Customer Privacy Statement for Distributors | Original BUFF®

A. Services this Privacy Statement covers

This Privacy Statement applies to retailers whose personal data have been transferred by a BUFF® country distributor in a territory to ORIGINAL BUFF, SA.

 

B. Who is ORIGINAL BUFF, SA?

The controller of the personal data is:

ORIGINAL BUFF, S.A.

Registered address: C/ França nº 16, Igualada (Barcelona) 08700, Spain

TAX ID: A58034000

Registration: Barcelona Commercial Registry, section 8, page number 119299.

Tel.: 34 93 805 48 61

Email: dataprotection@buff.com

Data Protection Officer: dpo@buff.com

This means that we are responsible for deciding how we hold and use personal information about you.

 

C. Information about you

When you order BUFF® products or use our services, we may ask for, hold and use the following information, as applicable:

- personal information such as name, postal address, phone number, email address, date of birth and (where required) I.D. number, VAT number or other identification information;

- banking account in order to fulfil the order.

- information to assist us in detecting, preventing, and/or remediating fraud or any other harmful actions, we will verify the personal information you provide (including, but not limited to your name, address, details of user funding instruments, and details of payment transactions) with the relevant payment processors and/or credit reference and fraud agencies. During such verification, we will receive personally identifiable information about you.

- details of when we contact you and when you contact us. We keep a record of any e-mail correspondence you send us, so we can track any problems or concerns you've had with us. This includes, without limitation, use in dispute resolution and/or complaints management);

- demographic and purchase details.

- We keep a record of the information you authorise us to collect and use. We keep a record of any use of the Services and purchase(s) you make of BUFF® products.

- We may also ask you questions and from time to time, that will give us information that will be used to improve your experience of using the services and/ our products or services. You do not have to answer these questions, but if you do, we can communicate with you via a medium of your choosing.

 

D. How we use your personal information?

We are committed to using your personal information only for the following purposes:

I. To manage the general administration and development of your relationship with us.

A) If you are registered as a user in our site or platforms we need to process your data to identify you as a user of the site and give you access to its different features, products and services available to you as a registered user. You can cancel your registered user account by contacting us at dataprotection@buff.com.

B) If you have provided us with your personal data in connection with an order or purchase of a product, to complete the sale between us or our country distributor or local Subsidiary and you and to fulfil your order, so ORIGINAL BUFF, SA can supply the goods to the BUFF® country distributor or the Local Subsidiary and thereafter sale the goods to you and to provide customer service and dispute resolution.

We shall monitor and review communications between you and us solely for the purposes of ensuring that your orders are managed appropriately by our customer service team

C) If you have provided us with your personal data in relation to a "contact", your data will be used to process and respond to your request if necessary.

II. For marketing purposes.

A) If you have provided us with your personal data in relation to signing up for our newsletter, we will process your personal data to manage your subscription, including sending tailored information about our products or services, news about BUFF® by different methods (such as e-mail), launch of new products, of special sales, of promotional offers from our partners, of corporate social responsibility issues we think are important, always if you have given your consent to be contacted for this purpose by checking the acceptance box at the time of collection of your data.

If you currently receive our emails and do not wish to continue receiving them, please sends us an email to dataprotection@buff.com

B) To carry out promotional actions (for example, to hold competitions, draws and sports events). When you participate in any promotional action, you authorise us to process the data you provide according to each promotional action and you allow us to disclose it through various media such as social media or the site itself.

Please note that this data processing involves an analysis of your user or customer profile to determine what your preferences are and, therefore, which products and services may be best suited to your style when sending you information.

III. Usability and quality analysis to improve our services.

If you access our site or platforms, we inform you that we may process your browsing data for analytical and statistical purposes; i.e. to understand the way in which users interact with our site/platforms so that we can make improvements to it.

Please note that this data processing involves an analysis of your user or customer profile to determine what your preferences are and, therefore, which products and services may be best suited to your style when sending you information

 

E. What is the legal basis for the processing of your data?

The legal basis for the processing of your data is:

a) In relation to manage the general administration and development of your relationship with us, the legal basis of the processing is the performance of the contractual relationship between you and us, with the processing of personal data being strictly necessary in order to be able to place an order and/or benefit from the services made available to users through the Website/platform.

b) In relation to marketing purposes:

The legal basis of the processing with regard to sending commercial communications is the consent given by the user, which can be revoked at any time without affecting the provision of the service offered by us.

In order to show you tailored information, we consider that we have a legitimate interest in profiling the information we have about you (such as your browsing, preferences, etc.) and the personal data you have provided, such as language, because we believe that the processing of this data is beneficial to you too because it allows you to improve your user experience and access information according to your preferences.

c) Usability and quality analysis:

We consider that we have a legitimate interest in analysing the usability of the Platform and the degree of user satisfaction, as we believe that the processing of this data is beneficial to you too because its purpose is to improve the user experience and offer a higher quality service.

