your consent, when required, should be free and informed. Therefore, whenever we ask for your consent, you will be free to withhold it - in such cases, it is possible that some services may not be provided.
Revocation of consent	If you have consented to any purpose for processing your Personal Data, you can always choose to withdraw your consent. However, it will not affect the lawfulness of any Processing carried out prior to the revocation. If you withdraw your consent, we may be unable to provide certain services to you, but we will advise you when this occurs.
Opposition	The law authorizes the processing of Personal Data even without your consent or a contract with us. In such situations, we will only process your Personal Data if we have legitimate grounds to do so. If you do not agree with any of the purposes for which we are processing your Personal Data, you may object by requesting us to stop processing.

WHAT PERSONAL DATA DO WE COLLECT?

We may collect personal data such as name, gender, date of birth, address, telephone number, and e-mail address, among others. Information about your computer hardware and software is also collected automatically when you use our website. This information may include your IP address, browser type, access times and/or reference Websites.

We may use this information: (i) to run the website; (ii) to improve the quality of services offered on the website; and (iii) to maintain the quality of these services.

In principle, we will not collect sensitive personal data, except information limited to your gender, upon your express consent. We do not collect your financial information or save credit card numbers used to purchase products or services, as this information is collected by a financial institution that has its own privacy policy.

If you receive a request to provide sensitive personal data (such as credit card data) in an e-mail, please do not provide it, as the request may be fraudulent. We do not collect personal data via e-mail. You can help us identify fraud attempts: if something suspicious happens or if you receive any messages requesting personal data, please contact our Data Protection Officer.

WHY DO WE COLLECT YOUR PERSONAL DATA?

We may collect personal data whenever required by law. But in general, we collect data from you (or about you) so that we can:

Provide you with customized products, services and offers that may be of interest to you;
Communicate with you in a better way;
Enhance your experience with us;
For the purposes of drafting retargeting, traffic, demographic and interest reporting (see Cookies section below); and
To notify you about our new products and services, discounts, promotions, or upcoming events.

WHEN AND HOW DO WE COLLECT YOUR PERSONAL DATA?

Personal data may be processed based on consent. Consent may be revoked at any time with effect for the future, about which the data subject should be informed at the time of declaring their consent. In addition, consent should be free, informed and unambiguous , with information about the purposes for which it was collected and the data processing processes.

The declaration of consent shall be obtained in writing or electronically with associated audit proof documentation (e.g. log) for evidence purposes.

We collect personal data directly from you when you consent to receive communications from us. Your consent in relation to marketing activities shall be expressed (for example, you agree to the use of your information by checking a box).

We may also collect personal data directly from you when you: (i) enter into a contract with us to purchase a product; (ii) consent to provide it to us when answering an inquiry about our products or services; (iii) request to learn more about a product or service; (iv) enter our contests; (v) request a refund, return or other issue; (vi) use our websites or applications; or (vii) do business with us by phone or in writing.

We may also collect personal data from you when you consent to provide it to us when visiting our stores or by other means, always in writing.

WHAT IF YOU DO NOT WANT US TO COLLECT YOUR PERSONAL DATA?

You do not have to provide us with any personal data unless you want to. For example, it is your choice to receive communications from us or to purchase our products. If you choose not to provide us with your personal information, we may not be able to provide a product or service to you.

When you use our website or a browser to search our website or products, you can set your browser to remove or reject cookies by selecting the appropriate settings in your browser. If you wish to opt-out of the use of your browsing information for retargeting reporting, traffic, demographic data, and interest purposes, you shall download and install the Google Analytics Opt-out Browser Add-on (available at: https://tools.google.com/dlpage/gaoptout). Removing or rejecting cookies may affect the availability and functionality of our website, and updates to your browser may affect the functionality of the Google Analytics.

WHAT IF YOU DO NOT WANT TO RECEIVE ANY FURTHER COMMUNICATION FROM US?

At any time, you may unsubscribe from marketing communications through the unsubscribe link in the footer of any of our emails.

WHEN DO WE DISCLOSE YOUR PERSONAL DATA?

Your personal data will not be used in ways contrary to this Privacy Policy. Therefore, and provided you have given us prior written consent, we may disclose it to third-parties in the following cases:

To sell to you, service you, or run our business;
If we sell our business, in whole or in part, and the buyer requests your personal information;
To enforce our or third-party’s legal rights;
To prevent actual or potential fraud and illegal activity;
to those who provide us with technology, data storage, website hosting, marketing, operations, and customer service services; or
if we are required to do so by law.

