Privacy Policy

1. Purpose of this Notice

 

This notice describes how we collect and use personal information about you, in accordance with the General Data Protection Regulation (“GDPR”), the Data Protection Act 2018 and any other data protection and privacy laws and regulations applicable to us or our processing of your personal information (“Data Protection Legislation”).

This notice describes how we may collect and process information about any data subjects including:

 a) our clients and other people who use our services, including the employees of any clients (referred to for convenience in this notice as “Clients”);

 b) professional or business contacts including the employees of any such contacts (referred to for convenience in this notice as “Contacts”);

 c) our Partners, employees, consultants, workers, work experience students, and job applicants (referred to for convenience in this notice as “Employees”);

 d) our suppliers and service providers and their agents, employees and representatives; and

 e) visitors to our Website.

 

Paragraphs 3, 4 and 0 of this notice contain specific information for different categories of data subjects. The other paragraphs of this notice contain information relevant to all data subjects including the data subject rights described in paragraph 9 of this notice.

 

Our “Website” includes www.simonianjewels.com and any other Websites of Simonian Jewels (“we”or “us”or “Simonian Jewels”).

 

We use cookies on our Website, and this is explained in our Cookie Policy.

 

Please read this notice carefully to understand our practices regarding your personal data and how we will treat it.

 

2. About Us

 

Simonian Jewellery Limited (“we” or “us” or “Simonian Jewels”) is a company registered in England and Wales with registration number 11087546. Our registered address is at 112 Princess Gardens, London, United Kingdom, W3 0LJ.

 

We are registered as a data controller with the Information Commissioner’s Office under the Data Protection Act 2018 with registration number ZA540024.

 

For the purpose of the Data Protection Legislation and this notice, we are the “Data Controller”. This means that we are responsible for deciding how we hold and use personal information about you. We are required under the Data Protection Legislation to notify you of the information contained in this privacy notice.

 

We have appointed a Data Protection Officer (“DPO”) who is responsible for assisting with enquiries in relation to this privacy notice and our treatment of your personal data. If you wish to contact our DPO, please use the contact details in paragraph 12 (Contact Us).

 

3. How we may collect your personal information


All Data Subjects

We will collect and process information about you: (i) when you contact us by email, telephone, post or social media; and (ii) from third parties and/or publicly available resources (for example, from Companies House).

If you submit an enquiry to us then, depending on the nature of your enquiry, we may collect further details from you to understand the context in which you are making the enquiry and/or to understand the legal services that may be of interest to you.

Visitors

We will only collect personal data about you via our Website, apart from your IP address and cookie data, when you contact us to request further information about our legal services or if you apply for a position with us. On various occasions, including through forms on our Website, we may invite or request you to submit your contact details and other information about yourself or your organisation or to send us emails, each of which will identify you.

 

Clients

If you are or become a Client then we will collect and process information about you: (i) when you request a proposal from us in relation to our services; (ii) when you or your employer or other relevant organisation engages us to provide our services; and (iii) during the course of the provision of those services.

 

Contacts

If you are a Contact and you provide us with your professional or business contact details (or other relevant personal data), we will use this in order to keep in touch with you and exchange information that we believe is, or may become, relevant to our and your business or profession.

 

Employees

If you are an Employee, then we will collect and process additional personal information about you as described in your employment contract, our employee policies, and/or any other applicable separate documents provided to you in connection with your position or your application for a position with us.

 4. The kind of information we hold about you


All Data Subjects

The information we hold about you may include the following:

 a) your personal details (such as your name, address and other contact details);

 b) details of any contacts we have had with you in relation to the provision, or the proposed provision, of our services;

 c) details of any services you have received from us;

 d) our correspondence and communications with you;

 e) information about any complaints and enquiries you may have submitted to us;

 f) information from any research or surveys conducted by us in which you may have participated;

 g) information from any marketing activities to which you may have responded or in which you may have participated; and

 h) Information we receive from other sources, such as publicly available information, and information provided by your employer or other relevant organisation.

