Who we are
Our website address is: https://asiancoutureonline.co.uk.
At Asian Couture Online, we respect your privacy and are committed to maintaining it.
HOW DO WE USE THE INFORMATION YOU GIVE US?
We use the information you provide us:
- To administer your account and may disclose your details to our third party service providers for the purpose of processing your order;
- And from time to time to inform you by post email or other available means of products services promotions and special offers from Asian Couture Online;
- We will only contact you by telephone if there is a query regarding your order.
You have the following rights:
- the right to be provided with copies of personal information that Asian Couture Online hold about you at any time, subject to a fee specified by law;
- the right to ask Asian Couture Online to update and correct any out-of-date or incorrect personal information held about you free of charge; and
- the right to opt out of any marketing communications that Asian Couture online may send you.
What information is or may be collected from you?
Our online ordering system uses a cookie to record a unique reference on your computer.
We will collect certain information through “cookies” sent to your browser from a web server and stored on your hard drive:
- An IP address assigned to the computer which you use;
- The domain server through which you access our service;
- The type of computer you’re using;
- The type of web browser you’re using.
We may collect the following personally identifiable information about you:
- City Country
- Postal code
- Age Gender Occupation Education
We use personal information to:
- Help us provide personalized features;
- Tailor our sites to your interest;
- Get in touch with you when necessary.
We use contact information internally to:
- Direct our efforts for product improvement;
- Contact you as a survey respondent;
- Notify you if you win any contest;
- Send you promotional materials from our contest sponsors or advertisers.
We may also use your information for payment recovery or fraud and debt tracing. We will pass on details of defaulting payments to debt collection agencies.
- Controlling Access to your Data
- Wherever you are required to submit Data, you will be given options to restrict our use of that Data. This may include the following:
- use of Data for direct marketing purposes; and
- Sharing Data with third parties.
- Your Right to Withhold Information
- You may access certain areas of the Web Site without providing any Data at all. However, to use all Services and Systems available on the Web Site you may be required to submit Account information or other Data.
- Accessing your own Data
- You may access your Account at any time to view or amend the Data. You may need to modify or update your Data if your circumstances change. Additional Data as to your marketing preferences may also be stored and you may change this at any time.
- You have the right to ask for a copy of your personal Data on payment of a small fee.
- Data security is of great importance to Moda Boutique and to protect your Data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure Data collected online.
- Specifically we utilise the following systems: Shopify
- [Before the Web Site sets Cookies on your computer, you will be presented with a pop up message bar, requesting your consent to set those Cookies. [None of the Cookies set by the Web Site jeopardise your privacy in any way and no personal data is collected.] By giving your consent to the setting of our Cookies you are enabling us to provide the best possible experience and service to you through our Web Site. If you wish to deny your consent to the placing of Cookies, certain features of the Web Site may not function fully or as intended.]
- [Certain features of the Web Site depend upon Cookies to function and are deemed, within the law, to be strictly necessary. These Cookies are detailed in Schedule 1A. You will not be asked for your consent to place these Cookies however you may still disable cookies via your web browser’s settings, as set out in sub-Clause 10.4.]
- You can choose to enable or disable Cookies in your web browser. By default, your browser will accept Cookies, however this can be altered. For further details please consult the help menu in your browser. Disabling Cookies may prevent you from using the full range of Services available on the Web Site.
- You may delete Cookies at any time however you may lose any information that enables you to access the Web Site more quickly.
- [The Web Site uses the third-party Cookies detailed in Schedule 2 for the purposes described therein. These Cookies are not integral to the services provided by the Web Site to you and may be blocked at your choosing via your internet browser’s privacy settings or via your response to the request for consent detailed in sub-Clause 10.2.]
- It is recommended that you ensure that your internet browser is up-to-date and that you consult the help and guidance provided by the developer of your browser if you are unsure as to how to adjust your privacy settings.
WITH WHOM WILL YOUR INFORMATION BE SHARED?
We will not disclose any of your personally identifiable information to third parties unless:
- We have your permission;
- Special circumstances such as compliance with legal authorities;
- Require disclosure;
- Credit reference agencies;
- Legal and debt recovery representatives for debt collection and debtor tracing purposes Security.
At Asian Couture Online, we take your online security very seriously. Full details of how we protect your information are provided below.
- When you place your order your details are stored on our secure server software.
- Your payments are taken through a secure payment gateway to ensure highest security of your details.
By using our website you consent to the information you provide being processed for any of the above purposes except where you have chosen to opt out of being contacted by us or third parties.
We comply with all aspects of the Data Protection Act and the Distances Selling Regulations. We are compliant with PCI DSS The Payment Card Industry Data Security.
According to the New GDPR LAW
Customers now have the RIght
‘1.0 The Customer owns the rights to its data as data controller, and the Company acts as data processor on the Customer’s behalf. All processing by the Company of the personal data and other data provided by the Customer shall be in accordance with the applicable laws. The
Company’s processing of personal data on behalf of the Customer shall therefore only be done in order to provide the Product and shall be subject to the Customer’s written instructions.
1.1 As the Company is data processor and the Customer is data controller, the parties obligations regarding the processing of personal data are regulated in the data processor agreement attached as appendix A. By accepting these Terms, the Customer also accepts the data
See Below in more Details
1.1 This agreement re processing of personal data (the ”Data Processor Agreement”) regulates www.asiancoutureonline.co.uk’, Company registration no. the ”Data Processor”) processing of personal data on behalf of the customer (the ”Data Controller”) and is attached as appendix A to the www.asiancoutureonline.co.uk website Terms & Conditions (the ”Main Agreement”), in which the parties have agreed the terms for the Data Processor’s delivery of services to the Data Controller (the ”Main Services”).
2.1 The Data Processor Agreement shall ensure that the Data Processor complies with the applicable data protection and privacy legislation (the ”Applicable Law”), including in particular:
(i) The European Parliament and the Council’s Directive 95/46/EF of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data as implemented in Danish law with, among others, the Act on Processing of Personal Data (Act No. 429 of 31 May 2000).
(ii) The European Parliament and the Council’s Regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data that entered into force on 24 May 2016 and will be applicable on 25 May 2018 (“GDPR”). Irrespective of the general use and reference to GDPR in this Data Processor Agreement, the parties are not obliged to comply with GDPR before 25 May 2018.
3. Processing of personal data
3.1 In connection with the Data Processor’s delivery of the Main Services to the Data Controller, the Data Processor will process certain categories and types of the Data Controller’s personal data on behalf of the Data Controller.
3.2 ”Personal data” include “any information relating to an identified or identifiable natural person” as defined in GDPR, article 4 (1) (1) (the ”Personal Data”). The categories and types of Personal Data processed by the Data Processor on behalf of the Data Controller are listed in sub-appendix A. The Data Processor only performs processing activities that are necessary and relevant to Data Processor Agreement – www.asiancoutureonline.co.uk
4.1 The Data Processor may only act and process the Personal Data in accordance with the documented instruction from the Data Controller (the ”Instruction”). The Instruction at the time of entering into this Data Processor Agreement is that the Data Processor may only process the Personal Data with the purpose of delivering the Main Services as described in the Main Agreement.
4.2 The Data Controller guarantees that the Personal Data transferred to the Data Processor is processed by the Data Controller in accordance with the Applicable Law, including the legislative requirements re lawfulness of processing.
4.3 The Data Processor shall give notice without undue delay if the Data Processor considers the at the time being Instruction to be in conflict with the Applicable Law.
5. The Data Processor’s obligations
5.1.1 The Data Processor shall treat all the Personal Data as strictly confidential information. The Personal Data may not be copied, transferred or otherwise processed in conflict with the Instruction, unless the Data Controller in writing has agreed hereto.
5.1.2 The Data Processor’s employees shall be subject to an obligation of confidentiality that ensures that the employees shall treat all the Personal Data under this Data Processor Agreement with strict confidentiality.
5.2.1 The Data Processor shall implement the appropriate technical and organizational measures as set out in this Agreement and in the Applicable Law, including in accordance with GDPR, article 32. Data Processor Agreement – www.asiancoutureonline.co.uk
5.3 The Data Processor shall ensure that access to the Personal Data is restricted to only the employees to whom it is necessary and relevant to process the Personal Data in order for the Data Processor to perform its obligations under the Main Agreement and this Data Processor Agreement.
5.4 The Data Processor shall also ensure that the Data Processor’s employees working processing the Personal Data only processes the Personal Data in accordance with the Instruction.
5.4.1 The Data Processor shall provide documentation for the Data Processor’s security measures if requested by the Data Controller in writing.
5.5 Data protection impact assessments and prior consultation
5.5.1 If the Data Processor’s assistance is necessary and relevant, the Data Processor shall assist the Data
Controller in preparing data protection impact assessments in accordance with GDPR, article 35, along with any prior consultation in accordance with GDPR, article 36.
5.6 Rights of the data subjects
5.6.1 If the Data Controller receives a request from a data subject for the exercise of the data subject’s rights under the Applicable Law and the correct and legitimate reply to such a request necessitates the Data Processor’s assistance, the Data Processor shall assist the Data Controller by providing the necessary information and documentation. The Data Processor shall be given reasonable time to assist the Data Controller with such requests in accordance with the Applicable Law.
5.6.2 If the Data Processor receives a request from a data subject for the exercise of the data subject’s rights under the Applicable Law and such request is related to the Personal Data of the Data Controller, the Data Processor must immediately forward the request to the Data Controller and must refrain from responding to the person directly.
5.7 Personal Data Breaches
5.7.1 The Data Processor shall give immediate notice to the Data Controller if a breach of the data security occurs, that can lead to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to, personal data transmitted, stored or otherwise processed re the Personal Data processed on behalf of the Data Controller (a “Personal Data Breach”).
5.7.2 The Data Processor shall have and maintain a register of all Personal Data Breaches. The register shall at a minimum include the following: (i) A description of the nature of the Personal Data Breach, including, if possible, the categories and the approximate number of affected Data Subjects and the categories and the approximate number of affected registrations of personal data. Data Processor Agreement – www.asiancoutureonline.co.uk, (ii) A description of the likely as well as actually occurred consequences of the Personal Data Breach. (iii) A description of the measures that the Data Processor has taken or proposes to take to address the Personal Data Breach, including, where appropriate, measures taken to mitigate its adverse effects.
5.7.3 The register of Personal Data Breaches shall be provided to the Data Controller in copy if so requested in writing by the Data Controller or the relevant Data Protection Agency.
5.8 Documentation of compliance
5.8.1 The Data Processor shall after the Data Controller’s written request hereof provide documentation substantiating that: (i) the Data Processor complies with its obligations under this Data Processor Agreement and the Instruction; and (ii) the Data Processor complies with the Applicable Law in respect of the processing of the Data Controller’s Personal Data.
5.8.2 The Data Processor’s documentation of compliance shall be provided within reasonable time. 5.9 Location of the Personal Data
5.9.1 The Personal Data is only processed by the Data Processor at the Data Processor’s address. The Data Processor does not transfer the Personal Data to third countries or international organizations.
5.9.2 Any transfer of the Personal Data to any third countries or international organizations in the future shall only be done to the extent such transfer is permitted and done in accordance with the Applicable Law.
6.1 The Data Processor is given general authorisation to engage third-parties to process the Personal Data (“Sub-Processors”) without obtaining any further written, specific authorization from the Data Controller, provided that the Data Processor notifies the Data Controller in writing about the identity of a potential Sub-Processor (and its processors, if any) before any agreements are made with the relevant Sub-Processors and before the relevant Sub-Processor processes any of the Personal Data. If the Data Controller wish to object to the relevant SubProcessor, the Data Controller shall give notice hereof in writing within seven (7) calendar days from receiving the notification from the Data Processor. Absence of any objections from the Data Controller shall be deemed a consent to the relevant Sub-Processor. Data Processor Agreement – www.asiancoutureonline.co.uk
6.2 The Data Processor shall conclude a written sub-processor agreement with any Sub-Processors. Such an agreement shall at minimum provide the same data protection obligations as the ones applicable to the Data Processor, including the obligations under this Data Processor Agreement. The Data Processor shall on an ongoing basis monitor and control its SubProcessors’ compliance with the Applicable Law. Documentation of such monitoring and control shall be provided to the Data Controller if so requested in writing.
6.3 The Data Processor is accountable to the Data Controller for any Sub-Processor in the same way as for its own actions and omissions.
7. Remuneration and costs
7.1 The Data Controller shall remunerate the Data Processor based on time spent to perform the obligations under section 5.5, 5.6, 5.7 and 5.8 of this Data Processor Agreement based on the Data Processor’s hourly rates.
7.2 The Data Processor is also entitled to remuneration for any time and material used to adapt and change the processing activities in order to comply with any changes to the Data Controller’s Instruction, including implementation costs and additional costs required to deliver the Main Services due to the change in the Instruction. The Data Processor is exempted from liability for non-performance with the Main Agreement if the performance of the obligations under the Main Agreement would be in conflict with any changed Instruction or if contractual delivery in accordance with the changed Instruction is impossible. This could for instance be the case; (i) if the changes to the Instruction cannot technically, practically or legally be implemented; (ii) where the Data Controller explicitly requires that the changes to the Instruction shall be applicable before the changes can be implemented; and (iii) in the period of time until the Main Agreements is changed to reflect the new Instruction and commercial terms hereof.
7.3 If changes to the Applicable Law, including new guidance or courts practice, result in additional costs to
the Data Processor, the Data Controller shall indemnify the Data Processor of such documented costs.
8. Breach and liability
8.1 The Main Agreement’s regulation of breach of contract and the consequences hereof shall apply equally to this Data Processor Agreement as if this Data Processor Agreement is an integrated part hereof. Data Processor Agreement – www.asiancoutureonline.co.uk
8.2 Each party’s cumulated liability under this Data Processor Agreement is limited to the payments made under the Main Agreement in the 12 months before the occurrence of the circumstances leading to a breach of contract. If the Data Processor Agreement has not been in force for 12 months before the occurrence of the circumstances leading to a breach of contract, the limited liability amount shall be calculated proportionately based on the actual performed payments.
8.3 The limitation of liability does not apply to the following: (i) Losses as a consequence of the other party’s gross negligence or willful misconduct. (ii) A party’s expenses and resources used to perform the other party’s obligations, including payment obligations, towards a relevant data protection agency or any other authority.
9.1 The Data processor Agreement shall remain in force until the Main Agreement is terminated.
10.1 The Data Processor’s authorisation to process Personal Data on behalf of the Data Controller shall be annulled at the termination of this Data Processor Agreement.
10.2 The Data Processor shall continue to process the Personal Data for up to three months after the termination of the Data Processor Agreement to the extent it is necessary and required under the Applicable Law. In the same period, the Data Processor is entitled to include the Personal Data in the Data Processor’s backup. The Data Processor’s processing of the Data Controller’s Personal Data in the three months after the termination of this Data Processor Agreement shall be considered as being in accordance with the Instruction.
10.3 At the termination of this Data Processor Agreement, the Data Processor and its SubProcessors shall return the Personal Data processed under this Data Processor Agreement to the Data Controller, provided that the Data Controller is not already in possession of the Personal Data. The Data Processor is hereafter obliged to delete all the Personal Data and provide documentation for such deletion to the Data Controller.
11.1 The contact information for the Data Processor and the Data Controller is provided in the Main Agreement.. Data Processor Agreement – www.asiancoutureonline.co.uk
12. Personal Data
12.1 The Data Processor processes the following types of Personal Data in connection with its delivery of the Main Services: (i) Ordinary contact information on relevant employees from the Data Controller. (ii) Users of the Main Services: names, telephone numbers, e-mails and user type. (iii) Personal data provided by the users in connection with their use of the Main Services (these personal data are not seen or accessed by the Data Processor unless the Data Processor after the request hereof from the Data Controller assists with support and bug fixing).