European Union Privacy Policy
This EU Privacy Policy applies to I Am Group Commerce, LLC’s (aka Appleverse) processing of your Personal Information collected through the Services and/or received from our Licensees. This EU Privacy Policy provides information about, among other things, the categories of Personal Information collected and processed, as well as the purpose of processing and the legal ground the processing is based on. Appleverse advises you to carefully read this EU Privacy Policy.
Terms starting with a capital that are not defined in this EU Privacy Policy, are defined in the Privacy Policy and/or the Terms and also apply to this EU Privacy Policy.
It is important that to read this EU Privacy Policy together with our Privacy Policy so that you are fully aware of how and why we are using your Personal Information. This EU Privacy Policy supplements our Privacy Policy and in the event of a conflict between this EU Privacy Policy and our Privacy Policy, this EU Privacy Policy shall control.
1. Controller details
I Am Group Commerce, LLC, is a limited liability company established in the U.S. with registered offices at 2232 Dell Range Blvd., Suite 245 – 3397, Cheyenne, WY 82009, United States.
With regard to Appleverse’s processing of the Personal Information of EU Residents, the EU General Data Protection Regulation (“GDPR”) applies. Since FMB determines the purpose and means of processing the Personal Information, we qualify as controller as defined in Clause 4(7) of the GDPR. Please note, from this point forward, this EU Privacy Policy uses the term “Personal Data,” which refers to Personal Information, but in the terminology of the GDPR.
2. Services
As set forth in the Terms, among other things, the Services include providing you with information about Appleverse’s Licensees and Appleverse branded products available on each Licensee’s own website.
This means (among other things) that each individual Licensee determines the purpose and means for processing the personal data it collects through their own respective website (or otherwise). Each individual Licensee qualifies as a controller for the processing of these personal data as meant in Clause 4(7) of the GDPR. The privacy policy of the applicable Licensee (and not this EU Privacy Policy or the Privacy Policy) applies to any Licensee’s aforementioned processing of your personal data.
3. Overview of categories of Personal Information and Processing Purposes
Subsection (i) of this Section 3 provides an overview of the categories of Person Data Appleverse collects and further processes and gives you examples of the specific type of Personal Data that fall in each category.
Appleverse has the Personal Data described below because you either provided it to us and/or we received it from our Licensees. The Personal Data you provide to Appleverse can be either actively provided (see subsection (i) Contact data, below) or can be collected automatically (see subsection (ii) Automatically generated data, below). Appleverse may also receive Personal Data about you from our Licensees, but only if the Licensee obtained your prior consent. Please see Sections 3 and 4 for more information on the Personal Data Appleverse receives from our Licensees and the purposes for which such data are processed.
Subsection (ii) of this Section 3 provides an overview of the purposes for which Appleverse processes your Personal Data, the categories of Personal Data we need to process for these purposes, the legal ground on which the processing of your Personal Data is based, as well as a concise explanation regarding all of the above.
(i) Categories of Personal Data
Contact data
This category of Personal Data covers all data Appleverse can use to contact you, such as your email address. The content of any emails you send Appleverse and/or the content of our further correspondence by email or otherwise may contain Personal Data and also falls under this category.
Automatically generated data
This category of Personal Data covers all data that is automatically generated and relates to (a) the device you use to use the Services, such as the ID number of the device, type of browser and the computer system you use, (b) the way you use the Services, such as your IP address, the time you spend on our website and each separate webpage, which links you click and/or which other features of the Services you use, and/or (c) other information on your use of the Internet collected by cookies, such as your IP address.
(ii) Processing Purposes
Purpose: Offering the Services to You
Personal Data: Contact Data, Automatically generated data
Legal ground: necessary for the performance of our agreement with you
Explanation: We have an agreement regarding the use of the Services under the conditions stated in the Terms. In order to perform our agreement and make it possible for you to access and use the Services, Appleverse must engage third party services which requires the transfer your Personal Data to these third parties. This primarily pertains to the transfer of your data to hosting providers (please see Section 4, below).
Purpose: Replying to questions and inquiries
Personal Data: Contact Data
Legal ground: legitimate interest, legal obligations
Explanation: We have a legitimate interest (6.1 (f) GDPR), to process Personal Data in order to reply to your questions and inquiries, because it enables Appleverse to offer you an efficient customer service by replying to your questions and inquiries. The processing of your Personal Data for this purpose is for your benefit and has little to no impact on your privacy.
