All information collected by Venocare is stored and handled in accordance with the new European Union’s General Data Protection Regulation (GDPR). At Venocare we comply with our obligations under the new GDPR.
What data do we collect?
We collect, store, and use Personal Data. Personal data means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (Non-personal data). Personal information we collect is:
- Identity Data includes first name, last name, username or similar identifier, date of birth, gender, marital status, title
- Contact Data includes billing address, delivery address, email address, telephone numbers
- Financial Data includes payment card details. We only ask for these when you place your order, and we do not store any of your card details on the server. They are all processed and held securely by our payment partner, Stripe. We never see or store your credit card details on the website or on our servers.
- Transaction Data includes details about payments to and from you and other details of products you have purchased from us.
- Technical Data includes IP address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system, platform and other on the devices you use to access this website.
- Usage Data includes information about how you use our website, products and services
- Marketing and Communications Data your preferences in receiving marketing from us and your communication preferences
We also collect, store, and use Non – personal data. Non-personal data means anonymized data which cannot be traced back to identify a person, such as statistical or demographic data. Non – personal may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, demographic information (user IP addresses, browser types) and other anonymous statistical data involving the use of our website.
How do we obtain your personal data?
We may obtain your personal information from you directly. We might ask you to provide personal data to us when you visit and use our websites and our services, for example when you sign up for our newsletters, register on our sites, buy a product from us, fill out a survey, make a comment or enquiry, post something on our social media pages, subscribe to direct marketing etc. You may give us your name, email address, address/location, and phone number.
What we do with the information we gather?
We will only use your personal data for any lawful purpose in accordance with GDPR legislation. All personal data will be processed fairly and in keeping with the purposes for which it was obtained. We will only process your personal information where we have a lawful purpose to do so. Our grounds for processing your personal information are as follows:
- perform the contract we have with you,
- comply with our legal obligations,
- for our legitimate business interests,
- for any other purposes for which you have given your explicit consent.
If you choose not to provide us with your personal information, we may not be able to provide the information or the service you may require, or to fulfil one or more other purposes of collection of your personal information. We will, however, receive and store some non-personal information about you, that cannot identify you.
We may use your personal data for other lawful purposes, including, but not limited to
- to administer and protect our business
- to meet legal and regulatory requirements
- to process and deliver your order
- to manage our online relationship with you and to communicate with you
- to notify you of changes to our services and products
- to improve our products and services
- to send you newsletters and marketing information if you have consented to us doing so
- to maintain up to date database of clients
- to detect and protect against fraud and criminal activity
Our legal basis for collecting and processing your data is to fulfil a contractual obligation. In order to process orders, Venocare will require your name, address, phone number, delivery address (if different), credit or debit card number and expiry date. Your credit card details are taken through a secure server for processing by your card provider and our bank. We will pass your name and delivery address on to the carrier responsible for delivering your order. In order to process your order we will send you a confirmation email or we may need to contact you by telephone or email to verify your details before we are able to process and dispatch your order or we may be unable to accept your order.
We may use non-personally identifiable information and aggregate information for any lawful purpose, including, but not limited to:
- for analysis and research purposes
- continually improve and develop our website, our services, and our business
- determine the effectiveness of promotional campaigns and advertising
- to produce aggregated and anonymised analytics and reports regarding use of our website
- protect our website
- provide statistics to third parties for the purposes of improving and developing the website and the services
How we protect your personal data?
We are committed to ensuring that your information is secure. We have implemented appropriate technical and organisational measures to protect your personal information against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access and against all other unlawful forms of processing. We store and process your personal information in accordance with the high standards required under data protection legislation.
Once we receive your data, we use appropriate technical and physical security measures, including firewalls and anti-virus protection to protect your personal data. When we process highly confidential information (such as credit card numbers) over the Internet, we protect it through the use of encryption. No data transmission over the Internet can be guaranteed to be 100% secure. By using our website and our services you accept the inherent risks of providing information online. Venocare cannot accept responsibility for any unauthorised access or loss of personal information that is beyond our control.
With whom do we share your personal data?
Venocare does not share your information with third parties without your prior knowledge and consent. Venocare does not distribute, share, or sell your personal data with any other services or third parties for their own use. We may disclose your personal information if we believe in good faith that such disclosure is necessary for our legitimate interest or prudent in light of our obligations under applicable law:
- in connection with any legal investigation
- to comply with relevant laws or to respond to court our authority orders, subpoenas or warrants served on us
- to protect or defend our rights in legal procedures; or
We may share your information with selected third parties who we need to engage with to enable us to perform our services to you, including:
- employees of Venocare
- our web hosting technology supplier LetsHost
- defiant Inc, the providers of the Wordfence™ security software that protects our website.
- third party payments providers Stripe and PayPal to handle payments via our website
- third party service providers and partners who assist and enable us to use the personal data,
- other trusted third parties, such as our business partners, suppliers, and sub-contractors for the performance of any contract we enter into with them or you
- trusted partners to help us perform statistical analysis
- third party delivery service and storage partners
- other people where we have your consent
How long we retain your personal data?
What are your rights?
You have rights under data protection laws in relation to your personal data, which include your rights to:
- Request access to your personal data. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
- Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it.
- Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in some scenarios.
- Request the transfer of your personal data to you or to a third party (data portability).
- Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.
- Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
If you have any requests concerning your personal information or any queries with regard to our processing, please contact us at firstname.lastname@example.org.