Personal data protection
Confidentiality policy. Personal data potection
1. The Seller shall keep the confidentiality of any information provided by the Buyer. No public statement, promotion, press releases or other means of communication to third parties will be made by the customer regarding the order without the prior written consent of the seller.
2. According to the requirements of the Regulation (UK) 2016/679 of the Parliament and of the Council (“the General Data Protection Regulation” or “GDPR”) and of Law 506/2004 regarding the processing of personal data and protection of private life in electronic communication sector, the seller has the obligation to safely manage and only for the specified purposes the personal data provided on you, a family member or any other person.
3. The identity and contact information of the personal data operator are:BIVA GROUP LTD., with head office in Guildford, Stag Hill, Unit 6, GU2 7RZ, having V.A.T. No.452857762 , Company No. 14680063, e-mail: office@fitfoodway.co.uk phone: 07376915199, hereinafter named website administrator/seller.
4. Collected and processed personal data: last name and first name/designation, e-mail address, mobile phone number, landline number, delivery address, head office, unique registration code, bank account, bank card data, IP address, others online identifiers, online visit history, order history. Not collected/processed: sensitive data included by the Regulation in special categories of personal data; data of minors under the age of 16, data on criminal convictions and offenses.
5. Upon filling in the personal data in the account creation form and/or order form, the user/buyer unconditionally accepts his data to be included in the seller's database and expressly and unequivocally agrees that all such personal data be stored, used and processed unlimited territorially and/or temporarily by the seller.
6. The seller collects personal data from his customers only if they are provided voluntarily. The refusal to supply them determines the impossibility of creating the account and processing the orders sent online on the website.
7. Purpose of collection and processing of personal data: (i) execution of the contract and communication with the customer (creation and administration of the account, administration of orders, settlement of any requests regarding an order/purchased products, return of products, refund of amounts collected as price in case return of products), according to the provisions of art. 6 al. 1 lit. b) of the Regulation; (ii) fulfilment of the obligations by the operator, as provided by the law in force (such as for example the fulfilment of fiscal/accounting obligations related to the issue of fiscal invoices, fulfilment of legal obligations for archiving accounting documents), according to the provisions of art. 6 al. 1 lit. c) of the Regulation; (iii) defending the legitimate interests of the operator (monitoring the execution of contractual obligations assumed by the customer towards the operator based on the contract concluded between the parties, management and protection of communications systems, online platform/platform users, IT network), according to art. 6 al. 1 lit. f) of the Regulation; (iv) for the purpose of commercial communications (including communications via e-mail) regarding products or services similar to those purchased by the customer, including information on offers/promotions/recommendations, according to the provisions of art. 6 al. 1 lit. a) of the Regulation; regarding the use of data for the purpose of commercial communications, the customer has the possibility to oppose through a simple and free way to such use, as follows: sending an email having as subject “unsubscribe commercial communications” to office@fitfoodway.co.uk or by clicking on the "Unsubscribe" link that appears in the e-mails that the customer receives; (v) improving the persons` experience on the operator's online platform, in order to take into account the persons` preferences, to adapt the operator's online platform to the device used by the persons and to solve issues that the respective persons could encounter while using the platform, according to the provisions of art. 6 al. 1 lit. a) of the Regulation.
8. Existence of an automatic decision-making process including profiling: in order for the operator to provide you with information of interest to you, it will be able to use certain data about your shopping behaviour (e.g. products viewed/purchased) to help you create a profile. This processing is carried out in compliance with your rights and freedoms, and the decisions taken on the basis of them have no legal effect on you and do not affect you in a similar way to a significant extent. This activity will also be carried out in the legitimate interest of the operator to carry out commercial activities.
9. Duration of keeping personal data: (i) throughout the existence of a user account; (ii) throughout the duration of a contract; (iii) for the entire duration established by the legal provisions in force, for the information collected/processed in order to fulfil certain legal obligations.
10. Recipients/categories of recipients of personal data: The data are intended for use by the operator, through his employees/representatives and may also be communicated to the following recipients: trading partners of the operator (such as suppliers of products marketed by the operator, courier service providers, accounting service providers who keep records of the operator, banking/payment service providers, IT service providers, marketing service providers), public authorities (in order to comply with any legal obligation) or others persons (such as: lawyers, mediators, debt collection companies, bailiffs, public authorities) in order to defend a legitimate interest of the operator.
11. The disclosure of data to third parties is made according to the legal provisions for the categories of recipients specified above.
12. Personal data are collected and processed in UK. The operator reserves the right to transfer certain personal data to entities in the European Union or outside the European Union, including in countries for which the European Commission has not recognized an adequate level of protection of personal data. In this case, appropriate measures will be taken to ensure that any international transfer of personal data is lawfully managed and that there will be contractual guarantees to ensure the protection of the personal data thus transferred.
13. User rights: (i) the right to access, which consists in the right to obtain from the operator a confirmation that personal data concerning him are processed or not; (ii) the right to rectification, which consists in the right to obtain from the operator, without unjustified delay, the correction of inaccurate personal data concerning him; (iii) the right to the deletion of data, which consists in the right to obtain from the operator the deletion of personal data concerning him, without unjustified delay; (iv) the right to the restriction of processing, which consists in the right to obtain from the operator the restriction of processing; (v) the right to data portability, which consists in the right to receive personal data concerning him and which he has provided to the operator in a structured, commonly used and automatically readable format and the right to transmit this data to another operator, without impediments from the operator to whom the personal data were provided; (vi) the right to object and to participate to the automatic individual decision-making process, which consists in the person`s right to oppose, at any time and for reasons related to his/her particular situation, the processing of personal data on the legitimate interest of the operator, including the creation of profiles based on those provisions and the right not to be subject to a decision based solely on automatic processing, including the creation of profiles, which produces legal effects concerning the person concerned or affects him/her in a similar way to a significant extent; (vii) the right to withdraw his/her consent at any time, without prejudice to the lawfulness of the processing carried out based on the consent before it is withdrawn; (viii) the right to lodge a complaint before a supervisory authority; the competent authority to receive and settle complaints is the National Authority for the Supervision of Personal Data Processing,
14. Furthermore, the user is granted the right to address to a court. If some of the data is inaccurate, the operator must be informed as soon as possible.
15. How to exercise these rights: please contact the data protection officer directly at: office@fitfoodway.co.uk or in writing at the operator's head office.
16. The operator declares and warrants that: (i) personal data will be accessed only by authorized persons, for the purposes authorized by law; (ii) he will protect personal data stored or transmitted against accidental or unlawful destruction, against accidental loss or damage and against unlawful storage, processing, access or disclosure; (iii) has implemented appropriate technical and organizational measures to ensure the protection of personal data.
17. The information regarding the bank cards used for the online payment of the ordered products is not transferred or stored, at any time, on the seller's servers.
18. In the case of the 3D Secure system for payment with Visa and Mastercard cards, the data related to the buyer's card are entered directly into the Visa or Mastercard systems, and if the card was issued by a bank certified in the 3D Secure system, the transaction is authorized only after authentication in the system (entering a code and password known only to the buyer).
19. Any attempt to access another user's personal data or change the content of the website or affect the operation or performance of the server on which the website is hosted will be considered as an intentional act to harm the seller and compromise its activity, situation in which all legal proceedings will be initiated for the criminal prosecution of the guilty party and the incurrence of civil liability for the damage caused.
20. The updating and modification of the policy on the collection and processing of personal data will be carried out whenever necessary to reflect changes in the legislation in force or changes in the way personal data are processed by the operator. Any such changes will be displayed on www.fitfoodway.co.uk