Skip to Content (Press Enter) Skip to Footer (Press Enter)
Wishlist

Privacy Policy

Last updated on the 18th of February 2026

PRIVACY POLICY NOTICE
for user of the website www.viviennewestwood.com and for the e-commerce customers of the aforementioned website

1) WHO PROCESSES YOUR PERSONAL DATA AND THEIR CONTACTS

This privacy policy notice is being given to you by:
1) Vivienne Westwood S.r.l with registered offices at Corso Venezia 25, 20121 Milano (MI), Italy; and

2)  Vivienne Westwood Ltd., with registered offices at Westwood Studios, 9-15 Elcho Street, London SW11 4AU, England.

Both can be contacted, for issues regarding this privacy policy notice, at the following e-mail address: privacy@viviennewestwood.com.
Both have also appointed a Data Protection Officer, who can be reached at: 
- For Vivienne Westwood Srl: dposrl@viviennewestwood.com 
- For Vivienne Westwood Ltd: dpoltd@viviennewestwood.com 

The above-mentioned companies will process Your personal data as “Joint Controllers” and will be thereon collectively referred to as “Joint Controllers” in this document. 

The Joint Controllers, in accordance with art. 13 of the EU Regulation 679/2016 (hereinafter “GDPR”), inform the website user, as data subject (hereinafter only referred to as the “data subject”) that they have, in accordance with art. 26 of the GDPR, drafted and  signed a Joint Controllership Agreement also for the processing of personal data for purposes connected to this website, of which the essential parts are made available to the data subject. 

The Joint Controller also informs the data subject, as per articles 13 and 14 of the GDPR and, whenever applicable, the local data protection regulations, including national laws, that personal data relating to users of the website www.viviennewestwood.com  (hereinafter, “Website”), including any data you may provide through this Website when you sign up to our e-newsletter, completed our forms, interact with us on social media platforms and/or purchase a product on the e-commerce, and those collected through cookies (hereinafter, “Cookies”), will be processed in the manner and for the purposes set out in this privacy policy notice (“Privacy Policy” and/or “Policy”).
 

2) OTHER IMPORTANT INFORMATION BEFORE YOU START READING OUR PRIVACY POLICY

By registering on this Website, as well as when filling out any forms on this Website or when requesting a subscription to the newsletter service, you confirm that you are 16 years of age (or 13 years of age if you are located in the United Kingdom) or, in any case, that you have reached the age of consent applicable in your country of residence, in accordance with Article 8 of the GDPR or the UK GDPR. At the end of this document, you will find Definitions, referring to more detailed explanations of the capitalised terms. From time to time, we may update this Policy. When we do, we will publish the changes on this Website. 

For the processing of your Personal Data during your offline purchasing process in Our Shops, the Vivienne Westwood company located in the country where the purchase takes place acts as the sole Data Controller, at least with regard to the issuance of the tax document. For such processing you will be informed through an appropriate privacy policy. By contrast, Vivienne Westwood Italy and Vivienne Westwood UK act as Joint Controllers for the processing activities related to marketing purposes, of which you will be informed in this Policy.

It is likely that for certain countries where we carry out our business activities, specific and local data protection provisions might apply with regard to the processing of personal data. Hence, where such specification is needed, you can hereunder find the list of those countries that require us to process your Personal Data according to the relevant data protection law applicable therein. 

Specific localised sections
1.    Australia
2.    Belgium 
3.    China
4.     Hong Kong
5.     New Zealand
6.    Switzerland
7.    Thailand
8.    United States
9.    Japan
 

 

This Policy applies to existing members who have agreed that the Joint Controllers will act as the personal information handling operator going forward and new members who register on or after March 2026, as well as customers who make purchases as guests (meaning customers who purchase our products without creating an account). If you have any questions you can write to the Joint Controllers at the contacts listed in this Policy. 

3) CATEGORIES OF PROCESSED PERSONAL DATA
We may collect, use, store and transfer different kinds of personal data about you from when you this Website, our social media pages, and/or when you complete one of the forms on the above-mentioned website as follows: 

  • Identity Data – includes first name, maiden name, last name, username or similar identifier, title, date of birth and gender. 
  • Contact Data – includes billing address, delivery address, email address and telephone numbers. 
  • Financial Data – includes bank account and payment card details. 
  • Transaction Data – includes details about payments to and from you and other details of products and services you have purchased from us. 
  • Technical Data – includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this Website. 
  • Website’s account Data – includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses. 
  • Usage Data – includes information about how you use our website, products and services. 
  • Marketing and Communications Data – includes your preferences in receiving marketing from us and our third parties and your communication preferences. 

We use different methods to collect data from and about you including through direct interactions, automated technologies or interactions and third parties or publicly available sources. The Personal Data collected and the related purposes of processing depend on how you interact with us and how you manage Cookie settings, Browser and the Device you are using. 

4) WHY WE USE YOUR PERSONAL DATA - PURPOSES AND LEGAL BASIS
a)    Processing necessary for compliance with a legal obligation to which the Data Controller is subject to (Art. 6 par. 1 lett. c) of the GDPR and the UK GDPR)
i)    Compliance with local legal obligations, e.g. European regulations, national laws and codes, tax and fiscal laws, consumer laws, international shipping regulations etc. It must be noted, regarding this purpose, that the above-mentioned Joint Controllers will be acting as autonomous Controllers for their own compliance with the applicable laws and regulations.

