Under the GDPR (General Data Protection Regulation) we control and / or process any personal information about you electronically using the following lawful bases.
If, as determined by us, the lawful basis upon which we process your personal information changes, we will notify you about the change and any new lawful basis to be used if required. We shall stop processing your personal information if the lawful basis used is no longer relevant.
Under the GDPR your individual rights are as follows.
● the right to be informed;
● the right of access;
● the right to rectification;
● the right to erasure;
● the right to restrict processing;
● the right to data portability;
● the right to object; and
● the right not to be subject to automated decision-making including profiling.
SECTION 1 - PERSONAL INFORMATION COLLECTED
We may collect two types of data and information from you:
The first type of information is non-identifiable and anonymous information (“Non-personal information”). We are not aware of the identity of the User from which we have collected Non-Personal Information. Non-Personal Information is any unconcealed information which is available to us while Users are using the Sites. Non-personal Information which is being gathered consists of technical information and behavioural information, including, but not limited to, the operating system, type of browser, screen resolution, the period of time the User visited the Site, etc.
The second type of information is individually identifiable information (“Personal Information”). This information may identify an individual or may be of a private and/or sensitive nature. Personal information which is being gathered consists of any personal details provided consciously and voluntarily by the User including name, email, address, IP address and other unique identifiers and any other information you choose to provide to the Website.
As customers, you do not have any legal obligation to provide any information to the Website. However, we require certain information from you in order to operate properly, including completing a transaction on your behalf. Login credentials (email and username) enable us to personalize and improve our services. You hereby agree and acknowledge that any Personal Information you do provide to us is provided at your own free will, for the purposes mentioned in this Privacy Notice and that we may keep such Personal Information in a database(s) which will be registered and kept in accordance with applicable laws and regulations.
We retain personal information no longer than is legally permissible and delete personal information when it is no longer necessary for the purposes set out in this policy.
SECTION 2 - HOW PERSONAL INFORMATION IS COLLECTED
PERSONAL DATA YOU PROVIDE TO US
We collect Personal Information when you register and open an account with the Website by completing the registration form. We receive and store any information you enter on the Services or provide to us in any other way. The types of personal data collected may include your full name, email address, IP address, browser information, username, password, home and billing address, shipping address, credit card information and any other information necessary for us to provide the Services, including the usernames and passwords for your accounts and profiles on third-party sites with which the Services interoperates.
We will collect details of transactions you carry out through our Services and of the fulfilment of your orders. If you contact us, we may keep a record of that correspondence.
You can choose not to provide us with certain information, but then you may not be able to take advantage of many of our features (see section 9 below for further information on the choices you have).
PERSONAL DATA COLLECTED AUTOMATICALLY
a. We receive and store certain types of information whenever you interact with our Sites or use another feature of our Service. In other words, when you are using the Sites we are aware of it and may gather, collect and record the information relating to such usage, either independently or through the help of third-party services as detailed below. The Website automatically receives and records information on our server logs from your browser including your IP address, certain cookie information and the page you requested.
b. More generally, our Services automatically collect usage information, such as the numbers and frequency of visitors to our Services and its components. The Website only uses this data in aggregate form, that is, as a statistical measure, and not in a manner that would identify you personally. This type of aggregate data enables us to figure out how often customers use parts of the Services or another feature of the Content so that we can make the Services appealing to as many customers as possible and improve the Content. As part of this use of information, we may provide aggregate information to our partners about how our customers use our Content. We share this type of statistical data so that our partners also understand how often people use our Content, so that they, too, may provide you with an optimal online experience. Again, the Website never discloses aggregate information to a partner in a manner that would identify you personally, unless it needs to in order to complete a transaction on your behalf. The Website only discloses information to third parties it trusts.
We often receive a confirmation when you open an email from the Website if your computer supports this type of program. The Website uses this confirmation to help us make emails more interesting and helpful.
Depending on your email notification settings, we may send you instant or weekly blog post updates, weekly product recommendations and other marketing emails that include new products or discounts you may be interested in. You can choose to stop getting these updates at any time by opting out for promotional emails using the unsubscribe link in the emails, updating your account settings or through other settings we may provide for this purpose.
