ZALORA PERSONAL DATA PROTECTION POLICY

Last amended: 26 July 2021

This is the ZALORA Personal Data Protection Policy (“Policy”) which sets forth how BF Jade E-Services Philippines, Inc. (“ZALORA”) manages, collects, uses and discloses your Personal Data, in accordance with the Philippine Data Privacy Act of 2012 and its Implementing Rules and Regulations (“the Act”). This Policy supplements, but does not supersede, nor replace, any other consents you may have previously provided to ZALORA in respect of your Personal Data. ZALORA may update this Policy to ensure that it is consistent with any changes in legal or regulatory requirements.When you submit information to us, or sign up as a customer on our website, or view any of the products or services offered by us, you agree and consent to the collection, use and processing of personal information, in the manner set forth in this Privacy Policy. Subject to your rights at law, you agree to be bound by the prevailing terms of the Personal Data Protection Policy as updated from time to time on our website.

INTRODUCTION

ZALORA takes its responsibilities in relation to protecting your Personal Data and compliance with Applicable Laws very seriously. We are committed to properly managing, protecting and processing your Personal Data in accordance with this Policy, which shall apply to all Personal Data we collect from you through our Platforms.

Please read and review this Policy, which will inform you how we collect, use, process and disclose your Personal Data. We may also collect and process your Personal Data under any exceptions to Applicable Laws, which are not set out in this Policy. We trust that it will assist you in making an informed decision whether to provide us with any of your Personal Data.

FFor the purposes of understanding ZALORA’s Personal Data Protection Policy (“Policy”), capitalised terms used in this Policy shall have the following meanings:

  1. “Applicable Laws” means the Philippine Data Privacy Act of 2012, its Implementing Rules and Regulations (“IRR”), and its subsidiary legislations and regulations issued by the National Privacy Commission, as amended from time to time;
  2. "Apps"means our ZALORA mobile app on iOS and Android;
  3. “Personal Data” means any data, whether true or not, which is (a) about an individual who can be identified (i) from that data; or (ii) from that data and other information to which we have or are likely to have access and would include data in our records as may be updated from time to time, or (b) defined as “personal data”, “personal information”, or “sensitive personal information” under any applicable Data Protection Laws.
  4. “Platforms”means collectively ZALORA’s Apps, Social Media and Website, and any other websites or applications which we may own or operate from time to time;
  5. “Social Media”means ZAlORA’s pages and accounts on third party social media platforms such as Instagram, Facebook, Twitter, Pinterest and Google+’
  6. “Website” means the ZALORA website accessed at the following address www.zalora.com.ph; and
  7. “ZALORA, we, us, or our” means Jade E-Services Singapore Pte Ltd or its wholly owned subsidiary ZALORA South East Asia Pte Ltd.

During our relationship with you, we may collect Personal Data from you. Examples of the types of Personal Data we may collect include your name, contact details, mailing and delivery addresses, email address, birthday, network and device data (including your IP address and device or advertising identifiers), your shopping or browsing behaviours, facial image, voice recording (for customer service calls) and any other personally identifiable information which you have provided us in any forms you may have submitted to us, or in the course of any other forms of interaction between you and us.

If you provide us with Personal Data relating to a third party by submitting such Personal Data to us, you represent to us that you have obtained the consent of the third party to provide us with their Personal Data for the respective purposes.

By (1) clicking “Yes” on our Policy pop-up or any web form referring to this Policy on any of our online platforms, (2) submitting your Personal Data to us when signing up for an account on the Website, or (3) ordering any of our products and services, you are agreeing to the terms of this Policy.

We may update this Policy to ensure that it is consistent with industry trends and/or any changes in legal or regulatory requirements. You agree to be bound by the prevailing terms of the Policy as updated from time to time. We will endeavour to notify you by email or by notice on the Website of any material changes to the Policy.

HOW DO WE COLLECT YOUR PERSONAL DATA?

We collect Personal Data from you when:

  1. You register an account on the Website or the Apps;
  2. You use any of our related services, such as subscribing to our newsletter, product notifications;
  3. You browse our products and services or otherwise interact with our Website and Apps;
  4. You accept our cookies on your device;
  5. You interact with our customer experience team or other representatives, for example, via our webform, emails, telephone calls, letters, or face-to-face meetings;
  6. You interact with us on our Social Media, such as liking our posts, commenting on our posts, private messaging us on our Social Media;
  7. You participate in our promotions, lucky draws, initiatives or any request for additional Personal Data such as customer surveys;
  8. We receive references from business partners and third parties, for example, where they referred you to us to enjoy the benefits of a joint promotion or collaboration or to redeem a voucher you purchased through them;
  9. Your authorized representative submits your Personal Data to us for any purpose reasonably authorized by you, for example if such representative is purchasing our product or service to be delivered to you or as a gift;
  10. Our third-party analytics and other service providers provide your Personal Data to us, which was collected and processed by them and disclosed to us pursuant to their separate privacy policies; or
  11. When you voluntarily submit your Personal Data to us for any reason.

