Privacy Policy
Lillot NYC (“we,” “us,” or “our”) is committed to safeguarding your privacy and protecting your personal data. This Privacy Policy outlines how we collect, process, and protect personal information obtained through our website, lillotnyc.com (“Site”). We prioritize transparency, data minimization, and user control, in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the California Consumer Privacy Act of 2018 (“CCPA”), as amended by the California Privacy Rights Act (“CPRA”).
1. INTRODUCTION
We value the trust you place in us when visiting lillotnyc.com. Protecting your personal data is one of our highest priorities. This Privacy Policy explains how your personal data is collected, used, and disclosed, and your rights in relation to your personal information. We adopt industry best practices to ensure your data is handled securely and in compliance with all applicable data protection laws.
2. SCOPE OF THIS PRIVACY POLICY & DATA CONTROLLER STATUS
This Privacy Policy applies to the collection and processing of personal data by Lillot NYC through the use of our Site. As the data controller, Lillot NYC determines the purposes and means of processing personal data collected via lillotnyc.com. If you have any questions about this Policy or your personal information, please contact us at [email protected].
3. CATEGORIES OF PERSONAL DATA WE PROCESS
We may collect and process the following categories of personal data:
a. Usage Data
Information about how you use the Site, including your IP address, browser type and version, geographic location, pages visited, session duration, referral sources, and navigation paths.
b. Account Data
Personal details provided when creating an account or placing an order, such as your name, email address, postal address, and phone number.
c. Profile Data
Information such as your purchase history, shopping preferences, product interests, and behavioral insights generated through predictive analytics.
d. Communication Data
Records of communications with us, including support inquiries, feedback, and correspondence through email or Site contact forms.
e. Technical Data
Device type, operating system, device identifiers, browser plug-ins, screen resolution, time zone setting, and related system data collected automatically through cookies and other technologies.
f. Transaction Data
Data related to your purchases, including order details, shipping addresses, billing information, and partial payment card details (only facilitated through secure third-party processors).
g. Preference Data
Details about your marketing preferences and opt-in/opt-out status for newsletters, product alerts, and promotional messages.
4. LEGAL BASES FOR PROCESSING PERSONAL DATA
We collect and process your personal data only when a legal basis exists. These include:
– Consent: When you voluntarily provide data or agree to receive marketing communications.
– Contractual Necessity: When processing is required to fulfill a contract, such as delivering orders.
– Legal Obligation: When we are obligated under applicable law.
– Legitimate Interest: When processing is necessary for our legitimate interests, provided that such interests are not overridden by your fundamental rights and freedoms. This includes website analysis, marketing improvements, fraud prevention, and business operations.
5. YOUR DATA PROTECTION RIGHTS
Consistent with GDPR (for EU residents) and CCPA (for California residents), you have the following rights, subject to verification and limitations under law:
– Right of Access – You may request access to the personal data we hold about you.
– Right to Rectification – You can request corrections to inaccurate or incomplete data.
– Right to Erasure – You may request deletion of your personal data, subject to certain exceptions.
– Right to Restrict Processing – You can request that we limit the processing of your personal data in certain circumstances.
– Right to Data Portability – You have the right to receive your personal data in a structured, commonly used, and machine-readable format and, where feasible, transmit it directly to another controller.
– Right to Object – You may object to the processing of your personal data for direct marketing or based on our legitimate interests.
– Right Not to Be Subject to Automated Decision-Making – We do not use your data to make solely automated decisions that have legal or similarly significant effects.
To exercise any of your rights, please contact us at [email protected]. We will respond within the timeframes prescribed by law.
6. SECURITY MEASURES
We take appropriate technical and organizational measures to protect your personal data, including:
– End-to-end encryption of sensitive information
– Secure socket layer (SSL)/TLS protocols for data transmission
– Role-based and limited access controls
– Regular system audits and intrusion detection
– Secure data backups and disaster recovery plans
– Ongoing privacy and security training for staff
7. INTERNATIONAL DATA TRANSFERS
If you are located outside the United States, please be aware that your data may be transferred to, processed, and stored in the United States or other countries where our service providers operate. When transferring data internationally, we rely on legal safeguards such as Standard Contractual Clauses approved by the European Commission or equivalent legal mechanisms as required under data protection regulations.
8. DATA RETENTION
We retain personal data only as long as necessary to fulfill the purposes for which it was collected and to satisfy legal, regulatory, or contractual obligations. In general:
– Usage & Technical Data: Retained for up to 36 months for analytic purposes.
– Account, Profile & Transaction Data: Retained for up to 7 years for compliance and customer service.
– Communication Data: Retained for up to 3 years after the last interaction.
– Preference & Marketing Data: Retained until consent is withdrawn or account is deleted.
We securely delete or anonymize data after these periods.
9. COOKIE POLICY
Our Site uses cookies and similar technologies for various purposes, including:
– Essential Cookies: Necessary for enabling basic functions such as account login, cart management, and secure checkout.
– Functional Cookies: Enhance user experience through remembered settings and preferences.
– Analytics Cookies: Help analyze Site usage patterns to improve performance; examples include Google Analytics.
– Performance Cookies: Support loading speed and user interface responsiveness.
10. COOKIE MANAGEMENT & COMPLIANCE
Upon visiting lillotnyc.com, users are presented with a cookie consent banner in accordance with GDPR and CCPA requirements. You may accept, decline, or customize your cookie preferences at any time. Most browsers also allow you to block or delete cookies via settings. However, disabling certain cookies may impair full Site functionality.
California residents may opt out of the “sale” or “sharing” of personal information by following the designated link within the Site footer, pursuant to CCPA regulations.
11. CHILDREN’S PRIVACY
Our Site is not intended for children under the age of 13, and we do not knowingly collect personal data from children without verifiable parental consent. If you believe we have collected data from a child under 13, please contact us immediately at [email protected], and we will take prompt steps to delete such information.
12. UPDATES TO THIS POLICY
We reserve the right to update or modify this Privacy Policy at any time, in response to evolving legal, regulatory, or operational requirements. Where materially significant changes are made, we may alert users within the Site interface, via email, or through other prominent notifications. Your continued use of lillotnyc.com constitutes acceptance of such changes.
13. CONTACT US
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:
Email: [email protected]
Website: https://www.lillotnyc.com
We are fully committed to maintaining your privacy rights and ensuring compliance with all applicable data protection laws, including the GDPR and CCPA. Please feel free to reach out to us with any privacy-related inquiries.