The retention period for the purposes in section 4. Lett. a) point i) is: from a minimum of 6 years (from the UK regulations) to a maximum of 10 years (from Italian laws).
Retention periods for the purpose above may be longer due to local laws or due to legal actions.
Where we need to collect and process personal data under applicable laws and regulations and you fail to provide that data when requested, we may not be able to perform the activities you requested (e.g. the purchase of our goods or of our services). We will notify you if this is the case at the time.

b)    Processing personal data that is necessary to perform a contract to which the data subject is party or in order to take steps at the request to the data subject prior to entering into a contract (Art. 6 par. 1 lett. b) of the GDPR and the UK GDPR).
i)    Registering an account to access certain areas of our platform;
ii)    To use our Services, to make purchases on our platform, to have the product delivered or the service performed, to make requests regarding your purchase order (e.g. to return the product delivered to change the size it, or in general to return it in compliance with our return policy);
iii)    To manage the administrative and bookkeeping duties related to the purchase of goods and services on our platform; 
iv)    To perform interactions with our support services regarding the purchase order (e.g. to reschedule delivery or service, to have information regarding our return policy);
v)    To safeguard contractual rights or rights arising from established legal relationships, and in particular those connected to the account registered on this platform or concerning the purchases of goods or services on this platform. 

The retention period for the purposes in section 4. Lett. b) point i) is: 5 years since the last access to the account.

The retention period for the purposes in section 4. Lett. b) point ii) is: 10 years since the single purchase of goods or services.

The retention period for the purposes in section 4. Lett. b) point iii) is: 10 years since the single purchase of the goods or services. 

The retention period for the purposes in section 4. Lett. b) point iv) is: until the request has been completed, however it can be retained for longer period if the data is necessary to document contractual performance. In such case, the retention period will be the same as the one in purpose 4. Lett. b) point ii). 

The retention period for the purposes in section 4. Lett. b) point v) is: 10 years since the single purchase of goods or services.

Where we need to collect personal data under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods). In this case, we may have to cancel the contract you have with us but we will notify you if this is the case at the time.
c)    Processing personal data based upon the Data Controller’s legitimate interest (Art. 6 par. 1 lett. f) of the GDPR and the UK GDPR).
i)    Recording of communications, both in written and audio form, for security, to verify the quality of the service and for training of our employees, for example when you contact us by email, mail, telephone or otherwise regarding our products or request other information; 
ii)    Checking the correct functioning (e.g. finding bugs in the platform) and security of this platform;
iii)    Processing of anonymous statistics relating to the use (e.g. interactions with various pages, item viewed but not bought, abandoned carts, heatmaps of the cursors, scroll depth etc.) of this platform to improve the services offered on it;
iv)    Carrying out anti-fraud activities and checks, and therefore activities to prevent and prosecute any fraudulent activities;
v)    Receive communications regarding abandoned carts on our platform;
vi)    To safeguard the rights not directly arising from established contractual relationships between the Joint Controller and the data subject.

The retention period for the purposes in section 4. Lett. c) point i) is: 1 month.

The retention period for the purposes in section 4. Lett. c) point ii) is: up to 6 months from the date the IT security incident occurred, or from the reported bug or website issue.

The retention period for the purposes in section 4. Lett. c) point iii) is: at the moment of collection, data will be aggregated and thus anonymized.

The retention period for the purposes in section 4. Lett. c) point iv) is: Until the purchase or the payment has been executed, unless the payment or the purchase has been blocked. In such cases, if the payment has been blocked, the retention period will be as section 4 lett. b) point v) (i.e.,10 years).

The retention period for the purposes in section 4. Lett. c) point v) is: until 24 hours after the closing of the shopping session.

The retention period for the purposes in section 4. Lett. c) point vi) is: 5 years after the damage has happened.

With regard to purposes based on legitimate interest and which do not require consent, if a data subject objects to the use of their data for purposes, then the Data Controllers won’t be able to carry out those purposes or provide related services to that data subject. However, the Data Controllers might still use the data if it has strong legal reasons or needs to protect its rights in court.

d)    Processing personal data based upon the data subject’s consent (Art. 6 par. 1 lett. a) of the GDPR and the UK GDPR).
i)    To receive marketing communications based upon instant messaging, e-mail, sms;
ii)    To receive personalized marketing communications and offers based upon your interest as result of a profiling activity through your habits, including purchase history;
iii)    To receive offers based on your localization through inputting your location on your platform account;
iv)    Participation to surveys on customer’s satisfaction and the experience she/he had in our boutiques, which can also be used to offer you personalized marketing communications and offers.

 The retention period for the purposes in section 4. Lett. d) point i) is: 2 years.

The retention period for the purposes in section 4. Lett. d) point ii) is: 2 years.

The retention period for the purposes in section 4. Lett. d) point iii) is: 2 years.

The retention period for the purposes in section 4. Lett. d) point iv) is: 2 years.

You can always easily withdraw your consent in the following ways:
•    Through your account settings;
•    By clicking on the ‘unsubscribe’ link in any such email received; 
•    By writing to privacy@viviennewestwood.com; and/or
•    By contacting our Customer Service Team. 

5) METHOD OF PROCESSING

Data collected for the purposes indicated above are processed both manually and via electronic processing, namely, through programs or algorithms that analyse Data inferred by your activities, Information about your location, and Data collected by the Browser and the Device. 

