Privacy Policy
This privacy policy informs you about our handling of your data. Crystallized Nectar (hereinafter referred to as "Crystallized Nectar", "we" or "us") attaches great importance to the security of users' data and compliance with data protection regulations. We would like to inform you below about the processing of your personal data on our website.
In order to ensure fair processing, this privacy policy contains general information about how we handle your data as well as information about your rights under the European Data Protection Regulation (GDPR) and the UK's Data Protection Act (DPA).
General Information
Contact us
If you have any questions or suggestions regarding this information, or if you wish to contact us about asserting your rights, please address your enquiry to:
Crystallized Nectar Ltd.
PO BOX 4334
SWINDON
SN4 4RH
UNITED KINGDOM
Legal Basis
The term "personal data" under data protection law refers to all information relating to an identified or identifiable individual.
We process personal data in compliance with the relevant data protection regulations, in particular the GDPR and the DPA. Data processing by us only takes place on the basis of legal permission. We process personal data,
- only with your consent (Art. 6 para. 1 letter a) GDPR),
- for the performance of a contract to which you are a party,
- at your request for the performance of pre-contractual measures (Art. 6 para. 1 letter b) GDPR),
- to comply with a legal obligation (Art. 6 para. 1 lit. c) GDPR),
- or if the processing is necessary to protect our legitimate interests or the legitimate interests of a third party, unless your interests or fundamental rights or freedoms which require the protection of personal data override (Art. 6 para. 1 lit. f) GDPR).
Duration Of Storage
Unless otherwise stated, we store personal data only for as long as is necessary to achieve the purpose of the processing or to comply with our contractual or legal obligations. Such legal retention obligations may arise in particular from commercial or tax law regulations.
Categories Of Recipients
We use processors as part of the processing of your data. These include, for example, shipping service providers in the context of package notifications and updates on shipment status, hosting, maintenance and support of IT systems, the provision of certain services and functions on our website, order processing, marketing measures or file and data carrier destruction.
A processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the data controller. Processors do not use the data for their own purposes, but carry out the data processing exclusively for the data controller and are contractually obliged to guarantee appropriate technical and organisational measures for data protection.
In addition, we may transfer your personal data to bodies such as postal and delivery services, your bank, tax advisors/auditors or the tax authorities.
If your data is transferred to other recipients, we will inform you under the respective processing procedure.
Your Rights
As a data subject, you have the right to assert your data subject rights against us. There is more information on each right on the Information Commissioners (ICO) website, and you can simply follow the links provided to learn more.
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
Where the processing of your personal information is based on consent, you have the right to withdraw that consent without detriment at any time by contacting us.
The above rights may be limited in some circumstances, for example, if fulfilling your request would reveal personal information about another person, if you ask us to delete information which we are required to have by law, or if we have compelling legitimate interests to keep it. We will let you know if that is the case and will then only use your information for these purposes. You may also be unable to continue using our services if you want us to stop processing your personal information.
We encourage you to get in touch if you have any concerns with how we collect or use your personal information. You do however also have the right to lodge a complaint directly with the ICO, their contact details can be found on their website.
Please direct all requests for information, requests for information or objections to data processing to us.
Data processing on our website
General
When you use the website, we collect information that you yourself provide. In addition, during your visit to the website, we automatically collect certain information about your use of the website. In data protection law, the IP address is also generally considered to be a personal data. An IP address is assigned to every device connected to the Internet by the Internet provider so that it can send and receive data.
Visiting our website may involve the transfer of certain personal data to third countries, i.e., countries where the GDPR or the DPA is not applicable law. Such a transfer is permissible if the European Commission or the ICO has determined that an adequate level of data protection is warranted in such third country.
In the absence of such an adequacy decision by the European Commission or the ICO, a transfer of personal data to a third country will only take place if appropriate safeguards pursuant to Art. 46 GDPR are in place or if one of the conditions of Art. 49 GDPR is met.
Unless otherwise stated below, we use standard contractual clauses for the transfer of personal data to processors in third countries as appropriate safeguards.
Hosting By Shopify
We use the shop system Shopify for the purpose of hosting and displaying our website. Shopify is offered by the service provider Shopify International Limited (Ireland). Unless otherwise stated in the following information, all data collected on our website is processed on our behalf on the servers of Shopify International Limited.