SECTION 3 - WHY PERSONAL INFORMATION IS COLLECTED
Non-personal Information is collected in order to:
Create aggregated statistical data for research purposes and customisation and improvement of the Sites
Personal Information is collected in order to:
Operate the Services
Communicate with you about your orders, as well as products, services and promotional offers
Administer your accounts and update our records
Improve our Services and platform, prevent or detect abuses of our Services and enable third parties to carry out technical, logistical or other functions on our behalf
Be able to contact you for the purpose of providing technical assistance, sale reminders and other related information to the Services and collect feedback
For market research, troubleshooting problems, detecting and protecting against error, fraud or other criminal activity
To provide to third-party contractors
For risk control, for fraud detection and prevention, to comply with laws and regulations, and to comply with other legal process and law enforcement requirements
SECTION 4 - DISCLOSURE
We may disclose your personal information if we are required by law to do so or if you violate our Terms of Service.
SECTION 5 - THIRD-PARTY SERVICES
In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.
However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.
For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.
In particular, remember that certain providers may be located in or have facilities that are located a different jurisdiction than either you or us. So, if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
PAYPAL INTEGRATED CHECKOUT
OTHER THIRD PARTIES
We may share your information with third parties when you explicitly authorize us to share your information. Additionally, the Website may use third-party service providers to service various aspects of the Website. Each third-party service provider’s use of your personal information is dictated by their respective privacy policies.
This list may be amended from time to time in the Website’s sole discretion. At this time, your personal information is not shared with any other third-party applications other than the following third-party service providers:
Google Analytics: IP address; used for tracking Website usage and provides information such as referring websites and user actions on the Website - https://policies.google.com/privacy?hl=en
Facebook Pixel: IP address; provides information about how users are responding to Facebook ads - https://www.facebook.com/privacy/explanation
EMAIL MARKETING MESSAGES & SUBSCRIPTION
Under the GDPR we use the consent lawful basis for anyone subscribing to our newsletter or marketing mailing list. We only collect certain data about you, as detailed in the "Processing of your personal data" above. Any email marketing messages we send are done so through an EMS, email marketing service provider. An EMS is a third party service provider of software / applications that allows marketers to send out email marketing campaigns to a list of users.
Email marketing messages that we send may contain tracking beacons / tracked clickable links or similar server technologies in order to track subscriber activity within email marketing messages. Where used, such marketing messages may record a range of data such as; times, dates, I.P addresses, opens, clicks, forwards, geographic and demographic data. Such data, within its limitations will show the activity each subscriber made for that email campaign.
Any email marketing messages we send are in accordance with the GDPR and the PECR. We provide you with an easy method to withdraw your consent (unsubscribe) or manage your preferences / the information we hold about you at any time.
USER PROFILES AND OTHER INFORMATION YOU POST PUBLICLY
User profile information including your username, name, email address, and other information you enter (“User Submissions”) may be displayed to other users to facilitate user interaction within the Services. Any personal data or content that you voluntarily disclose online (in comment areas, etc.) become publicly available and can be viewed, collected and used by others. Any images, captions, physical descriptions, personal interests or other content that you submit to the Services may be redistributed through the Internet and other media channels and may be viewed by the general public.
Please be aware that whenever you voluntarily post information to public areas on the Services or any other public forums, such information can be accessed by the public.
If the Website, or substantially all of its assets were acquired in the unlikely event that the Website goes out of business or enters bankruptcy, customer information would be one of the assets that is transferred to or acquired by a third party. You acknowledge that such transfers may occur, and that any acquirer of the Website may continue to use your Personal Information as set forth in this policy.
PROTECTION OF THE WEBSITE AND OTHERS AND A TRANSFER IN THE OWNERSHIP OF THE WEBSITE
We may release personal data when we believe in good faith that release is necessary to comply with the law, regulation or legal request; enforce or apply our conditions of use and other agreements; or protect the rights, property, or safety of the Website, our employees, our users, or others. This includes exchanging information with other companies and organizations for fraud protection and credit risk reduction. You agree that we may also share your data with entities where the Website is engaged in a merger, acquisition, bankruptcy, dissolution, reorganization, or similar transaction or proceeding that involves the transfer of the information described in this policy.
WITH YOUR CONSENT
By using the Services, you consent to our sharing of personal data for the above purposes.
For the avoidance of doubt, the Website may transfer and disclose Non-personal information to third parties at its own discretion.
SECTION 6 - SECURITY
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards. Our methods meet the GDPR compliance requirement.
The personal data in the Website account you have with us is protected by a password for your privacy and security. You need to ensure that there is no unauthorised access to your account and personal data by selecting and protecting your password appropriately and limiting access to your computer and browser by signing off after you have finished accessing your account. You are responsible for safeguarding the password that you use to access the Services and for any activities or actions under your password. The Website encourages you to use “strong” passwords (passwords that use a combination of upper and lower case letters, numbers and symbols) with your account. The Website cannot and will not be liable for any loss or damage arising from your failure to comply with the above requirements.