Your Data may also be subject to Combination and/or Crossing, which provides a deeper understanding of your interactions with us. The Combination and/or Crossing of your information for the purposes we process it for (e.g., customizing the Services) can be enabled or disabled as explained in the “How to control your Data and manage your choices” section below.  

 

6) RECIPIENTS OF YOUR PERSONAL DATA

We disclose your Data to the following list of persons/entities (“Recipients”): 

  • Persons authorized by us to perform any of the data-related activities described in this document: our employees and collaborators who have undertaken an obligation of confidentiality and abide by specific rules concerning the processing of your Data;
  • Our Data Processors: external companies to whom we delegate some processing activities. For example, fulfilment centres and warehouses, advertising, digital, marketing and social media agencies, IT service providers, customer care service providers, security systems providers, accounting, administrative, legal, tax, financial and debt collection consultants, data hosting platform providers, etc. In such cases, sharing personal information with the Processors is necessary for the Controllers to fulfil their contractual obligations and to improve VW’s products and services. We have signed agreements with each of our Data Processors to ensure that your Data are processed with appropriate safeguards and only under our instruction. 
  • Systems administrators: our employees and those of our Data Processors which assist us with the management of our IT systems and therefore can access, modify, suspend and limit the processing of your Data. These individuals have been previously selected, adequately trained and their activities tracked by systems they cannot modify.
  • Third parties in relation to your purchases: external payment providers, international carriers, couriers and postal operations, who act as autonomous Data Controllers.
  • Our Entities: depending on your jurisdiction, we and some of our Entities will process your Data in compliance and pursuant to the applicable data protection legislation.  
  • Law enforcement or any other authority whose provisions are binding on us: this is the case when we have to comply with a judicial order or law or defend ourselves in legal proceedings. Where a government, being supranational, federal, state or governmental, prefectural or local government, statutory, administrative or regulatory body, court, agency, including a law enforcement agency, or any other authority in any part of the world (also outside of your jurisdiction) whose regulations, directives, Policies, resolutions, orders, decrees, injunctions, warrants, subpoenas, or judgments are binding upon us requires us to disclose your Data, we will not share your Data without your consent, unless we are under a legal obligation to comply with said regulations, etc.

7) INTERNATIONAL TRANSFERS

Vivienne Westwood is a global brand available in multiple jurisdictions worldwide.
This means that your Data may be stored, accessed, used, processed, and disclosed outside your jurisdiction, including within the European Union, and the United States of America.

For data subjects that are located inside the European Union, your data may be transferred outside the European Union, and in particular to the United Kingdom, on the basis of the Decision (EU) 2021/1772 of the 28th of June 2021, to one of the Joint Controllers and, in particular, Vivienne Westwood LTD and its data processors located in the UK.

We take steps and have safeguards in place to ensure that the processing of your Data by our Recipients is compliant with the applicable data protection laws, including the UK and the Italian laws to which we are subject. Where required by UK or EU data protection law, transfers of your Data to Recipients outside of the EU will be subject to adequate safeguards (such as the EU standard contractual clauses for data transfers between EU and non-EU countries), and/or other legal basis according to the EU and the UK legislation. For more information on the adequate safeguards we have implemented with regard to Data that is transferred to third countries, please write to: privacy@viviennewestwood.com

8) YOUR DATA PROTECTION RIGHTS 

At any time, you can ask to: 

  • Access your Personal Data: for example, you have the right to ask us for copies of your personal data. Depending on your use of our Services, we will provide the Data we have about you, such as your name, age, IP Address, Unique Identifiers, e-mail and preferences expressed, together with the Policy you received when you provided them, and the source of the Personal Data if available (if, for example, they were provided to us by one of our business partners);  
  • Exercise your right to the portability of your Personal Data: for example, in respect of information you have given to us, you have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you. According to your use of our Services, we will provide you with a structured, commonly used and machine-readable format containing your Data; 
  • Correct your Data: for example, you have the right to ask us to rectify personal information you think is inaccurate and to complete information you think is incomplete. For example, you can ask us to modify your e-mail address or telephone number if they are incorrect;
  • Limit the processing of your Data: for example, you have the right to ask us to restrict the processing of your information in certain circumstances for example, when you think that the processing of your Data is unlawful or that processing based on our legitimate interest is not appropriate;
  • Delete your Data: for example, you have the right to ask us to erase your personal data in certain circumstances. For example, when you do not want to use our Services and do not want us to retain your Data any longer; 
  • Update your preferences for processing based on your consent. According to your use of our Services, you may request us to not send you marketing communications and/or to not personalize our Services including any Content that may be useful to you.
  • Withdrawal of Consent: If you have provided us with your consent to process your data, you have the right to withdraw your consent at any time unless there is a restriction of the withdrawal of consent by law, or the contract that benefits you. The withdrawal of your consent does not affect the legality of the processing carried out based on the consent until the withdrawal.
  • Right to Objection: if we are processing personal data that concerns you on the lawful basis of legitimate interest or for direct marketing purposes, you have the right to object to the processing of your personal data carried out by us or on our behalf.
  • Right to File a Complaint: If you believe that we have not complied with the requirements of the GDPR or the UK GDPR concerning your personal data, you have the right to lodge a complaint with the relevant national data protection authority (whose contact details are available here) or, for the UK GDPR, to the Information Commissioner Office (ICO, available here www.ico.org.uk).
  • Right to File a Complaint to the Data Controller (only applicable the UK data subjects): the data subject can file a complaint directly to the Data Controller if she/he believes that her/his rights as recognized by UK GDPR or other laws and regulations have been infringed upon. 

