Who We Are:
Emerald Srl is an Italian company that distributes scented candles made of 100% natural soy under the brand kandla, combining aromatherapy with chromotherapy.
REA: MI-2126605; P.IVA: IT09985210963.
Your Company: Your company/website with the name www.kandlaglow.com. with the permanent address at firstname.lastname@example.org.
GDPR: General Data Protection Regulation Act. Is the legal body under guidelines of which all your website activities will be performed.
Data Controller: Data Controller means the natural or legal person who alone or jointly or in common with other persons will determine the purposes and manner in which the procurement of any personal information related to your company are to be procured and acquired.
Data Processor: Data Processor means any natural or legal person or a group of expert individuals who will be collecting all the data from the Data collector and will be processing it to the best of his or their skillful knowledge in the benefit of your company.
Data Subject is any living individual who is using our Service and is the subject of access to my company’s Personal Data. He/she will be the first point of contact between my company and your company.
1. Principles for processing personal data
There are a certain set of principles we follow in processing your personal data. All these principles are set in benefit of both my company and your company under the guidelines of GDPR, so they will be followed to the best of our consent and we expect the same from your end as well.
- Fairness and lawfulness. When my company’s data collector and data processor have access to your company’s personal data, the individual rights of your data will be subject to protection and must be protected. All personal data will be collected and processed in a legal, fair and an ethical manner only. Date of data collection and a brief description will be provided by your company before handing over the data for processing duly signed by a representative of my company at the time of receiving the same. A copy of which will be retained with both the companies.
- Restricted to a specific purpose. The personal data collected will only be processed for specific purposes of digital content strategy, production and distribution. No other used of data will be conducted from my company. Any sort of data provided by your company should not contain any illegal or unlawful activity content. Responsibility of such an act will be directly imposed on your company and could attract legal attention.
- Transparency. The Data Subject will be informed of how his/her data is being collected, processed and used. All times of collection of data will be duly signed and a copy of brief description of the same will be provided by and to the Data Subject of your company and the Data Collector of My company simultaneously.
2. What personal data we collect and process
A soon as my company takes access to your company’s data, we start processing activities as per the agreement signed and only on the designs selected, not exceeding the GDR compliance boundaries.
My Company needs to and will be collecting several and different types of personal data for various purposeful activities in your good faith. Personal Data which may include, but is not limited to:
- Email address
- First name and last name
- Phone number
- Address, State, Province, ZIP/Postal code, City
- Product information
- Company’s Address
- Business Registration Number
- Your Personal Identification Number
- Photo IDs
- Bank Details
3. How we use the personal data
My company uses the collected personal data for various purposes:
- To provide you with services information and updates of any policy concerns
- To notify you about changes to our services and/or products
- To provide customer support and guidance as per your request
- To gather analysis or valuable information so that we can rectify it to get the best use out of it,
- To detect, prevent and address any technical errors or concerns that may be observed in the due course of action
- To provide you with the updated data as per your requirement
- To communicate with you on business days only on grounds of the work-related activity during business hours only.
4. Legal basis and Terms and Conditions for collecting and processing personal data
My Company’s legal aspect for collecting and using your company’s personal data is described in this Data Protection Policy and it depends on the personal data we collect and the specific context in which we are collecting the information:
- There will be an agreement contract duly signed by you under our agreement which will consist of all the term and conditions of usage of your company’s data
- We will get all the data enlisted by you that you will be providing to us on which all and any rectification and amendments will be done.
- A permission of your company’s authorized person with our company will be provided by you for usage and rectification of your data
- All rectification will be done under the guideline provided by you and only on the initial agreed sample website formatting which have to be in GDPR boundaries.
- Any other or additional service required by you or provided to you by kind or pressure will invite additional cost and will be levied directly on your company, without paying of which all and any process work may come to a halt of completion or delivery up to clearance of that amount.
- All personal credentials shared within both the agreement parties shall not be shared for any advertisement or illegal purpose.
- My company shall comply with the initial and details of the agreement, this would be agreed upon by both the parties and shall comply on the same to the best of abilities.
- A declaration that will be provided to you by my company as of what cookies have been activated on your website
- What user data my company will track, for what reason we will be doing the same, and where in the world this data will be sent for promotion or advertisement purpose according to guidelines.
- Regardless, you are legally required to have one available to your users.
- Cookies are a potential privacy risk, because they are able to track, store and share user behavior.
The General Data Protection Regulation (GDPR), gives website users the right to receive and select specific and up-to date information on what data is registered about them at all times, for what purpose, and where in the world it is sent
- It is a page in which all of the methods and purposes of the data processing activities on the site will be outlined, including contact forms, mailing lists etc.
- My Company will retain your personal information only for as long as is necessary for the purposes set out in this Data Protection Policy.
- My Company will retain and use your information to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our policies.
- Your personal information will always be under the GDPR guidelines and no personal data may be used for any advertisement or illegal purpose.
Returns or Refund Policy
(enter your own set of points here which relate directly to your company, the below points are for example purposes only)
- Website is an intangible product and is a virtual property that us guided under the GDPR guidelines.
- There shall be no returns or refunds applicable on the final product.
- Your company will get 5 opportunities to get your website fixed by our team.
- My company will take out their best of efforts to satisfy your company and its needs.
- We will comply with all the guidelines agreed upon within your company and my company along with the GDPR guidelines.
- This agreement may be a hard copy or a digitally signed document that shall carry the same worth and will comply will all legal aspects.
Cookie Acceptance Bar
- You should opt for a cookie warning or popup notice on your website.
- Websites by means of cookies collect user data and this should be done with the need to get the user’s consent for doing so.
- However, virtually all websites set cookies that track users and their activities
- This provides an overview of their user’s digital web movement and their choice of interest is observed.
- Web security also known as “Cyber security” involves protecting website or web application from cyber hackers
- They may cause glitches in your user experience and may attract drop in overall ranking of your website on the SERPs (Search Engine Result Pages).
- Web security does the work of detecting, preventing and responding to cyber-attacks. Stopping them from entering as these attacks have no control over access of your website data
- Websites are equally prone to security breaches as physical homes, stores, and government locations. So, security is always recommended with promptness and sometimes insisted upon depending on the content of the website.
- Websites of any sort must always be protected by firewall settings or other outsourced third-party privacy service providers.
- The key Web services security requirements are authentication of invaders or viewers of website, authorization by the ping that is received while entering your website or a security captcha check, data protection for prevention of leakage or loss of personal or user data and nonrepudiation entry in website without authorization
GDPR Legal reason (for data capture)
- Processing personal data unlawfully is prohibited,
- It is expressly allowed by law, or the Data Subject has provided a personal consent towards the processing of data.
- Principles relate to Lawfulness, fairness and transparency as discussed earlier in our guidelines-One must process personal data in a legal manner, with absolute fairness and in a total transparent manner in relation to the subject personal data whether be it user or self.
- Neither the service provider not the service consumer is allowed to use data in a manner that had been discussed earlike i.e. for advertisement or any illegal purpose.
- Any personal data that has been collected should be for a definite specific, explicit and legitimate purpose and period without leading to any third-party disclosure.