Details of the data controller
[EQUALS Limited] is the data controller of the processing of your personal data. In other words, we decide how and for what purposes we are going to process your name, address, contact details, or any other information that can directly or indirectly identify you.
Personal data processed and purposes
We shall process your name, surname, gender, billing address, email address and telephone number for the purpose of setting up your account and completing your orders. During registration (and, if not registered or if not logged in, purchasing process), you shall note that fields marked with an asterisk are obligatory, such as name or email address, as We won’t be able to process your order without this information. Providing other information, such as your gender or telephone number, is completely voluntary.
On the other hand, we shall process other information classified as browsing data and trackers: your IP address, device ID or information contained in cookies concerning your preferences and behaviour on Our platform. For more information on this, please check our Cookies policy.
Legal bases for the processing of your personal data
Registration on the Platform and/or purchasing of products on it is subject to an agreement between you and Us; hence, the legal basis here is the contractual relationship.
On the other hand, it is Our legitimate interest to offer you the best service possible and answer to your queries and make the Platform fully accessible, operative and secure through the installation of essential cookies. Also, we shall use Our legitimate interest to send you, as an existing client that has already purchased a product, newsletter and other commercial communications (unless, obviously, you do not want to).
For other processing activities, such as sending of newsletters to future clients or Platform visitors or using non-essential cookies for analytical and advertising purposes, we shall ask for your consent.
Communications of your personal data
We may also share your data with public authorities and competent bodies (such as the tax authority or law enforcement agencies), strictly and exclusively for the compliance with Our obligations.
International data transfers
We operate on a global level and use providers established in different countries. Unless applicable law prohibits so, we transfer your personal data abroad. However, you should not worry: every international data transfer is previously analysed and only carried out with due technical and organisational measures. For additional information on what measures we apply, please see next section.
Security of your personal data
Ensuring the integrity, confidentiality and availability of your personal data is the cornerstone of the way in which We provide the services. We comply with the applicable regulations, including the Regulation (EU) 2016/679, also known as General Data Protection Regulation or GDPR. Our Platform counts on the latest technical and security measures: [encryption, hashing, etc.]
Additionally, each and every IT provider we engage is previously analysed in terms of privacy, data protection and information security compliance. In this sense, Stripe is PCI-DSS and PSD2 certified, which means that your economic data is protected with the latest security mechanisms.
We strive to transmit a piece of mind state with regards to your personal data. Notwithstanding, should you want to access the data We have about you, correct it or delete it; if you wish to object to any processing based on legitimate interest (such as receiving newsletters as a client), obtain restriction of processing or exercise the right to data portability, you can do so by writing an email to firstname.lastname@example.org . Additionally, you may also lodge a complaint before a competent data protection authority in case you consider that your rights and guarantees have been violated.
Last updated: November 2020