Privacy Statement

This Privacy Statement sets out how we, Essense of Australia, Inc., 15500 W. 113th St. Suite 300, Lenexa, Kansas 66219, USA, collect, store and use information about you when you use or interact with our website, truesociety.com (our Website) and where we otherwise obtain or collect information about you. This Privacy Statement is effective from March 2nd, 2020, and last updated on June 1st, 2023.

If you have any questions about data protection or wish to exercise your rights, please contact our data protection contact by sending an email to the following address: dataprivacy@essensedesigns.com.

Information We Collect

INFORMATION WE COLLECT WHEN YOU INTERACT WITH OUR WEBSITE

We collect and use information from individuals who interact with particular features of our Website in accordance with this section and the section entitled Disclosure and additional uses of your information.

WHAT PERSONAL INFORMATION WE COLLECT AND WHY

When you visit our Website, sign up for an appointment, submit your bridal story, or request more information about Essense of Australia / True Society or any bridal shop in our network, we collect information automatically using tracking technologies, like cookies, and through web forms where you type in your information. We collect this information to provide you with what you request through the web form, to learn more about who is interested in our products and services, and to improve navigation experience on our pages.

We collect and process your personal information:

When you visit our website

Information You Share Directly:

In some places on True Society’s Website, you can fill out web forms to schedule an appointment, register for an event, or submit your story to us. The specific personal information requested on these forms will vary based on the purpose of the form. We will ask you for information necessary for us to provide you with what you request through the form (for example, when you schedule an appointment, we will ask you for information like your name, email address, phone number, and other appointment related information, and for your email address if you want to submit your story).

In case that GDPR is applicable in your specific circumstances: The legal basis for these data processing activities are either the performance of contractual services requested by you (Art. 6 para. 1 lit. b GDPR) or our legitimate interests in answering and processing your requests (Art. 6 para. 1 lit. f GDPR).

Information We Collect Automatically:

When you visit our Website, the servers of our hosting provider Amazon Web Server (AWS), East Virginia, USA, temporarily store every access in a log file. The following data is collected without your intervention and stored by us until automatically deleted:

the IP address of the requesting computer,
the date and time of access,
the name and URL of the retrieved file,
the website from which the access was made, if applicable with the search word used,
the operating system of your computer and the browser you use (incl. type, version and language setting),
device type in case of access by mobile phones,
the city or region from where the access was made,
the name of your internet access provider.

The collection and processing of this data is carried out for the purpose of enabling the use of our Website (connection establishment), to permanently guarantee system security and stability as well as for error and performance analysis and enables us to optimize our Website.

In the event of an attack on the network infrastructure of the Website or a suspicion of other unauthorized or abusive website use, the IP address and the other data will be evaluated for the purpose of clarification and defense and, if necessary, used in the context of criminal proceedings to identify and take civil and criminal action against the users concerned.

In case that GDPR is applicable in your specific circumstances: Our legitimate interest in data processing within the meaning of Art. 6 para. 1 lit. f GDPR lies in the purposes described above.

When you visit our Website, we use cookies as well as applications and tools that are based on the use of cookies. In this context, the data described here may also be processed. You will find more details on this in the subsequent sections of this Privacy Statement.

When you schedule an appointment

Information You Share Directly:

To schedule an appointment on this Website, a user must first complete the appointment scheduling form. During the appointment scheduling process, a user is required to give certain information (such as name, phone number, email address, and wedding date). This information is used to reserve the date and time that you have selected in the booking form, to contact you about your appointment to confirm or change the date of the appointment, and for communicating anything related to your appointment status, date, and/or time. Once the booking form is submitted, data is transferred to our service partner (BridalLive) servers, and the store location you have booked at will contact you for appointment confirmations.

To schedule an appointment with you, we work with a software application of the company BridalLive, 3423 Piedmont Road, Northeast Atlanta, GA 30305 USA. You can find more information about the data processing in connection with BridalLive here.

In connection with the appointment, we will also send you a link to a form, which you can complete including uploading gown images. You can also describe in the form the look of your dream gown. The photos are stored by us centrally. They are also pushed to your BridalLive account for reference by the stylists to prepare for your appointment. In addition, the images are stored in a central digital asset management platform for our merchandising department to review and assess for dress trends.

Information We Collect Automatically:

When you fill out an appointment booking form or the bride share gowns form, we and our service providers acting on our behalf automatically collect certain information using tracking technologies like cookies, web beacons, and similar technologies. We use this information to understand how our visitors are using the appointment or the bride share gowns form, which type of appointment is being booked, and the date and time of the booking or completing the bride share gowns form.

In case that GDPR is applicable in your specific circumstances: Our legitimate interest in data processing within the meaning of Art. 6 para. 1 lit. f GDPR lies in the purposes described above.

When you contact us

If you contact us via our contact addresses and channels (e.g., by phone or email), your personal data will be processed. The data you have provided us with, e.g., your name, your email address or phone number and your request, will be processed. In addition, the time of receipt of the request will be documented.

We process this data exclusively to implement your requests (e.g., providing information about a product, support in the processing of a contract such as the return of products, incorporating your feedback into the improvement of our service, etc.).

In case that GDPR is applicable in your specific circumstances: The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR in the implementation of your request or, if your request is directed towards the conclusion or execution of a contract, the necessity for the implementation of the required measures within the meaning of Art. 6 para. 1 lit. b GDPR.

