Brillr - Data Protection Statement (Privacy Policy)

Date last updated: 2021-06-12

1. General

This Privacy Policy applies to the online platforms Brillr.co online platform is operated by Brillr Limited, a company registered in England and Wales, Company number 13211136. Unless otherwise specified under specific sections, this Privacy Policy applies to all of our Platforms. More details about how to get in contact with us can be found at the end of this Privacy Policy under No. 7.
We take your privacy extremely seriously. All data will be collected, stored and used by us in accordance with the European Union General Data Protection Regulation No. 2016/679 (“GDPR”), other statutory regulations.
The services offered by us via the Website and/or App (jointly "Platform") can function only if we collect, store, transfer, delete and/or otherwise use ("collect and use") specific data relating to you. Personal data means all information relating to an identified or identifiable natural person such as your name, date of birth, address or email address.
This Privacy Policy describes which of your data we collect and for what purposes we collect and use it when you use the services offered by us on the Platform. This Privacy Policy also contains important information on the protection of your data, especially the statutory rights you have in connection with it.
Certain services on our Platform are offered by third-party suppliers. When you use these services, the data protection regulations of the third-party suppliers will then apply in addition to this data protection statement. Prior to your use of such services, the third-party suppliers may require you to provide permission under data protection law.
Under applicable data protection laws, Brillr is obligated to inform you about data processing and Brillr fulfills this obligation within this Privacy Policy. This Privacy Policy and any parts of it are not meant as contractual clauses and do not become part of the general terms and conditions ("GTC") as a contract that is concluded with registered users. Under applicable data protection laws, Brillr can process data that is necessary for the performance of a contract with you or necessary for taking steps at the request of you prior to entering into a contract (Art. 6 (1) (b) GDPR). References to the GTC should at all times be understood as information on data processing (Art. 13 and 14 GDPR) and never as clauses that become part of the GTC. By using the Platform and our services, you enter into a legally binding contract between you and Brillr conditions of which are described in the GTC.

2. Why and how do we collect and use your data?

2.1. To enable you to use the Platform, allow us to provide our services and perform our GTC

We collect and use your personal data to allow you to use our Platform, to provide our services and to perform a contract (GTC) with you and especially to undertake commercial transactions via the Platform, to use the electronic payment system or to leave reviews and communicate with other members. To use these services, you need a Brillr account. For this purpose, you must register as a member on the Website or App.
Most of your personal data are required to perform a contract (GTC) with you. In case you do not provide us with this personal data, we will not be able to conclude and execute a contract (GTC) with you. Part of your data is required to fulfill our legal obligations when you are a member of our Platform. In case you do not provide us with this personal data, we will not be able to comply with legal requirements and provide our services.
This data is also used for the improvement of the Platform in order to make it a better experience for our members (see 2.2.12).
Brillr collects your personal data to allow you to use our Platform, to provide our services and to perform a contract (GTC) with you and keeps it for as long as we keep your Brillr account - for 3 months from the date of deletion of your Brillr account or for 5 years and 3 months of inactivity on your account.

2.1.1. To enable registration on the Platform

When you register as a member on the Platform, you must provide the following data in order to carry out the registration procedure and access your Brillr account:
  • 1. User name (necessary when you register without a Facebook or Google account);
  • 2. Email address;
  • 3. Confirmation that you are aged over 18;
  • 4. your full name;
  • 5. Password (necessary when you register without a Facebook or Google account).
Legal basis for the collection and use of data is the performance of a contract (GTC) to which you are a party or in order to take steps at your request prior to entering into a contract (GTC) (Art. 6 (1) (b) of the GDPR).
We also determine your location at the time of registration to show on your profile. You can at any time choose to change your location (country, city or region) and make your city or region not visible to other members under "My settings" in your Brillr account.
Personal data collected and used for this purpose are kept for as long as we keep your Brillr account – for 3 months from the date of deletion of your Brillr account or for 5 years and 3 months of inactivity on your account.

2.1.2. To authenticate you via Google and Facebook

If you register using your Google Ireland Ltd. (Ireland), Google LLC (USA) (“Google”) or Facebook Ireland Ltd. (Ireland), Facebook, Inc. (USA) (“Facebook”) account or later on decide to connect your Google and/or Facebook account to your Brillr account, you will be transferred from our Website or App to the website of Facebook or Google and asked to enter the log-in details for your Facebook or Google account. 
If you enter your Google log-in details, Brillr will receive from Google the following data from your Google account (you may choose not to provide some data):
  • 1. Profile photo;
  • 2. First name and surname;
  • 3. Google account ID;
  • 4. Email address;
If you enter your Facebook log-in details, Brillr will receive from Facebook the following data from your Facebook account (you may choose not to provide your email address and/or date of birth):
  • 1. Profile photo;
  • 2. First name and surname;
  • 3. Gender;
  • 4. Email address;
  • 5. Date of birth.
The data we obtain from Facebook or Google will be used to set up your Brillr account. This means that we will use the member name of your Facebook or Google account as the member name for your Brillr account so that it will be visible to other visitors to the Website and users of the App. Other data obtained from Facebook or Google will not be visible to anyone on the Platform.
You can at any time undo the link with your Facebook or Google account. This can be done under "My settings" in your Brillr account. If, however, when you initially registered, you did so without linking to your Facebook or Google account, you can create this link later.
Collection and use of data is based on your consent (Art. 6 (1) (a) of the GDPR).
Personal data collected and used for this purpose are kept for as long as we keep your Brillr account – for 3 months from the date of deletion of your Brillr account or for 5 years and 3 months of inactivity on your account.

2.1.3. To enable you to set up your profile information

If you decide to add profile details to the account you create on the Platform, we collect and use the following data when you choose to provide it:
  • 1. Full name;
  • 2. Gender;
  • 3. Date of birth;
  • 4. Profile photo;
  • 5. Whether you have enabled the Holiday Mode;
  • 6. Your favorite items;
  • 7. Information that you choose to provide in the “About You” field.
Your profile photo, information on whether you have enabled the Holiday Mode and the information you provide in the "About You" field are visible to other visitors of the Platform, but the remainder of the data entered by you is not visible.
Legal basis for such collection and use is your consent (Art. 6 (1) (a) of the GDPR).
Personal data collected and used for this purpose are kept for as long as we keep your Brillr account – for 3 months from the date of deletion of your Brillr account or for 5 years and 3 months of inactivity on your account.

2.1.4. To show other members relevant information regarding your activity on the Platform

When you are a registered member on the Platform, we collect, use and make public on the Platform the following information for the purpose of providing other members with the relevant information:
  • 1. Last login date;
  • 2. Verification fact;
  • 3. Number and member names of followers;
  • 4. Number and member names of members followed;
  • 5. Likes.
Legal basis for such collection and use is our legitimate interest to ensure that our members would access important information about each other (Art. 6 (1) (f) of the GDPR). 
Personal data collected and used for this purpose are kept for as long as we keep your Brillr account – for 3 months from the date of deletion of your Brillr account or for 5 years and 3 months of inactivity on your account.

2.1.5. To enable you to list your items

If you list items on the Platform, we will collect and use the following data for the purpose of creating and publishing listings on the Platform (list of required information differs depending on the chosen item category):
  • 1. Item title;
  • 2. Item description;
  • 3. Item category;
  • 4. Item brand;
  • 5. Item condition;
  • 6. Item size;
  • 7. Item color;
  • 8. Item material;
  • 9. Item photos;
  • 10. Information whether the item is unisex;
  • 11. Price;
  • 12. Discount;
  • 13. Information whether an item is marked as reserved;
Legal basis for such collection and use is your consent (Art. 6 (1) (a) of the GDPR). Personal data collected and used for this purpose are kept for 18 months and 7 days of inactivity. Photos are kept for 3 months after the item is deleted.

2.1.6. To enable notifications for you

When you are a registered member on the Platform, we will provide you with notifications regarding your new followers, your favorite items, your activity on the forum and other important messages.
Legal basis for the collection and use of data is the performance of a contract (GTC) to which you are a party (Art. 6 (1) (b) of the GDPR).
Personal data collected and used for this purpose are kept for as long as we keep your Brillr account – for 3 months from the date of deletion of your Brillr account or for 5 years and 3 months of inactivity on your account.