As part of the aforementioned services, data may be transferred to Canada to the company Shopify Inc. For the data transfer to Canada as a third country, i.e., a country in which the GDPR is not applicable law, an adequacy decision of the European Commission is available. The European Commission has thus decided that an adequate level of protection exists in Canada and that the transfer can take place in a permissible manner.
For more information about Shopify's privacy practices, please visit: https://www.shopify.com/legal/privacy
Processing Of Server Log Files
During the purely informative use of our website, general information that your browser transmits to our server is initially stored automatically (i.e., not via registration). This includes by default: browser type/version, operating system used, page accessed, the previously visited page (referrer URL), IP address, date and time of the server request and HTTP status code. The processing is carried out to protect our legitimate interests and is based on the legal basis of Art. 6 (1) f) GDPR. This processing serves the technical administration and security of the website.
The stored data is deleted after 30 days unless there is a justified suspicion of unlawful use based on concrete indications and further examination and processing of the information is necessary for this reason. We are not able to identify you as a data subject from the stored information. Articles 15 to 22 of the GDPR therefore do not apply pursuant to Article 11 (2) of the GDPR, unless you provide additional information that enables you to be identified in order to exercise your rights set out in these articles.
Contact And Enquiries
Our website contains a contact form through which you can send us messages. The transfer of your data is encrypted (recognisable by the "https" in the address line of the browser). All data fields marked as mandatory are required to process your request. Failure to provide this information will result in us not being able to process your request. The provision of further data is voluntary. Alternatively, you can send us a message via the contact e-mail address.
If your request is directed towards the conclusion or implementation of a contract with us, Article 6 (1) (b) of the GDPR is the legal basis for data processing. Otherwise, we process the data on the basis of our legitimate interest in contacting persons making enquiries. The legal basis for data processing is then Art. 6 (1) f GDPR.
Shop Data Processing For The Processing Of Purchases
If you order a product via our website, we process personal data to process the contract or to provide you with the ordered product. Within the scope of the booking or ordering process, we only process the data that you yourself have entered in the input mask and, if applicable, payment information if you pay by advance bank transfer. In order to be able to deliver the ordered products to you, we transmit your data required for the delivery to one of our shipping service providers as specified in the order.
You also have the option of creating a customer account.
The legal basis for the processing is in each case Art. 6 para. 1 letter b) GDPR. All data fields marked as mandatory are required for processing your booking or order. Failure to provide this data will result in us not being able to process your booking or order. The provision of further data is voluntary.
Shopify Payments
We use the payment service provider "Shopify Payments", 3rd Floor, Europa House, Harcourt Building, Harcourt Street, Dublin 2. If you choose a payment method offered via the payment service provider Shopify Payments, the payment processing is carried out by the technical service provider Stripe Payments Europe Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we pass on the information you provided during the ordering process, together with information about your order (name, address, account number, bank sort code, credit card number if applicable, invoice amount, currency, and transaction number) in accordance with Art. 6 Para. 1 lit. b GDPR. Your data will only be passed on for the purpose of processing payments with Stripe Payments Europe Ltd. and only to the extent necessary for this purpose.
Customer Account
On our website you have the possibility to create a customer account and to register as a customer on our website. To do this, you must first register on our website. The required information can be found in the registration form. The provision of the information marked as mandatory is mandatory in order for the registration to be completed.
Via the customer account, you can use the advantages of shipment tracking and order history as well as ready-made forms during checkout for subsequent orders. The data provided is processed for the purpose of providing the service. The processing is based on the legal basis of Art. 6 (1) b) GDPR.
E-Mail Marketing
We offer on our website the possibility to sign up to receive marketing emails such as our newsletter. Once you have signed up, we will send you regular updates on our offers and events and, where applicable, remind you of shop items in your shopping basket. A valid email address is required to sign up. To verify the e-mail address, you will first receive a registration e-mail, which you must confirm via a link (double opt-in). If you subscribe to the newsletter on our website, we process personal data such as your e-mail address and name on the basis of your consent.
The processing is based on the legal basis of Art. 6 (1) a) GDPR. You can revoke your consent at any time with future effect, for example via the "unsubscribe" link in the newsletter or by contacting us via the above-mentioned channels. The legality of the use of the data that has already taken place remains unaffected by the revocation. When you register for the newsletter, we also store the IP address and the date and time of registration. The processing of this data is necessary in order to be able to prove that consent has been given. The legal basis results from our legal obligation to document your consent (Art. 6 para. 1 lit. c) in conjunction with Art. 7 para. 1 GDPR).
