Data Protection Policy

Loading...

Freddy SPA UK, a company represented by the acting legal representative with registered offices at Leytonstone House, 3 Hanbury Drive, Leytonstone, London, E11 1GA, U.K. – (VAT no. 928 9064 86) email: [email protected]; DPO: [email protected]; Certified email: [email protected] (henceforth the “Data Controller”), as the data controller pursuant to art. 4, paragraph 7, and art. 24 of the Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data (henceforth the “GDPR”), hereby provides notice, pursuant to art. 13 of the GDPR, that it will process the personal data of users of the website (data subjects).

1. Types of data processed

REGISTRATION: When you register, we will collect only your email. Subsequently, we will ask you to complete your profile, entering your personal information, address and contact info.

Become an INFLUENCER:: f you want to participate in a casting call to become one of our influencers, we will collect the following personal data: name, surname, email, city, and Instagram username.

WORK WITH US: If you send us your CV, we will collect the data you provide us, generally personal information and contact information.

CONTACT US: if you fill in the “contact us” form, we will collect your email address.

CUSTOMER SERVICE: We will ask you for the personal information and contact information necessary to process your request. If you contact us via WhatsApp, we may process your mobile phone number and the data you provide us.

RETURNS AND EXCHANGES: If you fill in the online return form, we will ask you for the personal information and contact information necessary to process your request.

NEWSLETTER: If you sign up for the newsletter, you will need to provide us with your email address. If you want, you can indicate what type of information you are most interested in receiving.

REGISTER AS AN INSTRUCTOR: If you register as an instructor, we will collect the following data: personal data (name, surname, date of birth) and contact information, such as email address and telephone number. We will also ask you to provide the information about the gym where you work, which does not constitute personal data in the strict sense of the word, though it would make it possible to identify you indirectly. We will also ask you for your addresses.

PURCHASES: If you complete a purchase, we will process the following data: personal data, contact information, and shipping information.

Your IP address and browsing log will always be saved.

2. Legal basis and purpose of processing

Data will be processed in order to carry out the activities connected to the establishment and management of the service requested of the Data Controller.
Said data will be processed lawfully, suitably and with absolute confidentiality, complying with adequate security and safety measures and pursuant to applicable laws and the GDPR.
Processing will take place on paper and digitally. The data provided will not be shared or published.
In particular:

REGISTRATION: the purpose is to allow you to log in to our website, manage your newsletter preferences and facilitate the shopping process. The legal basis for processing is consent.

BECOME AN INFLUENCER: The purpose of processing is to let you participate in casting calls; the legal basis for processing is consent as well as the execution of pre-contractual measures carried upon at the request of the data subject.

WORK WITH US:
If submitting your CV without an open position:
To authorize the processing of your personal data, as necessary to complete your request, we need your consent.
If applying to an open position:
In this case, the lawfulness of the request derives from the execution of the pre-contractual measures carried out upon the request of the data subject and therefore we will not ask you to provide your explicit consent. We will not ask you to provide specific data; however, by providing personal data in your CV, you implicitly consent to the processing of that data.

CONTACT US: The legal basis for processing is consent and your personal data will be processed in order to respond to your request(s).

CUSTOMER SERVICES: The legal basis for processing is consent and your personal data will be processed in order to respond to your request(s).

RETURNS AND EXCHANGES: The legal basis for processing is consent and your personal data will be processed in order to respond to your request(s).

CHAT-WHATSAPP: The legal basis for processing is consent and your personal data will be processed in order to respond to your request(s).

NEWSLETTER: The purpose of processing is to inform you of updates and promotions; the legal basis for processing is consent.

REGISTER AS AN INSTRUCTOR: The legal basis for processing is consent and the purpose is to receive special discounts on your purchases.

PURCHASES: The purpose is to make it possible for you to purchase of our products and allow us to send them to you. The legal basis for processing is the fulfilment of a contract and its legal obligations (including accounting and tax obligations). Your data will be provided to the courier that will ship your items, duly appointed as the data processor. With your purchase, your data will be exported to CRM software for the delivery of sales information. Pursuant to art. 130 par. 4 of Italian leg. decree 196/03, your consent is not necessary, and you may opt out at any time.

