Privacy Policy

Data Privacy Statement & Cookies Policy for Kinvara Skincare

 by Data Protection Providers Ltd. June 2018

 Table of Contents

 Data Privacy Statement

Who Are We?

This is the Data Privacy Statement of Kinvara Skincare based at Unit 4, The Grove, Kinincha Road, Gort, Co. Galway, H91 A620, with the phone number +353 91 637878.

We provide skincare products that are effective, concentrated, with plant-packed formulas using certified organic plant oils, that contain no SLS, parabens, mineral oils or alcohol, and are never tested on animals. We sell directly to our customers online and we also sell through retail outlets.

About This Statement

This Data Privacy Statement is designed to demonstrate our firm commitment to privacy, our compliance with the General Data Protection Regulation (GDPR) and to inform you of the personal data that we collect and process in connection with your interaction with Kinvara Skincare. 

It also sets out details of what personal data we process, why we process it, with whom your personal data is shared, and a description of your rights with respect to your personal data.

Personal Data Processed

The personal data we hold, process and retain will be used for the management of your account, for administrative purposes, for meeting our legal and regulatory obligations and for marketing, where you give consent. We hold it and use it to protect your rights and interests and to manage our relationship with you appropriately, effectively and lawfully. At the same time, it enables us to run our business.

Where there is a need to process your data for a purpose other than those set out in this Data Privacy Statement, or otherwise outlined to you, we will inform you of this and, if required, we will seek your consent.

Sales Transactions

Among the types of personal data collected for sales transactions, by ourselves or through third parties, there are: first name, last name, email address, gender, date of birth, phone number, billing and shipping address, Cookies, Usage Data and geographic position. Credit card payments are handled through third parties, Stripe and Paypal, and we do not retain your credit card details.

Website Contact Form

By filling in the contact form with their personal data, the user authorises this website to use these details to reply to requests for information, quotes or any other kind of request as indicated by the form’s header. The personal data collected includes the email address, first name, last name and any data included in the message body.

Email List

By registering on the mailing list or for the newsletter, the user’s email address will be added to the contact list of those who may receive email messages containing information of a commercial or promotional nature concerning this website.

Your email address might also be added to this list as a result of entering a competition or making a purchase. We will always ask for your consent to be added to this list and you may withdraw consent at any time. The personal data collected includes email address, name and usage data.

Social Media 

Facebook Permissions:
This Website may ask for some Facebook permissions allowing it to perform actions with the User's Facebook account and to retrieve information, including personal data, from it. This service allows this website to connect with the User's account on the Facebook social network, provided by Facebook Inc. For more information about the following permissions, refer to the Facebook permissions documentation and to the Facebook privacy policy. 
The permissions asked are for certain user’s data such as contact email, ID, name, picture, gender, and their locale. Certain connections of the user, such as the friends, are also available. If the user has made more of their personal data public, more information will be available.

Twitter Permissions:
This service allows this website to connect with the user's account on the Twitter social network, provided by Twitter, Inc. The personal data collected includes various types of data as specified in the privacy policy of the Twitter Inc. service.

Content Commenting

Content commenting services allow users to make and publish their comments on the contents of this website, via product reviews. If there is an email address among the personal data provided by the user, it may be used to send notifications of comments on the same content. Users are responsible for the content of their own comments.

If a content commenting service provided by third parties is installed, it may still collect web traffic data for the pages where the comment service is installed, even when users do not use the content commenting service. Kinvara Skincare use a 3rd party review app from Okendo.

Displaying Content from External Platforms

This type of service allows you to view content hosted on external platforms directly from the pages of this website (e.g. Instagram feed) and interact with them, and might still collect web traffic data for the pages where the service is installed, even when users do not use it.

Phone Contact

Users that provided their phone number might be contacted for commercial or promotional purposes related to this website, as well as for fulfilling support requests. We will always seek your consent before contacting you for marketing or promotional purposes.

Handling Payments

Payment processing services enable this website to process payments by credit card, bank transfer or other means. To ensure greater security, this website shares only the information necessary to execute the transaction with the financial intermediaries handling the transaction. Some of these services may also enable the sending of timed messages to the user, such as emails containing invoices or notifications concerning the payment. Kinvara Skincare never retain any credit card details.

• Paypal (PAYPAL INC.): is a payment service, which allows users to make online payments using their PayPal credentials. The personal data collected includes various types of data as specified in the privacy policy of the service. 
  
  

• Stripe (STRIPE INC): is a payment service provided by Stripe Inc. 

  The personal data collected includes various types of data as specified in the privacy policy of the service. 