You may share personal information, like your contact information, with a member of our support team when you communicate with them. We keep a record of this interaction.

User-generated content: Reviews, comments, communications, and other content:

You may choose to provide us with your own original content such as personal photographs, videos, product reviews, comments, text, audio/visual recordings, images, and/or other materials (“User Content”). True Society welcomes you to submit your User Content to us, via our Sites or other means we may permit, such as but not limited to replying to a social media post with a designated hashtag. True Society and/or its designees may also reach out to you through social media, email, apps, or other means to request the use of User Content you have published elsewhere and/or not submitted directly to True Society. By submitting your User Content to us, including via our Sites, or by otherwise allowing True Society to use your User Content, you are agreeing to the following:

You grant to True Society, its retailers, and affiliated partners (including brands, vendors and media sites) a non-exclusive, irrevocable, worldwide, transferable, royalty-free, perpetual, unrestricted, sub-licensable right to use, market and promote your User Content in any manner or media now known or later developed, for any purpose, including without limitation the rights to reproduce, display, publish, perform, translate, transmit, broadcast, modify, adapt, alter, distribute, present, commercialize, create derivative works from your User Content, and exercise all intellectual property and other rights with respect to your User Content, without any compensation or notice to you or any approval from you, with or without your name (whether your legal name or your user name on the applicable platform), including, without limitation, in advertising and promotion of True Society and its brands and/or products. Without limiting the foregoing, you represent that you have all consents and licenses necessary to use and to authorize True Society and our designees to use your User Content in the manner permitted in these Terms. You agree that your User Content is not confidential.

You represent and warrant to True Society as follows: that your User Content is your own original work and/or that you have the right to grant the rights and permissions set forth in the Terms; you have obtained all necessary licenses and permissions from all applicable third parties required for the submission of the User Content and use as permitted in the Terms; you will comply with all FTC disclosure requirements and guidelines relating to your User Content; the posting and/or display and/or other permitted use of your User Content by True Society or those deriving rights through True Society will not violate any provision of any applicable law or regulation, or in any way infringe or violate rights of any third parties, including but not limited to copyright and other intellectual property, privacy or publicity rights; you waive any and all moral rights that exist in your User Content and any derivative works made therefrom.

When You Search For One Of Our Stores

Location information

We may collect your location in order to bring you more relevant information or to save you time while searching for one of our store locations. We also may use this information to determine whether to provide you with content, information, and notices that may be required by law based on your location.

We will request your permission before your location information is collected, and will only use it as described in the preceding paragraph. If you allow location access, your browser or device may gather information about your nearby access points using WiFi and Bluetooth MAC addresses, IP address, RFID, and GSM/CDMA cell IDs. You can learn more about the API that provides scripted access to geographical location information associated with the hosting device by reading the W3C Geolocation specification.

You do not need to grant permission to use your location information in order to find a store near you. Alternatively, you can select a convenient location from our Locations page or when you use the Book an Appointment page.

Mobile devices often provide users with the ability to adjust settings related to location. If you do not want us to collect specific location information, you may modify the location services on your mobile device’s settings. We have no control over your device’s settings, and adjusting these settings does not completely eliminate the ability of others to develop location information about your device.

In case that GDPR is applicable in your specific circumstances: The legal basis for this data processing is your consent in the sense of Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time for the future.

When and Why We Share Your Personal Information

Information received from third parties

Generally, we do not receive information about you from third parties. The third parties from which we receive information about you will generally include group companies, affiliates or business partners.

It is also possible that third parties with whom we have had no prior contact may provide us with information about you. Information we obtain from third parties will generally be your name and contact details, but will include any additional information about you which they provide to us.

Transfers of Personal Information Out of the EEA and Switzerland

Your information will be transferred and stored outside the European Economic Area (EEA) in the and/or outside of Switzerland in the circumstances set out below. We will also transfer your information outside the EEA and/or Switzerland or to an international organisation in order to comply with legal obligations to which we are subject (compliance with a court order, for example). Where we are required to do so, we will ensure appropriate safeguards and protections are in place.

Server Log Information

Information collected when you visit our Website is transferred outside of the EEA and Switzerland and stored on the servers of our third party hosting company, AWS. You can access their privacy policy here: https://aws.amazon.com/privacy/.

Country of storage: United States. This country is not subject to an adequacy decision by the European Commission.

Safeguard(s) used: Our third party hosting provider has self-certified its compliance with the EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield.

We use a third party server to host our Website called Amazon Web Services, the privacy policy of which is available here: https://aws.amazon.com/privacy/. The Website server automatically logs the IP address you use to access our Website as well as other information about your visit such as the pages accessed, information requested, the date and time of the request, the source of your access to our Website (e.g. the website or URL (link) which referred you to our Website), and your browser version and operating system.

The server is located in US East (N. Virginia) and, accordingly, if you are in the EU or in Switzerland, your information is transferred outside the European Economic Area (EEA). For further information and information on the safeguards used, please see the section of this privacy statement entitled Transfers of your information outside the European Economic Area.

Use of website server log information for IT security purposes

We AND/OR our third party hosting provider collect(s) and store(s) server logs to ensure network and IT security and so that the server and website remain uncompromised. This includes analyzing log files to help identify and prevent unauthorized access to our network, the distribution of malicious code, denial of services attacks and other cyber attacks, by detecting unusual or suspicious activity.

Unless we are investigating suspicious or potential criminal activity, we do not make, nor do we allow our hosting provider to make, any attempt to identify you from the information collected via server logs.

