Data security

Link to - TERMS OF PURCHASE


PRIVACY PROTECTION, DATA SECURITY AND COOKIES


We are pleased that you have shown interest in Malu od lavande :).
At the beginning, we would like to emphasize that the protection of personal data is extremely important to us and we take all possible measures to protect them in the best possible way.
Protection, collection and use of collected personal data by Malu od lavande is improved by the conditions set by the European Commission for implementation GDPR regulation (General Data Protection Regulation).

DATA SECURITY DURING PAYMENT

Statement on online payment security

When paying on our web shop, use CorvusPay – napredni sustav za siguran prihvat platnih kartica putem Interneta.

CorvusPay ensures complete confidentiality of your card data from the moment you enter it into the CorvusPay payment form. Payment data is encrypted and transmitted from your web browser to the bank that issued your card. Our store never comes into contact with the complete data of your payment card. Additionally, the data is inaccessible even to CorvusPay system employees. The isolated core independently transmits and manages sensitive data, keeping them completely secure.

The form for entering payment data is secured with SSL transport encryption of the highest reliability. All stored data is additionally protected by encryption, using a cryptographic device certified according to the FIPS 140-2 Level 3 standard. CorvusPay meets all security requirements for online payments prescribed by leading card brands, and operates in accordance with the PCI DSS Level 1 standard - the highest security standard in the payment card industry. When paying with cards included in the 3-D Secure program, your bank verifies your identity in addition to the validity of the card itself using a token or password.

Corvus Info considers all collected information to be bank secrecy and treats it accordingly. The information is used exclusively for the purposes for which it is intended. Your sensitive data is completely secure, and its privacy is guaranteed by the most modern protective mechanisms. Only data necessary for performing the job in accordance with the prescribed demanding procedures for online payment is collected.

Security controls and operational procedures applied to our infrastructure ensure the immediate reliability of the CorvusPay system. In addition, by maintaining strict access control, regularly monitoring security, conducting in-depth network vulnerability checks, and implementing information security provisions, the level of system security is permanently maintained and improved by protecting your card data.

When paying through the fast money transfer service and service Paypal no payment data is stored.


STATEMENT ON PROTECTION AND COLLECTION OF PERSONAL DATA AND THEIR USE

Privacy protection describes how the Seller handles your personal data received during the use of the Internet store.
Your identification data is considered personal data: name, email address, home address and telephone number, or data that is not otherwise publicly available and that the Seller learns during your use of the Internet store.

The seller will keep your personal data confidential and will not distribute, disclose, provide to third parties for use, or otherwise make them available to any third party without your prior consent.

All customer data is strictly kept and only accessible to employees who need this data to perform their job.
Mala od lavande and business partners are responsible for respecting privacy protection principles.
We commit to protect customer personal data by collecting only basic customer data necessary to fulfill obligations.
Data automatically recorded by accessing the website, which are not personal data (domain name, browser type, number of visits, time spent on pages, etc.), may be used by Mala od lavande solely for website visit evaluation and improvement of its content and functionality.
Mala od lavande informs customers about the way collected data is used and gives them the opportunity to decide whether or not they want their name to be removed from the list used for marketing campaigns.
In case of any changes to personal data (e.g. place of residence, delivery address) recorded during registration, the customer is obliged to make the change in their user data.
If the customer fails to make the changes, Mala od lavande is not responsible for any defects regarding the order or delivery of products.
The above provisions on personal data protection apply exclusively to the initial webpage of the web shop malaodlavande.com, as well as to all pages within the malaodlavande.com domain, and not to external pages that link to the malaodlavande.com domain.

1. What basic data do we collect through this website and how?


During registration, we only collect personal data that you want to provide us or that is necessary for us to provide (and improve) our services. We collect direct personal data such as name, surname, address, and email address, phone/mobile number, as well as indirect data such as 'Cookies' (tracking), connection, and system information.

When signing up for the Newsletter, your email address is used to communicate with you, in order to timely provide you with information about promotions, news, giveaways, and other important changes in our business, until you unsubscribe from the Newsletter service. In addition, we use your email address for our own advertising. Unsubscribing is possible at any time.