Retention Time

Personal data relating to sales is kept indefinitely to provide a fully comprehensive history for our customers. Data requested for marketing purposes such as our newsletter signup or text alerts can be unsubscribed to at any time.

The Use of Collected Data

The data concerning the user is collected to allow Kinvara Skincare to provide its services, as well as for the following purposes:

• Contacting the user 

  • Registration and authentication 

  • Access to third party services

• Accounts and handling payments 

  • Analytics 

  • Content commenting 

  • Content performance 

  • Displaying content from external platforms 

  • Hosting and backend infrastructure 

  • Interaction with external social networks and platforms 

  • Interaction with online survey platforms 

  • Interaction with support and feedback platforms 

  • Product reviews 

  • Location-based interactions

  • Managing contacts and sending messages 

  • Managing support and contact requests 

  • Social features

• Traffic optimisation and distribution 

  • User database management

How is your Personal Data Shared?

Your personal data may be disclosed to third parties where we are legally obliged to do so. It will also be disclosed during activities where we have lawful contractual agreements in place that enable us to operate our business.

Kinvara Skincare shares your personal data with sub-contractors used in the provision of fulfillment and distribution, including:

• Autofulfil , Unit B3, Deerpark Industrial Estate, Oranmore, Co. Galway.

• The Distribution Solution (TDS), 26, Kilwee Business Park, Upper Dunmurry Ln, Dunmurry, Belfast.

• Fastway Couriers, 7/8, Manwar Industrial Park, Galway Rd, Farrannamartin, Tuam, Co. Galway

All of our sub-contractors have been instructed on how to process any personal data we share with them, in terms of keeping the information secure and private, and not retaining it for any longer than necessary. 

We also process your personal data using the following third party apps 

• Google G-Suite (Email and Storage)

• Shopify (Sales Platform)

• Help Scout (Customer Support System)

• Capsule CRM (Customer Relationship Management System)

• Remarkety (Email Marketing)

• io (Rewards System)

• Okendo Reviews (Customer Feedback)

• Upviral (Social Media Competitions)

• Interact SMS (Text Communication)

• Dear Inventory (Stock Management System)

• BEST Currency Converter 

• Multi Currency Auto Switcher 

• pics - Lookbook & Instagram Galleries Logo 

• Drop A Hint Premium 

• EU Cookie Banner 

• MailChimp for Shopify (Email Marketing)

• Mapyoyo - Stores Locator & Order Locations 

• Free email popups with exit intent 

The personal data collected includes the various types of data as specified in the privacy policy of the service. We are actively working to ensure that all of our third party providers are GDPR compliant.

Cookies Policy

What is a Cookie?

Cookies are small text files containing a string of characters that can be placed on your computer or mobile device that uniquely identify your browser or device.

What Are Cookies Used For?

Cookies allow a site or services to know if your computer or device has visited that site or service before. They can then be used to help understand how the site or service is being used, help you navigate between pages efficiently, help remember your preferences, and generally improve your browsing experience, and can also help ensure the marketing you see online is more relevant to you and your interests.

How Do We Use Cookies?

We use cookies to help identify your computer so we can tailor your user experience, track shopping basket contents and remember where you are in the order process. We also use cookies for analytics and marketing purposes.

The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission.

This site uses different types of cookies. Some cookies are placed by third party services that appear on our pages. You can at any time change or withdraw your consent from the Cookie Declaration on our website. Your consent applies to the following domain: www.kinvaraskincare.com

What Types of Cookies Does Kinvara Skincare Use?

There are generally three categories of cookies that we use: “Necessary,” “Analyics” and “Marketing’. You can find out more about each cookie category below:

Cookies that are ”Necessary” for the operations of our website include cookies that assist us:

• Remember what is in your shopping basket.

• Remember where you are in the order process. 

• Remember that you are logged in and that your session is secure.

The “Analytics” cookies we use include:

• Google Analytics is a web analysis service provided by Google Inc. (“Google”). Google utilises the Data collected to track and examine the use of this website, to prepare reports on its activities and share them with other Google services. Google may use the Data collected to contextualize and personalize the ads of its own advertising network. This is done using cookies and usage data.

• Shopify Stats is an analytics service provided by Shopify, done using cookies and usage data. We use Shopify to manage our online sales.

These cookies register a unique ID that is used to generate statistical data on how the visitor uses the website.

The “Marketing” cookies we use include:

• The Facebook Pixel, which allows us to remember the products you have viewed on our site and advertise these to you on your Facebook feed.

• Google Adwords Tag, which allows us to market our products to you via Google browsing.

• Social Network Share Buttons which allow you to share pages with social networks such as Facebook, Instagram and Twitter.

