All processing operations of your personal data are performed in compliance with the applicable laws on protection of personal data, including Regulation (EU) 2016/679 (“GDPR”).
Remember that you will be able to use our services which are accessible at our Site ("Services") only after having read and accepted the “Terms and Conditions of the Service” available at https://eu.u-maskstore.eu/policies/terms-of-service ("General Conditions").
WHO IS THE CONTROLLER OF THE PROCESSING OF YOUR PERSONAL DATA?
The controller of the processing of your personal data is U-Earth Biotech Ltd (“U-Earth”), VAT number GB311666618, incorporated and registered in United Kingdom with no. 11599132 and with registered office in 172 Fulham Road, SW10 9PR, London. The use on the Site and in this Policy of expressions such as “we” or “our” shall be meant to refer to U-Earth.
You may contact U-Earth and make any questions or comments relating to this Policy, by writing to the e-mail address email@example.com.
WHICH CATEGORIES OF DATA DO WE PROCESS?
We process the following categories of data for the purposes set out in the next section:
1) Navigation data
During their normal operation, the computer systems and software procedures responsible for the functioning of the Site collect certain personal data. This information is not collected in order to identify you but, through processing and association operations with data held (also) by third parties, may allow your identification. This data category includes:
- the IP addresses of computers and devices used to gain access to the Site and to use the Services. The data relating to the IP addresses, as gathered during the normal use of the Site, also allow us to approximately establish your location;
- information relating to the device used to visit or access the Site (such as, for example, model, operating system and browser used, etc.);
- information relating to the sections and pages of the Site visited (such as, by way of example, the URI/URL addresses of the requested resources, the time of the request, the method used to submit it to the server, the size of the file obtained in response, the http response code, etc.).
2) Data regarding the use of the Site
We collect data related to your use of the Site, such as information regarding the products you selected and/or purchased, your search history, details of your interactions with the Site.
3) Data provided voluntarily by the user
We may collect the following information provided directly by you:
- name, surname, e-mail address;
- shipping address, telephone number, billing information;
- details of your credit card and/or other payment methods allowed on the Site, it is understood that the data of your credit card made available from time to time will not be stored and retained, even temporarily, in our systems, except in the case of verification for fraud prevention purposes;
- identification codes, such as username and password;
- information provided as part of an assistance request (reason for contact or complaint, etc.);
- when participating in surveys and market research.
FOR WHAT PURPOSES AND ON WHAT BASIS DO WE PROCESS YOUR PERSONAL DATA?
We process your personal data in accordance with the following legal bases:
- To provide you with the requested Services and, therefore, for purposes strictly connected and instrumental to the establishment and management of customer relations (art. 6, paragraph 1 letter b GDPR).
The processing of your personal data is mainly necessary to perform the contract that we have entered into with you and, therefore, to enable us to provide you with the Services requested. In particular, we process your personal data to:
- allow you to browse and use the Site;
- verify your identity;
- manage your registration and the account;
- allow you to use the Services you may request from time to time, in accordance with the General Conditions;
- process and manage your transactions and purchases of products on the Site (including managing the delivery and sending of all related communications - such as, for example, the order confirmation);
- provide you with assistance and/or follow up on your complaints through our customer service (through remote communication tools such as email, chat, etc.).
The processing of data for the purposes set out in this section does not require your consent as they are necessary to enable us to provide you with the Services and, therefore, if you do not provide us with your personal data for such purposes, we will not be able to provide you with any Service.
The data processed for this purpose belong to the following categories: navigation data and data provided voluntarily by the user.
- To fulfill the legal obligations to which U-Earth is subject and, therefore, for purposes arising from legal obligations, regulations, European Union legislation, provisions issued by authorities empowered by law or by supervisory and control bodies (art. 6, paragraph 1 letter c GDPR)
We also process your personal data:
- to enable us to act in accordance with applicable legal and/or regulatory obligations;
- to prevent fraud and to enforce and defend the rights of U-Earth;
- manage and respond to requests from relevant authorities (administrative, tax and judicial).
The categories of data processed for this purpose are: navigation data, data related to the use of the Site and data voluntarily provided by the user.
- To pursue the legitimate interests of U-Earth (art. 6, paragraph 1 letter f GDPR)
We also process your personal data:
- for purposes of improving the products and/or Services, internal management control, fraud prevention, and to enforce and defend U-Earth's rights;
- to carry out a transfer of assets, of a company or of a business branch as well as a potential merger or corporate and/or financial operations, in this case communicating and transferring data to a third party or parties involved in the operation.
Such processing carried out on the basis of our legitimate interest does not require your specific consent. However, you may object to such processing at any time by clicking on the link: https://eu.u-maskstore.eu/pages/gdpr-compliance
The categories of data processed for this purpose are: browsing data, data relating to the use of the Site and data provided voluntarily by the user.
Subject to your express and specific consent (art. 6, paragraph 1 letter a GDPR), we may process your personal data to:
- send you and/or show you updates on products and/or Services and marketing communications (including special discounts and offers) of products and/or Services available on the Site, also on the basis of your interests, interactions and consumption habits on the Site.
These treatments require your prior consent. You may revoke any consent that you may have expressed at any moment by accessing the link https://eu.u-maskstore.eu/pages/gdpr-compliance or clicking on the “Unsubscribe” link provided in each direct marketing communication via email, without any consequences concerning the contractual relationship with U-Earth.
The categories of data processed for this purpose are: navigation data, data relating to the use of the Site and data provided voluntarily by the user.
TO WHOM MAY WE DISCLOSED YOUR DATA?
Your data may be disclosed to the following categories:
- parent companies and/or associated companies of and/or controlled by U-Earth;
- suppliers, agents, subcontractors, business partners and all parties related to our sales or service network, or those providing us with various services whose performance requires the processing of personal data. In particular, we use third-party vendors to send you the products you have purchased, to manage the payment methods available on our Site, to optimize our Services, for management and maintenance of the Site, to provide IT and software solutions (such as, for example, the company Shopify Inc., licensor of the e-commerce platform referred to in the Site eu.u-maskstore.eu;
- banks and credit institutions in the event of fraud and/or disputes and payment-related issues;
- consultants or firms that assist U-Earth in relation to legal, administrative and/or fiscal matters, including those of a contentious nature as well as debt recovery companies;
- potential purchasers of U-Earth and entities resulting from the merger or any other form of transformation regarding U-Earth;
- public safety authorities and judicial authorities, individuals, corporations or other authorities to whom it is mandatory to communicate your data by law or by orders of the same authorities.
TO WHOM DO WE TRANSFER YOUR DATA ABROAD?
Your personal data may be transferred freely within the territory of the European Economic Area (EEA).
If, for the purposes set forth in this Policy, it becomes necessary to transfer your data outside the EEA and to countries or territories that are not the subject of an adequacy decision by the European Commission pursuant to Art. 45 GDPR, U-Earth will (i) carry out such transfer on the basis of the conditions set out in Articles 46 or 47 GDPR (appropriate safeguards or binding corporate rules) and/or the exemptions set out in Article 49 GDPR, and (ii) take the technical-organizational and/or contractual measures necessary from time to time to ensure a level of protection of your personal data comparable to that guaranteed by the applicable legislation in the EEA.
In this respect, we inform you that the e-commerce platform referred to in the Site www.eu-u-maskstore.eu is licensed to U-Earth by the Canadian company Shopify Inc. Transfers of personal data made by Shopify Inc. are described in the following document: https://help.shopify.com/pdf/cross-border-whitepaper.pdf.
HOW LONG DO WE RETAIN YOUR DATA?
Your data will not be kept longer than necessary for the purposes for which they were collected, without prejudice in any case to the exercise of your rights under the next section.
U-Earth may retain certain data even after the termination of the relationship with you relating to the provision of the Services, for the time required to manage specific contractual or legal obligations as well as for administrative, fiscal and/or contributory purposes, for the period of time required by laws and regulations in force, as well as for the time required to enforce any rights in court.
Notwithstanding the above, data processed for marketing purposes on the basis of your consent will be retained for a period of 24 months starting (i) from the date on which the consent is given or renewed when purchasing a product through the Site, or (ii) from the date of the Last Contact, meaning, by way of example, the access to the Site and/or the interaction with a marketing communication sent by U-Earth.
WHAT ARE YOUR RIGHTS?
You have the right to exercise, at any time, the rights granted by Articles 15-21 GDPR, as briefly summarized below:
- Right of access: you can request information about the processing we perform on your data or ask for confirmation that U-Earth is processing your personal data. In this case, you can ask us to provide you with a copy of your data and verify what data are in our possession.
