This policy has been developed to inform our users about the privacy and security of personal data and to meet our obligations under the Data Protection Acts 1988 and 2003 and the 2018 General Data Protection Regulation (the “Data Protection Law”). Under Data Protection Law, personal data is information that identifies you as an individual or is capable of doing so (“Personal Data”).
We comply with Data Protection Law and this notice applies to the personal data collected, processed and stored by us through your use of the Site.
For the purposes of Data Protection Law, we are the data controller of your Personal Data. You will find our contact details in the “Contact us” section below. We also use the services of other reputable companies that act as data processor (such as Shopify, our e-commerce platform) who handle your data under certain circumstances.
1. WHO WE ARE
NEUÚ Seaweed Skincare is the trading name of Seagreen Bio Ltd, a private company that is registered in Ireland. Our registered office is Nexus Innovation Centre, Tierney Building, University of Limerick, V94 NYD3, Ireland.
If you have any queries about how your personal data is managed, you are able to contact us:
- By email to email@example.com
- In writing at the address above
- By phoning +35361 970 016
2. DATA COLLECTION & PROCESSING
- ‘Personal data’ refers to any information which can be used to identify an individual, either directly or indirectly and can refer to a customer ID, name, email address, or other information.
- Any personal data provided by you to NEUÚ will be stored securely, in accordance with the Data Protection Acts (1988-2003) and the GDPR (2018), which supersedes the previous regulations.
What Personal Information do you collect about me?
- Create a customer account
- Update your contact details
- Place an order
- Update, amend or cancel an order
- Sign up to our mailing list or subscribe to any other services that we offer
- Enter any competition, promotion or prize draw, comment or leave a review
- Correspond with us, whether by phone, email, or live chat
Then, we may collect your personal information, including:
- Date of birth
- Email address
- Phone or mobile number
- Delivery address
- Any information you voluntarily provide that you believe is required by us
- Encrypted password and payment information
- Customer Service correspondence records
- Technical information about how you access and use our websites, including your IP address and approximate location, browser type, referring URL and operating system.
- Cookies - for more information see the cookies section below.
What is done with this information?
We use your information for the following:
- To process your orders. We use relevant personal information described above (including your name, address and payment details) to process and deliver your order, add payments or refunds and to notify you of the status of your order.
- To provide Customer Support. If you contact our Customer Service (or vice versa), we will use your identification information as provided by you, to identify you and other personal information such as your order information and contact history to process your request and provide you with the best service possible. We'll use your personal information to keep a record of when and why you contact us and to keep your contact details up-to-date.
- To improve our website and services. We use your personal information to help us analyse and understand how you use our products and services, to develop more interesting and relevant products and services, to improve our website and our customer service offering to you, as well as to personalise the products and services we offer you.
- Fraud Prevention. To prevent or detect fraud or abuse of our sites, which may also include any details you have provided to us in the course of your business with us.
- Marketing. If you consent, we will use your information to notify you of products or special offers that may be of interest to you. We will send direct marketing communications to you via the channel you choose, such as email or Social Media. We ask for your consent, where required by applicable law, in order to use the contact details, you have provided to us to send personalised marketing or retargeting communications. Your consent to us to notify you of products and services in this manner, can be withdrawn by you at any time via the "Opt out" option that will form part of each of our communications with you. Please see below for more information on third parties and cookies used to provide these services.
How long will you keep my information?
- Customer and order information will be kept securely on our system until you ask us to remove it. Note: Purchase information retention is subject to regulatory mandates we must adhere to e.g. data retention requirements for tax reporting purchases for a period of six years.
- Encrypted Credit Card information will be purged every 365 days. Credit card, Debit card, Apple Pay or Pay Pal receipts produced by NEUÚ, and retained by us, are stored securely, and do not contain the full details of your credit card number.
- Mailing List Subscriptions will remain active unless you decide you wish to opt out from a Mailing list.
- Personal data collected from commenting or reviews will be kept for the lifetime of the blog or product page.
- Personal data submitted through participating in surveys will be kept for up to two years then aggregated (whereby the data is no longer personal data) and/or anonymised.
- We may keep a record of any correspondence with you, for example if you have made a complaint about a product, for as long as is necessary to resolve the matter you have complained about, and in the event of any potential legal claim.
- Where we no longer have a need to keep your information, we will delete it. However, please note where you have unsubscribed from our marketing communication, we will keep a record of your email to ensure we do not send you marketing emails in the future.
Do we disclose Personal Data to anyone else?
- We disclose customer information to third parties only when it is necessary as part of business practices or when there is a legal or statutory obligation to do so. Whenever we disclose customer information to third parties, we will only disclose that amount of information necessary to meet such business need or legal requirement. Third parties that receive customer information from us must satisfy us as to the measures taken to protect the personal data such parties receive, in accordance with Data Protection Law and as stated in this Privacy Notice. Appropriate measures will be taken to ensure that all such disclosures or transfers of customer information to third parties will be completed in a secure manner and pursuant to contractual safeguards.