 

F. Information we Disclose to Third Parties:

We will keep your information confidential and only share it with others for the purposes set out in this Privacy Statement. We carefully select third-party service providers which allow us to ultimately provide you with a faster, more efficient, and safer Service. We have engaged these third-party service providers under contract and are required to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

We may share your information with the following entities:

- The Buff® country distributor appointed in the territory.

- any group company of, or individual employed by Original Buff, SA and the Local Subsidiaries

- logistics and other shipping and delivery service providers.

- business operations support.

- payment processing services.

- technology services as, among others, mailing services providers

In particular, ORIGINAL BUFF may disclose the personal data to its subsidiaries – BUFF GmbH (Germany), BUFF Inc, (USA), BUFF Canada Ltd (Canada) and BUFF UK Ltd (UK) – as well as to its official distributors, customers and suppliers, if needed who will process it for the purposes described above. If they are located outside the European Union and European Economic Area, the international data transfers will be carried out with the guarantees provided for in the applicable legislation.

There are also specific instances where we will be obliged to provide your personal details to third parties (set out below) and you acknowledge and consent to us doing the following actions:

- where we are requested by a law enforcement agency or authority (or a regulatory authority or government authority) investigating illegal or suspicious activities to provide information (including without limitation the information recorded by fraud prevention agencies) concerning your activities;

- where we are required to disclose necessary information to payment processors, auditors, customer, service providers, fraud agencies, credit reference agencies, financial product providers, credit card associations, commercial partners, marketing and public relations partners, group companies or for legal proceedings (except as explicitly stated, these third parties are limited by law or by contract from using your personal information for any purpose other than the purpose for which it was shared).

 

G. Your data & Cross Border Transfers

Your data may be stored and processed in the European Union, the United Kingdom, Canada and USA and in the EEA (European Economic Area) or in any country where we engage services providers, this includes any country outside the EEA.

We are committed to the sufficient protection of your personal information regardless of where the data resides and to providing adequate protection for your personal information where such data is transferred outside the EEA, as Canada, USA.

If you use any of our services through the site/platforms, you consent and authorize us to process data in this way.

 

H. Retention of your Information.

We will retain your personal information for the period necessary to fulfil the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law.

In this Regard, we retain Users' personal data for as long as the User is a registered User of the Website/platforms or revokes his/her consent to the sending of promotional communications, and subsequently only in order to comply with its legal obligations.

In order to manage the sale or service contract requested, we will process your data for the time necessary to manage the purchase of the products or services purchased, including possible returns or associated complaints or claims.

Regardless of whether we process your data for the time strictly necessary to fulfil the relevant purpose, we will subsequently retain it, duly stored and protected for as long as liabilities may arise from the processing, in compliance with the legislation in force at any given time. Once the possible actions in each case have expired, we will delete the personal data.

 

I. Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those

employees, agents, contractors, subsidiaries and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

 

J. Your Rights

You have, in connection with your personal data, under certain circumstances, the right to:

• Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.

• Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.

• Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).

• Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.

• Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.

• Request the transfer of your personal information to another party.

If you wish to exercise any of the rights set out above, please contact us at:

ORIGINAL BUFF, S.A. at c/ França, 16, 08700, Igualada (Barcelona) Spain or by sending an e-mail to dataprotecion@buff.com , writing “Original Buff – Privacy Policy” on the envelope or in the subject of the message.

You have the right in any event to file a complaint with the competent Data Protection Agency which in Spain is Spanish Data Protection Agency (https://www.agpd.es/portalwebAGPD/index-ides-idphp.php).

We would, however, appreciate the chance to deal with your concerns before you approach the Competent Data Authority, so please contact us in the first instance.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

 

K. What happens if you provide us with third-party data?

If you provide the personal details of a third party, you must prior to the inclusion of such data, have informed the third party and requested his/her consent for the purposes set out here, so that we can use it to attend to the requests made by you or the said third party.

 

L. Third parties’ privacy statement.

ORIGINAL BUFF, SA and its local Subsidiaries accept no liability for, nor do it warrant or guarantee that the privacy statement, policy or notice of any other entity/ third parties, that your personal information is passed to in accordance with this Privacy Statement, comply with data protection legislation and privacy laws. ORIGINAL BUFF, SA and its Local Subsidiaries are not responsible for any breach or loss of confidentiality of your personal information or any other damages which you or any others may suffer as a result.

 

M. Changes to the privacy policy

This privacy policy may be modified from time to time to adapt to new situations and the current legislation, and Users will be informed accordingly.

Version 01 09 2021