- 1. Lawful basis of processing
We may process your data based on one of three main legal grounds: (1) your consent; (2) any contract between you and us; and (3) our legitimate interests.
We collect your personal data based on one or many of the following legal bases:
- we have obtained your prior express consent (written, verbal or online) to the processing of your personal data (this legal basis isonly used in relation to processing that is entirely voluntary - it isnot used for processing that is necessary or obligatory in any way);
- the processing is necessary in connection with any contractbetween Hyrem and you ("contractual necessity"); or
- we have a legitimate interest in carrying out the processing for thepurpose of managing, operating or promoting our business, andthat legitimate interest is not overridden by your interests, fundamental rights, or freedoms ("legitimate interests").
- Personal data we collect
We collect the following information:
- Information provided directly by you
- Information collected when our websites or interactive products orservices are used
- Information related to the purchases and other business with us byyou
- Information collected from other sources which may be combinedwith the user account details
Please note that we do not collect any payment information. All payment data are processed by authorized third party payment services providers.
We may collect personal data either directly from you, automatically from your devices that interact with our services, or from third party sources as described below.
Information collected directly from you:
- Contact details: your name, email address(es), telephone number,postal address;
- Demographic information: gender, date of birth or age, language,title or degree, income information, accommodation information,household size;
- Information related to your account: payment type or method,username, encrypted password, account picture;
- Any consents, communications and feedback that you provide tous;
- Personal interests notified by you;
- Work-related information provided by you: company/employer'sname and contact details;
- Gift purchase information: the recipient's name, contact address,delivery address(es), telephone number and email address(es);and
- Other information collected on the basis of your prior, express,voluntary consent (including public social media profiles).
Information collected when our websites or interactive products or services are used:
- Your user account identity and registration date (if you are loggedin);
- Your browser, operating system, device model, IP-address, time ofaccess and duration of access;
- Location data (including details of your WiFi-connection point, GPScoordinates or similar measure (read more: use of location data)); •Web pages through which our website was accessed, the pagesbrowsed by you, all other actions with our website during your website visit (e.g., interactions, referral sites, search key words); •Cookies and other identification tags;
- Marketing information: the benefits, campaigns and servicesdirected or offered to the customer and your usage of them; and •Other information collected based on your consent.
Information related to your purchases:
- Information on orders, deliveries, payment methods, billingaddress(es), delivery address(es), and other information related toany business you may do with Hyrem;
- Your contacts with Customer Service and communication with you; •Your participation in our promotions and contests; and •Your contact information.
Information collected from other sources which may be combined with your user account:
- If you have connected to any Hyrem website, service or socialmedia channel using your social media profile(s), we may collectthe public information available on your social media profile(s);
- We may purchase information from third parties to complement thedata collected by us;
- We may collect information from public registers maintained byauthorities, if such registers are available in your country; and •Updated delivery and contact information from delivery agents.
We may use third party service providers for payment processing, in which case you will be directed to the relevant third party service
provider's website which is subject to that third party service provider's terms and conditions. Hyrem does not store credit card information.
- How Hyrem uses your personal data
We collect your personal data in order to offer you our products and services in the best possible way; to create a smooth shopping experience; and to operate and maintain our websites and services effectively.
We use the collected information for the following purposes: •Offering products, marketing and personalizing
- Customer loyalty programs and other user accounts
- Customer service
- Product and services development and anonymized reporting •Orders
- Detection, investigation and prevention of unlawful activities •Identifying users
We may process your personal data for the following purposes:I. Offering products, marketing and personalizing
We want to offer you the most interesting products and services and therefore we may analyze your interests, preferences and needs.
We may process your personal data to manage our relationship with you, in the context of marketing and sales purposes as follows: managing the customer relationship lifecycle, customer segmentation and improving effectiveness.
Your personal data may be processed for the purposes of informing you about our products and services, announcing any new product or service launches or benefits available to you, and concluding market surveys, provided that we have first obtained any necessary consent, where required for such use, in accordance with the applicable law. Such marketing may be carried out as follows:
- Direct marketing through mail or telephone, including textmessages;
- Electronic messaging: emails and other electronic messages; and •Digital online marketing (e.g., displays, search engine marketing)
- Customer loyalty programs and other user accounts
If you have registered with a customer loyalty program, or created a user account to any of our websites, we may process your personal data for the purpose of providing you with the benefits and services available under our customer loyalty program and informing you of any changes.
III. Customer service
We may process your personal data for the purpose of providing personal and customized services when you contact our Customer Service team.
