...
...
New Arrivals Clothing Sleep Intimates Gifts MILLS’ PICKS Sale

Delta Galil Privacy and Data Protection Policy and Notice

Last Revised: October 29, 2024

This Privacy and Data Protection Policy and Notice (the “Privacy Policy”) applies to the website florencebymillsfashion.com (the “Website”) through which certain licensed Florence by Mills (“FBM”) branded products are marketed and sold to customers (the “Services”). The Website and Services are offered by Delta Galil Inc. (and its corporate entities, licensees, and its and their respective affiliates and distributors, “Delta Galil”, “we”, “us” or “our”).

We are committed to protecting the personal information that is shared with us. Delta Galil respects the privacy of its customers (these and any others with respect to whom we collect personal data shall collectively be referred to as the “Data Subjects” or “you”).

Thie Privacy Policy explains the types of information we might collect from you, that we receive from you or that may be provided to us in the course of your interest in or use of our Services, business transactions, or when you visit the Website. Please read this Privacy Policy carefully in order to understand our practices regarding the processing of your personal data and how we will treat it.

  1. INFORMATION ABOUT US

    We are incorporated in the State of Delaware and our business address is at 1601 Sycamore Road, Montoursville, Pennsylvania 17754, United States of America (“USA”). For the purposes of the European Union’s (“EU”) General Data Protection Regulation 2016/679 (the “GDPR”) and other applicable privacy laws, Delta Galil is a data controller (a “Controller”) in relation to your personal data. Likewise, Delta Galil is a Business (as defined under the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (together, the “CCPA”), and other applicable USA state privacy laws. Please note that in addition to Delta Galil, some third parties, such as FBM, act as independent controllers of the Personal Data (defined below) and you should contact them directly concerning their use of your data.

  2. INFORMATION WE COLLECT AND HOW WE COLLECT IT

    Summary: We collect various categories of personal data in order to meet our contractual obligations and various legal obligations and legitimate interests, such as fraud prevention and marketing.

    We collect data about you in connection with your online engagement with us. We collect several categories of personal data (“Personal Data”) as described below:

    1. Shoppers of the Website and Benefactors of the Services:

      Sources of Personal Data

      We obtain your Personal Data from you directly, for example, when you complete an order form on the Website, and/or our third-party service providers who assist us in administering the Website (such as metadata).

      Personal Data that We Collect and Process

      Your name (first and last), address, email address, phone number, opt-in for SMS messaging, the content of your inquiry, online identifiers such as Internet Protocol (IP) addresses and details about the devices and browsers you use in connection with our services, order information and purchase history, browsing and user-interaction history, warranty information, Website session information, geolocation data related to the general geographic location of your device used to access the Website, and any direct communication, such as emails, voice calls, instant messaging or chatbot interactions.

      You do not have any legal obligation to provide any information to us. However, we require the information mentioned above in order to fulfill your order or to process and respond to your inquiry, and to provide the Services. If you choose not to provide us with such information, then we may not be able to fulfill your order, respond to your inquiry or provide you with some or all of the Services.

      Subject to the applicability of a specific privacy law (including the CCPA) to Delta Galil, the aforementioned types of Personal Data that we collect from you correspond to the following categories of personal information collected by us within the past 12 months (depending on which other privacy laws may apply, it may be earlier than 12 months prior) in our role as a “business” (as defined in the CCPA) or similar equivalent in other privacy laws:

      • Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers;
      • Any information that identifies, relates to, describes, or is capable of being associated with, a particular individual, including, but not limited to, his or her name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. “Personal information” does not include publicly available information that is lawfully made available to the general public from federal, state, or local government records;
      • Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies;
      • Internet or other electronic network activity information, including browsing history, search history and information regarding a consumer’s interaction with an internet website, application or advertisement;
      • Geolocation data; and
      • Inferences drawn from any of the information above to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities and aptitudes.

      Why Do We Collect Your Personal Data and What are the Lawful Bases?

