VeryChic Privacy Policy

1. Introduction

VeryChic SAS (hereinafter referred to as “VeryChic”) is an online flash sales travel agency, that operates by means of a website, along with an iOS and Android application. VeryChic recognises the paramount importance of respecting the protection of the personal data of its members, customers, and users (hereinafter referred to as “you” or “your”) of its website and applications. In order to provide you with complete and transparent information on the use of your personal data as well as on the various rights that you can exercise, we present you with this privacy policy (hereinafter referred to as the “Policy” or “Privacy Policy”).

VeryChic reserves the right to change this Privacy Policy and modify its content at any time. VeryChic will communicate to you any modifications to the Policy immediately after, via the VeryChic website, or by e-mail if appropriate.

2. Definitions

“Application”: refers to both the VeryChic iOS and Android applications;

“Customer”: any natural or legal person who makes a purchase on the VeryChic Site or Application;

“Data Recipient”: the natural or legal person, public authority, service, or any other body which receives Personal Data, whether its internal to VeryChic or a third party;

“Personal Data”: all information relating to an identified natural person or identifiable natural person (a natural person who can be identified, directly or indirectly, notably by reference to an identifier, such as: a name, an identification number, location data, an online identifier, or to one or more specific physical, physiological, genetic, psychic, economic, cultural or social identifying elements);

“Member”: any natural person who registers on the Site or Application, in order to access VeryChic's private offers.

“GDPR”: refers to the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and the free movement of such data (General Data Protection Regulation);

“Data Controller”: in relation to the GDPR, a Data Controller is a natural or legal person, public authority, service, or other body which, alone or jointly with others, determines the purposes and means of data treatment. The Data Controller for your Personal Data on the Site or Application is VeryChic;

“Site”: refers collectively to the www.verychic.co.uk website (whether accessed via computer or mobile device), Applications, and all other addresses and media operated by VeryChic (or any URL that could be substituted for or constitute an alias);

“Data Processor”: a natural or legal person, public authority, service, or other body that processes personal data on behalf of the Data Controller;

“Processing”: any operation or set of operations carried out, whether aided by automated processing or not, and applied to personal data or sets of Personal Data, such as collection, registration, organisation, structuring, preservation, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of provision, reconciliation or interconnection, limitation, deletion or destruction;

“User”: any natural person who navigates the VeryChic Site or Application but who is not a Customer or Member.

3. Who is the Data Controller for your Personal Data?

VeryChic acts as Data Controller of your Personal Data within the framework of the GDPR.

The contact details of VeryChic are as follows:

VERYCHIC SAS

23 rue d’Anjou

75008 PARIS

4. Categories of personal data processed by VeryChic

As soon as a User, Member or Customer consults the VeryChic Site or Application, their personal data is susceptible to being processed.

VeryChic processes your Personal Data in accordance with Article 4.1 of the GDPR, said definition being recalled in this Policy. We collect the following types of data that transmit to us:

- For Members: information provided at the time of your registration on the Site or Application to be become a Member of VeryChic, in order to access the offers, this includes your name, civil status, postal code, and e-mail address. All this data is considered Personal Data under the GDPR.

- For Customers: information provided at the time of booking, by filling in the booking form; these include your name, civil status, your phone number, your email address, your postal address, any information provided by you in the comments section, and data concerning those travelling with you (for example, names and last names, dates of birth, ages).

- For Members and Customers: information provided when modifying your account information on the Site, during your contact requests, when you wish to order a VeryChic gift card, and more generally during your navigation on the Site and Application. This includes information relating to your journey such as searches carried out, your IP address, pages visited, opening of emails, clicks in emails, quote requests, favourite products, and the medium used to access the Site or Application.

- For Users: while browsing the Site or Application, personal data such as your IP address, may be collected through cookies.

5. For what purposes do we use your Personal Data and how long do we retain it?

In order to provide a simplified presentation of the characteristics of the Processing of your Personal Data, please refer to the table below, containing the reasons for which we process your Personal Data (Purpose), our justifications for the Processing (Legal Basis), as well as the length of time during which we process them (Retention Periods).

5.1. If you are a VeryChic User

PURPOSE

LEGAL BASIS

RETENTION PERIOD

Ensure the proper functioning of the Site and Application, and audience analysis

Our legitimate interest, via the use of cookies, in ensuring the proper functioning of the Site and Application, and in knowing the traffic generated on the Site and Application

Concerning the data necessary for the proper functioning of the Site and the Application: the data is kept for a period not exceeding 13 months

Concerning the data necessary for the audience analysis: the data is kept for a period not exceeding 25 months

5.2. If you are a VeryChic Member

PURPOSE	LEGAL BASIS	RETENTION PERIOD
User account management: - Registration, - Taking into account, and the modification of personal preferences - Changing passwords	Contractual obligation	Until anonymisation or deletion of the account by the user or at the end of a period of 3 years of inactivity unless the user expresses a wish to the contrary before the end of this period, after which the user account will be archived and then deleted or anonymised at the end of 5 years. For customer members with reservations, the retention period in the archive database is extended to 10 years. Concerning Customers: in the event that active bookings (an active booking being a booking for the current year or for the previous year) are attached to your account, your account deletion request may be postponed during the time necessary for the transmission of your Personal Data to our travel partners, in order to ensure the smooth execution of the services booked
Managing your contact requests	Our legitimate interest in managing and processing your contact requests and responding to you	Your data will be kept for the time necessary to process your request.
Distribution of our newsletter and personalised offers. Our newsletters may include inserts relating to offers provided by our partners, or direct links to their sites	Your consent	Your data will be kept until you withdraw your consent to receive our newsletter, or for a period of 3 years from your last contact with us
Occasional recordings of telephone calls made to our Customer Service	Our legitimate interest in improving the quality of our services and training our staff members	Telephone recordings are kept for a period not exceeding 90 days
Managing gift card orders: - Management of personalised messages, methods of receiving the gift card, and payment Delivery to beneficiaries - After-sales service and complaints management - Fraud analysis	Contractual execution	During the period of the contractual relationship
	Legal obligation	For a period of 5 years from the order of the gift card
Ensure the proper functioning of the Site and Application and audience analysis through use of cookies	Our legitimate interest, via the use of cookies, in ensuring the proper functioning of the Site and Application, and in knowing the traffic generated on the Site and Application	Concerning the data necessary for the proper functioning of the Site and the Application: the data is kept for a period not exceeding 13 months Concerning the data necessary for the audience analysis: the data is kept for a period not exceeding 25 months
Display of personalised advertisements, and analysis of advertising performance via the use of cookies	User consent is required for the installation of advertising cookies	The data is kept for a period not exceeding 18 months
Management of our accounting and financial obligations	Compliance with our legal data retention obligations	We keep your data for the duration consistent with legal obligations or deadlines provided for by law
Litigation management	Our legitimate interest in providing proof in the event of litigation	We keep your data for the applicable legal limitation periods

5.3. If you are a VeryChic Customer

In addition to the purposes, legal bases, and retention periods mentioned in the table of article 5.2 above, the following applies:

PURPOSE	LEGAL BASIS	RETENTION PERIOD
Management of stay and travel bookings: - Management and monitoring of travel and services booked through the Site and Application, - Registration and payment of bookings made travel and services - Management of complaints and after-sales services	Contractual execution	During the period of the contractual relationship
Management of our accounting and financial obligations	Compliance with our legal data retention obligations	We keep your data for the duration consistent with legal obligations or deadlines provided for by law
Litigation management	Our legitimate interest in providing proof in the event of litigation	We keep your data for the applicable legal limitation periods

Upon completion of our commercial relations, we may archive some of your data, this means storage on a limited access medium separate from the active database, in order to comply with a legal obligation weighing on us or to prevent any litigation. These durations are set according to the applicable legal requirements.

6. Data Recipients of the Personal Data concerning you

Your personal data may be transmitted within our various departments (such as our sales department or our accounting department), only to people authorised by their function, to process them.

They may also be transmitted to our external partners and suppliers for the execution of tourist services, in particular with hotels, restaurants, airlines, tour operators, local travel agencies, leisure or transport service providers, and insurance companies. Where applicable, they may also be transmitted to our payment providers in the event of a reservation or gift card order placed on the Site or Application.

Your data may also be transmitted to our IT service providers acting in our name and on our behalf, such as our web host, our service providers for IT management, marketing tools, and customer relationship management. We ensure that they provide the necessary guarantees to respect the security and confidentiality of your data.

We may also be required, under a legal obligation, to transmit your Personal Data, to an administrative authority or an authorised public body (e.g. social security, tax administration or others).

7. Transfer of Personal Data outside the European Union

For certain of the purposes previously mentioned, we may transfer your personal data to external Data Recipients located outside the European Union, these third countries may offer different levels of protection of Personal Data.

Apart from the data flows necessary for the execution of your booking for which the GDPR indicates that they can be carried out without any particular guarantee, data transfers to countries outside the European Economic Area that do not have equivalent personal data protection are in this case governed by the standard contractual clauses adopted by the European Commission, accompanied by additional guarantees, if necessary, allowing to ensure their complete application.

You can request more information on the guarantees in place by sending us an email to the address indicated in article 9 below.

8. Rights of Users, Members and Customers

In accordance with Articles 15 to 21 of the GDPR, Users, Members and Customers are entitled to the rights listed below at any time:

- The right to access your Personal Data. It is also possible to directly consult your data by clicking on “My account” on the VeryChic Site or Application.

- The right to rectify your Personal Data. It is possible for Members and Customers to directly modify their Personal Data by clicking on “My account” on the VeryChic Site or Application. In order to ensure better account management, it is recommended that Members and Customers update the Personal Data on their account.

- The right to delete your Personal Data, for Users, Members, and Customers.

- The right to limit Processing of your Personal Data, for Users, Members, and Customers.

- The right to oppose Processing of your Personal Data in the event that it is based on the legitimate interest of VeryChic. We remind you that you can object at any time and without justification to receiving commercial offers from us.

- The right to the portability of your Personal Data.

- The right to withdraw consent for the Processing of your Personal Data, you have the right to either partially or fully withdraw your consent for the Processing of your Personal Data by VeryChic at any time.

- The right to submit a complaint to the relevant supervisory authority (in France, this authority is the Commission Nationale de l’Informatique et Libertés (CNIL), whose postal address is: 3 Place Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07).

9. How to exercise rights

You may exercise your rights at any time by contacting VeryChic at the following email address: rgpd@verychic.com, or by post to the address given in article 3 above.

10. Cookies Policy

As indicated above, we may collect Personal Data relating to your browsing on the VeryChic Site and Application through the use of cookies.

A cookie is a file that a website or application stores on a computer, smartphone, tablet, or any other device, in order to collect data related to navigation.

Cookies are mainly used to remember your choices and preferences in order to optimise your navigation of the Site and Application. Through them, we can also, and, when applicable, subject to your prior consent, carry out audience analysis, allowing us to produce statistics concerning the use of our Site and Application, and for the display of personalised advertisements based on your preferences and your browsing. For more information regarding the purposes of cookies used, their issuers and the means available to you to oppose them, we invite you to consult:

- For the Site: the “Cookies Settings” by clicking on the Cookie logo located at the bottom left of the navigation pages.

- For the Application: go to “Privacy settings” in the “My Account” section of the application.