ENTITY is a registered business and our aim is to strengthen the protection of personal data in line with The General Data Protection Regulation (“GDPR”) and with our local Supervisory Authority. If you have any questions or doubts, you can contact us via the COMMUNICATION OPTIONS below.
ABOUT THIS POLICY
ENTITY is committed to protecting your privacy and ensuring that your personal data is handled in a safe and responsible way. This policy outlines how we aim to achieve this and includes the information collected when:
- You use our website ENTITY WEBSITE
- You use our social media pages ENTITY SOCIAL MEDIA PAGES
- You make enquiries on our website.
- You visit our physical establishment(s).
- Someone is interested in working with us.
DEFINITION OF PERSONAL DATA
Personal data means any data that relates to an identifiable person who can be directly/indirectly identified from that data. In this case, it means personal data that you give to us via our site (online) or via offline methods (hand written or verbally spoken). By providing your personal data, you agree that we can use your personal data in accordance with this policy and with our obligations towards you. Ensure you understand this policy in its entirety and take your time to read it. Should you have any questions, you can reach out to us via the COMMUNICATION OPTIONS below.
WHO WE ARE
ENTITY is a enter type of business based in FULL ADDRESS/LOCATION. Our business registration number is: BRN/ABN/CAN/VAT/ΑΦΜ
HOW WE COLLECT INFORMATION FROM YOU
We collect information from you:
- When you order/collect a product or pay for a service.
- When you visit ENTITY (preferences, order history etc.).
- Make an enquiry.
- When you sign up to marketing emails.
CONDITIONS APPLICABLE TO CONSENT OF A CHILD/MINOR
Where a child/minor is below the age of ENTER AGE years, such processing shall be lawful only if and to the extent that consent is given or authorised by the holder of parental responsibility over the child.
TYPE OF INFORMATION WE COLLECTED FROM YOU
You may be asked to submit personal information about yourself when you order/collect a product and/or pay for a service. We will collect this information so we can fulfill your request. Where sensitive data is concerned, we will only request such data to fulfill our obligation to you, legitimate interests and/or as required by law.
WHEN YOU ORDER/COLLECT/USE A PRODUCT/SERVICE
ENTITY may collect information where applicable to fulfill its obligation to you such as:
- E-mail address (used for confirmation and post-service feedback emails)
- Home and/or work address
- Billing information taken for deposits, pre-orders, pre-bookings or holding credit card information (where applicable)
- Telephone number
- Company name (where applicable)
- Product/service requests
- Marketing preferences (whether you opt-in or opt-out)
WHEN YOU ARE SERVICED AT ENTITY
- marketing responses (where applicable)
- survey responses (where applicable)
- current and past order/service details
WHEN YOU ACCESS OUR SITES
There is “Device Information” about your computer hardware, mobile devices, electronic devices and software that is automatically collected by ENTITY where and if applicable. This information can include:
- Device type (e.g. mobile, computer, laptop, tablet).
- Operating system.
- IP address.
- Browser type.
- Browser information (e.g., type, language, and history).
- Domain names.
- Access times.
- Referring website addresses.
- Other data about your device to provide the services as otherwise described in this policy.
If you use our website(s) and/or social media site(s), we may receive your generic location (such as city or neighbourhood).
You may submit your Curriculum Vitae/Resume (CV) if you’re interested in working for us via EMAIL and/or POST. Your information is handled with the strictest data privacy measures in place and may include:
- Non Sensitive Personal Details.
- Sensitive Personal Details.
- Family Details.
- Employment Details.
- Education Details.
- Salary History Details.
- Other Relevant Details.
We will use this information to assess your application. We may also keep it in our records for future reference and for no longer than 12 months. Please contact us if you would no longer like us to hold your records via the COMMUNICATION OPTIONS listed below.
HOW WE USE YOUR INFORMATION
Our use of your personal data will always have a lawful basis, either because it is necessary to complete our obligation to you, because you have consented to our use of your personal data (e.g. by subscribing to emails), or because it is in our legitimate interests.
We require the information defined and outlined herein to understand your needs and provide you with a better product/service, and in particular for the following reasons:
- Internal record keeping.
- Send you confirmation emails (booking/order/pickup/delivery confirmation and post-service feedback).
- Improve our products and services.
- Send marketing communications if you have opted in to receive them.
- To customise our website(s) and/or social media site(s) according to your interests.
- To continually improve our business model.
HOW WE HANDLE SENSITIVE DATA
Sensitive Data is a subset of Personal Data that contains information relating to a person’s race or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data (for identifying a person), health data, and data about sex life, sexual orientation or criminal records data.