Purpose: Analysis and evaluation
Personal Data: Contact Data, Automatically generated data
Legal ground: legitimate interest
Explanation: We continuously evaluate and analyze the Services. Based on the outcome of these evaluations and analyses, Appleverse may decide to change the Services, or any part or parts thereof, to keep them working properly and offer you the desired user experience. The outcome of the analyses and evaluations cannot be used to directly or indirectly identify you and therefore no longer qualifies as Personal Information (as meant under Clause 4(1) GDPR).
We have a legitimate interest to process your Personal Data for this purpose because it enables us to tailor the Services to your liking and optimize your user experience. The processing of your Personal Data for this purpose is primarily for your benefit and has little to no impact on your privacy.
Purpose: Assessing and/or complying with requests to exercise your rights
Personal Data: Contact data
Legal ground: legal obligation
Explanation: We have a legal obligation to offer you the possibility to exercise the rights set forth in Section 7. In order to comply with this legal obligation, we need to process the Contact Data in relation to this purpose.
Purpose: Marketing
Personal Data: Contact Data, Automatically generated data
Legal ground: consent
Explanation: We only use your Personal Data for marketing purposes if you have given your prior consent to us or our Licensees for this purpose. If you gave us consent for using certain cookies, we use the Personal Data collected by these cookies to show you advertisements regarding our Licensee’s products on websites of third parties (also see our Cookie Policy and our Cookie Choices widget, which you can launch at any time by clicking on the heart shaped cookie icon located on the bottom right corner of our website).
We also share Personal Data from Licensees with other Licensees so that our Licensees may use these for marketing purposes, provided you gave these Licensees your consent.
Depending on the consent you gave, the information or offers tailored to your interests, can be send to you by email and/or by banners on third party websites including but not limited to the Licensees’ websites. Please see subsection (i) of this Section 3 for more information on the processing of Personal Data received from Licensees.
Purpose: Protecting our rights and interests
Personal Data: Contact Data, Automatically generate data
Legal ground: legitimate interest; necessary to comply with legal obligations
Explanation: We have a legitimate interest to process these categories of Personal Data if we deem this necessary for the protection of Appleverse’s rights and interests. We may need your Personal Data to substantiate a claim we made against a third party or against you and/or to defend ourselves against claims made against us by third parties and/or you.
Depending on the way we need to protect our rights and interest, Appleverse may be legally obligated to transfer Personal Data to a third party. In those situations, Processing Purposes “Complying with legal obligations” applies.
Purpose: Security management
Personal Data: Contact Data, Automatically generated data
Legal ground: necessary to comply with legal obligations, legitimate interest
Explanation: We are legally obligated to take appropriate technical and organizational measures to protect your Personal Data.
If the measures we take in relation to the purpose of security management can not be directly related to this legal obligation, for instance if we transfer Personal Data to a third party in relation to a security audit of our systems, we have a legitimate right to process Personal Data for this purpose because it helps enable us to keep the Services and therefore your Personal Data safe which is for your benefit.
Purpose: Mergers and acquisitions
Personal Data: Contact Data, Automatically generated data
Legal ground: legitimates interest
Explanation: For this purpose, a third party will gain access to the Personal Data, or part or parts of it. Although it cannot be determined beforehand which specific Personal Data are necessary, depending on the circumstances, the third party may need access to all Personal Data, for instance for due diligence purposes.
Purpose: Complying with legal obligations
Personal Data: Contact Data, Automatically generated data
Legal ground: necessary to comply with legal obligations
Explanation: Various legal obligations require us to process your Personal Data, for instance the legal obligation to demonstrate that you have indeed consented to the use of certain cookies that collect Personal Data. Some of these obligations require us to transfer Personal Data at the request of a third party, such as a supervisory authority and/or a court.
4. Third parties
Subsection (i) of this Section 4 relates to the Personal Data we transfer to third parties whereas subsection (ii) relates to then processing of Personal Data we received from third parties. Please note, because our Licensees are under contracts to produce and sell Appleverse branded products on Appleverse’s behalf, our Licensees are not considered third parties under this or any of our privacy policies.
(i) Personal data transferred to third parties
We will not sell your Personal Data to third parties for direct marketing purposes without your prior consent.
However, as follows from Section 2 above, in other circumstances we (are obligated to) transfer your Personal Data, or part or parts thereof, to third parties. All contracts entered into with these third parties contain clauses aimed to protect your Personal Data. Specifically with regard to third parties that qualify as “processors” as defined in Clause 4(8) of the GDPR, we have entered into processing agreements which, among other things, describe the technical and organizational measures implemented by these third parties to protect Personal Data.