• Google Fonts is a typeface visualisation service provided by Google Inc. that allows this Website to incorporate content of this kind on its pages. 

  The personal data collected includes usage data and various types of data as specified in the privacy policy of the service.

• Google Maps is a maps visualisation service provided by Google Inc. that allows this website to incorporate content of this kind on its pages. The personal data collected includes cookies and usage data.

• Google Site Search is a search engine embedding service provided by Google Inc. that allows this website to incorporate content of this kind on its pages. The personal data collected includes cookies and usage data.

• Instagram Widget: Instagram is an image visualization service provided by Instagram, Inc. that allows this website to incorporate content of this kind on its pages.  The personal data collected includes cookies and usage data.

• YouTube Widget: YouTube is a video content visualization service provided by Google Inc. that allows this website to incorporate content of this kind on its pages. The personal data collected includes cookies and usage data.

Please note that we will never share any personal information with third parties for their marketing purposes without your consent.

Subject Access Requests 

You have the following rights under data protection law; 

• Information Request. The right to receive a copy of and/or access the personal data that we hold about you, together with other information about our processing of that personal data.

• Update Data. The right to request that any inaccurate data that is held about you is corrected, or if we have incomplete information you may request that we update your data such that it is complete.

• Data Deletion. The right, in certain circumstances, to request that we erase your personal data.

• Restrict Processing. The right to object to our use of your personal data or the way in which we process it.

• Object to Processing. The right, in certain circumstances, to request that we no longer process your personal data for particular purposes.

• Data Portability. The right, in certain circumstances, to transfer your personal data to another organisation.

• Review Automated Decisions. The right to object to automated decision making and/or profiling.

In addition to the information contained in this privacy statement, users can seek to be provided with additional and contextual information concerning particular services or the collection and processing of their personal data upon request.

We fulfill all subject access requests within one month, where possible. If you have a request, please contact Laura O’Dea by email at laura@kinvaraskincare.com

If you have a complaint about how we have handled your personal data or a subject access request, please contact Richard Lennon, Operations Manager, at Richie@kinvaraskincare.com

You also have the right to complain to the Data Protection Commissioner if you are not satisfied with how Kinvara Skincare have dealt with your Subject Access Request.

Security

Kinvara Skincare processes the personal data of our customers in a proper manner and we are committed to taking appropriate security measures to prevent unauthorised access, disclosure, modification, or unauthorized destruction of such Data. The personal data processing is carried out using computers and/or IT enabled tools, following organisational procedures and modes strictly related to the purposes indicated.

In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

Data Breach Management

We fully comply with GDPR requirements in relation to data breach management. We commit to report these within 72 hours to the Data Protection Commissioners, to inform affected data subjects as soon as possible, to log all breaches internally and put corrective action in place to ensure that they do not reoccur.

Children Under 16

Under no circumstances may persons under the age of 16 use this website without the consent of a parental authority.

Will Your Personal Data Be Transferred Abroad?

We are currently taking steps to ensure that all third party software that we use to process your personal data are fully GDPR compliant, which requires your data being processed on servers based within the EU.

Changes to this Privacy Policy

The data controller (Kinvara Skincare) reserves the right to make changes to this privacy policy at any time by giving notice to its users on this page. It is strongly recommended to check this page often, referring to the date of the last modification listed at the bottom. If a user objects to any of the changes to the policy, the user must cease using this website and can request that the data controller remove the personal data. Unless stated otherwise, the then-current privacy policy applies to all personal data the data controller has about users.

Definitions

• Personal Data: Any information regarding a natural person, a legal person, an institution or an association, which is, or can be, identified, even indirectly, by reference to any other information, including a personal identification number.

• Usage Data: Information collected automatically from this Website (or third-party services employed in this Website), which can include: the IP addresses or domain names of the computers utilized by the Users who use this Website, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilized to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server's answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system utilized by the User, the various time details per visit (e.g., the time spent on each page within the Website) and the details about the path followed within the Website with special reference to the sequence of pages visited, and other parameters about the device operating system and/or the User's IT environment.

• User: The individual using this Website, which must coincide with or be authorized by the Data Subject, to whom the Personal Data refers.

• Data Subject: The legal or natural person to whom the Personal Data refers.

• Data Controller: The natural person, legal person, public administration or any other body, association or organization with the right, also jointly with another Data Controller, to make decisions regarding the purposes, and the methods of processing of Personal Data and the means used, including the security measures concerning the operation and use of this Website. The Data Controller, unless otherwise specified, is the Owner of this Website.

• Cookies: Small piece of data stored in the User's device.