Privacy Statement We Love Noni Ltd.
1. Purpose of the statement
Any personal details provided by you through https://www.welovenonishop.com website is processed by We Love Noni Ltd. (hereinafter referred to as data controller).
The purpose of this statement is to summarize in a short, comprehensible and clear manner what personal data you provide to the controller, the purposes and length of time for which the data controller uses and processes them, and to provide you with information on the possibilities for legal remedies and reporting in relation to the processing of data. This information shall be addressed to all identifiable natural persons visiting the controller’s website and to partners requesting business offers, information and entering into a contractual relationship after acceptance of the offer, as well as to persons involved in the maintenance and performance of such contractual relationship.
The purpose of the processing is to enable the company, in the performance of its tasks, to provide data subjects all opportunities available through the internet to access the services it provides and to provide all necessary information by publishing and making available on the website. Via the technical data collected during the site visit, the purpose is the improvement of the quality of service.
For customized service, the data controller may place a small data package (called a “cookie”) on the user’s computer. The cookie is designed to ensure the highest level of functionality on this site, to provide personalized services, and to enhance user experience. You can delete the cookie from your computer or you can set your browser to disable cookies. By blocking the use of cookies, you understand that this site is not fully operational.
The controller is committed to protecting the personal data of its partners and considers it essential to respect the right of each of its partners to informational self-determination. The controller shall keep personal data confidential and shall process them in accordance with the relevant national and European Union legislation, and shall take all security, technical and organizational measures necessary to ensure the security of the data.
The controller issues this privacy statement to comply with the provisions of Act CXII of 2011 on Informational Self-Determination and Freedom of Information (hereinafter referred to as ‘Privacy Act’) and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as ‘GDPR Regulation’).
2. Contact details of the controller
• Name: We Love Noni Ltd.
• Registered seat: Rosebank, Church Hill, Carrigaline, Co. Cork, Ireland P43 K025
• Mailing address: 70 Arbor Heights Waterpark, Carrigaline, Co. County, Ireland P43 E732
• Telephone: +353833077026
• E-mail: info@welovenoni.com
• Web address: www.welovenonishop.com
• Name of hostage provider: NARO
• Registered seat of hostage provider: 4029 Debrecen, Eötvös u. 24.
Company registry data:
• Company registration number: 699903
• Tax number: IE3779117WH
3. The scope of the data provided by you
The controller shall process the following personal data in the course of its activities:
Personal data: Customer’s name
The purpose of data processing: communication, establishment of a contractual relationship, notification, processing direct marketing requests, performance and maintenance of the contractual relationship
The legal basis for data processing: Customer’s consent
Personal data: Customer’s e-mail address
The purpose of data processing: communication, establishment of a contractual relationship, notification, processing direct marketing requests, performance and maintenance of the contractual relationship
The legal basis for data processing: Customer’s consent
Personal data: Customer’s phone number
The purpose of data processing: communication, establishment of a contractual relationship, notification, processing direct marketing requests, performance and maintenance of the contractual relationship
The legal basis for data processing: Customer’s consent
By completing and submitting the form on the website, you consent to the recording and processing of your personal data. Consent to the processing of personal data for the purposes set out above is voluntary; the consent given on the website shall be considered a written consent. In the event of failure to grant consent or its withdrawal, the contractual relationship and/or the data processing relationship shall not be established, their continuation and performance is rendered impossible.
The controller shall inform you of any personal data processing and regarding any personal data other than specified above before such processing commences; where the personal data are necessary for the performance of a legal obligation of the controller or a contract in which you are a contractual party, the controller shall inform you of this fact, and where the processing is based on your consent, obtain your consent in advance for the processing.
You may at any time withdraw your consent to the processing of your data, which statement you may send in writing to the controller’s seat as a registered letter, or to the info@welovenoni.com email address.
If you withdraw your consent to the processing, this fact does not affect the lawfulness of the processing of data prior to such withdrawal, i.e. the controller may continue the processing of data relating to previously processed data if other legal conditions are met.
4. Legal basis, purpose and duration of the processing of your data
The controller shall process your personal data on the basis of your express consent, for the purpose of providing information about the business opportunities offered by the controller, or dealing with direct marketing requests relating to the business activity conducted by the controller, or establishing a contractual relationship and the performance of such contract. The controller shall, as a general rule, process the personal data which you provided for the sole purpose of communicating information, the details of the business offer and marketing requests, the performance of your contract and for the purposes of control. The controller shall process and store the personal data provided by you until the consent has been revoked or, if the contractual relationship is terminated for any reason, for 1 (one) calendar year afterwards.