2.1.7. To enable you to communicate with other members

If you communicate with other members on the Platform, we collect and use the following data: 
  • 1. Name of the member you are communicating with;
  • 2. Messages;
  • 3. Date and time of messages;
  • 4. Shared photos;
  • 5. Your device;
  • 6. Information whether another member has seen your message;
  • 7. Other data submitted in messages.
Legal basis for the collection and use of data is the performance of a contract (GTC) to which you are a party (Art. 6 (1) (b) of the GDPR).
Personal data collected and used for this purpose are kept for as long as we keep your Brillr account – for 3 months from the date of deletion of your Brillr account or for 5 years and 3 months of inactivity on your account.

2.1.8. To enable you to leave reviews to other members on the Platform

If you leave reviews to other members, Brillr collect and use the following data for the purpose of making reviews publicly available on the Platform:
  • 1. Review;
  • 2. Star rating;
  • 3. Member name;
  • 4. Date and time of the review;
  • 5. Reply to the review.
Legal basis for such collection and use is your consent (Art. 6 (1) (a) of the GDPR).
You can, at any time, edit or delete your reviews left to other members. 
Personal data collected and used for this purpose are kept for as long as we keep your Brillr account – for 3 months from the date of deletion of your Brillr account or for 5 years and 3 months of inactivity on your account.

2.1.9. To receive reviews from other members

When you receive reviews from other members, we will collect and use the following data for the purpose of making reviews publicly available on the Platform:
  • 1. Review;
  • 2. Star rating;
  • 3. Member name;
  • 4. Date and time of the review;
  • 5. Your reply to the review.
Legal basis for such collection and use is the legitimate interest of our members and Brillr to build trust among Brillr members (Art. 6 (1) (f) of the GDPR). 
Personal data collected and used for this purpose are kept for as long as we keep your Brillr account – for 3 months from the date of deletion of your Brillr account or for 5 years and 3 months of inactivity on your account.

2.1.10. To send you important communication regarding the Platform

If you register on the Platform, we will send you e-mails and messages via the Platform’s messaging system for the purpose of providing important notifications e.g. GTC, Privacy Policy changes.
Legal basis for the collection and use of data is the performance of a contract (compliance with our GTC) to which you are a party (Art. 6 (1) (b) of the GDPR) and compliance with the legal obligations to which Brillr is subject (Art. 6 (1) (c) of the GDPR).
Personal data collected and used for this purpose are kept for as long as we keep your Brillr account – for 3 months from the date of deletion of your Brillr account or for 5 years and 3 months of inactivity on your account.

2.1.11. To send you offers via the Platform’s messaging system

If you register on the Platform, we will send you offers related to Brillr services via the Platform’s messaging system (“Offers”). 
Legal basis for the collection and use of data is our legitimate interest to provide offers to our members (Art. 6 (1) (f) of the GDPR, Art. 13 (2) of Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications), Art. 69 (2) of Lithuanian Law on Electronic Communications).
Personal data collected and used for this purpose are kept for as long as we keep your Brillr account – for 3 months from the date of deletion of your Brillr account or for 5 years and 3 months of inactivity on your account.

2.1.12. To provide you with customer support service

If you send us a query, request or complaint, we will collect and use the following data for the purpose of providing you with customer support services you request on the Platform: 
  • 1. Your profile information;
  • 2. Platform usage information;
  • 3. Transaction information;
  • 4. Shipment information;
  • 5. Communications;
  • 6. Age;
  • 7. Gender;
  • 8. IP address;
  • 9. Session information;
  • 10. Item listings, photos and videos;
  • 11. Inquiries;
  • 12. Other information submitted by you.
The type of information we collect can vary depending on your inquiry.
Legal basis for the collection and use of data is the performance of a contract (GTC) to which you are a party (Art. 6 (1) (b) of the GDPR).
In order to respond to your inquiries, Brillr may provide your data to service partners which provide customer support services.
Personal data collected and used for this purpose are kept for 2 years.

2.1.13. To resolve any purchase-related disputes between members

If you purchase and/or sell and/or swap items on the platform and get involved in a dispute with another member, we will collect and use any of your personal data held by Brillr necessary to solve the dispute.
We base such collection and use on a legitimate interest to settle disputes between our members and defend the rights and interests of Brillr (Art. 6 (1) (f) of the GDPR) and, where relevant, compliance with the legal obligations to which Brillr is subject (Art. 6 (1) (c) of the GDPR).
Personal data collected and used for this purpose are kept for 1 year after a dispute is concluded.

2.1.14. To retain temporarily your deleted account

If you decide to delete your account, we will make reasonable efforts to make sure it is no longer viewable on the Platform and restrict the use of your data. For up to 3 months it is still possible to restore your account if it was accidentally or wrongfully deactivated or in case you change your mind and wish to return to the Platform and take action in case someone else would gain access to your account and delete it without your knowledge. 
Legal basis for such storage of your data is our legitimate of Brillr and our members to restore your account when necessary (Art. 6 (1) (f) of the GDPR) and, where relevant, compliance with the legal obligations to which Brillr is subject (Art. 6 (1) (c) of the GDPR). 
Personal data are kept for this purpose for 3 months from the date of deletion of your Brillr account. After 3 months we delete your account from our Platform. 

2.2. To improve your experience when using the Platform 

We collect and use your personal data in order to improve your experience when using the Platform by enabling you to personalize your feed and search results, providing you relevant suggestions and keeping your previous searches, sending you notifications and otherwise making the use of Platform more pleasant.
A specific applicable legal basis for the collection and use of your data is described in each section below.
This data is also used for the improvement of the Platform in order to make it a better experience for our members (see 2.2.12).

2.2.1. To enable your preferences regarding your feed and search results

If you choose to personalize the items presented to you on the Platform (on item feed, catalog and search results), we will collect and use the following data for the purpose of presenting you a feed personalized according to your preferences:
  • 1. Information whether you are interested in items for women, men or children;
  • 2. Preferred sizes of the items;
  • 3. Preferred brands of the items.
Legal basis for such collection and use is your consent (Art. 6 (1) (a) of the GDPR).
Brillr collects and uses your personal data for this purpose for as long as we keep your Brillr account - for 3 months from the date of deletion of your Brillr account or for 5 years and 3 months of inactivity on your account.

2.2.2. To personalize your feed and search results

We also personalize the item feed by evaluating your preferences according to the following:
  • 1. Gender;
  • 2. Age;
  • 3. Country;
  • 4. Language;
  • 5. Information about your browsing activity on the Platform;
  • 6. Purchasing history;
  • 7. Your preferences.
Legal basis for such collection and use is the legitimate interest of Brillr and its members (Art. 6 (1) (f) of the GDPR) to make the Platform more convenient for our members and, due to personalization, allow you to see offers from other members that might interest you the most.
Brillr collects and uses your personal data for this purpose for as long as we keep your Brillr account - for 3 months from the date of deletion of your Brillr account or for 5 years and 3 months of inactivity on your account.

2.2.3. To prioritize good value items by reputable sellers

In order to determine whether you as a seller offer good value items as a reputable seller we will collect and use the following data of you when you sell your items on the Platform:
  • 1. Number of positive reviews;
  • 2. Information whether the seller has items that are cheaper than 60% of similar items sold on the Platform (similarity is determined according to item category, brand and condition).
We use results to prioritize good value items by reputable sellers when showing items to new members, increase the visibility of items uploaded by members that have chosen the same language as you and/or live in the same country or region, items listed by new members, items that have 3 favorites or more, children’s items that have one or more favorites, items that are bumped, show relevant items on the Platform.
Legal basis for such collection and use is our legitimate interest to prioritize good value items by reputable sellers in order to facilitate sales and member satisfaction on the Platform (Art. 6 (1) (f) of the GDPR).
Brillr collects and uses your personal data for this purpose for as long as we keep your Brillr account - for 3 months from the date of deletion of your Brillr account or for 5 years and 3 months of inactivity on your account.

2.2.4. To suggest you relevant items

If you choose to create item listings on the Platform, we will collect and use data that you provide in the listing (see 2.1.5 above) by analyzing it in order to either offer members that visit your items other relevant items or offer members your items that may be relevant to them.
Legal basis for such collection and use is our legitimate interest to improve the Platform and ensure that our members receive relevant suggestions and search results (Art. 6 (1) (f) of the GDPR).
Brillr collects and uses your personal data for this purpose for as long as we keep your Brillr account - for 3 months from the date of deletion of your Brillr account or for 5 years and 3 months of inactivity on your account.

