PRIVACY POLICY
This privacy policy sets out how Papouelli Limited (“we/us/our”) uses and protects any information that you give us when you use this website. We are committed to ensuring that your privacy is protected.
When you interact with us through our website (or otherwise) you may provide, or we may collect, certain information from which you are personally identifiable (which is referred to as personal data). For the purposes of the General Data Protection Regulation or “GDPR” (and all other laws relating to the use your personal data), we are the “data controller”, meaning that we are responsible for deciding how your personal data is used and more importantly, for keeping your data safe and only using it for legitimate reasons.
You can be assured that any information collected via this website will only be used in accordance with this privacy statement. We may change this policy from time to time by updating this page. You should check this page from time to time to keep up to date with any changes.
If you have any questions in relation to this privacy policy or to exercise any of your rights under it please contact info@papouelli.com
WHAT WE COLLECT
You may provide us with certain personal information when you interact with our website (including via our online store). This includes:
- Identity – first name, surname, date of birth, gender, country of residence
- Contact – email address, telephone numbers and address
- Financial – payment card details, billing address, purchase information, payment history
- Profile – your preferences for marketing, other website preferences and feedback
We may collect the following types of information from you when you use our website (using Cookies or other tracking technologies):
- Usage – information about how you use our website, including time spent on page, click-throughs, download errors
- Technical – IP address, browser type, hardware type, network and software identifiers, device information, operating system and system configuration.
The table below sets out how we use your personal data and our lawful basis for doing so. We may process your personal data for more than one lawful basis depending on the specific purpose for which we are using it. Importantly, we will only use your personal data when the law allows us to.
Reason why we use the data | What data | Legal ground for using the data |
Provide you with news about our special offers, and other products and services we offer. | Identity, Contact, Profile | Performance of a contract with youNecessary for our legitimate interests (to develop our business, including our products and services and to increase our profile)
Consent |
Register you as a customer of our online store (“Online Store”). | Identity, Contact, Profile | Performance of a contract with you |
Enable you to log-in to your Online Store account | Identity, Contact | Performance of a contract with you |
To process payments which you make through our Online Store | Identity, Contact, Financial | Performance of a contract with you |
For internal administration and record keeping purposes | All | Performance of a contract with youNecessary to comply with a legal obligation
Necessary for our legitimate interests (for effective business administration and service provision) |
Notify you of changes to our privacy policy, our terms and conditions or other changes to our services or products | Identity, Contact | Performance of a contract with youNecessary to comply with a legal obligation |
Answer your enquiries which may involve contacting you by post, e-mail or phone | Identity, Contact | Performance of a contract with youNecessary for our legitimate interests (to ensure our customers are informed and satisfied with our services) |
Contact you about third-party products and services which we believe may be relevant to you or pass your details on to third parties to contact you directly about the same (in each case, only where you have indicated you would like to hear about these) | Identity, Contact, Profile | Consent |
Improve and personalise your experience of our website by delivering more relevant content and advertising whilst you browse | Identity, Contact, Profile, Usage, Technical | Necessary for our legitimate interests (to develop our business, improve our website and overall user experience and inform our marketing strategy) |
Administer our website, including website trouble shooting, testing and analysis and to enable you to participate in interactive features of our website | All | Performance of a contract with youNecessary for our legitimate interests (to ensure that our website is fully functional and operating in the most effective way for you) |
Verify your identity and detect fraud and security issues | All | Necessary for our legitimate interests (to prevent and detect fraudulent activity, security incidents and criminal activity) |
Give you the opportunity to provide us with feedback through reviews and surveys | Identity, Contact, Profile, Usage, Technical | Necessary for our legitimate interests (to develop our business, promote new products and services, obtain feedback from customers to improve our services) |
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Aggregated data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.
• Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
• Targeting cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it (if any) more relevant to your interests. We may also share this information with third parties for this purpose.
WHO WE SHARE YOUR INFORMATION WITH
You agree that we have the right to share your personal information with:
- Any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries;
- Selected third parties including:
- Mailchimp, who help us administer the email communications set out in this privacy policy
- business partners, suppliers and sub-contractors for the performance of any contract we enter into with you;
- with your express opt-in consent, select companies outside our group for marketing purposes; and
- analytics and search engine providers that assist us in the improvement and optimisation of our website.
We will disclose your personal information to third parties:
- if we are required to do so by law (including in connection with any safeguarding concern) or pursuant to a binding regulatory request (in such circumstances, such disclosure will at all times be solely to the extent required by law or the applicable regulatory request);
- in the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets;
- in order to enforce or apply our terms of use and other agreements; or
- to protect the rights, property, or safety of our users, or others which may include exchanging information with third party companies for the purpose of fraud prevention or credit risk reduction.
SECURITY
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online. We also make sure that third parties who need to handle your data when helping us to deliver our services are subject to suitable confidentiality and security standards.
Notwithstanding this, please note that we cannot guarantee the security of any data that you send to us via the internet or which is collected using online devices/tracking technology.
LINKS TO OTHER WEBSITES
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
TRANSFERS OF DATA OUTSIDE THE EEA
The European Economic Area or “EEA” is deemed to have good standards when it comes to data privacy. As such, we consciously limit the occasions when we may need to transfer or handle your data outside of the EEA. Where we do, for example where our service providers are based outside of the EEA, we make sure that your data is still treated fairly and lawfully in all respects (including making sure we have a legal ground for sending your data outside the EEA and putting in place all necessary safeguards for such arrangements).
Where relevant, you will have the right to see a copy of any safeguards we put in place for international transfers of your data. Just get in touch with us if you would like to find out more.
DATA RETENTION
We will retain your personal data only for as long as is strictly necessary for the purposes for which such data was originally collected (or for such longer period as may be required by law). In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
CONTROLLING YOUR PERSONAL INFORMATION
- In certain situations, you are entitled to:
- access a copy of your personal data;
- correct or update your personal data, which you can do yourself by logging into your account or by contacting us at the address in this privacy policy;
- erase your personal data;
- object to the processing of your personal data where we are relying on a legitimate interest (as set out in the above table);
- restrict the processing of your personal data;
- request the transfer of your personal data to a third party; or
- where you have provided your consent to certain of our processing activities (including to any direct marketing) you may withdraw your consent at any time (but please note that we may continue to process such personal data if we have legitimate legal grounds for doing so).
If you want to exercise any of these rights, please contact us at the address in this privacy policy. You will usually not have to pay a fee to access your personal data (or to exercise any of the other rights), however, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances. Where your request is legitimate, we will always respond within one month (unless there is a legal reason to take longer, such as where your request is particularly complex).
We may also need you to confirm your identity before we proceed with your request if it is not clear to us who is making the request.
In addition to the above, you may get in touch with the ICO (Information Commissioner’s Office) if you are concerned about the way in which we are handling your personal data. However, where possible, we would appreciate you speaking with us first if you have any concerns.
[Updated May 2018]