We usually do not collect your credit card details, whether to process your payment or for customer service purposes. Your credit card details are collected, processed and stored directly by our third-party payment processors pursuant to their terms of use and privacy policies. None of your credit card details are stored with us. However, we may collect your bank account details to process refunds.

We may also collect your Personal Data in circumstances where such collection does not require consent under Applicable Laws.

Please ensure that all Personal Data submitted to us is complete, accurate, true and correct. Failure to do so may result in our inability to provide you with the products and services you have requested.

HOW WILL YOUR DATA BE USED?

We may use and disclose your Personal Data for purposes necessary to provide you with our products as services, including to:

  1. register and maintain your user account and to verify your identity or age;
  2. process your order for our products or services, process or collect your payment for the order;
  3. deliver or perform the products or services you purchased, including our couriers calling or messaging you to obtain your delivery instructions;
  4. process your returns or refunds in accordance with our Terms of Service;
  5. provide you with supporting services and functions related to your user account, such as saved items in cart, wish list, brand or product notifications;
  6. communicate with you in relation to (i) your queries, requests and feedback, (ii) material changes to our Website or Apps Terms of Service, Policy or other terms and conditions, and (iii) matters relating to the operation of your account;
  7. personalise and improve your customer experience when you visit the Website and the Apps, for example by prioritizing products and services appearing in your search results or feed;
  8. monitor and enforce compliance with our Terms of Service, including dispute resolution;
  9. comply with (i) internal risk controls, (ii) the terms of our access to payment processing, financial or banking services such as credit card disputes, fraud, billing errors, or (iii) any applicable law; and
  10. ensure our Website and Apps function properly and to improve their performance, by carrying out activities such as debugging, statistical analyses for optimizing our Website and Apps.

  11. (collectively, the "Purposes")

In addition, we may use and disclose your Personal Data for the following purposes, to:

  1. send you marketing communications in relation to our sales, products, services, promotions or the Platforms;
  2. send you marketing communications in relation to the sales, products, services or promotions of business partners, including promotional mail together with your order;
  3. deliver ads which are related to our products and services which may be of interest to you on the Platforms or other websites, apps or online platforms;
  4. enable businesses to deliver ads which are related to their products and services which may be of interest to you;
  5. provide you with our add-on or premium services such as ZALORA NOW;
  6. invite you to our private customer events;
  7. process your participation in our promotions, lucky draws, initiatives or any request for additional Personal Data such as customer surveys;
  8. process your participation in our business partners’ loyalty or point redemption programs;
  9. conduct market and customer research, analysis or tracking;
  10. promote our products and services on our Platforms;
  11. manage the administrative and business operations of ZALORA and complying with internal policies and procedures;
  12. improve your customer experience across all touchpoints and training our customer experience team, such as by recording and monitoring phone calls; and
  13. any specific purpose in relation to a particular product or service, which we may separately notify you on the product or service page;

  14. (collectively, the “Additional Purposes”)

We may also use your Personal Data (a) for other purposes which are reasonably related to the Purposes and where we have obtained and maintain related consent, the Additional Purposes; or (b) in circumstances where such use does not require consent under Applicable Laws.

Note: If you withdraw your consent for us to use and process your Personal Data the Purposes or the Additional Purposes, we may no longer be able to provide you with the related products, services or benefits associated with our promotion.


WHO WILL YOUR PERSONAL DATA BE SHARED WITH?

In relation to our use of your Personal Data for the Purposes or Additional Purposes, we may disclose your Personal Data to our:

  1. employees, consultants, temporary workers;
  2. ZALORA Marketplace sellers, who supply and deliver the products or services you ordered through the Website or Apps;
  3. payment processors, who process your payment on the Website and the Apps;
  4. logistics providers, such as courier services which will deliver your order to you;
  5. business partners who separately maintain an account with you for loyalty or point redemption programs, such as AirAsia Big Loyalty, NTUC Plus!, CapitaStar etc;
  6. business partners or vendors in connection with the processing of any promotion, event or service organised by us;
  7. professional advisers and consultants;
  8. agents, contractors or service providers who provide operational services to us, such as online cloud storage and processing, marketing optimization, information technology, telecommunications, security or other relevant services which requires their collection, use or disclosure of your Personal Data; and
  9. any other party whom you authorize us to disclose your Personal Data to.