- We may employ other companies and individuals to perform functions on our behalf, including processing credit card payments, marketing, and providing analytics assistance. From time to time, we may also share Personal Data or non-personally identifiable information with third-parties that we have engaged to perform certain services in connection with the operation of certain aspects of the Site, including to customise, deliver, measure, analyse, improve and support our services, content, advertising and layout, your interaction with those aspects, and to deliver more relevant messages and advertisements to you on neuu.com and elsewhere on the internet. These third-party service providers are authorised to use Personal Data only if needed to perform their functions on our behalf and are required to maintain the security of your personal information.
How do we protect data about you when or if it is transferred out of Europe?
- Each Site is published in Ireland and is governed by Data Protection Law and Irish law.
- We do not transfer any Personal Data outside of the EEA. However, certain third parties providing services to our Sites may transfer data outside of the EEA for example, for storage purposes. These third parties include, for instance, Shopify and Google. If this changes at any point in the future, this Privacy Notice will be updated to take account of this change. We only engage reputable third parties that provide appropriate safeguards, and on condition that enforceable data subject rights and effective legal remedies for data subjects are available.
How do you get my consent?
- When you place an order with us, we ask you to provide us with personal information to complete a transaction, verify your credit card, place an order, arrange for a delivery or return of a purchase, we necessarily require this information to process your requests, and we therefore imply that you consent to our collecting it and using it for the specific reasons as outlined only.
- If we ask for your personal information for marketing purposes, e.g. to offer you special discounts, we will request your permission explicitly by means of an electronic opt in or your signature, if you have not already granted us your permission.
How do I withdraw my consent?
- At any stage after you have opted in, you may withdraw your consent to marketing communications. Marketing of our products and services to you will be terminated, and any data specifically used for marketing purposes alone will be deleted.
- Financial transaction data will be retained and securely maintained by us to comply with our legislative and statutory obligations.
- You may opt-out at any time, by clicking the unsubscribe link on our newsletter emails, contacting us at firstname.lastname@example.org or writing to us at: NEUÚ, Nexus Innovation Centre, Tierney Building, University of Limerick, V94 NYD3, Ireland.
- Depending on your marketing preferences, we may use your personal data to send you marketing messages by emails, direct mail and by telephone communications including calls and/or texts. Some of these messages may be tailored to you, based on your previous browsing or purchase activity, and other information we hold about you.
- If you no longer want to receive marketing communications from us, you can change your preferences at any time by contacting us, or by clicking on the ‘unsubscribe’ link in any email, or by updating your settings in your customer account. If you unsubscribe from marketing, please note we may still contact you with service messages from time to time (e.g. order and delivery confirmations)
- You may also see advertisements for the Site on third party websites, including on social media. These advertisements may be tailored to you using cookies (which track your web activity, to enable us to serve advertisements to visitors of our Site). Where you see an advertisement on social media, this may be because we have engaged the social network to show advertisements to our customers, or users who match the demographic profile of our customers. In some cases, this may involve sharing your email address with the social network. If you no longer want to see tailored advertisements you can change your cookie and privacy settings on your browser and these third-party websites.
- We may disclose your personal information if we are required by law to do so or if required to fulfil our contractual or obligations under our agreement with you. For example, when we provide your delivery address to the courier to have your purchases delivered.
- We may provide information, when obliged to do so under Data Protection Law and in response to properly made requests, for example, for the purpose of the prevention and detection of crime, and the apprehension or prosecution of offenders. We may also provide information for the purpose of safeguarding national security. In the case of any such disclosure, we will do so only in accordance with Data Protection Law.
- We may also provide information when required to do so by law, for example under a court order, and may transfer data to legal counsel where same is necessary for the defence of legal claims.
- We may also disclose Personal Data in connection with any complaint regarding your use of the Site. For example, in the event of a complaint or legal action arising from a comment or review posted.
- Our store is hosted on the Shopify E-commerce platform provided by Shopify Ltd. We have carefully selected Shopify as our IT Partner and ensure that they process data we receive from you on our behalf, in a fully GDPR compliant manner. Shopify Commerce provide us with the online e-commerce platform that allows you to buy our products and use our services.
- Your data is stored through Shopify’s data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall, to ensure it is safe and secure.
- Shopify complies with the EU-U.S. Privacy Shield Framework, regarding the collection, use, and retention of personal information from data subjects in the European Economic Area (“EEA”), and with the Swiss-U.S. Privacy Shield Framework regarding the collection, use and retention of personal information from data subjects in Switzerland. In this regard, Shopify have certified that it adheres to the Privacy Shield Principles of notice, choice, accountability for onward transfers, security, data integrity and purpose limitation, access, recourse, enforcement and liability.
- Payments made through our website are via our secure check out pages using a secure Third-party payment service provider whom we have carefully selected.
