the Company to provide users with details of the data controller, of the personal data collected through the Site, of the purposes of the processing of such personal data, and of the means by which such processing is accomplished, of any third parties involved in the processing, of any transfer abroad of such data, of the security measures adopted to protect the collected data, and of the manner in which the user may check the processing of those data regarding him/her, and may exercise his/her rights under the EU regulation n. 2016/679 (hereinafter “GDPR”).
1. INFORMATION WE COLLECT
There are several ways we may obtain information about you, including through (A) information you provide to us directly; (B) information we automatically collect. This includes data that identifies you personally, whether directly (i.e., your name) or indirectly (i.e., information about your online use).
A) Information You Provide
the Company collects certain information from you when you directly provide it to us. This may include when you create an account with us, make a purchase through our Site, request information from us, sign up for newsletters or our e-mail list, enter into sweepstakes or other promotions, request customer support, or otherwise communicate with or contact us directly. This information may include the following:
- Contact details including your name, address, email address, and telephone or mobile number;
- Login and account information, including username, password, and unique user ID; and
- Billing and payment data, including credit card data; and
- Personal preferences, such as marketing preferences.
B) Information Automatically Collected
The Company collects the personal data of users visiting and consulting the Site, the so-called browsing data. The technological platform by means of which the Site is made available to the user, in fact automatically records certain browsing data – the transmission of which is implicit in the use of Internet communications protocols – such as, for example, the name of the Internet access provider, the source website, the pages visited, the date and duration of each visit, etc. Such information permits access to the Site and the use of certain services, and this information may be utilized in an anonymous and aggregated form for statistical purposes and in order to verify the correct functioning of the Site.
The Company does not collect such data in order to associate them with other information about users, and subsequently to identify such users; nevertheless, the data in question, by their very nature, may permit the identification of users following processing and association with other information. Browsing data may thus be used by The Company to ascertain whether any liability exists regarding computer crimes committed to the detriment of the Site, or by means of the Site. Without prejudice to such event, the aforementioned browsing data are only stored temporarily, in accordance with applicable law.
- Computer or Device Information: We may automatically collect your Internet Protocol (“IP”) address or other unique identifier or information from the computer, mobile device, tablet or other device you use to access the Site, including, but not limited to, your browser type, device type, operating system, software version, phone model, phone operating system, and the domain name from which you accessed the Site.
- Usage Information. . We may collect information about how you use the Site, including: the date and time you visit the Site; what areas or pages of the Site you visit; the amount of time you spend visiting the Site; the number of times you return to the Site; other information about where you click on the Site; whether you open, forward, or click on links in emails we send; and any other Site you may visit.
- Location Information. We collect general information about where traffic and purchases on our site are coming from around the world. We use this information at an aggregate level (meaning the information does not identify individual users) to create reports to better understand how we engage with users.
- Service Providers. . We may use service providers to support our Site. Some of these service providers may use technology such as cookies, web beacons, pixel tags, log files, Flash cookies, or HTML5 cookies to receive, collect, and store information.
C. Combination of Information
We may combine the information we receive from and about you, including information you provide to us, information we automatically collect through our Sites, information collected offline, information collected across other computers or devices that you may use, and information from third party sources.
2. INFORMATION USE
Where necessary under applicable law, we will have a lawful basis to process your data if:
- You have consented to such processing;
- We have a legitimate interest for processing your data – e.g., for data analytics purposes; fraud prevention; direct marketing; network and information systems security; enhancing or improving our content, products, and services; identifying usage trends; and determining the effectiveness of promotional campaigns; and/or
- We are legally obligated to process it.
We may use the information we collect from and about you to:
- Respond to your inquiries and contact you when necessary;;
- Enhance your online experience, including as a way to recognize you and welcome you to the Site;
- Review the usage and operations of our Site, develop new products or services, and conduct analysis to enhance or improve our content, products, and services;
- Provide you with customized content, targeted offers, and advertising on the Site, via email, text message or push notification, or across other websites or social media;
- Administer any orders that you have placed with us and process payments;
- Communicate with you about your purchase;
- Register and manage your account(s) with us;
- Contact you with information, newsletters, and promotional materials;
- Use your data in an aggregated non-specific format for analytical and demographic purposes (this processing may involve profiling – for example to create audiences based on demographic or location-based information for marketing and customization purposes);
- Address problems with the Site or our business, and to protect the security or integrity of the Site and our business; or
- For other purposes disclosed at the time you provide your information or otherwise with your consent.
Additionally, if you use the Site to connect with any third-party services (e.g., social media Site), you authorize us to use information from and about you, on your behalf, to interact with these third-party services based on your requests.
INFORMATION WE SHARE
A) Information You Share
The Site offer many ways to find, enjoy, and share content. Your activity in connection with the Site may include filling out surveys, reviewing and rating products, inquiring about or purchasing products, participating in online communities, “liking” or “sharing” our content on your social media accounts or otherwise interacting with the Company. Any information you may disclose on our Site, in blogs, on message boards, in chat rooms, or in other public areas of the Site or other third-party websites, applications, or services that the Site may link to, becomes public information. Please exercise caution when disclosing personal information in these public areas. .