       

       

      Purpose for Processing of Your Personal Data

      Lawful Basis for Processing of Your Personal Data

       

      Our Legitimate Interest in the Processing of Your Personal Data

       

      Fulfillment of your order(s)

      Performance of Contract

       

      N/A

       

      Establishment and management of our relationship with you

       

      Legitimate Interests

      Efficiently fulfilling our contractual and legal obligations, account

      management, exercising or defending against legal claims, market

      evaluation, management reporting (internally and externally)

       

      Increasing internal awareness about how our products and services may be used

       

      Legitimate Interests

      Understanding the market in which we operate, account management

      and management reporting (internally and externally), analytics

      Security management

      Legal Obligation

      N/A

      Increasing your awareness about products, services, and events that may be of interest to you by letter, phone, email, or other forms of electronic communication

       

      Legitimate Interests

       

      Promoting our products and services

      Increasing your awareness about products, services, and events that may be of interest to you by letter, phone, email, or other forms of electronic communication

       

      Legitimate Interests or Consent (according to law)

       

      Promoting our products and services, maintenance and management of our business relations, management reporting (internally and externally)

       

      General business management

       

      Legitimate Interests

      Management reporting and assessments

      Statutory reporting obligations

      Legal Obligation

      N/A

      If you object to our use of your Personal Data for the aforementioned purposes, including for direct marketing purposes, please contact us at customercare@florencebymillsfashion.com.

      We will seek your prior consent when required by applicable law when, for direct marketing purposes, we use (a) cookies or other similar technologies, and/or (b) your email address to communicate marketing information to you.

      Subject to the applicability of a specific privacy law (including the CCPA) to Delta Galil, the following are the CCPA business or commercial purposes for which we collect, disclose, share and sell each category of Personal Data. Details about the information we collect for each category are provided above in the sub-section titled, “Personal Data that We Collect and Process”, of this Section 2.1 (Shoppers of the Website and Benefactors of the Services).

       

      Categories of Personal Information

      Business or Commercial Purposes for Collection, Disclosure, Sharing and Sale

      Identifiers

      Auditing related to counting ad impressions to unique

      visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other

      standards.”

      Helping to ensure security and integrity to the extent the use of the consumer’s personal information is reasonably

      necessary and proportionate for these purposes.”

      Performing services on behalf of the business, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying

      customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services on behalf of the business.”

      Providing advertising and marketing services, except for cross-context behavioral advertising, to the consumer

      provided that, for the purpose of advertising and marketing, a service provider or contractor shall not combine the personal information of opted-out consumers that the service provider or contractor receives from, or on behalf of, the business with personal information that the service provider or contractor receives from, or on behalf of, another person or persons or collects from its own interaction with consumers.”

      Personal information

      Commercial information

       

      Geolocation data

       

      Internet or other electronic network activity information

      Helping to ensure security and integrity to the extent the use of the consumer’s personal information is reasonably

      necessary and proportionate for these purposes.”

      Debugging to identify and repair errors that impair existing intended functionality.”

      Undertaking internal research for technological development and demonstration.”

       

       

      Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by the business, and to

      improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by the business.”

  3. SHARING DATA WITH THIRD PARTIES

    Summary: We disclose your Personal Data to our third-party service providers. We sell your Personal Data solely to FBM and FBM-branded third parties. We share your Personal Data.

    A list of the third parties that we disclose, sell and/or share your Personal Data to, including FBM and FBM-branded third parties and our sub-processors, can be found at florencebymillsfashion.com. The list is kept current and includes the type of Personal Data shared, for what purposes and where such third parties are located internationally. If you want to be notified of changes to the list, you may sign up for email notifications at the aforementioned site or by contacting us at customercare@florencebymillsfashion.com.

    As detailed further below in Section 5 (International Data Transfers), when we transfer Personal Data from the European Economic Area (“EEA”) or the United Kingdom (“UK”) outside of the aforementioned jurisdictions, such transfers will always take place under an approved transfer mechanism or adequacy decision, as applicable, such as the relevant Standard Contractual Clauses (SCCs), if required.

    Mergers and Acquisitions: We will disclose your Personal Data to third parties if some or all of our companies or assets are acquired by a third party, including by way of a merger, share acquisition, asset purchase or any similar transaction in which case Personal Data will be one of the transferred assets.

    Legal and Regulatory Obligations: We transfer Personal Data to third parties if we are under a duty to disclose or share your Personal Data in order to comply with any legal, audit or compliance obligation in the course of any legal or regulatory proceeding or investigation, in order to enforce or apply our terms and other agreements with you or with a third party, or in order to assert or protect our rights, property or safety of Delta Galil, our customers or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection, credit risk reduction and in order to prevent cybercrime.

