Compliance concerning accordance with Regulation EU 2016/679 (GDPR Compliance)
Vanan Online Services as a Controller in relation to data content and Personal Data (and in some cases a data processor in relation to Personal Data) of Customers, dedicates itself to fulfill all standards necessary to ensure proper data protection. As this Compliance form is unilaterally binding upon us, it may be used by any party using Vanan Online Services as a proof for our declaration concerning GDPR compliance.
We have also entered into data processing agreements (DPAs) with all of our sub processors and we have a DPA available for customers as well. So, if you’re interested please send us a request either through our support email – firstname.lastname@example.org or you can contact our below listed Data Protection Officer (DPO) and we will send you the instructions to proceed.
What personal information do we collect from the people that visit our blog, website or app?
When ordering or registering on our site, as appropriate, you may be asked to enter your name, email address, mailing address, phone number, credit card information or other details to help you with your experience.
When do we collect information?
We collect information from you when you register on our site, place an order, subscribe to a newsletter, respond to a survey, fill out a form, Use Live Chat, Open a Support Ticket or enter information on our site or when you provide us with feedback on our products or services.
How do we use your information?
We may use the information we collect from you when you register, make a purchase, sign up for our newsletter, respond to a survey or marketing communication, surf the website, or use certain other site features in the following ways:
- To personalize your experience and to allow us to deliver the type of content and product offerings in which you are most interested.
- To improve our website in order to better serve you.
- To allow us to accurately respond to your customer service requests.
- To administer a contest, promotion, survey or other site feature.
- To quickly process your transactions.
- To ask for ratings and reviews of services or products.
- To follow up with our customers after the initial contact (live chat, email or phone inquiries).
- To secure (establish, investigate or defend) Customer’s, as well as Company’s claims that may arise due to the Services.
Consent for processing and transferring Personal Data
The Customer agrees and warrants that the processing, including the transfer of its Personal Data has been and will continue to be carried out in accordance with the relevant provisions of the applicable Data Protection Laws (and, where applicable, has been notified to the relevant authorities of the Member State where the Company is established or has its representative) and does not violate the relevant provisions of that State.
Profiling Personal Data
Retention of Copies
The Company may retain Customer Personal Data to the extent required by applicable European Union law or the law of an EU Member State and only to the extent and for such period as required by such laws and always provided that the Company shall ensure the confidentiality of all such Customer Personal Data and shall ensure that such Personal Data is only processed as necessary for the purpose(s) specified in such law requiring its storage and for no other purpose.
The Customer agrees that after the termination or expiration of the Agreement its data may be stored as a backup for the time needed to secure (establish, investigate or defend) Customer’s and Company’s claims that may arise due to the performance of the Services (for the time it takes for the claims to be barred).
Right to Access, Amend or Erasure
Each data subject has the right to access, correct, amend, block or delete its Personal Data. The Company shall comply with any commercially reasonable request by Customer to correct, amend, block or delete Customer’s Personal Data, as required by Data Protection Laws, to the extent the Company is legally permitted to do so. If you wish to access, amend, or confirm that Vanan Online Services has Personal Data relating to you, or if you wish to correct or delete your Personal Information if it is inaccurate, please notify us at: email@example.com. If your Personal Data changes, or if you no longer desire our Services, you may correct, update, delete inaccuracies or request deactivation of your account e-mailing us at firstname.lastname@example.org. We will respond to your access request within 30 days. To request removal of your personal data from our testimonials or customer support forum, please contact us at email@example.com. In some cases, we may not be able to remove your Personal Information, in which case we will let you know if we are unable to do so and why.
Please be aware Vanan Online Services may have access to your geo-location data as we collect and process IP address of all devices you use to access our website or customer portal. Collecting and processing your geo-location data refers to mobile devices as well as computers. It happens regardless you are a Visitor or a Customer.
How do we protect your information?
We guarantee that we take reasonable and appropriate technical and operational measures to protect your Personal Information we collect and hold from loss, misuse and unauthorized access, disclosure, alteration, and destruction. While protecting your personal data we take into due account the risk involved in the processing and the nature of the Personal Data.
Due to the scale of data processing being part of operational process of Vanan Online Services, we conduct periodical Risk Assessments & Malware Scanning to ensure data protection.
Our website is scanned on a regular basis for security holes and known vulnerabilities in order to make your visit to our site as safe as possible.
Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology.
We implement a variety of security measures when a user places an order enters, submits, or accesses their information to maintain the safety of your personal information.
All payment transactions are processed through a gateway provider and are not stored or processed on our servers.
Do we use 'cookies'?
- Help remember and process the services you require.
- Understand and save user's preferences for future visits.
- Keep track of advertisements.
- Compile aggregate data about site traffic and site interactions in order to offer better site experiences and tools in the future.
We do not sell, trade, or otherwise transfer to outside parties your Personally Identifiable Information unless we provide users with advance notice. This does not include website hosting partners and other parties who assist us in operating our website, conducting our business, or serving our users, so long as those parties agree to keep this information confidential. We may also release information when its release is appropriate to comply with the law, enforce our site policies, or protect ours or others' rights, property or safety.
However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.
We do not include or offer third-party products or services on our website.
If we need to use a Sub-processor in order to provide and support the features of our Services, we may share your Personal Information for that purpose. All third parties with which we share this information are required to use your Personal Information in a manner that is consistent with this Policy. We will provide an individual opt-out or opt-in choice before we share data with third parties other than our Third Party Service Providers we use while providing our Services, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To limit the use and disclosure of your Personal Information, please submit a written request by e-mailing us at firstname.lastname@example.org.
Social media (features) and widget
We post Customer testimonials on our websites which may contain Personal Data. We use pre-defined java script to display our Customers’ comments on our websites. In any other scenario, we do obtain the Customer’s consent via e-mail prior to posting the testimonial to post their name along with their testimonial. To request removal of your Personal Data from our testimonials or customer support forum, please contact us at email@example.com. Data correction, return or deletion requests will be answered within 30 days.
Blog Comment system
In order to post comments on our websites (i.e. our blogs) you must sign into Wordpress, Twitter, Disqus or Google, as we use ‘blog plugins’ to allow Visitors and Customers to leave comments on our blogs. No Personal Information is tied to your posts. You subscribe to our blogs by providing your e-mail address. We will only use this to send you an e-mail notification when new blogs have been posted and when users comment on a blog that you previously have commented. We will not use this information for any other purpose. You have the opportunity to opt-out from our blog e-mails by using ‘unsubscribe’ button.
Google's advertising requirements can be summed up by Google's Advertising Principles. They are put in place to provide a positive experience for users. Link
Opting out of Google Adwords:
Users can set preferences for how Google advertises to you using the Google Ad Settings page. Alternatively, you can opt out by visiting the Network Advertising Initiative Opt Out page or by using the Google Analytics Opt-Out Browser add on.
California Online Privacy Protection Act
According to CalOPPA, we agree to the following:
- Users can visit our site anonymously.
You can change your personal information:
- By emailing us at firstname.lastname@example.org
- By calling us
- By logging in to your account
- By chatting with us or by sending us a support ticket
How does our site handle Do Not Track signals?
We honor Do Not Track signals and Do Not Track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place.
Does our site allow third-party behavioral tracking?
It's also important to note that we do not allow third-party behavioral tracking
COPPA (Children Online Privacy Protection Act)
When it comes to the collection of personal information from children under the age of 13 years old, the Children's Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States' consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children's privacy and safety online.
- We do not specifically market to children under the age of 13 years old.
- We do not let third-parties, including ad networks or plug-ins collect PII from children under 13.
CAN SPAM Act
The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.
We collect your email address in order to:
- Send information, respond to inquiries, and/or other requests or questions.
- Process orders and to send information and updates pertaining to orders.
- Send you additional information related to your product and/or service.
- Market to our mailing list or continue to send emails to our clients after the original transaction has occurred.
To be in accordance with CANSPAM, we agree to the following:
- Not use false or misleading subjects or email addresses.
- Identify the message as an advertisement in some reasonable way.
- Include the physical address of our business or site headquarters.
- Monitor third-party email marketing services for compliance, if one is used.
- Honor opt-out/unsubscribe requests quickly.
- Allow users to unsubscribe by using the link at the bottom of each email.
Data Breach & Incident response plan
Data Breach is defined as the unauthorized acquisition or access of unencrypted Confidential Information or Personal Data that compromises the confidentiality, integrity, or availability of that information. A Data Breach can occur not only virtually through computer networks but also physically through unauthorized access into Vanan Online Services locations or computers. A Data Breach can also include any breaches that affect third-party vendors that provide services or hosting to Vanan Online Services.
Vanan Online Services maintains a Security Incident Response Plan that is based on guidelines from the US privacy law & EU GDPR.
All employees & sub-processors are required to immediately notify the IT Department of any actual or suspected Data Breach – including events that affect third-party vendors. The IT department will then follow the Security Incident Response Plan.
Vanan Online Services commits to notify affected individual via email as soon as possible but no later than 72 hours after reasonable suspicion of a Data Breach.
We may update this privacy statement to reflect changes to our information practices. If we make any significant material changes we will notify you by e-mail (sent to the e-mail address specified in your ‘customer account/order’) or by means of a notice on the website prior to the change becoming effective. We encourage you to periodically review this website for the latest information on our privacy practices.