- Right of rectification: you have the right to request for the rectification of your personal data if they are incorrect, including the right to request for the integration of incomplete personal data.
- Right to erasure: you have the right to request for the erasure of the data (or of part of it) you have provided us, including data that does not need to be stored in relation to the purposes for which the data was collected or otherwise processed.
- Right to restriction of processing: you have the right to request us to limit the processing of your personal data if the conditions set out by the law are fulfilled.
- Right to object: you have the right to object to the processing of your data, subject to the existence of an overriding legitimate reason to continue such processing.
- Right to data portability: you will be able to receive from U-Earth, in a structured, commonly used and machine-readable format, the personal data that you have provided us, in order to transmit them to another party. This right may be exercised in the hypothesis in which CHILI’s processing of such data is carried out by automated means, on the basis of your consent or for the purpose of providing the Services.
- Withdrawal of consent: if the data processing was based on your consent, you may revoke it at any time, without affecting the lawfulness of the processing based on consent before its withdrawal.
- Right to lodge a complaint with the Data Protection Authority: without prejudice to any other administrative or judicial recourse, you have the right to file a complaint to the Data Protection Authority in case you consider that the data processing carried out by U-Earth breaches the current data protection legislation.
You can exercise your rights at any time and free of charge by clicking the following link: https://eu.u-maskstore.eu/pages/gdpr-compliance
Pursuant to article 2-tendencies of the Privacy Code, the rights listed above may be exercised, in the event of your death, by those who have an ownership interest, or are acting on your behalf (as your representative, or for family reasons worthy of protection). You can prohibit the exercise of all or some of these rights by the beneficiaries by sending us a written statement.
Types of cookies
Moreover, cookies are usually divided into two macro-categories: technical cookies (which includes most of the analytical cookies) and profiling cookies.
Technical cookies are used for the sole purpose of optimizing your web-surfing on the Site and to allow U-Earth to provide the required Services. Technical cookies used on the Site can be further divided into:
- Strictly required cookies
These cookies are strictly necessary to allow your browsing on the Site and for its proper functioning. They do not store personal information and are set only in response to your actions (such as, for example, a request for services, setting privacy preferences, logging in or filling out forms).
Navigation cookies are normally session cookies and, therefore, once the browser is closed, they are deleted. You can also set your browser to block or warn you about these cookies, but as a result, some parts of the Site may not work or work incorrectly.
Below is a list of all the navigation cookies used by the Site:
- Performance or analytical cookies
These cookies allow us to gather statistical information, in an anonymous and aggregate form, about how many users access the Site and how they use and engage with it. This allows us to improve the products and Services of our Site.
Below is a list of all the analytical cookies used by the Site:
- Functionality cookies
These cookies allow us to provide you with enhanced functionality and customization. In particular, they are used to store some of your preferences and information (e.g. language, country of origin, products selected for purchase) without you having to re-enter them on subsequent visits. Functionality cookies are often persistent cookies: they remain stored on your device even after you close your browser, until their expiration date or until the user decides to delete them. If you do not authorize these cookies, some or all of the Services may not function properly.
Below is a list of all the functionality cookies used by the Site:
Profiling cookies are designed to create profiles of the user and are used to send you advertisements in line with your browsing preferences.
These cookies may be set through our Site by our advertising partners. They may be used by these companies to build a profile of your interests and to show you relevant ads on other websites.
The use of profiling cookies and other tracking tools requires the prior acquisition of your free consent. If you do not consent to the use of these cookies, you will not be shown or sent personalized ads, nor will profiles be created based on your interests. On the other hand, refusal or withdrawal of consent will not affect your ability to access or navigate the Site.
Below is a list of all the profiling cookies used by the Site:
HOW CAN YOU MANAGE COOKIES?
You can remove existing cookies and block the installation of new cookies through your browser settings. With particular reference to third-party cookies, please note that, if you have already given consent, you must delete them through the browser or by requesting the opt-out directly to the third parties or through the site: http://www.youronlinechoices.com
The procedure for managing your preferences in relation to cookies is different for each browser. Below are the instructions for the most common browsers:
UPDATES TO THIS POLICY
Such changes will be promptly published on the Site and we will inform you about them with all our communication tools. The changes will be binding as soon as they are published. If you do not wish to acknowledge or accept the changes to this Policy, you may exercise any of the rights mentioned above.
Please check this page periodically. Version updated as of September 2021.