While not considered third parties, we transfer Personal Data to Licensees so that Licensees can contact you with regard to their Florence by Mills branded products and services. We will only transfer the Personal Data listed below to our Licensees if you have given us your consent to do so.
Purpose: marketing purposes of Licensees
Personal Data transferred: Contact data, Transaction data
Legal basis: consent
As a principal, we prefer to store Personal Data locally. This means within the European Economic Area (“EEA”) if collected there. However, it is possible that parts of the Personal Data are stored on servers outside the EEA. In that case we will make sure to comply with the applicable legislation and regulations.
Finally, Appleverse can transfer Personal Data to third parties if you have consented to this (Clause 6.1(a) GDPR). You have the right to withdraw consent at any time. We will no longer process the relevant Personal Data as of the time of withdrawal. Please be advised that withdrawal of your consent does not affect the lawfulness of processing based on consent before its withdrawal.
Please be advised that the Services contains links to websites of third parties, such as the websites of our Licensees. Although these websites have been carefully selected, we are not responsible for the processing of your personal data through them. This EU Privacy Policy does not apply to the use of such websites (also see Section 2, above).
(ii) Personal Data received from Third Parties: None.
While not considered third parties, we receive Personal Data from our Licensees so that we can share with our other Licensees so that such other Licensees can contact you with regard to their other Appleverse branded products and services. We will only receive the Personal Data listed below from our Licensees if you have given such Licensee your consent to do so.
Purpose: marketing purposes of Licensees
Personal Data transferred: Contact data, Transaction data
Legal basis: consent
5. Retention of Personal Data
Appleverse does not retain Personal Data longer than necessary for the realization of the purposes for which the Personal Data are collected.
We will delete or anonymize the Personal Data we use for the purposes set forth herein within two (2) years after your last use of the Services, except as set forth herein. For the retention periods of Personal Data collected by using cookies, please consult our Cookie Policy.
Deviations from the above-mentioned retention periods are possible if applicable legislation requires us to retain Personal Data (or part or parts thereof) longer and/or the Personal Data (or part or parts thereof) remain necessary for other Processing Purposes described in Section 3.
6. Security
Keeping your Personal Data safe is important to us. Appleverse has therefore implemented technical and organizational measures to ensure a level of security appropriate to the risk. In this regard we have taken into account (among other things) the state of the art and the nature, scope, context and purposes of the processing of your Personal Data. Examples of these measures are: keeping our Services, software and applications up-to-date by installing updates, upgrades and patches; hosting our central database which contains most Personal Data separately from any other databases; limiting access to Personal Data by only allowing such access on a need-to-know basis; using strong passwords; and performing stress and penetration tests on a regular basis.
7. Your rights
This Section 7 describes your rights when it comes to Appleverse’s processing of your Personal Data under GDPR, and also describes how Appleverse facilitates you in exercising these rights.
Rights of EU Residents
If the GDPR applies to Appleverse’s processing of your Personal Data, you have the following rights:
i) Right of access
Means your right to receive from Appleverse and made available to you, a copy of the Personal Data we process about you.
ii) Right to rectification
iii) Right to be forgotten (right to erasure)
Your right to require us to permanently delete or anonymize (certain) Personal Data about you.
iv) Right to restriction of processing
v) Right to data portability
vi) Right to object
If you wish to exercise any of the rights stated above, you can send a substantiated request by email to: [email protected] or you can do so via our form, located at – https://appleverse.us/gdpr-compliance/.
Before we can start the assessment of your request, Appleverse must be sure of your identity. If Appleverse is unable to establish your identity at first, we are obligated under the GDPR to request further information for the purpose of verifying your identity.
Please be advised that the above-mentioned rights are not absolute. The GDRP stipulates the conditions under which the rights can be invoked. Appleverse can therefore only comply with a request to exercise your rights if we have established that all applicable conditions are met.
Appleverse tries to respond to requests within a reasonable period of time, and normally within one (1) month. However, it is possible that Appleverse will need additional time. If that is the case, Appleverse will inform you thereof before the end of the aforementioned one (1) month period. The additional time will not exceed two (2) months (in total).
8. Cookies
If cookies collect Personal Data, this EU Privacy Policy also applies to the processing of the Personal Data in addition to Cookie Policy.
9. Complaints
If you contact Appleverse with a complaint regarding the processing of your Personal Data and we are unable to resolve this complaint together, as an EU Resident, you can lodge a complaint with the competent national supervisory authority as meant by the definition of supervisory authority concerned in Clause 4(22) of the GDPR.
February 29, 2024