Privacy Policy

HACKETT PRIVACY POLICY

This Privacy Policy has been developed taking into account the provisions of Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, hereinafter the GDPR and other applicable regulations.


The purpose of this Privacy Policy is to inform the natural persons who provide their personal data, and/or those of the person in respect of whom information is being collected, of the specific aspects relating to the processing of their data, the purposes of the processing, the contact details for exercising their rights, the storage periods and the security measures, among other things.


INFORMATION TO THE USER

Who is the controller of your data?

In terms of data protection, HACKETT, LTD. (hereinafter "HACKETT") shall be considered the Data Controller in relation to the processing identified in this policy.


The following are the details of the owner of this website:


  • Data Controller: HACKETT, LTD.
  • Postal address: Carretera Laureà Miró 403-405. 08980 Sant Feliu de Llobregat Barcelona Spain//// 14 Savile Row, Mayfair, London W1S 3JN – England.
  • E-mail: privacy@hackett.com

Data subjects may contact the Data Controller for any questions or needs they may have regarding data protection.


What types of data are processed?

All information collected by HACKETT will be processed in a fair, lawful and transparent manner.

Likewise, the data requested in each of the processes carried out will consist only of those that are strictly necessary to achieve the intended purpose as reported. Thus, the collected data will be adequate, relevant and not excessive in relation to the purposes for which they are processed in each case, that is, your personal data will be collected for specified, explicit and legitimate purposes and will not be further processed in any way that is incompatible with those purposes. Furthermore, they will be updated whenever necessary.

Within the framework of the various processing activities carried out by HACKETT, the following types of data are collected:


  • Identification data.
  • Commercial Information.
  • Transactions in goods and services.
  • Economic and financial data.
  • Social circumstances.
  • Personal characteristics.

WHERE DO PERSONAL DATA COME FROM?

As a general rule, personal data are always collected directly from the data subject; however, in certain exceptions, data may be collected through third parties, entities or services other than the data subject.

In this case, this will be conveyed to the data subject through the information clauses contained in the corresponding data collection channels and within a reasonable period of time or in the first communication made to the data subject.


FOR WHAT PURPOSES DO WE PROCESS PERSONAL DATA?

In general terms, personal data are processed for the following purposes:

  • User registration management: The information you provide in the registration form will be processed for the management of users on our platforms. After registration, you will be able to consult your order history, redeem gift cards or discount vouchers, modify your personal data and/or shipping and billing addresses, wish lists, ratings and alerts.
  • Managing and performing the purchase contract. Specifically, personal data will be used to formalise the purchase contract; to manage payment transactions; to contact you in the event of any incident related to your order; to manage invoicing and delivery of purchase tickets and invoices; to manage returns of products purchased; to inform you about the availability of the products ordered; and/or to manage coupons or gift cards that you redeem on the website or in our shops.
  • Newsletters, when previously authorised, by email, fax, SMS, MMS, point-of-sale terminal or any other electronic or physical means, present or future, that allows sending commercial communications and the website's newsletter. These communications will be made by the Controller or any of the companies in the Controller's group, in relation to their products and services, or those of any collaborators or suppliers with whom a promotional agreement has been reached. In this case, third parties will never have access to personal data.
  • Sending commercial advertising communications: sending commercial communications or events about products or services similar to those contracted, benefits, personalised discounts, promotions and/or offers.
  • Contact: In order to respond to your request, we will process the essential data, which generally corresponds to the contact details (email) and data related to your order, or to the incident that you report to us, as well as to respond to requests for information received about the products and services offered or any type of request made by the user through any of the forms of contact that are made available to them. When using social networks to transmit queries to us, please avoid entering personal data, remember that we do not have control over the data entered on these platforms, so we advise you to carefully read the privacy policies of the social network you use.
  • Surveys: To use your data to create a commercial profile according to your consumption habits, personal and social characteristics. Under no circumstances will the creation of the profile lead to automated decisions that may be detrimental to the user.
  • Profiling: sending commercial communications or events about products or services similar to those contracted, benefits, personalised discounts, promotions and/or offers.
  • Managing the loyalty programme: processing membership in the loyalty programme, as well as managing participation in the programme in order to provide benefits and discounts.