Similarly, you can build your career at Mala od lavande by applying for a job opening or sending your resume to our email page. info@malaodlavande.com.

You can be assured that Mala od lavande takes all necessary measures to keep your personal data that you send secure.

2. How do we manage to keep your personal data safe?


Mala od lavande takes all necessary measures to ensure the security of your personal data. Only authorized personnel of Mala od lavande, partner companies that are service providers, and our business partners (CorvusPay - card payment, DPD courier service), that is, authorized personnel (who have contractually committed to keep all data confidential) have access to your personal data.
Employees of Mala od lavande who have access to your personal data must comply with the Privacy Statement rules, and all business partners who have access to your personal data have signed a data protection agreement.
The partner companies that have access to your personal information have also signed contracts to ensure that this information remains secure. In order to ensure the protection of your personal data, Mala od lavande constantly upgrades its IT system and has appropriate measures in place to prevent unauthorized access (e.g. hacking).

One example of how we highlight our commitment to protecting the data security of our customers, and how we further enhance security and ensure reliable protection of your personal data, is by leasing a certificate from Comodo CA - PositiveSSL. The certificate is registered to our company, Angara Ltd., guaranteeing the authenticity and integrity of our online store.

Using the PositiveSSL certificate ensures encryption of the data you exchange with our website, providing you with a secure and protected shopping experience. This additional level of security allows you to use our service without worry, knowing that your data is protected and your privacy is preserved.

3. For what purposes do we use your personal data?


Your personal data will be used solely for the purpose of our business, as well as for management, support, and obtaining feedback on the service provided, and to prevent security breaches, violations of the law, or contractual terms.

4. To whom do we disclose your data and why?


Mala od lavande will never share your personal data with business partners who intend to use them for direct marketing purposes, unless you have given us specific permission to do so.

Headings:
(i) direct marketing via email,
(ii) It is your right to request us to stop contacting you via email for marketing purposes and also
(iii) you have the right to request the deletion of personal information from our systems


Mala od lavande may share your personal information with contracted partner companies in order to provide you with the best possible service.

These are:

CorvusPay - Online card payment gateway
DPD - leading courier service provider
KEKSpay - Online card payment gateway
Pick & Pack - courier service provider



We may disclose your personal information to state bodies and law enforcement agencies in the following situations:
(i) we are required to do so by any applicable law;
(ii) if such action is necessary for the conduct of legal proceedings;
(iii) in response to any legal requests or actions;
(iv) if it is in accordance with legal requirements or actions, or for the protection of Mala od lavande's rights or its clients and the public.

5. How can you view, check, modify or delete the personal data you have sent to us?


If you have subscribed to the Newsletter regardless of registration on the webshop, upon receipt of each one at the bottom there is an option "Unsubscribe", through which you can unsubscribe or send us an email to info@malaodlavande.com and we will do it for you. If you are a registered user on our webshop, it is enough to go to your "User profile" and uncheck the box if you do not want to receive the newsletter anymore.

In your user profile, besides being able to change your data, we have added two new possibilities. 1. "Data we use" where you can read briefly where we use your data. 2. "My personal data" - there you are offered to download all your data in PDF and CSV format, as well as the notice that you can send a request for forgetting or deleting your data to the email info@malaodlavande.com.

6. 'Cookies' ("tracking technology") - how and why do we use them?


Lavender Girl uses tracking technology ("Cookies") to collect personal data, such as browser type and operating system, referring page, path through the site, ISP domain, and the like, for the purpose of understanding user's use of the website. Cookies help us customize this website to your personal needs.

Lavender Girl keeps all information collected through 'Cookies' in a non-personally identifiable format. This type of information obtained through 'Cookies' will not be transmitted outside of our business or to certain third parties. It will not be used for unforeseen communications.

'Cookies' placed on your computer do not contain your name. After the user has finished working on the server.

