SECTION 1 – WHAT DO WE DO WITH YOUR INFORMATION?
The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with the General Data Protection Regulation (GDPR), and in accordance with the country-specific data protection regulations applicable to Raspberry Shake. By means of this data protection declaration, our enterprise, OSOP S.A, would like to inform the general public of the nature, scope, and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed, by means of this data protection declaration, of the rights to which they are entitled.
When you purchase something from our store, as part of the buying and selling process, we collect the personal information you give us such as your name, address and email address. This information is used for order fulfillment and will NEVER be sold to a third party for profit.
When you browse our store, we also automatically receive your computer’s internet protocol (IP) address in order to provide us with information that helps us learn about your browser and operating system.
Email marketing (if applicable): With your permission, we may send you emails about our store, new products and other updates.
SECTION 2 – CONSENT
How do you get my consent?
During the checkout process you will be prompted with a required check box that ‘you agree with the storage and handling of your data by this website’.
If we ask for your personal information for a secondary reason, like marketing, we will either ask you directly for your expressed consent, or provide you with an opportunity to say no.
In summary, your rights include the right to:
- Basic information (such as our identity, or that of the controller if not us, the reason and basis on which we process your personal data, together with as much information to ensure fairness and transparency) and to be informed
- Object: To object to processing of personal data where such is done by us in certain circumstances, for example for our legitimate interests or direct marketing
- Withdraw consent: To withdraw your previously given consent
- Access: To be aware of and verify the lawfulness of the processing
- Rectification: To correct personal data if it is inaccurate or incomplete
- Erasure: To request the removal or deletion of personal data
- Restrict processing: To restrict the processing of personal data
- Data portability: To obtain and reuse personal data
- Be aware of any automated decision making or profiling, and to request such is restricted
How do I withdraw my consent?
If after you opt-in, you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at anytime, by contacting us at firstname.lastname@example.org.
SECTION 3 – PROCESSING OF PERSONAL INFORMATION
We may also process other personal information about you when needed to provide data, software, products, services or other information that you requested. We will make you aware of what personal information we are processing at the time of when we obtain it.
We do not process any sensitive personal information about you. You should not provide us with any sensitive personal information. Any sensitive personal information provided to us will be deleted.
SECTION 4 – DISCLOSURE
We may disclose your personal information if we are required by law to do so or if you violate our Terms of Service.
SECTION 5 – WOOCOMMERCE & WORDPRESS
Our store is run on WooCommerce, a WordPress platform and hosted through a third party hosting provider. WooCommerce provide us with the online e-commerce platform that allows us to sell our products and services to you.
Your data is stored through our hosting providers’ data storage, databases and the general WooCommerce application. Your data is stored on a secure server behind a firewall.
If you choose a direct payment gateway to complete your purchase, then the WooCommerce Platform stores your credit card data on our hosting provider. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.
PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
SECTION 6 – THIRD-PARTY SERVICES
We will never sell your information to a third party.
We will only share your information with a third party or transfer your data outside of the UK / EU if we need to. Where we do this we will comply with all of our legal obligations and we ensure that there are adequate protections in place to protect your information.
If we need your consent we will:
- Explain why we need to share your personal information
- Explain the purpose for which we will be sharing it
- Provide you with details of the third party
- Obtain your explicit consent for such.
You will be able to easily withdraw your consent by contacting us at email@example.com.
Where we rely on a different lawful basis, such as ‘legitimate interests’ or ‘contractual’, we will do so only to the extent permitted by such lawful basis.
However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.
For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.
In particular, remember that certain providers may be located in or have facilities that are located in a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.
When you click on links on our store, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
SECTION 7 – SECURITY
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
SECTION 8 – DATA RETENTION
- In all cases we will only keep your personal information for as long as we have a lawful basis for processing it.
- Where you enter into a contract and/or place an order, we will keep your information for the duration of the contract and/or order, and thereafter for such period as we are permitted by law (to comply with financial legislation), or for so long as is necessary for the establishment, exercise or defence of legal claims.
- Where you have made a general or specific enquiry but have not entered into a contract or placed an order with us, we will keep your information until that enquiry is resolved.
- Where you have expressly consented to and/or subscribed to marketing, newsletters, events information or to any other form of communication, we will keep your information only whilst your consent and/or subscription is valid.
Where we no longer need your information and no longer have a basis for keeping it, we will delete it within 6 months.
SECTION 9 – COOKIES
To keep track of cart data, WooCommerce makes use of 3 cookies:
The first two cookies contain information about the cart as a whole and helps WooCommerce know when the cart data changes. The final cookie (wp_woocommerce_session_) contains a unique code for each customer so that it knows where to find the cart data in the database for each customer. No personal information is stored within these cookies.
SECTION 10 – AGE OF CONSENT
By using this site, you represent that you are at least the age of majority in your state or province of residence, or that you are the age of majority in your state or province of residence and you have given us your consent to allow any of your minor dependents to use this site.
If our store is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell products to you.
QUESTIONS AND CONTACT INFORMATION
If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information contact our Privacy Compliance Officer at firstname.lastname@example.org