In some circumstances, we may process special categories of personal data about you, in which case we only process such data in accordance with strict legal parameters. This type of data can include information about your health (including dietary requirements when attending meetings); racial or ethnic origin; religious or political beliefs; trade union membership; sexual orientation; genetic or biometric data; or philosophical beliefs.

 

Employees

If you are an Employee, then we will collect and process additional personal information about you as described in your employment contract, our employee policies, and/or any other applicable separate documents provided to you in connection with your position or your application for a position with us.

 

Clients

If you are a Client then we may collect and process additional information about you relevant to (i) your request for a proposal from us in relation to our services; (ii) your engagement of us to provide our services; (iii) the provision of our services; and/or (iv) the management and administration of the relationship between us; which will be as described in the engagement terms between us. This may include information in order to satisfy our obligations under Anti-Money Laundering Regulations and other legislation applicable to the provision of our services. If you do not provide us with the information we need, we will not be able to provide our professional services for you or the company or other person you represent.

5. How we use information we hold about you

Employees

If you are an Employee, then we will use your personal information for purposes additional to the purposes set out in this notice, as described in your employment contract, our employee policies, and/or any other applicable separate documents provided to you in connection with your position or your application for a position with us.

Clients

If you are a Client, then we will use your personal information for purposes additional to the purposes set out in this notice including in relation to the provision of our services and the management and administration of the relationship between us; which will be as described in the engagement terms between us.

All Data Subjects

We may process your personal data for purposes necessary for the performance of our contract with you, or for steps preparatory to entering into a contract with you, and to comply with our legal obligations.

 

We may process your personal data for the purposes of our own legitimate interests provided that those interests do not override any of your own interests, rights and freedoms which require the protection of your personal data. This includes processing for marketing, business development, statistical and management purposes.

 

We may process your personal data for certain additional purposes with your consent, and in these limited circumstances where your consent is required for the processing of your personal data then (i) we will request such consent from you separately, and (ii) you have the right to withdraw your consent to processing for such specific purposes at anytime.

 

Please note that we may process your personal data on more than one lawful ground depending on the specific purpose for which we are using your data.

Situations in which we will use your personal information 

We may use your information in order to:

a) Carry out our obligations arising from any agreements entered into between you or your employer or other relevant organisation and us (which will most usually be our engagement for the provision of our services);

 

b) Provide you with information related to our services and our events and activities that you request from us or which we feel may interest you, provided you have consented to be contacted for such purposes;

c) Seek your thoughts and opinions on the services we provide; and

d) Notify you about any changes to our services.

In some circumstances, we may anonymise or pseudonymise the personal data so that it can no longer be associated with you, in which case we may use such information without further notice to you.

 

If you refuse to provide us with certain information when requested, we may not be able to perform the contract we have entered into with you. Alternatively, we may be unable to comply with our legal or regulatory obligations. In that case, we may have to cease acting.

 

We may also process your personal information without your knowledge or consent, in accordance with this notice, where we are legally required or permitted to do so.

 

Data Retention

We will only retain your personal data for as long as is necessary to fulfil the purposes for which it is collected.

 

When assessing what retention period is appropriate for your personal data, we take into consideration:

 a) The requirements of our business and the services provided;

 b) The purposes for which we originally collected the personal data;

 c) The lawful grounds on which we based our processing;

 d) The types of personal data we have collected;

 e) The amount and categories of your personal data; and

 f) Whether the purpose of the processing could reasonably be fulfilled by other means.

If you are or become a client (or the company or other person you represent is or becomes a client), we normally retain information related to our engagement (including personal data) for a minimum period after the end of the relevant engagement or client relationship, or for longer where it is necessary for us to do so for compliance with regulatory or other legal obligations, or for the establishment, exercise or defence of legal claims, or where we agree with you to do so. In some cases, it may be necessary for us to retain records indefinitely.