We may also disclose your Personal Data (a) for other purposes which are reasonably related to the Purposes and where we have obtained and maintain related consent, the Additional Purposes; or (b) in circumstances where such disclosure does not require consent under the Applicable Laws.

We do our best to minimize the disclosure of your Personal Data to the information necessary to perform the related Purpose or Additional Purpose. Our disclosure of your Personal Data shall be in accordance with Applicable Laws. In this regard, you hereby acknowledge, agree and consent that we are permitted to disclose your Personal Data to such third parties (whether located within or outside the Philippines) for one or more of the above Purposes and Additional Purposes, and for the said third parties to subsequently collect, use, disclose and/or process your Personal Data for one or more of the above Purposes and Additional Purposes.


HOW CAN I ACCESS OR CORRECT MY PERSONAL DATA?

You may access or correct your name, e-mail address, birthday, shipping and billing addresses and contact numbers by logging in to your user account on the Website or Apps under “Account Information” and clicking the “Edit” button under each relevant field.

For Personal Data that cannot be corrected by you by logging in to your user account on the Website or Apps, you may request to access and correct such Personal Data by submitting a written request to us via our customer service feedback form or by emailing our Data Protection Officer at dpo@ph.zalora.com. We may need to request additional information from you to confirm your identity before providing the access or making the correction.

We will do our best to respond to Personal Data access and correction requests within 30 days. Where we are unable to meet this timeline, we will update you with the soonest possible time within we can provide the information or make the correction. Please note that certain types of Personal Data access and correction requests may be exempt under Applicable Laws.

Note that we may charge you a reasonable fee for the handling and processing your Personal Data access request.

We will send your corrected Personal Data to every other person or entity to which such Personal Data was disclosed by ZALORA within the year before the date of the correction.

Subject to obtaining your consent, we may send the corrected Personal Data only to specific organisations to which the Personal Data was disclosed by us within a year before the date the correction was made.

If you wish to withdraw your consent for us to send you sales, marketing or promotional information, please inform us as follows:

  1. to withdraw consent from receiving SMS promotions: please unsubscribe by following the steps provided in the promotional SMS;
  2. to withdraw consent from promotional emails: please click on the Unsubscribe link in the promotional emails;
  3. to withdraw consent from receiving promotional calls and from all other communication channels: please email our Data Protection Officer at the email address provided below.

Note that, depending on the nature of the consent withdrawal, we may not be able to continue to provide you with some or all of our products or services.

Your rights and freedoms as a data subject in accordance with the Applicable Laws shall be respected. Once we receive notification that you wish to withdraw your consent for receiving marketing or promotional materials or communications, it may take up to thirty (30) days for your withdrawal to be reflected in our systems. Therefore, you may still receive marketing or promotional materials or communications during this period.

If you withdraw your consent to receive marketing or promotional materials through a specific communication mode (e.g. SMS), we may still contact you for other purposes in relation to the products and services via other communication modes you have subscribed to (e.g. email).

You may (a) withdraw your consent for the collection, use and/or disclosure of any of your Personal Data or (b) make a request to delete your Personal Data in our possession or under our control by submitting a written request via email to our Data Protection Officer via dpo@ph.zalora.com. We will process such a request within a reasonable time and it may take up to thirty (30) days for this to be reflected in our systems. Once this is complete, we will no longer collect, use and/or disclose your Personal Data, except for compliance, regulatory or other legal purposes.

ADMINISTRATION AND MANAGEMENT OF PERSONAL DATA

Your rights and freedoms as a data subject in accordance with the Applicable Laws shall be respected. We will make reasonable efforts to ensure Personal Data likely to be used by us or disclosed by us to another organization is accurate and complete. However, you should update us of any changes in your Personal Data. We will not be responsible for relying on inaccurate or incomplete Personal Data if you have not updated us of changes.

We will also put in place reasonable security arrangements to ensure that your Personal Data is adequately protected and secured. This includes putting in place reasonable security measures to prevent any unauthorized access, collection, use, disclosure, copying, modification, leakage, loss, damage or alteration of your Personal Data. However, we will not be responsible for any unauthorized use of Personal Data by third parties which is attributable to factors beyond our control.

When Personal Data in our possession is (i) no longer required for any reason connected to the purpose it was originally collected, (ii) retention by us is no longer necessary for any other legal or business purposes, or (iii) ordered blocked, removed, or destroyed by you, we will exercise measures to ensure such Personal Data is either destroyed or anonymised.