Newsletter Analysis
The newsletters contain a so-called "web beacon", i.e., a pixel file that is retrieved when the newsletter is opened. When you open the newsletter, technical information such as your browser and system information, IP address and the time of opening are collected. This data and information is used to technically improve our service based on your reading behaviour. This also includes recording when an email or newsletter was opened and whether a link was clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. It is not our intention to observe individual users. The statistical collection and evaluation of the data serves us to recognise the reading habits of our users and thus to better adapt our content to the users. This also serves to send users different content according to the interest of our users.
The legal basis for statistical collection and analysis is Art. 6 (1) f GDPR. We are interested in using a user-friendly and secure newsletter system that serves our business interests and meets the expectations of our users.
You can object to the statistical collection and analysis by unsubscribing from the newsletter. Unfortunately, a separate revocation of the statistical evaluation is not possible.
Cookies
We use cookies and similar technologies on our website. Cookies are small text files that are stored by your browser when you visit a website. This identifies the browser you are using and can be recognised by our web server. We use so-called "session cookies", which are deleted again when the browser session is closed. Other cookies ("persistent cookies") are automatically deleted after a specified period of time, which may differ depending on the cookie.
The use of cookies is partly technically necessary for the operation of our website. We also use cookies and comparable technologies to measure analytics about the reach of our website and to analyse the use of our website. If you wish to learn more about cookies in general, please visit www.allaboutcookies.com and if you like to learn more about the cookies we use please read our Cookie Policy.
Analysis Of Our Website
We use programmes on our website to measure the reach of our website and to analyse user behaviour. For this purpose, we use cookies and comparable technologies.
Shopify Statistics
We use the Shopify Statistics feature on our website. This allows us to measure the reach of our website and provides us with statistical analysis of visitor behaviour on our website. The data is processed on servers of Shopify International Limited (Ireland), which we have commissioned with the processing.
The legal basis for the data processing in connection with the Shopify statistics function is Art. 6 (1) f GDPR and the processing serves our legitimate interest in the analysis of user behaviour on our website and the possible design according to requirements. You can object to this processing at any time in the cookie settings.
Google Analytics
We use the Google Analytics service of Google Ireland Limited (Ireland/EU) to analyse our website visits. Google uses cookies that enable an analysis of your use of our website. This involves processing personal data in the form of online identifiers (including cookie identifiers), IP addresses, device identifiers and information about your interaction with our website. Google will use this information on our behalf for the purpose of evaluating your use of our website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. In doing so, pseudonymous user profiles can be created from the processed data.
We only use Google Analytics with IP anonymisation activated. This means that the IP address of the user is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The IP address transmitted by the user's browser is not merged with other data from Google.
We use the Google Universal Analytics variant. This enables us to assign interaction data from different devices and from different sessions to a unique user ID. This allows us to put individual user actions in context and analyse long-term relationships.
The data on user actions is stored for a period of 14 months and then automatically deleted. Data whose storage period has expired is automatically deleted once a month.
The setting of cookies and the further processing of personal data described here takes place with your consent. The legal basis for data processing in connection with the Google Analytics service is therefore Art. 6 (1) a) GDPR. You can revoke your consent at any time under "Cookie settings".
You can also prevent the storage of cookies by Google Analytics by selecting the appropriate settings in your browser software. You can also prevent the collection of information generated by the cookie by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout. If you are visiting our website via a mobile device, you can deactivate Google Analytics by clicking on this link. Please also note that we document your consent in order to comply with our obligation to provide evidence under Article 7 (1) of the GDPR. As we are obliged to do so, this storage is based on the legal basis of Art. 6 para. 1 lit. (c) GDPR).
Tracking & Retargeting
We use programmes and technologies on our website to track the user behaviour of our website visitors across websites and devices. We use cookies and similar technologies for this purpose.
Facebook-Pixel
Within our website, we use the Facebook pixel of Facebook Inc. (USA), or if you are a resident of the EU, Facebook Ireland Ltd. (Ireland/EU) ("Facebook").
The Facebook pixel is triggered by Facebook when you visit our website and can save a so-called cookie, i.e., a small file, on your device. This enables us to perform various functions, which we describe in detail below.