Please check if your computer settings support the acceptance of 'Cookies' or not. You can configure your browser to warn you before accepting 'Cookies' or to reject them, but you will not have access to all the features of this site if you do so. Under the 'help' option on your browser, check how you can do this. You do not need to have the option to receive 'Cookies' enabled to use many parts of this and other websites. Remember that if you use different computers in different locations, you will need to check if each browser is customized to your 'Cookie' receiving settings.

To make it easier for you to choose when entering our webshop, a window will appear where you can accept or reject cookies, with the above mentioned reduced functionality if you do not want to use them. Cookies will not be stored until you give your consent for them.

The cookies used by Mala od lavande webshop are:

Session Cookies // Session Cookies
Name / Name Domain / Domain Path / Path Value / Value
_sp_ses.d1da malaodlavande.com / *
_gat .malaodlavande.com / 1
PHPSESSID malaodlavande.com / hq1ck3hl447rij8shlspb7uu1r

Stored Cookies // Cookies that are stored
Name / Name Domain / Domain Path / Path Expires / Expiration in days Value / Value
pixel .yotpo.com / 365 c10dc1b8-7773-4276-7ba4-1cb361020df3
_sp_id.d1da malaodlavande.com / 730 3cfc43abaaa944c8.1614945442.1.1614945449.1614945442
_gid .malaodlavande.com / 1 GA1.2.1825384265.1614945440
_ga .malaodlavande.com / 730 GA1.2.854843797.1614945440
__cfduid .onesignal.com / 30 d6e425e8d6eeabcdc81320c597bae36051614945439
PrestaShop-1c08f5ccd1a4714c2342b60047eae723 .malaodlavande.com / 20 def502002601cc303a2d213deca9320023eb2f1b3466cdf4114cd8e05a3028f


Third-Party Stored Cookies // Kolačići od treće strane
Ime / Name Domena / Domain Putanja / Path Istiće / Expiration Vrijednost / Value
pixel .yotpo.com / 365 c10dc1b8-7773-4276-7ba4-1cb361020df3
__cfduid .onesignal.com / 30 d6e425e8d6eeabcdc81320c597bae36051614945439

YOTPO - servis za recenzije proizvoda
Google Analytics - servis za analizu prometa na malaodlavande.com
Facebook Pixel - Facebook servis za ciljano targetiranje oglasa prema kupcu
Onesignal - messaging service to the customer

7. E-marketing


SPAM represents a place where unwanted emails containing advertisements or marketing materials sent without your consent are stored.

Lavender Girl does not send SPAM email messages. Lavender Girl uses anti-spam tools to protect employees from receiving SPAM messages. Sending email messages without the consent of the other party is illegal in many countries. Lavender Girl will not use your personal information (including your email address) for direct marketing or communication tracking unless you give us explicit permission called 'OPT-IN' consent (Consent)

Also, Lavender Girl will not share your personal information with third parties who would use your personal information to send spam emails.

Lavender Girl's websites provide an opportunity to receive marketing information via email. Every email message sent by Lavender Girl will give you the option to stop receiving marketing emails at any time.

If for any reason you believe you have received spam email from Mala od lavande, please notify us immediately at the given address. For details on the address, see question 5 - How can you view, verify, modify, or delete the personal data you have sent us?

8. How long do we retain your personal data?


Mala od lavande may store the personal information you have sent us through this website in its databases. Your personal data will be kept only as long as necessary to answer questions or resolve issues, provide better and new services, and in accordance with legal provisions, according to applicable law. This means that we may retain your personal information after you stop using our services or stop using this website. After that period, your personal information will be deleted from all systems within Mala od lavande.

We remind you that you have the right to delete your personal data at any time. Please see question 5 - How can you view, verify, modify, or delete the personal data you have sent us?

9. What is the data collection policy for children using our website?


We believe that protecting the privacy of children in the world of electronic communications is very important, as well as encouraging parents or guardians to participate in and monitor their children's electronic activities.

Websites designed for children

Special note for children under 16 years of age

If you are under the age of 16, we advise you to talk to your parent or guardian before providing personal information on our websites. If you are unsure about anything in this section, please seek help from your parents or guardians.