5. Method of processing, persons concerned with personal data
The data provided by you shall only be disclosed to and processed by the employees of the controller and their contractual partners, subject to appropriate data protection or confidentiality obligations, for the period specified in this privacy statement.
The personal data you provide are stored electronically by the controller on a firewall-protected server on which they can be accessed by the employees of the controller.
Your personal data will not be forwarded or transferred to any other natural or legal person other than the persons specified above, except as follows:
a. Where you expressly consent to the forwarding of your personal data, your data shall only be forwarded to third parties other than those covered by this statement after your express consent, which shall be obtained by the representative or employee of the controller. You may at any time refuse or withdraw the consent already granted.
b. For the purposes of external processing: representatives of IT companies that maintain and repair our IT systems, where necessary, can access personal data solely to improve, restore and ensure the smooth operation of our IT systems.
c. The controller may transfer your personal data when requested by law or by decision of an authority or a court.
In order to protect your personal data, the controller uses a number of security measures against security threats and to protect them in the event of technical incidents during the operation of its systems (e.g. power failure, system failure, etc.).
When fulfilling the security requirements, your personal data should be accessible only to individual employees of the controller and subcontractors, in order to ensure the safe operation of the system. Persons with such access shall be subject to strict confidentiality rules, the breach of which may give rise to serious penalties.
6. Your rights related to the processing of your personal date
In addition to the information herein, you have the right to request information on the processing of personal data or facts relating to them before or at any time after the processing.
You have the right to access your personal data provided to the controller at any time and may request information from the controller about:
a. whether a procedure for the processing of your data is in progress;
b. the purpose of data processing;
c. the categories of personal data concerned;
d. the recipients and categories of recipients to whom the personal data have been or will be disclosed, including in particular the recipients in third countries or international organizations;
e. the right to request the controller to correct, delete or restrict the processing of your personal data and to object to the processing of such personal data;
f. you may submit a complaint about the unlawfulness of the processing to a supervisory authority;
g. where the data have not been collected directly from you, all available information about the source of the data, the duration of the processing;
In addition, any issues related to data processing covered in this statement.
In the context of providing such information, the controller shall make available to you a copy of the personal data processed. If you need additional copies in addition to the information, please be informed that due to administrative costs, the controller may charge a reasonable fee. If you have submitted your application by electronic means, the information shall be made available in a widely used electronic format, unless you otherwise request it.
You are also entitled to request that the data provided by you be rectified if they have been recorded incorrectly for any reason. The controller shall be obliged to correct inaccurate personal data without delay upon request. Considering the purpose of the processing, you are also entitled to supplement your incomplete personal data, including by means of a supplementary statement.
You may at any time request the controller to cease processing your personal data and may therefore request their erasure if any of the following conditions are met:
a. personal data are no longer required for the purposes for which they were collected or otherwise processed;
b. You withdraw your consent to the processing and there is no other legal basis for the processing;
c. You object to the processing of data and there is no overriding legitimate reason for the processing or you object to the processing of data for direct marketing purposes;
d. the personal data have been unlawfully processed;
e. personal data should be deleted in order to fulfil a legal obligation laid down in Union law or Member State law applicable to the controller.
The controller shall not be obliged to delete your personal data where the processing is necessary for the following reasons:
a. the exercise of the right to freedom of opinion and expression and information;
b. For the purposes of fulfilling an obligation imposed on the controller by Union or Member State law requiring the processing of personal data;
c. for the purpose of archiving in the public interest, for scientific and historical research purposes or for statistical purposes, where the exercise of the right of erasure would be likely to make such processing impossible or seriously jeopardized; or
d. to submit, enforce and protect legal claims.
Where the controller has made the personal data public and is obliged to erase them pursuant to this Chapter, he shall take all reasonable steps, including necessary technical measures (considering the technology available and the cost of implementation) to inform the controllers processing the data that you have requested the erasure of links to the personal data in question or the erasure of copies or replicas of such data.
To ensure secure processing of data, the controller takes a number of technical measures that protect the data from malicious erasure, which may result in the deletion of a copy of personal data from the backups.
