Privacy Policy for alzavik

Last Updated: 22 October 2023

Privacy Policy – Summary

This privacy policy explains how we handle your personal data when you visit our website or use our services. Key points:

– We collect data like your contact info, account details, and website activity to operate our business and provide services.

– We use your data to provide products/services, create accounts, communicate with you, customize content like ads, and improve our website. 

– We only share data with service providers, payment processors, and legal/government entities as required. 

– You have rights to access, correct, delete, restrict use of, and port your personal data.

– We implement security protections like encryption but cannot guarantee 100% security.

– We comply with data protection laws like GDPR and CCPA.

– Contact us at alzavikteam@gmail.com with privacy questions or to exercise your legal rights.

Table of Contents

1. Introduction  

2. Data We Collect

3. How We Use Data  

4. Legal Bases for Processing 

5. When We Share Data

6. Data Retention

7. Your Privacy Rights

8. Data Security

9. International Transfers

10. Cookie Use

11. Third Party Sites

12. Online Advertising

13. California Privacy Rights

14. Protecting Children

15. Privacy Policy Updates

16. How to Contact Us  

17. Data Protection Officer

18. Lodging Complaints

19. Legal Disclaimers

20. Your Obligations

21. Links to Other Sites

22. Specific Processing  

23. Definitions

Full Privacy Policy

1. Introduction

This privacy policy explains how we handle your personal information when you visit our website or use our online products and services. It outlines the types of data we collect, how we use the data, when we share or disclose the data, how we protect and store the data, and your legal rights related to your personal data. 

This policy complies with the General Data Protection Regulation (GDPR) and relevant UK data protection laws. Please take the time to review this policy carefully. By continuing to use our website, registering for an account, or purchasing products/services, you agree to the terms of this privacy policy.

2. Data We Collect

We only collect personal data that is necessary for specific purposes explained in this policy. The data we may collect includes:

– Contact information such as your name, phone number, email address, and postal mailing address. This is collected when you register for an account, make a purchase, sign up for a newsletter, or contact us with questions.

– Account login credentials such as usernames, passwords, security questions. This is collected when you register for an account to use or purchase our products/services.

– Payment information such as credit/debit card numbers, expiration dates, CVV codes, and billing addresses. This is collected when making a purchase to process payments.

– Comments, messages, chats, or other content you may provide. This includes any communications on community forums, chat features, review features, contact forms, or social media channels.

– Usage data such as your IP address, browser type, operating system, referral URLs, device information, browsing history data, and clickstream behaviour. This is collected through cookies, log files, web beacons, and similar tracking technologies.

– Demographic information such as your age, gender, interests, location, and preferences. This may be collected when you set up a user profile or submit surveys/feedback.

– Photographs or other files if you voluntarily upload them to your user profile or community posts.

We do not intentionally collect special categories of personal data such as religious beliefs, sexual orientation, health data, or political affiliations without your explicit consent.

3. How We Use Your Data

We use your personal information only for the purposes disclosed in this policy. This may include:

– Providing and delivering any products or services you request.

– Sending you informational and promotional content related to our products/services. You can opt-out of these communications at any time.

– Answering your questions or responding to your requests through phone, email, live chats, or other means.

– Analysing usage patterns, website traffic, and user interests/behaviours to improve our website and user experience. 

– Performing statistical, technical, and demographic analyses to support our business operations and marketing strategy.

– Registering and maintaining your account with user profiles, passwords, order history, and preferences.

– Processing payment for any products/services purchased and related accounting operations.

– Protecting against or deterring fraudulent, illegal, or harmful actions against our business, website, customers, or other parties.

– Enforcing our legal rights, legal disclaimers, policies, and terms of use.

– Complying with applicable laws, regulations, court orders, subpoenas, or other legal process requirements.

We only process your personal data if we have a lawful basis for doing so, which includes:

– When you provide your consent to the processing activity.

– When the processing is necessary to perform a contract with you.

– When the processing is necessary for our legitimate business interests, balanced against your privacy rights. Our legitimate interests include website administration, business operations, analytics improvements, communications, marketing, legal compliance, and security protections.

– When the processing is necessary to comply with legal obligations under applicable laws, regulations, or legal proceedings.

4. Legal Bases for Processing

Our legal bases for collecting and processing your personal data include:

– Your consent which you may withdraw at any time.

– A legitimate business need to operate our company, website, and deliver services to you.

– Legal and regulatory compliance obligations.

We will only process your personal data if we have a lawful justification for doing so as defined under data protection laws.

5. When We Disclose Your Data

We only disclose your personal data with companies, organisations or individuals outside our organisation when we have a lawful basis for doing so. This may include:

– Service Providers: We engage third-party companies or individuals as service providers or business partners to assist us in operating our business, website, and delivering services. We only provide them with the minimum data necessary for them to perform these tasks, and prohibit them from using the data for their own purposes or disclosing it to other third parties without our permission.

– Payment Processors: We provide payment card data to payment processors solely for the purpose of processing payments you authorise for purchased products/services. Payment processors are bound by strict data security and confidentiality requirements.

– Analytics Partners: We utilise trusted third-party analytics providers like Google Analytics to help analyse usage patterns, website performance, and marketing effectiveness. Data shared is non-identifiable and aggregated prior to transmission. You may opt-out of analytics tracking.

– Legal/Government Requests: We may be required to disclose personal data in response to lawful requests by government authorities, court subpoenas, warrants, or court orders. We require these requests to be supported by appropriate documentation establishing its necessity and validity under law. 

– Business Transfers: If we are the subject of a merger, acquisition, bankruptcy or other transaction involving transfer of ownership or control of our business or assets, we may disclose or transfer your personal data to a third party buyer. We will notify you in advance if possible.

– Protection of Rights: We may disclose personal data if necessary to protect our rights, property, safety, or that of others.

We do not sell, rent, or otherwise disclose your personal data to third parties without your consent except as described in this policy.

6. Data Retention

We retain personal data for as long as necessary to provide our products/services, conduct legitimate business operations, and comply with all applicable legal, accounting, or reporting requirements. 

When determining data retention periods, we take into account factors including:

– Legal obligation(s) under applicable laws to retain data for a certain period of time.

– Statute of limitations under applicable laws.

– Potential or actual disputes requiring us to retain data until resolved.

– Contractual obligations to retain data for a certain period.

– Legitimate business need to retain data for the specified period.

Standard data retention periods:

– Account profile information: Retained for 1 year after account closure.

– Marketing data: Retained until you opt-out or unsubscribe.

– Purchase transactions: Retained for 5 years as required by tax/accounting rules.

– Website activity logs: Retained for 6 months.

– Correspondence records: Retained for 3 years after last interaction.

After the retention period ends, we will de-identify or aggregate the data so it is no longer linked to any individual. 

7. Your Privacy Rights

Under data protection laws you have certain rights regarding the personal data we hold about you. These rights include:

– Right of Access: You may request more information about the personal data we hold about you and a copy of that data.

– Right to Rectification: If you believe the data we hold about you is inaccurate or incomplete, you have the right to request correction or completion of that data.

– Right to Erasure: You may request we erase personal data we hold about you, subject to certain restrictions under law.

– Right to Restriction of Processing: You can request we temporarily halt processing or restrict our use of your data in some circumstances.

– Right to Portability: You have the right to receive a copy of certain personal data that we hold about you in a portable manner that enables you to transmit the data to another entity. 

– Right to Object: You have the right to object to our processing activities under certain rules. This includes the right to object to processing based on our legitimate interests unless our reasons for undertaking that processing outweigh any prejudice to your data rights and freedoms.

– Right to Withdraw Consent: If you have provided consent for our processing of your personal data, you have the right to subsequently withdraw that consent at any time. 

– Right to Complain: You have the right to lodge a complaint with your local supervisory authority or EU Data Protection Board if you believe we have violated applicable data protection laws.

To exercise any of these rights, please contact us using the contact details provided in this policy and clearly specify your request. We will respond in a timely manner.

8. Data Security

We employ technical, administrative, and physical safeguards designed to protect your personal data against loss, theft, misuse, unauthorised access, alteration, disclosure, or destruction. These measures include:

– Encryption of data transmitted over the internet using SSL/TLS protocols.

– Encryption of backups and sensitive data stored on servers, media, and mobile devices.

– Multifactor authentication for access to accounts, networks, servers, systems, and facilities.

– Access restriction controls for networks, operating systems, databases, and applications based on a least privilege model.

– Employee cybersecurity training and background checks.

– Vulnerability scanning, intrusion detection systems, anti-malware software, and data leakage prevention.

– Ongoing monitoring and logging of systems for security events and incidents.

– Maintaining plans for incident response, data breach notification, and disaster recovery.

While we aim to implement reasonable and appropriate security procedures, no method of data storage or transmission can be guaranteed 100% secure. We cannot warrant against security incidents resulting from lost/stolen devices or credentials, software bugs, errors, technical flaws, sophisticated cyberattacks, or other causes.

9. International Data Transfers

As we are based in the UK, personal data collected through our website may be transferred and stored globally, including countries outside of the European Economic Area (EEA) such as the United States. These countries may not have equivalent standards of data protection to the UK or EEA. 

We utilise legally approved data transfer mechanisms including:

– Standard Contractual Clauses (SCCs) approved by the European Commission which contractually obligate recipients to safeguard personal data they receive in compliance with EEA requirements.

– Certifications such as the EU-US Privacy Shield for US-based companies that undergo approved independent assessments of their privacy practices and policies.

Please contact us for more information about our international data transfers and the safeguards applied.

10. Cookie Use

We utilise “cookies” which are small text files placed on your browser or device when you visit our website. We use cookies and similar technologies for purposes that may include:

– Enabling basic website features and functions.

– Authenticating logins and saving your preferences such as language settings.

– Analysing website usage, traffic patterns, and user interests/behaviours.

– Advertising, recommendations, and localisation of content.

You can control your cookie settings through your browser settings and other tools like browser plugins. Keep in mind that disabling cookies or similar technologies may impact your experience on our website.

11. Third Party Sites

Our website may contain links to other third party sites and services such as social media platforms, ads, payment gateways, etc. These external sites are not operated or controlled by us. The privacy practices and policies of third party sites are not covered by this privacy policy and we are not responsible for their content or activities.

We recommend you review the privacy policy for any third party site you interact with or submit personal data to. 

12. Online Advertising

We utilise online advertisements, recommendations, and other forms of personalised marketing to promote our products and services on third party sites like social media platforms. These ads or content may be based on website activity data collected through cookies or other tracking technologies. 

You can request to opt-out of personalised advertising in various ways:

– Adjusting cookie settings on your browser.

– Using browser add-ons or plugins that block cookies for online behavioural advertising.

– Opting out using the Digital Advertising Alliance opt-out tool for internet based ads [www.aboutads.info/choices].

– Managing advertising settings for social media platforms you use like Facebook.

Our ads displayed on third party sites only contain non-sensitive demographic data. We do not allow ads that enable direct identification of specific individuals.

13. California Privacy Rights

California residents may be entitled to certain rights under the California Consumer Privacy Act (CCPA) regarding personal data collected through business interactions. These rights may include:

– Right to Information: You may request more details about what personal data we collect, how we use it, with whom we share it, and your rights regarding that data.

– Right of Access: You can request a copy of the specific pieces of personal data we have collected about you in the last 12 months.

– Right to Deletion: Under certain conditions, you may request we delete the personal data we have collected about you.

– Right to Non-Discrimination: We will not discriminate against you for exercising your rights under the CCPA.

To make a request under the CCPA, please contact us specifying you are a California resident making a CCPA request. We will verify identities and qualifiers for CCPA rights/requests. 

14. Protecting Children’s Privacy

We understand the importance of protecting children’s privacy in the interactive online world. Our website is not designed for or intentionally targeted towards children 13 years of age or younger. 

If we become aware we have collected personal data from a child under 13 without prior parental consent, we will take appropriate steps to delete this data from our systems.

15. Privacy Policy Updates

We reserve the right to modify this privacy policy when needed due to changes in business operations, technology, regulations, or laws. 

If we intend to make material changes to how personal data is handled, we will provide advance notice by posting the revised privacy policy on our website with a new “last updated” date indicated at the top. 

For significant material changes, we will directly notify users who have registered accounts or subscribed to newsletters. You should periodically check our website for the most up to date version of our privacy policy.

16. How to Contact Us

If you have any questions, concerns, complaints, or requests regarding this privacy policy or how we handle your personal data, please contact us at: 

Email: alzavikteam@gmail.com 

Phone: Business number yet to be established.

Address: Cranbrook, Kent, England

We will attempt to resolve or address your concerns without undue delay. If we are unable to provide a satisfactory response and resolve your complaint, you may also contact your relevant data protection authority for assistance.

17. Data Protection Officer

We have not formally appointed a Data Protection Officer as we do not meet the specific criteria requiring mandatory designation under GDPR and UK data protection laws. However, we have implemented the GDPR’s heightened data protections and security standards regarding personal data processing.

Our leadership team oversees our data protection strategy and implementation to ensure compliance. If you have any questions or concerns regarding our data practices, please contact us and we will promptly address them or forward to the appropriate member of our team. You also have the right to lodge complaints with your local data protection supervisory authority at any time.

Please let me know if you would like me to modify this generic DPO section further based on your specific situation. I’m happy to refine it as needed. The rest of the privacy policy remains unchanged.

18. Lodging Complaints

You have a right to lodge a complaint with your local supervisory authority for privacy or data protection matters. Contact details for various authorities include:  

– UK Information Commissioner’s Office: https://ico.org.uk

– Irish Data Protection Commission: https://www.dataprotection.ie

– Your local data protection authority (DPA). Your DPA can be found under “Members” of the European Data Protection Board website.

19. Legal Disclaimers

Nothing in this privacy policy restricts any non-waivable statutory rights or legal requirements under applicable law.

We make no warranties, express or implied, and are not liable for damages related to your use of our website or services or the collection, use, or disclosure of personal data under this privacy policy, except in cases of wilful misconduct or negligence.

20. Your Obligations

You may only submit personal data on our website where you have authority to provide it, and you must ensure you have any required consents of the data subject.

You are responsible for providing accurate and up to date personal data as prompted by our website forms, contact pages, or account registration interfaces. You must not impersonate or misrepresent your affiliation with any person, or forge headers/identities to disguise the origin of any content transmitted to our site.

21. Links to Other Sites

Our website contains links to third party websites that are not controlled or operated by us. We are not responsible for the privacy practices, data collection, or content of such sites. If you click on a third party link, you will be redirected away from our website directly to that site.

We recommend you familiarise yourself with the privacy policies of every site you visit, especially if sharing any personal data. These external sites are not subject to our privacy standards and procedures. Please contact these sites directly if you have any questions about their privacy practices. 

22. Specific Processing Activities

In addition to the data processing activities outlined in this privacy policy, we engage in the following processing activities:

– Log Data Analysis: We analyse log files which may include IP addresses, browser type/version, operating system, referral URLs, device information, and browsing data for our website. This helps us monitor and improve site performance, provide site analytics, prevent fraud, increase security, and personalise content and advertisements.

– Communications Retention: We retain communications and correspondence, including email, contact forms, chats, or phone calls, when permitted in order to handle inquiries, complaints, provide support, enforce policies, and document our performance of contractual obligations. Communications may be utilised for quality control or staff training purposes before de-identification. 

23. Definitions

– “Personal Data” means any information relating to an identified or identifiable natural person who is directly or indirectly identifiable by factors like name, ID number, location data, online identifier, or physical, physiological, genetic, mental, economic, cultural or social identity factors. 

– “Processing” means any operation or set of operations performed upon personal data, such as collection, use, storage, transmission, analysis, deletion, or disclosure.

– “Data Controller” means the entity that determines the purposes and means of processing personal data. For this website, the data controller is alzavik.

Please contact us with any questions or concerns you may have about our privacy practices or policies.