Use of Cookies and Similar Technologies

Cookies are data files which are sent from a website to a browser to record information about users for various purposes.

We use cookies and similar technologies on our Website to process information including standard internet log information and details of the visitor’s behavioral patterns upon visiting our site. This is done to provide you with a better experience, and to facilitate the use of certain functions.

Cookies are stored on your individual device and you have full control over their use. You may deactivate or restrict the transmission of cookies by changing the settings of your web browser. Cookies that are already stored may be deleted at any time. Should you visit our site with cookies deactivated, you may possibly not be able to use all of the functions on the site to their full extent. You can reject some or all of the cookies we use on or via our Website by changing your browser settings or non-essential cookies by using our cookie control tool, but doing so can impair your ability to use our Website or some or all of its features. For further information about cookies, including how to change your browser settings, please visit www.allaboutcookies.org or see our cookies policy.

In case that GDPR is applicable in your specific circumstances: The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR in providing a user-friendly and up-to-date website (technically necessary cookies). For non-necessary cookies the legal basis is your consent provided by means of the cookies settings chosen by you within the meaning of Art. 6 para. 1 lit. a GDPR.

USE OF WEBSITE SERVER LOG INFORMATION TO ANALYZE WEBSITE USE AND IMPROVE OUR WEBSITE:

We use the information collected by our Website server logs to analyse how our Website users interact with our Website and its features. For example, we analyse the number of visits and unique visitors we receive, the time and date of the visit, the location of the visit and the operating system and browser use.

We use the information gathered from the analysis of this information to improve our Website. For example, we use the information gathered to change the information, content and structure of our Website and individual pages based according to what users are engaging most with and the duration of time spent on particular pages on our Website.

In case that GDPR is applicable in your specific circumstances: The legal basis for this data processing with the following tools is your consent within the meaning of Art. 6 para. 1 lit. a GDPR. You can revoke your consent or refuse processing at any time by rejecting or deactivating the relevant cookies in your web browser settings or by making use of the service-specific options described below.

For the further processing of your data by the respective provider as the (sole) data protection controller, in particular also any forwarding of this information to third parties such as authorities on the basis of national legal regulations, please refer to the respective data protection information of the provider.

GOOGLE ANALYTICS

We use the web analytics service Google Analytics from Google Ireland Limited (Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) or Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) (“Google”).

The data described about the use of the Website may be transmitted to the servers of Google LLC. in the USA for the processing purposes explained. The IP address is shortened by activating IP anonymisation (“anonymizeIP”) on the Website before transmission within the Member States of the European Union or in other contracting states to the Agreement on the European Economic Area or Switzerland. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.

Users can prevent the collection of the data generated by the cookie and related to their website use (including the IP address) and its transmission to and processing by Google by downloading and installing a browser plugin under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

Information collected by Google Analytics (your IP address and actions you take in relation to our Website) is transferred outside the EEA and stored on Google’s servers. You can access Google’s privacy policy here: https://www.google.com/policies/privacy/

Country of storage: United States of America. This country is not subject to an adequacy decision by the European Commission and the Swiss data protection authorities also only consider this country to be appropriate under certain conditions.

Safeguard(s) used: Google has self-certified its compliance with the EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield which is available here: https://www.privacyshield.gov/welcome.

Hotjar

We use Hotjar, an application provided by Hotjar Ltd., St Julian Business Center, Elia Zammit Street, St Julians, Malta.

Hotjar is used to analyze your user patterns on our Website. Hotjar allows us for instance to record your mouse and scroll movements as well as your clicks. Based on this information, Hotjar compiles so-called Heatmaps that permits us to determine, which parts of our Website users review with preference. In addition, Hotjar enables us to determine how long you have stayed on a page and when you left. We can also determine at which point you suspended making entries into a website form.

For the purposes mentioned above, Hotjar uses cookies.

You can find information to de-activate Hotjar cookies under the link: https://www.hotjar.com/opt-out.

For more detailed information about Hotjar, please consult the data privacy statement of Hotjar under the following link: htttps://www.hotjar.com/privacy.

Google Tag Manager

We use the web analytics service Google Tag Manager Google Ireland Limited (Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) or Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) (“Google”).

Google Tag Manager is a solution with which website tags can be managed via an interface. The Tag Manager tool (which implements the tags) is a cookieless domain and does not collect any personal data. The tool provides for the forwarding of data and triggering of other tags, which in turn may collect data. Google Tag Manager does not access this data. If a deactivation has been made at domain or cookie level, this remains in place for all tracking tags implemented with Google Tag Manager.

Social Media

Social Media Profiles

On our Website, we have included links to our profiles in the social networks of the following providers:

Facebook: Meta Platforms Inc, 1601 S California Ave, Palo Alto, CA 94304, USA;
Instagram: Instagram Inc. 1601 Willow Road, Menlo Park, CA 94025, USA;
Youtube: Google LLC, D/B/A YouTube 901 Cherry Ave. San Bruno, CA 94066. USA;
Tiktok: TikTok Inc., 5800 Bristol Parkway, Suite 100, Culver City, CA 90230, USA.

When you click on the icon of a social network on our Website, you are automatically redirected to our profile in the respective network. This establishes a direct connection between your browser and the server of the respective social network. This provides the network with the information that you have visited our Website with your IP address and clicked on the link.