 

Change of Purpose

Where we need to use your personal data for another reason, other than for the purpose for which we collected it, we will only use your personal information where that reason is compatible with the original purpose.

 

Should it be necessary to use your personal data for a new purpose, we will notify you and communicate the legal basis which allows us to do so before starting any new processing.

6. Data Sharing

Why Might you share my personal information with third parties?

We will share your personal information with third parties where we are required by law, where it is necessary to administer the relationship between us or where we have another legitimate interest in doing so including third-party advisers working on the same matter

Which third party service provides process my personal information?

“Third parties” includes third-party service providers. The following activities are carried out by third-party service providers: IT and data storage services, professional advisory services, word-processing, photocopying, translation and other administration services, marketing services and banking services.

All of our third-party service providers are required to take commercially reasonable and appropriate security measures to protect your personal information. We only permit our third-party service providers to process your personal data for specified purposes and in accordance with our instructions.

What about other third parties?

We may share your personal information with other third parties, for example in the context of the possible sale or restructuring of our business, where an external organisations conducts an audit or undertakes quality checks for us, or where sharing with third parties such as counsel or other lawyers, accountants and experts is appropriate in order to provide our services to you. We may also need to share your personal information with a regulator or to otherwise comply with the law. We may disclose your personal information in order to protect our rights or property or those of our clients or others; and this includes exchanging information with other companies and organisations for the purposes of fraud prevention, compliance with anti-money laundering and ‘know your client’ requirements, and credit risk reduction.

7. Transferring information outside the European Economic Area (EEA) 

We will not ordinarily transfer the personal information we collect about you outside of the EEA. However, if any third parties by whom your personal data are to be processed are based outside the EEA so that their processing of your personal data will involve a transfer of data outside the EEA we will ensure a similar degree of protection is afforded to it by ensuring that at least one of the following safeguards is implemented:

 a) we will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.

 b) where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.

 c) where the third parties are based in the US, we may either use the above contracts approved by the European Commission or we may transfer data to them if they are part of the EU–U.S. Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US.

 

Please contact our DPO if you want further information on the specific mechanism to be used by us if we are to transfer your personal data outside of the EEA

8. Data Security 

We have put in place commercially reasonable and appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know.

 

They will only process your personal information on our instructions, and they are subject to a duty of confidentiality.

 

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

9. Rights of Access, Correction, Erasure and Restriction

Your duty to inform us of changes

It is important that the personal information we hold about you is accurate and current. Should your personal information change, please notify us of any changes of which we need to be made aware by contacting us, using the contact details below.

Your rights in connection with personal information

Under certain circumstances, by law, you have the right to:

a) Request access to your personal information. This enables you to receive details of the personal information we hold about you and to check that we are processing it lawfully.

b) Request correction of the personal information that we hold about you.

c) Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).

 d) Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party), and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.

 e) Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example, if you want us to establish its accuracy or the reason for processing it.

 f) Request the transfer of your personal information to another party.

 If you wish to exercise any of the above rights, please click here or email info@simonianjewels.com.

Please note that if you are a registered User and logged in to the Website, you will be able to view the personal data we hold about you - here. You have to be logged-in to see this page, otherwise you will redirected to the "Request Personal Data" page.

 

You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

 

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

 

 10. Right to withdraw consent

In those circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose (for example, in relation to direct marketing that you have indicated you would like to receive from us), you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please email info@simonianjewels.com

 

Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

 11. Changes to this Notice

Any changes we may make to our privacy notice in the future will be notified by publishing an updated version on our Website at www.simonianjewels.com.

 12. Contact Us

If you have any questions regarding this notice or if you would like to speak to us about the manner in which we process your personal data, please email our DPO at info@simonianjewels.com or telephone +961 7696 6180.