We Encrypt Sensitive Data when necessary for example, when saving to a flash drive, usb stick, external hard drive, transmitting it via third party platforms/applications/devices or email.
We do not collect or use any Sensitive Data or Criminal Records Data unless we are required to in fulfilling our legitimate obligations or under special dictating circumstances which bind us as required by law.
Sensitive information in databases, logs, data files, backup media, etc. shall be stored securely by means of encryption, masking, truncation, de-identification or other means of blurring identifying features.
Servers, Desktop and Portable Devices storing sensitive information will be tested regularly so that corrective actions can be taken should an exploit be found and/or to avoid potential exploits.
Employees working with sensitive information may require additional training. Should such training be required, we will make provisions in providing appropriate training on data security practices for both new and existing employees.
HOW WE HANDLE CHILDREN’S DATA
We handle children’s personal data based on 15 key standards:
1. BEST INTERESTS OF THE CHILD: We account for the best interests of any child as a primary consideration where any conflict arises, keeping children safe from exploitation risks and protecting their health and well-being.
2. DATA PROTECTION IMPACT ASSESSMENTS (DPIA): We undertake DPIA to assess and mitigate risks to the rights and freedoms of children who are likely to access our service and/or come in contact with our products, which may arise from the data processing.
3. AGE-APPROPRIATE APPLICATION: We undertake a risk-based approach to recognizing the age of individual users. This applies to the standards in the code of all users. Where we rely on consent for any aspects of our services, we obtain parental authorization for under aged individuals.
4. TRANSPARENCY: Under Article 5(1) of the GDPR we process personal data lawfully, fairly and in a transparent manner in relation to data subjects including children.
5. DETRIMENTAL USE OF DATA: We do not use children’s personal data in ways that show to be detrimental to their well-being, or that go against industry codes of practice, other regulatory provisions or Government advice.
6. POLICIES AND COMMUNITY STANDARDS: We uphold our own published terms, policies and community standards (including privacy policies, age restriction, behavior rules and content policies) herein and beyond. It’s our way of saying that we say what we do and we do what we say.
7. DEFAULT SETTINGS: Our operational settings are set to ‘high privacy’ by default, unless a compelling reason for a different default setting can be shown, taking into account the best interests of the child.
8. DATA MINIMIZATION: We collect and retain only the minimum amount of children’s personal data where needed to provide the elements of the service in which a child is actively and knowingly engaged. Where applicable children are also given separate choices over which elements they wish to activate.
9. DATA SHARING: Data relating to children is not disclosed unless a compelling reason to do so is shown, taking into account the best interests of the child.
10. GEOLOCATION: Geolocation tracking features are switched off by default, unless a compelling reason to switch it on is shown. In such case, an obvious sign for children is shown when location tracking is active. Options which make a child’s location visible to others default back to off at the end of each session.
11. PARENTAL CONTROLS: Children are provided with age-appropriate information about parental controls. If any of our online service allows a parent or a guardian to monitor a child’s online activity or track their location, then our service will provide an obvious sign to the child when they are being monitored.
12. PROFILING: Any profiling options are turned off by default. The off by default setting does not mean that profiling is not possible or not permitted. Whenever possible, children are offered control over whether and how their personal data is used. Profiling is subject to a privacy setting and only occurs when there are appropriate measures in place to protect the child from any harmful effects, such as content that is detrimental to their health or well-being.
13. NUDGE TECHNIQUES: We do not use nudge techniques to lead or encourage children to provide unnecessary personal data or weaken or turn off their privacy protection.
14. CONNECTED TOYS AND DEVICES: Should we provide connected toys or devices e.g. a fitness band that records the child’s level of physical activity and then transmits this back to servers, or a home hub interactive speaker device,) it will include effective tools to enable conformance to the code. This includes being clear about who is processing the child’s personal data and what their responsibilities are, anticipating and providing for use by multiple users of different ages, providing clear information about our use of personal data at point of purchase and on set-up, finding ways to communicate just in time information and avoiding passive collection of personal data.
15. ONLINE TOOLS: Where applicable, prominent and accessible tools are provided to help children exercise their data protection rights and report concerns.
ACCESS RIGHTS TO YOUR INFORMATION
We will not sell, distribute, or lease your personal information to third parties. Any personal information we request from you will be safeguarded under current data privacy legislation.
We will only share your information with companies and/or Third Parties if necessary to deliver services on our behalf. For example service providers (e.g. for the provision of fulfilling your order/service), Third-Party payment processors, and other Third Parties to provide our Site(s) and/or fulfill your requests, and as otherwise consented to by you or as permitted by applicable law.
When we require to use Third Parties, we endeavour to make sure that they have appropriate safeguards in place for the protection of personal data, subject to it not having an impact on our business activities in being able to deliver our products and/or services. If possible and non-impacting, we will seek alternative Third Parties to deliver such services.
You may choose to restrict the collection or use of your personal information at any point. Please refer to the DATA SUBJECT REQUEST section below for available options.
HOW AND WHERE DO WE STORE DATA?
For orders and/or services taken through online software/platforms, your data will only be stored in ENTER COUNTRY.
Where applicable, your personal data is stored securely in the data centers of the software/platform providers.
For orders/services taken manually and logged as hard-copy, your data will only be stored in our place of business and secured with the correct measures to mitigate risks to your personal data.
ENTITY and/or our subcontractors might transfer Personal Data to countries outside the European Economic Area (EEA) and European Union (EU) (“Third Country”). In such event, the transfer shall be conducted on a legal basis and in line with Chapter 5 Articles 44, 45, 46, 47, 48, 49 and 50 of the GDPR “Transfers of personal data to third countries or international organisations”.
When required to destroy your personal data either online or offline, it will be done in a manner where your personal data cannot be recovered by any possible means or methods, including shredding, overwriting all devices and media both on digital storage devices and/or on hard-copy no longer used by ENTITY.
We may analyse your personal information to create a profile of your engagement history with ENTITY and preferences so that we can contact you with information relevant to you. We may make use of additional information about you when it is available from external sources to help us do this effectively. This will be done only with your explicit consent and/or as required by law.
We will not contact you for marketing purposes by postal services, emails, phone and/or digital text messages unless you have given your prior consent and we will not pass your details to any Third Parties for marketing purposes unless you have expressly permitted us to or as required by law.
Herein, you are provided with a full unencumbered DATA SUBJECT REQUEST gateway including:
- Data Subject DATA BREACH Registrar.
- Data Subject OPT-OUT Request.
- Data Subject PORTABILITY Request.
- Data Subject ERASURE Request.
- Data Subject CORRECTION Request.
- Data Subject ACCESS Request.
- Data Subject RESTRICTION Request.
- Data Subject OBJECTION Request.
You have the right to withdraw your consent to us using your personal data at any time, and to request that we delete it. We do not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected. Data will, therefore, be retained as outlined herein in HOW AND WHERE WE STORE DATA.
Data security is very important to us, and to protect your data we have taken suitable measures to safeguard and secure data collected through our Site. If you would like further details please contact us via the COMMUNICATION OPTIONS below.
A cookie is a text file that is placed on your hard disk by a web page server which allows the website to recognise you when you visit. Cookies only collect data about browsing actions and patterns, and do not identify you as an individual.
- OPTING OUT: You can set your browser to not accept cookies, but this may limit your ability to use the products/services offered on our Site(s).
Our Site may contain links to other websites. Please note that we have no control over how your data is collected, stored, or used by other websites and we advise you to check the privacy policies of any such websites before providing any data to them.
WHAT HAPPENS IF OUR BUSINESS CHANGES HANDS
In the event that any of your data is to be transferred in such a manner, you will not be contacted in advance and informed of the changes. When and if contacted you will not be given the choice to have your data deleted or withheld from the new owner or controller.
We DO/DON’T share your information with other entities within our group. If we do, this is to enhance the experience that we the ENTITY group provide you when you engage with us, such as.
- Type of product(s) and/or service(s).
- If you previously expressed a preference for specific product(s) and/or service(s).
- Customised service.
- Improve our business model.
In addition to providing you with more customised service, we may, as permitted by applicable law, share your information with our affiliates to support operations, such as:
- To perform analytics.
- Tailor marketing to you.
- Support a loyalty program that you have chosen to participate in.
- Improve our products(s) and/or service(s).
For more information, please feel free to contact us via the COMMUNICATION OPTIONS listed below.
CHANGES TO THIS STATEMENT
- Our data privacy adviser(s).
- Our data privacy consultant(s).
- Our legal adviser(s).
- Our Supervisory Authority.
- A court ruling presented to ENTITY.
DATA PRIVACY REGULATION GOVERNANCE
All being said and done, ENTITY’s handling of personal data is governed by the General Data Protection Regulation (GDPR) and our Supervisory Authorities Regulations. Our Supervisory Authority is the ENTER NAME.
RECENT POLICY UPDATE
This policy was last updated on ENTER FULL DATE