It is important that you read this Policy together with any other privacy notice or fair processing notice that we may provide at or around the time that we collect or process personal data about you so that you are fully aware of how and why we are using that data. This Policy supplements the other notices and is not intended to override or replace them.
1. WHAT IS PERSONAL DATA?
Where this Policy refers to ‘personal data’ it is referring to data about you (or other living people) from which you could be identified – such as your name, your date of birth, your contact details and even your IP address.
By law all organisations in the UK are obliged to process your personal data in certain ways and to ensure that you are given an appropriate amount of information about how they use it. You also have various rights to seek information from those organisations about how they are using your data, and to prevent them from processing it unlawfully.
2. WHAT PERSONAL DATA DO WE COLLECT?
We collect and ask you for certain personal data to provide you with the services offered on the Site. For example, when you make purchases, contact our customer service team, request to receive communications, create an account, participate in our events or contests, or interact with the Site.
This personal data includes your:
• Contact details including name, email, telephone number and shipping and billing address
• Login and account information, including account holder name, password and unique user ID
• Personal details including purchase history
• Payment or credit card information
• Personal preferences including your wish list as well as marketing and cookie preferences
We may also use additional personal data in order to enable particular features on the Site. When interacting with the Site data is automatically collected and shared with Varana.com by the technology platforms providing the experience. This data includes:
• Device IDs, call state, network access, storage information and battery information
• Cookies, IP addresses, referrer headers, data identifying your web browser and version
3. WHO IS RESPONSIBLE FOR THE PROCESSING OF YOUR PERSONAL DATA?
Your personal data is processed by Varana.com and the controller responsible for your personal data is Varana UK Limited. We have appointed a data privacy manager who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this Policy, or if you think it has not been followed, please contact:
The Data Privacy Manager
Varana UK Limited
14 Dover Street
+44 (0) 203 903 4440
Alternatively, you can contact us at firstname.lastname@example.org. Please do contact us if you have any concerns whatsoever and we will address them.
4. WHY AND HOW WE PROCESS YOUR PERSONAL DATA
When you use the site we will use your data to provide the product you have selected. For example, if you make a purchase, or participate in an event or promotion, we will use the contact information you give us to communicate with you about the purchase, event or promotion. If you reach out to our customer service team, we will use information about you, such as delivery or payment information, or the product you have purchased to help you resolve a problem or question.
For the avoidance of doubt, we will not contact you for promotional purposes, such as notifying you of new services unless you specifically agree to be contacted for such purposes at the time you submit your information on the site, or at a later time if you sign up specifically to receive such promotional information.
Any email we send you will always have an unsubscribe option and allow you to modify your email subscriptions. At any time you can opt-out of receiving our communication, by contacting us at email@example.com. Should you ever ask us to stop sending those kinds of communications we will hold your details on file to ensure that we respect that request – we justify that retention on the basis that we have a legitimate interest in holding your data in that way.
If you are an existing customer of Varana UK Limited (for example, if you have placed an order with us), we may use the email address provided to send you marketing communications about similar products or services, unless you have opted-out. We may use the information that you provide online as well as information from purchases made in store.
We also use data about how our visitors use the site to understand customer behaviour or preferences and to enhance the user experience of the site. For example, we may use information about how visitors to Varana.com search for and find products, in order to understand the best ways to organise and present product offerings in our online store.
5. SHARING OF YOUR PERSONAL DATA
Depending on how and why you provide us with your personal data we may share it in the following ways:
• We may disclose your data to our agents or third party service providers to undertake processing operations on our behalf administrative, statistical, and technical services. For example to process credit cards and payments, shipping and deliveries, manage and service our data, distribute emails, research and analysis, manage brand and product promotions as well as administering certain services and features.
• We may disclose personal data if required to do so by law or if we believe that such action is necessary to protect and defend the rights, property or personal safety of the Site or its visitors.
We will only provide service providers with the minimum amount of personal data they need to fulfil the services we request, and we stipulate that they protect this information and do not use it for any other purpose. We take these relationships seriously and oblige all of our data processors to sign contracts with us that clearly set out their commitment to respecting individual rights, and their commitments to assisting us to help you exercise your rights as a data subject.
Please note that some of our service providers may be based outside of the European Economic Area (the “EEA”). Where we transfer your data to a service provider that is outside of the EEA we seek to ensure that appropriate safeguards are in place to make sure that your personal data is held securely and that your rights as a data subject are upheld.
Please note that where we provide links to third-party websites, plug-ins and applications that are not affiliated with Varana UK Limited such websites are out of our control and are not covered by this Policy. If you access third-party websites using the links provided, the operators of these websites may collect information from you that could be used by them, in accordance with their own privacy policies. Please check these policies before you submit any personal data to these websites.
6. PROTECTION AND MANAGEMENT OF YOUR PERSONAL DATA
We take the protection of your information very seriously. Your personal data is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to these systems.
Varana UK Limited may store your personal data on secure servers either on our premises or insecure third-party data centres. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
• Retention of your data: Except if required otherwise by law, we retain your personal data for as long as necessary to fulfil the purposes for which we collect it and where we have a legitimate interest in doing so, such as:
• To enable us to respond effectively to grievances that may arise after you cease to engage with us; or
• Where you sign up to receive e-mail marketing from us we will retain your e-mail address after you ‘opt-out’ of receiving e-mails in order to ensure that we continue to honour and respect that request.
In some circumstances you can ask us to delete your data: see ‘Your Rights’ below for further information.
In some circumstances, we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
7. YOUR RIGHTS
As a data subject, you have a number of rights in relation to your personal data. Below, we have described the various rights that you have, as well as how you can exercise them.
Right of Access
You may, at any time, request access to the personal data that we hold which relates to you (you may have heard of this right being described as a "subject access request"). Please note that this right entitles you to receive a copy of the personal data that we hold about you in order to enable you to check that it is correct and to ensure that we are processing that personal data lawfully. It is not a right that allows you to request personal data about other people, or a right to request specific documents from us that do not relate to your personal data.
You can exercise this right at any time by writing to us using contact details set out here and telling us that you are making a subject access request. You do not have to fill in a specific form to make this kind of request.
Your Right to Rectification and Erasure
You may, at any time, request that we correct personal data that we hold about you which you believe is incorrect or inaccurate. You may also ask us to erase personal data if you do not believe that we need to continue retaining it (you may have heard of this right described as the “right to be forgotten”).
Please note that we may ask you to verify any new data that you provide to us and may take our own steps to check that the new data you have supplied us with is right. Furthermore, we are not always obliged to erase personal data when asked to do so; if for any reason we believe that we have a good legal reason to continue processing personal data that you ask us to erase we will tell you what that reason is at the time we respond to your request.
You can exercise this right at any time by writing to us using the contact details set out here and telling us that you are making a request to have your personal data rectified or erased and on what basis you are making that request. If you want us to replace inaccurate data with new data, you should tell us what that new data is. You do not have to fill in a specific form to make this kind of request.
Your Right to Restrict Processing
Where we process your personal data on the basis of a legitimate interest (see the section of this Policy which explains why we use your personal) you are entitled to ask us to stop processing it in that way if you feel that our continuing to do so impacts on your fundamental rights and freedoms or if you feel that those legitimate interests are not valid. You may also ask us to stop processing your personal data (a) if you dispute the accuracy of that personal data and want us to verify that data's accuracy; (b) where it has been established that our use of the data is unlawful but you do not want us to erase it; (c) where we no longer need to process your personal data (and would otherwise dispose of it) but you wish for us to continue storing it in order to enable you to establish, exercise or defend legal claims.
Please note that if for any reason we believe that we have a good legal reason to continue processing personal data that you ask us to stop processing, we will tell you what that reason is, either at the time we first respond to your request or after we have had the opportunity to consider and investigate it.
You can exercise this right at any time by writing to us using the contact details set out here and telling us that you are making a request to have us stop processing the relevant aspect of your personal data and describing which of the above conditions you believe is relevant to that request. You do not have to fill in a specific form to make this kind of request.
Your Right to Portability
Where you wish to transfer certain personal data that we hold about you, which is processed by automated means, to a third party you may write to us and ask us to provide it to you in a commonly used machine-readable format.
Because of the kind of work that we do and the systems that we use, we do not envisage this right being particularly relevant to the majority of individuals with whom we interact. However, if you wish to transfer your data from us to a third party we are happy to consider such requests.
Your Right to Stop Receiving Communications
For details on your rights to ask us to stop sending you various kinds of communications, please contact us at firstname.lastname@example.org. You have the right to be informed about the existence of any automated decision making and profiling of your personal data, and where appropriate, be provided with meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing that affects you.
Exercising Your Rights
When you write to us making a request to exercise your rights we are entitled to ask you to prove that you are who you say you are. We may ask you to provide copies of relevant ID documents to help us to verify your identity. It will help us to process your request if you clearly state which right you wish to exercise and, where relevant, why it is that you are exercising it. The clearer and more specific you can be the faster and more efficiently we can deal with your request. If you do not provide us with sufficient information then we may delay actioning your request until you have provided us with additional information (and where this is the case we will tell you).
Applicable law and our practices change over time. If we decide to update this Policy, we will post the changes on the Site and Apps. If we materially change the way in which we process personal data, we will provide you with prior notice, or where legally required, request your consent prior to implementing such changes. We strongly encourage you to read this Policy and keep yourself informed of our practices.