Special note for parents of children under 16

We recommend that parents/guardians regularly monitor and check their children's electronic activity.
Please ensure that your child does not provide personal identification information electronically without your permission.


10. Can we change the Privacy Policy terms later?


We reserve the right to make changes and corrections to this notice. Please access this website from time to time to review new information.

11. Where can I find more information about legal issues related to our website and my legal rights and responsibilities?


For more detailed information, see 'GENERAL TERMS OF SALE“, dostupan klikom na ovaj link, ili direktno na ovoj stranici.

12. How can I contact you if I have additional questions about my personal data?


Email address: info@malaodlavande.com
Postal address: Angara d.o.o., Kašinski odvojak 20a, Sesvete

Info Number: 00 385 92 292 9292

13. What are the conditions with legal definitions used in What does Mala od lavande's privacy policy statement say about data privacy?


Personal information refers to personal data and any information related to you that can directly or indirectly identify you (on websites, this is your regular email address, IP address, etc.).
Processing of personal data refers to any operation or set of operations performed on the basis of your personal data, including collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure for transmission, distribution or otherwise making available, alignment or combination, blocking, erasure or destruction (i.e. any activity carried out by Mala od lavande, which includes personal information you send to us).

14. Retargeting and social networks

Angara d.o.o. processes data about individuals who follow published content, like our posts, and leave comments through social media channels. Angara d.o.o. collects data about its contacts on social media through which it sends promotions to specific target groups (anonymous data that includes gender, age, etc.). Angara d.o.o. uses Facebook Business Tools, Instagram Business, and LinkedIn Marketing Solutions. The data we send includes information about your activities on social media collected through clicks and cookies, and among other things, it includes: information about your devices, purchases you have made, ads you have seen, and how you use services (e.g. whether you have a Facebook account and whether you are logged in, etc.). Social media platforms are considered joint data controllers together with Angara d.o.o. for the processing of personal data carried out for the purposes of the mentioned marketing activities. For more information about data processing by the mentioned social media platforms, please read the Privacy Policy - Facebook, Linkedin, Instagram.

14a. Newsletter


When signing up for the Newsletter, your email address is used to communicate with you in order to timely deliver information about promotions, news, giveaways, and other important changes in our business until you unsubscribe from the Newsletter service. Personal data collected for the purpose of subscribing to the newsletter will be used exclusively for sending our newsletter.

We use the platform Sendinblueto manage subscriptions and deliver newsletters. Sendinblue exports personal data outside the EU based on standard contractual clauses for the transfer of personal data. The Sendinblue system records newsletter openings and clicks on links to provide statistical data on which content was interesting to newsletter recipients.

At any time, you can unsubscribe from receiving the newsletter by selecting the option to withdraw consent in the received newsletter or by contacting info@maladolavande.com. Withdrawing consent does not affect the lawfulness of processing until the moment of withdrawal. Receiving the newsletter is voluntary and the data subject does not suffer any negative consequences if they do not give consent or if they withdraw consent.

In case of withdrawal of consent, you will no longer receive our newsletter, and the email addresses that have been unsubscribed remain on our unsubscribe list for a maximum of 5 years from the date of unsubscribing in order to prove compliance with the legal obligations that Angara d.o.o. has under the applicable law.

Sendinblue - GDPR

14b. Retargeting Pixel of the social network Facebook


On this website, the Retargeting-Pixel Custom Audiences option of the Facebook social network, 1601 South California Avenue, Palo Alto, CA 94304, USA, is used. Facebook can include visitors to our website in the target group for Facebook-Ads advertisements using the Remarketing-Pixels option. For this purpose, a Facebook cookie will be stored on your computer. Further information on the scope and purpose of data collection, on how Facebook processes and uses data, and on possible privacy settings, is available in Facebook's data protection guidelines at https://facebook.com/policy.php and https://www.facebook.com/ads/settings. You can refuse the use of the Custom Audiences option on the page www.youronlinechoices.com/de/praferenzmanagement, and if you have a Facebook account, you can do so here.