Please note that there are some exemptions to the above rights, which means you may not always receive all the information we process, or we may not otherwise have to comply with your request to exercise your right(s).

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

In accordance with EU and UK data protection law, we try to reply to all legitimate requests without undue delay and within one month of its receipt (extendable for two further months in case of particular complexity or if you have made a number of requests). Please remember that some of your rights may be subject to restrictions if the applicable law allows.

You can exercise any of the rights listed above against: 

  • VW by writing to privacy@viviennewestwood.com 
  • One or more Entities, which process your Data by sending a communication to the contact details you will find in their communications;

At any time, you can also contact the VW Legal Representative appointed within your jurisdiction. 

  • If you are based in the EU: Vivienne Westwood S.r.l. with registered offices at Corso Venezia 25, 20121 Milano (MI), Italy;
  • If you are based in UK: Vivienne Westwood Ltd., with registered offices at 9-15 Elcho Street, London, SW11 4AU 

Contact the competent Supervisory Authorities (or the one of your country of residence) whose contact details are available here.

9) CHANGES TO THE POLICY

This Policy entered into force on the date indicated at the beginning  of this document. We reserve the right to modify or update this Policy, in full or in part, from time to time at our discretion or as a consequence of changes in applicable law or regulations.  Any future changes to this Policy will be posted on this platform and where appropriate, notified to users by email. Users are encouraged to read this Policy frequently to check for any updates or changes.

10) DEFINITIONS

Aggregated Information: refers to statistical information about you that does not contain your Personal Data. We use this information for analysing and improving our Services and creating new services and features and to create statistical reports for Our Shops. 

Browser: refers to programs used to access the internet (e.g., Safari, Chrome, Firefox, etc.).

Combination and/or Crossing: this is the set of fully automated and non-automated operations which we combine with the Information about your location, the Data inferred by  your activity, the Data collected by the Browser and the Device, the Data you provide used to provide the Services, analysing and improving our Services and creating new services and features, as well as to offer Content that may be useful to you. We may also combine and/or cross information from different sources, such as information collected from Our Pages, Data collected from public or publicly accessible sources and Data collected by third parties.

Content that may be useful to you: for example, if you search for a particular product, we may display similar products on Our Pages or through Programmatic Advertising. Customization of the content may occur through the Combination and/or Crossing of Data. 

Cookie: A cookie is a small text file that is downloaded onto your Device (e.g., smartphone, computer, iPad) when you access Our Pages. It allows websites to recognize your device and store information about your preferences or past actions (e.g., the fact that you visited the site, your language and other information). The information collected via cookies may be about you, your preferences or your Device and is mostly used to make Our Pages work as you expect. Information collection via cookies does not usually directly identify you, but it can give you a more personalized experience on Our Pages you are visiting, as they might be used to record your preferences regarding the use of Cookies (technical cookies), analyse and improve our Services and create new services and features or Customizing our Services, including Content that may be useful to you.

Data Controller or Joint Data Controller: refers to the legal person, public authority, service or other entity which, individually or jointly, determines the purposes and means for processing your Personal Data. With regard to the processing of customers’/clients’ personal data,  the Joint Controllers are Vivienne Westwood S.r.l. and Vivienne Westwood Ltd. With regard to online purchases and with reference to the relevant Shopping Data (e.g., transactional data), Vivienne Westwood S.r.l. and Vivienne Westwood Ltd will be Joint Controllers together with all the Entities around the world. 

Data Processor: refers to an entity that we engage to process your Personal Data solely on behalf of and pursuant to the written instructions provided by us.
Device: refers to the electronic device (e.g., iPhone) which you use to visit Our Pages.

Entities: refers to, Latimo S.A., having its legal office in Luxembourg, 8 Rue du Marchè-aux-Herbes, L-1728, Luxembourg, Rio Bravo Inc., having its legal offices in Los Angeles, 8320 Melrose Avenue, Los Angeles CA 90069, California, Vivienne Westwood Asia Ltd., having its legal offices in Shanghai, 26 Floor, No. 828-838, Zhang Yang Road, Pudong District, China (Shanghai), Vivienne Westwood France Sarl, having its legal offices in Paris, 175, Rue Saint Honorè, 75001, Vivienne Westwood Ltd (R.O. Thailand), having its legal offices in Chiang Mai, Kad Suan Kaew, 21 Huay Kaew Rd., T. Suthep. A. Muang Chiang Mai, Chiang Mai 50200 Thailand. More information is available by writing to: privacy@viviennewestwood.com.  

IP Address: is a unique number used by your Browser or your Device in order to connect to the internet. The internet service provider provides this number allowing identification of the provider and/or the approximate area where you are located. Without this data, you cannot connect to the internet and use our Services or use Content that may be useful to you. 

Other Tracking Technologies: pixel tags (tracers used with Cookies and embedded in images on web pages to track certain activities, such as the viewing of Content that may be useful to you, or to see if an e-mail has been read) or Unique Identifiers embedded in links to marketing communications that send us information when clicked on.

Our Forms: any form through which we can collect your Data (e.g., Sign-up Cards etc.). 

