In course of operating the http://www.yournaturalmystic.com website (hereinafter referred to as: Website), The Natural Mystic processes the data of visitors to the Website. In connection with the processing of data, we hereby inform you of the personal data processed by us via the Website, our principles and practice followed in relation to processing personal data, and the means and possibilities of exercising your rights.
SECTION 1 – WHAT DO WE DO WITH YOUR INFORMATION?
When you purchase something from our store, as part of the buying and selling process, we collect the personal information you give us such as your name, address and email address.
When you browse our store, we also automatically receive your computer’s internet protocol (IP) address in order to provide us with information that helps us learn about your browser and operating system.
Email marketing (if applicable): With your permission, we may send you emails about our store, new products and other updates.
SECTION 2 – CONSENT
How do you get my consent?
When you provide us with personal information to complete a transaction, verify your credit card, place an order, arrange for a delivery or return a purchase, we imply that you consent to our collecting it and using it for that specific reason only.
If we ask for your personal information for a secondary reason, like marketing, we will either ask you directly for your expressed consent or provide you with an opportunity to say no.
How do I withdraw my consent?
If after you opt-in, you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at any time, by contacting us at email@example.com.
SECTION 3 – DATA PROCESSED
We process the data provided by you in a manner limited to the purpose, according to the following:
Purpose of data processing
Duration of of data processing
Purchase details, First & Last name, Address, Telephone, Email
Process & deliver purchased products to customer
Unlimited time or until customer asks for the removal of such data
We will not and may not use the data provided for any purpose other than defined above. Any forwarding of personal data to any third person or authorities, unless prescribed mandatorily by law, is possible only upon your voluntary, express consent.
In all cases where we wish to use the data provided to any purpose different from that of the original data recording, we will inform you and obtain your prior, express consent, and enable you to prohibit such use.
SECTION 4 – LEGAL BASIS
Data processing shall take place based on your voluntary declaration based on adequate information, which declaration will include your consent to the use of your personal data provided in the course of using the Website. Data processing by us shall take place in accordance with section 5 (1) a) of Act CXII of 2011 on informational self-determination and freedom of information (hereinafter: DPA), based on your voluntary consent, and based on Act CVIII of 2001 on electronic commercial services and on information society services.
We do not verify the personal data provided, nor their validity. Only the person providing data, that is, you shall be responsible to provide valid data. At providing the email address, responsibility is assumed that the email address is being used exclusively by you. Taking this assumption of responsibility into account, you shall bear responsibility for all logins under the email address in question.
SECTION 5 – DURATION
Processing of personal data provided obligatorily in the course of placing an order shall start with the provision of data required for the performance of the order, and end with their deletion upon request. In case of voluntary data, data processing shall last from the date providing such data, until deletion of the data in question upon request.
Personal data may be deleted at any time, after sending a request for deletion. We will delete personal data within 5 days upon receipt of the request.
The system stores log information for X months calculated from the date of logging, except for the date of the last visit which is automatically overwritten by the system.
The above provisions do not affect the fulfillment of particular data retention obligations set forth by law (e.g. in accountancy laws), or data processing based on additional consents provided in the course of registration on the Website, or in any other manner.
SECTION 6 – DISCLOSURE
We may disclose your personal information if we are required by law to do so or if you violate our Terms of Service.
SECTION 7 – PAYMENT
Payment is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.
PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
SECTION 8 – THIRD-PARTY SERVICES
In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.
However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.
For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.
In particular, remember that certain providers may be located in or have facilities that are located a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.
When you click on links on our store, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
SECTION 9 – SECURITY
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
SECTION 10 – COOKIES
For the purpose of customized service provision, we and the indicated external service providers place and read back a small set of data a so-called cookie, on your computer. If the browser returns a cookie saved earlier, the operator managing the cookie is able to link the data recorded in the course of the current visit by the Website to earlier ones, but only in respect of their own contents.
External servers facilitate the independent measurement and auditing of visit and other web analysis data of the Website (Google Analytics). Detailed information on measurement data can be provided to you by such data processors.
SECTION 11 – AGE OF CONSENT
By using this site, you represent that you are at least the age of majority in your country, state or province of residence, or that you are the age of majority in your country, state or province of residence and you have the necessary consent, if needed, from your parent or other supervisor to allow use of this site.
SECTION 12 – RIGHTS AND REMEDIES
Right to information
You may request information about personal data processed by us pertaining to you.
Based on your request, we will inform you about the data processed by us related to you, the data processed by us or the engaged technical data processor, the source of such, the purpose, legal basis and period of data processing, furthermore, the name, address and data processing related activity of the technical data processor engaged, the circumstances and impacts of data protection incidents and the measures taken to mitigate these, and in case of forwarding of your personal data, the legal basis and addressee of such data forwarding. we shall provide the information requested within no more than 30 days from the submission of the request.
You may turn to our colleague with any question or comment related to data procession, via the contacts provided herein.
Deletion, correction or blocking of data
You may request the correction of its data recorded inaccurately, or the deletion thereof, via any of the contacts provided below. We delete such data within 5 working days following receipt of the request, in which case they will no longer be restorable. Deletion does not apply to data processing necessary based on laws (e.g. accountancy laws), which data will be stored by us for the time required.
Furthermore, you may request the blocking of your data. We will block the personal data if so requested by you, or if there are reasonable grounds to believe that erasure could affect your legitimate interests. Such blocked personal data shall be processed only until the purpose which prevented their erasure necessitates it.
When a data is corrected, blocked or deleted, you and all recipients to whom it was transmitted for processing will be notified. Notification is not required if it does not violate your rightful interest in light of the purpose of processing.
If we refuse to comply with your request for correction, blocking or deletion, the factual and legal reasons of refusing the request for correction, blocking or deletion shall be communicated in writing within 30 days of receipt of such request.
Objecting to the processing of personal data
You may object to the processing of your personal data. We shall examine the objection within the shortest possible time, but within 15 days the latest from submission of such request, adopt a decision as to merits and shall notify the petitioner in writing of its decision.
You may exercise your rights through contacts provided under section 3 herein.
Pursuant to the DPA and the Civil Code (Act no. V of 2013), you may turn to the National Data Protection and Freedom of Information Authority or
may exercise your rights before the court.
If in the course of registration for the usage of the service, you provided data of a third person, or if you otherwise caused any damage in the course of the usage of the Website, we shall be entitled to solicit damage compensation from you. In such cases, we will provide all assistance to proceeding authorities that may reasonably be expected from it, for the identification of the infringing person.
If our store is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell products to you.
QUESTIONS AND CONTACT INFORMATION
If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information contact our Privacy Compliance Officer at firstname.lastname@example.org.