Our Customer Service team may process your personal data if you contact them. Your calls to the Customer Service team may be recorded, in which case you will be informed of such recording beforehand. We may connect the personal data collected by the Customer Service team with other personal data, such as your purchase history, which enables us to provide you with as efficient and personal service as possible. Your personal data may also be processed for warranty-related activities, such as activating the warranty, claims related to warranties and registering additional warranties for certain items.
- Product and services development and anonymized reporting
Product and services development is essential to us and enables us to provide our customers with ever better, more innovative and user-friendly products and services.
We may process your personal data and account details to both improve our existing products and services, and to develop new ones. We may connect any feedback and communication received from you with your account.
- Surveys/research conducted via our websites: We may usequestionnaire tools on our websites to improve our customerexperience from time to time.
- Loyal customer community: To improve our service and ourprogram to meet our customers' needs we may provide you withsurveys or research questions concerning our products and services (whether in hard copy or online).
We use anonymized data for reporting purposes. Such data have been anonymized and cannot be used to identify you. We use such data to analyze the realization of our commercial objectives, such as effectiveness of our product campaigns. Such anonymized data may contain:
- Aggregate visitor numbers of our websites;
- Aggregate visitor numbers of our stores;
- Average visit duration;
- Typical visitors path on our site or our store; and
- Certain measurements related to our product sales.
If you have ordered products or services from any of our web stores or physical stores, we may process your personal data for the purposes of processing your order(s).
Payment details are not stored in our systems. Instead, payment data are provided by you directly to our third party payment services providers.
- Detection, investigation and prevention of unlawful activities We may process your personal data for the purposes of detecting,investigating and preventing unlawful activities. We may provide yourinformation to law enforcement authorities based on their request, or based on a legal basis defined in any applicable law for prevention and investigation of fraud and other unlawful activities. We may disclose your personal data to any party in response to an order from a court of competent jurisdiction.
VII. Identifying users
We may identify you for the purposes of providing you with more personalized and customized services, and a better experience. We may identify your online activities based on cookies. Read more on cookies we use. In mobile applications and web stores, we may identify you based on your log-in details.
Identifying you in any of our physical stores requires your name and postal address and possibly ID verification.
- How long is your data stored
- Your data are stored as long as your online account is valid, plusthe applicable period for limitation of legal claims, and anyadditional periods required or permitted under applicable law.
- Remember to update your information if any material changesoccur.
If you have created an account to any of our webstores or loyalty programs, your personal data will be retained until such time as you either terminate the account, or request that your data be deleted. To ensure that you receive news, offers and other information you are interested in, you may be asked to update your data once in twelve (12) months when you use your webstore account or when you purchase products in any of our local stores.
- How we disclose your personal data to other parties
We disclose your personal data only to the parties indicated below and for the following reasons only:
to use high standard security measures to protect your personal data.
- Lawful requests. We may be required by the binding requirementsof applicable law, or for the purposes of responding to legalproceedings or other lawful requests to disclose your personal data to authorities or third parties.
- Protection of our interests and combating fraud. We may alsodisclose or otherwise process your personal data, in accordancewith applicable law, to defend our legitimate interests (for example, in civil or criminal legal proceedings) and when combating fraud.
- Mergers and acquisitions. In the event of any sale, consolidation orreorganization of our businesses (for example mergers andacquisitions), we may disclose your personal data to prospective or actual purchasers or their advisers, where appropriate.
- Personal data of children
Product orders will only be accepted by us if the consumer is 18 years old or more. Therefore we do not seek to collect personal data of children.
- Steps taken to safeguard the personal data
We have created appropriate safeguards to protect your personal data.
We have implemented both technical and organizational safety measures, and only certain restricted personnel are permitted to access your data. However, you should always be careful when transmitting your data via internet, as the transmission of data to our website will be at your risk.
We have implemented appropriate technical and organizational security measures designed to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, unauthorized access, and other unlawful or unauthorized forms of processing, in accordance with applicable law.
We maintain a variety of physical, electronic, and procedural safeguards to guard your personally identifiable information. Specifically, we use commercially accepted procedures and systems to protect against unauthorized access to our systems. Only our appointed personnel and third party companies operating on behalf of us or on our assignment (referred to as "Authorized Third Parties") are entitled to access or process your personal data.
All persons processing such data must receive individual accreditation. Different levels of access have been created based on the type of data a person needs to access or process according to his/her job description. Our systems are fire-wall protected. Manually stored and processed documents which may contain your personal data are stored in locked
and fireproof premises. Only specifically authorized personnel of ours or Authorized Third Parties are entitled to access such premises or process such data. All Hyrem personnel or personnel from Authorized Third Parties who are granted access to your personal data are required to keep such data confidential.