If you click on a link to a network while you are logged into your user account with the network in question, the content of our Website may be linked to your profile so that the network can assign your visit to our Website directly to your account. If you want to prevent this, you should log out before clicking on the relevant links. A connection between your access to our Website and your user account takes place in any case if you log in to the respective network after clicking on the link. The respective provider is responsible under data protection law for the associated data processing. Please note the information on the relevant network’s website.

In case that GDPR is applicable in your specific circumstances: The legal basis for any data processing attributed to us in this regard is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR in the use and promotion of our social media profiles.

Social media plugins

On our Website, you can use social plugins from the providers listed below:

Pinterest, Pinterest Inc., 808 Brannan Street San Francisco, CA 94103-490, USA, Privacy Policy

We use the social plugins to make it easier for you to share content from our Website. The social plugins help us to increase the visibility of our content on social networks and thus contribute to better promotion of our offerings.

The plugins are deactivated by default on our Website and therefore do not send any data to the social networks when you simply call up our Website. To increase data protection, we have integrated the plugins in such a way that a connection is not automatically established with the network’s servers. Only when you activate the plugins and thus give your consent to the transmission and further processing of data by the providers of the social networks, does your browser establish a direct connection to the servers of the respective social network.

The content of the plugin is transmitted directly to your browser by the social network and integrated into the Website by it. This provides the respective provider with the information that your browser has accessed the corresponding page of our Website, even if you do not have an account with this social network or are not currently logged in to it. This information (including your IP address) is transmitted from your browser directly to a server of the provider (usually in the USA) and stored there. We have no influence on the scope of the data that the provider collects with the plugin, although from a data protection perspective we can to a certain extent be considered jointly responsible with the relevant social network provider.

If you are logged in to the social network, it can assign your visit to our Website directly to your user account. If you interact with the plugins, the corresponding information is also transmitted directly to a server of the provider and stored there. The information (e.g., that you like a product of ours) may also be published on the social network and possibly displayed to other users of the social network. The provider of the social network may use this information for the purpose of placing advertisements and designing a respective offering according to your interests. For this purpose, usage, interest and relationship profiles could be created, e.g. to evaluate your use of our Website with regard to the advertisements displayed to you on the social network, to inform other users about your activities on our Website and to provide other services associated with the use of the social network. The purpose and scope of the data collection and the further processing and use of the data by the providers of the social networks, as well as your rights in this regard and options for changing your settings to protect your privacy can be found directly in the data protection information of the respective provider.

If you do not want the provider of the social network to assign the data collected via our Website to your user account, you must log out of the social network before activating the plugins.

In case that GDPR is applicable in your specific circumstances: Your consent within the meaning of Art. 6 para. 1 lit. a GDPR forms the legal basis for the data processing described. You can revoke your consent at any time by declaring your revocation to the provider of the plugin in accordance with the information in their data protection notice.

In addition, the Website includes share buttons of the following social media networks:

Meta Platforms Inc, 1601 S California Ave, Palo Alto, CA 94304, USA, Privacy Policy;
Instagram Inc, 1601 Willow Road, Menlo Park, CA 94025, USA, Privacy Policy;
Youtube, Google LLC, D/B/A YouTube 901 Cherry Ave. San Bruno, CA 94066. USA, Privacy Policy;
TikTok Inc., 5800 Bristol Parkway, Suite 100, Culver City, CA 90230, USA, Privacy Policy.

When pushing the respective buttons, you will be directed to the share options in your mobile device. It is then your decision to share content or not. Only when you decide to share, data is transferred to the respective social media network.

Online advertising and targeting

We use services of various companies to provide you with interesting offers. In the process of doing this, your user behavior on our Website and websites of other providers is analyzed in order to subsequently be able to show you online advertising that is individually tailored to you.

Most technologies for tracking your user behavior and targeting advertisements work with cookies, which can be used to recognize your browser across different websites. Depending on the service provider, it may also be possible for you to be recognized online even when using different end devices (e.g., laptop and smartphone). This may be the case, for example, if you have registered for a service that you use with several devices.

In addition to the data already mentioned, which is collected when websites are called up (log file data) and the use of cookies and which may be passed on to the companies involved in the advertising networks, the following data in particular is used to select the advertising that is potentially most relevant to you:

Information about you that you provided when registering or using a service from advertising partners (e.g., your gender, age group);
User behavior (e.g., search queries, interactions with advertising, types of websites visited, products viewed and purchased, newsletters subscribed to).

We and our service providers use this data to identify whether you belong to the target group we address and take this into account when selecting the advertisements. For example, after you have visited our Website, you may be shown advertisements of the products you have consulted when you visit other sites (“re-targeting”). Depending on the scope of the data, a user’s profile may also be created, which is evaluated automatically, and the ads are selected according to the information stored in the profile, such as membership of certain demographic segments or potential interests or behaviors. Such ads may be presented to you on various channels, which include, in addition to our Website, ads provided through the online advertising networks we use, such as Google.

The data may then be analyzed for the purpose of billing the service provider and assessing the effectiveness of advertising measures in order to better understand the needs of our users and customers and to improve future campaigns. This may also include information that the taking of an action (e.g., visiting certain sections of our Website or sending information) is due to a particular advertising ad. We also receive aggregated reports from service providers of ad activity and information about how users interact with our Website and ads.

In case that GDPR is applicable in your specific circumstances: The legal basis for this data processing is your consent within the meaning of Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time by rejecting or deactivating the relevant cookies in the settings of your web browser. You can also find further options for blocking advertising in the information provided by the respective service provider, such as Google.

