DATA PRIVACY POLICY

PAJTEK LIMITED (also referred to in this Privacy Policy as “we”, “us” or “our”) is committed to protecting your privacy and personal data and we wish to be transparent as to how we do that through this Privacy Policy.

ABOUT THIS PRIVACY POLICY

This Privacy Policy:

§  Explains which types of personal data we collect from you when you visit and use our website(https://www.essentaroma.com)(“ESSENTAROMA Website”) which includes our e-store (“ESSENTAROMA e-Store”) and when you otherwise interact with us online or offline;

§  Addresses when, how and why your personal data is collected, processed and shared with third parties in the above instances;

§  Informs you on your privacy rights, options and protection in line with the applicable data protection and privacy laws.

This Privacy Policy supplements but does not override any other privacy policy or notice we may provide when collecting or processing your personal data on specific occasions.

ABOUT THE DATA CONTROLLER

The data controller responsible for your personal data is PAJTEK LIMITED, a limited liability company incorporated in Cyprus which engages in e-commerce for “ESSENTAROMA” branded aromatherapy products and natural remedies through the ESSENTAROMA Website and the ESSENTAROMA e-Store.

Our full details

§  Full name of data controller: PAJTEK LIMITED

§  Company registration number: HE383650

§  Registered office address: 1 Nikis & Kastoros, Floor 1, 1087 Nicosia, Cyprus

§  E-mail address: info@essentaroma.com

§  Telephone No. +357 97849323

Data Privacy Contact

PAJTEK LIMITED has designated the following person as a point of contact for any questions, comments or complaints you may have over the use, processing or sharing of your personal data subject to this Privacy Policy:

§  Contact name:      Alina Pasarel

§  E-mail address:    info@essentaroma.com

§  Telephone No.:     +357 97849323

PERSONAL DATA WE COLLECT

We may collect, use, store and transfer data about yourself categorized as follows:

§  Identity Data, which includes your title, first name, surname, an online username or other identifier, gender and date of birth.

§  Contact Data which includes your telephone number, e-mail address and full postal address.

§  Financial data, which includes data which is necessary for processing payments including bank account details, payment card details and other related billing information (see “Note on Financial Data” below).

§  Transaction Data which includes details about products and/or services you have purchased from us and details of payments to and from you in relation to these purchases.

§  Profile Data which includes your ESSENTAROMA e-Store username and password, purchases or orders made by you, your interests, preferences and feedback, including through surveys.

§  Marketing and Communications Data which includes your communication preferences in receiving e-mail newsletters and additional communications from us.

§  Technical Data which includes your IP address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform.

§  Usage Data which includes information about your browsing activity on the ESSENTAROMA Website and the ESSENTAROMA e-Store, including statistics on page views, links clicked, time on each page, information over any intended purchases including the contents of your shopping cart and any wish-lists.

Note on Usage data

We may aggregate Usage Data in order to measure the number of users accessing a specific area of our Website and in order to improve the ESSENTAROMA Website’s look, feel and usability. Aggregated data is not considered ‘personal data’ in law, as it does not directly or indirectly reveal your identity, but we will treat any aggregated data which in combination with other data may directly or indirectly identify you as personal data which will only be used in accordance with this Privacy Policy.

Note on Financial Data

All payments for goods or services purchased through the ESSENTAROMA e-Store are directly processed by our third-party payment services providers, VIVA Payments and/or PayPal, depending on your preference at the time of purchase. This means that any Financial Data you may provide when completing a purchase on the ESSENTAROMA e-Store, including payment card details and/or bank account details and/or other related billing information, will be collected and processed by VIVA Payments and/or PayPal and not by PAJTEK LIMITED.

Unless you have otherwise provided any Financial Data to PAJTEK LIMITED directly in connection with your use of the ESSENTAROMA e-Store, your Financial Data will not be collected by us and may not be available to us. 

Please note that any Financial Data collected from you by VIVA Payments and/or PayPal is governed by their own applicable Data Privacy Policy, which you should take care to review prior to submitting any data to those third-party payment services providers.

Note on the types of data we do not collect

§  Special categories of dataWe do not collect any special categories of personal data about you, including details about your ethnicity, race, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, your health, genetic data, biometric data or information about criminal convictions and offences.

§  Data relating to children – We do not knowingly collect data relating to children and neither the ESSENTAROMA Website nor the ESSENTAROMA e-Store are intended for children.

HOW WE COLLECT PERSONAL DATA

We collect personal data from and/or about you using the following methods:

§  Direct interaction – We may collect personal data apart from Technical data and Usage data directly when you correspond with us by post, e-mail or through the ESSENTAROMA Website, when you otherwise use or interact with the ESSENTAROMA Website or the ESSENTAROMA e-Store and when you contact us by telephone or otherwise, including in the following instances:

-        when you contact us by e-mail or telephone to make enquiries, place orders or give feedback;

-        when you create an account on the ESSENTAROMA e-Store;

-        when you fill-in the contact form on the ESSENTAROMA Website;

-        when you consent to marketing and/or advertising communications from us or subscribe to our publications;

-        when you enter any prize-draws and promotions or take surveys on the ESSENTAROMA Website.

§  Automated interaction – We may automatically collect Technical Data and Usage Data about your equipment, browsing actions and patterns while you visit or interact with the ESSENTAROMA Website, including through the use of cookies.

§  Third parties or publicly available sources – We may receive personal data about you from various third parties, including:

-        Technical and Usage Data from data analytics providers such as Google Analytics (based outside the EEA) and social media networks such as Facebook, Pinterest, LinkedIn and Instagram (all based outside the EEA);

-        Contact Data, Financial Data and Transaction Data from third-party payments services providers such as VIVA Payments (based inside the EEA) and PayPal (based outside the EEA);

-        Identity Data and Contact Data about you or your organization from publicly available sources, databases and records.

Note on cookies

We sometimes place small data files called cookies on your device to make the ESSENTAROMA Website and the ESSENTAROMA e-Store function properly, including session cookies and authentication cookies. You can set your browser to refuse all or some cookies, or to alert you when websites set or access cookies. Please note that parts of the ESSENTAROMA Website and the ESSENTAROMA e-Store may become inaccessible or not function properly when you disable or refuse cookies.

Please refer to our Cookie Policy for additional information.

Note on social media

The ESSENTAROMA Website and e-Store may contain social networking buttons which will allow you to share information on the ESSENTAROMA Website and e-Store with third-party social media sites or applications which are not owned or controlled by PAJTEK LIMITED.

We have no control over and assume no liability for use of these features on your end, which may result in your personal data being directly collected, used and/or shared by the respective third-party social media sites and applications, whose respective data privacy policies will govern use of said data in those instances.

Note on personal data you may provide about third parties

Personal data about any third parties must be provided to us after ensuring you are entitled to disclose that personal data to us and that we may collect, use and disclose that personal data as described in this Privacy Policy without our taking any further steps.

HOW WE USE PERSONAL DATA

Purposes for which we will use your personal data  

We plan to use or process your personal data for the Processing Purposes and on the Legal Grounds set out in the table below.

Processing Purposes

Data involved

Legal Grounds for processing

Processing and responding to any enquiries you make on our products and services

§  Identity Data

§  Contact Data

Legitimate interests

see note below

Allowing you to register as a new customer on the ESSENTAROMA e-Store

§  Identity Data

§  Contact Data

Contract

The performance of a contract with you

Processing and delivering orders you place for ESSENTAROMA products and services, including providing you with updates on any orders

§  Identity Data

§  Contact Data

§  Financial Data

§  Transaction Data

Contract

The performance of a contract with you

Managing our relationship with you, including by notifying you about changes to our policies (including this privacy policy) and asking you to review us or take surveys

§  Identity Data

§  Contact Data

§  Transaction Data

Legitimate interests

see note below

 

Delivering newsletters, product updates/announcements and other marketing communication to you on ESSENTAROMA products and services by e-mail, post or SMS

§  Identity Data

§  Contact Data

§  Transaction Data

§  Profile Data

§  Technical Data

§  Usage Data

§  Marketing and Communications Data

Consent –

Your consent to receiving marketing material from us

Displaying tailored suggestions for ESSENTAROMA products and services to you on the ESSENTAROMA Website and the ESSENTAROMA e-Store

§  Identity Data

§  Contact Data

§  Transaction Data

§  Profile Data

§  Technical Data

§  Usage Data

§  Marketing and Communications Data

Legitimate interests

see note below

 

Enabling your participation in any prize-draw or promotion organized by PAJTEK LIMITED (subject to eligibility) and communicating with you over any such prize-draw or promotion

§  Identity Data

§  Contact Data

§  Transaction Data

§  Profile Data

§  Usage Data

§  Marketing and Communications Data

Consent

Your consent to data processing for the purposes of a prize draw or promotion

Developing and improving our products and services, the ESSENTAROMA Website, the ESSENTAROMA e-Store, our communications with our customers and our marketing to customers, including through the use of data analytics

§  Identity Data

§  Contact Data

§  Transaction Data

§  Profile Data

§  Technical Data

§  Usage data

Legitimate interests

see note below

 

Administering and protecting our business, the ESSENTAROMA Website and the ESSENTAROMA e-Store (including through the use of data analytics and IT system maintenance and support) and detecting, defusing or mitigating fraudulent or illegal activity on the ESSENTAROMA Website and the ESSENTAROMA e-Store

§  Identity Data

§  Contact Data

§  Financial Data

§  Transaction data

§  Technical Data

§  Usage Data

Legitimate interests

see note below

 

Enabling third party advertising and marketing service providers instructed by us to conduct marketing and advertising on ESSENTAROMA products and services on our behalf

§  Identity Data

§  Contact Data

§  Transaction Data

§  Profile Data

§  Technical Data

§  Usage data

 

Consent

Your consent to your data being shared with third parties for our marketing and advertising

We will not use or process your personal data for any purpose other than that we originally collected it for, except where we reasonably consider the other purpose to be compatible to the original purpose. We will notify you in case we need to use your personal data for any unrelated purpose and explain the legal grounds on which we are allowed to do so.

Note on contracts

We may not be able to perform a contract we have or are trying to enter into with you for the provision of our goods or services where we need to collect personal data from you by law or under the terms of the contract and you fail to provide such data. Where that occurs, we may be unable to enter into a contract with you and/or we may have to cancel an existing contract, but we will notify you if this is the case at the time.

Note on legitimate interests

We have a legitimate interest in operating, managing, developing, promoting and protecting our business to enable us to give you the best products or services and the most secure experience. This includes, among other things, keeping our records up-to-date, preventing online fraud on or misuse of the ESSENTAROMA Website and the ESSENTAROMA e-Store and improving our relationship with new or existing customers, third party suppliers and distributors or service providers by understanding how our customers engage with our products and services and marketing communications and by providing our customers with a personalized experience on the ESSENTAROMA Website and the ESSENTAROMA e-Store including through tailored marketing or advertising.

In practice, this means that, provided your own interests do not override our legitimate interests, we may process personal data personal data you provided to us when we develop and test for new products and services, improve existing products and services and create marketing material and communications.

Note on consent

We may process your personal data without your knowledge or consent where this is required or permitted by law and where processing is compatible with other rules identified in this Privacy Policy.

We generally only rely on consent as legal grounds to process your personal data for the purposes of sending you direct marketing communications and/or enabling third parties instructed by us to send you marketing communications on our behalf.  You can withdraw your consent for and opt-out from marketing-related communications from us and/or third parties at any time by contacting us using the methods identified under the “Withdrawal of consent for marketing communications” note below.

We do not rely on your consent when contacting you by e-mail, telephone or SMS in the course of managing our relationship with you or in the course of performing a contract with you, including when we need further information from you for these purposes and when we contact you with service messages for delivery fulfilment purposes or to give you updates in relation to your order or delivery.

Note on marketing communications

As identified above, we will only send you newsletters, product announcements and other marketing-related communications if you have previously specifically consented to us doing so, including by checking the relevant box prior to submitting an order on the ESSENTAROMA e-Store or when registering for our newsletters on the ESSENTAROMA Website.

We may use your Identity data and/or Contact data and/or Technical data and/or Usage data and/or Profile data to determine which of our products, services or offers we consider may be more relevant to you in order to provide tailored marketing-related communications.

We will only deliver marketing-related communications to you using the methods indicated when we sought your consent, namely, by email, post or SMS.

Withdrawal of consent for marketing communications

You can withdraw your consent for and opt-out from marketing-related communications from us and/or third parties instructed by us by doing any of the following:

§  Clicking on the opt-out links contained at the bottom of any e-mail marketing communication we or third parties instructed by us may send you; or

§  Calling and/or messaging the ‘STOPSMS’ number contained at the end of any SMS marketing communication we or third parties instructed by us may send you; or

§  Contacting us using the Privacy Contact Details in this Privacy Policy.

Withdrawal or lack of consent for marketing-related communications may mean that you will not be able to benefit from these services, as the processing of your data is essential for their provision by PAJTEK LIMITED.

DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES

We may share your personal data with the following third parties in order to meet certain Processing Purposes identified in this Privacy Policy:

§  Third party service providers based inside the European Economic Area (“EEA”) and instructed by us to perform any task or activity which is not performed by ourselves in relation to the performance of a contract with you (including order management and fulfilment and payment processing), the preparation or dissemination of our marketing and advertising material, communications with you and IT systems maintenance or administration;

§  Our external professional advisers such as accountants, auditors, bankers and insurers, based inside the EEA;

§  Public authorities (where we are required by law to do so or to the extent necessary for the establishment, exercise or defence of legal rights);

§  Third parties to whom we may sell, transfer, or merge parts of our business and assets or third parties with whom we may merge or which we may acquire.

In such instances, we will retain control over and will remain fully responsible for your personal data. We will use appropriate safeguards as required by applicable law to ensure data integrity and security but also that data is used by any third party in accordance with our instructions and for the specified purposes only.

INTERNATIONAL DATA TRANSFERS

We do not transfer your personal data outside the EEA.

HOW LONG WE RETAIN PERSONAL DATA FOR

We will only retain your personal data for as long as reasonably necessary to fulfil the Processing Purposes, satisfy our legal and accounting requirements, prevent fraud and resolve disputes, or until you exercise your right to erasure or revoke your consent (where applicable). Please refer to the “YOUR LEGAL RIGHTS” section in this Privacy Policy.

How we determine data retention periods

We consider the following factors in order to determine the appropriate retention period for personal data:

§  The amount, nature and sensitivity of the personal data;

§  The potential risk of harm from its unauthorized use or disclosure;

§  The Processing Purposes and whether these purposes can be achieved through other means; and

§  The applicable legal requirements.

Note on legal requirements

We are required by law to maintain some information about our customers for tax purposes for a period of six (6) years after they cease being customers. This information may include basic Identity data, Contact Data, any Financial Data and Transaction Data.

You can request additional information on our data retention periods for different aspects of your personal data by sending us an e-mail using the Data Privacy Contact details above.

DATA SECURITY

We may keep your personal data in paper files and on online storage mediums. We have put in place appropriate security measures to prevent data loss, unlawful or improper use and unauthorized access or processing, including by limiting access to personal data to those employees, agents, contractors and other third parties who have a business need to know and only act under our instructions.

YOUR LEGAL RIGHTS

Under certain circumstances and subject to certain legal conditions, you have the right to:

§  Request access to the personal data we hold about you;

§  Withdraw your consent to us processing your personal data;

§  Request the correction of any inaccurate personal data;

§  Request the erasure of your personal data;

§  Data portability;

§  Object to the processing of your data or request that processing be restricted;

§  Complain if you have a concern about how we handle your personal data.

If you wish to exercise any of your rights, please send a written request to Mrs. Alina Pasarel using the contact details listed under the “Data Privacy Contact” heading in this Privacy Policy. We will consider legitimate requests or complaints and try to provide a response within one (1) month.

When there are reasonable doubts regarding your identity, we may need to request specific information from you to help us confirm your identity. We reserve the right to charge you a reasonable administrative fee for clearly unfounded, repetitive or excessive requests for access to your data, and for any additional copies of the personal data you request from us.

The Data Protection Commissioner’s Office

In the event you are unsatisfied with our response to any complaint or you have a concern about how we handle your personal data, you have the right to lodge a complaint with the Cyprus Data Protection Commissioner’s Office at:

§  Address:               1 Iasonos Street, 1082 Nicosia, Cyprus

§  Telephone. No:     +357 22 818 456

§  Fax:                     +357 22 304 565

§  E-mail:                 commissioner@dataprotection.gov.cy

YOUR DUTY TO INFORM US OF CHANGES TO YOUR PERSONAL DATA

It is important that we hold accurate and current personal data about you. PAJTEK LIMITED will not be liable for any losses arising from inaccurate, inauthentic, incomplete or deficient personal data provided to us.

UPDATES TO THIS PRIVACY POLICY

This Privacy Policy was last updated on 28 June 2019.

We reserve the right to occasionally amend and update this Privacy Policy and we may inform you by e-mail when we do. Any amendments or updates will become effective as soon as our amended or updated Privacy Policy is published on the ESSENTAROMA Website.