We are committed to protecting and respecting your privacy. This notice describes what personal data we collect, how we will use that data and how we keep your data safe.
Who is the data controller?
The data controller for any personal data we hold about you is Maria Shebets.
We are responsible for ensuring that your data is held securely, that you are given accurate information about how your data is used, and that your rights regarding your data are respected. The products we sell are not aimed specifically at individuals under the age of 18, we do not promote our products to this market and we cannot identify individuals of this age and under, on our database.
What personal data do we process?
We collect data from you when you visit our website. The data we collect includes your name, email address, telephone number and shipping/billing address. Data is collected when you place an order, register with us, opt in to our marketing communications, browse our site and use other services offered by our site. The data we collect is used to take your order, process payment and deliver your purchase to you. We also use it to deliver marketing communications.
If you have given your consent to our use of your personal data, you are entitled to withdraw this consent at any time.
Who will process your data?
Your personal data will be processed by our internal staff. Your personal data may also be transmitted to third parties that we use to provide our services; these parties have been rigorously assessed for the way in which they manage personal data and may only use your data for the exact purposes that we specify in the contract with them.
The third parties in question belong to the following categories:
Companies such as payment service providers that help us to process your order.
Companies that help us to deliver your purchases such as couriers and parcel delivery companies who deliver your goods.
Professional service providers, such as email delivery suppliers, IT software providers, marketing and research agencies, analytics companies and website hosts who help us to run our business.
Credit reference agencies, law enforcement and fraud prevention agencies, so we can help tackle fraud.
Governmental bodies and regulators to comply with our legal obligations.
Data transfer outside of the EU
Some of the third parties listed in the previous section 'Who will process your data?' may be located in countries outside the European Union (EU) or European Economic Area (EEA) that nevertheless offer an adequate level of data protection, as established by specific decisions of the European Commission.
The lawful transfer mechanism of your personal data to countries that do not belong to the EU or EEA and that have not been assessed as offering adequate levels of protection will be performed only
- after Standard Contractual Clauses have been put in place alongside any supplementary measures that are deemed necessary on a case-by-case basis;
- if the transfer is necessary for the purchase of goods offered on our website or for registration on the website or use of services on the website;
- for the management of your requests or fulfilment of a legal obligation.
How long do we keep your data?
We keep your personal data for a limited period of time in line with our data retention policy. The specific retention period will vary according to the reason for processing your personal data. After this period, your data will be permanently erased or otherwise irreversibly rendered anonymous.
You have the following rights under data protection law:
The right to request a copy of the personal data that we hold about you.
The right to ask us to correct any inaccuracies in the personal data we hold about you.
The right to withdraw your consent to marketing.
The right to object to our processing of your personal data on the basis of our legitimate interest.
The right to request the deletion of your personal data in certain circumstances.
To exercise any of these rights, you can contact us at firstname.lastname@example.org.
We are committed to taking appropriate technical, physical and organisational measures to protect personal information against unauthorised access, unlawful processing, accidental loss or damage, and unauthorised destruction.
Changes to this policy