Google Ads

This Website uses the services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”) for online advertising. Google uses cookies for this purpose, such as the so-called DoubleClick cookie, which enable your browser to be recognized when visiting other websites. The information generated by the cookies about your visit to these websites (including your IP address) will be transmitted to and stored by Google on servers in the United States. Further information on data protection at Google can be found here.

In case that GDPR is applicable in your specific circumstances: The legal basis for this data processing is your consent within the meaning of Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time by rejecting or deactivating the relevant cookies in the settings of your web browser. Further options for blocking advertising can be found here.

Automated Decision Making

We use automated decision making and/or profiling in relation to our Website through the use of web analytics, cookies, web beacons and server logs analysis tools (profiling). We use targeting cookies to display advertisements to people who visit our Website on other websites around the internet (e.g. using Google Adwords remarketing).

Use Of Your Data For Marketing Purposes

Central data storage and analysis in our CRM system

If it is possible to clearly identify you, we will store and link the data described in this privacy statement, in particular your personal details, your contract details and your surfing behavior on our Website, in a central database. This serves the efficient administration of customer data, allows us to adequately respond to your requests and enables the efficient provision of the services you have requested and the processing of the associated contracts.

In case that GDPR is applicable in your specific circumstances: The legal basis for this data processing is our legitimate interest in the efficient management of user data within the meaning of Art. 6 para. 1 lit. f GDPR.

We evaluate this data to further develop our offers in a needs-oriented manner and to display and suggest the most relevant information and offers to you. We also use methods that predict possible interests and potential future orders based on your website use.

Email marketing and newsletter

If you register for our email newsletter (e.g., when opening or within your customer account), the following data will be collected. Mandatory data is marked with an asterisk (*) in the registration form:

Email address*
Salutation
First and last name

To avoid misuse and to ensure that the owner of an email address has actually given their consent, we use a double opt-in procedure for registration. After sending the registration form, you will receive an email from us containing a confirmation link. To definitely register for the newsletter, you must click on this link. If you do not click on the confirmation link within the specified period, your data will be deleted again and our newsletter will not be sent to this address.

By registering, you consent to the processing of your data to receive messages from us about our company, our offers and related products and services. This may also include invitations to participate in competitions or to evaluate our products and services. The collection of the salutation and name allows us to verify any link between the registration and a possibly already existing customer account and to personalize the content of our messages to you. The link to a customer account helps us to make the offers and content contained in the newsletter more relevant to you and better tailored to your potential needs.

We will use your data to email you until you revoke your consent. Revocation is possible at any time, in particular via the unsubscribe link in all our marketing emails.

Our marketing emails may contain a so-called web beacon or 1×1 pixel (tracking pixel) or similar technical tools. A web beacon is an invisible graphic that is linked to the user ID of the respective newsletter subscriber. For each marketing email sent, we receive information on which addresses have not yet received the email, to which addresses it was sent and for which addresses the sending failed. We also see which addresses have opened the email, for how long and which links they have clicked on. Finally, we receive information about which addresses have unsubscribed. We use this data for statistical purposes and to optimize our promotional emails in terms of frequency, timing, structure, and content. This allows us to better tailor the information and offers in our emails to the individual interests of recipients.

The web beacon is deleted when you delete the email. To prevent the use of the web beacon in our marketing emails, please set the parameters of your email program so that HTML is not displayed in messages if this is not already the case by default. In the help section of your email software you will find information on how to configure this setting, e.g. here for Microsoft Outlook.

In case that GDPR is applicable in your specific circumstances: By subscribing to the newsletter, you also consent to the statistical evaluation of user behavior for the purpose of optimizing and adapting the newsletter. This consent constitutes our legal basis for the processing of your data within the meaning of Art. 6 para. 1 lit. a GDPR.

We use Mailchimp’s email marketing software The Rocket Science Group, LLC, 675 Ponce de Leon Ave, NE, Suite 5000, Atlanta, GA 30308 USA for marketing emails. Your data will be stored in a database of Mailchimp, which allows Mailchimp to access your data if this is necessary for the provision of the software and for support in the use of the software.

In case that GDPR is applicable in your specific circumstances: The legal basis for this processing is the consent your provided for the newsletter marketing in general within the meaning of art. 6 para. 1 lit. a GDPR.

Special Provisions Applicable To Our Business Premises

Video Surveillance

For security purposes the back entrance is monitored by a camera. The image data is only viewed if there is a suspicion of unlawful behavior. Otherwise, the images are automatically deleted after 72 hours.

For the provision of the video surveillance system, we rely on a service provider who may have access to the data where this is necessary for the provision of the system. Should the suspicion of illegal behavior be sub-stantiated, the data may then be passed on to our advisors (in particular our legal advisors) and authorities to the extent necessary to enforce claims or file charges.

Scheduling an appointment in our business premises

To schedule an appointment in our business premises, you will have to first complete the appointment scheduling form. During the appointment scheduling process, you are required to provide certain information, such as name, phone number, email address, and wedding date. This information is used to reserve the date and time that you have selected in the booking form and to communicate anything related to your appointment status, date, and/or time.