- Shopify perform annual audits to ensure handling of credit card information aligns with industry guidelines. They are certified as a PCI DSS Level 1 compliant service provider, which is the highest level of compliance available. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers, ensuring that your financial information is processed and retained to the highest security standards.
7. THIRD-PARTY SERVICES
- In general, the third-party providers used by NEUÚ will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us. e.g. Couriers to deliver your purchases.
- Further, all such Third-Party Processors are contractually bound by us to keep the information confidential, and to ensure that any such data they necessarily obtain from us to deliver goods and services to you, is secured and maintained to the highest standards. All information provided to Third Party Processors is used solely by them only to carry out the service they are providing for NEUÚ and is not shared with any other parties whatsoever.
- NEUÚ takes great care to ensure that we only select Business partners who can provide the highest standards of data security to our customers.
Third Parties we work with
- Shopify & Kit (e-Commerce and customer relationship management)
- Zendesk (support)
- Google (advertising, analytics, notifications, office software and cloud storage)
- Mailchimp (e-mail services)
- Facebook, Twitter and Instagram (social media authentication and analytics)
- Stripe, Xero, Paypal, Apple Pay (payment services)
- Fastway, DHL (shipping services)
- When you click on links on our website, such as in blog posts, they may direct you away from our site. While we take every care to ensure the integrity of such external links, we are not responsible for the privacy practices of other sites you may visit in this manner and encourage you to read their privacy statements.
- To protect your personal information, we take reasonable precautions and follow industry best practice to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
- If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL). Our website platform follows all PCI-DSS Level 1 requirements and implement additional generally accepted industry standards.
- Third-party cookies from websites such as Google and Facebook may be used to collect data around usage (Statistics Cookies) or to allow us to tailor advertising content to you (Marketing Cookies) on neuu.com and across other third party websites and platforms in their network and/or that display their ads.
- You can control the cookies which neuu.com stores on your device using these cookie settings:
- You may also delete Cookies; however, you may lose any information that enables you to access the Web Site more quickly or enjoy a custom user experience. You can choose to enable or disable Cookies in your web browser. By default, your browser will accept Cookies, however this can be altered. For further details please consult the help menu in your browser. Disabling Cookies may prevent you from using the full range of Services available on the Web Site.
- The cookies used on our websites have been categorised based on the guidelines found in the Irish Data Protection Commissioner Cookie guide. We use the following categories on our website:
- For more information about cookies in general see: allaboutcookies.org
- More information on the cookies NEUÚ use is available upon request to the Data Protection Officer, by email to this address: email@example.com.
- Our Site is not intended for, and should not be used by, children under the age of 18. We do not knowingly collect personal data from children under 18. It is the policy of NEUÚ not to accept online orders or payments from children under 18.
13. YOUR RIGHTS
How you can exercise your rights in respect of Personal Data we hold about you?
We shall vindicate all your rights under Data Protection Law. These rights are as follows:
- your right to withdraw your consent to the processing of Personal Data at any time
- your right to request from us access to personal data and to have any incorrect personal data rectified
- your right to the restriction of processing concerning you or to object to processing
- your right to have your personal data transferred to another service provider
- your right to have personal data erased (where appropriate)
- information on the existence of automated decision-making, if any, as well as meaningful information about the logic involved, its significance and its envisaged consequences
- Vindication of your rights shall not affect any rights which we may have under Data Protection Law.
Exercising your rights, managing information and opting out
- You may update or change information related to your account by updating the social media account linked to your profile, or by sending us an e-mail at firstname.lastname@example.org. You may request that your information be removed from the Site by e-mailing us at the address provided above. You may also unsubscribe from our marketing communications by clicking on the “unsubscribe” link located on the bottom of our e-mails.
- You can update or correct your Personal Data, remove it from our system or exercise any of your rights by making a request to us at the contact information provided below. If for some reason access is denied, we will provide an explanation of why access has been denied.
- We will confirm your request within 21 days of receipt, and process your request within 30 days of receipt.
How does the Site protect personal information about you?
- We employ reasonable appropriate administrative, technical, personnel procedural and physical measures to safeguard Personal Data against loss, theft and unauthorised uses access, uses or modifications. Security and testing are performed on systems containing personal data to verify control effectiveness. Security of these systems is monitored continuously.
- While we try our best to safeguard your information once we receive it, no transmission of data over the Internet or any other public network can be guaranteed to be 100% secure. It is important for you to protect against unauthorised access to your password and to your computer. Be sure to sign off when finished using a shared computer.
How can you make a complaint about the use of Personal Data?
- Complaints on the use, retention and disposal of personal data can be submitted via email to email@example.com.
- As a user of the Site you also have the right to lodge a complaint with the Data Protection Commission.
14. QUESTIONS AND CONTACT INFORMATION
- In compliance with The EU GDPR Directive 25th May 2018, if you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information, contact our Privacy Compliance Officer by email or post at the address given in the ‘Who We Are’ section above.