SECTION 7 – COOKIES
A cookie is a small amount of information that’s downloaded to your computer or device when you visit certain websites. We use a number of different cookies on our website, including strictly necessary, performance, advertising, and social media or content cookies. Cookies make your browsing experience better by allowing the website to remember your actions and preferences (such as login and region selection). This means you don’t have to re-enter this information each time you return to the site or browse from one page to another. Cookies also provide information on how people use the website, for instance, whether it’s their first time visiting or if they are a frequent visitor.
Some cookies are required to enjoy and use the full functionality of this website.
Cookies will be saved for specific time periods, where others may last indefinitely. Your web browser should provide you with the controls to manage and delete cookies from your device, please see your web browser options.
SECTION 8 – THIRD PARTY WEBSITES
We will take care to maintain appropriate safeguards to ensure the security, integrity and privacy of the information you have provided us with. We encrypt your information to protect it from unauthorised use. In addition, we will take reasonable steps to ensure that third-party business partners to whom we transfer any data will provide sufficient protection of that personal data.
To help ensure that your shopping experience is safe, simple and secure, we use Secure Socket Layer (SSL) technology.
SECTION 9 – ACCESS TO PERSONAL DATA
The Website allows you to access the following information about you for the purpose of viewing, and in certain situations, updating that information: your name; user email address; telephone number; username and password; profile picture; bio; website; user preferences and notification; zip- and/or post-codes, billing address, and payment information.
The information you can access will change as the Services change. If you are a registered user of the Website, you can change or delete any saved payment card details and add or edit shipping and billing address information.
The General Data Protection Regulation (the "GDPR") gives you the right to access information held about you. For any request or question regarding obtaining a copy of personal data we hold relating to you, and/or correction or deletion of your personal data, and/or object to any processing of your personal data, you can submit a Subject Access Request by emailing us at email@example.com. We will respond to your access and/or correction request within 30 days.
However, please note that although your Personal Information may be removed from our databases, the Website will retain the anonymous information contained in the data you provided, and such information will continue to be used by us for statistical purpose.
SECTION 10 – DATA RETENTION
After a request from a User to delete any data, an automated process will begin that permanently deletes the relevant data. Once begun, this process cannot be reversed and data will be permanently deleted. Any data which is not deleted shall be kept in an anonymized manner.
As a registered User you can always view, access, change and delete your information by logging into your account.
Similarly, the Website collects and retains usage data, other metadata and statistical information concerning the use of the Service are not subject to the deletion procedures in this Notice and may be retained by the Website. Some data may be retained also on our third party service providers’ servers.
SECTION 11 – DATA CHOICES
As set out above, you can always opt not to disclose information, even though it may be needed to take advantage of the Services.
You are able to add or update certain information on pages, such as those listed in section “SECTION 9 - ACCESS TO PERSONAL DATA” above. When you update information, however, we often maintain a copy of the unrevised information in our records.
Once the Website accounts are activated, you may request deletion of your account by following the instructions at the Account Settings section of the Services. Please note that some information may remain in our records after deletion of your account.
When you register for an account at our Services, you consent to receive certain email or other communications from us; if you do not wish to receive any such communications, you should not register for an account at our Services. We may also use your data to provide you with information about products and services which may be of interest to you, directly or on behalf of one of our business partners.
You can, however, change the type and frequency of the emails you receive from us at any time by changing your email settings or by unsubscribing from such emails.
Most mobile devices provide users with the ability to disable location services. These controls are usually located in the device's settings menu. Please contact your mobile service carrier or device manufacturer if you have questions about how to disable your device's location services.
Please note that if you choose not to receive legal notices from us, such as this policy, those legal notices will still govern your use of the Services, and you are responsible for reviewing such legal notices for changes.
SECTION 12 - AGE OF CONSENT
The Services are not designed for use by children under 18 years old we do not knowingly market or sell products to children. Children under 18 are not allowed to register with or use the Services or submit personal data through the Services. We do not knowingly collect personal data from anyone under the age of 18. If we discover that we have collected personal information from a child under 18, we will delete that information immediately and cancel any orders placed.
QUESTIONS AND CONTACT INFORMATION
If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information please contact us at firstname.lastname@example.org
Last Updated: 26th of November 2019