DIRECT MARKETING, COMMERCIAL PARTNERS AND PROFILING: with your explicit consent, we will process your personal data including for direct marketing purposes through commercial partners, and we will conduct profiling activities.
Direct marketing: through the delivery of marketing materials and messages with informational and/or promotional content relating to products and services provided and/or promoted by the Data Controller, including via email and SMS messages (with specific, separate consent).
Commercial partner marketing: through the delivery of marketing materials and messages with informational and/or promotional content in relation to products and services provided by and/or promoted by FREDDY's commercial partners, which will process your data as independent data controllers.
Profiling: individual or aggregated, and for market research aimed, for example, at the analysis of consumer habits and choices, at the processing of statistics about them, or the assessment of their satisfaction with the prices and services offered.

THE FREDDY360° PROGRAMME: signing up for the FREDDY360° programme is strictly connected to the loyalty programme and thus does not require consent as the legal bases is derived from the fulfilment of the contract; the purpose is to offer you a series of benefits linked to the purchases made.
In any case: the IP address associated with the browsing log is saved for security purposes, in relation to the access to the relevant systems, and the legal basis is the legitimate interest of the Data Controller. For that same reason, we will also send you an email if you close your browser/tab to remind you of your abandoned cart.

3. Processing methods

The Data Controller will process personal data for the time necessary to fulfil the aforementioned purposes and, in any case, no longer than 10 years from the date they were obtained. The data relating to website registration (including as an instructor) will be processed until you decide to delete your account. After 7 years of inactivity on the website, we will send you an email to check to see if you wish to remain registered and, if you fail to confirm your interest in remaining registered, we will delete your account. For newsletters, direct and indirect marketing and profiling, personal data will be deleted 5 years after the last message sent or the last profiling activity completed. If you enroll in the freddy360 programme, you accept the terms of the programme and can cancel your registration at any time. CVs will be stored for 36 months, after which they will be deleted. If you write to us, we will process your data for the time strictly necessary to respond to your request; after that, your data will be deleted. Browsing logs will be stored for up to 24 months max.

4. Communication of data

The Data Controller may share data for the purposes listed in art. 2, with entities with which their provision is necessary by law, for the fulfilment of the purposes established by law. The data provided will not be shared or published. If the user chooses “Klarna” as a payment gateway, he/she will be redirected to that page. Klarna acts as an independent owner. For Klarna privacy policy click here: www.klarna.com/uk/privacy.

5. Data Storage and Transfer

The handling and storage of personal data will take place on servers located both within and outside of the European Union by the Data Controller and/or by third-party companies that have been appointed as data processors for that purpose. The Data Controller hereby guarantees that the transfer of personal data outside of the EU will comply with all applicable laws, entering into agreements that guarantee a suitable level of protection and/or adopting the standard contractual clauses as provided for by the EU, if necessary. Said data will be provided to the courier in charge of shipments. The list of data processors can be found in our offices.

6. Rights of the data subject

As the data subject, the client has the rights listed in art. 15 of the GDPR, more precisely:

  1. The interested party has the right to obtain confirmation of the existence or not of personal data concerning the same interested party, even if they haven't registered, and the communication of said data in an intelligible form.
  2. The interested party has the right to obtain information on:
    1. the origin of the personal data;
    2. the purpose and conditions of the processing;
    3. the logic applied in the case of processing done with electronic instruments;
    4. details of the controller, the processors and the representative;
    5. subjects or categories of subjects to whom the personal data can be communicated or can learn of the same as the appointed representative in the territory of the State, processors or persons responsible for the data.
  3. The interested party has the right to request:
    1. the revision, the correction or, in other words, the integration of the data, when this is in the interest of the same;
    2. the cancellation, transformation in anonymous form or blocking the data processed in violation of the Act, including data that doesn't need to be kept for the purposes for which the data was collected or subsequently processed;
    3. the declaration that the operations in letters a) and b) have been brought to the knowledge, also regarding the content of the same, to those the data has been communicated to or distributed to, with the exception of the case in which this fulfilment is impossible or involves the use of means that are clearly disproportionate with respect to the protected right.
  4. The interested party has the right to oppose, in whole or in part:
    1. for legitimate reasons, the processing of their personal data, even if relevant to the purpose of the collecting;
    2. the processing of personal data that regard the data subject for purposes not covered by art. 2.