If personal data is disclosed to third-parties, we will take reasonable steps to ensure that your personal data is handled in accordance with applicable data protection laws and principles. Some of our suppliers may be located abroad. We currently have servers hosting our website(s) in Australia, Singapore and the United States of America.

HOW CAN YOU ACCESS, CORRECT, UPDATE, OR OBJECT TO THE PROCESSING, TRANSFER, AND/OR DELETION OF PERSONAL DATA THAT WE HAVE COLLECTED?

You may request access to your personal data being processed by us by contacting our Data Protection Officer. We will provide you with access as soon as we have verified your identity.

If your personal data are incorrect or if you wish us to delete it or transfer it to another data controller identified by you, or if you wish to object to our processing, you may unsubscribe online or contact our Data Protection Officer via the contact details below.

HOW DO WE STORE AND PROTECT YOUR PERSONAL DATA?

We have appropriate measures in place to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way. We may store your personal in various ways, including electronic and printed media. Please be aware that there are inherent risks associated with the transmission of personal data over the Internet. However, we will take reasonable measures to maintain the integrity and security of all personal data we store, including reasonable measures to prevent interference with and loss, misuse, unauthorized access, modification or disclosure of such information.

It is important that you protect your privacy by ensuring that no one else obtains your personal data and you should contact us if your data changes. If you do not wish to use the Internet to transmit personal data, please send an e-mail or call the Data Protection Officer using the details below.

We keep your personal data for no longer than the necessary for the purposes for which they are processed. The period for which we keep them will depend on the nature of your data, the purpose for which it is processed, and whether you have chosen to unsubscribe from our communications.

If we no longer require your personal data for the purposes stated in this Privacy Policy, or if we have received it inadvertently, we will take reasonable steps to securely delete it or deidentify it as soon as reasonably possible, provided that it is lawful to do so.

We also have procedures in place to deal with any suspected data security breaches. We will notify you, and any applicable regulatory authority, of a suspected data security breach where we are legally required to do so.

COOKIES

General

We use cookies to collect certain information from you in order to customize your experience. Using cookies allows you to store the content of your purchases and retrieve your cart, and allows us to record the website areas you have visited, and the products you have purchased. We may also use cookies when you click on a link on our websites, or visit a website that displays our advertisements.

When we use cookies and other tracking technologies to collect your personal, non-personally identifiable information, we do so to: (i) better understand your browsing and purchasing behavior; (ii) review and track website usage data; (iii) determine the popularity of certain content; (iv) deliver advertising and content targeted to your interest on our website; (v) better understand your online activity; (vi) improve our website and your online experience; (vii) count the number of visits; (viii) and for other legitimate internal business purposes (together ‘retargeting, traffic, demographic and interest reports").

We have contracted with Google to provide our advertising and analytics services. Google may use cookies and other tracking technologies to collect non-personally identifiable information for retargeting, traffic, demographic and interest purposes reporting through Google advertising cookies and anonymous identifiers.

We have also contracted with Rakuten to provide analytics services. Rakuten may collect personal information when you interact with our digital property, including IP addresses, digital identifiers, information about your web browsing and application usage, and how you interact with our properties and advertisements. This is done for several purposes such as customizing offers or advertisements, analyzing how you engage with websites or advertisements, and other business purposes. For more information about the collection, use and sale of your personal data and your rights, please use the links below:

rakutenadvertising.com/legal-notices/services-privacy-policy/
rakutenadvertising.com/legal-notices/subject-requests/

Unsubscribe from Cookies

You can configure your browser to remove or reject cookies. Simply select the appropriate settings on the relevant browser.

You may also disable cookies by following the steps on the links below:

optout.aboutads.info
aboutcookies.org.uk/
https://tools.google.com/dlpage/gaoptout

ANY QUESTIONS OR CONCERNS?

If you have questions about our Privacy Policy or have a complaint, please contact us and we will do our best to answer within 30 days.

Chat/Web form: Via our Help Center

Mail: Data Protection Officer, Cotton On Group, 14 Shepherd Court, North Geelong, Victoria 3215, Australia

E-mail: privacyofficer@cottonon.com

Last updated: August, 2022