Function: Conversion tracking
With the help of the Facebook pixel, we can track the behaviour of users after they have been redirected to the provider's website by clicking on a Facebook ad (so-called "conversion"). We can also use this method to record the effectiveness of the Facebook ads for statistical and market research purposes. The data collected in this way is anonymous for us, which means that we do not see the personal data of individual users. However, this data is stored and processed by Facebook, about which we inform you according to our state of knowledge. Facebook may link this data to your Facebook account and also use it for its own advertising purposes, in accordance with Facebook's data usage policy https://www.facebook.com/about/privacy/. You may allow Facebook and its partners to serve ads on and off Facebook. A cookie may also be stored on your computer for these purposes.
If you subsequently log in to Facebook or visit Facebook while logged in, your visit to our website will be noted in your profile. The data collected about you remains anonymous for us, so we cannot draw any conclusions about the identity of the user. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and can be used by Facebook and for its own market research and advertising purposes.
This processing is carried out for the purpose of obtaining information about the effectiveness of the Facebook advertisements. It is carried out exclusively with your consent and is based on the legal basis of Art. 6 (1) a) GDPR.
You can also object to the collection by the Facebook pixel and the use of your data to display Facebook ads at the following address: https://www.facebook.com/settings?tab=ads.
Function: Custom Audience
We also use the Custom Audience service via the Facebook pixel. Facebook uses the embedded pixel to record visitors to our website and their data as a basis for displaying advertisements (Facebook Ads). The pixel transmits general information about the browser session to Facebook as well as a non-reversible and non-personal checksum (hash value), which is generated from your Facebook ID.
We also use the Custom Audience function in "Advanced Matching" mode. This means that certain data (e-mail address) that you enter on our website is transmitted to Facebook as an encrypted hash value. Facebook can match these hash values with the corresponding hash values of data already entered by Facebook users. This is used to determine which customers are also Facebook users so that targeted advertising can be displayed to them on the Facebook platform.
Details on how your data is handled by Facebook, as well as your rights and settings options for protecting your personal data, can be found in Facebook's privacy policy at https://www.facebook.com/privacy/explanation.
This processing is carried out for the purpose of marketing our offers via the targeted display of advertising and is carried out with your consent. It is based on the legal basis of Art. 6 (1) a) GDPR.
You can withdraw your consent by clicking on "Cookie settings" on our website.
If, as a Facebook user, you also wish to object to the use of Facebook website Custom Audiences for the future ("Opt Out"), you can do so at https://www.facebook.com/ads/Webseite_custom_audiences.
Pinterest Tag
We use the Pinterest tag of the provider Pinterest Europe Ltd. (Ireland). With the help of the Pinterest tag, it is possible for Pinterest Europe Ltd, on the one hand, to determine the visitors to our online offer as a target group for the display of ads on the social media platform Pinterest (so-called "Pinterest ads"). Accordingly, we use the Pinterest tag to display the Pinterest ads placed by us only to those Pinterest users who have also shown an interest in our online offer or who have certain characteristics (e.g., interests in certain topics or products determined on the basis of the websites visited) that we transmit to Pinterest. With the help of the Pinterest tag, we also want to ensure that our Pinterest ads correspond to the potential interest of the users and do not have a harassing effect. With the help of the Pinterest tag, we can also track the effectiveness of the Pinterest ads for statistical and market research purposes by seeing whether users have been redirected to our website after clicking on a Pinterest ad.
The Pinterest tag is integrated by Pinterest with your consent when you visit our websites and can place a cookie on your device. This is used for the retargeting and conversion measurement described above. If you subsequently log in to Pinterest or visit Pinterest while logged in, your visit to our online offer will be noted in your profile. The data collected about you is anonymous for us, so we cannot draw any conclusions about your identity.
The use of the Pinterest tag and the further use of the data only takes place with your consent. The legal basis is Art. 6 para. 1 letter a) GDPR.
You can find more information about the processing of data when using Pinterest at https://policy.pinterest.com/en/privacy-policy
Data Processing On Our Social Media Sites
We are represented on several social media platforms with a company page. Through this, we would like to offer further opportunities for information about our company and for sharing. Our company has company pages on the following social media platforms:
When you visit or interact with a profile on a social media platform, personal data about you may be processed. Information associated with a social media profile used also regularly constitutes personal data. This includes messages and statements made while using the profile. In addition, during your visit to a social media profile, certain information is often automatically collected about it, which may also constitute personal data.
Facebook And Instagram Page
When you visit our Facebook or Instagram page, through which we present our company or individual products from our range, certain information about you is processed. The sole controller of this processing of personal data is Facebook Ireland Ltd (Ireland/EU - "Facebook"). Further information about the processing of personal data by Facebook can be found at https://www.facebook.com/privacy/explanation.