Pursuant to art. 15 et seq. of the GDPR, the data subject has the right to request, at any time, access to his or her personal data, their rectification or erasure (right to be forgotten), and the restriction of their processing in the cases established by art. 18 of the GDPR; the data subject also has the right to data portability, receiving his or her personal data in a structured, commonly-used and machine-readable format in the cases established by art. 20 of the GDPR. At any time, pursuant to art. 7 of the GDPR, the data subject can withdraw his or her consent and, pursuant to art. 77 of the GDPR, lodge a complaint with a supervisory authority should he or she believe that the processing of personal data relating to him or her violates the GDPR.
Data subjects can object to the processing of their personal data pursuant to art. 21 of the GDPR. In that notice of objection, the data subject must justify their reasons for objecting: the Data Controller reserves the right to evaluate the request, which will not be accepted if there are legitimate, compelling grounds to process the data that override the interests, rights and freedoms of the data subject.
The data subject can assert his or her rights at any time by sending:

  • a return receipt registered letter to Freddy SPA UK - Leytonstone House, 3 Hanbury Drive, Leytonstone, London, E11 1GA, U.K.
  • an email to (regular email): [email protected]; (certified email): [email protected]
The company hereby declares to have appointed a DPO, who can be reached at the following email: [email protected]

COOKIE

In relation to the cookies that are installed on your computer, please note that the provision of data is optional. However, some cookies are necessary to browse the website; if you fail to provide your consent, the website may not work properly.
The website uses the following cookies:


Necessary

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

Cookie Name Cookie Provider Cookie Description Cookie Lifetime Cookie Type
PHPSESSID Magento To store the logged in user's username and a 128bit encrypted key. This information is required to allow a user to stay logged in to a web site without needing to submit their username and password for each page visited. Without this cookie, a user is unabled to proceed to areas of the web site that require authenticated access. 1 day 1st Party
private_content_version Magento Appends a random, unique number and time to pages with customer content to prevent them from being cached on the server. 10 years 1st Party
persistent_shopping_cart Magento Stores the key (ID) of persistent cart to make it possible to restore the cart for an anonymous shopper. 1st Party
form_key Magento Ensures visitor browsing-security by preventing cross-site request forgery. This cookie is essential for the security of the website and visitor. 1 day 1st Party
store Magento Tracks the specific store view / locale selected by the shopper. 1st Party
login_redirect Magento Preserves the destination page the customer was navigating to before being directed to log in. 1st Party
mage-messages Magento Tracks error messages and other notifications that are shown to the user, such as the cookie consent message, and various error messages, The message is deleted from the cookie after it is shown to the shopper. Necessary for the functionality of the website's chat-box function. Session 1st Party
mage-cache-storage Magento Local storage of visitor-specific content that enables e-commerce functions. This cookie is used in context with load balancing - This optimizes the response rate between the visitor and the site, by distributing the traffic load on multiple network links or servers. 1 day 1st Party
mage-cache-storage-section-invalidation Magento Forces local storage of specific content sections that should be invalidated. This cookie is used in context with load balancing - This optimizes the response rate between the visitor and the site, by distributing the traffic load on multiple network links or servers. 1 day 1st Party
mage-cache-sessid Magento The value of this cookie triggers the cleanup of local cache storage. This cookie is used in context with load balancing - This optimizes the response rate between the visitor and the site, by distributing the traffic load on multiple network links or servers. 1 day 1st Party
user_allowed_save_cookie Magento Indicates if the shopper allows cookies to be saved. 1st Party
mage-translation-storage Magento Stores translated content when requested by the shopper. 1st Party
mage-translation-file-version Magento Stores the file version of translated content. 1st Party
section_data_ids Magento Used in context with the shopping cart functionality. Remembers any wish-list products and visitor credentials when checking out. 1 day 1st Party
recently_compared_product Magento Necessary for the compare-products function on the website. 1 day 1st Party
_ga Google Analytics Registers a unique ID that is used to generate statistical data on how the visitor uses the website. 2 years 3rd Party
__cfduid bowercdn.net bowercdn.net Used by the content network, Cloudflare, to identify trusted web traffic. 30 days 3rd Party
connect.sid bowercdn.net The cookie is necessary for secure log-in and the detection of any spam or abuse of the website. 30 days 3rd Party
ku3-vid f72de57c.playground.klarnauserservices.com This cookie is used in conjunction with the payment window - The cookie is necessary for making secure transactions on the website. 539 days 3rd Party
ku1-sid freddy.com This cookie is used in conjunction with the payment window - The cookie is necessary for making secure transactions on the website. Session 1st Party
ku1-vid freddy.com This cookie is used in conjunction with the payment window - The cookie is necessary for making secure transactions on the website. 537 days 1st Party
__cfduid freddy.com freddy.com Used by the content network, Cloudflare, to identify trusted web traffic. 29 days 1st Party
__cfruid freddysupport.zendesk.com This cookie is a part of the services provided by Cloudflare - Including load-balancing, deliverance of website content and serving DNS connection for website operators. Session 3rd Party
__cfduid zendesk.com freddysupport.zendesk.com Used by the content network, Cloudflare, to identify trusted web traffic. 30 days 3rd Party
CONSENT google.com google.com Used to detect if the visitor has accepted the marketing category in the cookie banner. This cookie is necessary for GDPR-compliance of the website. 6082 days 3rd Party
rc::a google.com This cookie is used to distinguish between humans and bots. This is beneficial for the website, in order to make valid reports on the use of their website. Persistent 3rd Party
rc::c google.com This cookie is used to distinguish between humans and bots. Session 3rd Party
CookieConsent freddy.com Stores the user's cookie consent state for the current domain 1 year 1st Party
cf_chl_prog freddy.com This cookie is a part of the services provided by Cloudflare - Including load-balancing, deliverance of website content and serving DNS connection for website operators. 1 day 1st Party
X-Magento-Vary Magento This cookie is necessary for the cache function. A cache is used by the website to optimize the response time between the visitor and the website. The cache is usually stored on the visitor’s browser. 1 day 1st Party
mage-cache-timeout Magento This cookie is necessary for the cache function. A cache is used by the website to optimize the response time between the visitor and the website. The cache is usually stored on the visitor’s browser. Persistent 1st Party
__zlcstore freddy.com This cookie is necessary for the chat-box function on the website to function. Persistent 1st Party
ZD-arturos freddy.com Used to push or test different features in relation to the website’s Zendesk integration on a single user basis. Persistent 1st Party
ZD-suid freddy.com Unique id that identifies the user's session. Persistent 1st Party
__cfduid r1.trackedweb.net r1.trackedweb.net Used by the content network, Cloudflare, to identify trusted web traffic. 30 days 3rd Party
CONSENT youtube.com youtube.com Used to detect if the visitor has accepted the marketing category in the cookie banner. This cookie is necessary for GDPR-compliance of the website. 6082 days 3rd Party
AWSALBCORS zopim.com Registers which server-cluster is serving the visitor. This is used in context with load balancing, in order to optimize user experience. 6 days 3rd Party
ZD-store freddy.com Registers whether the self-service-assistant Zendesk Answer Bot has been displayed to the website user. Persistent 1st Party
yt-player-bandaid-host youtube.com Used to determine the optimal video quality based on the visitor's device and network settings. Persistent 3rd Party

Marketing

These Cookies are installed through the Website by third parties in order to display targeted advertising customized according to the preferences you expressed during the browsing session (for example, when you visit some pages of the Website or interact with the Website's features).