B) Information We Share
We may share your personal information with:
- Affiliates: . We may share your information with the Company affiliates and subsidiaries for business, operational, promotional, and marketing purposes.
- Third parties. . We may share your information with such as professionals, consultants and more generally third parties who cooperate with the Company for the pursuit of the above purposes, or third parties who have been entrusted with activities in outsourcing.
- Service Providers: . We may share your information with service providers that provide business, professional or technical support functions for us, help us operate our business and the Site, or administer activities on our behalf.
- Aggregate or Anonymous Non-Personal Information: . We may also share aggregate, anonymous, or de-identified non-personal information with third parties for their marketing or analytics uses.
- Other: . We also may share your information as disclosed to you at the time of collection.
4. HOW LONG YOUR INFORMATION IS RETAINED
We will retain your individual personal data only as long as we need it for the purpose for which we are processing it. For example, when you contact us with a complaint, query, or other concern, we will retain your information for as long as needed to respond to your query. We may use data aggregated by Google Analytics indefinitely without further notice to you. We will periodically review the personal information we hold and delete it securely, or in some cases anonymize it, when there is no longer a legal, business, or consumer need for us to retain it. When we anonymize data, we may retain such data indefinitely without further notice to you.
5. PROCESSING METHODS
The user’s personal data are processed by computer and telematic methods, mainly by electronic and automated means and, and, limited to particular operations, by paper.
In accordance with the GDPR, specific security measures are observed to prevent data loss, unlawful or improper use, and unauthorized access.
6. YOUR RIGHTS
A) For EEA Residents
We respect your privacy rights and provide you with reasonable access and rights to the personal data (as defined in the General Data Protection Regulation) that you may have shared with us. If you live in the EEA, and wish to access, amend, delete, or transfer any personal data we hold about you, you may contact us as set forth in the “Contact Us” section.
At any time, you may object to the processing of your Personal Data on legitimate grounds, but we reserve the right to proceed with the processing if otherwise permitted by applicable law. If you believe we have infringed upon your right to privacy granted by applicable data protection laws, please contact firstname.lastname@example.org. You also have a right to lodge a complaint with data protection authorities.
B) For California Residents
California law permits residents of California to request certain details about how the Company shares their personal information with third parties or affiliated companies for direct marketing purposes. If you are a California resident and would like to make such a request, please contact us at: email@example.com. You must put the statement “Your California Privacy Rights” in the subject line. We are not responsible for notices that are not properly sent, or that do not have complete information.
California residents may also take advantage of the following rights:
- You may request, up to two times each year, that we disclose to you: (1) the categories and specific pieces of personal information that we have collected about you; (2) the categories of sources from which we collect your personal information; (3) the business or commercial purpose for collecting your personal information; (4) the categories of third parties with whom we have shared your personal information; and (5) the business or commercial purpose for selling your personal information, if applicable.
- You may also request that we delete any personal information we have collected from or about you. There are some reasons we will not be able to fully address your request, such as if we need to complete a transaction for you, to detect and protect against fraudulent and illegal activity, to exercise our rights, or to comply with a legal obligation.
We offer multiple ways for you to make such a request (“Data Access Request” and “Deletion Request”) free of charge, including the following:
- Send an e-mail to firstname.lastname@example.org. You must put the statement “Your California Privacy Rights” in the subject field and include as an attachment a completed Data Access Request Form or Deletion Request Line. We are not responsible for requests that are not labeled or sent properly, or that do not have complete information.
In order for us to fulfill your Data Access Request Form or Deletion Request Form, we will need to verify that you are who you say you are and that we indeed collect or retain your personal information on our systems. For verification purposes, we will attempt to match information that you provide to us with information we already have in our records. We will not be able to delete or provide you with access to your personal information unless we are able to verify your identity. We will respond to your request within 45 days of receiving your request, after proper verification, unless we need additional time, in which case we will let you know. We value your privacy and will not discriminate against you in response to you exercising your privacy rights.
An authorized agent may submit a request on your behalf, after submission of proof of authorization in accordance with California law.
- We collect the following categories of personal information: identifiers/contact Information, commercial information, internet or other electronic network activity information, geolocation, visual and audio information, age, gender, and inferences drawn from the above.
- We disclose the following categories of information for a business purpose: identifiers/contact information, commercial information, internet or other electronic network activity information, geolocation, visual and audio information, and inferences drawn from the above.
C) Cookies; Tracking
8. DATA SECURITY
We have taken certain physical, administrative, and technical steps to safeguard the information we collect from and about our customers and visitors to the Sites. While we make every effort to help ensure the integrity and security of our network and systems, we cannot guarantee our security measures.
9. INTERNATIONAL TRANSFERS
The personal data shall be transferred outside the country or the European Union, in countries not providing for an adequate level of data protection, only in accordance with the safeguards set forth by applicable laws. The complete list of recipients of the data, established outside the European Union, or a copy of the safeguards adopted by the Data Controller can be obtained by writing an email to the following email address: email@example.com or by writing a letter to the address below.
11. DATA CONTROLLER
Data controller is SIA “Truffle bee”, with registered office in Rīga, Alberta iela 1 - 3A, LV-1010
12. DATA PROCESSING OFFICER
The Data Protection Officer (DPO) can be contacted at the following e-mail address: firstname.lastname@example.org.