Our Pages: includes our Site (https://www.viviennewestwood.com/) also our social network pages.
 
Our Shops: these include Vivienne Westwood e-commerce and our directly operated physical shops present worldwide. 

Personal Data: means any information relating to an identified or identifiable natural person whether directly or indirectly, as well as any information that is linked or reasonably linkable to a particular individual or household. For example, an e-mail address (if it refers to one or more aspects of an individual), IP addresses, and Unique Identifiers are considered Personal Data. 

Programmatic Advertising: these are platforms that share the information they collect about you, such as your IP Address and the data collected by Cookies, SDKs and Other tracking technologies, with entities who have an interest in showing you Content that may be useful to you. In our case, if you look at a particular product on Our Pages, we will ask participants in Programmatic Advertising to grant us an advertising space on one of the websites you visit in order to display Content that may be useful to you. On this point, we would like to reiterate that the communication of your Data to participants in Programmatic Advertising is based on your prior and specific consent provided on the banner when the first visiting Our Pages. If you want to know how you can object to such communications, please follow the instructions in the “How you can control your Personal Data and manage your choices” section above.

SDK: are software libraries that are installed together with a mobile application. They allow the collection of Data in the same way as the Cookies do on the Browser. Depending on the settings of your Device, SDKs can collect Information about your location, Unique Identifiers, and Data inferred by your activity. 

Sensitive Data: means Personal Data that reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership and the processing of genetic data, biometric data aimed at uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

Services: collectively, this means all the services available on Our Pages and Our Shops including sales, booking an appointment with our stylists and aftersales services. 

Shopping Data: this category of data includes both information about the customer (e.g., first and last name, address, e-mail address, date of birth) and information on the transaction (e.g., goods, article numbers, purchase price and similar information).

Unique Identifiers: consist of information that can uniquely identify you through your Browser and Device. On the Browser, your IP Address and Cookies are considered Unique Identifiers. On your Device, advertising identifiers provided by manufacturers, such as Apple’s IDFA and Android’s AAIG, which we use for analysing and improving our Services and creating new services and features including Content that may be useful to you, are considered Unique Identifiers. Please note that for these purposes and in line with the opinions of the European Supervisory Authorities, we do not use other Unique Identifiers such as MAC Addresses and IMEIs as they are not resettable by you.  

Last Updated: October 2025
 

LOCALIZATION SECTION 

IF YOU HAVE RESIDENCE IN ONE OF THE COUNTRIES LISTED BELOW, PLEASE CHECK IN THE RELEVANT SECTION IF ANY SPECIFIC CLAUSE SHALL BE APPLIED. THE CLAUSES NOT MENTIONED BELOW REMAIN UNAFFECTED.

1.    AUSTRALIA
2.    BELGIUM 
3.    CHINA
4.    HONG KONG
5.    NEW ZEALAND
6.    SWITZERLAND
7.    THAILAND
8.    UNITED STATES
9.    JAPAN

IF YOU HAVE RESIDENCE IN AUSTRALIA, THE FOLLOWING CLAUSES WILL BE APPLIED: 

If you are in Australia, in addition to the rights and protections provided elsewhere in this Policy, you also have the:

  • right to anonymity and pseudonymity. While this means that you may withhold giving us your name, or use a fictitious name, it also means that we may not be able to provide a Service to you, or to fulfill a request, such as when you ask for access to your Data.

You can make a complaint under the Australian privacy law to the:

If you are in Australia, you should acquaint yourself with Australian telecommunication and data surveillance laws that operate independently of VW and limit your right to privacy.

IF YOU HAVE RESIDENCE IN BELGIUM THE FOLLOWING CLAUSES WILL BE APPLIED: 

The Services are generally not intended for persons under the age of majority in your country or for adults under guardianship. If you are under this age or you are an adult under guardianship, by using the Site you represent and warrant that you have obtained the consent of a parent or legal guardian to place orders and, in general, to use the services offered through the Site.
This means that if you are under 18, you need permission from a parent or guardian to use our website and services. If you are a minor when you visit our website, we will assume that you have obtained this consent prior to your visit.
You can exercise any of the rights as recognized by the European and Belgian legislation regarding data protection towards: 

  • VW by writing to privacy@viviennewestwood.com
  • one or more Entities, which processed your Data by sending a communication to the contact details you will find in their communications; 
  • third parties who shared your Data with us (e.g., business partners, data brokers) via their e-mail address or your account settings on their platforms.

At any time, you can also contact the VW Legal Representative appointed within your jurisdiction:

  • If you are based in the EU: Vivienne Westwood S.r.l. with registered offices at Corso Venezia 25, 20121 Milano (MI), Italy;
  • If you are based in UK: Vivienne Westwood Ltd., with registered offices at 9-15 Elcho Street, London, England, SW11 4AU.

A request should clearly state and specify which right you wish to exercise. Always indicate the context in which we have obtained your personal data so that we may handle your request swiftly and diligently. Your request should also be dated and signed and accompanied by a digitally scanned copy of your valid identity card proving your identity. We may need to request other specific information from you to help us confirm your identity and ensure your right to access your personal data or to exercise any of your other rights. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
If you remain unsatisfied with our response, you may file a complaint with the competent data protection authority, i.e. the Belgian data protection authority (https://www.dataprotectionauthority.be/).