2.2.5. To improve search results on the Platform

We collect and use data provided in the listings (see 2.1.5 above) about items with no information related to sellers in order to improve search results by evaluating how relevant are certain items to a specific search keyword. For this, we only use the item listing with no link to a particular seller.
Legal basis for such collection and use is our legitimate interest to improve the Platform and ensure that our members receive relevant search results (Art. 6 (1) (f) of the GDPR).
Brillr uses self-employed individuals who provide data analysis services to Brillr. Brillr collects and uses your personal data for this purpose for as long as we keep your Brillr account - for 3 months from the date of deletion of your Brillr account or for 5 years and 3 months of inactivity on your account.

2.2.6. To save your recent searches

In order to help you find previously searched items on the Platform, we save your search keywords. We collect and use the following data for the purpose of providing information about newly listed items on the Platform based on the keyword you were looking for previously:
  • 1. Your search history (last 15 searched keywords);
  • 2. Date and time of your search;
  • 3. Number of newly listed items.
Legal basis for such collection and use is the legitimate interest of our members and Brillr to improve search results on the Platform (Art. 6 (1) (f) of the GDPR). You can delete your search history at any time.
Personal data collected and used for this purpose are kept for as long as the searched keyword is on the list of the last 15 searched keywords unless you delete your search history.

2.2.7. To help you to get more attention to your listings

In case you decide to make orders for extra services, i.e bumps and “Wardrobe Spotlight” in order to get more visibility for your items on the Platform, we collect and use the following data:
  • 1. Your profile information;
  • 2. Extra services you bought;
  • 3. Items you selected for extra services;
  • 4. Duration of extra services;
  • 5. Date and time of extra services you bought;
  • 6. Price of extra services;
  • 7. Payments information;
  • 8. Invoices;
  • 9. Statistics of your items during extra services usage.
Legal basis for the collection and use of data is the performance of a contract (your order for extra features under GTC) to which you are a party (Art. 6 (1) (b) of the GDPR). 
ersonal data are required to perform a contract (GTC) with you. In case you do not provide us with this personal data, we will not be able to conclude and execute a contract (GTC) with you. 
Brillr collects and uses your personal data for this purpose for as long as we keep your Brillr account - for 3 months from the date of deletion of your Brillr account or for 5 years and 3 months of inactivity on your account.

2.2.8. To suggest a price when an item listing is created

If you choose to create an item listing on the Platform, our algorithms will analyze its price in addition to item category, item brand and item condition. We will then use that information to show you pictures and prices of similar items sold in the last three months in order to help you determine the selling price for your item. 
If your chosen selling price is bigger than the price range of similar items sold on the Platform in the last three months, Brillr will also give you a tip regarding the recommended price range. 
Legal basis for such collection and use is our legitimate interest to help our members to choose the right price for their items (Art. 6 (1) (f) of the GDPR).
To achieve the aforementioned functionality, we collect and use pictures and prices of items sold in the last 3 months.  
When you are listing your items, we collect and use the information used to analyze your items for the duration of the item listing process. When you sell items, we collect and use the data mentioned above for 3 months after the item has been sold. 

2.2.9. To enable notifications about your favorite items

If you favorite an item listed by another member on the Platform, Brillr will inform you when your favorite item price is reduced or when the item is sold. For this reason, we will collect and use the following data:
  • 1. Title of the favorite item;
  • 2. Photo of the favorite item;
  • 3. Seller of the favorite item;
  • 4. Price of the favorite item;
  • 5. Information whether a favorite item is sold;
  • 6. Information about reduced price.
Legal basis for such collection and use is the legitimate interest of our members and Brillr to facilitate sales on the Platform (Art. 6 (1) (f) of the GDPR).
Brillr collects and uses your personal data for this purpose for as long as we keep your Brillr account - for 3 months from the date of deletion of your Brillr account or for 5 years and 3 months of inactivity on your account.

2.2.10. To notify sellers when you favorite their items

If you favorite an item on the Platform, Brillr will inform the seller that you have favorited their item.
Legal basis for such collection and use is the legitimate interest of our members and Brillr to facilitate sales on the Platform (Art. 6 (1) (f) of the GDPR).
You can disable the aforementioned notifications by logging in on the Platform, visiting Privacy Settings and changing relevant settings.
Brillr collects and uses your personal data for this purpose for as long as we keep your Brillr account - for 3 months from the date of deletion of your Brillr account or for 5 years and 3 months of inactivity on your account.

2.2.11. To allow you to follow other members

If your followed member listed a new item on the Platform, we will notify you about it.
Legal basis for such collection and use is your consent (Art. 6 (1) (a) of the GDPR).
You can withdraw your consent by unfollowing members.
Brillr collects and uses your personal data for this purpose for as long as we keep your Brillr account - for 3 months from the date of deletion of your Brillr account or for 5 years and 3 months of inactivity on your account.

2.2.12. To improve our Platform

Brillr is committed to the best performance of the Platform. When the Platform is being used, Brillr gathers information about actions performed on the Platform (button clicks, visiting time, notifications read, other information depending on a particular business case) and other data described under 2.1, 2.2, 2.5, 2.6, and 4 of this Privacy Policy in order to help us make decisions on how to improve the Platform and make it a better experience for our members. 
Legal basis for such collection and use is our legitimate interest to maintain performance and improve the Platform (Art. 6 (1) (f) of the GDPR). 
Brillr collects and uses your personal data for this purpose for as long as we keep your Brillr account - for 3 months from the date of deletion of your Brillr account or for 5 years and 3 months of inactivity on your account.

2.2.13. To conduct online surveys

We always look for ways to improve your experience when using Brillr. That is why we might invite you to participate in a survey and use your feedback. For this reason, we collect and use the following data:
  • 1. User ID;
  • 2. Your gender;
  • 3. Your age;
  • 4. Your living area;
  • 5. Your responses to our questions (e.g. your satisfaction with Platform, your needs for Platform, problems that you encounter using Platform).
Legal basis for inviting you to participate in the survey is our legitimate interest to receive feedback from our members and use it to improve the Platform (Art. 6 (1) (f) of the GDPR, Art. 13 (2) of Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications), Art. 69 (2) of Lithuanian Law on Electronic Communications).
If you wish to participate in the survey, the information above will be collected based on your consent (Art. 6 (1) (a) of the GDPR).
For our surveys, we use a service provider Widgix Limited (United Kingdom). We will anonymize your responses after 3 months - this means that the responses will no longer be associated with you.

2.2.14. To conduct on-site interviews

In order to understand our users' needs and improve your experience on the Platform, we conduct on-site interviews with you. For this reason, we collect and use the following data:
  • 1. User ID;
  • 2. Your gender;
  • 3. Your age;
  • 4. Your interests;
  • 5. Your interview audio record;
  • 6. Other data submitted by you during the interview.
Legal basis for inviting you to participate in the on-site interview is our legitimate interest to receive feedback from our members and use it to improve the Platform (Art. 6 (1) (f) of the GDPR).
If you wish to participate in the survey, the information above will be collected based on your consent (Art. 6 (1) (a) of the GDPR).
We will anonymize your responses after 3 months - this means that the responses will no longer be associated with you.

2.2.15. To enable you to share your user journey

We constantly improve our Platform and look for ways to improve your experience when using Brillr. In case where you consent, we enable you to share your user journey through our Platform. We will collect and use the following data: 
  • 1. User ID;
  • 2. Your contact details;
  • 3. Date and time of the survey;
  • 4. Category to which you are assigned (e.g. new member of our Platform);
  • 5. Your screen recording;
  • 6. Your voice recording;
  • 7. Your face recording.
Legal basis for inviting you to participate in the sharing of your user journey is our legitimate interest to receive feedback from our members and use it to improve the Platform (Art. 6 (1) (f) of the GDPR.
If you wish to participate in the survey, the information above will be collected based on your consent (Art. 6 (1) (a) of the GDPR).
We will anonymize your responses after 3 months - this means that the responses will no longer be associated with you.

2.3. To ensure the security of your account and the Platform 

Brillr strives to ensure that the accounts of our members and the Platform itself would be secure and protected from cyber attacks, unauthorized access and other related risks.

2.3.1. To track visits to the Platform for security purposes

When you connect to the Website or App, we collect and use the following data (logfiles), even if you are not logged in to the Website as a member:
  • 1. IP address of your device;
  • 2. Browser used by your device;
  • 3. Content and URLs you connect to;
  • 4. Date and time of your connections.
In the event of access via mobile devices, the following log files are also captured as part of your use of the Brillr App: 
  • 1. Model and manufacturer of your mobile device;
  • 2. Operating system used by your mobile device (iOS, Android).
This data is used for security purposes, especially the prevention of cyberattacks such as data scraps and denial of service attacks and for preventing impermissible multiple applications.
Legal basis for such collection and use is our legitimate interest to protect the Platform and ensure its security and the legitimate interest of our members to ensure the safety of their accounts on the Platform (Art. 6 (1) (f) of the GDPR).
Personal data collected and used for this purpose are kept for 3 months.

2.3.2. To help you avoid using a compromised password

If you decide to register using a password or later on decide to change your password, we will check it against a database of passwords compromised in previous data breaches that happened on other platforms and services. To enable this functionality, we take the password, hash it and then use the first 5 characters of the hash to Have I Been Pwned (https://haveibeenpwned.com/) to search in the compromised password database. 
By performing this check, we can protect your account by confirming if you are using a password that is not known to be compromised. 
Legal basis for such collection and use is our legitimate interest to protect the Platform and ensure its security and the legitimate interest of our members to ensure the safety of their accounts on the Platform (Art. 6 (1) (f) of the GDPR).
We collect and use personal data for this purpose only for the duration necessary to perform the password check.

2.3.3. To verify your account in case of suspicious actions related to your account

If we detect actions on your account that Brillr considers suspicious, we will request you to perform a basic verification – confirm your email, Facebook or Google accounts. For the purpose of performing a basic verification, we will collect and use the following data:
  • 1. Email address; or
  • 2. Information received during Facebook or Google authentication (as described 2.1.2 above).
Legal basis for such collection and use is our legitimate interest to protect the Platform and ensure its security and the legitimate interest of our members to ensure the safety of their accounts on the Platform (Art. 6 (1) (f) of the GDPR).
Brillr collects and uses your personal data for this purpose for as long as we keep your Brillr account - for 3 months from the date of deletion of your Brillr account or for 5 years and 3 months of inactivity on your account.

2.3.4. To carry out phone number verification and 2-step verification

When you decide to apply an additional layer of protection to your account and activate phone verification, we will use your phone number in order to enable this functionality. Legal basis for such collection and use is our legitimate interest to offer our users additional measures to protect their account (Art. 6 (1) (f) of the GDPR).
You may also be requested to verify your phone in case of suspicious activities regarding your account. In that case verification is mandatory and personal data collection and use is based on the performance of a contract (GTC) to which you are a party (Art. 6 (1) (b) of the GDPR). 
When you verify your phone number, Brillr will collect and use your phone number for 2-step verification purposes.
Personal data for mandatory verification are required to perform a contract (GTC) with you. In case you do not provide us with this personal data, we will not be able to conclude and execute a contract (GTC) with you.
In order to carry out phone number verification and 2-step verification, we use a service provider Nexmo Inc. (USA) that enables us to send you verification messages or make verification calls to dictate verification code when you do not verify your phone number in 5 minutes. While this results in your data being shared outside the European Economic Area, the data is protected by the service provider entering into the EU Standard Contractual Clauses for the transfer of data as approved by the European Commission.
Brillr collects and uses your personal data for this purpose for as long as we keep your Brillr account - for 3 months from the date of deletion of your Brillr account or for 5 years and 3 months of inactivity on your account.

2.3.5. To carry out payment source security check

As part of the security process, we request our members to provide verification of their payment source. In order to perform such security checks, Brillr collects and uses the following personal data:
  • 1. Username;
  • 2. When we perform a credit card security check - information contained in a photo of the credit card: full name, card’s expiry date and the last four digits of the card number, other information visible on the front of the card if the member chooses not to cover it;
  • 3. When we perform a bank account security check - information contained in a photo/screenshot of the bank statement listing the most recent charge/charges: date and description of the last Brillr charge, other payment information if the member chooses not to blur out other information.
Legal basis for such collection and use is our legitimate interest to protect the Platform and ensure its security and the legitimate interest of our members to ensure the safety of their accounts on the Platform (Art. 6 (1) (f) of the GDPR).
Personal data collected and used for this purpose are kept for 4 days after the security check is passed.

2.3.6. To carry out PayPal account security check,

As part of the security process, we request our members to verify the ownership of their PayPal accounts when there was no actual charge. As part of this process, Brillr collects and uses the following data:
  • 1. Username;
  • 2. Registration email address;
  • 3. Information in the screenshot(s) of PayPal profile: account holder’s full name, address and other visible data.
As part of the security process, we also request our members that use PayPal to verify the ownership of their PayPal accounts. As part of this process, Brillr collects and uses the following data:
  • 1. Username;
  • 2. Registration email address;
  • 3. Information in the screenshot(s) of the expanded statement of the most recent Brillr order: date, amount, the account holder’s full name, shipping address, and other visible data.
Legal basis for such collection and use is our legitimate interest to protect the Platform and ensure its security and the legitimate interest of our members to ensure the safety of their accounts on the Platform (Art. 6 (1) (f) of the GDPR).
Personal data collected and used for this purpose are kept for 4 days after the security check is passed.

2.3.7. To ensure that listings comply with our Authenticity Policy

For some listings which are reported to us, we collect and use the following data in order to ensure that such listings comply with our Authenticity Policy:
  • 1.  Information provided in the listing (see 2.1.5 above);
  • 2.  Information on the item’s authenticity: photos of e.g. the receipt, certificate, tag, logo, pattern, stitches, original packaging, date code, authenticity code or any other relevant information that would showcase the authenticity of the item.
Legal basis for such collection and use is our legitimate interest to protect the Platform and our members from eventual counterfeit (Art. 6 (1) (f) of the GDPR).
We can share photos of listings and other proofs of authenticity without your personal data with brand owners in order to check some items.
Personal data collected and used for this purpose are kept for 2 years when it is necessary to solve a dispute between our users.

2.3.8. To report suicidal posts

In exceptional cases, where we notice suicidal posts on our platform, we may report them to the police. In such cases we will collect and use and disclose the following data for the purpose of reporting suicidal posts:
  • 1. Username;
  • 2. E-mail address
  • 3. Full name;
  • 4. IP addresses and last logins;
  • 5. Telephone number (if verified);
  • 6. Print screen/link of forum post or thread where the declaration of suicide appears.
Legal basis for such collection and use is the protection of your vital interests (Art. 6 (1)(d) of the GDPR).
Brillr collects and uses your personal data for this purpose for as long as we keep your Brillr account - for 3 months from the date of deletion of your Brillr account or for 5 years and 3 months of inactivity on your account.

2.4. To supervise compliance with and enforce GTC (General T&C)

Brillr actively supervises compliance with and enforce GTC for the purpose of ensuring the security of your account and the Platform. 

2.4.1. To calculate trust score

In order to ensure the security of the Platform and its members, Brillr carries out automated decision-making and gives each member a "trust score" calculated using an algorithm and maintaining a black base of member’s personal data suggesting unlawful activities. The "trust score" indicates the likelihood of misuse of the Platform. 
Our algorithm takes into account members’ comments on a forum, messages to other members, items listed on the platform, transactions, reports on the member by other members, the member's profile and contact information, the member's violations of our GTC, IP addresses, and browser fingerprints, other content the member provides us with. 
Where evaluation of the member reaches certain thresholds, the usage of the platform by the member is restricted or the member is asked to verify his / her telephone number.
Legal basis for such collection and use is our legitimate interest to protect the Platform and its users and ensure its security and the legitimate interest of our members to ensure their safety on the Platform (Art. 6 (1) (f) of the GDPR).
Brillr collects and uses your personal data for this purpose for as long as we keep your Brillr account - for 3 months from the date of deletion of your Brillr account or for 5 years and 3 months of inactivity on your account.

2.4.2. To enforce spam filtering

In order to protect our members and the Platform, we use spam filtering tools. These tools have a list of keywords that are commonly associated with spam. If your messages include the aforementioned keywords, they are stopped by the aforementioned tools and reviewed manually before being sent to other members. 
Legal basis for such collection and use is our legitimate interest to protect the Platform and its users and ensure its security and the legitimate interest of our members to ensure their safety on the Platform (Art. 6 (1) (f) of the GDPR).
Brillr collects and uses your personal data for this purpose for as long as we keep your Brillr account - for 3 months from the date of deletion of your Brillr account or for 5 years and 3 months of inactivity on your account.

2.4.3. To moderate your activity on the Platform

In order to ensure the security of the Platform and its members we regularly moderate your activity on the Platform. We may check your listings automatically or we may check your listings, comments, messages when we receive other members’ or third party’s reports.
If you communicate with another Brillr member via private messages and either you or another member sends us a report or escalates a transaction, we collect and use the information contained in your communication to check for a potential violation of our GTC.
Legal basis for such collection and use is our legitimate interest to protect the Platform and its users and ensure its security and the legitimate interest of our members to ensure their safety on the Platform (Art. 6 (1) (f) of the GDPR).
Brillr collects and uses your personal data for this purpose for as long as we keep your Brillr account - for 3 months from the date of deletion of your Brillr account or for 5 years and 3 months of inactivity on your account.

2.4.4. To issue and enforce warnings

If you as a member violate our GTC or take other actions that result in a warning being issued to you, we collect and use the following data to issue and enforce the warning:
  • Username;
  • Kind of warning received by member;
  • Date of warning received by member.
Legal basis for such collection and use is our legitimate interest to protect the Platform and its users and ensure its security and the legitimate interest of our members to ensure their safety on the Platform (Art. 6 (1) (f) of the GDPR).
Brillr collects and uses your personal data for this purpose for as long as we keep your Brillr account - for 3 months from the date of deletion of your Brillr account or for 5 years and 3 months of inactivity on your account.

2.4.5. To delete or hide items that violate Brillr GTC

If you list items that violate our GTC, we will remove or hide them. However, we will retain deleted listings as proof of the violation. For this purpose, Brillr uses personal data included in the listing as specified under 2.1.5.
Legal basis for such collection and use is our legitimate interest to protect the Platform and its users and ensure its security and the legitimate interest of our members to ensure their safety on the Platform (Art. 6 (1) (f) of the GDPR).
Deleted listings are kept for 30 days after their removal.

2.4.6. To suspend members

If you send too many messages in a short period of time, you may get suspended for 1 to 6 hours. For this purpose, Brillr collects and uses the time and duration of the suspension.
Legal basis for such collection and use is our legitimate interest to protect the Platform and its users and ensure its security and the legitimate interest of our members to ensure their safety on the Platform (Art. 6 (1) (f) of the GDPR).
Brillr collects and uses your personal data for this purpose for as long as we keep your Brillr account - for 3 months from the date of deletion of your Brillr account or for 5 years and 3 months of inactivity on your account.

2.4.7. To enforce bans

If you violate Brillr GTC in a way that results in you getting banned, we will use your ban reason, time and your profile data.
Legal basis for such collection and use is our legitimate interest to protect the Platform and its users and ensure its security and the legitimate interest of our members to ensure their safety on the Platform (Art. 6 (1) (f) of the GDPR).
Personal data collected and used for this purpose are kept for 3 months from the moment you have been blocked.

2.4.8. To enforce IP blocks

If there are signs of cyber-attacks or other risks to the Platform’s security coming from your IP address, we will collect and use your IP address in order to protect the platform by blocking your IP address.
Legal basis for such collection and use is our legitimate interest to protect the Platform and its users and ensure its security and the legitimate interest of our members to ensure their safety on the Platform (Art. 6 (1) (f) of the GDPR).
Personal data collected and used for this purpose are kept for 5 years.

2.5. To enable your payments for items

Payments on the Platform are carried out via payment service providers that provide payment processing and escrow services. Brillr does not offer payments via the
Platform on some of its Platforms, therefore, this chapter of the Privacy Policy is only relevant to certain Brillr Platforms. Furthermore, different payment service providers operate on different Platforms and, as a result, different sections below are relevant depending on the Platform that you use.
Most of your personal data are required to perform a contract (GTC) with you. In case you do not provide us with this personal data, we will not be able to conclude and execute a contract (GTC) with you (Art. 6 (1) (b) of the GDPR). Part of your data is required to fulfill our or our payment service providers’ legal obligations when you are a member of our Platform (Art. 6 (1) (c) of the GDPR). In case you do not provide us with this personal data, we or our payment service providers will not be able to comply with legal requirements and we will not be able to provide our services.
This data is also used for the improvement of the Platform in order to make it a better experience for our members (see 2.2.12).

2.5.1. To allow you to make a purchase and add a bank card for payment purposes

When you add a bank card or purchase an item or our extra services via the Platform, we collect and use the following data for the purpose of allowing you to make payments:
  • Full name;
  • First six and last four digits of your credit card number;
  • Expiration date. When you add a bank card or purchase an item or our extra services via the Platform, the relevant payment service provider (please see 2.5.3, 2.5.4, and 2.5.5 below) receives the following data:
  • Full name;
  • Credit card number;
  • Expiration date
  • Security code (CVV/CVC) number.
Legal basis for the collection and use of data is the performance of a contract (compliance with our GTC) to which you are party (Art. 6 (1) (b) of the GDPR).
Personal data are required to perform a contract (GTC) with you. In case you do not provide us with this personal data, we will not be able to conclude and execute a contract (GTC) with you.
If you agree, we will store your bank card details for future use. Legal basis for such collection and use is your consent (Art. 6 (1) (a) of the GDPR). You can remove the bank card anytime in your payment settings.
Brillr collects and uses your personal data for this purpose for as long as we keep your Brillr account - for 3 months from the date of deletion of your Brillr account or for 5 years and 3 months of inactivity on your account.

2.5.2. To allow you to add a bank account for withdrawal purposes

When you add a bank account for withdrawal purposes, we collect and use the following data for the purpose of allowing you to withdraw money:
  • Account holder’s name;
  • Account number;
Legal basis for the collection and use of data is the performance of a contract (compliance with our GTC) to which you are a party (Art. 6 (1) (b) of the GDPR).
Personal data are required to perform a contract (GTC) with you. In case you do not provide us with this personal data, we will not be able to conclude and execute a contract (GTC) with you.
Brillr collects and uses your personal data for this purpose for as long as we keep your Brillr account - for 3 months from the date of deletion of your Brillr account or for 5 years and 3 months of inactivity on your account.

2.5.3. To implement Know Your Customer (KYC) checks on .co Platform

Whenever you are about to reach a pay-in or pay-out threshold, STRIPE will request you to provide a copy of your passport, ID card or driver’s license, including the provisional license. In that case, we will collect and transfer the following data to the payment service providers in order to allow our payment service provider STRIPE to perform a safety check (so-called Know Your Customer, KYC):
  • Full name;
  • Date of birth;
  • Country;
  • Address;
  • Social security number;
  • Routing No;
  • Bank account No;
  • Personal ID number;
  • Information present on the provided document (exact list depends on the document provided): document number, picture, gender, nationality, date of issue, date of expiry, place of birth, personal code, signature, other information on a particular document.;
This is necessary in order to fulfill our legitimate interest to provide STRIPE with the necessary information for them to comply with the legal obligations to which STRIPE is subject (Art. 6 (1) (f) of the GDPR). 
Personal data collected and used for the aforementioned purpose are kept until this information is transferred to our payment service provider STRIPE.

2.5.4. To issue refunds

If an item that you purchase is never shipped, arrives damaged or not as described and you issue a claim, we collect and use the data used to make a purchase (see 2.5.3, 2.5.4, and 2.5.5 above) for the purpose of issuing a refund.
Legal basis for the collection and use of data is the performance of a contract (GTC) to which you are a party (Art. 6 (1) (b) of the GDPR).
Personal data are required to perform a contract (GTC) with you. In case you do not provide us with this personal data, we will not be able to conclude and execute a contract (GTC) with you.
Transaction data are kept for 13 months from the day of the transaction.

2.5.5. To keep financial records 

If you participate in purchase-sale and/or other transactions when using the Platform, Brillr will collect and use the following data in order to carry out its accounting-related duties:
  • Full name;
  • Address;
  • VAT identification number (where applicable);
  • Value and description of supplied goods and/or services;
This is necessary in order to comply with the legal obligations to which Brillr is subject (Art. 6 (1) (c) of the GDPR).
Financial regulations require us to keep accounting documents that confirm the transactions for 10 years.

2.6. To enable shipment of items purchased on the Platform

Brillr strives to make the shipping of items purchased on the Platform as smooth and convenient as possible by offering shipping methods on the Platform.
Most of your personal data are required to perform a contract (GTC) with you. In case you do not provide us with this personal data, we will not be able to conclude and execute a contract (GTC) with you.
This data is also used for the improvement of the Platform in order to make it a better experience for our members (see 2.2.12).

2.6.1. To enable you to ship or receive items

If you choose to enter your shipping information or when you buy, sell or swap items, we collect and use the following data that you provide for dispatch and shipping purposes:
  • Full name;
  • Country;
  • City;
  • Address;
  • Telephone number;
  • E-mail address;
  • Signature;
  • Address of the drop off point of the parcel;
  • Tracking number of the parcel
  • Confirmation of delivery of the parcel;
  • Other shipping information required by a particular shipping service provider.
Legal basis for the collection and use of data is the performance of a contract (GTC) to which you are a party (Art. 6 (1) (b) of the GDPR).
Personal data are required to perform a contract (GTC) with you. In case you do not provide us with this personal data, we will not be able to conclude and execute a contract (GTC) with you. 
We provide personal data collected and used for this purpose to the following recipients:
  • Seller of the item;
  • If the shipping provider directly integrates its shipping services with Brillr, we also provide the aforementioned data directly to your chosen shipping provider:
Otherwise, it is up to the seller to follow the instructions and provide your data to the shipping provider.
Personal data collected and used for this purpose are kept for 10 years.

2.6.2. To track your parcel

When you buy, sell or swap items on the Platform, we collect and use the following data for shipment tracking purposes:
  • Date and time of delivery of the parcel;
  • Tracking number of the parcel;
  • Address;
  • Location of the parcel;
If we are unable to gather tracking information directly from a particular shipping provider, we provide the aforementioned information to a tracking service provider. Legal basis for the collection and use of data is the performance of a contract (GTC) to which you are party (Art. 6 (1) (b) of the GDPR).
Personal data are required to perform a contract (GTC) with you. In case you do not provide us with this personal data, we will not be able to conclude and execute a contract (GTC) with you.
Personal data collected and used for this purpose are kept for 10 years. 

2.7. To carry out marketing activities

Brillr seeks to involve our members in marketing campaigns and it benefits our members. At the same time, we wish to present you with marketing material that is both relevant and engaging.

2.7.1. To send you marketing emails

You can register for our newsletter and for other marketing emails ("Marketing Emails"). When you register, we will ask you for your permission to use your email address for the purposes of sending you Marketing Emails containing the latest information on our products and services, especially with regard to goods available on the Platform, special offers and marketing campaigns. If you do not give your consent when registering, you can at any time change your mind and agree to receiving Marketing Emails by adjusting the settings on your Brillr account. 
We base such collection and use on your consent (Art. 6 (1) (a) of the GDPR, Art. 69(1) of Lithuanian Law on Electronic Communications).
Your permission for the sending of Marketing Emails can be given and withdrawn by you at any time with future effect. In your Brillr account, you can adjust your settings to choose what emails you wish to receive or disable the sending of any further Marketing Emails. Alternatively, you can click "Unregister" at the end of the Marketing Email. Withdrawal of permission will not affect the lawfulness of collection and use carried out prior to withdrawal of permission.
Brillr collects and uses your personal data for this purpose for as long as we keep your Brillr account - for 3 months from the date of deletion of your Brillr account or for 5 years and 3 months of inactivity on your account or until you withdraw your permission.

2.7.2. To personalize marketing messages

Brillr will use the data used to register you on the Platform (see above under 2.1.1, 2.1.2 and 2.1.3) and related to your Brillr account (see 2.2), the data on your forum activity (see 2.1.10), your log files (see 2.3.1 above) and other means (see 2.7.7) to personalize marketing messages and advertisements presented to you. This means that, with your consent, you will receive marketing messages and advertisements based on your interests and your activity on the Platform. We base such collection and use on our legitimate interest to present you with marketing messages that we consider relevant to you (Art. 6(1)(f) of the GDPR).
You can, at any time, choose not to receive personalized marketing and advertisements by changing relevant settings by going to the Privacy settings page on your Brillr account. Withdrawal of permission will not affect the lawfulness of collection and use carried out prior to withdrawal of permission.
Brillr collects and uses your personal data for this purpose for as long as we keep your Brillr account - for 3 months from the date of deletion of your Brillr account or for 5 years and 3 months of inactivity on your account.

2.7.3. To contact you for publicity and earning opportunities

If you register on the Platform, we may contact you via e-mail or the Platform’s messaging system to offer you to share your content (pictures, videos) on our social media profiles or to participate in our marketing campaigns. This is done in order to ensure that only members that give their consent would be featured on our social media profiles or participate in our marketing campaigns. 
We base such collection and use on our legitimate interest to increase the publicity of you and Brillr or provide you with earning possibilities (Art. 6(1)(f) of the GDPR).
Personal data collected and used for this purpose are kept for as long as we keep data related to your Brillr account - for 3 months from the date of deletion of your Brillr account or for 5 years and 3 months of inactivity on your account. Messages themselves are deleted after 12 months.

2.7.4. To conduct advertisement campaigns involving you

If you consent to participate in our advertisement campaigns, we will use your telephone number to contact you with a proposal to participate in our advertisement campaign and give you more details about the project.
If you sign a contract with Brillr related to the advertising campaign, we will collect and use the following data for the purpose of completing and performing a contract between you and Brillr:
  • Full name;
  • Date of birth;
  • Nationality;
  • Information about your business certificate or individual business activity.
If you provide your address and room photos we will use them to arrive at your place and film the advertisement. If you give your consent, we may also use your name, age, city or story to include them in advertising campaigns.
We base your invitation to participate in our advertisement campaigns on your consent (Art. 6(1)(a) of the GDPR). Your participation in our advertisement campaign is based on a contract between Brillr and you (Art. 6(1)(b) of the GDPR).
This data may be transferred to our partners (advertising agencies, directors) that are responsible for implementing the advertisement campaign.
Personal data for your participation in our advertisement campaign are required to perform a contract (GTC) with you. In case you do not provide us with this personal data, we will not be able to conclude and execute a contract (GTC) with you.
Brillr collects and uses your personal data for this purpose for as long as we keep your Brillr account - for 3 months from the date of deletion of your Brillr account or for 5 years and 3 months of inactivity on your account.

2.7.5. To enable us to post your content on our social media accounts

If you allow us, we will post your content on our social media accounts for marketing and PR purposes. 
We base such collection and use on your consent (Art. 6(1)(a) of GDPR). You can, at any time, give and retract your consent by logging in on the Platform, visiting Privacy Settings and changing relevant settings.
In order to post your content on our social media accounts, we provide data to the following social media platform operators:
  • LinkedIn Ireland Unlimited Company (Ireland);
  • LinkedIn Corporation (USA) (personal data is protected by the service provider entering into the EU Standard Contractual Clauses for the transfer of data as approved by the European Commission);
  • Google Ireland Ltd. (Ireland);
  • Google LLC (USA) (personal data is protected by the service provider entering into the EU Standard Contractual Clauses for the transfer of data as approved by the European Commission);
  • Facebook Ireland Ltd. (Ireland);
  • Facebook, Inc. (USA) (personal data is protected by the service provider entering into the EU Standard Contractual Clauses for the transfer of data as approved by the European Commission).
Brillr collects and uses your personal data for this purpose for as long as we keep your Brillr account - for 3 months from the date of deletion of your Brillr account or for 5 years and 3 months of inactivity on your account or until you withdraw your permission.

2.7.6. To allow you to see personalized advertisements

Brillr will use the data collected via cookies (see 4 below) to personalize advertisements presented to you. This means that, with your consent, you will receive advertisements based on your interests and your activity on the Platform. Namely, Brillr will collect and use the following data:
  • Advertising ID;
  • Information on websites browsed by the visitor - list of pages and products viewed, clicked, put in a basket or bought the Platform;
  • URL of the pages viewed by the visitor (“referrer”), URL of the previous page viewed by the visitor;
  • Technical information related to the browser, device type and operating system version of the visitor (“user-agent”);
  • Timestamp (date, time);
  • F The truncated IP address of the connection;
  • Other information collected by a particular advertisement services provider.
Legal basis to perform this is Art. 61(4) of Lithuanian Law on Electronic Communications. To the extent it involves personal data, we base such collection and use on your consent (Art. 6 (1) (a) of the GDPR).
You can, at any time, choose not to receive personalized marketing and advertisements by changing relevant settings on the Platform. Withdrawal of permission will not affect the lawfulness of the collection and use carried out prior to the withdrawal of permission.
To enable our service providers to show you personalized advertisements, we provide your data to partners which provide personalized advertisement services.
Brillr collects and uses your personal data for this purpose for as long as we keep your Brillr account - for 3 months from the date of deletion of your Brillr account or for 5 years and 3 months of inactivity on your account or until you withdraw your permission.

2.7.7. To evaluate the efficiency of promotional campaigns

When you use the Platform, Brillr analyzes its marketing activities and how you use the Platform (when you register, login, create a listing, sell or swap or purchase something, upload an item’s photo, open our App, register or install the app, etc.) for the purpose of evaluating the efficiency of promotional campaigns, and to better comprehend the behavior of visitors after they have looked at a certain ad and visited our Platform or downloaded our App.
We base such collection and use on our legitimate business interest to evaluate the efficiency of our promotional campaigns in order to improve them (Art. 6 (1)(f) of the GDPR).
In order to carry out the aforementioned evaluating, we use services provided by the following service providers and for this purpose transfer personal data:
  • Facebook (personal data is protected by the service provider entering into the EU Standard Contractual Clauses for the transfer of data as approved by the European Commission);
  • Google (personal data is protected by the service provider entering into the EU Standard Contractual Clauses for the transfer of data as approved by the European Commission).
Brillr collects and uses your personal data for this purpose for as long as we keep your Brillr account - for 3 months from the date of deletion of your Brillr account or for 5 years and 3 months of inactivity on your account.

2.7.8. To manage our social media profiles

If you are interested in our activity and follow our profiles on social media, we collect and use the following data about you in order to manage our social networking sites:
  • Name and surname
  • E-mail address;
  • Gender
  • Country
  • Picture
  • Message
  • Time and date the message was received;
  • Content of the message;
  • Message attachments
  • Response to the message;
  • Time of response to the message;
  • Information about our rating;
  • Comments on a post;
  • Post shares;
  • Information about post reactions.
We base such collection and use on our legitimate interest to manage our social media profiles (Art. 6(1)(f) of GDPR).
In order to manage our social media accounts, we receive and provide data to the following social media platform operators:
  • LinkedIn Ireland Unlimited Company (Ireland);
  • LinkedIn Corporation (USA) (personal data is protected by the service provider entering into the EU Standard Contractual Clauses for the transfer of data as approved by the European Commission);
  • Google Ireland Ltd. (Ireland);
  • Google LLC (USA) (personal data is protected by the service provider entering into the EU Standard Contractual Clauses for the transfer of data as approved by the European Commission);
  • Facebook Ireland Ltd. (Ireland);
  • Facebook, Inc (personal data is protected by the service provider entering into the EU Standard Contractual Clauses for the transfer of data as approved by the European Commission);
Personal data collected and used for this purpose are kept as long as you are registered on a specific social media network.
Joint Controllership with Facebook („page insights”)
Brillr operates a so-called fan page on the social media platform of Facebook. Facebook and Brillr are only jointly responsible for the processing of so-called "insights data" (Art. 26 (1) sentence 1 of the GDPR) insofar as this data is used for the creation of so-called "page insights" and only for the phases of the collection of data from Brillr's fan page until the transmission to Facebook. For other data processing, Brillr and Facebook are separately responsible for data processing.
Within the scope of their joint controllership, Brillr and Facebook have entered into an agreement (so-called "page insights controller addendum"). The agreement covers the data processing that is collected and used in connection with a visit or interaction with our fan page, but only to the extent that this data is also (subsequently) processed for "page insights". "Page insights" includes analysis services that help us to better understand interactions on our site. In this context, we do not receive any personal data from Facebook, but only an anonymous evaluation and illustration. Facebook provides more information on this on its help page for "page insights". The information about data for "page insights" explains how "insights data" is collected and used to create "page insights". This includes the following actions:
  • Views and interactions with a page, post, video, story, or other content associated with a page;
  • Subscribing or unsubscribing to a page;
  • Reactions to a page or a contribution (e.g. "like"; recommendation, share, comment, subscribe, etc.);
  • Hiding a page contribution or report it as spam;
  • Moving the mouse over a link to a page or the name or profile picture of a page to see a preview of the page contents;
  • Clicks on the website, phone number, "route planning" button or any other button on a page;
  • Views of an event of a page, reactions to an event (including the type of reaction), clicks on a link for event tickets;
  • Starting a messenger conversation with the page;
  • Views or clicks on articles in a website shop;
  • IP address as well as other information that is available on your end device in the form of cookies
The processing of the data of the visitors of our fan page serves the purpose of providing the page as well as the statistical evaluation of the use of our page. This evaluation is made anonymous for Brillr. The legal basis for data processing is Art. 6 (1)(f) of the GDPR. Our legitimate interests in the processing of personal data when visiting the site and the creation of the "site insights" consist of presenting the company and the Platform and, for example, contacting members and interested parties and providing information about products and promotions, as well as the collection of data for the creation of anonymous evaluations and illustrations about the use of our fan page.
If you wish to exercise your rights regarding your data (see bullet point 6. below), it would certainly be more effective for you to contact Facebook directly. If you still need help in exercising your rights, you can contact us. In accordance with our agreement, Facebook assumes primary responsibility for fulfilling the obligations for the joint processing of "insights data". This includes fulfilling the following rights:
  • - The right to access (Art. 15 of the GDPR);
  • - The right to ratification (Art. 17 of the GDPR);
  • - The right to restrict processing (Art. 18 of the GDPR);
  • - The right to data portability (Art. 20 of the GDPR); and
  • - The right of objection (Art. 21 of the GDPR).
Facebook provides more details on how to exercise these rights in the "page insights data" information.

2.7.9. To enable you to participate in Brillr’s referrals program

If you refer one or more friends to Brillr’s Platform, you can earn Brillr shopping vouchers. We will collect and use the following data for the purpose of enabling you to participate in Brillr’s referrals program and to provide you with Brillr shopping voucher:
  • Your member name
  • Your referral link;
  • Your invited member profile data;
  • Data and time of the registration of your invited member;
  • Number of items uploaded of your invited member;
  • Date and time of items uploaded;
  • Information on the successful sale of listed items of your invited member;
  • Shopping voucher;
  • Amount of shopping voucher;
  • Expiration of shopping voucher.
  • Legal basis for the collection and use of data is the performance of a contract (GTC) to which you are party (Art. 6 (1) (b) of the GDPR).
Personal data are required to perform a contract (GTC) with you. In case you do not provide us with this personal data, we will not be able to conclude and execute a contract (GTC) with you. 
Brillr collects and uses your personal data for this purpose for as long as we keep your Brillr account - for 3 months from the date of deletion of your Brillr account or for 5 years and 3 months of inactivity on your account.

2.8. For legal purposes

2.8.1. To handle your requests related to personal data 

If you use your statutory rights regarding your data (see 6 below), we will collect and use the data contained in your request in addition to any other personal data held by Brillr for the purpose of examining the request, responding to it and, when necessary, taking necessary action.
In order to respond to requests, Brillr provides your data to service partners which provide data protection officer’s services and consult us on questions of data protection law.
We base such collection and use on a legitimate interest to exercise our members’ rights (Art. 6 (1) (f) of the GDPR).
Personal data collected and used for this purpose are kept for two years from the day we respond to your request.

2.8.2. To provide information to law enforcement and other state institutions

If we have reasonable grounds to suspect that you are involved in illegal activities, we will collect and use necessary data of your profile data (see 2.1), data related to your activities on the Platform (see 2.2) and data collected and used for security purposes (see 2.3 and 2.4) in order to notify the law enforcement and other state institutions.
Brillr also provides the aforementioned data to law enforcement and other state institutions when we receive requests for information in relation to investigations carried out by these institutions.
This is necessary in order to comply with the legal obligations to which Brillr is subject (Art. 6 (1) (c) of the GDPR).
Personal data are required to fulfill our legal obligations when you are a member of our Platform. In case you do not provide us with this personal data, we will not be able to comply with legal requirements.
Brillr collects and uses your personal data for this purpose for as long as we keep your Brillr account - for 3 months from the date of deletion of your Brillr account or for 5 years and 3 months of inactivity on your account.

2.8.3. To defend the rights and interests of Brillr

If you get involved in a dispute with Brillr or we need to carry out enforcement of our GTC or otherwise defend, enforce, exercise, and uphold our rights, we will collect and use all of your personal data held by Brillr to the extent necessary to resolve a particular situation. 
We base such collection and use on a legitimate interest to defend the rights and interests of Brillr (Art. 6 (1) (f) of the GDPR).
Personal data collected and used for this purpose are kept for 1 year following the moment we became aware of the aforementioned circumstances or for the duration of a dispute or legal proceedings, depending on which one of these periods is longer.

3. Recipients of personal data

Brillr transfers or shares personal data with service providers only insofar as necessary and allowed in accordance with applicable laws. Service providers to which your personal data are transferred or shared with for specific purposes are described under 2 above. In addition, we appoint the following service providers that, as a result, receive personal data as recipients of data.
We constantly conduct and improve technical maintenance of the Platform to protect the security and confidentiality of personal data we process and to perform certain business-related functions that help make our services available and functional. For this reason, we transfer your profile data to service providers which provide cloud and hosting services, IT security, maintenance and technical services, communications services:
  • Amazon Web Services, Inc. (USA)  (personal data is protected by the service provider entering into the EU Standard Contractual Clausesfor the transfer of data as approved by the European Commission);
  • Google Ireland Ltd. (Ireland), Google LLC (USA) (personal data is protected by the service provider entering into the EU Standard Contractual Clauses for the transfer of data as approved by the European Commission);
  • Apple Distribution International (Ireland), Apple Inc. (USA) (personal data is protected by the service provider entering into the EU Standard Contractual Clauses for the transfer of data as approved by the European Commission);
  • Microsoft Ireland Operations Limited (Ireland), Microsoft Corporation (USA) (personal data is protected by the service provider entering into the EU Standard Contractual Clauses for the transfer of data as approved by the European Commission);
  • Slack Technologies, Inc. (USA) (personal data is protected by the service provider entering into the EU Standard Contractual Clauses for the transfer of data as approved by the European Commission).
We transfer personal data to attorneys, attorney’s assistants, notaries, bailiffs, auditors, consultants, IT service providers, insurance companies, archiving services that provide services to Brillr.
Additionally, we share data within the Brillr group. Data processed within the Brillr group are transferred to Brillr, UAB (Lithuania) insofar as necessary for the management of Brillr group. 
Brillr is statutorily obligated to provide personal and/or usage data to investigative, criminal prosecution or supervisory authorities if and insofar as required for the avoidance of risk to the public and for the prosecution of criminal acts.
Brillr may share your data with third parties when transferring rights and obligations pertaining to the contractual relationship between you and Brillr to such third parties in accordance with the GTC (available via the link https://www.brillr.co.uk/terms_and_conditions), in particular in the case of the transfer of a sector of activity, a merger through the foundation of a new company, a merger through absorption, de-merger or any change in control affecting Brillr. Prior to such an event Brillr will inform you separately about the details of sharing your data and will obtain your consent where legally necessary.

4. Use of cookies

Brillr uses cookies on the Platform. You can find out more by visiting our Cookie Policy.

5. Right of amendment

As we are constantly developing our services, we reserve the right to change this Privacy Policy at any time subject to the applicable regulations. Any changes will be published promptly on this page. Regardless of the aforementioned, you should check this page regularly for any updates.

6. Your statutory rights regarding your data

6.1. What rights do you have?

Subject to conditions, limitations, and exceptions established by statutory data protection provisions, you have the right at any time:
  • to be informed of the data we collect and use and to request access or demand a copy of the data concerned (right to access). All the data that you have actively provided for us on the Platform (2.1, 2.5, and 2.6) can also be accessed by you at any time in your Brillr account;
  • to demand the correction of inaccurate data and, subject to the nature of the collection and use, the completion of incomplete data (right to rectification). All the data that you have actively provided us with on the Platform (2.1, 2.5, and 2.6) can also be amended by you yourself at any time in your Brillr account (except sent messages and any forum posts or reviews);
  • subject to just cause, to demand the deletion of your data (right to deletion);
  • to demand restriction of the collection and use of your data, provided the statutory criteria are met (right to restrict processing);
  • subject to the statutory criteria being met, to receive the data you have provided in a structured, current, and machine-readable form and to transfer this data to another data controller or, where technically feasible, to have it transferred by Brillr (right to data portability);
  • not to be subject to a decision based solely on automated processing, including profiling, which produces legal or similarly significant effects on you, unless the statutory conditions for such automated decision-making are met;
  • to object to the collection and use of data – only where the collection and use is based on a task carried out in the public interest or in the exercise of official authority vested (Art. 6 (1)(e) of GDPR) or legitimate interest (Art. 6 (1)(f) of GDPR), including profiling, based on the same data collection and use grounds as explained in other sections of this statement (right to object). You also have the right to at any time object to the collection of your personal data for direct marketing purposes;
  • to withdraw at any time any permission you have provided to us. Such withdrawal will not affect the lawfulness of the collection and use carried out prior to withdrawal and based on the permission granted. You can withdraw your permission for the sending of our newsletter by adjusting your Brillr account settings to block the sending of any further Marketing Emails. Alternatively, you can click "Unregister" at the end of the Marketing Email;
  • not to receive discriminatory treatment while exercising your rights. To exercise any of the rights specified in this section, you can contact Brillr and submit your request using the contact details (7 below). Regardless of any other legal remedy, you also have the right at any time to submit a complaint to the supervisory authorities.

6.2. What is My Right to Know about my personal data collected, disclosed, or transferred?

You have the right to request that we disclose certain information to you about our collection and use of your personal data. Once we receive and verify your request we will disclose to you, depending on the nature of your request, personal data we collected about you, the categories of sources for the data we have collected about you, our business or commercial purposes for collecting or sharing that personal information, the categories of third parties with whom we share that personal information, and the specific pieces of personal information we collected about you. As explained above, we may have disclosed personal data to third parties for a business or commercial purpose. Thus, you have the right to know also personal data that we disclosed about you and the categories of third parties to whom the personal data was disclosed.

6.3. What is my Right to Request Deletion of my personal data?

You have a right to request the deletion of your personal data collected and maintained by us in case the information is not used in compliance with applicable laws. Once we receive and verify your request, we will delete (and direct our service providers to delete) your personal data from our records, unless applicable laws do not provide for the deletion of the data in a particular case (for instance, retaining the data is necessary for us or our service provider(s) to complete the transaction for which we collected the personal data, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you, detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities, comply with a legal obligation, make other internal and lawful uses of that data that are compatible with the context in which you provided it).

6.4. What is my Right to Opt-Out of sharing my personal data with ad partners?

We provide Usage Data to advertising partners, which enables us to provide you with interest-based advertising. For more information on interest-based advertising, please see our Cookie Policy. You have a right to direct us to stop sharing your personal data with our ad partners, and to refrain from doing so in the future. If you wish to do so, please adjust the settings accordingly by going to our Cookie Policy.

6.5. How will you verify my request?

Your request must provide sufficient information that allows us to reasonably verify you are the person or an authorized representative of a person whose personal data we have collected (name, surname, your public profile URL, your e-mail, other information we may request for verification purposes), describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it, provide a confirmation under a penalty that you are the individual whose personal data is the subject of the request. If your request is submitted by an authorized agent, a written permission and information that verifies the identity of the agent must be enclosed with the request. We cannot provide you with the information or exercise your other right if we cannot verify your identity or authority to make the request and confirm the information relating to you. In order to verify your identity, we may request you to provide additional information about yourself. We will only use this information and information provided in the request to verify your identity or authority to make the request.

6.6. Can I Use an Authorized Agent?

Sure. You may use an authorized agent to submit a request to opt-out on your behalf if you provide us with the authorized agent written permission to do so. If this is the case, please provide us with a copy of the said permission as instructed under the section ‘How Do I Submit a Request?’ above. We may deny a request from an authorized agent that does not submit proof that they have been authorized by you to act on your behalf. 

7. Our contact details

If you have any queries regarding the collection and use of your data as part of your use of the Platform, or regarding your rights, please contact our data protection officer at
 Brillr address

Brillr data protection officer: Mohammad Meftaur Rahman