We value your privacy over anything else. This policy information tells you what personal data of yours we collect, how we do it, to what extent and why we use it. Besides that, following the examination of the document, you will know with whom the collected data may be shared and the rights you, as a user, reserve. Our ultimate goal is to be as open as possible with our customers, partners and employees.
In full compliance with the Regulation (EU) 2016/679 of the European Parliament and of the Council, we inform you that your personal data will be processed by with CIF No. ESB42627083 and address in C/ San Vicente, 20 - 1º 03004 Alicante Spain.
For Herbies, it is necessary to collect and use certain data about individuals in direct interaction with the organization. Among these are customers, business partners, suppliers, employees, and others who contact or collaborate with the company.
SECTION 1 – SECURITY
The safety of your personal information is of the highest importance to us. That’s why our website is hosted securely only on servers located in the European Economic Area.
Herbies employs the most effective practices known to the industry in order to protect your personal data and eliminate the possibility of it being lost, unlawfully accessed or used, altered, disclosed or destroyed.
Employees of Herbies are authorized to access only information limited to the scope of their responsibilities. Each specific permission grants access only to data required for the successful completion of each individual task.
Digital security standards are subject to improvement and must always meet changing requirements to guarantee the safety of online customers and their personal data. Therefore, at Herbies there is a permanent position of digital security manager, whose responsibilities, among others, include improving the company’s security measures.
SECTION 2 – PERSONAL DATA WE COLLECT
2.1 Placing an Order
When you place an order with us we collect and process some personal information so that we may fulfil our obligations to deliver your order. We collect this information using the lawful basis if performance of a contract. Failure to provide this information means we will not be able to complete your order.
Information we collect so that we may fulfill your order:
- Full name
- Personal address (including country, postal code, state, city, street, house and apartment number)
- Telephone number
- IP address
- E-mail address
- Information about the order placement (currency and amount)
- Payment method (bank transfer, card payment etc. – no personal payment data is collected)
- Currency and amount of the order
When you complete a purchase, we record that financial transaction as is our legal obligation to be able to report to the relevant financial authorities.
2.2 Other information we might collect
In relation to your account
When you set up and account, we will ask you to set up a password.
We allow you to select and change your marketing preferences.
When you contact us
- When you contact us via any of the following (email, telephone, messaging, texts, on-line chats, social media, etc.), we necessarily collect any information you provide at the point of contact.
If your contact is in relation to an order you have placed with us, then we collect and process this information on the basis of performance of a contract.
If you have not placed an order with us or your enquiry is not in relation to an order, then we collect and process the personal information on the basis of consent, so that we may fulfil your enquiry.
- Your answers to our surveys
- Browser and hardware details
- Date and time of visits
- Cart information (currency and amount)
- Adding an item to cart (currency and amount)
- Website search information (name of the item)
All of the above-mentioned types of data are required for successful communication with customers, and planning as well as realization of delivery. Based on the gathered data, we are able to improve each individual online experience and protect our online environment.
Where we collect and process your personal data under the lawful basis of consent, then you have the right to withdraw that consent at any time by contacting us. See Section 8 Contact Details.
Customer consent for their information to be collected is implied every time they provide us with personal data to complete a transaction, verify a credit card, make a purchase, order a delivery, approve a money transfer or arrange a return. The consent is extended only to the collection of provided information given for that specific purpose.
We also imply that customers grant their consent for the collection of information if providing it when asked for personal data for a secondary reason, such as marketing analysis.
How to withdraw consent
The opt-in consent for the collection, use or disclosure of a customer’s information can be withdrawn at any time by contacting us at [email protected]
SECTION 3 – PERSONAL DATA RIGHTS
We respect the rights and freedoms of individuals and as such we would like to make you aware of the following.
In general, you have the right to:
- Request access to your data
- Request rectification of your data where there are errors or inaccuracies, or the data is not current
- Request that the data we hold is removed entirely from our systems (the right to have data removed is only applicable where it does not conflict with our legal and regulatory requirements to keep certain records according to the data retention period)
- Request us to restrict processing of your data
- Object to our processing of your data
- Request your data in a format that is commonly used/accepted
- Send your data to another controller
- Withdraw consent already provided – at any time
You also have the right to complain to this organization as detailed within the Section 9 – Complaints or Queries section of this Policy.
To exercise your rights above please contact Herbies using any of the methods described under Section 8 – Contact details.
You also have the right to lodge a complaint with a supervisory authority, see Section 9 – Complaints or Queries. Some rights may not be applicable depending on the lawful basis applied.
SECTION 4 – DISCLOSURE
Disclosure of your personal information is possible only in case of violation of our Terms of Service or if required by law.
Third-party entities and services may be given access to our customers’ personal information in the cases indicated below.
SECTION 5 – THIRD-PARTY SERVICES
In order to provide services necessary for our website to function, third parties may collect, use and disclose our customers’ personal data. Permission to do so, however, only extends to the actions needed to fulfill their obligations as providers of certain services.
Payment processing services and other third-party service agents have their own terms and conditions in regard to the data that is to be provided for the completion of our customers’ purchase-related transactions. To understand the peculiarities behind how third-party service providers use the acquired information, we recommend informing yourself on their data privacy policies. In particular, certain third parties involved in one way or another in the processing of orders may have facilities located in places under a different jurisdiction than that of Herbies or its customers. Therefore, after choosing to proceed with a transaction that requires the use of services of such a third party, the data you provide may become subject to the jurisdiction of the location of the provider and its facilities.
Delivery of the purchased goods requires us to use a third-party courier service, which performs delivery between our online store’s facilities and its customers’ addresses. In order to do so, the third-party courier is allowed access to the customers’ personal information constituting of full name, email and phone number for contact, and delivery address. We share this information with our delivery companies only for the performance of a contract as without it we are unable to deliver the items.
At Herbies, we use an external email service provider to share newsletter with customers. The provider’s access to the personal information of our customers is limited to data included in opt-in consent, such as name and email address.
At Herbies, financial transactions such as bank transfers and credit card payments are made using third-party payment services. When needed in order to successfully complete the payment process, we may provide third-party payment services with information regarding your payment.
Web analysis service (anonymized data)
Our website operates by integrating with an anonymized component responsible for web analysis. Its aim is to collect and analyze data describing users’ behavioral patterns. This data, inter alia, includes information about the source of online traffic to the website, what parts of it are most visited and what subpages are interacted with the longest. This web analysis tool is implemented for reasons of optimization of user experience and the analysis of the cost-effectiveness of web advertising.
Another party that may receive access to your personal data is professional advisers of Herbies, located in and outside the European Economic Area. This includes lawyers, auditors, accountants, management consultants and IT consultants.
SECTION 6 – PERSONAL DATA RETENTION PERIOD
We only keep your personal data for as long as necessary for the purposes it was originally collected.
6.1 Account information
Where you have created an account with us we will retain the information relating to the account for as long as the account exists.
You can ask for your account to be deleted by contacting us Herbies using any of the methods described under Section 8 – Contact details.
We will only delete accounts where there is no longer a lawful basis for us to retain them, for example we must retain financial records for at least 6 years.
Where an account has no financial records less than 6 years old and removal has been requested, we will action the request as soon as possible and not later than one month after the request has been made.
Where are account deletion request is received and there are associated financial records less than 6 years old then we will action the deletion as soon as the financial records reach 6 years of age.
6.2 Other Personal Data
We will keep any personal data sent to us during the course of an enquiry (via any channel) for the duration of the enquiry and for 2 years afterwards, at which point it will be deleted.
SECTION 8 – CONTACT DETAILS
You can contact us by sending an email to [email protected]
SECTION 9 – COMPLAINTS OR QUERIES
Herbies tries to meet the highest standards when collecting and using personal information and take any complaints we receive about this very seriously.
We encourage people to bring to our attention, if they think that our collection or use of information is unfair, misleading, or inappropriate.
If you wish to complain about this policy or any of the procedures set out in it, please contact: [email protected].