IF YOU HAVE RESIDENCE IN CHINA, THE FOLLOWING CLAUSES WILL BE APPLIED: 
You understand that your personal data are collected directly by Vivienne Westwood S.r.l. and Vivienne Westwood Ltd. as joint controllers, and your personal data will be stored and processed by foreign processors outside of China. If you do not agree, please do not provide your personal data to us

IF YOU HAVE RESIDENCE IN HONG KONG, THE FOLLOWING CLAUSES WILL BE APPLIED: 

Welcome to Vivienne Westwood’s Privacy Policy
This Policy will help you better understand how we handle your data, for what purposes and how you can control your information. Pursuant to statutory requirements including the General Data Protection Regulation (GDPR), Data Protection Act 2018 and the Personal Data (Privacy) Ordinance of Hong Kong, this Privacy Policy also indicates…

Why we use your Data -- Sending you marketing communications
If you decide to sign up to our newsletter and marketing communications, we use the personal data you provide us with and those collected by third parties (including your name, e-mail, and/or address) in order to send you communications about VW’s fashion products and other related products and the Services we offer, abandoned carts, our newsletter, information about our initiatives and/or to ask you to participate in our surveys, but we can only do so if you consent to this. Users may also be invited to submit personal information in addition to their e-mail address (e.g. gender, country of residence), for the purpose of having their communications personally tailored to their user profile. The main purpose of profiling is to propose products and services and initiatives more suited to the tastes, shopping habits and interests of its customers and this data allows VW to improve the site and personalised the products offered. In some cases, communications may include products or service promotions from selected co-branded companies (without sharing your Data with them). Such communications are sent by VW and may also be customized if we have a legal basis such as consent for the customization of Services, including Content that may be useful to you.  

You can always easily withdraw your consent, free of charge, from receiving newsletters and commercial communications in the following ways:

  • Through your account settings;
  • By clicking on the ‘unsubscribe’ link in any such email received; 
  • By writing to privacy@viviennewestwood.com; and/or
  • By contacting our Customer Service. 

Your data protection rights

You can exercise any of the rights listed above towards: 

  • VW by writing to privacy@viviennewestwood.com
  • one or more Entities, which processed your Data by sending a communication to the contact details you will find in their communications;
  • third parties who shared your Data with us (e.g., business partners, data brokers) via their e-mail address or your account settings on their platforms.

IF YOU HAVE RESIDENCE IN NEW ZELAND, THE FOLLOWING CLAUSES WILL BE APPLIED: 

If you are in New Zealand, in addition to the rights and protections provided elsewhere in this Privacy Policy, you also have the right to a response in relation to your request for access to, or correction of your Data within 20 working days of us receiving the request (this doesn’t include public holidays and the period between 25 December and 15 January).

Asking for your information

You can request your information via email, letter, phone, or in person. You can also use our easy AboutMe (https://www.privacy.org.nz/tools/aboutme-request-my-info-tool/) tool to ask for your personal information. You should keep a record of what you asked for, when you asked, and who you asked for it from. 
In limited circumstances, we may legitimately extend the 20-working day timeframe, and if we do we will tell you why and when we will give you the information. We can also withhold information about you in limited circumstances, and we will tell you why if this case applies.

You can make an urgent request, but you must explain why it is urgent. We may also refuse the request for urgency. If we do, we will give reasons why. We may also transfer your request for information if we aren't the right place to help you. If we do this, the agency or person to whom we direct the request must inform you within 10 working days of receiving the request. 

Consumer rights related to Personal Information Processing

While the New Zealand Privacy Act makes sure your personal information is kept safe and secure online and offline, you also have the following related rights and protections as an individual data subject under New Zealand consumer laws. These protect you when buying from, or sharing your information with, businesses selling in New Zealand and online.

Problem with a product or service - You are covered by the Consumers Guarantee Act if there's a problem with a product or service you bought.
Problems with borrowing money or using credit - The Credit Contracts and Consumer Finance Act protects you when you borrow money or buy products or services on credit.

When a business acts in an unfair or misleading way - If a business acts in an unfair or misleading way, including sales tactics and selling unsafe products, you can be protected by the Fair Trading Act.

Being safe online

There are online safety laws and rules for e-signatures and electronic transactions, plus laws against spam and upsetting digital messages.

Complaints

You can make a complaint to the Information Commissioner of New Zealand here - https://www.privacy.org.nz/your-rights/making-a-complaint-to-the-privacy-commissioner/

IF YOU HAVE RESIDENCE IN SWITZERLAND, THE DATA PROCESSING HAS ANY EFFECTS IN SWITZERLAND OR SWISS DATA PROTECTION LAWS APPLY FOR OTHER REASONS, THE FOLLOWING CLAUSES WILL BE APPLIED 

In addition to the statutory requirements of the GDPR and Data Protection Act 2018, this Privacy Policy is also made pursuant to statutory requirements under the Swiss Federal Data Protection Act of 25 September 2020 ("Swiss DPA") and to the extent data is disclosed abroad, includes information on the name of the state and the safeguards or the applicability of one of the exceptions under the law.

International Transfers: 
VW is a global brand and Our Shops are available in multiple jurisdictions worldwide. This means that your Data may be stored, accessed, used, processed, and disclosed outside your jurisdiction, including within the European Union, United Kingdom and the United States of America. We take steps and have safeguards in place to ensure that the processing of your Data by our Recipients is compliant with the applicable data protection laws, including the UK and the Italian laws to which we are subject and to Swiss law to the extent it is applicable. We have put in place the following safeguards for the disclosure of data to the countries listed above: [Standard Contractual Clauses (SCC’s)]

Your data protection rights: In addition to the information above, please note that to the extent Swiss law applies, the fee mentioned will be raised, if the effort involved is disproportionate.

