Last Updated: March 28th 2019
the websites www.billabong.com in France, Germany, Austria, Belgium, France (including Monaco), Italy, Luxembourg, Portugal, UK, Switzerland, Spain, the Netherlands, Denmark and Finland
through any related mobile application or website operated by our Brands, through computerized devices in stores and in-store data collection forms, and through any location where the Policy is posted (collectively referred to herein as the “Sites”). This Policy also explains the choices you have about the way this information is collected and used.
What Information Is Collected?
When you use our Sites, we collect your personal data. The types of personal data we collect from you depends on the Sites and the features you use on the Sites. Personal data refers to information that directly identifies, or can be used to determine the identity of, a person. This information may include:
Purchase Information: We may collect your name, billing address, shipping address, email address, telephone number, credit card number and expiration date when you make a purchase. This information is used to provide the products and services that you have ordered or requested, to process and ship orders, to send order and shipping confirmations (or other transactional information) and/or to provide customer service.
Information Collected In-Store: We may collect your name, email address, mailing address, zip code, and preferences if you complete a form within the store. This information will be used to provide you with products that may be of interest to you and to provide you with information that you request.
Account Information: We may collect your name, email address, mailing address, zip code, date of birth, and gender if you create an account with us. This information will be used to help you keep track of your orders, to keep you updated about special offers, updates related to the Sites, and to facilitate checkout during purchases.
Information for Commercial Communications: We may collect your name, email address, mailing address, gender, and birth date if you sign up to receive promotional emails from us. This information may be used to contact you about sales, special offers and new features available through the Sites.
Information Relating to Inquiries: We may collect your name and email address if you contact us with a question or request a Live Chat with us. This information may be used so that we can respond to your question or contact you should we disconnect from our Live Chat.
Information for Promotions: We may collect your name, email address, and other contact information if you participate in a promotion (e.g., contest, sweepstakes) that we sponsor. This information will be used to fulfill the terms of the promotion and to contact you regarding promotional and special offers, sales, and new features available through the Sites. It will also be subject to the terms accompanying such promotion.
Survey Information: We may collect your name, age, zip code, shopping habits, email address and/or mailing address if you choose to participate in one of our on-line surveys. This information will be used to help provide us with relevant information about our consumers.
Recording of calls: In order to improve our telephone services and better handle you requests, you calls will be recorded. We will delete these recordings within 6 months maximum. Some of your data may be shared with our service providers or third parties, as it is necessary to fulfill your requests and orders.
Data related to the location of your mobile device: We may collect location data when you access or use our online services from a mobile device equipped with a GSM or GPS connection, subject to your consent expressed through the setings of your mobile device, allowing us to locate this mobile device. If you have accepted the localization of your terminal device, we may adapt the offer of our products and services depending on where your mobile device is located.
Data related to your utilization of our online services: our online services collect browsing data which may identify your terminal device when you access or browse our Sites. In this context, we may collect the IP address of your terminal device that is connected to the internet, the type of browser you use and the operating system used, as well as other data that are automatically processed, such as your internet service provider, the website from which you have accessed our Sites, the number of pages viewed on our Sites, your use of our Sites, the time spent on each page of our Sites, etc. These data may be used for the functioning of our Sites, to generate our services and track and analyze visits to our Sites.
The above section provides examples of the personal data that we may collect through the Sites and the manners in which we may use such personal data. If you do not want us to collect your personal data, please do not provide it to us and do not use our services or access our Sites.
Subject to your prior consent, we may transfer your personal data to our commercial partners or send you offers from our partners or from other Brands.
Who is the data controller?
The controller of your personal data is: Na Pali S.A.S, with a share capital of €69.728.100, whose head office is located in France at 162 rue Belharra 64500 Saint Jean de Luz, registered with the Trade and Companies Registry of Bayonne, France, under number B 331 377 036, whose intercommunity VAT number is GB 318887946, whose email address is : privacy.EU@boardriders.com and whose telephone number is +33 (0)5 59 51 77 33 (“us”, “we”, “our”).
When you provide your personal data to a Brand, such Brand shall comply with the applicable local regulations. The subsequent processing of your personal data for the management of your relationship with us or the contractual relation related to our products and services, or for the implementation of our commercial policy is carried out under the supervision and according to the commercial policy of Na Pali SAS, as data controller.
How We Collect Personal data
We may collect information passively, while you are visiting or interacting with the Sites. We call this “passive” collection since you may not know that this information is being collected when you visit or interact with the Sites. This information may consist of the following items: website visitors’ IP address, IP address-related information, system Media Access Control address, network configuration information, network device information, browser plug-in type and versions, and operating system.
- Cookies and Other Session Identifiers:
Like many sites, we utilize a technology called "cookies". A cookie is a piece of information that is placed on your browser when you access the Sites. The law requires us to provide you with certain information regarding cookies. Please click hereto learn more about our utilization of cookies on our Sites.
- Other Websites, Including Mobile Applications and Social Media Platforms:
We also collect information from you directly, at the time that you supply information to us via the Sites. For instance, if you contact us to subscribe to our membership and other products or services, ask questions, or provide us feedback or comments (whether publicly available or not) about the Sites or any of our products or services, we may store your communications, including any personal data you include in them, so we can effectively respond to you. If you do not want us to directly collect your personal data, please do not provide it to us.
To the extent permitted by law, we also may obtain, collect and aggregate information (including personal data) provided to us by our marketing service providers and other vendors. That information may include information on current subscribers or customers, and is used for commercial purposes including enabling us to send you the most relevant, timely and exciting offers and announcements specifically tailored for you and your interests. Of course, you can update your information or change your preferences regarding receiving announcements and other information from us at any time by accessing your account via the Sites. However, should any profiling activity produce legal effect on you, we offer you the possibility to opt out at any moment to such profiling.
(For more information, see below section entitled How Can I Access, Correct and Update My Personal data?).
How Do We Use the Information Collected?
We may use personal data as necessary and to fulfill your requests, including in the following ways:
Access and Use: If you provide personal data in order to obtain access to or use of the Sites or any functionality thereof, we will use your personal data to provide you with access to or use of the Sites or functionality and to monitor your use of the Sites or specific functionalities.
Internal Business Purposes: We may use your personal data for internal business purposes including, without limitation, to help us improve the content and functionality of the Sites, to better understand our users, to improve the Sites, to protect against, identify or address fraudulent activities, to manage your account and to provide you with customer service and to generally manage the Sites and our business.
Marketing: We may use your personal data to contact you for certain marketing and advertising purposes, including, without limitation, to inform you about offers, contests or surveys which may be of interest to you and to display content and advertising on or off the Sites which may be of relevance to you. If you wish to change or update your personal data or to change your subscription preferences, you may do so as provided herein. We also use your personal data for other marketing reasons, such as administering our loyalty program.
Specific Reason: If you provide personal data for a certain reason, we may use the personal data in connection with the reason for which it was provided. For instance, if you contact us by email, we will use the personal data you provide to answer your question or to attempt to resolve your issue and will respond to the email address from which the contact came.
Do We Share Your Information?
We seek to receive your consent before sharing your information when required by applicable laws and regulations. However, in some cases your permission will be given as part of a contract you have with us.
Your personal data is intended for Boardriders Group companies and for their services providers located within or outside the European Union, and, where relevant, to our partners. We won’t sell, rent, or disclose your personal data to other entities without your consent or in the event of opposition from you.
Examples of instances in which we share your personal data are provided below:
Order Fulfillment and Fraud Protection: If you choose to make a purchase on the Sites, we may collect from you your credit card number, billing address and other information related to such purchase, and we may use such collected information in order to fulfill your purchase. We may also provide such information, or other personal data provided by you, to unaffiliated third parties as necessary to complete your purchase (for example, to process your credit card). In addition, we may share your personal data with fraud protection services to assist us in preventing fraud and protecting our customers from credit card fraud.
Agents, Consultants and Related Third Parties: As noted above with respect to our eCommerce service provider, we, like many businesses, sometimes engage other companies to perform certain business-related functions on our behalf so that we can focus on our core business. Examples of these services include, but are not limited to, payment processing and authorization, fraud protection and credit risk reduction, product customization, order fulfillment and shipping, marketing and promotional material distribution, website evaluation, data analysis and, where applicable, data cleansing. In connection with services those partners provide for us, we may provide or otherwise give them access to certain personal data. We employ a vetting process to assess our partners’ data protection practices.
Third-Party Marketers, Partners, and other Third Parties: We may also share your personal data with other marketers, partners, and other third parties, whose products or services we feel may be of interest to you. These third-party marketers, partners, and other third parties may use your personal data for their own purposes, or further disclose your information to other third parties. If you prefer we do not share your personal data with these types of parties, please email us at privacy.EU@boardriders.com.
Legal Requirements: We may disclose your personal data if required to do so by law (including, without limitation responding to a subpoena or request from law enforcement, court or government agency) or in the good faith belief that such action is necessary (i) to comply with a legal obligation or a request from an administrative or judicial authority, (ii) to protect or defend our rights, interests or property or that of other customers or users, (iii) to act in urgent circumstances to protect the personal safety of users of the Sites or the public or (iv) to protect against legal liability or potential fraud, as determined in our sole discretion.
How Can I Access, Correct and Update My Personal data?
You can access, correct and/or update certain personal data that you have provided to us by clicking on "Update Account" within the "My Account" area of the Sites, or by contacting us at the contact information indicated below.
What Steps Are Taken To Keep My Information Secure?
Depending on the applicable state of the art, the implementation costs, the nature, context and purposes of the processing as well as the possible corresponding risks, we take appropriate technical and organizational measures to ensure the security and confidentiality of your personal data adapted to the risks, in order to avoid any loss, misuse, alteration or deletion of your personal data. We have implemented information security measures that contain administrative, technical and physical controls that are designed to reasonably safeguard your personal data. Even though we have taken and will continue to take appropriate steps to protect this information in the conditions set out in this Section, no company, including us, can fully eliminate all security risks associated with personal data. Please understand that no data transmission over the Internet can be guaranteed to be 100% secure. Consequently, we cannot ensure or warrant the security of any information you transmit to us. If we learn of a data security systems breach that is likely to result in a high risk to your rights and freedoms, we shall communicate the security data breach to you without undue delay. By using the Sites or providing personal data to us, you agree that we can communicate with you electronically regarding security, privacy, and administrative issues relating to your use of the Sites. We may post a notice via the Sites if a security breach occurs. We may also send an email to you at the email address you have provided to us in these circumstances. Depending on where you live, you may have a legal right to receive written notice of a data privacy or security breach. If you have reason to believe that your personal data that we have collected or our system security has been breached, please notify us by e-mailing privacy.EU@boardriders.com.
We use various security measures, including encryption technology, to protect information collected, transferred and retained. If you elect to set up an account on the Sites, you will be asked to provide an email address and password. You must provide a valid email address and password in order to create and maintain an account, as well as to access account information. We recommend you select a complex password. In order to help protect your personal data, you should not provide your password to others and you should change it periodically. If you wish to update a password, or if you become aware of any loss, theft or unauthorized use of a password, please contact us at privacy.EU@boardriders.com.
Please be aware that we may store personal data or such information may be included in databases owned and maintained by our Brands, agents or third-party service providers. As the data controller, we take all appropriate steps to protect the security and confidentiality of all personal data provided via the Sites from loss, misuse, unauthorized access, inadvertent disclosure, alteration and/or destruction. However, no Internet or email transmission is ever fully secure or error free. In particular, email sent to or from the Sites may not always be secure. Please keep this in mind when disclosing any personal data via the Internet or by email.
What Choices Do I Have Regarding My Personal data?
You have several choices available when it comes to your personal data. We will honor the choices you make regarding your personal data. If you have created and maintained a user account on the Sites, you will be able to sign in and update your account (including contact) information. You may also write to us at the address provided herein and update your contact information or to change your subscription preferences. In addition, you may:
Limit the Personal data You Provide: You can use the Sites and limit the personal data you provide either by disabling cookies or by not registering an account with us. If you choose to limit the personal data you provide and/or to disable cookies, you may not be able to use certain functionalities of the Sites. For instance, in order to purchase goods and services on the Sites, payment and shipping information must necessarily be provided.
Manage Your Subscription Preferences: We may send your information by email or text message. If you provide your mobile phone number and ask to receive information by text message, we may provide information in that manner. Additionally, we may send automated text messages (if you provide consent where required by the applicable regulations). Where you consent to receive automated text messages from us, please note that your consent includes consent to receive both autodialed and/or pre-recorded telemarketing text messages or non-automated messages from or on behalf of Na Pali SAS/Boardriders Europe and its affiliated companies at the telephone number you provided. You further understand that consent is not a condition of purchase and that message and data rates may apply.
Opt Out of Marketing Emails and Texts: For email marketing, you will have an opportunity to change your subscription preferences by clicking on an "unsubscribe" hyperlink contained in all promotional emails sent by us or on our behalf. Please note that while we honor all subscription requests as timely as possible, it may take up to ten business days to become effective. Please be aware that even if you opt-out of receiving future promotional communications, you may, if you utilize the eCommerce features of the Sites, be sent certain transactional communications related to the purchase or shipment of items purchased. Thus, if you order online, we will send you an email confirming your order and may need to contact you by phone, email or regular mail if we have questions about your order. Additionally, an opt-out will not remove you from messages that we are required to send under relevant laws or regulations. You may ask us not to contact you by text message at any time by responding to a text message after it is received. For automated text messages, you will have the opportunity to opt-out by replying “STOP” to any message received. Please note that you hereby consent to receiving a confirmatory message in response to any opt-out request. We will process your unsubscribe request as soon as possible, but please be aware that in some circumstances you may receive a few more messages until the unsubscribe request is processed.
Social Media & Other Public Platforms: You may also manage the sharing of certain personal data with us when you connect with us through a social media platform or application, such as through Facebook Connect. Please refer to the privacy settings of the social media website or application to determine how you may adjust your permissions and manage the interactivity between us and your social media platform(s) or application(s). That said, we want you to be aware that when you post information to public forums, including publicly viewable social media platforms, that information will become available to all who access such platform pages. PLEASE BE EXTREMELY CAREFUL WHEN DISCLOSING ANY INFORMATION IN CHAT ROOMS, FORUMS AND OTHER PUBLIC POSTING AREAS. WE ARE NOT RESPONSIBLE FOR THE USE BY OTHERS OF THE INFORMATION THAT YOU DISCLOSE IN CHAT ROOMS, FORUMS AND OTHER PUBLIC POSTING AREAS.
What Happens When I Link To or From Another Website?
The Sites may contain links to other websites not operated or controlled by us (the "Third-Party Sites"). The policies and procedures set forth herein do not apply to any Third-Party Sites. We are not responsible for the privacy practices or content of such Third-Party Sites. We are not responsible for the actions of these Third Party Sites; rather, the owners and operators of all Third- Party Sites are responsible for all personal data provided, collected, maintained, stored or otherwise disclosed on those sites, if any. The links on the Sites do not imply that we endorse or have reviewed the Third- Party Sites, including their privacy policies, if any. If you have any questions about how these Third-Party Sites’ use of your personal data, we strongly encourage contacting those sites directly for information on their privacy policies and practices.
How Do We Respond to Do Not Track Signals?
Please note that our Sites do not support “Do Not Track” browser settings and do not currently participate in any “Do Not Track” frameworks that would allow us to respond to signals or other mechanisms from you regarding the collection of your personal data.
Is Information Collected From Minors Under The Age of 16?
Minors under 16
Our marketing activities are not intended to be used by minors under the age of 16 years old and are exclusively provided to persons over the age of 16 and enjoying legal capacity. We will not knowingly collect or process personal data from minors under the age of 16. Should we be made aware of data collection from minors through our Services, we will take all appropriate steps to delete these personal data from our servers.
Transfers of Personal Data Outside the European Union?
If you are visiting our Sites, please be aware that you may send information (including personal data) outside the European Union and especially to the United States where some of our servers may be located. We will hold and process your personal data in accordance with the applicable laws and regulations regarding these transfers. To this end, we will accomplish any appropriate formalities to authorize this transfer (either by obtaining your consent or conclude a Data Transfer Agreement, Binding Corporate Rules, use the Privacy Shield certification, etc. as appropriate).
Your Privacy Rights
You have the right to receive your personal data you have provided to us in a structured, commonly used and machine-readable format and have the right to transmit those personal data to another controller, where technically feasible.
In the event of a dispute regarding the processing of your personal data, you may send your claim to us by contacting us using the information set out in the section “Who is the data controller?” of this Policy. We will try to find a satisfactory solution for you to ensure compliance to the applicable regulations and to this Policy. In the absence of a response from us, or should the dispute remain in spite of our remediation proposal, you may submit your claim to the competent Data protection authority.
How long do we keep your information?
By virtue of the European General Data Protection Regulation n°2016/679, the retention of personal data relating to any user residing within a Member State of the European Union is summarized in the table below, which describes the maximum periods for which personal data of EU residents will be stored by us according to the purpose for which their personal data is collected and processed.
These maximum periods apply unless you have requested your personal data to be deleted or ceased being used before these expiration periods, subject to any mandatory legal requirement applicable to data retention.
|Purpose||Data retention period|
|Measure traffic and personalize websites, mobile apps, managing cookies||13 months|
|Managing requests to access and rectify data||5 year from the receipt of the requests|
|Managing requests to oppose data processing||5 years from taking into account the opposition request|
|Answering satisfaction surveys||2 years from the last contact|
|Organizing online games, lotteries and other promotional and customer loyalty activities||For clients : 3 years from the end of the business relationship or last client-initiated contact
For prospects : 3 years from the data collection or last prospect-initiated contact
|Sending commercial offers and sales prospections|
|Management and archive of the sales||10 years from the last action, unless for data concerning means of payments, which are processed by Na Pali’s and/or its Affiliates’ payment service providers only for the duration of the payment operation.|
|Invoice and collection of provided goods and services|
|Managing customer relationship and complaints|
|Warranties, product and service delivery and after sales service|
Na Pali SAS
Attention: Legal Department
162 rue Belharra - 64500 Saint Jean de Luz