  4. WHERE WE STORE YOUR DATA

    Summary: We store your Personal Data across multiple jurisdictions globally.

    We store your Personal Data on servers owned and controlled by Delta Galil or its affiliates or processed by third parties on behalf of Delta Galil, such as reputable cloud service providers (see Sections 3 (Sharing Data with Third Parties) and 5 (International Data Transfers) in this Privacy Policy). This includes, but is not limited to, the USA, the EU and the UK.

  5. INTERNATIONAL DATA TRANSFERS

    Summary: We transfer Personal Data internationally with appropriate safeguards in place.

    We transfer, store and process the types of Personal Data mentioned above in Section 2 (Information We Collect and How We Collect It) to locations outside of the EEA and the UK in order to facilitate the purposes mentioned above in Section 2 (Information We Collect and How We Collect It). This includes transfers to the State of Israel (“Israel”), where our group headquarters is located, as well as other jurisdictions where our third-party service providers (such as our processors) are located. For a complete list of the jurisdictions of our third-party service providers and any sub-processors they may engage, please visit florencebymillsfashion.com.

    We transfer Personal Data to locations outside of the EEA and UK in order to:

    • Store or backup the information;
    • Enable us to fulfill our contractual commitments to you;
    • Enable us to fulfill any legal, auditory, ethical or compliance obligations which require us to make such a transfer;
    • Facilitate the operation of our group business, where it is in our legitimate interest, and we have concluded that such interest is not overridden by your rights;
    • Serve you across multiple jurisdictions;
    • Operate our affiliates in an efficient and optimal manner.

    Where your Personal Data is transferred outside of the EEA or the UK, we will take reasonably necessary steps to ensure that your Personal Data is subject to appropriate safeguards, and that such Personal Data is treated securely and substantively in accordance with this Privacy Policy. Transfers from the EEA to Israel are made based on an adequacy ruling by the European Commission. Transfers from the EEA to the USA are made based on the EU-US Data Protection Framework or Standard Contractual Clauses (SCCs) published by the European Commission, as applicable. Transfers from the UK to the EEA or Israel are made based on the UK’s Adequacy Regulations. Transfers from the UK to the USA or other non-adequate countries are made based on the UK’s International Data Transfer Addendum to the EU Commission Standard Contractual Clauses. For more information about these safeguards, please contact us at customercare@florencebymillsfashion.com.

  6. DATA RETENTION

    Summary: We retain Personal Data in accordance with our data retention policy and as required to meet our obligations, protect our rights and manage our business.

    Delta Galil will retain Personal Data we process only for as long as required in order to fulfill each purpose for which such Personal Data is collected, all in accordance with our data retention policy, which can be found at florencebymillsfashion.com, and as necessary to comply with our legal and other obligations, to resolve disputes and to enforce agreements. We will also retain Personal Data to meet any audit, compliance and business best-practices.

    Personal Data that is no longer retained will be anonymized or deleted. Likewise, Non-Personal Data, such as metadata and statistical information, concerning the use of the Website and the Services are not subject to the deletion procedures in this Privacy Policy and our data retention policy and will be retained by Delta Galil. We will not be able to identify you from this data. Some data may also be retained on our third-party service providers’ servers until deleted in accordance with their privacy policy and their retention policy, and in our backups until overwritten.

  7. DATA COLLECTION FROM THE WEBSITE AND FROM COOKIES

    Summary: We place cookies on your device. You control our use of cookies through a cookie management tool on the Website or through your device and browser.

    The Website uses cookies, pixel tags and other forms of identification and local storage (collectively, “cookies”) to distinguish you from other users of the Website. This helps us to provide you with an optimal user experience and allows us to provide and improve our Website and the Services and promote our marketing efforts. Functionality cookies (also called ‘essential cookies’) do not require your consent. For other cookies, however, depending on your jurisdiction and applicable laws, we request your consent before placing them on your device or browser.

    The Website includes the Shopify cookie management tool. Your consent to placement of cookies is stored and tied to your account. Our detailed Cookies Policy is available online at florencebymillsfashion.com. You can choose to change your cookies settings for the Website at any time by following the instructions set forth in our Cookies Policy.

  8. SECURITY AND STORAGE OF DATA

    Summary: We take data security very seriously, invest in security systems and train our staff. In the event of a breach, we make the appropriate notifications as required by law.

    We take great care in implementing, enforcing and maintaining the security of the Personal Data we process. Delta Galil implements, enforces and maintains security measures, technologies and policies to prevent the unauthorized or accidental access to or destruction, loss, modification, use or disclosure of Personal Data. We likewise take steps to monitor compliance of such policies on an ongoing basis. Likewise, we take at least industry standard steps to ensure the Website and Services are safe and to prevent unauthorized access to our databases.

    Please note, however, that no data security measures are perfect or impenetrable and we cannot guarantee that unauthorized access, leaks, viruses and other data security breaches will never occur.

    We endeavor to limit access to Personal Data to those of our personnel who: (a) require access in order to fulfill their obligations, including also under our agreements, and as described in this Privacy Policy,

    (b) have been appropriately and periodically trained with respect to the requirements applicable to the processing, care and handling of the Personal Data, and (c) are under confidentiality obligations as may be required under applicable law.

    We act in accordance with our policies and with applicable law to promptly notify the relevant authorities and Data Subjects in the event that any Personal Data is lost, stolen, modified or disclosed or where there has been any unauthorized access to it, all in accordance with applicable law and on the instructions of qualified authority. Delta Galil shall promptly take reasonable remedial measures.

  9. DATA SUBJECT RIGHTS

    Summary: Depending on the law applicable to your Personal Data, you may have various data subject rights, such as a right to access, erasure and rectification, as well as certain information rights. We will respect any lawful request to exercise such rights.

    Data Subjects in certain jurisdictions, such as in the EU and the UK, have rights granted pursuant to local laws under certain circumstances and with certain exceptions, including:

    • Access – the right to receive confirmation whether your Personal Data is being processed by us, what types of Personal Data, for what purposes, with whom is it or will it be shared (if at all) and for how long will it be stored.
    • Rectification – the right to correct your Personal Data held by us that may be inaccurate or incomplete.
    • Erasure – the right to have your Personal Data held by us deleted.
    • Restriction of Processing – the right to require us to cease processing your Personal Data.
    • Portability – the right to receive a copy of any of your Personal Data held by us in a convenient format and to have any of your Personal Data held by us transferred to a third party.
    • Objection – the right to object to the processing of your Personal Data by us.
    • Objection to Direct Marketing – the right to object to the processing of your Personal Data by us for the purposes of direct marketing, including profiling – this can be achieved by opting out using the unsubscribe/opt-out feature displayed in our communications with you.
    • Objection to Automated Decision-Making – the right to refuse to have your Personal Data processed in connection with automated decision-making.
    • Withdrawal of Consent – where we rely upon your consent in order to process your Personal Data, you have the right to withdraw such consent at any time.

    In order to exercise any of your rights, you can contact us at customercare@florencebymillsfashion.com. Please note that Delta Galil may have to undertake a process to identify a Data Subject prior to facilitating the exercise of such Data Subject’s rights. Delta Galil may keep details of rights exercised for our own compliance and audit requirements.

    Please note that these rights only apply under certain circumstances and may be limited by law, as well as be subject to exceptions. For example, where accepting your request to exercise a right would adversely affect other individuals, expose our trade secrets or intellectual property, where there are overriding public interests, or where we are required by law to retain your Personal Data. In addition, Data Subjects’ rights cannot be exercised in a manner inconsistent with our rights, our employees’ and staff’s or third-parties’ rights. As such, reviews and assessments, documents and notes, including proprietary information or forms of intellectual property, cannot be accessed, erased or rectified by Data Subjects. In addition, these rights may not be exercisable where they relate to data that is not in a structured form, such as emails, or where other exceptions apply.

    Data Subjects in the EU, the UK and other jurisdictions have the right to lodge a complaint with a local data protection supervisory authority, as well as pursue an effective judicial remedy.

  10. USA STATES’ PRIVACY RIGHTS

    Summary: To the extent any USA state laws (including the CCPA) apply to Delta Galil, we share your Personal Data for cross-contextual advertising purposes. If you are a California and other USA state resident consumer, you have certain rights in relation to your Personal Data. You can exercise those rights by contacting us at customercare@florencebymillsfashion.com. If you wish to opt-out of the sale or sharing of your Personal Data, you may click where you will be redirected to our opt-out feature.

    This section provides additional details about the Personal Data we collect about consumers in the USA states of California, Virginia, Colorado, Connecticut, Utah, Nevada and other applicable USA states and the rights afforded to them, subject to applicability, under CCPA, the Virginia Consumer Data Protection Act, the Colorado Privacy Act, the Connecticut Data Privacy Act, the Utah Consumer Privacy Act, the Nevada Consumer Health Data Privacy Law and other applicable laws.

    As detailed above in Section 2 (Information We Collect and How We Collect It) above, this Privacy Policy summarizes above the Personal Data we have collected as a business over the last 12 months, for what business and commercial purposes and with whom we share this information.

    Please note that we do share your Personal Data with third parties for the purpose of cross-context behavioral advertising (as defined in the CCPA) and for targeted advertising (as defined in other applicable USA state laws), and use third-party cookies for such purposes as further described in our Cookie Page. If you are a resident of California, Virginia, Colorado, Utah, Connecticut, Nevada and other applicable jurisdictions, you may opt out of the sharing of your data for such purposes by clicking “Reject All” on the “Cookie Setting” of our cookie banner, or by clicking the “Do Not Sell or Share my Personal Information” link on the banner of this site. We will process your request and confirm the removal of your Personal Data accordingly with an email confirmation.

    Subject to certain limitations, the CCPA and other applicable USA state laws provide consumers certain rights, such as:

    • the right to be provided with a notice of our practices regarding the collection, use, sale and sharing of personal information;
    • the right to request a summary of the personal information we have collected about you, including a copy of the specific pieces of personal information collected;
    • the right to delete the personal information we have collected about you;
    • the right to opt-out (and opt-in later) of the sale of your personal information by us;
    • the right to opt-in for the sale of your personal information by us (exclusive for minors);
    • the right to not be discriminated against due to the exercise of one’s rights;
    • a private right to action when your unencrypted or unredacted personal information is breached;
    • the right to limit our collection and processing of your personal information;
    • the right to opt-out of the use and access of your personal information for automated decision- making technologies;
    • the right to restrict our collection and processing of your sensitive personal information; and
    • the right to correct your personal information.

    To make such requests, please send an email at customercare@florencebymillsfashion.com. Government identification may be required. Consumers can also designate an authorized agent to exercise these rights on their behalf.

  11. DO NOT TRACK SIGNALS

    Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers in order to inform websites that they do not wish to be tracked. We honor DNT signals.

  12. THIRD-PARTY LINKS

    We may include third-party links on the Website and allow registration and login through third-party accounts. Please note that this Privacy Policy only applies to the Personal Data that we (or third parties on our behalf) collect from or about you and we cannot be responsible for Personal Data collected or stored by third parties. Third parties have their own terms and conditions and privacy policies and you should read these carefully before you submit any Personal Data to such parties. We do not endorse or otherwise accept any responsibility or liability for the content of such third-party websites or terms and conditions or policies.

  13. CHANGES TO THIS PRIVACY POLICY

    The terms of this Privacy Policy will govern the use of the Services, the Website and any data collected in connection with them and Delta Galil’s contractual obligations. Delta Galil may amend or update this Privacy Policy from time to time. The most current version of this Privacy Policy will be available at: florencebymillsfashion.com. Changes to this Privacy Policy are effective as of the date stated as “Last Revised” and your continued use of the Services or Website will constitute your active acceptance of the changes to the terms of this Privacy Policy.

  14. CONTACT US

Delta Galil aims to process only adequate, accurate and relevant data limited to the needs and purposes for which it is gathered. We also aim to store data only for the time period necessary in order to fulfill the purpose for which the data is gathered. Delta Galil only collects data in connection with a specific lawful purpose and only processes data in accordance with this Privacy Policy. Our policies and practices are constantly evolving and improving and we invite any suggestions for improvements, questions, complaints or comments concerning this Privacy Policy. You are welcome to contact us (details below) and we will make an effort to reply within a reasonable timeframe.

We may be contacted concerning this privacy policy at customercare@florencebymillsfashion.com.

* * * * * *