§ Explains which types of personal data we collect from you when you visit and use our website(https://www.essentaroma.com)(“ESSENTAROMA Website”) which includes our e-store (“ESSENTAROMA e-Store”) and when you otherwise interact with us online or offline;
§ Addresses when, how and why your personal data is collected, processed and shared with third parties in the above instances;
§ Informs you on your privacy rights, options and protection in line with the applicable data protection and privacy laws.
ABOUT THE DATA CONTROLLER
The data controller responsible for your personal data is PAJTEK LIMITED, a limited liability company incorporated in Cyprus which engages in e-commerce for “ESSENTAROMA” branded aromatherapy products and natural remedies through the ESSENTAROMA Website and the ESSENTAROMA e-Store.
Our full details
§ Full name of data controller: PAJTEK LIMITED
§ Company registration number: HE383650
§ Registered office address: 1 Nikis & Kastoros, Floor 1, 1087 Nicosia, Cyprus
§ E-mail address: firstname.lastname@example.org
§ Telephone No. +357 97849323
Data Privacy Contact
§ Contact name: Alina Pasarel
§ E-mail address: email@example.com
§ Telephone No.: +357 97849323
PERSONAL DATA WE COLLECT
We may collect, use, store and transfer data about yourself categorized as follows:
§ Identity Data, which includes your title, first name, surname, an online username or other identifier, gender and date of birth.
§ Contact Data which includes your telephone number, e-mail address and full postal address.
§ Financial data, which includes data which is necessary for processing payments including bank account details, payment card details and other related billing information (see “Note on Financial Data” below).
§ Transaction Data which includes details about products and/or services you have purchased from us and details of payments to and from you in relation to these purchases.
§ Profile Data which includes your ESSENTAROMA e-Store username and password, purchases or orders made by you, your interests, preferences and feedback, including through surveys.
§ Marketing and Communications Data which includes your communication preferences in receiving e-mail newsletters and additional communications from us.
§ Technical Data which includes your IP address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform.
§ Usage Data which includes information about your browsing activity on the ESSENTAROMA Website and the ESSENTAROMA e-Store, including statistics on page views, links clicked, time on each page, information over any intended purchases including the contents of your shopping cart and any wish-lists.
Note on Usage data
Note on Financial Data
All payments for goods or services purchased through the ESSENTAROMA e-Store are directly processed by our third-party payment services providers, VIVA Payments and/or PayPal, depending on your preference at the time of purchase. This means that any Financial Data you may provide when completing a purchase on the ESSENTAROMA e-Store, including payment card details and/or bank account details and/or other related billing information, will be collected and processed by VIVA Payments and/or PayPal and not by PAJTEK LIMITED.
Unless you have otherwise provided any Financial Data to PAJTEK LIMITED directly in connection with your use of the ESSENTAROMA e-Store, your Financial Data will not be collected by us and may not be available to us.
Note on the types of data we do not collect
§ Special categories of data – We do not collect any special categories of personal data about you, including details about your ethnicity, race, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, your health, genetic data, biometric data or information about criminal convictions and offences.
§ Data relating to children – We do not knowingly collect data relating to children and neither the ESSENTAROMA Website nor the ESSENTAROMA e-Store are intended for children.
HOW WE COLLECT PERSONAL DATA
We collect personal data from and/or about you using the following methods:
§ Direct interaction – We may collect personal data apart from Technical data and Usage data directly when you correspond with us by post, e-mail or through the ESSENTAROMA Website, when you otherwise use or interact with the ESSENTAROMA Website or the ESSENTAROMA e-Store and when you contact us by telephone or otherwise, including in the following instances:
- when you contact us by e-mail or telephone to make enquiries, place orders or give feedback;
- when you create an account on the ESSENTAROMA e-Store;
- when you fill-in the contact form on the ESSENTAROMA Website;
- when you consent to marketing and/or advertising communications from us or subscribe to our publications;
- when you enter any prize-draws and promotions or take surveys on the ESSENTAROMA Website.
§ Third parties or publicly available sources – We may receive personal data about you from various third parties, including:
- Technical and Usage Data from data analytics providers such as Google Analytics (based outside the EEA) and social media networks such as Facebook, Pinterest, LinkedIn and Instagram (all based outside the EEA);
- Contact Data, Financial Data and Transaction Data from third-party payments services providers such as VIVA Payments (based inside the EEA) and PayPal (based outside the EEA);
- Identity Data and Contact Data about you or your organization from publicly available sources, databases and records.
Note on cookies
Note on social media
The ESSENTAROMA Website and e-Store may contain social networking buttons which will allow you to share information on the ESSENTAROMA Website and e-Store with third-party social media sites or applications which are not owned or controlled by PAJTEK LIMITED.
We have no control over and assume no liability for use of these features on your end, which may result in your personal data being directly collected, used and/or shared by the respective third-party social media sites and applications, whose respective data privacy policies will govern use of said data in those instances.
Note on personal data you may provide about third parties
HOW WE USE PERSONAL DATA
Purposes for which we will use your personal data
We plan to use or process your personal data for the Processing Purposes and on the Legal Grounds set out in the table below.
We will not use or process your personal data for any purpose other than that we originally collected it for, except where we reasonably consider the other purpose to be compatible to the original purpose. We will notify you in case we need to use your personal data for any unrelated purpose and explain the legal grounds on which we are allowed to do so.
Note on contracts
We may not be able to perform a contract we have or are trying to enter into with you for the provision of our goods or services where we need to collect personal data from you by law or under the terms of the contract and you fail to provide such data. Where that occurs, we may be unable to enter into a contract with you and/or we may have to cancel an existing contract, but we will notify you if this is the case at the time.
Note on legitimate interests
We have a legitimate interest in operating, managing, developing, promoting and protecting our business to enable us to give you the best products or services and the most secure experience. This includes, among other things, keeping our records up-to-date, preventing online fraud on or misuse of the ESSENTAROMA Website and the ESSENTAROMA e-Store and improving our relationship with new or existing customers, third party suppliers and distributors or service providers by understanding how our customers engage with our products and services and marketing communications and by providing our customers with a personalized experience on the ESSENTAROMA Website and the ESSENTAROMA e-Store including through tailored marketing or advertising.
In practice, this means that, provided your own interests do not override our legitimate interests, we may process personal data personal data you provided to us when we develop and test for new products and services, improve existing products and services and create marketing material and communications.
Note on consent
We generally only rely on consent as legal grounds to process your personal data for the purposes of sending you direct marketing communications and/or enabling third parties instructed by us to send you marketing communications on our behalf. You can withdraw your consent for and opt-out from marketing-related communications from us and/or third parties at any time by contacting us using the methods identified under the “Withdrawal of consent for marketing communications” note below.
We do not rely on your consent when contacting you by e-mail, telephone or SMS in the course of managing our relationship with you or in the course of performing a contract with you, including when we need further information from you for these purposes and when we contact you with service messages for delivery fulfilment purposes or to give you updates in relation to your order or delivery.
Note on marketing communications
As identified above, we will only send you newsletters, product announcements and other marketing-related communications if you have previously specifically consented to us doing so, including by checking the relevant box prior to submitting an order on the ESSENTAROMA e-Store or when registering for our newsletters on the ESSENTAROMA Website.
We may use your Identity data and/or Contact data and/or Technical data and/or Usage data and/or Profile data to determine which of our products, services or offers we consider may be more relevant to you in order to provide tailored marketing-related communications.
We will only deliver marketing-related communications to you using the methods indicated when we sought your consent, namely, by email, post or SMS.
Withdrawal of consent for marketing communications
You can withdraw your consent for and opt-out from marketing-related communications from us and/or third parties instructed by us by doing any of the following:
§ Clicking on the opt-out links contained at the bottom of any e-mail marketing communication we or third parties instructed by us may send you; or
§ Calling and/or messaging the ‘STOPSMS’ number contained at the end of any SMS marketing communication we or third parties instructed by us may send you; or
Withdrawal or lack of consent for marketing-related communications may mean that you will not be able to benefit from these services, as the processing of your data is essential for their provision by PAJTEK LIMITED.
DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES
§ Third party service providers based inside the European Economic Area (“EEA”) and instructed by us to perform any task or activity which is not performed by ourselves in relation to the performance of a contract with you (including order management and fulfilment and payment processing), the preparation or dissemination of our marketing and advertising material, communications with you and IT systems maintenance or administration;
§ Our external professional advisers such as accountants, auditors, bankers and insurers, based inside the EEA;
§ Public authorities (where we are required by law to do so or to the extent necessary for the establishment, exercise or defence of legal rights);
§ Third parties to whom we may sell, transfer, or merge parts of our business and assets or third parties with whom we may merge or which we may acquire.
In such instances, we will retain control over and will remain fully responsible for your personal data. We will use appropriate safeguards as required by applicable law to ensure data integrity and security but also that data is used by any third party in accordance with our instructions and for the specified purposes only.
INTERNATIONAL DATA TRANSFERS
We do not transfer your personal data outside the EEA.
HOW LONG WE RETAIN PERSONAL DATA FOR
How we determine data retention periods
We consider the following factors in order to determine the appropriate retention period for personal data:
§ The amount, nature and sensitivity of the personal data;
§ The potential risk of harm from its unauthorized use or disclosure;
§ The Processing Purposes and whether these purposes can be achieved through other means; and
§ The applicable legal requirements.
Note on legal requirements
We are required by law to maintain some information about our customers for tax purposes for a period of six (6) years after they cease being customers. This information may include basic Identity data, Contact Data, any Financial Data and Transaction Data.
You can request additional information on our data retention periods for different aspects of your personal data by sending us an e-mail using the Data Privacy Contact details above.
We may keep your personal data in paper files and on online storage mediums. We have put in place appropriate security measures to prevent data loss, unlawful or improper use and unauthorized access or processing, including by limiting access to personal data to those employees, agents, contractors and other third parties who have a business need to know and only act under our instructions.
YOUR LEGAL RIGHTS
Under certain circumstances and subject to certain legal conditions, you have the right to:
§ Request access to the personal data we hold about you;
§ Withdraw your consent to us processing your personal data;
§ Request the correction of any inaccurate personal data;
§ Request the erasure of your personal data;
§ Data portability;
§ Object to the processing of your data or request that processing be restricted;
§ Complain if you have a concern about how we handle your personal data.
When there are reasonable doubts regarding your identity, we may need to request specific information from you to help us confirm your identity. We reserve the right to charge you a reasonable administrative fee for clearly unfounded, repetitive or excessive requests for access to your data, and for any additional copies of the personal data you request from us.
The Data Protection Commissioner’s Office
In the event you are unsatisfied with our response to any complaint or you have a concern about how we handle your personal data, you have the right to lodge a complaint with the Cyprus Data Protection Commissioner’s Office at:
§ Address: 1 Iasonos Street, 1082 Nicosia, Cyprus
§ Telephone. No: +357 22 818 456
§ Fax: +357 22 304 565
§ E-mail: firstname.lastname@example.org
YOUR DUTY TO INFORM US OF CHANGES TO YOUR PERSONAL DATA
It is important that we hold accurate and current personal data about you. PAJTEK LIMITED will not be liable for any losses arising from inaccurate, inauthentic, incomplete or deficient personal data provided to us.