Also, to the extent Swiss law applies, in accordance with the Swiss DPA we try to reply to all legitimate requests as mentioned above under "Your data protection rights" within thirty days. Please mind that some of your rights may be subject to restriction.

The Swiss supervisory authority is the Federal Data Protection and Information Commissioner (FDPIC), Feldeggweg 1, CH - 3003 Bern.

Definitions: 
To the extent Swiss law applies, terms contained in the Definitions section of this Privacy Policy that are also defined in Art. 5 of the Swiss DPA (Personal Data, Data Controller, Data Processor, Sensitive Data) shall have the meaning as defined in Art. 5 of the Swiss DPA.

IF YOU HAVE RESIDENCE IN THAILAND, THE FOLLOWING CLAUSES WILL BE APPLIED


Definitions:
“PDPA” means the Personal Data Protection Act B.E. 2562 (2019).
“PDPC” means the Personal Data Protection Committee, which acts as the supervisory authority responsible for overseeing the protection of personal information in Thailand.

International Transfers
If you have residence in Thailand, we may transfer your personal data outside Thailand when it meets one of the following conditions in accordance with the PDPA:

  • The destination countries that receive your personal data have an adequate level of data protection as prescribed by the PDPC.
  • The privacy policy regarding transferring your personal data to a foreign-affiliated company or group of undertakings, known as Binding Corporate Rules, has been put in place and certified by the PDPC.
  • The data controller has implemented appropriate protection measures that enable the execution of your rights under the PDPA, including appropriate remedial measures as prescribed by the PDPC.
  • The transfer is for compliance with Thai law.
  • Your consent has been obtained, authorizing the transfer of your personal data to a destination country that have inadequate personal data protection standards.
  • The transfer is necessary to fulfil contractual obligations with you.
  • The transfer is necessary for a contractual agreement between two entities for your benefit.
  • The transfer is required to ensure your safety to prevent further harm to your health when you cannot provide consent at the time.
  • The transfer is necessary for substantial public interest.

Your Data Protection Rights
Apart from the data protection rights mentioned in section “Your Data Protection Rights” above, which include access to your personal data, right to portability, correcting your data, limiting the processing, deleting your data and updating your preferences for processing based on your consent, you also have additional rights concerning your personal data under the PDPA, which are outlined below:

  • Withdrawal of Consent: If you have provided us with your consent to process your data, you have the right to withdraw your consent at any time unless there is a restriction of the withdrawal of consent by law, or the contract that benefits you. The withdrawal of your consent does not affect the legality of the processing carried out based on the consent until the withdrawal.
  • Right to Objection: if we are processing personal data that concerns you on the lawful basis of legitimate interest or for direct marketing purposes, you have the right to object to the processing of your personal data carried out by us or on our behalf.
  • Right to File a Complaint: If you believe that we have not complied with the requirements of the PDPA concerning your personal data, you have the right to lodge a complaint with the PDPC.

At any time, you can also contact the VW Legal Representative appointed within your jurisdiction at privacy@viviennewestwood.com

IF YOU HAVE RESIDENCE IN THE UNITED STATES, THE FOLLOWING CLAUSES WILL BE APPLIED: 

If you reside in the United States, the following provisions supplement the Privacy Policy provisions above if and as applicable.

What data we collect and process. 

Identity data, contact data, and other data you provide may include identifiers, such as name, email address, address, and phone number as well as any account information. Data you may provide may also include employment and education data, such as if you apply for a job, and we use the data to review job applications. Transaction data may include commercial data, such as products or services purchased or considered, financial information, and data under, for example, California Civil Code section 1798.80(e). All processed data are protected and supported in line with an applicable lawful basis for processing. This may include consent, legitimate interest, legal obligations or contracts.
 
For technical and device data, namely data collected through cookies and tracking technologies, you may change your cookie settings in your internet browser and update settings on your device to manage your privacy controls. For more information and ways to opt out of these practices, see our Cookie Policy here.

We do not knowingly collect any personal information about children under the age of 13. If we obtain actual knowledge that we have collected such information, we will delete it. We have no such information to report under the Children’s Online Privacy Protection Act (“COPPA”). We do not have actual knowledge of selling or sharing personal data of consumers under the age of 16.
 

IF YOU HAVE RESIDENCE IN JAPAN, THE FOLLOWING CLAUSES WILL BE APPLIED: 

The Joint Controllers will strictly control any Personal Data received from you held by us, in compliance with the Act on the Protection of Personal Information (the "Act") as well as any relevant laws and ordinances, as follows.

1.    Definition of Personal Data 

"Personal Data" means, in addition to the categories described in Section '3) CATEGORIES OF PROCESSED PERSONAL DATA' above, information about a living individual which: (1) can identify the specific individual by name, date of birth or other written description, etc. (meaning records made up of documents, graphics, or electronic records) contained in such information (including such information as will allow easy reference to other information and will thereby enable the identification of the specific individual), or (2) contains an individual identification code. as set forth under the Act.