14c. Google Analytics


This website uses Google Analytics, a web analytics service provided by Google Inc. ("Google"). Google Analytics uses cookies, which are text files placed on your computer, to help the website analyze how users use the site. This website also uses the Google AMP Client ID API to connect user activities on accelerated mobile pages (AMP) with user activities on non-accelerated mobile pages through Google Analytics. The tracking codes of Google on this website use the function "_anonymizeIp()". Therefore, IP addresses are processed in a shortened form within member states of the European Union or other signatory states of the European Economic Area to exclude the possibility of direct personal identification. Only in exceptional cases, the full IP address is transmitted to and shortened on a Google server in the United States. On behalf of the owner of this website, Google will use this information to evaluate the use of the website, compile reports on website activity, and provide other services related to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics is not associated with any other data held by Google. You can prevent the storage of cookies by adjusting the settings of your browser software accordingly, but please note that if you do this, you may not be able to use the full functionality of this website. Furthermore, you can prevent the collection of data generated by cookies and related to your use of the website (including your IP address) by Google, as well as the processing of this data by Google, by downloading and installing the browser add-on available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en

14d. Facebook


On our website, so-called social media plugins ("Plugins") for the social network Facebook, operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook"), are used. The plugins are marked with the Facebook logo or supplemented with "Facebook Social Media Plugin" or "Facebook Social Media Plugin". You can find an overview of Facebook plugins and their appearance here: https://developers.facebook.com/docs/plugins.
When you visit a page of our website that contains such a plugin, your browser establishes a direct connection to Facebook servers. The content of the plugin is transmitted from Facebook directly to your browser and integrated into the page. By integrating the plugins, Facebook receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Facebook profile or are currently not logged in to Facebook. This information (including your IP address) is transmitted directly from your browser to a Facebook server in the US and stored there.
If you are logged into Facebook, Facebook can associate your visit to our website directly with your Facebook profile. If you interact with the plugins, for example by clicking the 'Like' button or leaving a comment, the corresponding information is transmitted directly to a Facebook server and stored there. In addition, the information will be published on your Facebook profile and shown to your Facebook friends.
Facebook can use this information for advertising purposes and shaping Facebook pages according to needs. For this purpose, Facebook creates usage profiles, interests, and connections, for example, to assess your use of our website in relation to the advertising ads displayed on the Facebook page, to inform other Facebook users about your activities on our website, and to provide other services related to the use of the Facebook network. If you do not want Facebook to associate the collected data about our website with your Facebook account, you must log out of the Facebook network before visiting our website.
The purpose and scope of data collection and further processing and use of data using the Facebook network, as well as your rights in this regard and privacy protection settings options, can be found in the Facebook network privacy protection instructions: http://www.facebook.com/policy.php.
If you do not want Facebook to directly associate the data collected about our website with your Facebook profile, you must log out of the Facebook network before visiting our website. You can completely prevent the loading of Facebook plugins with add-ons for your browser, such as 'Facebook Blocker' (https://www.comparitech.com/blog/vpn-privacy/stop-facebook-tracking/).

15. IMPORTANT - Why do I have to accept the terms in the Data Security Statement?


This Privacy/Security Statement provides you with all the necessary information (in a simple way) so that you can choose whether to use this website and whether to send your personal data to Malo od lavande or not.
In accordance with this, when visiting our website, as well as communicating electronically, you accept and give consent for the processing of your personal data in the manner defined in this Data Security Statement.

If you are interested in us providing you with certain services (competitions, newsletters, new product details, etc.), we will need to collect additional personal data directly from you (name, address, and email address). In that case, we will ask for your consent to collect and use your personal data, which will be used exclusively for the purpose for which you provided them to us.
If you have any questions regarding this Privacy Statement, please contact Malu od lavande at the address provided within question 12 and we will be happy to assist you.

Megamenu

My Wishlist0

Sign in

Your cart

There are no more items in your cart