Version: March 10, 2020
In a nutshell:
Now in more detail:
We are Donde Fashion Inc. - simply referenced here as “Donde”. You can find our contact details below.
Donde is transforming the online shopping experience. Donde’s cloud Platform is used by e-commerce companies and global retailers - our Customers - to provide their End-Users visual navigation and intuitive search based on the product visual features.
Our Customers decide the purposes for which they use Donde, as well as the means for collecting data. Our Customers control the data processed on their behalf on Donde and they are responsible under our mutual agreements, for handling any data rights and data requests of their End-Users as Data Controllers.
To make things clear with an example: if you’ve shopped online on Revolve.com and used Donde technology on that website, then you are an End-User, Revolve is our Customer and has full control over your personal data, and we process your personal data on R’s behalf and according to its instructions. If you’re an End-User and have any issue regarding your personal information, please contact the retailer you shopped with first!
In addition, we also operate several Websites - such as DondeSearch.com and DondeFashion.com - and collect personal data of Visitors. Some Visitors and other people who communicate with us, become our business Contacts or Customers. We collect and process various personal information regarding our Visitors, Contacts, and Customers, and we are the Data Controllers for such personal data.
If you are a Visitor, Contact or Customer of ours and have any issue regarding your personal information that we control, please contact us (details below).
If you’re a Contact or Customer of ours, there might be several ways in which we receive your personal data:
If you’re a retailer’s End-User, we probably DO NOT have your personal information, but we might have certain personally identifiable information about you that, together with other information sources that are not in our possession and are difficult to attain, might identify you. Donde makes no attempt whatsoever to personally identify End-Users. There are two ways in which we receive such data about you:
If you’re a Visitor to our Websites, we might receive some personal data through your device, operating system, and browser, and various hosting, tracking, analytics and advertising technologies used on our Websites, such as cookies (see below), Amazon Web Services, Content Management Systems by Webflow and others, Analytics and Advertising technologies by Google, Facebook, LinkedIn, and others, HR services by Comeet, Customer support services, and other technologies. Our Websites do not currently respond to “Do Not Track” signals sent by your browser or device.
If you’re a Contact or Customer of ours, we may collect and process these types/categories of personal data about you:
On the Donde Platform, various types of personally identifiable information might be collected. Our Customers decide what data to collect, by what means, and what data to send Donde in order to improve the End-User shopping experience.
These are the types/categories of personally identifiable information and other personal data about End-Users that we may process on Customers’ behalf:
We also collect and process these types/categories of non-identifiable personal data about anyone using our Websites and Donde experiences on Customers’ websites and apps:
Donde is a technology platform for retailers and is not intended for children. We do not knowingly collect or process information about children. Donde makes no attempt whatsoever to personally identify End-Users using Donde technology.
Please contact us (contact details below) if you have any concern with respect to Children’s personal data on the Donde Platform.
The purposes for the processing of personal data on the Donde Platform are determined by our Customers, the e-commerce retailers. Each Customer might use Donde for different purposes. Such purposes might include improving the online shopping experience; generating sales; shortening time to purchase; personalizing content, offers, communications and advertising; gathering customer preferences; reducing operational overhead; and more.
If you’re an End-User, we collect and use your personal data to provide our services to our Customers, according to their instructions and settings, so they can achieve their respective purposes. We do not sell personal information of our Customers’ End-Users to third parties.
Our purpose in processing aggregated, non-identifiable data on Donde is to provide our services to the Customers according to our agreements with them and applicable law. We also use of the data collected on Donde to ensure our products and services are working as intended; to analyze, measure and understand how our services are used; to improve our products and services; to develop new features, products, and services; to protect our company, staff, and Customers; and to comply with any applicable law and assist law enforcement agencies under any applicable law.
We may use anonymous, statistical or aggregated information collected on the Platform, in a form that does not enable the identification of a specific user, by posting, disseminating, transmitting or otherwise communicating or making available such information to customers, vendors, partners and any other third party. For example, affinity for a certain color or type of fabric by many End Users in a certain geography might help a retailer Customer of ours to tailor its homepage to customer demand.
We also process usage and analytics information, as well as some statistical and aggregate data derived from personal data, for the improvement and further development of Donde technology or for research purposes.
Websites, Customers, Contacts and Visitors:
If you’re a Customer, Contact, or Visitor on our Websites, we may process your personal data for our own business purposes, including:
As Data Controllers, our Customers usually process personal data on Donde (and we process such data as data processor on behalf of our Customers and according to their instructions) based on any or some of the following legal bases:
As Data Processors, we process personal data on Donde based on the following legal bases:
Websites, Customers, Contacts, and Visitors:
As Data Controllers for our Customers, Contacts and Visitors’ personal data, we process personal data based on any or some of the following legal bases:
For the delivery of our services, we share all End-User and Platform data on Donde with the Customer who is the Data Controller with respect to such data. This means that the retailer you shop with has access and control over all the information we collect about you. Our Customers may select to share the information with others, as stated in their respective Privacy Policies.
Customers, Contacts, and Visitors:
We process your details on our servers and computers, cloud hosting services (such as Google and Amazon), support systems and services (such as Slack), billing systems (such as Intuit QuickBooks), SMS gateways, Email and SMS communication services, and backup systems. We may share some of your details with our staff, subsidiaries, affiliates, contractors, consultants, resellers, and other third-party business partners for research and analysis, cooperation opportunities, joint promotions, sales, and events.
We may share data with our staff, subsidiaries, affiliates, and contractors for the provision of our services and our operations.
We use additional processors around the world for various processing activities needed for the performance of our Websites, Donde technology, our products and services, our operations, and our business, and share information with such processors on a need basis. Such processors include hosting and backup providers (such as Amazon and Google), analytics providers (such as Google and Fastly), website technology (such as AWS and Webflow), advertising technology (such as Google, Facebook, LinkedIn), telecommunication services, security technology, Business Intelligence (BI) and analysis contractors, and more. We limit the information we share with each processor based on the business need in using such a processor, to protect your information while still effectively benefiting from the services of such processor.
We may also share non-personally identifiable information and aggregate information for any purpose. Such data is not personal data, and its sharing cannot be used to identify you.
We may need to share your information with law enforcement agencies, courts of law, and other governmental organizations, if ordered to do so by competent bodies and according to applicable law.
Mergers and Acquisitions:
If we are involved with a merger, asset sale, financing, liquidation, bankruptcy, or the acquisition of all or part of our business to another company, we may share your information with that company and its advisors before and after the transaction date.
We take information security very seriously. To begin with, Donde Platform and technology implement Privacy by Design by encouraging data minimization - we do not collect personal information, and limit personal data collection to the minimum required to provide the optimal value to both retailer Customers and End-Users.
We implement the state of the art security standards to prevent unauthorized or excessive access, maintain data accuracy, and ensure the correct use of information. We encrypt all major data communication transmissions to avoid interception and securely backup the information on the Platform to avoid data loss. We also implement appropriate organizational measures to protect your information.
We apply our security standards also when working with business and technology partners. We only select and contract with processors and third parties who use appropriate security measures and provide sufficient guarantees, including technical and organizational measures, to ensure the appropriate protection of the data we entrust with them. Unfortunately, although we make every effort to keep your data safe, we cannot fully ensure or warrant the security of your personal information.
Most of our information is stored over the cloud on Google Cloud and Amazon Web Services in the U.S. and Europe. Google and Amazon take extreme measures with respect to privacy and data security. Read more about Amazon’s measures here and Google’s measures here. Our R&D and customer support center are located in Israel.
At the same time, our business is international - we serve Customers that operate global retail and e-commerce businesses and make use of Donde technology worldwide, and we utilize additional processors and service providers in various countries. Therefore, we transfer, store or otherwise process your personal information in other countries. We take appropriate safeguards in the selection of our processing vendors around the world to require that your personal information is well protected. Despite our efforts, it may be the case that a country where your personal information is processed has different, or less protective, data protection and privacy regulation than the country you live in.
Privacy Shield Framework:
Donde Fashion Inc. is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).
In compliance with the Privacy Shield Principles, Donde Fashion commits to resolve complaints about our collection or use of your personal information. European Union and/or Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Donde Fashion at firstname.lastname@example.org
Donde Fashion Inc. commits to cooperate with the panel established by the EU data protection authorities (DPAs) and/or the Swiss Federal Data Protection and Information Commissioner, as applicable, and comply with the advice given by the panel and/or Commissioner, as applicable, with regard to data transferred from the EU and/or Switzerland. You may have the option, under certain circumstances, to select binding arbitration for the resolution of your complaint. For further information, please see the Privacy Shield website.
Contact details for the EU data protection authorities can be found at https://edpb.europa.eu/about-edpb/board/members_en
If you’re an End-User using Donde technology on a retailer’s shopping experience, please approach such retailer to exercise any rights you may have, as they are the Data Controllers of your personal information. Otherwise, please contact us (details below).
According to the data protection and privacy regulation where you live, you may have certain rights with respect to your personal information.
Your rights may include, under certain terms and conditions set in the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), or other applicable law:
After deletion or anonymization of your personal data following its retention period, the rights to access, erasure, rectification, and data portability cannot be enforced.
Your personal information is processed based on several legal bases, sometimes including your consent. You can withdraw your consent at any time. Other legal bases, including statutory or contractual requirements that apply to you or our Customer might remain intact even following the withdrawal of your consent.
If you’re an End-User using Donde on a retailer’s shopping experience, please contact such retailer first with any issue, as they are the Data Controllers of your personal information.
When you contact us to exercise your rights, we will verify your request and identity. Depending on your residence, you might be able to designate an authorized agent to exercise these rights on your behalf, but we will require proof that the agent is authorized to act on your behalf and may also still ask you to verify your identity with us directly.
You can contact us with any question or concern you have at:
Donde Fashion Inc.
7 World Trade Center, 250 Greenwich Street, New York, NY 10007, USA
Tel: +1 650-687-7747