Purchase or order of products in our business premises

When you purchase or order certain products, we need your name and various other data to process the purchase or order. Depending on the product or service, we collect the following data, whereby mandatory data are marked with an asterisk (*) in the relevant forms:

First Name*
Last Name*
Billing and delivery address
Email address
Phone number*

We use the data to establish your identity before concluding a contract. We also need your email address for future communication with you that is necessary to perform the contract. We store your data together with the marginal data of the order (e.g. time, order number, etc.), the data on the ordered/booked services (e.g. designation, price and features of the product; “product data”), the data on payment (e.g. selected payment method, confirmation of payment and time) well as the data on the processing and fulfilment of the contract (e.g. return of products, use of service or warranty services, etc.) in our CRM database so that we can ensure correct order processing and contract fulfilment.

Insofar as this is necessary for the fulfilment of the contract, we will also pass on the required information to any third-party service providers (e.g., transport companies).

In case that GDPR is applicable in your specific circumstances: The legal basis for this data processing is the fulfilment of the contract with you according to Art. 6 para. 1 lit. b GDPR.

The provision of data that is not marked as mandatory is voluntary. We process this data in order to tailor our offering to your personal needs in the best possible way, to facilitate the processing of contracts, to contact you via an alternative communication channel, if necessary, with a view to fulfilling the contract, or for statistical collection and evaluation to optimize our offerings.

Payment processing

When you purchase products in our business premises using electronic means of payment, the processing of personal data is required. By using the payment terminals, you transmit the information stored in your means of payment, such as the name of the cardholder and the card number, to the payment service providers involved (e.g., providers of payment solutions, credit card issuers and credit card acquirers). They also receive the information that the payment method was used in our business premises, the amount, and the time of the transaction. Conversely, we only receive the credit for the payment made at the relevant time, which we can assign to the relevant voucher number, or information that the transaction was not possible or was cancelled.

Please consider the information provided by the respective payment service company, in particular the data protection declaration and the general terms and conditions.

For some specific appointments booked on the Website, we require a pre-payment. For that purpose, we also accept online payments through BridalLive, 3423 Piedmont Road, Northeast Atlanta, GA 30305 USA. You can find more information about the data processing in connection with BridalLive here Data, such as the name of the cardholder and the card number, will be transmitted to the payment service providers involved (e.g., providers of payment solutions, credit card issuers and credit card acquirers). They also receive the information that the payment method was used on our Website, the amount, and the time of the transaction. Conversely, we only receive the credit for the payment made at the relevant time, which we can assign to the relevant voucher number, or information that the transaction was not possible or was cancelled.

For payments by invoice, we process your contact details, the transaction amount and where the purchase has been made, e.g. the name of the business premise or our Website.

In case that GDPR is applicable in your specific circumstances: The legal basis for this data processing is the fulfilment of the contract with you according to Art. 6 para.1 lit. b GDPR.

How We Secure Personal Information

We take appropriate technical and organisational measures to secure your information and to protect it against unauthorized or unlawful use and accidental loss or destruction, including:

only sharing and providing access to your information to the minimum extent necessary, subject to confidentiality restrictions where appropriate, and on an anonymized basis wherever possible;
verifying the identity of any individual who requests access to information prior to granting them access to information;
using Secure Sockets Layer (SSL) software to encrypt any information you submit to us via any forms on our Website.

TRANSMISSION OF INFORMATION TO US BY EMAIL

Transmission of information over the internet is not entirely secure, and if you submit any information to us over the internet (whether by email, via our Website or any other means), you do so entirely at your own risk.

We cannot be responsible for any costs, expenses, loss of profits, harm to reputation, damages, liabilities or any other form of loss or damage suffered by you as a result of your decision to transmit information to us by such means.

Disclosure And Additional Uses Of Your Information

This section sets out the circumstances in which will disclose information about you to third parties and any additional purposes for which we use your information.

Disclosure of your information to other group companies

We are entitled to disclose your personal data to other group companies or connected companies, including, but not limited to Essense of Australia, Inc., Australia, as well as True Society AG, Bahnhofstrasse 13, Zug, Switzerland, True Brides AG, Bahnhofstrasse 13, Zug, Switzerland, True Brides Germany GmbH, Hamburg, Germany, and other local Essense of Australia / True Society entities.

These companies will process the personal data to assist us in providing services to you.

In case that GDPR is applicable in your specific circumstances: The legal basis for these disclosures is the necessity for the performance of the contract within the meaning of Art. 6 para. 1 lit. b GDPR.

In addition, these company may with your consent process the personal data for own purposes, such as marketing purposes, e.g. by sending you information about their products and services, statistical purposes, e.g. for business analysis and business strategy purposes. Where possible, aggregated data is used for these purposes.

In case that GDPR is applicable in your specific circumstances: In case that personal data is used for these purposes, the legal basis is your consent according to Art. 6 para. 1 lit. a GDPR. You can revoke this consent at any time for the future.

Disclosure of your information to service providers

Without the support of other companies, we would not be able to provide our services in the desired form. To use the services of these companies, it is necessary to pass on your personal data to a certain extent. Such a transfer takes place to the extent that it is necessary for the fulfilment of the contract requested by you, for example to the logistics or transport companies that deliver the requested products, or to a manufacturer who is to fulfil your warranty claim.

Furthermore, data is passed on to selected service providers, but only to the extent necessary for the provision of their services. Various third-party service providers are explicitly mentioned in this privacy statement, e.g., in the sections on marketing. These are, for example, IT service providers (such as providers of software solutions), advertising agencies and consultancies.

In case that GDPR is applicable in your specific circumstances: Our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR in the procurement of third-party services forms the legal basis for this data transfer.