Nonetheless, all the purposes for which each of the processing operations are carried out are set out in the information clauses contained in every channel through which data are collected.


HOW IS PROFILING CARRIED OUT?

HACKETT may draw up a commercial profile based on the information provided by the interested party and their interactions with the content offered in order to send personalised information about our products or services, including by electronic means. The legal basis for profiling is HACKETT’s legitimate interest in knowing the profile of the party interested in its communications and services in order to offer him/her personalised information and content adapted to his/her interests and activity. No automated decisions will be taken on the basis of this profile. Users may at any time object to the profiling of their information through the channel provided for this purpose.

  • Subscription to our Newsletters. We will process your identification and contact details to send you personalised information about our products, promotions, offers, as well as products and offers from companies in the group. For this purpose, we create a user profile that allows us to personalise the information we send you, adapting it to the tastes and preferences we know based on your browsing habits, purchase history, or even the information collected through the use of cookies and other similar technologies (for more information on the use of cookies visit our Cookies Policy)
  • Other marketing and advertising purposes: We will use your data to suggest products or offers to you based on the profile you generate with your purchase history, the products you view when you browse our platforms, or the products you leave in your cart when you do not complete the purchase process. These suggestions may be sent to you via push notifications, banners or even to your email through the abandoned cart function. We will also process your data to show you advertising on other websites, apps or social networks that you use. This advertising is often based on a profile created based on purchases made, your purchase history or preferences through the use of cookies and other similar technologies (for more information on the use of cookies please visit our Cookie Policy).

WHAT IS THE LEGAL BASIS FOR THE DATA PROCESSING?

As a general rule, prior to processing personal data, HACKETT informs of the legal basis for the processing in question. However, HACKETT may process personal data for:

  • Compliance with legal and regulatory obligations: by way of example and without limitation, compliance with: General Law for the Defence of Consumers and Users, General Tax Law, Corporate Tax Law, Account Auditing Law, Value Added Tax Law, Civil Code, Commercial Code, as well as the specific law or regulation authorising or requiring the processing of the subject's data, which shall be stated in the corresponding information clause.
  • Execution of a Contract: for the prior management of a contracted service or product, the fulfilment of the contract, and any subsequent management operations.
  • Consent: there are processing operations based on obtaining the express and unequivocal consent of the data subject, through the incorporation of informed consent clauses in the different data collection systems, such consent being given by means of a declaration or a clear affirmative action such as ticking a box, clicking on an "accept" button provided for this purpose or signing the appropriate document. In addition, we inform you that we will only use personal information in accordance with this Privacy Policy and, in general, we will request your consent for any uses other than those for which you initially granted it.
  • Legitimate interest: the processing of data based on the legitimate interest of the data controller will be mainly for sending commercial communications or events on products or services similar to those contracted. According to article 21.2 of the Law on Information Society Services, this processing will only be valid when, as a customer, you have not expressly refused it at the time of data collection or in any of the communications we make.

HOW LONG DO WE PROCESS PERSONAL DATA?

Personal data is processed for as long as it may be necessary to fulfil the purpose for which it was collected, or for as long as the service is being provided, as long as the employment or contractual relationship remains in force, as long as there is a mutual interest and/or as long as is established in the corresponding regulations.

Once the established periods have elapsed, the data will be cancelled. Said cancellation will give rise to the blocking of the data, which will only be kept at the disposal of the Public Administrations, Judges and Courts, in order to address any liabilities that may arise from the processing during the period defined by the statute of limitations, after which the information will be destroyed.


WITH WHOM DO WE SHARE PERSONAL DATA?

The data may be disclosed to companies of the All We Wear Group (AWWG). The data will not be disclosed to third parties, unless legally obliged to do so. However, if this were required, the data subject would be informed of such transfers or communications of data through the information clauses contained in the corresponding data collection channels.


ARE INTERNATIONAL DATA TRANSFERS MADE?

Please note that, in general, no international transfers are made outside the European Economic Area (EEA). In the event of a transfer of data outside the EEA, HACKETT will have the appropriate safeguards in place for such a transfer, in accordance with the requirements of the GDPR.

WHAT ARE YOUR RIGHTS?

According to European legislation, you can exercise the following rights:


  • Right of access: right to request information from the data controller about whether your personal data are being processed.
  • Right of rectification: right to request the modification of data that are inaccurate or incomplete.
  • Right of objection: right to object to a particular processing of your personal data or demand the cessation of such processing.
  • Right against automated individual decisions: right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects for the data subject or significantly affects him/her in a similar way.
  • Right of limitation: right to suspend the processing of the user's personal data in certain cases, as established in the applicable regulations.
  • Right of deletion to be forgotten: right to the deletion of the data subject's personal data, as established in the applicable regulations.
  • Right of portability: right to request the controller to provide personal data in a structured and clear format to another controller.
  • The right to lodge a complaint with the competent supervisory authority if you consider that the processing does not comply with the regulations in force.

HOW CAN YOU EXERCISE YOUR RIGHTS?

Interested parties may exercise the aforementioned rights through the following means:

  • Email to privacy@hackett.com providing documentation proving the identity of the applicant indicating the right you wish to exercise in the subject line.

HACKETT makes every effort to comply with data protection regulations. However, if the interested party understands that their rights have been undermined, they can file a complaint with the Spanish Data Protection Agency (www.aepd.es).

HACKETT will respond to any request as soon as possible and within the deadlines established in the data protection regulations.


WHAT COULD BE THE CONSEQUENCES OF NOT PROVIDING THE INFORMATION?

The data requested in the fields marked with an asterisk (*) or those provided in the documents or media where the information is provided, are strictly necessary for the purpose for which they are collected, or for the provision of an optimal service to the data subject, or are required by a legal obligation imposed on the data controller or are necessary to enter into a contract, while the provision of the data in the remaining fields is voluntary.

If not all data are provided, there is no guarantee that the information and services provided will be completely tailored to your needs.

Therefore, if the required data is not provided or is provided incorrectly or incompletely, we will not be able to attend to your request, provide you with the information requested or to contract the services.

Likewise, the user guarantees that the information provided in any of the forms is true, accurate and refers to his/her own data.

The services offered are not intended for children under 14 years of age, otherwise any liability that may arise as a result of the use of our platforms shall be borne by the parents or guardians of the minor.

To prevent the use of our services by minors, we try to verify the age of our users when they register or purchase a product by asking for their date of birth.

SECURITY MEASURES

The security measures adopted for e-commerce are those required according to the provisions of Article 32 of the GDPR.


In this regard, HACKETT, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing, as well as the risks of varying likelihood and severity to the rights and freedoms of natural persons, has established appropriate technical and organisational measures to ensure the level of security appropriate to the existing risk.


In any case, HACKETT has sufficient mechanisms in place to:

  • Ensure the continued confidentiality, integrity, availability and resilience of processing systems and services.
  • Restore availability and access to personal data quickly in the event of a physical or technical incident.
  • Regularly verify, evaluate and assess the effectiveness of the technical and organisational measures implemented to ensure the security of the processing.

CHANGES TO THIS PRIVACY POLICY


This Privacy Policy may be revised from time to time in order to update legislation changes, changes in the procedures for collecting and using personal information, or the addition or removal of services. These changes will be effective as of their publication on the website, so it is important that you regularly review this Privacy Policy in order to remain informed about the changes made.

HACKETT PRIVACY POLICY

This Privacy Policy has been developed taking into account the provisions of Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, hereinafter the GDPR and other applicable regulations.


The purpose of this Privacy Policy is to inform the natural persons who provide their personal data, and/or those of the person in respect of whom information is being collected, of the specific aspects relating to the processing of their data, the purposes of the processing, the contact details for exercising their rights, the storage periods and the security measures, among other things.


INFORMATION TO THE USER

Who is the controller of your data?

In terms of data protection, HACKETT, LTD. (hereinafter "HACKETT") shall be considered the Data Controller in relation to the processing identified in this policy.


The following are the details of the owner of this website:


  • Data Controller: HACKETT, LTD.
  • Postal address: Carretera Laureà Miró 403-405. 08980 Sant Feliu de Llobregat Barcelona Spain//// 14 Savile Row, Mayfair, London W1S 3JN – England.
  • E-mail: privacy@hackett.com

Data subjects may contact the Data Controller for any questions or needs they may have regarding data protection.


What types of data are processed?

All information collected by HACKETT will be processed in a fair, lawful and transparent manner.

Likewise, the data requested in each of the processes carried out will consist only of those that are strictly necessary to achieve the intended purpose as reported. Thus, the collected data will be adequate, relevant and not excessive in relation to the purposes for which they are processed in each case, that is, your personal data will be collected for specified, explicit and legitimate purposes and will not be further processed in any way that is incompatible with those purposes. Furthermore, they will be updated whenever necessary.

Within the framework of the various processing activities carried out by HACKETT, the following types of data are collected:


  • Identification data.
  • Commercial Information.
  • Transactions in goods and services.
  • Economic and financial data.
  • Social circumstances.
  • Personal characteristics.

WHERE DO PERSONAL DATA COME FROM?

As a general rule, personal data are always collected directly from the data subject; however, in certain exceptions, data may be collected through third parties, entities or services other than the data subject.

In this case, this will be conveyed to the data subject through the information clauses contained in the corresponding data collection channels and within a reasonable period of time or in the first communication made to the data subject.


FOR WHAT PURPOSES DO WE PROCESS PERSONAL DATA?

In general terms, personal data are processed for the following purposes:

  • User registration management: The information you provide in the registration form will be processed for the management of users on our platforms. After registration, you will be able to consult your order history, redeem gift cards or discount vouchers, modify your personal data and/or shipping and billing addresses, wish lists, ratings and alerts.
  • Managing and performing the purchase contract. Specifically, personal data will be used to formalise the purchase contract; to manage payment transactions; to contact you in the event of any incident related to your order; to manage invoicing and delivery of purchase tickets and invoices; to manage returns of products purchased; to inform you about the availability of the products ordered; and/or to manage coupons or gift cards that you redeem on the website or in our shops.
  • Newsletters, when previously authorised, by email, fax, SMS, MMS, point-of-sale terminal or any other electronic or physical means, present or future, that allows sending commercial communications and the website's newsletter. These communications will be made by the Controller or any of the companies in the Controller's group, in relation to their products and services, or those of any collaborators or suppliers with whom a promotional agreement has been reached. In this case, third parties will never have access to personal data.
  • Sending commercial advertising communications: sending commercial communications or events about products or services similar to those contracted, benefits, personalised discounts, promotions and/or offers.
  • Contact: In order to respond to your request, we will process the essential data, which generally corresponds to the contact details (email) and data related to your order, or to the incident that you report to us, as well as to respond to requests for information received about the products and services offered or any type of request made by the user through any of the forms of contact that are made available to them. When using social networks to transmit queries to us, please avoid entering personal data, remember that we do not have control over the data entered on these platforms, so we advise you to carefully read the privacy policies of the social network you use.
  • Surveys: To use your data to create a commercial profile according to your consumption habits, personal and social characteristics. Under no circumstances will the creation of the profile lead to automated decisions that may be detrimental to the user.
  • Profiling: sending commercial communications or events about products or services similar to those contracted, benefits, personalised discounts, promotions and/or offers.
  • Managing the loyalty programme: processing membership in the loyalty programme, as well as managing participation in the programme in order to provide benefits and discounts.

Nonetheless, all the purposes for which each of the processing operations are carried out are set out in the information clauses contained in every channel through which data are collected.


HOW IS PROFILING CARRIED OUT?

HACKETT may draw up a commercial profile based on the information provided by the interested party and their interactions with the content offered in order to send personalised information about our products or services, including by electronic means. The legal basis for profiling is HACKETT’s legitimate interest in knowing the profile of the party interested in its communications and services in order to offer him/her personalised information and content adapted to his/her interests and activity. No automated decisions will be taken on the basis of this profile. Users may at any time object to the profiling of their information through the channel provided for this purpose.

  • Subscription to our Newsletters. We will process your identification and contact details to send you personalised information about our products, promotions, offers, as well as products and offers from companies in the group. For this purpose, we create a user profile that allows us to personalise the information we send you, adapting it to the tastes and preferences we know based on your browsing habits, purchase history, or even the information collected through the use of cookies and other similar technologies (for more information on the use of cookies visit our Cookies Policy)
  • Other marketing and advertising purposes: We will use your data to suggest products or offers to you based on the profile you generate with your purchase history, the products you view when you browse our platforms, or the products you leave in your cart when you do not complete the purchase process. These suggestions may be sent to you via push notifications, banners or even to your email through the abandoned cart function. We will also process your data to show you advertising on other websites, apps or social networks that you use. This advertising is often based on a profile created based on purchases made, your purchase history or preferences through the use of cookies and other similar technologies (for more information on the use of cookies please visit our Cookie Policy).

WHAT IS THE LEGAL BASIS FOR THE DATA PROCESSING?

As a general rule, prior to processing personal data, HACKETT informs of the legal basis for the processing in question. However, HACKETT may process personal data for:

  • Compliance with legal and regulatory obligations: by way of example and without limitation, compliance with: General Law for the Defence of Consumers and Users, General Tax Law, Corporate Tax Law, Account Auditing Law, Value Added Tax Law, Civil Code, Commercial Code, as well as the specific law or regulation authorising or requiring the processing of the subject's data, which shall be stated in the corresponding information clause.
  • Execution of a Contract: for the prior management of a contracted service or product, the fulfilment of the contract, and any subsequent management operations.
  • Consent: there are processing operations based on obtaining the express and unequivocal consent of the data subject, through the incorporation of informed consent clauses in the different data collection systems, such consent being given by means of a declaration or a clear affirmative action such as ticking a box, clicking on an "accept" button provided for this purpose or signing the appropriate document. In addition, we inform you that we will only use personal information in accordance with this Privacy Policy and, in general, we will request your consent for any uses other than those for which you initially granted it.
  • Legitimate interest: the processing of data based on the legitimate interest of the data controller will be mainly for sending commercial communications or events on products or services similar to those contracted. According to article 21.2 of the Law on Information Society Services, this processing will only be valid when, as a customer, you have not expressly refused it at the time of data collection or in any of the communications we make.

HOW LONG DO WE PROCESS PERSONAL DATA?

Personal data is processed for as long as it may be necessary to fulfil the purpose for which it was collected, or for as long as the service is being provided, as long as the employment or contractual relationship remains in force, as long as there is a mutual interest and/or as long as is established in the corresponding regulations.

Once the established periods have elapsed, the data will be cancelled. Said cancellation will give rise to the blocking of the data, which will only be kept at the disposal of the Public Administrations, Judges and Courts, in order to address any liabilities that may arise from the processing during the period defined by the statute of limitations, after which the information will be destroyed.


WITH WHOM DO WE SHARE PERSONAL DATA?

The data may be disclosed to companies of the All We Wear Group (AWWG). The data will not be disclosed to third parties, unless legally obliged to do so. However, if this were required, the data subject would be informed of such transfers or communications of data through the information clauses contained in the corresponding data collection channels.


ARE INTERNATIONAL DATA TRANSFERS MADE?

Please note that, in general, no international transfers are made outside the European Economic Area (EEA). In the event of a transfer of data outside the EEA, HACKETT will have the appropriate safeguards in place for such a transfer, in accordance with the requirements of the GDPR.

WHAT ARE YOUR RIGHTS?

According to European legislation, you can exercise the following rights:


  • Right of access: right to request information from the data controller about whether your personal data are being processed.
  • Right of rectification: right to request the modification of data that are inaccurate or incomplete.
  • Right of objection: right to object to a particular processing of your personal data or demand the cessation of such processing.
  • Right against automated individual decisions: right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects for the data subject or significantly affects him/her in a similar way.
  • Right of limitation: right to suspend the processing of the user's personal data in certain cases, as established in the applicable regulations.
  • Right of deletion to be forgotten: right to the deletion of the data subject's personal data, as established in the applicable regulations.
  • Right of portability: right to request the controller to provide personal data in a structured and clear format to another controller.
  • The right to lodge a complaint with the competent supervisory authority if you consider that the processing does not comply with the regulations in force.

HOW CAN YOU EXERCISE YOUR RIGHTS?

Interested parties may exercise the aforementioned rights through the following means:

  • Email to privacy@hackett.com providing documentation proving the identity of the applicant (copy of the front of the National Identity Document, or equivalent) indicating the right you wish to exercise in the subject line.

HACKETT makes every effort to comply with data protection regulations. However, if the interested party understands that their rights have been undermined, they can file a complaint with the Spanish Data Protection Agency (www.aepd.es).

HACKETT will respond to any request as soon as possible and within the deadlines established in the data protection regulations.


WHAT COULD BE THE CONSEQUENCES OF NOT PROVIDING THE INFORMATION?

The data requested in the fields marked with an asterisk (*) or those provided in the documents or media where the information is provided, are strictly necessary for the purpose for which they are collected, or for the provision of an optimal service to the data subject, or are required by a legal obligation imposed on the data controller or are necessary to enter into a contract, while the provision of the data in the remaining fields is voluntary.

If not all data are provided, there is no guarantee that the information and services provided will be completely tailored to your needs.

Therefore, if the required data is not provided or is provided incorrectly or incompletely, we will not be able to attend to your request, provide you with the information requested or to contract the services.

Likewise, the user guarantees that the information provided in any of the forms is true, accurate and refers to his/her own data.

The services offered are not intended for children under 14 years of age, otherwise any liability that may arise as a result of the use of our platforms shall be borne by the parents or guardians of the minor.

To prevent the use of our services by minors, we try to verify the age of our users when they register or purchase a product by asking for their date of birth.

SECURITY MEASURES

The security measures adopted for e-commerce are those required according to the provisions of Article 32 of the GDPR.


In this regard, HACKETT, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing, as well as the risks of varying likelihood and severity to the rights and freedoms of natural persons, has established appropriate technical and organisational measures to ensure the level of security appropriate to the existing risk.


In any case, HACKETT has sufficient mechanisms in place to:

  • Ensure the continued confidentiality, integrity, availability and resilience of processing systems and services.
  • Restore availability and access to personal data quickly in the event of a physical or technical incident.
  • Regularly verify, evaluate and assess the effectiveness of the technical and organisational measures implemented to ensure the security of the processing.

CHANGES TO THIS PRIVACY POLICY


This Privacy Policy may be revised from time to time in order to update legislation changes, changes in the procedures for collecting and using personal information, or the addition or removal of services. These changes will be effective as of their publication on the website, so it is important that you regularly review this Privacy Policy in order to remain informed about the changes made.