2.    Collection of Personal Data 

The Joint Controllers will collect Personal Data by appropriate and fair methods, in compliance with the Act.  In the event Personal Data is acquired directly, either in writing or via the web, we will clarify the purpose of use for such in advance. We will not use any Personal Data obtained in accordance with this Privacy Policy in any manner that could encourage or induce illegal or improper conduct.
Please be advised that, in the event that you do not consent or if you later withdraw your consent to provide your Personal Data to the Joint Controllers, it is possible that all or a portion of the services provided by the Joint Controllers may not be made available to you. 

3.    Purpose of Use of Personal Data

The Joint Controllers will handle Personal Data within the scope of the purposes of use indicated in Section '4) WHY WE USE YOUR PERSONAL DATA - PURPOSES AND LEGAL BASIS' above.

4.    Supervision of Employees/Consignees
In allowing the Joint Controllers' employees to handle Personal Data, the Joint Controllers will provide necessary and appropriate supervision of such employees so as to protect Personal Data.
Further, when the Joint Controllers entrust a third party with the handling of Personal Data, they will make it a condition of such entrustment for the consignee to conduct necessary and appropriate security controls, and will limit the consignee's handling of Personal Data to the scope necessary for the achievement of the purpose of the entrustment, providing necessary and appropriate supervision so as to protect privacy.

5.    Provision to Third Parties

The Joint Controllers will not provide Personal Data to a third party without obtaining the individual's prior consent unless such provision falls under "6. Joint Use" or the cases set forth below:

  • When done so pursuant to laws or ordinances.
  • When necessary for the protection of the life, body, or property of an individual and when it is difficult to obtain the consent of the person.
  • When it is especially necessary for the enhancement of public health or promoting the sound growth of children and when it is difficult to obtain the consent of the person.
  • When it is necessary to cooperate with a national institution, a local public body, or an individual or entity entrusted thereby to execute operations prescribed by laws or ordinances and when obtaining the consent of the person might impede the execution of the operations concerned.
  • When consigning the handling of Personal Data within the scope necessary for the achievement of the purposes of use. 
  • When it is provided as a result of business transfer due to merger or other cause.

6.    Joint Use

There may be cases where the Joint Controllers may jointly use Personal Data they have acquired. In such cases, we will notify customers of the items of the Personal Data to be jointly used, the scope of parties with whom the Personal Data will be shared, the purposes for which those parties will use the Personal Data, and the name of the party responsible for managing the jointly used the Personal Data. All jointly used Personal Data will be managed strictly in accordance with this Privacy Policy and our security control measures.

7.    Transfer of Personal Data to Other Countries/Provision to Third Parties in Other Countries 

The Joint Controllers may transfer Personal Data to countries other than the country in which you originally provided it. In the event the Joint Controllers transfer Personal Data to other countries, Personal Data shall be protected to a standard substantially similar to that set out by this Privacy Policy.

Additionally, in the event that the consignee or the joint user handling the Personal Data qualifies as a 'Foreign Third Party' as specified in Article 28 of the Act, the Joint Controllers shall adopt systems to ensure that the applicable consignee or joint user takes measures that continuously and substantively approximate those measures required to be taken in accordance with the Act and any relevant laws and ordinances.

8.    Links to Other Sites

This Website may contain links to other sites for your convenience and information. Companies not affiliated with the Joint Controllers may operate these sites. Linked sites may have their own privacy policies, which we strongly suggest you review if you visit any linked websites. The Joint Controllers are not responsible for the content of any websites that are not affiliated with the Joint Controllers, any use of those sites, or the privacy practices of those sites.

9.    Security

The Joint Controllers will take reasonable security measures to prevent any unauthorized access to, and loss, destruction, tampering, and disclosure of Personal Data held by the Joint Controllers. As part of necessary remedial measures of technical and physical safeguards for Personal Data, the Joint Controllers uses Secure Sockets Layer (SSL) / Transport Layer Security (TLS) technology to protect the transmission over the Internet of your payment card data. 

The Joint Controllers shall endeavour to maintain that Personal Data is up-to-date and accurate.

If a data breach or other incident involving retained Personal Data occurs, or is deemed likely to occur, we will establish and maintain a system to promptly report the matter to the Personal Information Protection Commission of Japan and notify the affected individuals in accordance with applicable laws and regulations, and will take appropriate action.

10.    Disclosure, Correction, Suspension of Use, etc. of Personal Data

In the event a person or his/her agent makes any request pursuant to Section '8) YOUR DATA PROTECTION RIGHTS' above concerning his/her Personal Data to the Joint Controllers, the Joint Controllers will respond to the request without delay after completing verification in accordance with the method stated below.

Verification procedure:

  • Requests made by you

    The Joint Controllers will verify your identity by examining a copy of a public identification document such as a driver's license, passport, or health insurance card.
     
  • Requests made by your agent

    The Joint Controllers will verify that the individual is your legitimate agent by examining the agent's letter of authorization and seal certificate for your registered seal, or a copy of a public identification document such as both your and your agent’s driver’s license, passport, or health insurance card, in addition to telephone communication made by you.

11.    Anonymized Information
We may create anonymously processed information by processing personal data so that individuals cannot be identified. In such cases, we will publicly disclose, through reasonable means, the categories of personal data included in the anonymously processed information, and we will appropriately manage and implement necessary security measures in accordance with the Act and other applicable laws and regulations.

In addition, when providing anonymously processed information to a third party, we will publicly disclose, through reasonable means, the recipient and the categories of information to be provided.