The third parties include the following categories of providers:

Email providers
Hosting providers
Phone providers
CRM provider

We do not display the identities of all of our service providers publicly by name for security and competitive reasons. If you would like further information about the identities of our service providers, however, please contact us directly by email and we will provide you with such information where you have a legitimate reason for requesting it (where we have shared your information with such service providers, for example).

Disclosure and use of your information for legal reasons

In addition, your data may be disclosed to authorities, legal advisors, or debt collection agencies, if we are legally obliged to do so or if this is necessary to protect our rights, in particular to enforce claims arising from our relationship with you. Data may also be disclosed if another company intends to acquire our company or parts thereof and such disclosure is necessary to carry out due diligence or to complete the transaction.

In case that GDPR is applicable in your specific circumstances: The legal basis for this data transfer is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR in safeguarding our rights and complying with our obligations or the sale of our company. In case that the disclosure is required by the laws of a member state, the legal basis is Art. 6 para. 1 lit. c GDPR.

Transfer Of Personal Data Abroad

We are entitled to transfer your personal data to third parties abroad if this is necessary to carry out the data processing mentioned in this privacy statement. In doing so, we will of course comply with the statutory provi-sions on the disclosure of personal data to third parties. If the country in question does not have an adequate level of data protection, we guarantee through contractual regulations that your data is adequately protected by the recipients.

How Long We Retain Your Information

This section sets out how long we retain your information. We have set out specific retention periods where possible. Where that has not been possible, we have set out the criteria we use to determine the retention period. We retain your information for no longer than necessary, taking into account any legal obligations we have (e.g. to maintain records for tax purposes), any other legal basis we have for using your information (e.g. your consent, and performance of a contract with you or our legitimate interests as a business). For specific retention periods in relation to certain information which we collect from you, please see the main section below entitled How long we retain your information.

Server log information: we retain information on our server logs for 90 days.

Correspondence and inquiries: when you make an inquiry or correspond with us for any reason, whether by email or by phone, we will retain your information for as long as it takes to respond to and resolve your inquiry, and for 3 further months after which point we will delete your information.

CRITERIA FOR DETERMINING RETENTION PERIODS

In any other circumstances, we will retain your information for no longer than necessary, taking into account the following:

the purpose(s) and use of your information both now and in the future (such as whether it is necessary to continue to store that information in order to continue to perform our obligations under a contract with you or to contact you in the future);
whether we have any legal obligation to continue to process your information (such as any record-keeping obligations imposed by relevant law or regulation);
whether we have any legal basis to continue to process your information (such as your consent);
how valuable your information is (both now and in the future);
any relevant agreed industry practices on how long information should be retained;
the levels of risk, cost and liability involved with us continuing to hold the information;
how hard it is to ensure that the information can be kept up to date and accurate; and
any relevant surrounding circumstances (such as the nature and status of our relationship with you).

Your Rights In Relation To Your Information

Provided that the relevant legal requirements are met, as a person affected by data processing you have the following rights:

Right of access: You have the right to request access to your personal data stored and processed by us at any time and free of charge. This gives you the opportunity to check what personal data we process about you and that we use it in accordance with applicable data protection regulations.

Right to rectification: You have the right to have inaccurate or incomplete personal data rectified and to be informed of the rectification. In this case, we will inform the recipients of the data concerned of the adjustments made, unless this is impossible or involves disproportionate effort.

Right to deletion: You have the right to have your personal data deleted under certain circumstances. In individual cases, especially in the case of legal retention obligations, the right to deletion may be excluded. In this case, we may block your data instead, provided the conditions are met.

Right to restrict processing: You have the right to request that the processing of your personal data be restricted.

Right to data transfer: You have the right to obtain from us, free of charge, the personal data you have provided to us in a readable format.

Right to object: You can object to the processing of your data at any time, in particular for data processing in connection with direct advertising (e.g. advertising emails).

Right of withdrawal: In principle, where you have given consent you have the right to withdraw that consent at any time. However, processing activities that have already taken place based on your consent do not be-come unlawful because of your revocation of consent.

To exercise these rights, please send us an email to the following address:

dataprivacy@essensedesigns.com

Right of complaint: You have the right to lodge a complaint with a competent supervisory authority, for example against the way your personal data is processed.

VERIFYING YOUR IDENTITY WHERE YOU REQUEST ACCESS TO YOUR INFORMATION

Where you request access to your information, we are required by law to use all reasonable measures to verify your identity before doing so.

These measures are designed to protect your information and to reduce the risk of identity fraud, identity theft or general unauthorised access to your information.

In case that GDPR is applicable in your specific circumstances: The legal basis for this processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR in the protection of our customers’ personal data.

HOW WE VERIFY YOUR IDENTITY

Where we possess appropriate information about you on file, we will attempt to verify your identity using that information. If it is not possible to identity you from such information, or if we have insufficient information about you, we may require original or certified copies of certain documentation in order to be able to verify your identity before we are able to provide you with access to your information.

We will be able to confirm the precise information we require to verify your identity in your specific circumstances if and when you make such a request.

Your Right To Object To The Processing Of Your Information For Certain Purposes

You have the following rights in relation to your information, which you may exercise in the same way as you may exercise by sending an email to dataprivacy@essensedesigns.com:

to object to us using or processing your information where we use or process it in order to carry out a task in the public interest or for our legitimate interests, including ‘profiling’ (i.e. analyzing or predicting your behavior based on your information) based on any of these purposes; and
to object to us using or processing your information for direct marketing purposes (including any profiling we engage in that is related to such direct marketing).