 

You also have the right to make a complaint to the Information Commissioner’s Office (ICO: www.ico.org.uk), the UK supervisory authority for data protection issues, at any time. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

 

 13. Interpretation

 

Personal Data (or Data)

Personal Data is defined as any information that, directly or indirectly, or in connection with other information, allows for the identification of a natural person.

 

Usage Data

Information collected automatically through this Website (or third-party services employed in this Website), which can include: the IP addresses or domain names of the computers utilised by the Users who use this Website, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilized to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server's answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system utilized by the User, the various time details per visit (e.g., the time spent on each page within the Application) and the details about the path followed within the Application with special reference to the sequence of pages visited, and other parameters about the device operating system and/or the User's IT environment.

User

The individual using this Website who, unless otherwise specified, coincides with the Data Subject.

Data Subject

The natural person to whom the Personal Data refers to.

Data Processor (or Data Supervisor)

The natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Controller, as described in this privacy policy.

Data Controller

The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data, including the security measures concerning the operation and use of this Website. The Data Controller, unless otherwise specified, is the Owner of this Website.

This Website (or this Application)

The means by which the Personal Data of the User is collected and processed.

Service

The service provided by this Website as described in the relative terms (if available) and on this site/application.

European Union (or EU)

Unless otherwise specified, all references made within this document to the European Union include all current member states to the European Union and the European Economic Area.

Cookies

Small sets of data stored in the User's device. For more information please visit our Cookie Policy.

This notice was last updated on 6th of November 2020.


Additional Information regarding Personal Data

The sale of goods and services online

Personal Data which is collected is utilised to provide the User of the Website with services, including payment, potential delivery and for the sale of product(s).

Personal Data collected to complete the transaction of purchase include details of your credit card and bank account, which have been utilised for the specified transaction. The type of Data collected by this Website is dependent upon the payment systems utilised to complete your order. 

 

Types of Collected Data

The types of Personal Data that this Website primarily collects, either by itself or via third-parties, include the following:

  • First name and last name,
  • E-mail Address,
  • Address (billing & shipping address) & ZIP/Postal Code,
  • Phone number,
  • Date of Birth,
  • Cookies,
  • Usage Data,
  • Geographic position,
  • Username.

When you visit the Site, we automatically collect information about your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device.

As you browse the Website, we collect information about the individual web pages or products that you view, what websites or search terms referred you to the Website, and information about how you interact with the Website.

We collect Device Information using the following technologies:

- We collect data through “Cookies”, which are data files that are placed on your device or computer and often include an anonymous unique identifier. For more information about cookies, please view our Cookie Policy.

- “Log files” track any actions occurring on the Site, and collect data including your IP address, browser type, internet service provider, referring/exit pages, and date/time stamps.

- “Web beacons”, “tags”, and “pixels” are electronic files used to record information about how you browse the Site.

Extensive information and details regarding each type of Personal Data collected are provided in the corresponding sections of this Privacy Policy. Alternatively, explanatory texts will be displayed prior to the Data collection during the use of this Website. Personal Data may be freely provided by the User, or in the case of Usage Data, collected automatically whilst using the services of this Website.

All Data requested by this Website is mandatory. Failure to provide this Data may result in the inability of the Website to successfully function & provide its services. In the circumstance where the Website specifically states that some Data is not obligatory, Users are not obligated to communicate this Data. Users who are hesitant as to which Personal Data is mandatory are welcomed to contact us at their convenience.

Any use of Cookies, or of other tracking tools, by this Website or by the owners of third-party services used by this website, serves the purpose of providing the Service required by the User, in addition to any other purposes described in the present document and in the Cookie Policy.

Users are responsible for any third-party Personal Data obtained, published or shared through this Website and confirm that they have the third party’s consent to provide the Data to the Owner.

Mode and Location of processing the Data

Methods of processing

The privacy of our clients is of utmost importance, consequently we are strongly committed to Data security and take all  appropriate and necessary security measures to prevent any unauthorized access, disclosure, alteration, corruption & destruction of any of our Data.