You may request that the processing of your data be restricted if:
a. You dispute the accuracy of the personal data; in this case, the restriction shall apply for a period of time which allows the controller to verify the accuracy of the personal data;
b. The data processing is unlawful and you object to the erasure of data – instead, you ask for restricting their use;
c. The controller no longer needs personal data for the purposes of data processing, but you require them for the purposes of submitting, enforcing or protecting legal claims; or
d. You have objected to the processing of data, in which case the restriction shall apply for as long as it is not established whether the legitimate reasons of the controller have priority over yours.
Where the processing is subject to a restriction on the basis of the above, with the exception of storage, the controller may process such personal data only with your consent, or for the submission, enforcement or protection of legal claims, or for the protection of the rights of other natural or legal persons, or for the important public interest of the Union or of a Member State.
If the reason for restricting the processing has ceased to exist, the controller shall inform you in advance of the lifting of the restriction.
The controller shall also inform any recipient to whom the personal data have been disclosed of any rectification, erasure or restriction of processing, unless this is rendered impossible or requires a disproportionate effort. At your request, the controller shall inform you of the recipients’ scope.
Within the framework of the right to data portability, you may at any time ask the data controller to send you your personal data that he/she processes electronically or in writing in a readable form.
In addition to these rights, you may always object to your personal information being processed for one or more data processing purposes. Upon such objection, the controller shall be obliged to cease processing your personal data for these purposes, unless he can prove that the processing is necessary for legally compelling reasons that have priority over your interests, rights and freedoms, or which are related to the submission, enforcement or protection of legal claims.
Any declaration of yours concerning the enforcement of the rights as set out in this Chapter may be sent to the Controller’s contact details indicated in this statement. The controller shall decide on and inform you in writing of such decision on the request you submitted for the enforcement of your rights in the shortest period of time from the date on which it is lodged, but up to the deadline set by the Privacy Act.
7. What remedies are available to you if you experience any infringement of your data?
To enforce your rights in respect of breaches of data processing rules, you have the right to contact the DATA PROTECTION COMMISSION (21 FITZWILLIAM SQUARE SOUTH, DUBLIN 2, D02 RD28, IRELAND, telephone: 01 7650100 / 1800437 737, url: https://dataprotection.ie/, hereinafter referred to as Authority) to seek an inquiry into the lawfulness of the controller’s actions if they are restricting your rights under point VI or rejecting an application for their enforcement.
You may request the Authority to carry out a data protection administrative procedure, if you consider that the controller or the data processor he or she has delegated or instructed processes your personal data in a way that is contrary to the requirements laid down in the binding acts of the European Union.
In addition to the claim above, you are at any time entitled to bring the controller (in specific cases, the data processor) to court if you consider that the controller or the processor acting on his or her behalf or at his or her discretion processes your personal data in a way that is contrary to the requirements laid down in data protection legislations or the binding acts of the European Union. At your discretion, the proceedings may be brought before the tribunal competent according to the place of residence or stay.
Where the controller, or the processor acting on his or her behalf or at his or her direction, infringes the provisions on the processing of personal data laid down in law or in a binding act of the European Union and thereby causes damage to others, the controller shall be obliged to reimburse such damages.
Where the controller, or the processor acting on his or her behalf or at his or her direction, infringes the provisions on the processing of personal data laid down in law or in a binding act of the European Union and thereby infringes your personal rights, you are entitled to claim damages.
The controller shall be exempt from liability for damage caused and the payment thereof if he proves that the damage or impairment caused by the infringement of the right to privacy was due to a reason or cause beyond reasonable control.
8. Miscellaneous
This data privacy statement shall apply from 1st September, 2023 and shall be valid until revoked. The controller reserves the right to amend the content of this statement unilaterally, which amendment shall not be to your detriment and with prejudice to the legal requirements applicable to the controller; such amendments shall take effect upon publication on the controller’s website.
If any provisions herein are deemed ineffective or invalid, this fact shall not affect the validity and applicability of other provisions.
Where the controller does not exercise any of his rights herein, the failure to exercise such rights shall not be considered to be a waiver of that right. No waiver of any right shall be valid except in the case of an express written declaration to that effect. If the controller does not insist on scrupulous adherence to any of the substantive terms or conditions of this statement on a single occasion, this shall not mean that he has waived the right to insist on the strict observance and enforcement of that condition or clause at a later time.