You may also exercise your right to object to us using or processing your information for direct marketing purposes by:

clicking the unsubscribe link contained at the bottom of any marketing email we send to you and following the instructions which appear in your browser following your clicking on that link;
sending an email to dataprivacy@essensedesigns.com, asking that we stop sending you marketing communications or by including the words “OPT OUT”.

Sensitive Personal Information

‘Sensitive personal information’ is information about an individual that reveals their racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic information, biometric information for the purpose of uniquely identifying an individual, information concerning health or information concerning a natural person’s sex life or sexual orientation.

We do not generally seek to obtain sensitive personal information unless it is volunteered by you. If you inadvertently or intentionally provide sensitive personal information to us, you will be considered to have explicitly consented to us processing that sensitive personal information.

Examples of sensitive personal data we may request to better serve and meet your needs include:

Food allergies;
dietary requirements which may imply or suggest your religion, health or other sensitive personal data;
observance of religious holidays which may imply your religion;
mobility requirements;
disabilities; and
medical conditions.

Such sensitive data is only shared with other members of Essense of Australia, Inc. or our third party service providers (e.g. restaurants, accommodation providers) for the purpose of providing the best possible services to you and will not be shared or used by us for any other purposes.

Changes To Our Privacy Statement

We update and amend our privacy statement from time to time.

Minor changes to our privacy statement

Where we make minor changes to our privacy statement, we will update our privacy statement with a new effective date stated at the beginning of it. Our processing of your information will be governed by the practices set out in that new version of the privacy statement from its effective date onwards.

Major changes to our privacy statement or the purposes for which we process your information

Where we make major changes to our privacy statement or intend to use your information for a new purpose or a different purpose than the purposes for which we originally collected it, we will notify you by email (where possible) or by posting a notice on our Website.

We will provide you with the information about the change in question and the purpose and any other relevant information before we use your information for that new purpose.

Wherever required, we will obtain your prior consent before using your information for a purpose that is different from the purposes for which we originally collected it.

Children’s Privacy

Because we care about the safety and privacy of children online, we voluntarily comply with the Children’s Online Privacy Protection Act of 1998 (COPPA). COPPA and its accompanying regulations protect the privacy of children using the internet. We do not knowingly contact or collect information from persons under the age of 18. The Website is not intended to solicit information of any kind from persons under the age of 18.

It is possible that we could receive information pertaining to persons under the age of 18 by the fraud or deception of a third party. If we are notified of this, as soon as we verify the information, we will, where required by law to do so, immediately obtain the appropriate parental consent to use that information or, if we are unable to obtain such parental consent, we will delete the information from our servers. If you would like to notify us of our receipt of information about persons under the age of 18, please do so by sending an email to cs.usa@essensedesigns.com.

Specific Information For EU/EEA And Swiss Residents

Please note that for the data processing activities in the business premises in Zug and Hamburg True Brides AG, Bahnhofstrasse 13, 6300 Zug, Switzerland, or True Brides Germany GmbH, Überseeboulevard 5, 20457 Hamburg, Germany, are the data controller in the sense of the applicable data protection laws.

The applicable data protection laws in the EU/EEA – the EU-General Data Protection Regulation (“GDPR”) and the Swiss Federal Data Protection Act (FADP) have already been considered in the sections above.

We store your data on servers in the USA. Furthermore, some of the third-party service providers mentioned in this privacy statement are based in the USA. For the sake of completeness, we would like to point out that there are surveillance measures in place in the USA by US authorities, which generally allow the storage of all personal data of all persons, whose data has been transmitted to the USA. This is done without any differentiation, limitation or exception based on the objective pursued and without any objective criterion that would make it possible to limit the access of the US authorities to the data and its subsequent use to very specific, strictly limited purposes that are capable of justifying the intrusion associated with both the access to and the use of this data. Furthermore, we would like to point out that in the USA, foreign data subjects do not have any legal remedies that allow them to obtain access to the data concerning them and to obtain its correction or deletion, or that there is no effective judicial legal protection against general access rights of US authorities. We explicit-ly draw the attention of data subjects to this legal and factual situation so that they can make an appropriately informed decision to consent to the use of their data.

We would like to point out that the USA does not have a sufficient level of data protection from the perspective of Switzerland and the EU – among other things, due to the issues mentioned in this section. Insofar as we have explained in this privacy statement that recipients of data (such as Google) are based in the USA, we will ensure that your data is protected at an appropriate level with our partners through contractual arrangements with these companies as well as any additional appropriate guarantees required, which protect the rights of individuals, whose personal data is transmitted to a third country.

California Do Not Track Disclosures

“Do Not Track” is a privacy preference that users can set in their web browsers. When a user turns on a Do Not Track signal in their browser, the browser sends a message to websites requesting that they do not track the user. For information about Do Not Track, please visit www.allaboutdnt.org.

YOUR CALIFORNIA PRIVACY RIGHTS

California Civil Code Section 1798.83 permits Users that are residents of California to request certain information regarding True Society’s disclosures of personally identifiable information to third parties for such third parties’ direct marketing purposes. If user is a California resident and would like to make such a request, please email Essense of Australia, Inc. at cs.usa@essensedesigns.com or write us at 15500 W. 113th St. Suite 300, Lenexa, Kansas 66219.