Cookie Name Cookie Provider Cookie Description Cookie Lifetime Cookie Type
recently_viewed_product Magento Collects information on which products have been viewed by the visitor - This is used for optimizing the specific visitor's navigation on the website. Persistent 1st Party
recently_viewed_product_previous Magento Collects information on which products have been viewed by the visitor - This is used for optimizing the specific visitor's navigation on the website. Persistent 1st Party
recently_compared_product_previous Magento Collects information on which products have been viewed by the visitor - This is used for optimizing the specific visitor's navigation on the website. Persistent 1st Party
MUID bing.com Used widely by Microsoft as a unique user ID. The cookie enables user tracking by synchronising the ID across many Microsoft domains. 1 year 3rd Party
uid criteo.com Collects visitor data related to the user's visits to the website, such as the number of visits, average time spent on the website and what pages have been loaded, with the purpose of displaying targeted ads. 1 year 3rd Party
test_cookie doubleclick.net Used to check if the user's browser supports cookies. 1 day 3rd Party
IDE doubleclick.net Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user. 1 year 3rd Party
fr facebook.com Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers. 3 months 3rd Party
tr facebook.com Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers. Session 3rd Party
zte# freddy.com Saves a Zopim Live Chat ID that recognises a device between visits during a chat session. Session 1st Party
__zlcmid freddy.com Preserves users states across page requests. 1 year 1st Party
_gcl_au Google AdSense Used by Google AdSense for experimenting with advertisement efficiency across websites using their services. 3 months 3rd Party
_uetsid freddy.com Collects data on visitor behaviour from multiple websites, in order to present more relevant advertisement - This also allows the website to limit the number of times that they are shown the same advertisement. 1 day 1st Party
_uetvid freddy.com Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor's preferences. 16 days 1st Party
recordID freddy.com Collects information on what products the visitor has viewed and the content of the shopping-cart. This is used to increase the website's conversion rate through targeted advertisement and product promotions through emails. 1 year 1st Party
dmSessionID freddy.com Collects information on what products the visitor has viewed and the content of the shopping-cart. This is used to increase the website's conversion rate through targeted advertisement and product promotions through emails. 1 day 1st Party
_fbp Facebook.com Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers. 3 months 3rd Party
cto_tld_test freddy.com Used to identify the visitor across visits and devices. This allows the website to present the visitor with relevant advertisement - The service is provided by third party advertisement hubs, which facilitate real-time bidding for advertisers. 1 day 1st Party
pagead/1p-user-list/# google.com Tracks if the user has shown interest in specific products or events across multiple websites and detects how the user navigates between sites. This is used for measurement of advertisement efforts and facilitates payment of referral-fees between websites. Session 3rd Party
_uetsid_exp freddy.com Contains the expiry-date for the cookie with corresponding name. Persistent 1st Party
criteo_write_test criteo.com Sets a unique ID for the visitor, that allows third party advertisers to target the visitor with relevant advertisement. This pairing service is provided by third party advertisement hubs, which facilitates real-time bidding for advertisers. 1 day 3rd Party
clerk-visitor-id clerk.io Tracks the user’s interaction with the website’s search-bar-function. This data can be used to present the user with relevant products or services. Persistent 3rd Party
_uetvid_exp freddy.com Contains the expiry-date for the cookie with corresponding name. Persistent 1st Party
YSC youtube.com Registers a unique ID to keep statistics of what videos from YouTube the user has seen. Session 3rd Party
VISITOR_INFO1_LIVE youtube.com Tries to estimate the users' bandwidth on pages with integrated YouTube videos. 179 days 3rd Party
yt-remote-device-id youtube.com Stores the user's video player preferences using embedded YouTube video Persistent 3rd Party
yt-remote-connected-devices youtube.com Stores the user's video player preferences using embedded YouTube video Persistent 3rd Party
yt-remote-session-app youtube.com Stores the user's video player preferences using embedded YouTube video Session 3rd Party
yt-remote-cast-installed youtube.com Stores the user's video player preferences using embedded YouTube video Session 3rd Party
yt-remote-session-name youtube.com Stores the user's video player preferences using embedded YouTube video Session 3rd Party
yt-remote-fast-check-period youtube.com Stores the user's video player preferences using embedded YouTube video Session 3rd Party
yt.innertube::requests youtube.com Registers a unique ID to keep statistics of what videos from YouTube the user has seen. Persistent 3rd Party
yt.innertube::nextId youtube.com Registers a unique ID to keep statistics of what videos from YouTube the user has seen. Persistent 3rd Party
uuid stylight.it To identify a user that has clicked on one of the products listed on Stylight as well as to be able to associate a conversion to that user in order to measure campaign success. 2 Years 3rd Party
KelkooID kelkoo.it This cookie is used to measure the performance of Kelkoo advertising campaigns 12 months 3rd Party
kk_gclid Kelkoo.it This cookie is used to measure the performance of Kelkoo advertising campaigns 12 Months 3rd Party
kk_leadtag Kelkoo.it This cookie is used to determine which version of the tracking tool is used. 12 Months 3rd Party
TT2_ tradetracker.com In case an affiliate link is followed, this cookie registers the originating affiliate website, promotion material used and optionally a reference set by the affiliate to allow affiliates to be rewarded for sending customers to merchants. No personally identifiable information is stored within these cookies 1 Year 3rd Party
TTS_ tradetracker.com In case an affiliate link is followed, this cookie registers the originating affiliate website, promotion material used and optionally a reference set by the affiliate to allow affiliates to be rewarded for sending customers to merchants. No personally identifiable information is stored within these cookies. 1 year 3rd Party
__tgdat tradetracker.com In case an affiliate link is followed, this cookie registers the originating affiliate website, promotion material used and optionally a reference set by the affiliate to allow affiliates to be rewarded for sending customers to merchants. No personally identifiable information is stored within these cookies. 1 year 3rd Party