When you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with AES-256 encryption. However, the transmission of information via the internet is not 100% secure, we follow all PCI-DSS requirements and implement additional accepted industry standards.
Thus, although the we are dedicated to the protection of your Personal Data, the Owner cannot guarantee the security of any Data transmitted to the Website and any such activity is at your own risk.

Data processing is executed by computers and/or IT - enabled tools, following organizational procedures and modes strictly related to the purposes indicated.

Moreover, in some cases, the Owner may appoint certain types of persons in charge that are involved with the operation of this Website. Data may be accessible to these persons (i.e. administration, sales, marketing, legal, system administration) or external parties, (i.e. third-party technical service providers, hosting providers, mail carriers, IT companies, communication agencies) appointed, if necessary, as Data Processors by the Owner. The list of the aforementioned parties may be requested from the Owner at any time.

 

Legal Basis for Processing

The Owner may process the User’s Personal Data if one of the following condition applies:

  • The User has agreed to give consent for one or more specific purposes. Clarification: Under certain legislation, the Owner may be allowed to process Personal Data until the User objects to such processing (“opt-out”), without relying on consent or any of the following legal bases. The aforementioned clarification does not apply whenever the processing of Personal Data is subject to European Data Protection Law;
  • Provision of Data is necessary for the performance of an agreement with the User and/or for any pre-contractual obligations thereof;
  • Processing is necessary for compliance with a legal obligation to which the Owner is subject;
  • Processing is related to a task that is carried out in the public interest or in the exercise of official authority vested in the Owner.
  • Processing is necessary for the purposes of the legitimate interest pursued by the Owner or by a third-party.

In any case, the Owner will gladly assist in the clarification of the specific legal basis that applies to the processing of Data, particularly whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.

 

Location

The Data is processed, at our operating offices and in other places where the parties involved in the processing are located.

Depending on the User’s location, Data transfers may entail transferring the User’s Data to a country other than their own. To learn more about the location of processing of transferred Data, Users can read the section corresponding to the details regarding the processing of Personal Data. Users are also entitled to learn about the legal basis of Data transfers to countries that are not within the European Union. Similarly, users are also entitled to learn about the transfer of data to any international organization governed by international law or set up by two or more countries, such as the United Nations (UN).

Conclusively, it is important for each User to inquire about the security measures taken by the Owner of the website to protect their Data. If any such transfer takes place, Users can inquire for further information by checking the relevant sections of this privacy policy or contact the Owner using the information provided in the contact section.

 

Retention Time of your Personal Data

 

  • Personal Data shall be processed and stored for as long as required; duration is ultimately determined by the purpose of which they have been collected.

  • Personal Data collected for purposes associated with the contract performance between Owner and User shall be retained until such a contract has been fully performed.

  • Personal Data collected for the purposes of the Owner’s legitimate interests shall be retained as long as necessary to fulfill the corresponding purpose. Users have the ability to locate specific information concerning the legitimate interests of the Owner within the applicable sections of this privacy policy or by contacting the Owner directly.

The Owner may be allowed to retain Personal Data for an extended period of time, so long as the User has given consent to such processing. Conclusively, the Owner may be obliged to retain Personal Data for a longer estimated period of time, whenever required to do so for the execution of a legal obligation or upon order of an authority.

Once the retention period expires, Personal Data shall be deleted. Thus, the right to access, the right to deletion, the right to rectification and the right to data portability cannot be enforced after expiration of the retention period.

The purposes of Processing

The Data concerning the User is collected for the allowance of the Owner to provide their services. Data is also collected for the following reasons:

  • Contacting the User;
  • Interaction with external social networks and platforms;
  • Processing online orders;
  • Payment management;
  • Contact Management and message sending;
  • Hosting and backend infrastructure;
  • Location-based interactions;
  • Registration and authentication;
  • Analytics and displaying content from external platforms.

Users are capable of finding further information concerning the abovementioned processes and about specific Personal Data which is used for each purpose in the corresponding sections of this privacy policy.


Detailed information on the processing of Personal Data

Personal data is collected for the following purposes and using the following services:

Analytics

Services contained in this section, relating to the processing of Personal Data, allow the Owner to monitor and analyse web traffic via the computational analysis of data or statistics. Ultimately, it is utilised to examine User behaviour. 

Google Analytics

Google Analytics is a web analytics service offered by Google that tracks and reports website traffic, currently as a platform inside the Google Marketing Platform brand (Google LLC or Google Ireland Limited – depending on the location this Website is accessed from).

Google utilises the Data collected to track and examine the use of this Website, to prepare reports on the activities that are undertaken whilst on the Website, and share them with other Google services.

Google may utilise this Data to contextualise and personalise the ads of its own advertising network.

Personal Data collected:
a) Cookies;
b) Usage Data.

Place of processing:
United States – Privacy policy – Opt Out;
Ireland – Privacy Policy. Privacy Shield Participant.

Contacting the User

Mailing List or Newsletter for this Website

By registering to the mailing list or the newsletter, the User’s email address will be added to the contact list of those who may receive email messages, containing information of a commercial and/or promotional nature, concerning the products and/or services of this Website. Your e-mail address may also be added to this list by way of signing up to the Website, or after making a purchase.

Personal Data collected:
a) First and Last name;

b) Cookies;

c) E-mail address.

Contact Form for this Website

When the User fills in the contact form with their Data, the User is automatically authorising this Website to utilise these details to reply to requests for information, quotes or any other kind of request as indicated by the form’s header.

Personal Data collected:
a) First name & last name;

b) E-mail address;

c) Various types of Data.

Displaying Content from External Platforms

    This type of service allows the User to view content hosted on external platforms, directly from pages of this Website; in addition to the User’s capability of interacting with the content.

    This kind of service may collect web traffic Data for the pages where the service is installed, even when Users do not use it.

     

    External platforms

    Instagram widget (Instagram, Inc.)

    Instagram is a social-networking application for the sharing and image visualization service provided by Instagram, Inc. &, currently owned by Facebook. Instagram allows this Website to incorporate content of this kind on its pages.

    Personal Data collected:
    a) Cookies,

    b) Usage Data.

     

    Place of processing:

    United States – Privacy Policy. Privacy Shield participant.

    Handling Payments

    Payment processing services enable this Website to process payments by credit card, bank transfer or other means. To ensure greater security, this Website shares only the information necessary to execute the transaction with the financial intermediaries handling the transaction. We share the relevant information necessary to verify and authorize your payment card and to process your order. All such organizations are under strict obligations to keep your personal information private and are subject to rigorous data security requirements.

    Upon placement of an order through our Website, we engage with reputable third-party banking and distribution institutions to handle our credit card transactions and order fulfillment. If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After the transaction is complete, your information is deleted. All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit & debit card information by our store and its service providers.

    Some of these services may also enable the sending of timed messages to the User, such as emails containing invoices or notifications concerning the payment.

    PayPal (Paypal Inc.)

    PayPal is a payment service provided by PayPal Inc., which allows Users to make online payments.

    • Personal Data collected:
      Various types of Data as specified in the privacy policy of the service.
    • Place of processing:
      See the PayPal Privacy Policy & GDPR Policy.

     

     

    Shopify Payments (Shopify) powered by Stripe (Stripe Inc.)

    Shopify Payments is a payment service provided by Stripe Inc. Stripe, Inc. which allows Users to complete online payments.

    • Personal Data collected:
      Various types of Data as specified in the privacy policy of the service.
    • Place of processing:
      United States - Privacy Policy & EU - Privacy Policy. Privacy Shield participant.

    Hosting and Backend Infrastructure

      This type of service has the purpose of hosting Data and files that enable this Website to run as well as to provide a ready-made infrastructure to run specific features or parts of this Website. Some of these services work through geographically distributed servers, making it difficult to determine the actual location where the Personal Data is stored.

      Shopify

      Shopify is an E-commerce company and e-commerce platform for online stores and retail point-of-sale systems.

       Personal Data collected:

      • Various types of Data as specified in the privacy policy of the service. Please read the privacy policy to determine what type of Personal Data is collected and under what circumstances.


      Place of processing:
      Canada: Shopify Inc., Privacy Policy.
      Ireland: Shopify International Ltd., Privacy policy.

      Interaction with External Social Networks and Platforms

        This type of service allows interaction with social networks or other external platforms directly from the pages of this Website. The interaction and subsequent information obtained via this Website is always subject to the User’s privacy settings that correspond to each social network. This type of service might still collect traffic data for the pages where the service is installed, even when Users do not use it.

        Pinterest "Pin it" button and Social Widgets (Pinterest)

        The Pinterest “Pin it” button and social widgets are services allowing interaction with the Pinterest platform provided by Pinterest Inc.

        Personal Data collected:
        a) Cookies;
        b) Usage Data.

        Place of processing:
        United States – Privacy Policy.

        Facebook "Like" Button and Social Widgets (Facebook, Inc.)

        The Facebook Like button and social widgets are services allowing interaction with the Facebook social network provided by Facebook, Inc.

        Personal Data collected:
        a) Cookies,
        b) Usage Data.

        Place of processing:
        United States – Privacy Policy. Privacy Shield participant.

         

        Location-based interactions

        This Website has the capability to collect, utilise and also share User location Data (geologication). This is to provide location-based services. Most internet browsers and devices provide tools to opt out from this feature by default.

        If explicit authorisation has been provided, the User’s location data may be tracked by this Website.

        Personal Data Collected:

        • Geographic position.

        Managing Contact and Sending Messages

        This type of service makes it feasible to manage a database of contact information to communicate with the User (i.e. e-mail contacts, phone contacts or any other available form of contact information). 

         
        These services also collect Data concerning the specific date and time of viewing of a message by the User, as well as when the User interacted with it, such as by clicking on links that are included within the message.

        Klaviyo: Marketing Automation (Klaviyo)

         

        Klaviyo is a centralized and cloud-based marketing system that allows e-Commerce marketers to effectively and efficiently target, personalize, monitor and optimize their marketing campaigns, including e-mail and Facebook campaigns.

        Personal Data collected:
        a) First & last name,
        b) E-mail address,
        c) Address,
        d) Business name,
        e) Telephone number,
        f) Credit card information.

        Place of processing:

        United States – Privacy Policy. Privacy Shield participant.
        EU: Data Protection Addendum.

         

        Registration and Authentication

          Users allow this Website to identify them and give them access to dedicated services, upon registering or authenticating. Depending on what is described below, third-parties may provide registration and authentication services. In this case, the Website will be able to access some Data stored by these third-party services, for registration or identification purposes.

          Direct Registration (this Website)

          The User is capable of registering by completing the registration form and providing the Personal Data directly to this Website.

          Personal Data collected:
          a) First & last name,
          b) Date of birth
          c) E-mail address,
          d) Address; billing & shipping address (inclusive of house number and ZIP/Postal Code),
          e) Phone number,
          f) User ID,
          g) Username,
          h) Various types of Data. 

           

          Further information about Personal Data 

          Selling Goods and Services Online

          Personal Data collected is utilised to provide the User of the website with services, including payment and potential delivery, or for the sale of product(s). 

          Personal Data collected to complete the transaction of purchase include details of your credit card and bank account, which have been utilised for the specified transaction. The type of Data collected by this Website is dependent upon the payment systems used.

          The Rights of Users

          Users may exercise certain rights regarding the Data, which is processed by the Owner.
          More specifically, Users have the right to exercise the following rights:

          • Withdraw their consent at any time.

            Users have the right to withdraw their consent, where they have previously given their consent to the processing of their Personal Data.
          • Object to processing of their Data.

            Users have the right to object to the processing of their Data if the processing is carried out on a legal basis other than consent. Further details are provided in the dedicated section below.
          • Access their Data.

            Users have the right to learn if Data is being processed by the Owner, obtain disclosure regarding certain aspects of the processing and obtain a copy of the Data undergoing processing.
          • Verify and Seek Rectification.

            Users have the right to veryify the accuracy of their Data and askfor it to be updated and/or corrected.
          • Restrict the processing of their Data.

            Users have the right, under certain circumstances, to restrict the processing of their Data. In this case, the Owner will not process their Data for any purpose other than storing it.
          • Have their Personal Data deleted or otherwise removed.

            Users have the right, under certain circumstances, to obtain right to the deletion of their Data from the Owner.
          • Receive their Data and transfer it to another controller.

            Users have the right to receive their Data in a structured, commonly used and machine readable format and, if technically feasible, to have it transmitted to another controller without any hindrance. This provision is applicable provided that the Data is processed by automated means and that the processing is based on the User's consent, on a contract which the User is part of or on pre-contractual obligations thereof.
          • Make a complaint

            Users have the right to bring a claim before their competent data protection authority.

              If you are a European resident, you have the right to access Personal Data we hold about you and to ask that your personal information be corrected, updated, or deleted. If you would like to exercise this right, please contact the Owner of the Website.

              Additionally, if you are a European resident we note that we are processing your information in order to fulfil contracts we might have with you (for example, if you make an order through the Website), or otherwise to pursue our legitimate business interests listed above.

              Conclusively, please note that your information will be transferred outside of Europe, including to Canada and the United States.

              Details About the Right to Object to Processing

              Where Personal Data is processed for a public interest, in the exercise of an official authority vested in the Owner or for the purposes of the legitimate interests pursued by the Owner, Users may object to such processing by providing a legitimate reason relating to their particular situation, justifying their objection.

              Users must know, however, that should their Personal Data be processed for direct marketing purposes, they can object to that processing at any time without providing any justification. To learn, whether the Owner is processing Personal Data for direct marketing purposes, Users may refer to the relevant sections of this document.

              How to Exercise these Rights

              Any requests to exercise User rights can be directed to the Owner through the contact details provided in this policy. These requests can be exercised free of charge and will be addressed by the Owner as early as possible and always within one month of notification.

               

              Additional Information about Data Collection and Processing

               

              Legal Action

              The User's Personal Data may be used for legal purposes by the Owner in Court or in the stages leading to possible legal action arising from the improper use of this Website or the related Services. The User declares to be aware that the Owner may be required to disclose personal data upon the request of public authorities.

               

              Additional Information about Users Personal Data 

              In addition to the information contained in this privacy policy, this Website may provide the User with additional and contextual information concerning particular Services or the collection and processing of Personal Data upon request. 

               

              System Logs & Maintenance

              For operation and maintenance purposes, this Website and any third-party services may collect files that record interaction with this Website (System Logs) use other Personal Data (such as IP Address) for this purpose.

              Information not Contained in this Policy

              More details concerning the collection or processing of Personal Data may be requested from the Owner at any time. Please see the contact information at the beginning of this privacy policy.

               

              How "Do Not Track" Requests are Handled

              This Website does not support “Do Not Track” requests.
              To determine whether any of the third-party services found within this Website honours the “Do Not Track” requests, please read their corresponding privacy policies.

              Changes to this Privacy policy

              We reserve the right to make changes to this privacy policy at any time by giving notice to our customers on this page and possibly within this Website and/or, as far as technically and legally feasible - sending a notice directly to customers via any contact information available to the Owner. It is strongly recommended to check this page often, referring to the date of the last modification listed at the bottom. 

              Should the changes affect processing activities performed on the basis of the User’s consent, the Owner shall collect new consent from the User, where required.