If Personal Data is transferred out of the Philippines, we will comply with Applicable Laws in doing so. This includes: (i) obtaining your consent, unless an exception exists under Applicable Laws or any other laws, and (ii) executing the necessary data sharing or outsourcing agreement, unless an exception exists under Applicable Laws, and (iii) taking reasonable steps to ascertain whether the foreign recipient of the Personal Data is bound to comply with standards of protection that are at least comparable to the Applicable Laws.

ZALORA uses the services of third party vendors, who may implement cookies on the Website. Advertisements on the Website may be provided by third party agencies. These advertisements may also generate cookies, for example, to track how many people have viewed the advertisement. The collection, use, and disclosure of information, including Personal Data, collected by such third party cookies are subject to the privacy and data protections policies of the third party vendors and are not under our control.

You may reject third party cookies through the settings on your browser. Note that this may result in the loss of Website functionality, restrict your use of the Website, or delay or affect the way in which the Website operates.

Google Analytics

ZALORA uses certain Google Analytics functions. Please see this link for how your data is collected and this link for instructions on how to opt-out of any Google Analytics data tracking.

ZALORA may use Google Analytics features based on Display Advertising, including but not restricted to the following: Remarketing, Google Display Network Impression Reporting, DoubleClick Campaign Manager Integration, and Google Analytics Demographics and Interest Reporting. Using the Google Ads Settings, you can opt-out of Google Analytics for Display Advertising and customize Google Display Network ads.

ZALORA also uses Remarketing with Google Analytics to advertise online; third-party vendors, including Google, may show ZALORA ads on sites across the Internet. ZALORA and third-party vendors, including Google, use first-party cookies (such as the Google Analytics cookie) and third-party cookies (such as the DoubleClick cookie) together to inform, optimize, and serve ads based on visitors’ past visits to ZALORA, as well as report how ad impressions, other uses of ad services, and interactions with these ad impressions and ad services are related to visits to ZALORA.

When you log on to the ZALORA website, ZALORA with the help of Google Analytics may use your browsing behaviour to connect it with any other data that has previously been provided by you, in accordance with this policy.

Sociomantic

ZALORA uses Sociomantic's services, and Sociomantic's tags are implemented on ZALORA's sites to collect anonymous information about you. You may find out more about the information collected by Sociomantic, how it is used, and how you can opt out at https://www.sociomantic.com/privacy/en/.

CONTACTING US

For any questions relating to your Personal Data or about this Policy, if you have a complaint regarding the collection, use or handling of your Personal Data by us, or a question about how we are complying with Applicable Laws, you may contact our Data Protection Officer via one of the following methods:

  1. Philippines telephone number : +632 8580706
  2. Email address : dpo@ph.zalora.com
  3. Office address : MCX E-COMMERCE CENTER, DAANG HARI AND DAANG REYNA JUNCTION, MUNTINLUPA – CAVITE EXPRESSWAY (MCX) ROTUNDA, BGY POBLACION, 1776 MUNTINLUPA CITY, PHILIPPINES
  4. Attention: ‘Data Protection Officer’


For any questions relating to your Personal Data or about our Privacy Policy, you may contact our Data Privacy Officer at +65 3157 5555 or email here.

Emails and letters should clearly state that you are making a data protection query, request or complain in the subject line to ensure the matter is dealt with expediently. We will strive to deal with any query, request or complaint promptly and fairly.

GOVERNING LAW

This Policy and your use of this Website shall be governed in all respects by the laws of the Philippines.

UPDATES ON DATA PROTECTION POLICY

As part of our efforts to ensure that we properly manage, protect and process your Personal Data, we will be reviewing our policies, procedures and processes from time to time. In this regard, ZALORA may update this Policy to ensure that it is consistent with industry trends and any changes in legal or regulatory requirements. We reserve the right to amend the terms of this Policy at our absolute discretion.

Subject to your rights at law, you agree to be bound by the prevailing terms of the Policy as updated from time to time on our Website. Any amended Policy will be posted on our website and can be viewed at www.zalora.com/pdp.

By (1) clicking “Yes” on our Policy pop-up or any web form referring to the amended Policy on any of our online platforms, (2) submitting your Personal Data to us when signing up for an account on the Website, or (3) ordering any of our products and services, you are agreeing to the terms of the amended Policy.

You are encouraged to visit the above Website from time to time to ensure that you are well-informed of our latest policies in relation to Personal Data protection.

Last updated on: 26 July 2021