Phaedra Botanicals is committed to building a lasting and meaningful relationship with you, our Customer, and to protecting your personal information. When you use the PB website, Web-Shop and its Services, you entrust your personal data to us. We collect the data to improve our Services to you and the functionality of the PB website and Web-Shop, as well as for the correct performance of a contract between the Customer and Phaedra Botanicals, so the former can place an order in the Web-Shop (see also Terms and Conditions).
We process personal data in compliance with the EU General Data Protection Regulation (GDPR, EU 2016/679). Our Web-Shop is hosted on Shopify.Inc, also complaint with GDPR regulation.
1. What types of personal data we collect?
1.1 Data that you submit to us
For example, if you subscribe to our Newsletter, or create an account, you may submit data such as name, company, title and email address, shipping address etc.
1.2 Data that we obtain from your use of the PB website, Web-Shop and its Services
Depending on the use of the PB website, Web-Shop and its Services, we might collect data such as, but not limited to, time of submission of registration, IP address, cookie information etc.
2. Why do we collect and process personal data?
Processing personal data related to the Customer or a company is necessary for providing our Services. Without processing personal data, we cannot provide the required Service to you and fulfil related duties. In order to use our Service, we need your consent for processing the personal data for the above mentioned purposes. We use data collected from all Services in order to offer, manage, protect and improve our services as well as develop new Services. We collect and process data to improve and simplify your browsing experience for your convenience.
3. Who do we disclose the data to?
We treat the processed personal data as confidential and send such data to other persons or companies (or recipients) only to the extent that is necessary for rendering our Service.
We do not share the personal data with companies, organisations or persons outside our company, except in the following cases:
⚬ without the permission of a person, their personal data may be disclosed to an institution or a person who has the legal right for in line with the legal acts concerning data protection.
⚬ in case of merger or acquisition related to the Estonian Chamber of Commerce and Industry, personal data may be sent to third persons who are related to the merger or acquisition.
⚬ if we use external service partners who provide services to us; for example, providers of the website service or hosting, providers of marketing services and providers of IT services and payment methods. Upon providing such services, external service providers may have access to your personal data and/or they may process the data. We insist that these service providers apply security measures that ensure inviolability and safety of your personal data.
⚬ If you have given your explicit consent for disclosing the personal data to a specific recipient.
4. Sending personal data outside the EU
Phaedra Botanicals is hosted on the Shopify.Inc located outside the EU. In this case, they are a subject to an agreement containing standard conditions in compliance with the General Data Protection Regulation, approved action guidelines, certifications etc.; in a country where the recipient is located has, according to the decision of the European Commission, a sufficient level of data protection; the recipient is certified based on the Privacy Shield data protection framework.
5. Data security
We are dedicated to protecting your data against unauthorised access or unauthorised changing, disclosing or tampering.
To ensure data security, we do the following:
⚬ consider all personal data confidential;
⚬ use encrypting services wherever possible by using SSL;
⚬ keep personal data mainly digitally and not on paper to ensure safer access control;
⚬ store personal data with the necessary IT technical and organisational protective measures.
Although we apply strict security rules for the personal data that have been received in our environment, we must point out that the internet is never completely safe and we cannot guarantee safe forwarding of your data. Safety of sending data is always your own risk.
6. Your rights and how to use them
If you have published a consent for certain collection, processing and using of your personal data, you may withdraw the consent at any time in the future.
In line with the applicable legal acts concerning data protection, you have the right:
⚬ to request access to your personal data;
⚬ to request correction of your personal data;
⚬ to request deletion of your personal data;
⚬ to request limiting the processing of your personal data;
⚬ to request transfer of your personal data;
⚬ to request withdrawal of your personal data processing consent;
⚬ to contest automated decision-making (including profiling).
You have the right to withdraw your consent at any time. Withdrawal of your consent will not affect the legality of the processing that took place on the basis of the consent before the withdrawal. The respective applications must be submitted (including withdrawal of the consent) to the Phaedra Botanicals by the e-mail address: firstname.lastname@example.org.
Please consider that you can request deletion of your personal data, establishing a limit to the processing etc. only if it is in line with the legal basis and legal acts concerning data protection.
If you are applying for a limitation or suspension of processing of your personal data or deletion of the data, it will suspend our Services rendered to you either partially or fully.
7. How long do we store your personal data?
Your personal data is stored as long as it is necessary for providing the desired services to you. If personal data have not been used during 7 consecutive years, we will delete your personal data or make your personal data anonymous, except if the mandatory obligations for data storage apply.
We may have a legal obligation to store some of your personal data for 10 years. That is after the end of using the Services provided by us, if your personal data is required for complying with other applicable laws or if we need your personal data in order to protect, create and perform legal obligations only on the need to know basis.
Data collected without personalisation are stored without a term.
8. Data Protection Conditions and Amendments
When you use the services of the Phaedra Botanicals website, you confirm that you have read these principles and conditions and agree to them.
Last amended: 19 May, 2019