1. Who are we?
Kianda B.V. is responsible for the processing of your personal data and acts as the “data controller,” which means we make the decisions regarding the personal data we collect from you.
2. What data do we collect?
Personal data is any data that can be used to identify you as a person. Kianda collect data in the following ways:
a. Placement and delivery of an order
If you place an order through our website, we collect your name, e-mail, billing information, and shipment address in order to complete and deliver your order. In addition, we also offer you the option to store your credit card details in an encrypted and inaccessible format.
b. Personalize your shopping experience
To make your shopping experience as nice as possible, we collect personal data about your orders. We use this data to personalize our webshop and recommend products you might be interested in. We may also use this data to find patterns that can be used to further optimize our marketing. If you have placed items in your shopping cart while using an online account but have not checked out these items, we may send you an abandoned cart email informing you that the items are still for sale. For this purpose, we collect data about which items are placed in your cart.
c. Creating your online account
If you create an online account on our webshop, we collect your personal data on a secure server. You are asked to fill in your name, e-mail, billing information, shipment address, and password to allow you to place orders for our products. We store your billing and shipping address so that you do not have to fill in this information for any subsequent purchases.
d. Optimize general marketing and webshop
The data and feedback we collect about the use of our webshop help us to develop and improve the webshop and other related services. We collect and store data regarding your online and offline purchase history and behavior on our webshop, CRM, media and e-mail data in a Data Management Platform (DMP). We may also store data received from other parties (including data vendors and social media) in our DMP. We analyze the data collected to target a specific audience, to match your data with customers that have a similar profile, to link devices that you use, and to show you targeted ads and offers, and to customize your online experience or ship products to you that you purchase offline.
e. Contact with our customer service
If you contact our customer service, we will collect your name and email address (and any additional data you may provide us with) to be able to respond to your questions or comments or to provide better service.
f. Recommend products
We will inform our customers (or potential customers after their consent) on new products, specials and other promotional activities by sending you our newsletter. If you no longer want to receive this newsletter, you can unsubscribe by using the relevant opt-out button in the newsletter or send an e-mail to firstname.lastname@example.org.
3. What do we need your data for?
We only collect and further process your personal data for the purposes mentioned in the previous section. Unless the further use of your data is compatible with the original purpose for which the data was collected, we will ask for your consent before using your personal data for purposes other than those listed above. We will inform you of, and, if necessary ask your consent for, any changes in the use of your personal data. We may use your data for decisions based on automated decision-making, including profiling. For instance, we may use previous purchase data and or browsing data to suggest matching products to those previous purchases. By obtaining your consent, we are able to use automated decision-making both in advertising and on our webshop. We will inform you of new products, specials and other promotional activities by sending you our newsletter. If you no longer want to receive this newsletter, you can unsubscribe by using the relevant opt-out button in the newsletter or send an e-mail to email@example.com.
4. How may we share your data?
We will not share your personal data with third parties except as disclosed below or with your additional consent. we may share your personal data with our third-party service providers, including, but not limited to:
Google Optimize - for visual website A/B and multivariate testing to optimize your experience
Google Analytics - to collect and display detailed statistics from our Website(s). The purpose of this service is to give us a clear overview of visitor flows, traffic sources and pageviews. Based on this information we can improve our Website(s) and improve your shopping experience on our Website(s) and App(s).
Facebook - to show you personalized messages and advertisements
Google Adwords – to share and display relevant products on Google platforms
We reserve the right to disclose your personal data to official authorities or third parties to the extent we reasonably believe that disclosure is required by law, or to protect your or others’ rights, property or safety. In certain situations, we may ask for your consent to share your information with other unaffiliated third parties who are not described elsewhere in this policy. Please note that the use of any feature made available to you on our webshop such as Facebook Connect, or the “like” feature (also connected to Facebook), may result in your personal data being collected or shared by us or by others. We cannot control how your data is collected, stored, used, or shared by third-party sites. Please review the privacy policies and settings of these third parties, including the social networking sites, to make sure you understand and agree with how they manage your data. If you do not want us to share your personal data with a social media site or application, you should not access such social media site or social media application. For example, you should not click a "like" button on a product detail page. We may also share your personal data with applicable third parties in the event of a reorganisation, merger, sale, assignment or other disposition of all or a portion of our business, assets or shares.
5. Legal grounds for processing your data
By the following acts you give us your consent to process your personal data:
· Placement and delivery of an order;
· Creating an online account;
· Contacting our customer service
b. Necessary for the performance of an agreement
When you place an order, you enter into a purchase agreement with us. In order to process and deliver your order, we need certain personal data, such as your name, e-mail, billing and shipping address. Additionally, when you choose to receive a digital receipt, we need certain personal data such as your email to complete the transaction.
c. Legitimate interests
We may process your personal data for the purposes of our legitimate interests, except where such interests are overridden by your interests or fundamental rights and freedoms.
For our legitimate business interests, we may process your personal data to:
· Personalize our webshop;
· Recommend products that you may be interested in;
· Optimize our marketing;
· Develop and improve the functionality of our webshop;
To opt out of receiving interest-based advertising from third parties, you may click on either of the following links, or see more information in our Cookie statement.
In addition, you have the right to object to processing your personal data for interest-based advertising. If you would like to exercise this right, please contact us at firstname.lastname@example.org. Please note that if you exercise such right accordingly, this may limit us to process your data for your benefit as set out above.
6. Data storage
Our company is hosted on the Shopify platform. Shopify provides us with the online platform that allows us to sell our products and services to you. Your data may be stored through Shopify's data storage, databases and the general Shopify applications. They store your data on secure servers behind a firewall.
All direct payment gateways offered by Shopify and used by our company adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
Our webshop may include links to website(s) operated by third parties. Such third parties may collect personal data from visitors to their website(s). Nimya cannot guarantee the content or privacy practices of any such third party website(s) and does not accept responsibility for such website(s). We recommend you to read the privacy policies of third party website(s). In the event that we are required by law to inform you of a breach to your personal information, we may notify you electronically, in writing, or by telephone, if permitted to do so by law.
7. We do not keep your personal data longer than necessary
a. Order information
When you place an order for our products, we retain that information for a minimum period of six years following the end of the financial year in which you placed your order. This is in accordance with our legal obligation to keep records for tax purposes.
b. Correspondence and enquiries
When you make an inquiry or contact us by e-mail or via our contact form, we retain your information for 24 months after the complete resolution of your inquiry.
c. Mailing list
We retain the information you used to sign up for our newsletter until you unsubscribe or we decide to cancel our newsletter service, whichever occurs first.
In any other circumstances, we will retain your information for no longer than necessary, taking into account the following: The purposes and use of your information both now and in the future (such as whether it is necessary to continue to store that information in order to continue to perform our obligations under an agreement with you or to contact you in the future). Whether we have any legal obligation to continue to process your information (such as any record-keeping obligations imposed by relevant law or regulations). Whether we have any legal basis to continue to process your information (such as your consent). Any relevant agreed-upon industry practices regarding how long information should be retained.
8. Where your data is processed
Your data is processed within the European Union.
10. Online Advertising
Nimya may participate in interest-based advertising. As described above, we may automatically collect data regarding how you browse websites, use applications, and shop in order to enhance your customer experience, improve our customer service, and provide you with communications and promotions from us or others. The objective of interest-based advertising is for Nimya or its advertising partners to show you ads that are more relevant to your interests. You can limit Nimya’s and our partners’ ability to collect and use your data for these purposes. To opt out of receiving interest-based advertising, click on either of the following link: www.aboutads.info
To successfully opt out, you must have cookies enabled in your web browser.
11. Your privacy rights
Under applicable privacy laws (General Data Protection Regulation (GDPR)), you have, inter alia, the right to:
· Ask for access to your personal data (access);
· Ask to change or correct your personal data (rectification);
· Ask to delete your personal data (erasure/right to be forgotten). Please note that although we will grant a request to delete information if required by law, in many situations we must keep your personal information to comply with our legal obligations, resolve disputes, enforce our agreements, or for another one of our business purposes;
· Ask to restrict the processing of your personal data (restriction);
· Ask to transfer your data to another controller or to yourself if we have processed your data based on your consent or based on the agreement you have entered into with us (data portability);
· Object to the (further) processing of your personal data if we have processed your data based on our legitimate interests (objection).
If you would like to know more or would like to invoke your rights, please contact us at email@example.com.
12. Objection and complaints
If we have collected personal data from you on the basis of our legitimate interests, you can at all times object to the processing of your personal data by contacting us at firstname.lastname@example.org. Unless we have compelling legal grounds for the processing which override your interest to stop the processing, we will stop processing your personal data.
If you do not agree with our decision in relation to your personal data, you have the following options:
· Contact us, so that we can try to resolve the issue together. You will find our contact details below.
· Lodge a complaint with the Dutch supervisory authority (Autoriteit Persoonsgegevens) at www.autoriteitpersoonsgegevens.nl.
· Ask the Dutch supervisory authority to mediate to resolve the issue.
Our Privacy Statement may change from time to time to reflect changes to our services or changes in the applicable privacy laws. We will not reduce your rights under this Privacy Statement without your explicit consent. We will post any changes to our Privacy Statement on this page. We will notify you personally, for example through an email notification, of significant changes to our Privacy Statement.
14. Minors providing personal data
Persons below the age of 18 may only provide personal data to Nimya if they have written consent from one of their parents or a legal guardian who has read this privacy statement.
Kianda B.V. is responsible for the processing of your personal data and acts as the controller. If you have any questions, feedback or want to know more about how your personal data is processed, or if you want to access, correct, or remove your personal data, please contact us at email@example.com. You may write to us at: Kianda B.V., Baan 52V, 3011CC, Rotterdam, the Netherlands.