Unfortunately, the transmission of information via the internet is never completely secure. Although we will implement all reasonable measures to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access.
- Actions you can take in regard to the processing
Subject to applicable law, you may have the following rights with respect to the processing of your personal data:
- Choosing not to provide your personal data
- Accessing, or obtaining a copy of, your personal data •Checking and editing your data in your user account
- Unsubscribing from direct marketing
- Checking and editing your personal data
- Blocking and deleting the cookies
- Permitting or refusing processing of your location data •Erasure, or restriction of our processing, of your data
- Objecting to the processing of your personal data
- Withdrawing your consent
- Porting your data to another controller
- Lodging a claim at the supervisory authority
Please note that upon exercising any of the rights listed below, you may be requested to provide additional information for identification purposes. Such additional information shall not be used for any other purpose and will be removed after successful identification.
- Providing your data: You may choose not to provide your personaldata to us. It should be noted that some features of our websitesand other services may not be fully available to you if you choose not to provide us with your personal data (e.g., we may not be able to process your orders without the necessary details).
- Right of access: You may have the right to request access to, orcopies of, your personal data, together with information regardingthe nature, processing and disclosure of those data.
- Unsubscribing: We include an unsubscribe link in all electronicmarketing messages we send to you. You may withdraw yourconsent to direct marketing at any time. If you do so, we will promptly update our databases, and will not send you further direct marketing, but we may continue to contact you to the extent necessary for the purposes of any products or services you have requested.
- Checking and editing your personal data: Should you have anonline user account, you may edit and complete your personal datadirectly yourself. If you do not have an online user account, you may contact our Customer Service team using the details provided inSection 14below, who will upon your request as soon as possible rectify, remove or complete the information which is incorrect, unnecessary, lacking or outdated.
- Blocking and deleting cookies: You may block the cookies usingyour browser settings. Please note that blocking the cookies mayaffect the usability of our websites. You may also delete the cookies from your browser via its settings, in which case the information collected by the previous cookie will not affect the account created based on the information collected after such deletion.
- Allowing use of location data: You may give your consent to theuse of location data in the options of the device or the application.You may also withdraw such consent at any time from the options menu in your account, or by contacting ourCustomer Service team.
- Erasure, or restriction of our processing, of your data: Should youbelieve that we process your data which is not accurate; theprocessing is illegal; we are not processing your data in accordance with the processing purpose or you want to oppose the processing, you may contact ourCustomer Service teamto request the erasure, or restrictions on the processing, of your data. Please note that we will investigate your request reasonably promptly, before deciding what action to take.
- Right to object: You may have the right to object, on legitimategrounds, to the processing of your personal data.
- Withdrawing your consent. You may at any time decide to withdrawyour consent to the processing of your personal data. If yourconsent is withdrawn, it does not prevent us from processing your personal data based on other legal bases, such as fulfilling your orders and storing your order data as required by applicable law. However, it should be noted that your account(s) on our web store(s) will be removed, and advantages granted to you via your account will be reset. Please note that withdrawal of consent does not affect the lawfulness of any processing performed prior to the date on which we receive notice of such withdrawal.
- Right to data portability: You may have the right to have yourpersonal data transferred to another controller, in a structured,
commonly used and machine-readable format, to the extent applicable.
- Lodging a claim with a supervisory authority: Should you believethat our processing of your personal data infringes your legal rights,you may lodge a claim with your local supervisory authority. Please do see a list for supervisory authorities' websiteshere.
- Third party websites
Please note that certain features on our website are offered by third parties and the third party privacy policies apply.
Our websites and services use options which enable you to share content on social media, such as Facebook's "share" button. Such options are provided directly by the third-party service providers (e.g., Facebook, Twitter, Instagram, Google+, etc.). Each such third-party service provider may collect personal data regarding your visits and interaction with its services, based on its own policies and rules concerning data privacy.
Hyrem cannot be held liable for any privacy policies or terms and conditions concerning data privacy of such third parties.
- Defined terms
primary responsibility for complying with applicable data protection laws.
- "personal data" means any information relating to an identified or identifiable natural person; an identifiable person is one who can beidentified, directly or indirectly, in particular by reference to anidentifier such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.
- "process", "processing" or "processed" means anything that is donewith any personal data, whether or not by automated means, suchas collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- "processor" means any person or entity that processes personaldata on behalf of the Controller (other than employees of theController).
- Our contact point
In general privacy issues, in issues relating to your account or to opt out from marketing messages, please contact our Customer Care Advisors: