WINIA (We) Are Committed To Protecting And Respecting Your Privacy.
If you have any questions or comments on the information contained in this document, please contact the Data Protection Officer using the address details given in section 7 below.
1. Personal data we collect from you
Over the course of your interaction with us via our website (www.winia-usa.com) we will collect and process the following categories of data about you:
(a) Personal data you give us
This is data about you that you give us by filling in forms on the Sites. It includes:
• your name, address and telephone and email contact details;
• (when purchasing items) payment details, which vary according to your chosen payment method when purchasing with us; and
• your marketing preferences (if any).
You can access and alter the personal data that you give us in this way at any time via the links given on any emails that we may send or on the functionalities available on the website.
We do not require, and you should not send to us, special categories of (sensitive) personal data, such data being that which reveals sensitive information about you, such as your racial or ethnic origin, your political or religious beliefs, your health or other special categories of personal data. Any such sensitive personal data that we receive will be disposed of as soon as it is discovered.
(b) Personal data we collect about you
This is data that we collect automatically about your visit during your time on the Sites, or otherwise through your interaction with the Sites. This data helps us to provide you with a good experience when you browse the Sites, including more targeted advertising on the Sites, and also to indicate where the Sites might require improvement. It typically involves technical information, such as:
• IP address;
• browser preferences and settings;
• details of how you navigate to and around the sites; and
• (if applicable) details of previous orders of products from us.
We collect this personal data using small data files called "cookies".
(c) Personal data we receive from other sources
This is data that we receive about you from third parties, such as business partners, providers of technical services (e.g. analytics) or sub-contractors.
Our business partners that may send us personal data about you include the following:
• email marketing services are provided by PurePromoter Limited;
• tracking and analytics services are provided by Facebook and Google.
2. Uses made of the personal data
All personal data about you that we collect or receive, whether of a personal or technical nature, may be used by us in the following ways:
• To carry out our obligations arising under any contracts entered into between you and us and to provide you with the information and services that you request from us;
• To contact you, based on the preferences you have selected, regarding information, promotions, or selected third party promotions in which we consider you may be interested. Such contact will only be made by email from which you can opt out at any time;
• To notify you about changes to our services or to your orders;
• To administer the Sites and the delivery of our products and services, and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
• To improve the Sites to ensure that content is presented in the most effective manner for you and for your computer;
• To allow you to participate in interactive features of our service, when you choose to do so;
• As part of our efforts to keep the Sites safe and secure;
• To disclose to our business partners, sub-contractors and other third parties who have a legitimate interest to use your personal data (see section 4 below);
• To measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you;
• To comply with any legal obligations to which we may be subject (e.g. disclosure of suspected fraudulent or other criminal activity); and
• To comply with our record keeping and information storage obligations and policy (please see section 5 below for more details).
Your data will most often be accessed and used by our staff, who are appropriately trained in how to handle personal data correctly and securely. Only those staff whose job require access to your data (e.g. those involved in sales and marketing or order delivery) will be granted such access, which shall be limited to that which is strictly necessary for the purposes of that role.
Occasionally , as stated above, selected third parties may also have access to some of your data in order to provide specific services to us as also identified above. These third parties will only have access to such data that is strictly necessary for the purposes of the service in question and are bound by legal and contractual data protection obligations.
3. Lawful basis for use
Under the Legislation, we can only process personal data where there is a lawful basis for doing so. These bases are set out in the Legislation. Of relevance to us are the following:
• Where it is necessary to use the personal data in order to perform a contract with you. This covers our use and disclosure of your payment and contact details in order to deliver a product to you that you have ordered.
• Where it is necessary to use the personal data in order to comply with a legal obligation (e.g. the detection and prevention of crime or for reporting to HMRC).
• Where the use of the personal data is necessary for our legitimate interests or the legitimate interests of a third party, provided that there is not a good reason for that particular data to remain protected that overrides such interests. This covers our use of certain of your personal data in relation to the delivery, monitoring and administering of the Sites and the monitoring of the effectiveness of our advertising; and
• Where you have consented to such use. This covers our use of your personal data to deliver advertising and other promotional or marketing material to you. Please note that you may withdraw your consent at any time.
4. Disclosure of your personal data
Pursuant to one of the lawful bases set out in section 3 above, we may share your personal data with the following third parties:
• Our business partners, suppliers and sub-contractors in order to perform any contract we have with you (e.g. PurePromoter Limited - section 1(c) above); and
• Analytics and search engine providers that assist us in the improvement and optimization of the Sites (e.g. Google - see section 1(c) above).
In such circumstances, we will only share the minimum personal data necessary to achieve the purpose and only on terms that ensure the security and confidentiality of that data, and which comply with the Legislation generally.
Save for as set out above, we will not disclose any of your personal data to third parties without your consent, except that we may:
• In the event that we sell or buy any business or assets, disclose your anonymized personal data to the prospective seller or buyer of such business or assets;
• In the event that we, or substantially all of our assets, are acquired by a third party, we transfer the personal data held by us about our customers to the buyer as one of the transferred assets;
• Disclose or share your personal data in order to protect our rights, property or safety, or those of our customers or others.
All third parties to whom we may disclose personal data are legally and contractually obliged to comply with the Legislation, to keep that personal data confidential and only to use such it as we may direct.
No disclosure or transfer of your personal data will be to persons or entities outside of the United States of America Area (USA), or to countries that are not recognized by the American Commission (or similar body) as providing as adequate a level of protection of personal data in line with the Legislation as those countries within the USA, without your prior consent.
5. Where we store your personal data
We take appropriate technical and organizational measure in accordance with standard practice within the industry to protect your personal data, including (without limitation):
• Installing a secure firewall;
• Using anti-virus protection software;
• Encrypting data; and
• Carrying out regular back-ups.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of the Site, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Unfortunately, the transmission of information via the internet can never be completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to the Site at all times, and any transmission is at your own risk. Once we have received your data, we will use strict procedures and security features to try to prevent unauthorized access.
Should we suffer a data breach (i.e. unauthorized access to, or loss or corruption of, personal data), and that data breach is likely to result in a high risk of harm to your rights and freedoms, we will inform you and/or the information Commissioner's Office without delay, and in any event within 72 hours of becoming aware of it.
6. Your rights
You have the following rights under the Legislation in respect of your personal data - please contact us for more information on any of these rights and how they apply to your personal data:
• The right to be informed about the collection and use of your personal data;
• The right of access to your personal data to verify the legality of our use of it;
• The right to request that inaccurate or incomplete personal data about you is rectified;
• The right to request the deletion or removal of your personal data where there is no further reason for us to use it (such as you have withdrawn your consent or have not bought anything from us for over 6 years);
• The right to restrict our use of your personal data in certain circumstances;
• The right to obtain and reuse the personal data that we have about you for your own purposes;
• The right to object to certain uses (such as for marketing purposes); and
• The right to be subject to a decision that has a legal effect on you that has been based on an automated decision.
Should you wish to exercise any of these rights, you may do so at any time by writing to us at the address given in section 7 below. We will endeavor to respond to you as quickly as possible, and in any event within one month.
If you feel that your rights have been breached in any way, you should contact the Data Protection Officer at the address given below or lodge an official complain with the Information Commissioner's Office.
The Sites may contain links to and from the website of third parties, which may or may not be affiliated with us. If you follow a link to any of these websites, please note that these websites will have their own privacy policies that we do not accept any responsibility or liability for personal data collected and processed by these third parties. You should check the privacy policies of these websites before you submit any personal data via them.