Analytics

These are third party Cookies used for statistical purposes and collect information in an aggregated and anonymous form (for example, they are used to count user visits on the Website).

Cookie Name Cookie Provider Cookie Description Cookie Lifetime Cookie Type
product_data_storage Magento Determines which products the user has viewed, allowing the website to promote related products. 1 day 1st Party
_gid Google Analytics Registers a unique ID that is used to generate statistical data on how the visitor uses the website. 1 day 3rd Party
_gat Google Analytics Used to throttle request rate. 3rd Party
_hjTLDTest freddy.com Registers statistical data on users' behaviour on the website. Used for internal analytics by the website operator. Session 1st Party
_hjid freddy.com Sets a unique ID for the session. This allows the website to obtain data on visitor behaviour for statistical purposes. Persistent 1st Party
_hjFirstSeen freddy.com This cookie is used to determine if the visitor has visited the website before, or if it is a new visitor on the website. 1 day 1st Party
_dc_gtm_UA-# Google Tag Manager Used by Google Tag Manager to control the loading of a Google Analytics script tag. 1 day 3rd Party
_hjAbsoluteSessionInProgress freddy.com This cookie is used to count how many times a website has been visited by different visitors - this is done by assigning the visitor an ID, so the visitor does not get registered twice. 1 day 1st Party
collect google-analytics.com Used to send data to Google Analytics about the visitor's device and behavior. Tracks the visitor across devices and marketing channels. Session 3rd Party
_hjIncludedInSessionSample freddy.com Registers data on visitors' website-behaviour. This is used for internal analysis and website optimization. 1 day 1st Party
_hjIncludedInPageviewSample freddy.com Used to detect whether the user navigation and interactions are included in the website’s data analytics. 1 day 1st Party
ZD-buid freddy.com Unique id that identifies the user on recurring visits. Persistent 1st Party
pagevisit r1.trackedweb.net Registers statistical data on users' behaviour on the website. Used for internal analytics by the website operator. Session 3rd Party
yt-player-headers-readable youtube.com Used to determine the optimal video quality based on the visitor's device and network settings. Persistent 1st Party

In addition, below are a few links to instructions on how to disable cookies: