Appendix A

Privacy Policy Under EU Data Protection Laws

This additional Privacy Policy Under EU Data Protection Laws (“GDPR Policy”) supplements our general privacy policy available here: and applies if Regulation (EU) 2016/679, or as it forms part of the law of England and Wales, Scotland and Northern Ireland (collectively: “GDPR”) apply to our processing of personal data related to you.

Our general privacy policy describes what categories of personal data we collect, the sources from which we obtain it, the purposes of processing it, the situations where we will share it, and with whom. 

This GDPR Policy supersedes any contradicting provisions under our general privacy policy.

1. Where we process personal data related to you when you visit our website or use our Services, our processing activities are based on the following lawful grounds:

1.1. All processing activities of personal data related to you which are not based on the lawful grounds indicated below, are based on your consent.

1.2. We process your account and payment details to perform the contract with you.

1.3. We will process personal data related to you to comply with legal obligations and to protect your and others’ vital interests.

1.4. We will further rely on our legitimate interests, which we believe are not overridden by your fundamental rights and freedoms, for the following purposes:

1.4.1. Communications with you in the following circumstances: Where you contact us through our Services and other digital assets. After you sign up for our marketing or newsletter. After you, on behalf of your company, sign up for any of our Services.

1.4.2. Cyber security.

1.4.3. Support, improving our Services, customer relations, and service operations.

1.4.4. Enhancements and improvements to your and other customers’ experience with our Services.

1.4.5. Fraud detection and misuse of our Services.

2. You have the additional following rights:

2.1. At any time, contact us if you want to withdraw your consent to the processing of personal data related to you. Exercising this right will not affect the lawfulness of processing based on consent before its withdrawal.

2.2. Request to delete or restrict access to personal data related to you. We will review your request and use our judgment, pursuant to the provisions of applicable law, to reach a decision about your request.

2.3. If you exercise one (or more) of the above-mentioned rights, in accordance with the provisions of applicable law, you can request to be informed that third parties that hold personal data related to you, in accordance with this policy, will act accordingly.

2.4. You can ask to transfer personal data related to you in accordance with your right to data portability.

2.5. You can object to the processing of personal data related to you for direct marketing purposes.

2.6. You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affecting you.

2.7. You have a right to lodge a complaint with a data protection supervisory authority of your habitual residence, place of work or of an alleged infringement of the GDPR.

3. A summary and further details about your rights under EU data protection laws, is available on the EU Commission’s website available at Rights for citizens | European Commission (

4. When you send us a request to exercise your rights, we will need to reasonably authenticate your identity and location. We will ask you to provide us with credentials to make sure that you are who you claim to be and will further ask you some questions to understand the nature and scope of your request.

5. If we need to delete personal data related to you following your request, it will take some time until we completely delete residual copies of personal data related to you from our active servers and from our backup systems.

6. If you have any concerns about the way we process personal data related to you, you are welcome to contact our data protection team at [email protected]. We will look into your inquiry and make good-faith efforts to respond promptly.

7. Data Protection Team and Representatives

7.1. Our data protection team can be reached at [email protected].

7.2. Our EU representative can be reached at  Rickert Rechtsanwaltsgesellschaft mbH – Tailorbrands – Colmantstraße 15, 53115, Bonn, Germany; e-mail address: [email protected].

7.3. Our UK representative can be reached at Rickert Services Ltd UK – Tailorbrands – PO Box 1487, Peterborough, PE1 9XX, United Kingdom; e-mail address: [email protected].

Last Updated: November 21, 2023.