Facebook offers the possibility to object to certain data processing; information and opt-out options in this regard can be found at https://www.facebook.com/settings?tab=ads.
Facebook provides us with anonymised statistics and insights for our Facebook and Instagram page, which help us gain insights into the types of actions people take on our page (so-called "page insights"). These page insights are created based on certain information about individuals who have visited our page. This processing of personal data is carried out by Facebook and us as joint controllers. The processing serves our legitimate interest to evaluate the types of actions taken on our site and to improve our site based on these insights. The legal basis for this processing is Art. 6 (1) f GDPR. We cannot associate the information obtained via Page Insights with individual Facebook profiles that interact with our Facebook page. We have entered into a joint controller agreement with Facebook which sets out the allocation of data protection obligations between us and Facebook. Details of the processing of personal data to create Page Insights and the agreement entered into between us and Facebook can be found at https://www.facebook.com/legal/terms/information_about_page_insights_data. In relation to these data processing operations, you have the possibility to exercise your data subject rights (see "Your rights") also against Facebook. For more information, please refer to Facebook's privacy policy at https://www.facebook.com/privacy/explanation.
Please note that according to the Facebook privacy policy, user data is also processed in the USA or other third countries. Facebook only transfers user data to countries for which an adequacy decision has been issued by the European Commission in accordance with Art. 45 GDPR or on the basis of appropriate safeguards in accordance with Art. 46 GDPR.
For the processing of personal data when visiting our Twitter profile, Twitter Inc. (USA) is the sole responsible party. Further information about the processing of personal data by Twitter Inc. can be found at https://twitter.com/en/privacy.
Pinterest Europe Ltd. is the sole responsible party for the processing of personal data when you visit our Pinterest profile. Further information about the processing of personal data by Pinterest Europe Ltd. can be found at https://policy.pinterest.com/en/privacy-policy.
Processing Of Data Provided To Us Via Our Social Media Pages
We also process information that you have provided to us via our company page on the relevant social media platform. Such information may be the username used, contact details or a message sent to us. We regularly process this personal data only if we have previously expressly requested you to provide us with this data, for example as part of a survey. These processing operations are carried out by us as the sole data controller.
We process this data on the basis of our legitimate interest in contacting people who make enquiries. The legal basis for the data processing is Art. 6 (1) f GDPR.
In addition, we may process such data for evaluation and marketing purposes. This processing is carried out on the legal basis of Art. 6 (1) f GDPR and serves our interest in further developing our offer and informing you specifically about our offers. Further data processing may take place if you have consented (Art. 6 (1) (a) GDPR) or if this serves the fulfilment of a legal obligation (Art. 6 (1) (c) GDPR).
We use software to manage our company pages. If a user asks a question specified in the software via the comment function on one of our company pages, the text is displayed via the software together with the user's username. This data is also transmitted to the provider of the software. The transmitted text as well as the user name will be deleted as soon as the question has been answered.
Further Data Processing
Contractual Relationship
In order to establish or implement the contractual relationship with our customers, it is regularly necessary to process the personal master, contract and payment data provided to us. The legal basis for this processing is Art. 6 (1) b) GDPR. We also process customer and prospect data for evaluation and marketing purposes. This processing is carried out on the legal basis of Art. 6 (1) f GDPR and serves our interest in further developing our offer and informing you specifically about Crystallized Nectar offers. Further data processing may take place if you have consented (Art. 6 para. 1 letter a) GDPR) or if this serves the fulfilment of a legal obligation (Art. 6 para. 1 letter c) GDPR).
Use Of E-Mail Address
We may use the email address you provide when registering or ordering to inform you about Crystallized Nectar' own similar products and services. The legal basis is Art. 6 para. 1 lit. f) GDPR. You can object to this at any time without incurring any costs other than the transmission costs according to the basic rates. To do so, you can unsubscribe by clicking on the unsubscribe link contained in each mailing or by sending an e-mail to info@crystallizednectar.co.uk.
Changes and updates to the privacy policy
We kindly ask you to regularly inform yourself about the content of our privacy policy. We will amend the privacy policy as soon as changes to the data processing activities we carry out make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g., consent) or other individual notification.
Queries and Complaints
Any comments or queries on this policy should be directed to us. If you believe that we have not complied with this policy or acted otherwise than in accordance with data protection law, then you should notify us.